proxy

package

v0.68.1 Latest Latest Go to latest Published: Apr 8, 2026 License: BSD-3-Clause, AGPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/netbirdio/netbird

Links

Open Source Insights

Documentation ¶

Index ¶

func IsTrustedProxy(ipStr string, trusted []netip.Prefix) bool
func ResolveClientIP(remoteAddr, xff string, trusted []netip.Prefix) netip.Addr
func WithCapturedData(ctx context.Context, data *CapturedData) context.Context
type CapturedData
- func CapturedDataFromContext(ctx context.Context) *CapturedData
- func NewCapturedData(requestID string) *CapturedData
type Mapping
type PathRewriteMode
type PathTarget
type ResponseOrigin
- func (o ResponseOrigin) String() string
type ReverseProxy
- func NewReverseProxy(transport http.RoundTripper, forwardedProto string, ...) *ReverseProxy

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsTrustedProxy ¶

func IsTrustedProxy(ipStr string, trusted []netip.Prefix) bool

IsTrustedProxy checks if the given IP string falls within any of the trusted prefixes.

func ResolveClientIP ¶

func ResolveClientIP(remoteAddr, xff string, trusted []netip.Prefix) netip.Addr

ResolveClientIP extracts the real client IP from X-Forwarded-For using the trusted proxy list. It walks the XFF chain right-to-left, skipping IPs that match trusted prefixes. The first untrusted IP is the real client.

If the trusted list is empty or remoteAddr is not trusted, it returns the remoteAddr IP directly (ignoring any forwarding headers).

func WithCapturedData ¶

func WithCapturedData(ctx context.Context, data *CapturedData) context.Context

WithCapturedData adds a CapturedData struct to the context.

Types ¶

type CapturedData ¶

type CapturedData struct {
	// contains filtered or unexported fields
}

CapturedData is a mutable struct that allows downstream handlers to pass data back up the middleware chain.

func CapturedDataFromContext ¶

func CapturedDataFromContext(ctx context.Context) *CapturedData

CapturedDataFromContext retrieves the CapturedData from context.

func NewCapturedData ¶ added in v0.67.0

func NewCapturedData(requestID string) *CapturedData

NewCapturedData creates a CapturedData with the given request ID.

func (*CapturedData) GetAccountID ¶ added in v0.67.0

func (c *CapturedData) GetAccountID() types.AccountID

GetAccountID returns the account ID.

func (*CapturedData) GetAuthMethod ¶

func (c *CapturedData) GetAuthMethod() string

GetAuthMethod returns the authentication method used.

func (*CapturedData) GetClientIP ¶

func (c *CapturedData) GetClientIP() netip.Addr

GetClientIP returns the resolved client IP.

func (*CapturedData) GetOrigin ¶

func (c *CapturedData) GetOrigin() ResponseOrigin

GetOrigin returns the response origin.

func (*CapturedData) GetRequestID ¶

func (c *CapturedData) GetRequestID() string

GetRequestID returns the request ID.

func (*CapturedData) GetServiceID ¶ added in v0.67.0

func (c *CapturedData) GetServiceID() types.ServiceID

GetServiceID returns the service ID.

func (*CapturedData) GetUserID ¶

func (c *CapturedData) GetUserID() string

GetUserID returns the authenticated user ID.

func (*CapturedData) SetAccountID ¶ added in v0.67.0

func (c *CapturedData) SetAccountID(accountID types.AccountID)

SetAccountID sets the account ID.

func (*CapturedData) SetAuthMethod ¶

func (c *CapturedData) SetAuthMethod(method string)

SetAuthMethod sets the authentication method used.

func (*CapturedData) SetClientIP ¶

func (c *CapturedData) SetClientIP(ip netip.Addr)

SetClientIP sets the resolved client IP.

func (*CapturedData) SetOrigin ¶

func (c *CapturedData) SetOrigin(origin ResponseOrigin)

SetOrigin sets the response origin.

func (*CapturedData) SetServiceID ¶ added in v0.67.0

func (c *CapturedData) SetServiceID(serviceID types.ServiceID)

SetServiceID sets the service ID.

func (*CapturedData) SetUserID ¶

func (c *CapturedData) SetUserID(userID string)

SetUserID sets the authenticated user ID.

type Mapping ¶

type Mapping struct {
	ID               types.ServiceID
	AccountID        types.AccountID
	Host             string
	Paths            map[string]*PathTarget
	PassHostHeader   bool
	RewriteRedirects bool
	// StripAuthHeaders are header names used for header-based auth.
	// These headers are stripped from requests before forwarding.
	StripAuthHeaders []string
	// contains filtered or unexported fields
}

Mapping describes how a domain is routed by the HTTP reverse proxy.

type PathRewriteMode ¶ added in v0.66.3

type PathRewriteMode int

PathRewriteMode controls how the request path is rewritten before forwarding.

const (
	// PathRewriteDefault strips the matched prefix and joins with the target path.
	PathRewriteDefault PathRewriteMode = iota
	// PathRewritePreserve keeps the full original request path as-is.
	PathRewritePreserve
)

type PathTarget ¶ added in v0.66.3

type PathTarget struct {
	URL            *url.URL
	SkipTLSVerify  bool
	RequestTimeout time.Duration
	PathRewrite    PathRewriteMode
	CustomHeaders  map[string]string
}

PathTarget holds a backend URL and per-target behavioral options.

type ResponseOrigin ¶

type ResponseOrigin int

ResponseOrigin indicates where a response was generated.

const (
	// OriginBackend means the response came from the backend service.
	OriginBackend ResponseOrigin = iota
	// OriginNoRoute means the proxy had no matching host or path.
	OriginNoRoute
	// OriginProxyError means the proxy failed to reach the backend.
	OriginProxyError
	// OriginAuth means the proxy intercepted the request for authentication.
	OriginAuth
)

func (ResponseOrigin) String ¶

func (o ResponseOrigin) String() string

type ReverseProxy ¶

type ReverseProxy struct {
	// contains filtered or unexported fields
}

func NewReverseProxy ¶

func NewReverseProxy(transport http.RoundTripper, forwardedProto string, trustedProxies []netip.Prefix, logger *log.Logger) *ReverseProxy

NewReverseProxy configures a new NetBird ReverseProxy. This is a wrapper around an httputil.ReverseProxy set to dynamically route requests based on internal mapping between requested URLs and targets. The internal mappings can be modified using the AddMapping and RemoveMapping functions.

func (*ReverseProxy) AddMapping ¶

func (p *ReverseProxy) AddMapping(m Mapping)

AddMapping registers a host-to-backend mapping for the reverse proxy.

func (*ReverseProxy) RemoveMapping ¶

func (p *ReverseProxy) RemoveMapping(m Mapping) bool

RemoveMapping removes the mapping for the given host and reports whether it existed.

func (*ReverseProxy) ServeHTTP ¶

func (p *ReverseProxy) ServeHTTP(w http.ResponseWriter, r *http.Request)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL