Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EffectiveJSONAuditProvider ¶ added in v1.7.1
func EffectiveJSONAuditProvider(o JSONAuditOutput) string
EffectiveJSONAuditProvider returns the normalized sink id: console, file, or http.
Types ¶
type Backend ¶
func (*Backend) GetService ¶ added in v1.6.0
GetService returns a single service (backward compatibility method) Returns the first server if in multi-server mode
func (*Backend) IsMultiServer ¶ added in v1.6.0
IsMultiServer checks if the backend is configured for multi-server mode
func (*Backend) Normalize ¶ added in v1.6.0
func (b *Backend) Normalize() *NormalizedBackend
Normalize converts the Backend to a NormalizedBackend If only a single Service is configured, it automatically converts to multi-server mode
type JSONAudit ¶ added in v1.7.1
type JSONAudit struct {
Enable bool `config:"enable"`
// Output configures where each audit line is written (see provider, file, http).
Output JSONAuditOutput `config:"output"`
// MaxBodyBytes caps captured request/response bodies (default 1MiB).
MaxBodyBytes int64 `config:"max_body_bytes,default=1048576"`
// SampleRate is the fraction of requests to audit (0.0–1.0]. Values <=0 are treated as 1.0.
SampleRate float64 `config:"sample_rate,default=1"`
// SniffJSON treats bodies as JSON when json.Valid succeeds if Content-Type is not JSON.
SniffJSON bool `config:"sniff_json,default=true"`
// DecompressGzip attempts gzip decompression for logging when Content-Encoding is gzip.
DecompressGzip bool `config:"decompress_gzip,default=true"`
// IncludePaths limits auditing to paths with these prefixes (empty = all, before excludes).
IncludePaths []string `config:"include_paths"`
// ExcludePaths skips paths with any of these prefixes.
ExcludePaths []string `config:"exclude_paths"`
// Redact controls masking of sensitive headers, query keys, and JSON object keys in audit logs.
Redact JSONAuditRedact `config:"redact"`
}
JSONAudit configures JSON response audit logging for the gateway or a single route.
type JSONAuditHTTPOutput ¶ added in v1.7.1
type JSONAuditHTTPOutput struct {
URL string `config:"url"`
// Method defaults to POST if empty.
Method string `config:"method,default=POST"`
// Headers are optional extra request headers (e.g. Authorization).
Headers map[string]string `config:"headers"`
// TimeoutSeconds caps the outbound request (default 5; must be >0).
TimeoutSeconds int64 `config:"timeout_seconds,default=5"`
}
JSONAuditHTTPOutput configures the HTTP sink when output.provider is http.
type JSONAuditOutput ¶ added in v1.7.1
type JSONAuditOutput struct {
// Provider is console (default), file, http, or database.
// Aliases: webhook/endpoint/api => http, db/sql => database.
Provider string `config:"provider,default=console"`
File JSONAuditOutputFile `config:"file"`
HTTP JSONAuditHTTPOutput `config:"http"`
Database JSONAuditOutputDatabase `config:"database"`
}
JSONAuditOutput groups sink selection (provider) and provider-specific settings under json_audit.output.
type JSONAuditOutputDatabase ¶ added in v1.7.2
type JSONAuditOutputDatabase struct {
// Engine must be one of postgres, mysql, or sqlite.
Engine string `config:"engine"`
// DSN is the database connection string.
DSN string `config:"dsn"`
// Host is used to build DSN when set (higher priority than DSN).
Host string `config:"host"`
// Port is used to build DSN when Host is set.
Port int64 `config:"port"`
// Username is used to build DSN when Host is set.
Username string `config:"username"`
// Password is used to build DSN when Host is set.
Password string `config:"password"`
// DB is database name (postgres/mysql) or file path (sqlite) when Host/DB mode is used.
DB string `config:"db"`
}
JSONAuditOutputDatabase configures the DB sink when output.provider is database.
type JSONAuditOutputFile ¶ added in v1.7.1
type JSONAuditOutputFile struct {
// Path is the filesystem path; each audit record is one appended line (NDJSON).
Path string `config:"path"`
}
JSONAuditOutputFile configures the file sink when output.provider is file.
type JSONAuditRedact ¶ added in v1.7.1
type JSONAuditRedact struct {
// Enable turns redaction on or off. Omitted (nil) means on (default).
Enable *bool `config:"enable"`
// Keys lists JSON object keys and query parameter names to mask (case-insensitive).
// Empty uses built-in defaults when redaction is enabled.
Keys []string `config:"keys"`
}
JSONAuditRedact configures whether and how values are masked in audit records.
func (JSONAuditRedact) RedactEnabled ¶ added in v1.7.1
func (r JSONAuditRedact) RedactEnabled() bool
RedactEnabled reports whether masking is active. When Enable is omitted, defaults to true.
type NormalizedBackend ¶ added in v1.6.0
type NormalizedBackend struct {
Algorithm string
Servers []*service.Server
BaseConfig *service.Service
}
NormalizedBackend represents a normalized backend configuration that can handle both single-server and multi-server modes
type RateLimit ¶ added in v1.7.0
type RateLimit struct {
Enable bool `config:"enable"`
Algorithm string `config:"algorithm,default=token-bucket"` // token-bucket, leaky-bucket, fixed-window
KeyType string `config:"key_type,default=ip"` // ip, user, apikey, clientid, header
KeyHeader string `config:"key_header"` // when key_type=header, specify header name
Limit int64 `config:"limit"` // limit count
Window int64 `config:"window"` // time window in seconds
Burst int64 `config:"burst"` // burst capacity (only for token-bucket)
Message string `config:"message,default=Too Many Requests"`
Headers map[string]string `config:"headers"` // custom response headers
}
type Route ¶
type Route struct {
Name string `config:"name"`
Path string `config:"path"`
Backend Backend `config:"backend"`
// PathType is the path type of route, options: prefix, regex
PathType string `config:"path_type,default=prefix"`
RateLimit RateLimit `config:"rate_limit"`
JSONAudit JSONAudit `config:"json_audit"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.