headerforward

package

v0.30.0 Latest Latest Go to latest Published: Jun 16, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacklok/toolhive

Links

Documentation ¶

Overview ¶

Package headerforward provides the HTTP round-tripper that injects per-backend forwarded headers (plaintext + secret-resolved) onto outbound requests. It is consumed by both the capability-discovery HTTP client (pkg/vmcp/client) and the per-session HTTP client (pkg/vmcp/session/internal/backend).

Index ¶

func BuildHeaderForwardTripper(ctx context.Context, base http.RoundTripper, cfg *vmcp.HeaderForwardConfig, ...) (http.RoundTripper, error)
func CaptureMiddleware(allow []string) func(http.Handler) http.Handler
func ForwardedHeadersFromContext(ctx context.Context) map[string]string
func WithForwardedHeaders(ctx context.Context, headers map[string]string) context.Context

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BuildHeaderForwardTripper ¶

func BuildHeaderForwardTripper(
	ctx context.Context,
	base http.RoundTripper,
	cfg *vmcp.HeaderForwardConfig,
	provider secrets.Provider,
	backendName string,
) (http.RoundTripper, error)

BuildHeaderForwardTripper constructs a headerForwardRoundTripper for the backend's pre-resolved HeaderForwardConfig. Returns base unchanged when no header injection is configured or the effective header set is empty.

Used by both the vMCP backend client (startup capability discovery) and the per-session backend connector (long-lived MCP traffic). Exported so the session backend in pkg/vmcp/session/internal/backend can share the same transport-chain wiring.

Fails loudly (constructor validation, per go-style.md) when a secret identifier cannot be resolved through the provider, so a misconfigured backend surfaces at pod startup — not as a silent missing-header on every request.

Restricted header names (matching pkg/transport/middleware.RestrictedHeaders) are rejected to prevent Host, Content-Length, Authorization, hop-by-hop, and X-Forwarded-* spoofing via user-supplied config.

func CaptureMiddleware ¶ added in v0.30.0

func CaptureMiddleware(allow []string) func(http.Handler) http.Handler

CaptureMiddleware returns HTTP middleware that copies the allowlisted incoming request headers into the request context (via WithForwardedHeaders) so the per-session backend client can forward them to backends. Header names are matched case-insensitively and stored in canonical form.

The capture is pure plumbing: it does not depend on the request identity and carries the values as an explicit, request-scoped context value rather than on any business-logic type. If allow is empty the function returns a no-op wrapper to avoid allocations on the hot path.

func ForwardedHeadersFromContext ¶ added in v0.30.0

func ForwardedHeadersFromContext(ctx context.Context) map[string]string

ForwardedHeadersFromContext returns the forwarded headers captured for the current request, or nil if none were captured.

func WithForwardedHeaders ¶ added in v0.30.0

func WithForwardedHeaders(ctx context.Context, headers map[string]string) context.Context

WithForwardedHeaders returns a child context carrying the allowlisted forwarded headers (canonical header name → value) for the current request. This is request-scoped plumbing — the headers are read back by the per-session backend client when it builds the outbound transport.

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
wirefmt Package wirefmt is the shared wire-format contract for headerForward data shipped from the operator to the vMCP runtime via pod env vars.	Package wirefmt is the shared wire-format contract for headerForward data shipped from the operator to the vMCP runtime via pod env vars.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL