Documentation
¶
Index ¶
- Constants
- func BuildTransport(opts Options) http.RoundTripper
- func DisableResponseBodyDeadline(resp *http.Response) bool
- func Do(ctx context.Context, method, rawURL string, body io.Reader, opts Options) (*http.Response, error)
- func EffectivePort(u *url.URL) (port string, ok bool)
- func HasCredentialQuery(u *url.URL) bool
- func IsCredentialHeader(name string) bool
- func IsCredentialQueryParam(name string) bool
- func IsMarkedCredentialCookie(req *http.Request, name string) bool
- func IsMarkedCredentialHeader(req *http.Request, name string) bool
- func IsMarkedCredentialQueryParam(req *http.Request, name string) bool
- func MarkCredentialCookie(req *http.Request, name string)
- func MarkCredentialHeader(req *http.Request, name string)
- func MarkCredentialQueryParam(req *http.Request, name string)
- func Normalize(rawURL, serverOverride string) (string, error)
- func ParseHeaderOption(h string) (name, value string, err error)
- func ParseQueryOption(kv string) (key, value string, err error)
- func RedactedRequestURI(req *http.Request) string
- func RedactedRequestURL(req *http.Request) string
- func RedactedURL(u *url.URL) string
- func SameOrigin(a, b *url.URL) bool
- func TLSConfigFromOptions(opts Options) (*tls.Config, error)
- func TLSConfigWithCleanupFromOptions(opts Options) (*tls.Config, io.Closer, error)
- func TLSVersionFromString(v string) (uint16, error)
- type Options
Constants ¶
const DefaultRetryMaxWait = 5 * time.Minute
DefaultRetryMaxWait is the default cap for server-provided retry delays.
Variables ¶
This section is empty.
Functions ¶
func BuildTransport ¶
func BuildTransport(opts Options) http.RoundTripper
BuildTransport returns the appropriate RoundTripper for opts. Layer order (outermost → innermost):
httpcache.Transport → retryTransport → http.Transport
The retry transport sits below the cache so that only cache misses (real server requests) are retried.
func DisableResponseBodyDeadline ¶
DisableResponseBodyDeadline removes a body-read deadline installed by Do when Options.HeaderTimeoutOnly is set. Stream callers use this after classifying a response by headers so a healthy stream is governed by root cancellation, EOF, or explicit stream limits rather than by the header wait timeout.
func Do ¶
func Do(ctx context.Context, method, rawURL string, body io.Reader, opts Options) (*http.Response, error)
Do executes an HTTP request and returns the response. The caller is responsible for closing resp.Body.
func EffectivePort ¶
EffectivePort returns the explicit or scheme-default port used for origin comparison. Unknown schemes without an explicit port have no safe effective port and return ok=false.
func HasCredentialQuery ¶
HasCredentialQuery reports whether u contains query parameters that commonly carry credentials or other secrets.
func IsCredentialHeader ¶
IsCredentialHeader reports whether a header commonly carries credentials or other secrets and should be redacted or stripped at trust boundaries.
func IsCredentialQueryParam ¶
IsCredentialQueryParam reports whether a query parameter commonly carries credentials or other secrets.
func IsMarkedCredentialCookie ¶
IsMarkedCredentialCookie reports whether a cookie was marked as carrying a credential by Restish auth setup.
func IsMarkedCredentialHeader ¶
IsMarkedCredentialHeader reports whether a request header was marked as carrying a credential by Restish auth setup.
func IsMarkedCredentialQueryParam ¶
IsMarkedCredentialQueryParam reports whether a query parameter was marked as carrying a credential by Restish auth setup.
func MarkCredentialCookie ¶
MarkCredentialCookie records that a request cookie receives a credential value from configured auth.
func MarkCredentialHeader ¶
MarkCredentialHeader records that a request header receives a credential value from configured auth, even when the header name is not generally secret.
func MarkCredentialQueryParam ¶
MarkCredentialQueryParam records that a request query parameter receives a credential value from configured auth.
func Normalize ¶
Normalize ensures rawURL has a scheme, expanding convenience shorthand:
- ":<port>/path" → "http://localhost:<port>/path"
- "example.com/items" → "https://example.com/items"
If serverOverride is non-empty (e.g. "https://staging.example.com/v2"), the scheme and host of the resulting URL are replaced with those from serverOverride. A path on the override is prefixed to the request path.
func ParseHeaderOption ¶
ParseHeaderOption parses a CLI/config "Name: Value" header option.
func ParseQueryOption ¶
ParseQueryOption parses a CLI/config "key=value" query option.
func RedactedRequestURI ¶
RedactedRequestURI returns req.URL.RequestURI with generic secrets and auth-marked query credentials redacted.
func RedactedRequestURL ¶
RedactedRequestURL returns req.URL with generic secrets and auth-marked query credentials redacted.
func RedactedURL ¶
RedactedURL returns u as a string with URL userinfo and credential query values replaced by placeholders. Non-sensitive query parameters and URL structure are preserved.
func SameOrigin ¶
SameOrigin reports whether a and b share scheme, hostname, and effective port.
func TLSConfigFromOptions ¶
TLSConfigFromOptions builds a TLS config for the given request options.
func TLSConfigWithCleanupFromOptions ¶
TLSConfigWithCleanupFromOptions builds a TLS config and returns an optional cleanup for plugin-backed client certificate resources.
func TLSVersionFromString ¶
TLSVersionFromString maps CLI values like TLS1.2 and TLS1.3 to crypto/tls constants.
Types ¶
type Options ¶
type Options struct {
// Headers is a list of "Name: Value" header strings to add to the request.
Headers []string
// Query is a list of "key=value" query parameter strings to append.
Query []string
// Server overrides the scheme and host (e.g. "https://staging.example.com").
Server string
// Insecure disables TLS certificate verification.
Insecure bool
// Timeout bounds the full request lifetime, including response body reads.
// Zero means no timeout.
Timeout time.Duration
// HeaderTimeoutOnly treats Timeout as a time-to-first-response deadline.
// Do still installs a body-read deadline by default so bounded callers keep
// whole-request behavior; stream callers can remove it after reading
// response headers with DisableResponseBodyDeadline.
HeaderTimeoutOnly bool
// ClientCertPath is the PEM client certificate path for mTLS.
ClientCertPath string
// ClientKeyPath is the PEM client private key path for mTLS.
ClientKeyPath string
// TLSSignerPath is the executable path of a tls-signer plugin for mTLS.
TLSSignerPath string
// TLSSignerName records the logical signer name before CLI resolution.
TLSSignerName string
// TLSSignerParams holds plugin-specific configuration for the tls-signer.
TLSSignerParams map[string]string
// CACertPath is an optional PEM CA bundle to trust in addition to system roots.
CACertPath string
// TLSMinVersion constrains the minimum TLS version when connecting over HTTPS.
TLSMinVersion uint16
// AcceptHeader, if non-empty, is sent as the Accept request header.
AcceptHeader string
// AcceptEncodingHeader, if non-empty, is sent as the Accept-Encoding header.
AcceptEncodingHeader string
// ContentType overrides the Content-Type header when a body is present.
// If empty and a body is present, the caller is responsible for setting
// the header via Headers.
ContentType string
// PreserveHeaderCase keeps caller-supplied header names in Headers as-is
// instead of using net/http's canonical MIME casing. This is only useful
// for broken HTTP/1.x servers; HTTP/2 lowercases header names by protocol.
PreserveHeaderCase bool
// UserAgent, if non-empty, is sent when the caller has not supplied a
// User-Agent header.
UserAgent string
// OnRequest, if non-nil, is called after all standard headers and query
// params have been applied, immediately before the request is sent.
// Auth handlers use this hook to inject credentials.
OnRequest func(*http.Request) error
// OnResponse, if non-nil, is called with the raw HTTP response before it is
// returned to the caller.
OnResponse func(*http.Response)
// OnBeforeRequest, if non-nil, is called after all headers, query params,
// auth, and request middleware have been applied, immediately before the
// request is sent through the transport.
OnBeforeRequest func(*http.Request)
// after a 401 with freshly acquired credentials.
OnUnauthorized func(*http.Request) error
// CacheDir, if non-empty, enables RFC 7234 response caching in that
// directory. NoCache overrides this and skips the cache entirely.
CacheDir string
// NoCache, when true, bypasses the response cache for this request
// (no read, no write).
NoCache bool
// CacheNamespace partitions cache entries for one API/profile tuple.
// Embedders that set CacheDir and inject auth headers or credential query
// params should set this to a stable value such as "<api>:<profile>" or set
// NoCache for ad hoc credentialed requests.
CacheNamespace string
// CacheMaxBytes is the maximum size of the HTTP response cache in bytes.
// If zero, defaults to cache.DefaultMaxBytes.
CacheMaxBytes int64
// Retry is the maximum number of retry attempts for network errors and
// selected transient HTTP responses. Zero disables retries.
Retry int
// RetryUnsafe allows retrying methods other than GET and HEAD. When false,
// Retry applies only to safe methods.
RetryUnsafe bool
// RetryBaseDelay is the base delay for the first retry backoff interval.
// Defaults to 1 s when zero.
RetryBaseDelay time.Duration
// RetryMaxWait caps server-provided Retry-After/X-Retry-In delays.
// Defaults to DefaultRetryMaxWait when zero.
RetryMaxWait time.Duration
// Logger receives retry progress warnings on stderr-style output.
Logger io.Writer
// WrapTransport, when non-nil, wraps the final transport after TLS, retry,
// and cache layers are applied.
WrapTransport func(http.RoundTripper) http.RoundTripper
// Transport, when passed to BuildTransport, is the underlying transport to
// wrap with TLS/cache/retry behavior. When passed to Do, it is treated as a
// fully built transport and reused as-is. Callers that make multiple
// requests with the same options (e.g. pagination) should pre-build one via
// BuildTransport and set it here so connection pools are reused.
Transport http.RoundTripper
}
Options controls per-request behavior derived from CLI flags.
Source Files