httpx

package

v2.0.1 Latest Latest Go to latest Published: Jun 7, 2026 License: BSD-3-Clause Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/getarcaneapp/arcane

Links

Open Source Insights

Documentation ¶

Index ¶

func DefaultLookupIP(ctx context.Context, host string) ([]net.IP, error)
func GetClientBaseURL(origin, forwardedHost, forwardedProto, host, appURL string) string
func GetIntQueryParam(r *http.Request, name string, required bool) (int, error)
func GetQueryParam(r *http.Request, name string, required bool) (string, error)
func NewHTTPClient() *http.Client
func NewHTTPClientWithTimeout(timeout time.Duration) *http.Client
func NewSafeOutboundHTTPClient(base *http.Client, lookupIP LookupIPFunc) (*http.Client, error)
func SetJSONStreamHeaders(headers HeaderSetter)
func ValidateOutboundHTTPURL(rawURL string) (*url.URL, error)
func ValidateSafeRemoteURL(ctx context.Context, rawURL string, lookupIP LookupIPFunc) (*url.URL, error)
func ValidateWebSocketOrigin(appURL string) func(r *http.Request) bool
type HeaderSetter
type LookupIPFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DefaultLookupIP ¶

func DefaultLookupIP(ctx context.Context, host string) ([]net.IP, error)

func GetClientBaseURL ¶

func GetClientBaseURL(origin, forwardedHost, forwardedProto, host, appURL string) string

GetClientBaseURL determines the client's base URL from request headers. It checks Origin, X-Forwarded-Host/Proto, and Host headers. If none provide a valid URL, it falls back to the configured appURL.

func GetIntQueryParam ¶

func GetIntQueryParam(r *http.Request, name string, required bool) (int, error)

GetIntQueryParam reads and parses an integer query parameter from the request URL. If `required` is true and the parameter is missing, or if parsing fails, an error is returned.

func GetQueryParam ¶

func GetQueryParam(r *http.Request, name string, required bool) (string, error)

GetQueryParam reads a string query parameter from the request URL. If `required` is true and the parameter is missing or empty, an error is returned.

func NewHTTPClient ¶

func NewHTTPClient() *http.Client

func NewHTTPClientWithTimeout ¶

func NewHTTPClientWithTimeout(timeout time.Duration) *http.Client

func NewSafeOutboundHTTPClient ¶

func NewSafeOutboundHTTPClient(base *http.Client, lookupIP LookupIPFunc) (*http.Client, error)

func SetJSONStreamHeaders ¶

func SetJSONStreamHeaders(headers HeaderSetter)

func ValidateOutboundHTTPURL ¶

func ValidateOutboundHTTPURL(rawURL string) (*url.URL, error)

ValidateOutboundHTTPURL parses and validates an outbound HTTP(S) target URL. It intentionally performs syntactic hardening (scheme/host/credentials) without restricting private network ranges, because environment agents may be deployed on trusted private subnets.

func ValidateSafeRemoteURL ¶

func ValidateSafeRemoteURL(ctx context.Context, rawURL string, lookupIP LookupIPFunc) (*url.URL, error)

func ValidateWebSocketOrigin ¶

func ValidateWebSocketOrigin(appURL string) func(r *http.Request) bool

ValidateWebSocketOrigin validates the Origin header for WebSocket connections to prevent CSRF attacks. It checks: 1. Same-origin requests (Origin matches Host) 2. Allowed origins from appURL 3. Handles empty Origin headers (some clients don't send it)

Types ¶

type HeaderSetter ¶

type HeaderSetter interface {
	SetHeader(key string, value string)
}

type LookupIPFunc ¶

type LookupIPFunc func(ctx context.Context, host string) ([]net.IP, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL