service

package
v0.67.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2026 License: BSD-3-Clause, AGPL-3.0 Imports: 23 Imported by: 0

Documentation

Overview

Package service is a generated GoMock package.

Index

Constants

View Source 
const (
	StatusPending            Status = "pending"
	StatusActive             Status = "active"
	StatusTunnelNotCreated   Status = "tunnel_not_created"
	StatusCertificatePending Status = "certificate_pending"
	StatusCertificateFailed  Status = "certificate_failed"
	StatusError              Status = "error"

	TargetTypePeer   TargetType = "peer"
	TargetTypeHost   TargetType = "host"
	TargetTypeDomain TargetType = "domain"
	TargetTypeSubnet TargetType = "subnet"

	SourcePermanent = "permanent"
	SourceEphemeral = "ephemeral"
)
View Source 
const (
	ModeHTTP = "http"
	ModeTCP  = "tcp"
	ModeUDP  = "udp"
	ModeTLS  = "tls"
)

Service mode constants.

View Source 
const (
	TargetProtoHTTP  = "http"
	TargetProtoHTTPS = "https"
	TargetProtoTCP   = "tcp"
	TargetProtoUDP   = "udp"
)

Target protocol constants (URL scheme for backend connections).

Variables

This section is empty.

Functions

func GenerateExposeName 

func GenerateExposeName(prefix string) (string, error)

GenerateExposeName generates a random service name for peer-exposed services. The prefix, if provided, must be a valid DNS label component (lowercase alphanumeric and hyphens).

func IsL4Protocol added in v0.67.0 

func IsL4Protocol(mode string) bool

IsL4Protocol returns true if the mode requires port-based routing (TCP, UDP, or TLS).

func IsPortBasedProtocol added in v0.67.0 

func IsPortBasedProtocol(mode string) bool

IsPortBasedProtocol returns true if the mode relies on dedicated port allocation. TLS is excluded because it uses SNI routing and can share ports with other TLS services.

Types

type AccessRestrictions added in v0.67.0 

type AccessRestrictions struct {
	AllowedCIDRs     []string `json:"allowed_cidrs,omitempty" gorm:"serializer:json"`
	BlockedCIDRs     []string `json:"blocked_cidrs,omitempty" gorm:"serializer:json"`
	AllowedCountries []string `json:"allowed_countries,omitempty" gorm:"serializer:json"`
	BlockedCountries []string `json:"blocked_countries,omitempty" gorm:"serializer:json"`
}

AccessRestrictions controls who can connect to the service based on IP or geography.

func (AccessRestrictions) Copy added in v0.67.0 

func (r AccessRestrictions) Copy() AccessRestrictions

Copy returns a deep copy of the AccessRestrictions.

type AuthConfig 

type AuthConfig struct {
	PasswordAuth *PasswordAuthConfig `json:"password_auth,omitempty" gorm:"serializer:json"`
	PinAuth      *PINAuthConfig      `json:"pin_auth,omitempty" gorm:"serializer:json"`
	BearerAuth   *BearerAuthConfig   `json:"bearer_auth,omitempty" gorm:"serializer:json"`
	HeaderAuths  []*HeaderAuthConfig `json:"header_auths,omitempty" gorm:"serializer:json"`
}

func (*AuthConfig) ClearSecrets 

func (a *AuthConfig) ClearSecrets()

func (*AuthConfig) HashSecrets 

func (a *AuthConfig) HashSecrets() error

type BearerAuthConfig 

type BearerAuthConfig struct {
	Enabled            bool     `json:"enabled"`
	DistributionGroups []string `json:"distribution_groups,omitempty" gorm:"serializer:json"`
}

type ExposeServiceRequest 

type ExposeServiceRequest struct {
	NamePrefix string
	Port       uint16
	Mode       string
	// TargetProtocol is the protocol used to connect to the peer backend.
	// For HTTP mode: "http" (default) or "https". For L4 modes: "tcp" or "udp".
	TargetProtocol string
	Domain         string
	Pin            string
	Password       string
	UserGroups     []string
	ListenPort     uint16
}

ExposeServiceRequest contains the parameters for creating a peer-initiated expose service.

func (*ExposeServiceRequest) ToService 

func (r *ExposeServiceRequest) ToService(accountID, peerID, serviceName string) *Service

ToService builds a Service from the expose request.

func (*ExposeServiceRequest) Validate 

func (r *ExposeServiceRequest) Validate() error

Validate checks all fields of the expose request.

type ExposeServiceResponse 

type ExposeServiceResponse struct {
	ServiceName      string
	ServiceURL       string
	Domain           string
	PortAutoAssigned bool
}

ExposeServiceResponse contains the result of a successful peer expose creation.

type HeaderAuthConfig added in v0.67.0 

type HeaderAuthConfig struct {
	Enabled bool   `json:"enabled"`
	Header  string `json:"header"`
	Value   string `json:"value"`
}

HeaderAuthConfig defines a static header-value auth check. The proxy compares the incoming header value against the stored hash.

type Manager 

type Manager interface {
	GetActiveClusters(ctx context.Context, accountID, userID string) ([]proxy.Cluster, error)
	GetAllServices(ctx context.Context, accountID, userID string) ([]*Service, error)
	GetService(ctx context.Context, accountID, userID, serviceID string) (*Service, error)
	CreateService(ctx context.Context, accountID, userID string, service *Service) (*Service, error)
	UpdateService(ctx context.Context, accountID, userID string, service *Service) (*Service, error)
	DeleteService(ctx context.Context, accountID, userID, serviceID string) error
	DeleteAllServices(ctx context.Context, accountID, userID string) error
	SetCertificateIssuedAt(ctx context.Context, accountID, serviceID string) error
	SetStatus(ctx context.Context, accountID, serviceID string, status Status) error
	ReloadAllServicesForAccount(ctx context.Context, accountID string) error
	ReloadService(ctx context.Context, accountID, serviceID string) error
	GetGlobalServices(ctx context.Context) ([]*Service, error)
	GetServiceByID(ctx context.Context, accountID, serviceID string) (*Service, error)
	GetAccountServices(ctx context.Context, accountID string) ([]*Service, error)
	GetServiceIDByTargetID(ctx context.Context, accountID string, resourceID string) (string, error)
	CreateServiceFromPeer(ctx context.Context, accountID, peerID string, req *ExposeServiceRequest) (*ExposeServiceResponse, error)
	RenewServiceFromPeer(ctx context.Context, accountID, peerID, serviceID string) error
	StopServiceFromPeer(ctx context.Context, accountID, peerID, serviceID string) error
	StartExposeReaper(ctx context.Context)
}

type Meta 

type Meta struct {
	CreatedAt           time.Time
	CertificateIssuedAt *time.Time
	Status              string
	LastRenewedAt       *time.Time
}

type MockManager 

type MockManager struct {
	// contains filtered or unexported fields
}

MockManager is a mock of Manager interface.

func NewMockManager 

func NewMockManager(ctrl *gomock.Controller) *MockManager

NewMockManager creates a new mock instance.

func (*MockManager) CreateService 

func (m *MockManager) CreateService(ctx context.Context, accountID, userID string, service *Service) (*Service, error)

CreateService mocks base method.

func (*MockManager) CreateServiceFromPeer 

func (m *MockManager) CreateServiceFromPeer(ctx context.Context, accountID, peerID string, req *ExposeServiceRequest) (*ExposeServiceResponse, error)

CreateServiceFromPeer mocks base method.

func (*MockManager) DeleteAllServices 

func (m *MockManager) DeleteAllServices(ctx context.Context, accountID, userID string) error

DeleteAllServices mocks base method.

func (*MockManager) DeleteService 

func (m *MockManager) DeleteService(ctx context.Context, accountID, userID, serviceID string) error

DeleteService mocks base method.

func (*MockManager) EXPECT 

func (m *MockManager) EXPECT() *MockManagerMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockManager) GetAccountServices 

func (m *MockManager) GetAccountServices(ctx context.Context, accountID string) ([]*Service, error)

GetAccountServices mocks base method.

func (*MockManager) GetActiveClusters added in v0.67.0 

func (m *MockManager) GetActiveClusters(ctx context.Context, accountID, userID string) ([]proxy.Cluster, error)

GetActiveClusters mocks base method.

func (*MockManager) GetAllServices 

func (m *MockManager) GetAllServices(ctx context.Context, accountID, userID string) ([]*Service, error)

GetAllServices mocks base method.

func (*MockManager) GetGlobalServices 

func (m *MockManager) GetGlobalServices(ctx context.Context) ([]*Service, error)

GetGlobalServices mocks base method.

func (*MockManager) GetService 

func (m *MockManager) GetService(ctx context.Context, accountID, userID, serviceID string) (*Service, error)

GetService mocks base method.

func (*MockManager) GetServiceByID 

func (m *MockManager) GetServiceByID(ctx context.Context, accountID, serviceID string) (*Service, error)

GetServiceByID mocks base method.

func (*MockManager) GetServiceIDByTargetID 

func (m *MockManager) GetServiceIDByTargetID(ctx context.Context, accountID, resourceID string) (string, error)

GetServiceIDByTargetID mocks base method.

func (*MockManager) ReloadAllServicesForAccount 

func (m *MockManager) ReloadAllServicesForAccount(ctx context.Context, accountID string) error

ReloadAllServicesForAccount mocks base method.

func (*MockManager) ReloadService 

func (m *MockManager) ReloadService(ctx context.Context, accountID, serviceID string) error

ReloadService mocks base method.

func (*MockManager) RenewServiceFromPeer 

func (m *MockManager) RenewServiceFromPeer(ctx context.Context, accountID, peerID, serviceID string) error

RenewServiceFromPeer mocks base method.

func (*MockManager) SetCertificateIssuedAt 

func (m *MockManager) SetCertificateIssuedAt(ctx context.Context, accountID, serviceID string) error

SetCertificateIssuedAt mocks base method.

func (*MockManager) SetStatus 

func (m *MockManager) SetStatus(ctx context.Context, accountID, serviceID string, status Status) error

SetStatus mocks base method.

func (*MockManager) StartExposeReaper 

func (m *MockManager) StartExposeReaper(ctx context.Context)

StartExposeReaper mocks base method.

func (*MockManager) StopServiceFromPeer 

func (m *MockManager) StopServiceFromPeer(ctx context.Context, accountID, peerID, serviceID string) error

StopServiceFromPeer mocks base method.

func (*MockManager) UpdateService 

func (m *MockManager) UpdateService(ctx context.Context, accountID, userID string, service *Service) (*Service, error)

UpdateService mocks base method.

type MockManagerMockRecorder 

type MockManagerMockRecorder struct {
	// contains filtered or unexported fields
}

MockManagerMockRecorder is the mock recorder for MockManager.

func (*MockManagerMockRecorder) CreateService 

func (mr *MockManagerMockRecorder) CreateService(ctx, accountID, userID, service interface{}) *gomock.Call

CreateService indicates an expected call of CreateService.

func (*MockManagerMockRecorder) CreateServiceFromPeer 

func (mr *MockManagerMockRecorder) CreateServiceFromPeer(ctx, accountID, peerID, req interface{}) *gomock.Call

CreateServiceFromPeer indicates an expected call of CreateServiceFromPeer.

func (*MockManagerMockRecorder) DeleteAllServices 

func (mr *MockManagerMockRecorder) DeleteAllServices(ctx, accountID, userID interface{}) *gomock.Call

DeleteAllServices indicates an expected call of DeleteAllServices.

func (*MockManagerMockRecorder) DeleteService 

func (mr *MockManagerMockRecorder) DeleteService(ctx, accountID, userID, serviceID interface{}) *gomock.Call

DeleteService indicates an expected call of DeleteService.

func (*MockManagerMockRecorder) GetAccountServices 

func (mr *MockManagerMockRecorder) GetAccountServices(ctx, accountID interface{}) *gomock.Call

GetAccountServices indicates an expected call of GetAccountServices.

func (*MockManagerMockRecorder) GetActiveClusters added in v0.67.0 

func (mr *MockManagerMockRecorder) GetActiveClusters(ctx, accountID, userID interface{}) *gomock.Call

GetActiveClusters indicates an expected call of GetActiveClusters.

func (*MockManagerMockRecorder) GetAllServices 

func (mr *MockManagerMockRecorder) GetAllServices(ctx, accountID, userID interface{}) *gomock.Call

GetAllServices indicates an expected call of GetAllServices.

func (*MockManagerMockRecorder) GetGlobalServices 

func (mr *MockManagerMockRecorder) GetGlobalServices(ctx interface{}) *gomock.Call

GetGlobalServices indicates an expected call of GetGlobalServices.

func (*MockManagerMockRecorder) GetService 

func (mr *MockManagerMockRecorder) GetService(ctx, accountID, userID, serviceID interface{}) *gomock.Call

GetService indicates an expected call of GetService.

func (*MockManagerMockRecorder) GetServiceByID 

func (mr *MockManagerMockRecorder) GetServiceByID(ctx, accountID, serviceID interface{}) *gomock.Call

GetServiceByID indicates an expected call of GetServiceByID.

func (*MockManagerMockRecorder) GetServiceIDByTargetID 

func (mr *MockManagerMockRecorder) GetServiceIDByTargetID(ctx, accountID, resourceID interface{}) *gomock.Call

GetServiceIDByTargetID indicates an expected call of GetServiceIDByTargetID.

func (*MockManagerMockRecorder) ReloadAllServicesForAccount 

func (mr *MockManagerMockRecorder) ReloadAllServicesForAccount(ctx, accountID interface{}) *gomock.Call

ReloadAllServicesForAccount indicates an expected call of ReloadAllServicesForAccount.

func (*MockManagerMockRecorder) ReloadService 

func (mr *MockManagerMockRecorder) ReloadService(ctx, accountID, serviceID interface{}) *gomock.Call

ReloadService indicates an expected call of ReloadService.

func (*MockManagerMockRecorder) RenewServiceFromPeer 

func (mr *MockManagerMockRecorder) RenewServiceFromPeer(ctx, accountID, peerID, serviceID interface{}) *gomock.Call

RenewServiceFromPeer indicates an expected call of RenewServiceFromPeer.

func (*MockManagerMockRecorder) SetCertificateIssuedAt 

func (mr *MockManagerMockRecorder) SetCertificateIssuedAt(ctx, accountID, serviceID interface{}) *gomock.Call

SetCertificateIssuedAt indicates an expected call of SetCertificateIssuedAt.

func (*MockManagerMockRecorder) SetStatus 

func (mr *MockManagerMockRecorder) SetStatus(ctx, accountID, serviceID, status interface{}) *gomock.Call

SetStatus indicates an expected call of SetStatus.

func (*MockManagerMockRecorder) StartExposeReaper 

func (mr *MockManagerMockRecorder) StartExposeReaper(ctx interface{}) *gomock.Call

StartExposeReaper indicates an expected call of StartExposeReaper.

func (*MockManagerMockRecorder) StopServiceFromPeer 

func (mr *MockManagerMockRecorder) StopServiceFromPeer(ctx, accountID, peerID, serviceID interface{}) *gomock.Call

StopServiceFromPeer indicates an expected call of StopServiceFromPeer.

func (*MockManagerMockRecorder) UpdateService 

func (mr *MockManagerMockRecorder) UpdateService(ctx, accountID, userID, service interface{}) *gomock.Call

UpdateService indicates an expected call of UpdateService.

type Operation 

type Operation string
const (
	Create Operation = "create"
	Update Operation = "update"
	Delete Operation = "delete"
)

type PINAuthConfig 

type PINAuthConfig struct {
	Enabled bool   `json:"enabled"`
	Pin     string `json:"pin"`
}

type PasswordAuthConfig 

type PasswordAuthConfig struct {
	Enabled  bool   `json:"enabled"`
	Password string `json:"password"`
}

type PathRewriteMode added in v0.66.3 

type PathRewriteMode string

PathRewriteMode controls how the request path is rewritten before forwarding. 

const (
	PathRewritePreserve PathRewriteMode = "preserve"
)

type Service 

type Service struct {
	ID                string `gorm:"primaryKey"`
	AccountID         string `gorm:"index"`
	Name              string
	Domain            string    `gorm:"type:varchar(255);uniqueIndex"`
	ProxyCluster      string    `gorm:"index"`
	Targets           []*Target `gorm:"foreignKey:ServiceID;constraint:OnDelete:CASCADE"`
	Enabled           bool
	Terminated        bool
	PassHostHeader    bool
	RewriteRedirects  bool
	Auth              AuthConfig         `gorm:"serializer:json"`
	Restrictions      AccessRestrictions `gorm:"serializer:json"`
	Meta              Meta               `gorm:"embedded;embeddedPrefix:meta_"`
	SessionPrivateKey string             `gorm:"column:session_private_key"`
	SessionPublicKey  string             `gorm:"column:session_public_key"`
	Source            string             `gorm:"default:'permanent';index:idx_service_source_peer"`
	SourcePeer        string             `gorm:"index:idx_service_source_peer"`
	// Mode determines the service type: "http", "tcp", "udp", or "tls".
	Mode             string `gorm:"default:'http'"`
	ListenPort       uint16
	PortAutoAssigned bool
}

func (*Service) Copy 

func (s *Service) Copy() *Service

func (*Service) DecryptSensitiveData 

func (s *Service) DecryptSensitiveData(enc *crypt.FieldEncrypt) error

func (*Service) EncryptSensitiveData 

func (s *Service) EncryptSensitiveData(enc *crypt.FieldEncrypt) error

func (*Service) EventMeta 

func (s *Service) EventMeta() map[string]any

func (*Service) FromAPIRequest 

func (s *Service) FromAPIRequest(req *api.ServiceRequest, accountID string) error

func (*Service) InitNewRecord 

func (s *Service) InitNewRecord()

InitNewRecord generates a new unique ID and resets metadata for a newly created Service record. This overwrites any existing ID and Meta fields and should only be called during initial creation, not for updates.

func (*Service) ToAPIResponse 

func (s *Service) ToAPIResponse() *api.Service

func (*Service) ToProtoMapping 

func (s *Service) ToProtoMapping(operation Operation, authToken string, oidcConfig proxy.OIDCValidationConfig) *proto.ProxyMapping

func (*Service) Validate 

func (s *Service) Validate() error

type Status 

type Status string

type Target 

type Target struct {
	ID            uint          `gorm:"primaryKey" json:"-"`
	AccountID     string        `gorm:"index:idx_target_account;not null" json:"-"`
	ServiceID     string        `gorm:"index:idx_service_targets;not null" json:"-"`
	Path          *string       `json:"path,omitempty"`
	Host          string        `json:"host"` // the Host field is only used for subnet targets, otherwise ignored
	Port          uint16        `gorm:"index:idx_target_port" json:"port"`
	Protocol      string        `gorm:"index:idx_target_protocol" json:"protocol"`
	TargetId      string        `gorm:"index:idx_target_id" json:"target_id"`
	TargetType    TargetType    `gorm:"index:idx_target_type" json:"target_type"`
	Enabled       bool          `gorm:"index:idx_target_enabled" json:"enabled"`
	Options       TargetOptions `gorm:"embedded" json:"options"`
	ProxyProtocol bool          `json:"proxy_protocol"`
}

type TargetOptions added in v0.66.3 

type TargetOptions struct {
	SkipTLSVerify      bool              `json:"skip_tls_verify"`
	RequestTimeout     time.Duration     `json:"request_timeout,omitempty"`
	SessionIdleTimeout time.Duration     `json:"session_idle_timeout,omitempty"`
	PathRewrite        PathRewriteMode   `json:"path_rewrite,omitempty"`
	CustomHeaders      map[string]string `gorm:"serializer:json" json:"custom_headers,omitempty"`
}

type TargetType added in v0.67.0 

type TargetType string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.