Smokescreen

Smokescreen is a HTTP CONNECT proxy. It proxies most traffic from Stripe to the external world (e.g., webhooks).

Smokescreen restricts which URLs it connects to: it resolves each domain name that is requested and ensures that it is a publicly routable IP and not a Stripe-internal IP. This prevents a class of attacks where, for instance, our own webhooks infrastructure is used to scan Stripe's internal network.

Smokescreen also allows us to centralize egress from Stripe, allowing us to give financial partners stable egress IP addresses and abstracting away the details of which Stripe service is making the request.

Dependencies

Smokescreen uses dep to manage dependencies. The repo contains documentation, but some useful commands are reproduced below:

Installing or updating dep: go get -u github.com/golang/dep/cmd/dep (ensure $GOPATH/bin is in your $PATH)
Adding a dependency: dep ensure
Updating a dependency: dep ensure -update

Smokescreen uses a custom fork of goproxy to avoid problems with keepalive connections present under newer versions of the upstream project.

Contributors

Evan Broder
Andrew Dunham
Andreas Fuchs
Carl Jackson
Aditya Mukerjee

Failed to load latest commit information.
vendor	Pin to stripe/goproxy#1	Oct 11, 2017
.gitignore	Add Vim swap files to .gitignore	Oct 2, 2017
.travis.yml	Support only 1.6 and 1.9	Oct 11, 2017
Gopkg.lock	Pin to stripe/goproxy#1	Oct 11, 2017
Gopkg.toml	Add comment explaining goproxy version	Oct 11, 2017
LICENSE.txt	Initial commit	Jul 1, 2016
README.md	Add dep usage instructions to README	Oct 11, 2017
healthcheck.go	Initial commit	Jul 1, 2016
smokescreen.go	Switch from gopkg.in import to github import for goproxy	Oct 2, 2017
smokescreen_test.go	Hide 'X-Smokescreen-Error' header in responses from upstream	May 3, 2017

stripe/smokescreen

Join GitHub today

Clone with HTTPS

README.md

Smokescreen

Dependencies

Contributors