Documentation
¶
Overview ¶
Package headerbp provides the shared code for propagating baseplate headers using server and client middlewares.
It is meant to be used by middlewares for different rpc frameworks like http and grpc, not used directly by services.
It is only meant to propagate headers that the server receives, the client middlewares will return an error if they detect a baseplate header in the request being sent.
Index ¶
- Constants
- Variables
- func HasSetOutgoingHeaders(ctx context.Context, options ...HasSetOutgoingHeadersOption) bool
- func HeaderSignatureFromContext(ctx context.Context) (string, bool)
- func IsBaseplateHeader(key string) bool
- func SetOutgoingHeaders(ctx context.Context, options ...SetOutgoingHeadersOption) context.Context
- func SetV0Setters(...)
- func SetV2BaseplateHeadersSetter(setter func(context.Context, map[string]string) context.Context)
- func SetV2BaseplateSignatureSetter(setter func(context.Context, string) context.Context)
- func ShouldRemoveClientHeader(name string, options ...CheckClientHeaderOption) bool
- func SignHeaders(ctx context.Context, signingSecret secrets.VersionedSecret, ...) (string, error)
- func VerifyHeaders(ctx context.Context, verificationSecret secrets.VersionedSecret, ...) (context.Context, error)
- type CheckClientHeaderOption
- type CommonHeaderOption
- type HasSetOutgoingHeadersOption
- type IncomingHeaders
- type NewIncomingHeadersOption
- type SetOutgoingHeadersOption
Constants ¶
const (
SignatureHeaderCanonicalHTTP = "X-Rddt-Headerbp-Signature"
)
Variables ¶
var ErrInvalidSignatureVersion = fmt.Errorf("invalid version")
var ErrNewInternalHeaderNotAllowed = fmt.Errorf("cannot send new internal headers on requests")
ErrNewInternalHeaderNotAllowed is returned by a client when the call tries to set an internal header is not allowlisted
Functions ¶
func HasSetOutgoingHeaders ¶
func HasSetOutgoingHeaders(ctx context.Context, options ...HasSetOutgoingHeadersOption) bool
HasSetOutgoingHeaders returns true if the baseplate headers have already been set by the caller.
func HeaderSignatureFromContext ¶
HeaderSignatureFromContext gets the header signature from the context. This can be used in client middleware to propagate the signature along with the headers if they are unchanged by the request.
func IsBaseplateHeader ¶
IsBaseplateHeader returns true if the header is for baseplate and should be propagated
func SetOutgoingHeaders ¶
func SetOutgoingHeaders(ctx context.Context, options ...SetOutgoingHeadersOption) context.Context
SetOutgoingHeaders sets the baseplate headers in the outgoing headers if they have not already been set by the caller.
func SetV0Setters ¶
func SetV0Setters( setV0HeaderSetter func(func(context.Context, map[string]string) context.Context), setV0SignatureSetter func(func(context.Context, string) context.Context), )
SetV0Setters can be used by the baseplate interop library to hook headerbp v0 into v2.
func SetV2BaseplateHeadersSetter ¶
SetV2BaseplateHeadersSetter sets the function to use to set baseplate headers in the v2 library.
func SetV2BaseplateSignatureSetter ¶
SetV2BaseplateSignatureSetter sets the function to use to set baseplate signature in the v2 library.
func ShouldRemoveClientHeader ¶
func ShouldRemoveClientHeader(name string, options ...CheckClientHeaderOption) bool
ShouldRemoveClientHeader checks if the header is allowlisted and returns if the header should be removed
func SignHeaders ¶
func SignHeaders( ctx context.Context, signingSecret secrets.VersionedSecret, headerNames []string, getHeader func(string) string, opts ...signHeadersOptions, ) (string, error)
SignHeaders signs the given headers with the given signing secret using baseplate message signing. The signature will be valid for 5 minutes.
This can be used by middlewares clients that send requests to other services that are exposed to untrusted traffic to sign the headers before sending them or by services that are setting up the initial headers to be propagated.
func VerifyHeaders ¶
func VerifyHeaders( ctx context.Context, verificationSecret secrets.VersionedSecret, signature string, headerNames []string, getHeader func(string) string, ) (context.Context, error)
VerifyHeaders verifies the signature of the given headers using the given verification secret. If the signature is valid, it sets the signature on the context.
This can be used by middlewares that receive requests from untrusted traffic to verify the headers before recording them to be propagated.
Types ¶
type CheckClientHeaderOption ¶
type CheckClientHeaderOption interface {
ApplyToShouldRemoveClientHeaders(*shouldRemoveClientHeaders)
}
func WithCheckClientHeaderOptions ¶
func WithCheckClientHeaderOptions(options ...CheckClientHeaderOption) CheckClientHeaderOption
type CommonHeaderOption ¶
type CommonHeaderOption interface {
CheckClientHeaderOption
SetOutgoingHeadersOption
NewIncomingHeadersOption
HasSetOutgoingHeadersOption
}
func WithHTTPClient ¶
func WithHTTPClient(service, client, endpoint string) CommonHeaderOption
func WithHTTPService ¶
func WithHTTPService(service, method string) CommonHeaderOption
func WithThriftClient ¶
func WithThriftClient(service, client, method string) CommonHeaderOption
func WithThriftService ¶
func WithThriftService(service, method string) CommonHeaderOption
type HasSetOutgoingHeadersOption ¶
type HasSetOutgoingHeadersOption interface {
ApplyToHasSetOutgoingHeaders(headers *hasSetOutgoingHeaders)
}
func WithHasSetOutgoingHeadersOptions ¶
func WithHasSetOutgoingHeadersOptions(options ...HasSetOutgoingHeadersOption) HasSetOutgoingHeadersOption
type IncomingHeaders ¶
type IncomingHeaders struct {
// contains filtered or unexported fields
}
IncomingHeaders is used to store baseplate headers that are received in a request to a service.
An empty IncomingHeaders is unsafe to use and should be created using NewIncomingHeaders.
func NewIncomingHeaders ¶
func NewIncomingHeaders(options ...NewIncomingHeadersOption) *IncomingHeaders
func (*IncomingHeaders) RecordHeader ¶
func (h *IncomingHeaders) RecordHeader(key, value string)
RecordHeader records the header to be forwarded if it is a baseplate header
func (*IncomingHeaders) SetOnContext ¶
func (h *IncomingHeaders) SetOnContext(ctx context.Context) context.Context
SetOnContext attaches the collected baseplate headers to the context to be forwarded
type NewIncomingHeadersOption ¶
type NewIncomingHeadersOption interface {
ApplyToNewIncomingHeaders(*newIncomingHeaders)
}
func WithNewIncomingHeadersOptions ¶
func WithNewIncomingHeadersOptions(options ...NewIncomingHeadersOption) NewIncomingHeadersOption
type SetOutgoingHeadersOption ¶
type SetOutgoingHeadersOption interface {
ApplyToSetOutgoingHeaders(*setOutgoingHeaders)
}
func WithHeaderSetter ¶
func WithHeaderSetter(setter func(key, value string)) SetOutgoingHeadersOption
func WithSetOutgoingHeadersOptions ¶
func WithSetOutgoingHeadersOptions(options ...SetOutgoingHeadersOption) SetOutgoingHeadersOption
Source Files