Skip to content

kloudkit/looking-glass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
.github/workflows
.github/workflows
Β 
Β 
internals/reflect
internals/reflect
Β 
Β 
.editorconfig
.editorconfig
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.pre-commit-config.yaml
.pre-commit-config.yaml
Β 
Β 
CHANGELOG.md
CHANGELOG.md
Β 
Β 
Dockerfile
Dockerfile
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 
main.go
main.go
Β 
Β 
renovate.json
renovate.json
Β 
Β 

Repository files navigation

Kloud β€’ Looking Glass

πŸ”Ž Drop-in HTTP request reflector β€” see exactly what is hitting your service

Stars Docker Build License

# TL;DR  πŸ”Ž run the reflector on :8080
docker run --rm -p 8080:8080 ghcr.io/kloudkit/looking-glass:latest

Then point anything at it β€” every method, every path is answered with the full request it received (method, URL, query, headers, client address, body).

The HTTP response is json by default and html on demand, selected by a dedicated header so it never collides with the request's own Accept β€” or by a ?format= query param so it works straight from a browser address bar:

# JSON (default)
curl -X POST 'localhost:8080/api/users?page=2' -d '{"name":"ada"}'

# HTML via header
curl 'localhost:8080/api/users?page=2' -H 'X-Glass-Format: html'
# HTML in a browser β€” just add ?format=html to the URL
http://localhost:8080/api/users?page=2&format=html

Meanwhile the container logs stay a concise, colored activity stream β€” one line per request (time, client, method, path, response format, body size), never the request contents:

docker logs -f <container>
# 2026/06/10 12:00:00 10.0.0.1:54321  POST  /api/users?page=2  β†’  json  14b

What's Inside

  • Wildcard everything β€” every HTTP method on every path returns 200 with the full request reflected back.
  • Two response formats β€” json (default) or html, chosen with the X-Glass-Format header (never the request's Accept).
  • Colored activity log β€” stdout gets one readable line per request (time, client, method, path, format, size), so docker logs stays a clean access stream and request contents never leak into the logs.
  • Safe HTML β€” reflected values are escaped, so a malicious body can't execute in the browser; the logged path is stripped of control characters.
  • Bounded β€” request bodies are capped (default 1 MiB) so a stray upload can't take the box down; truncation is shown in every rendering.
  • Tiny image β€” a single static Go binary on a shell-less, non-root distroless base.

Configuration

Variable Default Description
PORT 8080 Port to listen on.
MAX_BODY_BYTES 1048576 Max body bytes reflected before cut-off.
Selector Values Effect
X-Glass-Format header json / html Response format. Takes precedence.
?format= query param json / html Browser-friendly fallback. Defaults json.

Getting Started

Run it straight from source while iterating locally:

go run .
# in another shell
curl -X DELETE 'localhost:8080/anything/here'

Or build the image yourself:

docker build -t looking-glass .
docker run --rm -p 8080:8080 looking-glass

πŸ’‘ The final image is distroless and shell-less. Swap the final stage for scratch to shave it further, or for ghcr.io/kloudkit/base-image if you want a shell to exec into.

License

Released under the MIT License

About

πŸ”Ž Drop-in HTTP request reflector β€” see exactly what is hitting your service

Topics

container echo-server debugging-tool http-debugging

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Packages

 
 
 

Contributors

Languages