Movatterモバイル変換

[0]ホーム
URL:

tsweb

package
v1.92.2Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest Published: Dec 10, 2025 License:BSD-3-ClauseImports:34Imported by:37

Details

Repository

github.com/tailscale/tailscale

Links

Documentation

Overview

Package tsweb contains code used in various Tailscale webservers.

Index

Examples

Constants

View Source
const RequestIDHeader = "X-Tailscale-Request-Id"

RequestIDHeader is a custom HTTP header that the WithRequestID middlewareuses to determine whether to re-use a given request ID from the clientor generate a new one.

Variables

View Source
var DevModebool

DevMode controls whether extra output in shown, for when the binary is being run in dev mode.

View Source
var PrometheusHandlerfeature.Hook[func(*DebugHandler)]

PrometheusHandler is an optional hook to enable native Prometheussupport in the debug handler. It is disabled by default. Import thetailscale.com/tsweb/promvarz package to enable this feature.

RequestIDKey stores and loadsRequestID values within acontext.Context.

Functions

funcAcceptsEncodingadded inv1.22.0

func AcceptsEncoding(r *http.Request, encstring)bool

AcceptsEncoding reports whether r accepts the named encoding("gzip", "br", etc).

funcAddBrowserHeadersadded inv1.46.0

func AddBrowserHeaders(whttp.ResponseWriter)

AddBrowserHeaders sets various HTTP security headers for browser-facing endpoints.

The specific headers:

  • require HTTPS access (HSTS)
  • disallow iframe embedding
  • mitigate MIME confusion attacks

These headers are based onhttps://infosec.mozilla.org/guidelines/web_security

funcAllowDebugAccess

func AllowDebugAccess(r *http.Request)bool

AllowDebugAccess reports whether r should be permitted to accessvarious debug endpoints.

funcBrowserHeaderHandleradded inv1.46.0

func BrowserHeaderHandler(hhttp.Handler)http.Handler

BrowserHeaderHandler wraps the provided http.Handler with a call toAddBrowserHeaders.

funcBrowserHeaderHandlerFuncadded inv1.46.0

func BrowserHeaderHandlerFunc(hhttp.HandlerFunc)http.HandlerFunc

BrowserHeaderHandlerFunc wraps the provided http.HandlerFunc with a call toAddBrowserHeaders.

funcCleanRedirectURLadded inv1.60.0

func CleanRedirectURL(urlStrstring, allowedHosts []string) (*url.URL,error)

CleanRedirectURL ensures that urlStr is a valid redirect URL to thecurrent server, or one of allowedHosts. Returns the cleaned URL ora validation error.

funcDefaultCertDir

func DefaultCertDir(leafDirstring)string

funcErrorHandleradded inv1.70.0

func ErrorHandler(hReturnHandler, optsErrorOptions)http.Handler

ErrorHandler converts aReturnHandler into a standardhttp.Handler.Errors are handled as specified by the [ReturnHandler.ServeHTTPReturn] method.When wrapped in aLogHandler, panics are added to theAccessLogRecord;otherwise, panics continue up the stack.

funcIsProd443

func IsProd443(addrstring)bool

IsProd443 reports whether addr is a Go listen address for port 443.

funcLogHandleradded inv1.70.0

func LogHandler(hhttp.Handler, optsLogOptions)http.Handler

LogHandler returns an http.Handler that logs to opts.Logf.It logs both successful and failing requests.The log line includes the first error returned toErrorHandler within.The outer-most LogHandler(LogHandler(...)) does all of the logging.Inner LogHandler instance do nothing.Panics are swallowed and their stack traces are put in the error.

funcNormalizedPathadded inv1.60.0

func NormalizedPath(pstring)string

NormalizedPath returns the given path with the following modifications:

  • any query parameters are removed
  • any path component with a hex string of 9 or more characters isreplaced by an ellipsis
  • any path component containing a period with at least two charactersafter the period (i.e. an email or domain)
  • any path component consisting of a common Tailscale Stable ID
  • any path segment *@passkey.

funcProtected

func Protected(hhttp.Handler)http.Handler

Protected wraps a provided debug handler, h, returning a Handlerthat enforces AllowDebugAccess and returns forbidden replies forunauthorized requests.

funcSetRequestIDadded inv1.56.0

func SetRequestID(hhttp.Handler)http.Handler

SetRequestID is an HTTP middleware that injects a RequestID in the*http.Request Context. The value of that request id is either retrieved fromthe RequestIDHeader or a randomly generated one if not exists. Innerhandlers can retrieve this ID from the RequestIDFromContext function.

funcStdHandleradded inv0.98.0

StdHandler converts a ReturnHandler into a standard http.Handler.Handled requests are logged using opts.Logf, as are any errors.Errors are handled as specified by the ReturnHandler interface.Short-hand for LogHandler(ErrorHandler()).

funcVarzHandleradded inv1.4.0

func VarzHandler(whttp.ResponseWriter, r *http.Request)

VarzHandler writes expvar values as Prometheus metrics.TODO: migrate all users to varz.Handler or promvarz.Handler and remove this.

funcWriteHTTPErroradded inv1.72.0

func WriteHTTPError(whttp.ResponseWriter, r *http.Request, eHTTPError)

WriteHTTPError is the default error response formatter.

Types

typeAccessLogRecordadded inv0.98.0

type AccessLogRecord struct {// Timestamp at which request processing started.Timetime.Time `json:"time"`// Time it took to finish processing the request. It does not// include the entire lifetime of the underlying connection in// cases like connection hijacking, only the lifetime of the HTTP// request handler.Secondsfloat64 `json:"duration,omitempty"`// The client's ip:port.RemoteAddrstring `json:"remote_addr,omitempty"`// The HTTP protocol version, usually "HTTP/1.1 or HTTP/2".Protostring `json:"proto,omitempty"`// Whether the request was received over TLS.TLSbool `json:"tls,omitempty"`// The target hostname in the request.Hoststring `json:"host,omitempty"`// The HTTP method invoked.Methodstring `json:"method,omitempty"`// The unescaped request URI, including query parameters.RequestURIstring `json:"request_uri,omitempty"`// The client's user-agentUserAgentstring `json:"user_agent,omitempty"`// Where the client was before making this request.Refererstring `json:"referer,omitempty"`// The HTTP response code sent to the client.Codeint `json:"code,omitempty"`// Number of bytes sent in response body to client. If the request// was hijacked, only includes bytes sent up to the point of// hijacking.Bytesint `json:"bytes,omitempty"`// Error encountered during request processing.Errstring `json:"err,omitempty"`// RequestID is a unique ID for this request. If the *http.Request context// carries this value via SetRequestID, then it will be displayed to the// client immediately after the error text, as well as logged here. This// makes it easier to correlate support requests with server logs. If a// RequestID generator is not configured, RequestID will be empty.RequestIDRequestID `json:"request_id,omitempty"`}

AccessLogRecord is a record of one HTTP request served.

func (AccessLogRecord)Stringadded inv0.98.0

func (mAccessLogRecord) String()string

String returns m as a JSON string.

typeBucketedStatsOptionsadded inv1.60.0

type BucketedStatsOptions struct {// Bucket returns which bucket the given request is in.// If nil, [NormalizedPath] is used to compute the bucket.Bucket func(req *http.Request)string// If non-nil, Started maintains a counter of all requests which// have begun processing.Started *metrics.LabelMap// If non-nil, Finished maintains a counter of all requests which// have finished processing with success (that is, the HTTP handler has// returned).Finished *metrics.LabelMap}

BucketedStatsOptions describes tsweb handler options surroundingthe generation of metrics, grouped into buckets.

typeDebugHandleradded inv1.10.0

type DebugHandler struct {// contains filtered or unexported fields}

DebugHandler is an http.Handler that serves a debugging "homepage",and provides helpers to register more debug endpoints and reports.

The rendered page consists of three sections: informationalkey/value pairs, links to other pages, and additionalprogram-specific HTML. Callers can add to these sections using theKV, URL and Section helpers respectively.

Additionally, the Handle method offers a shorthand for correctlyregistering debug handlers and cross-linking them from /debug/.

funcDebuggeradded inv1.10.0

func Debugger(mux *http.ServeMux) *DebugHandler

Debugger returns the DebugHandler registered on mux at /debug/,creating it if necessary.

func (*DebugHandler)Handleadded inv1.10.0

func (d *DebugHandler) Handle(slug, descstring, handlerhttp.Handler)

Handle registers handler at /debug/<slug> and adds a link to iton /debug/ with the provided description.

Example
mux := http.NewServeMux()dbg := Debugger(mux)// Registers /debug/flushcache with the given handler, and adds a// link to /debug/ with the description "Flush caches".dbg.Handle("flushcache", "Flush caches", http.HandlerFunc(http.NotFound))

func (*DebugHandler)HandleFuncadded inv1.82.0

func (d *DebugHandler) HandleFunc(slug, descstring, handlerhttp.HandlerFunc)

Handle registers handler at /debug/<slug> and adds a link to iton /debug/ with the provided description.

func (*DebugHandler)HandleSilentadded inv1.50.0

func (d *DebugHandler) HandleSilent(slugstring, handlerhttp.Handler)

HandleSilent registers handler at /debug/<slug>. It does not adda descriptive entry in /debug/ for it. This should be usedsparingly, for things that need to be registered but would pollutethe list of debug links.

func (*DebugHandler)HandleSilentFuncadded inv1.82.0

func (d *DebugHandler) HandleSilentFunc(slugstring, handlerhttp.HandlerFunc)

HandleSilent registers handler at /debug/<slug>. It does not adda descriptive entry in /debug/ for it. This should be usedsparingly, for things that need to be registered but would pollutethe list of debug links.

func (*DebugHandler)KVadded inv1.10.0

func (d *DebugHandler) KV(kstring, vany)

KV adds a key/value list item to /debug/.

Example
mux := http.NewServeMux()dbg := Debugger(mux)// Adds two list items to /debug/, showing that the condition is// red and there are 42 donuts.dbg.KV("Condition", "red")dbg.KV("Donuts", 42)

func (*DebugHandler)KVFuncadded inv1.10.0

func (d *DebugHandler) KVFunc(kstring, v func()any)

KVFunc adds a key/value list item to /debug/. v is called on everyrender of /debug/.

Example
mux := http.NewServeMux()dbg := Debugger(mux)// Adds an count of page renders to /debug/. Note this example// isn't concurrency-safe.views := 0dbg.KVFunc("Debug pageviews", func() any {views = views + 1return views})dbg.KV("Donuts", 42)

func (*DebugHandler)Sectionadded inv1.10.0

func (d *DebugHandler) Section(f func(wio.Writer, r *http.Request))

Section invokes f on every render of /debug/ to add supplementalHTML to the page body.

Example
mux := http.NewServeMux()dbg := Debugger(mux)// Adds a section to /debug/ that dumps the HTTP request of the// visitor.dbg.Section(func(w io.Writer, r *http.Request) {io.WriteString(w, "<h3>Dump of your HTTP request</h3>")fmt.Fprintf(w, "<code>%#v</code>", r)})

func (*DebugHandler)ServeHTTPadded inv1.10.0

func (d *DebugHandler) ServeHTTP(whttp.ResponseWriter, r *http.Request)

ServeHTTP implements http.Handler.

func (*DebugHandler)Titleadded inv1.82.0

func (d *DebugHandler) Title(titlestring)

Title sets the title at the top of the debug page.

func (*DebugHandler)URLadded inv1.10.0

func (d *DebugHandler) URL(url, descstring)

URL adds a URL and description list item to /debug/.

Example
mux := http.NewServeMux()dbg := Debugger(mux)// Links to the Tailscale website from /debug/.dbg.URL("https://www.tailscale.com", "Homepage")

typeErrorHandlerFuncadded inv1.28.0

type ErrorHandlerFunc func(http.ResponseWriter, *http.Request,HTTPError)

ErrorHandlerFunc is called to present a error response.

typeErrorOptionsadded inv1.70.0

type ErrorOptions struct {// Logf is used to record unexpected behaviours when returning HTTPError but// different error codes have already been written to the client.Logflogger.Logf// OnError is called if the handler returned a HTTPError. This// is intended to be used to present pretty error pages if// the user agent is determined to be a browser.OnErrorErrorHandlerFunc}

ErrorOptions are options used byErrorHandler.

typeHTTPErroradded inv0.98.0

type HTTPError struct {Codeint// HTTP response code to send to client; 0 means 500Msgstring// Response body to send to clientErrerror// Detailed error to log on the serverHeaderhttp.Header// Optional set of HTTP headers to set in the response}

HTTPError is an error with embedded HTTP response information.

It is the error type to be (optionally) used by Handler.ServeHTTPReturn.

funcErroradded inv0.98.0

func Error(codeint, msgstring, errerror)HTTPError

Error returns an HTTPError containing the given information.

func (HTTPError)Erroradded inv0.98.0

func (eHTTPError) Error()string

Error implements the error interface.

func (HTTPError)Unwrapadded inv1.32.0

func (eHTTPError) Unwrap()error

typeHandlerOptionsadded inv1.2.1

type HandlerOptions struct {QuietLoggingIfSuccessfulbool// if set, do not log successfully handled HTTP requests (200 and 304 status codes)Logflogger.LogfNow                      func()time.Time// if nil, defaults to time.Now// If non-nil, StatusCodeCounters maintains counters// of status codes for handled responses.// The keys are "1xx", "2xx", "3xx", "4xx", and "5xx".StatusCodeCounters *expvar.Map// If non-nil, StatusCodeCountersFull maintains counters of status// codes for handled responses.// The keys are HTTP numeric response codes e.g. 200, 404, ...StatusCodeCountersFull *expvar.Map// If non-nil, BucketedStats computes and exposes statistics// for each bucket based on the contained parameters.BucketedStats *BucketedStatsOptions// OnStart is called inline before ServeHTTP is called. Optional.OnStartOnStartFunc// OnError is called if the handler returned a HTTPError. This// is intended to be used to present pretty error pages if// the user agent is determined to be a browser.OnErrorErrorHandlerFunc// OnCompletion is called inline when ServeHTTP is finished and gets// useful data that the implementor can use for metrics. Optional.OnCompletionOnCompletionFunc}

HandlerOptions are options used byStdHandler, containing bothLogOptionsused byLogHandler andErrorOptions used byErrorHandler.

typeLogOptionsadded inv1.70.0

type LogOptions struct {// Logf is used to log HTTP requests and responses.Logflogger.Logf// Now is a function giving the current time. Defaults to [time.Now].Now func()time.Time// QuietLogging suppresses all logging of handled HTTP requests, even if// there are errors or status codes considered unsuccessful. Use this option// to add your own logging in OnCompletion.QuietLoggingbool// QuietLoggingIfSuccessful suppresses logging of handled HTTP requests// where the request's response status code is 200 or 304.QuietLoggingIfSuccessfulbool// StatusCodeCounters maintains counters of status code classes.// The keys are "1xx", "2xx", "3xx", "4xx", and "5xx".// If nil, no counting is done.StatusCodeCounters *expvar.Map// StatusCodeCountersFull maintains counters of status codes.// The keys are HTTP numeric response codes e.g. 200, 404, ...// If nil, no counting is done.StatusCodeCountersFull *expvar.Map// BucketedStats computes and exposes statistics for each bucket based on// the contained parameters. If nil, no counting is done.BucketedStats *BucketedStatsOptions// OnStart is called inline before ServeHTTP is called. Optional.OnStartOnStartFunc// OnCompletion is called inline when ServeHTTP is finished and gets// useful data that the implementor can use for metrics. Optional.OnCompletionOnCompletionFunc}

LogOptions are the options used byLogHandler.These options are a subset ofHandlerOptions.

typeMiddlewareadded inv1.56.0

type Middleware func(hhttp.Handler)http.Handler

A Middleware is a function that wraps an http.Handler to extend or modifyits behaviour.

The implementation of the wrapper is responsible for delegating its inputrequest to the underlying handler, if appropriate.

funcMiddlewareStackadded inv1.72.0

func MiddlewareStack(mw ...Middleware)Middleware

MiddlewareStack combines multiple middleware into a single middleware fordecorating ahttp.Handler. The first middleware argument will be the firstto process an incoming request, before passing the request onto subsequentmiddleware and eventually the wrapped handler.

For example:

MiddlewareStack(A, B)(h).ServeHTTP(w, r)

calls in sequence:

   a.ServeHTTP(w, r)-> b.ServeHTTP(w, r)-> h.ServeHTTP(w, r)

(where the lowercase handlers were generated by the uppercase middleware).

Example
// setHeader returns a middleware that sets header k = vs.setHeader := func(k string, vs ...string) Middleware {k = textproto.CanonicalMIMEHeaderKey(k)return func(h http.Handler) http.Handler {return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {w.Header()[k] = vsh.ServeHTTP(w, r)})}}// h is a http.Handler which prints the A, B & C response headers, wrapped// in a few middleware which set those headers.var h http.Handler = MiddlewareStack(setHeader("A", "mw1"),MiddlewareStack(setHeader("A", "mw2.1"),setHeader("B", "mw2.2"),setHeader("C", "mw2.3"),setHeader("C", "mw2.4"),),setHeader("B", "mw3"),)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {fmt.Println("A", w.Header().Get("A"))fmt.Println("B", w.Header().Get("B"))fmt.Println("C", w.Header().Get("C"))}))// Invoke the handler.h.ServeHTTP(httptest.NewRecorder(), httptest.NewRequest("", "/", nil))
Output:A mw2.1B mw3C mw2.4

typeOnCompletionFuncadded inv1.68.0

type OnCompletionFunc func(*http.Request,AccessLogRecord)

OnCompletionFunc is called when ServeHTTP is finished and getsuseful data that the implementor can use for metrics.

typeOnStartFuncadded inv1.70.0

type OnStartFunc func(*http.Request,AccessLogRecord)

OnStartFunc is called before ServeHTTP is called.

typePort80Handler

type Port80Handler struct {Mainhttp.Handler// FQDN is used to redirect incoming requests to https://<FQDN>.// If it is not set, the hostname is calculated from the incoming// request.FQDNstring}

Port80Handler is the handler to be given toautocert.Manager.HTTPHandler. The inner handler is the muxreturned by NewMux containing registered /debug handlers.

func (Port80Handler)ServeHTTP

func (hPort80Handler) ServeHTTP(whttp.ResponseWriter, r *http.Request)

typeRequestIDadded inv1.50.0

type RequestIDstring

RequestID is an opaque identifier for a HTTP request, used to correlateuser-visible errors with backend server logs. The RequestID is typicallythreaded through an HTTP Middleware (WithRequestID) and then can be extractedby HTTP Handlers to include in their logs.

RequestID is an opaque identifier for a HTTP request, used to correlateuser-visible errors with backend server logs. If present in the context, theRequestID will be printed alongside the message text and logged in theAccessLogRecord.

A RequestID has the format "REQ-1{ID}", and the ID should be treated as anopaque string. The current implementation uses a UUID.

funcGenerateRequestIDadded inv1.62.0

func GenerateRequestID()RequestID

GenerateRequestID generates a new request ID with the current format.

funcRequestIDFromContextdeprecatedadded inv1.56.0

func RequestIDFromContext(ctxcontext.Context)RequestID

RequestIDFromContext retrieves the RequestID from context that can be set bythe SetRequestID function.

Deprecated: Use [RequestIDKey.Value] instead.

func (RequestID)Stringadded inv1.62.0

func (rRequestID) String()string

String returns the string format of the request ID, for use in e.g. settingahttp.Header.

typeReturnHandleradded inv0.98.0

type ReturnHandler interface {// ServeHTTPReturn is like http.Handler.ServeHTTP, except that// it can choose to return an error instead of writing to its// http.ResponseWriter.//// If ServeHTTPReturn returns an error, it caller should handle// an error by serving an HTTP 500 response to the user. The// error details should not be sent to the client, as they may// contain sensitive information. If the error is an// HTTPError, though, callers should use the HTTP response// code and message as the response to the client.ServeHTTPReturn(http.ResponseWriter, *http.Request)error}

ReturnHandler is like net/http.Handler, but the handler can return anerror instead of writing to its ResponseWriter.

typeReturnHandlerFuncadded inv0.98.1

type ReturnHandlerFunc func(http.ResponseWriter, *http.Request)error

ReturnHandlerFunc is an adapter to allow the use of ordinaryfunctions as ReturnHandlers. If f is a function with theappropriate signature, ReturnHandlerFunc(f) is a ReturnHandler thatcalls f.

func (ReturnHandlerFunc)ServeHTTPReturnadded inv0.98.1

func (fReturnHandlerFunc) ServeHTTPReturn(whttp.ResponseWriter, r *http.Request)error

ServeHTTPReturn calls f(w, r).

Source Files

View all Source files

Directories

PathSynopsis
Package promvarz combines Prometheus metrics exported by our expvar converter (tsweb/varz) with metrics exported by the official Prometheus client.
Package promvarz combines Prometheus metrics exported by our expvar converter (tsweb/varz) with metrics exported by the official Prometheus client.
Package varz contains code to export metrics in Prometheus format.
Package varz contains code to export metrics in Prometheus format.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f orF : Jump to
y orY : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic.Learn more.
[8]ページ先頭
©2009-2025 Movatter.jp