-
Notifications
You must be signed in to change notification settings - Fork 61
/
http.go
176 lines (144 loc) · 4.47 KB
/
http.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
package config
import (
"crypto/x509"
"net/http"
"net/url"
"golang.ngrok.com/ngrok/internal/pb"
"golang.ngrok.com/ngrok/internal/tunnel/proto"
)
type HTTPEndpointOption interface {
ApplyHTTP(cfg *httpOptions)
}
type httpOptionFunc func(cfg *httpOptions)
func (of httpOptionFunc) ApplyHTTP(cfg *httpOptions) {
of(cfg)
}
// HTTPEndpoint constructs a new set options for a HTTP endpoint.
//
// https://ngrok.com/docs/http/
func HTTPEndpoint(opts ...HTTPEndpointOption) Tunnel {
cfg := httpOptions{}
for _, opt := range opts {
opt.ApplyHTTP(&cfg)
}
return &cfg
}
type httpOptions struct {
// Common tunnel configuration options.
commonOpts
// The scheme that this edge should use.
// Defaults to [SchemeHTTPS].
Scheme Scheme
// The fqdn to request for this edge
Domain string
// Note: these are "the old way", and shouldn't actually be used. Their
// setters are both deprecated.
Hostname string
Subdomain string
// If non-nil, start a goroutine which runs this http server
// accepting connections from the http tunnel
// Deprecated: Pass HTTP server refs via session.ListenAndServeHTTP instead.
httpServer *http.Server
// Certificates to use for client authentication at the ngrok edge.
MutualTLSCA []*x509.Certificate
// Enable gzip compression for HTTP responses.
Compression bool
// Convert incoming websocket connections to TCP-like streams.
WebsocketTCPConversion bool
// Reject requests when 5XX responses exceed this ratio.
// Disabled when 0.
CircuitBreaker float64
// Headers to be added to or removed from all requests at the ngrok edge.
RequestHeaders *headers
// Headers to be added to or removed from all responses at the ngrok edge.
ResponseHeaders *headers
// Auto-rewrite host header on ListenAndForward?
RewriteHostHeader bool
// Credentials for basic authentication.
// If empty, basic authentication is disabled.
BasicAuth []basicAuth
// OAuth configuration.
// If nil, OAuth is disabled.
OAuth *oauthOptions
// OIDC configuration.
// If nil, OIDC is disabled.
OIDC *oidcOptions
// WebhookVerification configuration.
// If nil, WebhookVerification is disabled.
WebhookVerification *webhookVerification
// UserAgentFilter configuration
// If nil, UserAgentFilter is disabled
UserAgentFilter *userAgentFilter
}
func (cfg *httpOptions) toProtoConfig() *proto.HTTPEndpoint {
opts := &proto.HTTPEndpoint{
Domain: cfg.Domain,
Hostname: cfg.Hostname,
Subdomain: cfg.Subdomain,
}
if cfg.Compression {
opts.Compression = &pb.MiddlewareConfiguration_Compression{}
}
if cfg.WebsocketTCPConversion {
opts.WebsocketTCPConverter = &pb.MiddlewareConfiguration_WebsocketTCPConverter{}
}
if cfg.CircuitBreaker != 0 {
opts.CircuitBreaker = &pb.MiddlewareConfiguration_CircuitBreaker{
ErrorThreshold: cfg.CircuitBreaker,
}
}
opts.MutualTLSCA = mutualTLSEndpointOption(cfg.MutualTLSCA).toProtoConfig()
opts.ProxyProto = proto.ProxyProto(cfg.commonOpts.ProxyProto)
opts.RequestHeaders = cfg.RequestHeaders.toProtoConfig()
opts.ResponseHeaders = cfg.ResponseHeaders.toProtoConfig()
if len(cfg.BasicAuth) > 0 {
opts.BasicAuth = &pb.MiddlewareConfiguration_BasicAuth{}
for _, c := range cfg.BasicAuth {
opts.BasicAuth.Credentials = append(opts.BasicAuth.Credentials, c.toProtoConfig())
}
}
opts.OAuth = cfg.OAuth.toProtoConfig()
opts.OIDC = cfg.OIDC.toProtoConfig()
opts.WebhookVerification = cfg.WebhookVerification.toProtoConfig()
opts.IPRestriction = cfg.commonOpts.CIDRRestrictions.toProtoConfig()
opts.UserAgentFilter = cfg.UserAgentFilter.toProtoConfig()
opts.Policy = cfg.Policy.toProtoConfig()
return opts
}
func (cfg httpOptions) ForwardsProto() string {
return cfg.commonOpts.ForwardsProto
}
func (cfg httpOptions) ForwardsTo() string {
return cfg.commonOpts.getForwardsTo()
}
func (cfg *httpOptions) WithForwardsTo(url *url.URL) {
cfg.commonOpts.ForwardsTo = url.Host
if cfg.RewriteHostHeader {
WithRequestHeader("host", url.Host).ApplyHTTP(cfg)
}
}
func (cfg httpOptions) Extra() proto.BindExtra {
return proto.BindExtra{
Metadata: cfg.Metadata,
}
}
func (cfg httpOptions) Proto() string {
if cfg.Scheme == "" {
return string(SchemeHTTPS)
}
return string(cfg.Scheme)
}
func (cfg httpOptions) Opts() any {
return cfg.toProtoConfig()
}
func (cfg httpOptions) Labels() map[string]string {
return nil
}
func (cfg httpOptions) HTTPServer() *http.Server {
return cfg.httpServer
}
// compile-time check that we're implementing the proper interfaces.
var _ interface {
tunnelConfigPrivate
Tunnel
} = (*httpOptions)(nil)