2019-07-10 07:26:04 +00:00
|
|
|
package dynamic
|
2018-11-14 09:18:03 +00:00
|
|
|
|
|
|
|
import (
|
2020-01-08 10:44:04 +00:00
|
|
|
"time"
|
2019-07-01 09:30:05 +00:00
|
|
|
|
2020-08-17 16:04:03 +00:00
|
|
|
ptypes "github.com/traefik/paerser/types"
|
2020-09-16 13:46:04 +00:00
|
|
|
"github.com/traefik/traefik/v2/pkg/ip"
|
2021-10-26 08:54:11 +00:00
|
|
|
"github.com/traefik/traefik/v2/pkg/types"
|
2018-11-14 09:18:03 +00:00
|
|
|
)
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// Middleware holds the Middleware configuration.
|
|
|
|
type Middleware struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
AddPrefix *AddPrefix `json:"addPrefix,omitempty" toml:"addPrefix,omitempty" yaml:"addPrefix,omitempty" export:"true"`
|
|
|
|
StripPrefix *StripPrefix `json:"stripPrefix,omitempty" toml:"stripPrefix,omitempty" yaml:"stripPrefix,omitempty" export:"true"`
|
|
|
|
StripPrefixRegex *StripPrefixRegex `json:"stripPrefixRegex,omitempty" toml:"stripPrefixRegex,omitempty" yaml:"stripPrefixRegex,omitempty" export:"true"`
|
|
|
|
ReplacePath *ReplacePath `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"`
|
|
|
|
ReplacePathRegex *ReplacePathRegex `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"`
|
|
|
|
Chain *Chain `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"`
|
|
|
|
IPWhiteList *IPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"`
|
|
|
|
Headers *Headers `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
|
|
|
|
Errors *ErrorPage `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"`
|
|
|
|
RateLimit *RateLimit `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"`
|
|
|
|
RedirectRegex *RedirectRegex `json:"redirectRegex,omitempty" toml:"redirectRegex,omitempty" yaml:"redirectRegex,omitempty" export:"true"`
|
|
|
|
RedirectScheme *RedirectScheme `json:"redirectScheme,omitempty" toml:"redirectScheme,omitempty" yaml:"redirectScheme,omitempty" export:"true"`
|
|
|
|
BasicAuth *BasicAuth `json:"basicAuth,omitempty" toml:"basicAuth,omitempty" yaml:"basicAuth,omitempty" export:"true"`
|
|
|
|
DigestAuth *DigestAuth `json:"digestAuth,omitempty" toml:"digestAuth,omitempty" yaml:"digestAuth,omitempty" export:"true"`
|
|
|
|
ForwardAuth *ForwardAuth `json:"forwardAuth,omitempty" toml:"forwardAuth,omitempty" yaml:"forwardAuth,omitempty" export:"true"`
|
|
|
|
InFlightReq *InFlightReq `json:"inFlightReq,omitempty" toml:"inFlightReq,omitempty" yaml:"inFlightReq,omitempty" export:"true"`
|
|
|
|
Buffering *Buffering `json:"buffering,omitempty" toml:"buffering,omitempty" yaml:"buffering,omitempty" export:"true"`
|
|
|
|
CircuitBreaker *CircuitBreaker `json:"circuitBreaker,omitempty" toml:"circuitBreaker,omitempty" yaml:"circuitBreaker,omitempty" export:"true"`
|
|
|
|
Compress *Compress `json:"compress,omitempty" toml:"compress,omitempty" yaml:"compress,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
|
|
|
PassTLSClientCert *PassTLSClientCert `json:"passTLSClientCert,omitempty" toml:"passTLSClientCert,omitempty" yaml:"passTLSClientCert,omitempty" export:"true"`
|
|
|
|
Retry *Retry `json:"retry,omitempty" toml:"retry,omitempty" yaml:"retry,omitempty" export:"true"`
|
|
|
|
ContentType *ContentType `json:"contentType,omitempty" toml:"contentType,omitempty" yaml:"contentType,omitempty" export:"true"`
|
|
|
|
|
|
|
|
Plugin map[string]PluginConf `json:"plugin,omitempty" toml:"plugin,omitempty" yaml:"plugin,omitempty" export:"true"`
|
2020-01-21 17:06:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
|
|
|
// ContentType middleware - or rather its unique `autoDetect` option -
|
|
|
|
// specifies whether to let the `Content-Type` header,
|
|
|
|
// if it has not been set by the backend,
|
|
|
|
// be automatically set to a value derived from the contents of the response.
|
|
|
|
// As a proxy, the default behavior should be to leave the header alone,
|
|
|
|
// regardless of what the backend did with it.
|
|
|
|
// However, the historic default was to always auto-detect and set the header if it was nil,
|
|
|
|
// and it is going to be kept that way in order to support users currently relying on it.
|
|
|
|
// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
|
|
|
|
type ContentType struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
AutoDetect bool `json:"autoDetect,omitempty" toml:"autoDetect,omitempty" yaml:"autoDetect,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// AddPrefix holds the AddPrefix configuration.
|
|
|
|
type AddPrefix struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Prefix string `json:"prefix,omitempty" toml:"prefix,omitempty" yaml:"prefix,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// BasicAuth holds the HTTP basic authentication configuration.
|
|
|
|
type BasicAuth struct {
|
2019-07-01 09:30:05 +00:00
|
|
|
Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty"`
|
|
|
|
UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
|
|
|
|
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
|
2020-12-03 14:52:05 +00:00
|
|
|
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
|
2019-07-01 09:30:05 +00:00
|
|
|
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// Buffering holds the request/response buffering configuration.
|
|
|
|
type Buffering struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
MaxRequestBodyBytes int64 `json:"maxRequestBodyBytes,omitempty" toml:"maxRequestBodyBytes,omitempty" yaml:"maxRequestBodyBytes,omitempty" export:"true"`
|
|
|
|
MemRequestBodyBytes int64 `json:"memRequestBodyBytes,omitempty" toml:"memRequestBodyBytes,omitempty" yaml:"memRequestBodyBytes,omitempty" export:"true"`
|
|
|
|
MaxResponseBodyBytes int64 `json:"maxResponseBodyBytes,omitempty" toml:"maxResponseBodyBytes,omitempty" yaml:"maxResponseBodyBytes,omitempty" export:"true"`
|
|
|
|
MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
|
|
|
|
RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2020-05-11 10:06:07 +00:00
|
|
|
// Chain holds a chain of middlewares.
|
2018-11-14 09:18:03 +00:00
|
|
|
type Chain struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// CircuitBreaker holds the circuit breaker configuration.
|
|
|
|
type CircuitBreaker struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// Compress holds the compress configuration.
|
2019-10-31 10:36:05 +00:00
|
|
|
type Compress struct {
|
|
|
|
ExcludedContentTypes []string `json:"excludedContentTypes,omitempty" toml:"excludedContentTypes,omitempty" yaml:"excludedContentTypes,omitempty" export:"true"`
|
|
|
|
}
|
2018-11-14 09:18:03 +00:00
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// DigestAuth holds the Digest HTTP authentication configuration.
|
|
|
|
type DigestAuth struct {
|
2019-07-01 09:30:05 +00:00
|
|
|
Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty"`
|
|
|
|
UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
|
2020-12-03 14:52:05 +00:00
|
|
|
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
|
2019-07-01 09:30:05 +00:00
|
|
|
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
|
|
|
|
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// ErrorPage holds the custom error page configuration.
|
|
|
|
type ErrorPage struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Status []string `json:"status,omitempty" toml:"status,omitempty" yaml:"status,omitempty" export:"true"`
|
|
|
|
Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
|
|
|
|
Query string `json:"query,omitempty" toml:"query,omitempty" yaml:"query,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// ForwardAuth holds the http forward authentication configuration.
|
|
|
|
type ForwardAuth struct {
|
2021-10-26 08:54:11 +00:00
|
|
|
Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
|
|
|
|
TLS *types.ClientTLS `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
|
|
|
|
TrustForwardHeader bool `json:"trustForwardHeader,omitempty" toml:"trustForwardHeader,omitempty" yaml:"trustForwardHeader,omitempty" export:"true"`
|
|
|
|
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
|
|
|
|
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
|
|
|
|
AuthRequestHeaders []string `json:"authRequestHeaders,omitempty" toml:"authRequestHeaders,omitempty" yaml:"authRequestHeaders,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// Headers holds the custom header configuration.
|
|
|
|
type Headers struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
|
|
|
|
CustomResponseHeaders map[string]string `json:"customResponseHeaders,omitempty" toml:"customResponseHeaders,omitempty" yaml:"customResponseHeaders,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
|
2019-04-02 08:40:04 +00:00
|
|
|
// AccessControlAllowCredentials is only valid if true. false is ignored.
|
2020-12-03 14:52:05 +00:00
|
|
|
AccessControlAllowCredentials bool `json:"accessControlAllowCredentials,omitempty" toml:"accessControlAllowCredentials,omitempty" yaml:"accessControlAllowCredentials,omitempty" export:"true"`
|
2019-04-02 08:40:04 +00:00
|
|
|
// AccessControlAllowHeaders must be used in response to a preflight request with Access-Control-Request-Headers set.
|
2020-12-03 14:52:05 +00:00
|
|
|
AccessControlAllowHeaders []string `json:"accessControlAllowHeaders,omitempty" toml:"accessControlAllowHeaders,omitempty" yaml:"accessControlAllowHeaders,omitempty" export:"true"`
|
2019-04-02 08:40:04 +00:00
|
|
|
// AccessControlAllowMethods must be used in response to a preflight request with Access-Control-Request-Method set.
|
2020-12-03 14:52:05 +00:00
|
|
|
AccessControlAllowMethods []string `json:"accessControlAllowMethods,omitempty" toml:"accessControlAllowMethods,omitempty" yaml:"accessControlAllowMethods,omitempty" export:"true"`
|
2020-03-05 07:18:04 +00:00
|
|
|
// AccessControlAllowOriginList is a list of allowable origins. Can also be a wildcard origin "*".
|
|
|
|
AccessControlAllowOriginList []string `json:"accessControlAllowOriginList,omitempty" toml:"accessControlAllowOriginList,omitempty" yaml:"accessControlAllowOriginList,omitempty"`
|
2020-10-29 09:52:03 +00:00
|
|
|
// AccessControlAllowOriginListRegex is a list of allowable origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
|
|
|
|
AccessControlAllowOriginListRegex []string `json:"accessControlAllowOriginListRegex,omitempty" toml:"accessControlAllowOriginListRegex,omitempty" yaml:"accessControlAllowOriginListRegex,omitempty"`
|
2019-04-02 08:40:04 +00:00
|
|
|
// AccessControlExposeHeaders sets valid headers for the response.
|
2020-12-03 14:52:05 +00:00
|
|
|
AccessControlExposeHeaders []string `json:"accessControlExposeHeaders,omitempty" toml:"accessControlExposeHeaders,omitempty" yaml:"accessControlExposeHeaders,omitempty" export:"true"`
|
2019-04-02 08:40:04 +00:00
|
|
|
// AccessControlMaxAge sets the time that a preflight request may be cached.
|
2020-12-03 14:52:05 +00:00
|
|
|
AccessControlMaxAge int64 `json:"accessControlMaxAge,omitempty" toml:"accessControlMaxAge,omitempty" yaml:"accessControlMaxAge,omitempty" export:"true"`
|
2021-05-28 07:24:14 +00:00
|
|
|
// AddVaryHeader controls if the Vary header is automatically added/updated when the AccessControlAllowOriginList is set.
|
2020-12-03 14:52:05 +00:00
|
|
|
AddVaryHeader bool `json:"addVaryHeader,omitempty" toml:"addVaryHeader,omitempty" yaml:"addVaryHeader,omitempty" export:"true"`
|
2019-07-01 09:30:05 +00:00
|
|
|
|
2021-05-28 06:50:09 +00:00
|
|
|
AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
|
|
|
|
HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"`
|
|
|
|
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
|
|
|
|
SSLRedirect bool `json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true"`
|
|
|
|
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
|
|
|
|
SSLTemporaryRedirect bool `json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true"`
|
|
|
|
// Deprecated: use RedirectRegex instead.
|
|
|
|
SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
|
|
|
|
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
|
|
|
|
// Deprecated: use RedirectRegex instead.
|
|
|
|
SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
|
|
|
|
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
|
|
|
|
STSIncludeSubdomains bool `json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true"`
|
|
|
|
STSPreload bool `json:"stsPreload,omitempty" toml:"stsPreload,omitempty" yaml:"stsPreload,omitempty" export:"true"`
|
|
|
|
ForceSTSHeader bool `json:"forceSTSHeader,omitempty" toml:"forceSTSHeader,omitempty" yaml:"forceSTSHeader,omitempty" export:"true"`
|
|
|
|
FrameDeny bool `json:"frameDeny,omitempty" toml:"frameDeny,omitempty" yaml:"frameDeny,omitempty" export:"true"`
|
|
|
|
CustomFrameOptionsValue string `json:"customFrameOptionsValue,omitempty" toml:"customFrameOptionsValue,omitempty" yaml:"customFrameOptionsValue,omitempty"`
|
|
|
|
ContentTypeNosniff bool `json:"contentTypeNosniff,omitempty" toml:"contentTypeNosniff,omitempty" yaml:"contentTypeNosniff,omitempty" export:"true"`
|
|
|
|
BrowserXSSFilter bool `json:"browserXssFilter,omitempty" toml:"browserXssFilter,omitempty" yaml:"browserXssFilter,omitempty" export:"true"`
|
|
|
|
CustomBrowserXSSValue string `json:"customBrowserXSSValue,omitempty" toml:"customBrowserXSSValue,omitempty" yaml:"customBrowserXSSValue,omitempty"`
|
|
|
|
ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty" toml:"contentSecurityPolicy,omitempty" yaml:"contentSecurityPolicy,omitempty"`
|
|
|
|
PublicKey string `json:"publicKey,omitempty" toml:"publicKey,omitempty" yaml:"publicKey,omitempty"`
|
|
|
|
ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
|
2021-06-21 13:16:13 +00:00
|
|
|
// Deprecated: use PermissionsPolicy instead.
|
|
|
|
FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
|
|
|
|
PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"`
|
|
|
|
IsDevelopment bool `json:"isDevelopment,omitempty" toml:"isDevelopment,omitempty" yaml:"isDevelopment,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2020-05-11 10:06:07 +00:00
|
|
|
// HasCustomHeadersDefined checks to see if any of the custom header elements have been set.
|
2018-11-14 09:18:03 +00:00
|
|
|
func (h *Headers) HasCustomHeadersDefined() bool {
|
|
|
|
return h != nil && (len(h.CustomResponseHeaders) != 0 ||
|
|
|
|
len(h.CustomRequestHeaders) != 0)
|
|
|
|
}
|
|
|
|
|
2020-05-11 10:06:07 +00:00
|
|
|
// HasCorsHeadersDefined checks to see if any of the cors header elements have been set.
|
2019-04-02 08:40:04 +00:00
|
|
|
func (h *Headers) HasCorsHeadersDefined() bool {
|
|
|
|
return h != nil && (h.AccessControlAllowCredentials ||
|
|
|
|
len(h.AccessControlAllowHeaders) != 0 ||
|
|
|
|
len(h.AccessControlAllowMethods) != 0 ||
|
2020-03-05 07:18:04 +00:00
|
|
|
len(h.AccessControlAllowOriginList) != 0 ||
|
2020-10-29 09:52:03 +00:00
|
|
|
len(h.AccessControlAllowOriginListRegex) != 0 ||
|
2019-04-02 08:40:04 +00:00
|
|
|
len(h.AccessControlExposeHeaders) != 0 ||
|
|
|
|
h.AccessControlMaxAge != 0 ||
|
|
|
|
h.AddVaryHeader)
|
|
|
|
}
|
|
|
|
|
2020-05-11 10:06:07 +00:00
|
|
|
// HasSecureHeadersDefined checks to see if any of the secure header elements have been set.
|
2018-11-14 09:18:03 +00:00
|
|
|
func (h *Headers) HasSecureHeadersDefined() bool {
|
|
|
|
return h != nil && (len(h.AllowedHosts) != 0 ||
|
|
|
|
len(h.HostsProxyHeaders) != 0 ||
|
|
|
|
h.SSLRedirect ||
|
|
|
|
h.SSLTemporaryRedirect ||
|
|
|
|
h.SSLForceHost ||
|
|
|
|
h.SSLHost != "" ||
|
|
|
|
len(h.SSLProxyHeaders) != 0 ||
|
|
|
|
h.STSSeconds != 0 ||
|
|
|
|
h.STSIncludeSubdomains ||
|
|
|
|
h.STSPreload ||
|
|
|
|
h.ForceSTSHeader ||
|
|
|
|
h.FrameDeny ||
|
|
|
|
h.CustomFrameOptionsValue != "" ||
|
|
|
|
h.ContentTypeNosniff ||
|
|
|
|
h.BrowserXSSFilter ||
|
|
|
|
h.CustomBrowserXSSValue != "" ||
|
|
|
|
h.ContentSecurityPolicy != "" ||
|
|
|
|
h.PublicKey != "" ||
|
|
|
|
h.ReferrerPolicy != "" ||
|
2019-07-29 14:12:05 +00:00
|
|
|
h.FeaturePolicy != "" ||
|
2021-06-21 13:16:13 +00:00
|
|
|
h.PermissionsPolicy != "" ||
|
2018-11-14 09:18:03 +00:00
|
|
|
h.IsDevelopment)
|
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// IPStrategy holds the ip strategy configuration.
|
|
|
|
type IPStrategy struct {
|
2019-07-01 09:30:05 +00:00
|
|
|
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
|
|
|
|
ExcludedIPs []string `json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty"`
|
2019-08-26 10:20:06 +00:00
|
|
|
// TODO(mpl): I think we should make RemoteAddr an explicit field. For one thing, it would yield better documentation.
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-08-26 10:20:06 +00:00
|
|
|
// Get an IP selection strategy.
|
|
|
|
// If nil return the RemoteAddr strategy
|
2021-06-07 15:46:14 +00:00
|
|
|
// else return a strategy based on the configuration using the X-Forwarded-For Header.
|
2020-05-11 10:06:07 +00:00
|
|
|
// Depth override the ExcludedIPs.
|
2018-11-14 09:18:03 +00:00
|
|
|
func (s *IPStrategy) Get() (ip.Strategy, error) {
|
|
|
|
if s == nil {
|
|
|
|
return &ip.RemoteAddrStrategy{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
if s.Depth > 0 {
|
|
|
|
return &ip.DepthStrategy{
|
|
|
|
Depth: s.Depth,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(s.ExcludedIPs) > 0 {
|
|
|
|
checker, err := ip.NewChecker(s.ExcludedIPs)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-06-07 15:46:14 +00:00
|
|
|
return &ip.PoolStrategy{
|
2018-11-14 09:18:03 +00:00
|
|
|
Checker: checker,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return &ip.RemoteAddrStrategy{}, nil
|
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// IPWhiteList holds the ip white list configuration.
|
|
|
|
type IPWhiteList struct {
|
2019-07-01 09:30:05 +00:00
|
|
|
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
|
2020-12-03 14:52:05 +00:00
|
|
|
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2019-08-26 10:20:06 +00:00
|
|
|
// InFlightReq limits the number of requests being processed and served concurrently.
|
|
|
|
type InFlightReq struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
|
|
|
|
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// PassTLSClientCert holds the TLS client cert headers configuration.
|
|
|
|
type PassTLSClientCert struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
|
|
|
|
Info *TLSClientCertificateInfo `json:"info,omitempty" toml:"info,omitempty" yaml:"info,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2019-08-26 10:20:06 +00:00
|
|
|
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
|
|
|
// If none are set, the default is to use the request's remote address field.
|
2020-04-29 16:32:05 +00:00
|
|
|
// All fields are mutually exclusive.
|
2019-08-26 10:20:06 +00:00
|
|
|
type SourceCriterion struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" export:"true"`
|
|
|
|
RequestHeaderName string `json:"requestHeaderName,omitempty" toml:"requestHeaderName,omitempty" yaml:"requestHeaderName,omitempty" export:"true"`
|
|
|
|
RequestHost bool `json:"requestHost,omitempty" toml:"requestHost,omitempty" yaml:"requestHost,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2019-08-26 10:20:06 +00:00
|
|
|
// RateLimit holds the rate limiting configuration for a given router.
|
2018-11-14 09:18:03 +00:00
|
|
|
type RateLimit struct {
|
2020-01-08 10:44:04 +00:00
|
|
|
// Average is the maximum rate, by default in requests/s, allowed for the given source.
|
2019-08-26 10:20:06 +00:00
|
|
|
// It defaults to 0, which means no rate limiting.
|
2020-01-08 10:44:04 +00:00
|
|
|
// The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
|
|
|
|
// one needs to define a Period larger than a second.
|
2020-12-03 14:52:05 +00:00
|
|
|
Average int64 `json:"average,omitempty" toml:"average,omitempty" yaml:"average,omitempty" export:"true"`
|
2020-03-23 12:08:04 +00:00
|
|
|
|
2020-01-08 10:44:04 +00:00
|
|
|
// Period, in combination with Average, defines the actual maximum rate, such as:
|
|
|
|
// r = Average / Period. It defaults to a second.
|
2020-12-03 14:52:05 +00:00
|
|
|
Period ptypes.Duration `json:"period,omitempty" toml:"period,omitempty" yaml:"period,omitempty" export:"true"`
|
2020-03-23 12:08:04 +00:00
|
|
|
|
2019-08-26 10:20:06 +00:00
|
|
|
// Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
|
|
|
|
// It defaults to 1.
|
2020-12-03 14:52:05 +00:00
|
|
|
Burst int64 `json:"burst,omitempty" toml:"burst,omitempty" yaml:"burst,omitempty" export:"true"`
|
2020-03-23 12:08:04 +00:00
|
|
|
|
2020-12-03 14:52:05 +00:00
|
|
|
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-08-26 10:20:06 +00:00
|
|
|
// SetDefaults sets the default values on a RateLimit.
|
2019-01-18 14:18:04 +00:00
|
|
|
func (r *RateLimit) SetDefaults() {
|
2019-08-26 10:20:06 +00:00
|
|
|
r.Burst = 1
|
2020-08-17 16:04:03 +00:00
|
|
|
r.Period = ptypes.Duration(time.Second)
|
2019-01-18 14:18:04 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2019-01-22 07:30:04 +00:00
|
|
|
// RedirectRegex holds the redirection configuration.
|
|
|
|
type RedirectRegex struct {
|
2019-07-01 09:30:05 +00:00
|
|
|
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
|
|
|
|
Replacement string `json:"replacement,omitempty" toml:"replacement,omitempty" yaml:"replacement,omitempty"`
|
2020-12-03 14:52:05 +00:00
|
|
|
Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2019-01-22 07:30:04 +00:00
|
|
|
// RedirectScheme holds the scheme redirection configuration.
|
|
|
|
type RedirectScheme struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
|
|
|
|
Port string `json:"port,omitempty" toml:"port,omitempty" yaml:"port,omitempty" export:"true"`
|
|
|
|
Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
|
2019-01-22 07:30:04 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// ReplacePath holds the ReplacePath configuration.
|
|
|
|
type ReplacePath struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// ReplacePathRegex holds the ReplacePathRegex configuration.
|
|
|
|
type ReplacePathRegex struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
|
|
|
|
Replacement string `json:"replacement,omitempty" toml:"replacement,omitempty" yaml:"replacement,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2019-01-22 07:30:04 +00:00
|
|
|
// Retry holds the retry configuration.
|
2018-11-14 09:18:03 +00:00
|
|
|
type Retry struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
|
|
|
|
InitialInterval ptypes.Duration `json:"initialInterval,omitempty" toml:"initialInterval,omitempty" yaml:"initialInterval,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// StripPrefix holds the StripPrefix configuration.
|
|
|
|
type StripPrefix struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
|
|
|
|
ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated
|
2019-11-14 09:32:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// SetDefaults Default values for a StripPrefix.
|
|
|
|
func (s *StripPrefix) SetDefaults() {
|
|
|
|
s.ForceSlash = true
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// StripPrefixRegex holds the StripPrefixRegex configuration.
|
|
|
|
type StripPrefixRegex struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2019-01-09 10:28:04 +00:00
|
|
|
// TLSClientCertificateInfo holds the client TLS certificate info configuration.
|
|
|
|
type TLSClientCertificateInfo struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
NotAfter bool `json:"notAfter,omitempty" toml:"notAfter,omitempty" yaml:"notAfter,omitempty" export:"true"`
|
|
|
|
NotBefore bool `json:"notBefore,omitempty" toml:"notBefore,omitempty" yaml:"notBefore,omitempty" export:"true"`
|
|
|
|
Sans bool `json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty" export:"true"`
|
2021-10-26 08:54:11 +00:00
|
|
|
Subject *TLSClientCertificateDNInfo `json:"subject,omitempty" toml:"subject,omitempty" yaml:"subject,omitempty" export:"true"`
|
|
|
|
Issuer *TLSClientCertificateDNInfo `json:"issuer,omitempty" toml:"issuer,omitempty" yaml:"issuer,omitempty" export:"true"`
|
2020-12-03 14:52:05 +00:00
|
|
|
SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2021-10-26 08:54:11 +00:00
|
|
|
// TLSClientCertificateDNInfo holds the client TLS certificate distinguished name info configuration.
|
2019-01-09 10:28:04 +00:00
|
|
|
// cf https://tools.ietf.org/html/rfc3739
|
2021-10-26 08:54:11 +00:00
|
|
|
type TLSClientCertificateDNInfo struct {
|
2020-12-03 14:52:05 +00:00
|
|
|
Country bool `json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true"`
|
|
|
|
Province bool `json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true"`
|
|
|
|
Locality bool `json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true"`
|
|
|
|
Organization bool `json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true"`
|
|
|
|
CommonName bool `json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true"`
|
|
|
|
SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
|
|
|
|
DomainComponent bool `json:"domainComponent,omitempty" toml:"domainComponent,omitempty" yaml:"domainComponent,omitempty" export:"true"`
|
2018-11-14 09:18:03 +00:00
|
|
|
}
|
|
|
|
|
2019-03-14 14:56:06 +00:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2020-05-11 10:06:07 +00:00
|
|
|
// Users holds a list of users.
|
2018-11-14 09:18:03 +00:00
|
|
|
type Users []string
|