route

package
v1.7.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EffectiveJSONAuditProvider added in v1.7.1 

func EffectiveJSONAuditProvider(o JSONAuditOutput) string

EffectiveJSONAuditProvider returns the normalized sink id: console, file, or http.

Types

type Backend 

type Backend struct {
	Service service.Service `config:"service"`
}

func (*Backend) GetService added in v1.6.0 

func (b *Backend) GetService() *service.Service

GetService returns a single service (backward compatibility method) Returns the first server if in multi-server mode

func (*Backend) IsMultiServer added in v1.6.0 

func (b *Backend) IsMultiServer() bool

IsMultiServer checks if the backend is configured for multi-server mode

func (*Backend) Normalize added in v1.6.0 

func (b *Backend) Normalize() *NormalizedBackend

Normalize converts the Backend to a NormalizedBackend If only a single Service is configured, it automatically converts to multi-server mode

type CORS added in v1.7.3 

type CORS struct {
	Enable bool `config:"enable"`
	// AllowOrigins lists allowed Origin values; use * for any origin (incompatible with AllowCredentials).
	AllowOrigins []string `config:"allow_origins"`
	// AllowMethods lists allowed methods for preflight and Access-Control-Allow-Methods.
	AllowMethods []string `config:"allow_methods"`
	// AllowHeaders lists allowed request headers (Access-Control-Allow-Headers).
	AllowHeaders []string `config:"allow_headers"`
	// ExposeHeaders lists response headers the browser may read (Access-Control-Expose-Headers).
	ExposeHeaders    []string `config:"expose_headers"`
	AllowCredentials bool     `config:"allow_credentials"`
	// MaxAge is the preflight cache duration in seconds (Access-Control-Max-Age).
	MaxAge int64 `config:"max_age"`
}

CORS adds Cross-Origin Resource Sharing headers. Enable at the global level and/or per route; route settings override the global block for fields that are set.

type HTTPCache added in v1.7.4 

type HTTPCache struct {
	Enable bool `config:"enable"`
	// TTL is entry time-to-live in seconds (default 60).
	TTL int64 `config:"ttl,default=60"`
	// KeyPrefix namespaces keys in Application.Cache() (default "httpcache").
	KeyPrefix string `config:"key_prefix"`
	// Methods lists HTTP methods to cache; empty means GET only.
	Methods []string `config:"methods"`
	// VaryHeaders lists request header names whose values are mixed into the cache key (RFC 7234 style).
	VaryHeaders []string `config:"vary_headers"`
	StatusMin   int      `config:"status_min,default=200"`
	StatusMax   int      `config:"status_max,default=299"`
	// MaxBodyBytes caps stored response bodies (default 2MiB).
	MaxBodyBytes int64 `config:"max_body_bytes,default=2097152"`
	// RespectUpstreamCacheControl skips storing when Cache-Control contains no-store or private.
	RespectUpstreamCacheControl bool `config:"respect_upstream_cache_control,default=true"`
	// CacheAuthorizedRequests allows caching when Authorization or Cookie is present (default false).
	CacheAuthorizedRequests bool `config:"cache_authorized_requests,default=false"`
	// SkipResponsesWithSetCookie avoids caching responses that set cookies (default true).
	SkipResponsesWithSetCookie bool `config:"skip_responses_with_set_cookie,default=true"`
	// OmitQueryFromKey excludes the raw query string from the cache key when true (default false).
	OmitQueryFromKey bool `config:"omit_query_from_key,default=false"`
}

HTTPCache configures reverse-proxy style response caching for GET-style requests. Behavior is similar in spirit to nginx proxy_cache (custom keys, TTL, upstream Cache-Control).

func (HTTPCache) EffectiveMaxBodyBytes added in v1.7.4 

func (h HTTPCache) EffectiveMaxBodyBytes() int64

EffectiveMaxBodyBytes returns the max captured body size.

func (HTTPCache) EffectiveStatusRange added in v1.7.4 

func (h HTTPCache) EffectiveStatusRange() (min, max int)

EffectiveStatusRange returns inclusive HTTP status bounds for cacheable responses.

func (HTTPCache) EffectiveTTL added in v1.7.4 

func (h HTTPCache) EffectiveTTL() time.Duration

EffectiveTTL returns the KV TTL for stored entries.

func (HTTPCache) IncludeQueryInKey added in v1.7.4 

func (h HTTPCache) IncludeQueryInKey() bool

IncludeQueryInKey reports whether the raw query string participates in the cache key.

func (HTTPCache) NormalizedVaryHeaders added in v1.7.4 

func (h HTTPCache) NormalizedVaryHeaders() []string

NormalizedVaryHeaders returns sorted, canonical header names for stable cache keys.

type IPPolicy added in v1.7.3 

type IPPolicy struct {
	Enable bool `config:"enable"`
	// Allow is a list of CIDRs. If non-empty, the client IP must match at least one entry.
	Allow []string `config:"allow"`
	// Deny is a list of CIDRs; matching clients receive HTTP 403.
	Deny []string `config:"deny"`
	// TrustedProxies lists CIDRs of reverse proxies. Only when the direct peer address is in this set
	// the gateway trusts X-Forwarded-For (first hop) to derive the client IP. Empty means the gateway
	// only uses the direct TCP remote address.
	TrustedProxies []string `config:"trusted_proxies"`
	// Message is the response body for denied requests.
	Message string `config:"message,default=Forbidden"`
}

IPPolicy filters client IPs at the edge. Deny rules are evaluated first; then, if allow is non-empty, the client must fall into at least one allow CIDR; if allow is empty, only deny is applied.

type JSONAudit added in v1.7.1 

type JSONAudit struct {
	Enable bool `config:"enable"`
	// Output configures where each audit line is written (see provider, file, http).
	Output JSONAuditOutput `config:"output"`
	// MaxBodyBytes caps captured request/response bodies (default 1MiB).
	MaxBodyBytes int64 `config:"max_body_bytes,default=1048576"`
	// SampleRate is the fraction of requests to audit (0.0–1.0]. Values <=0 are treated as 1.0.
	SampleRate float64 `config:"sample_rate,default=1"`
	// SniffJSON treats bodies as JSON when json.Valid succeeds if Content-Type is not JSON.
	SniffJSON bool `config:"sniff_json,default=true"`
	// DecompressGzip attempts gzip decompression for logging when Content-Encoding is gzip.
	DecompressGzip bool `config:"decompress_gzip,default=true"`
	// IncludePaths limits auditing to paths with these prefixes (empty = all, before excludes).
	IncludePaths []string `config:"include_paths"`
	// ExcludePaths skips paths with any of these prefixes.
	ExcludePaths []string `config:"exclude_paths"`
	// Redact controls masking of sensitive headers, query keys, and JSON object keys in audit logs.
	Redact JSONAuditRedact `config:"redact"`
}

JSONAudit configures JSON response audit logging for the gateway or a single route.

type JSONAuditHTTPOutput added in v1.7.1 

type JSONAuditHTTPOutput struct {
	URL string `config:"url"`
	// Method defaults to POST if empty.
	Method string `config:"method,default=POST"`
	// Headers are optional extra request headers (e.g. Authorization).
	Headers map[string]string `config:"headers"`
	// TimeoutSeconds caps the outbound request (default 5; must be >0).
	TimeoutSeconds int64 `config:"timeout_seconds,default=5"`
}

JSONAuditHTTPOutput configures the HTTP sink when output.provider is http.

type JSONAuditOutput added in v1.7.1 

type JSONAuditOutput struct {
	// Provider is console (default), file, http, or database.
	// Aliases: webhook/endpoint/api => http, db/sql => database.
	Provider string                  `config:"provider,default=console"`
	File     JSONAuditOutputFile     `config:"file"`
	HTTP     JSONAuditHTTPOutput     `config:"http"`
	Database JSONAuditOutputDatabase `config:"database"`
}

JSONAuditOutput groups sink selection (provider) and provider-specific settings under json_audit.output.

type JSONAuditOutputDatabase added in v1.7.2 

type JSONAuditOutputDatabase struct {
	// Engine must be one of postgres, mysql, or sqlite.
	Engine string `config:"engine"`
	// DSN is the database connection string.
	DSN string `config:"dsn"`
	// Host is used to build DSN when set (higher priority than DSN).
	Host string `config:"host"`
	// Port is used to build DSN when Host is set.
	Port int64 `config:"port"`
	// Username is used to build DSN when Host is set.
	Username string `config:"username"`
	// Password is used to build DSN when Host is set.
	Password string `config:"password"`
	// DB is database name (postgres/mysql) or file path (sqlite) when Host/DB mode is used.
	DB string `config:"db"`
}

JSONAuditOutputDatabase configures the DB sink when output.provider is database.

type JSONAuditOutputFile added in v1.7.1 

type JSONAuditOutputFile struct {
	// Path is the filesystem path; each audit record is one appended line (NDJSON).
	Path string `config:"path"`
}

JSONAuditOutputFile configures the file sink when output.provider is file.

type JSONAuditRedact added in v1.7.1 

type JSONAuditRedact struct {
	// Enable turns redaction on or off. Omitted (nil) means on (default).
	Enable *bool `config:"enable"`
	// Keys lists JSON object keys and query parameter names to mask (case-insensitive).
	// Empty uses built-in defaults when redaction is enabled.
	Keys []string `config:"keys"`
}

JSONAuditRedact configures whether and how values are masked in audit records.

func (JSONAuditRedact) RedactEnabled added in v1.7.1 

func (r JSONAuditRedact) RedactEnabled() bool

RedactEnabled reports whether masking is active. When Enable is omitted, defaults to true.

type NormalizedBackend added in v1.6.0 

type NormalizedBackend struct {
	Algorithm  string
	Servers    []*service.Server
	BaseConfig *service.Service
}

NormalizedBackend represents a normalized backend configuration that can handle both single-server and multi-server modes

type RateLimit added in v1.7.0 

type RateLimit struct {
	Enable    bool              `config:"enable"`
	Algorithm string            `config:"algorithm,default=token-bucket"` // token-bucket, leaky-bucket, fixed-window
	KeyType   string            `config:"key_type,default=ip"`            // ip, user, apikey, clientid, header
	KeyHeader string            `config:"key_header"`                     // when key_type=header, specify header name
	Limit     int64             `config:"limit"`                          // limit count
	Window    int64             `config:"window"`                         // time window in seconds
	Burst     int64             `config:"burst"`                          // burst capacity (only for token-bucket)
	Message   string            `config:"message,default=Too Many Requests"`
	Headers   map[string]string `config:"headers"` // custom response headers
}

type Route 

type Route struct {
	Name    string  `config:"name"`
	Path    string  `config:"path"`
	Backend Backend `config:"backend"`
	// PathType is the path type of route, options: prefix, regex
	PathType  string    `config:"path_type,default=prefix"`
	RateLimit RateLimit `config:"rate_limit"`
	JSONAudit JSONAudit `config:"json_audit"`
	HTTPCache HTTPCache `config:"http_cache"`
	IPPolicy  IPPolicy  `config:"ip_policy"`
	CORS      CORS      `config:"cors"`
}

func (*Route) Rewrite 

func (r *Route) Rewrite(path string) string

type Service added in v1.4.1 

type Service = service.Service

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.