README
¶
flysrc-go
flysrc-go is a go module providing support for parsing Fly-Src headers in Fly.io Machines, as described in https://community.fly.io/t/fly-src-authenticating-http-requests-between-fly-apps/20566 and https://community.fly.io/t/more-fly-src-authenticating-http-requests-between-fly-apps/26147.
Example
The following shows how an http server could use the library to get the fly-src information:
type FlySrcServer struct {
parser *flysrc.Parser
}
func (serv *FlySrcServer) handleFlySrc(w http.ResponseWriter, req *http.Request) {
src, err := serv.parser.FromRequest(req)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
fmt.Fprintf(w, "peer: %v\n", req.RemoteAddr)
fmt.Fprintf(w, "fly-src: %v\n", req.Header.Get("fly-src"))
fmt.Fprintf(w, "fly-src-signature: %v\n", req.Header.Get("fly-src-signature"))
fmt.Fprintf(w, "%+v\n", src)
}
func main() {
parser, err := flysrc.New()
if err != nil {
fmt.Printf("cant build flysrc parser: %v\n", err)
return
}
serv := FlySrcServer{parser}
http.HandleFunc("/flysrc", serv.handleFlySrc)
log.Fatal(http.ListenAndServe(":8080", nil))
}
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var WithoutPeerValidation = WithFlyProxyNet(nil)
WithoutPeerValidation disables peer address validation in the parser.
Functions ¶
func WithFlyProxyNet ¶
WithFlyProxyNet specifies the network block that Fly Proxy connections are expected from. If unspecified, the network 172.16.0.0/16 will be used. If set, Fly-Src headers will be rejected unless the peer address is in this netblock. If set to nil, no peer address check is performed during validation.
func WithMaxAge ¶
WithMaxAge sets how old a fly-src timestamp can be before considered invalid.
func WithPubkey ¶
func WithPubkey(key []byte) option
WithPubkey sets the signature verification key for the fly-src parser from a raw key.
func WithPubkeyFile ¶
func WithPubkeyFile(fn string) option
WithPubkeyFile sets the signature verification key for the fly-src parser from a key stored in a file.
func WithPubkeyString ¶
func WithPubkeyString(s string) option
WithPubkeyString sets the signature verification key for the fly-src parser from an encoded key.
Types ¶
type Parser ¶
type Parser struct {
// contains filtered or unexported fields
}
Parser parses fly-src headers. Construct it by calling New(). If no public key is specified, it will be loaded implicitly from "/.fly/fly-src.pub".
func New ¶
New constructs a new Fly-Src parser using the provided options. If no public key is set, it is loaded implicitly from "/.fly/fly-src.pub", which is populated on all Fly Machines.
func (*Parser) FromRequest ¶
FromRequest returns parsed Fly-Src information if it is well formed and validated.
func (*Parser) ValidatePeer ¶
ValidatePeer returns an error if the peer isn't trusted to provide Fly-Src headers.
Source Files