server

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 26, 2026 License: MIT Imports: 23 Imported by: 0

Documentation

Overview

Package server provides the HTTP server and WebSocket handler for ShellGate.

Index

Constants

View Source 
const (
	// MaxMessageSize is the maximum allowed WebSocket message size (64KB).
	MaxMessageSize = 64 * 1024

	// WriteWait is the time allowed to write a message to the peer.
	WriteWait = 10 * time.Second

	// PongWait is the time allowed to read the next pong message from the peer.
	PongWait = 60 * time.Second

	// PingInterval is the interval at which pings are sent. Must be less than PongWait.
	PingInterval = (PongWait * 9) / 10

	// PTYReadBufferSize is the buffer size for reading from PTY.
	PTYReadBufferSize = 4096

	// FlushInterval is the interval for flushing buffered PTY output to WebSocket.
	FlushInterval = 10 * time.Millisecond
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	Host    string
	Port    int
	Shell   string
	Verbose bool

	// Auth
	AuthMode  string // none, token, password, otp
	Token     string
	Password  string
	OTPDir    string
	AllowIP   string
	RateLimit float64
	NoAuthAck bool // --i-know-what-im-doing

	// TLS
	TLSEnabled bool
	TLSConfig  *tls.Config
	AutoCert   *autocert.Manager

	// Session
	MaxSessions int
	Timeout     time.Duration
	IdleTimeout time.Duration

	// Recording
	RecordEnabled bool
	RecordDir     string

	// Sharing
	ShareEnabled    bool
	ShareTTL        time.Duration
	ShareMaxViewers int

	// Dynamic ACL (Phase 9)
	MaxFailedAttempts int
	BanDuration       time.Duration
	GeoIPEnabled      bool
	GeoIPDBPath       string
	AllowedCountries  string
	BlockedCountries  string
	AccessWindowStart string
	AccessWindowEnd   string
	AccessWindowTZ    string

	// Stealth Mode (Phase 10)
	StealthEnabled bool
	RandomPort     bool
	PortRangeMin   int
	PortRangeMax   int
	AutoCloseTTL   time.Duration

	// Telegram (Phase 8)
	TelegramEnabled bool
	TelegramToken   string
	TelegramUserIDs []int64
	ExternalHost    string

	// Audit (Phase 11)
	AuditLogPath   string
	WebhookURL     string
	WebhookEvents  string
	MetricsEnabled bool
}

Config holds the server configuration.

type IPWhitelist 

type IPWhitelist struct {
	// contains filtered or unexported fields
}

IPWhitelist restricts access to the given CIDR ranges.

func NewIPWhitelist 

func NewIPWhitelist(cidrs string) (*IPWhitelist, error)

NewIPWhitelist parses a comma-separated list of CIDR ranges.

func (*IPWhitelist) Middleware 

func (wl *IPWhitelist) Middleware(next http.Handler) http.Handler

Middleware returns an HTTP middleware that enforces the IP whitelist.

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter provides per-IP rate limiting with TTL-based eviction.

func NewRateLimiter 

func NewRateLimiter(requestsPerSecond float64) *RateLimiter

NewRateLimiter creates a new per-IP rate limiter. Entries are evicted after 10 minutes of inactivity.

func (*RateLimiter) Middleware 

func (rl *RateLimiter) Middleware(next http.Handler) http.Handler

Middleware returns an HTTP middleware that enforces rate limits.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server is the main ShellGate HTTP/WebSocket server.

func New 

func New(cfg Config) (*Server, error)

New creates a new Server with the given configuration.

func (*Server) ACL 

func (s *Server) ACL() *acl.DynamicACL

ACL returns the dynamic ACL.

func (*Server) AddWhitelistIP 

func (s *Server) AddWhitelistIP(cidr string) error

AddWhitelistIP adds a CIDR to the dynamic whitelist.

func (*Server) Addr 

func (s *Server) Addr() string

Addr returns the server's listen address.

func (*Server) Auth 

func (s *Server) Auth() auth.Authenticator

Auth returns the configured authenticator.

func (*Server) AutoCertManager 

func (s *Server) AutoCertManager() *autocert.Manager

AutoCertManager returns the autocert manager for HTTP-01 challenge handler, if configured. 

func (s *Server) CreateShareLink(sessionID string) (string, error)

CreateShareLink creates a share link for a session.

func (*Server) GenerateOneTimeToken 

func (s *Server) GenerateOneTimeToken(ttl time.Duration) (string, error)

GenerateOneTimeToken creates a single-use token with the given TTL.

func (*Server) GetPort 

func (s *Server) GetPort() int

GetPort returns the current configured port.

func (*Server) GetStatus 

func (s *Server) GetStatus() ServerStatus

GetStatus returns the current server status.

func (*Server) IsListening 

func (s *Server) IsListening() bool

IsListening returns whether the server is currently accepting connections.

func (*Server) KillSession 

func (s *Server) KillSession(id string) error

KillSession terminates a session by ID.

func (*Server) ListSessions 

func (s *Server) ListSessions() []SessionInfo

ListSessions returns info about all active sessions.

func (*Server) ListenAndServe 

func (s *Server) ListenAndServe() error

ListenAndServe starts the HTTP server (with TLS if configured). This is the traditional blocking method. For stealth mode, use StartListener()/StopListener().

func (*Server) RecordAuthFailure 

func (s *Server) RecordAuthFailure(ip string)

RecordAuthFailure records an auth failure for fail2ban and metrics.

func (*Server) RecordAuthSuccess 

func (s *Server) RecordAuthSuccess(ip string)

RecordAuthSuccess records a successful auth for metrics.

func (*Server) RemoveWhitelistIP 

func (s *Server) RemoveWhitelistIP(cidr string) error

RemoveWhitelistIP removes a CIDR from the dynamic whitelist.

func (*Server) RevokeToken 

func (s *Server) RevokeToken(token string) error

RevokeToken revokes a one-time token.

func (*Server) SetEventHandler 

func (s *Server) SetEventHandler(fn func(event string, detail map[string]string))

SetEventHandler sets the notification callback for server events.

func (*Server) SetPort 

func (s *Server) SetPort(port int)

SetPort updates the server's listening port.

func (*Server) Shutdown 

func (s *Server) Shutdown(ctx context.Context) error

Shutdown gracefully shuts down the server and cleans up sessions.

func (*Server) StartListener 

func (s *Server) StartListener() (string, error)

StartListener creates a net.Listener and starts serving. Non-blocking.

func (*Server) StopListener 

func (s *Server) StopListener() error

StopListener closes the listener and shuts down active sessions.

func (*Server) ToggleRecording 

func (s *Server) ToggleRecording() bool

ToggleRecording toggles session recording on/off.

type ServerStatus 

type ServerStatus struct {
	Listening   bool
	Port        int
	Uptime      time.Duration
	Sessions    int
	TLSEnabled  bool
	RecordingOn bool
	BannedIPs   int
}

ServerStatus holds server status information for the Telegram bot.

type SessionInfo 

type SessionInfo struct {
	ID        string
	ClientIP  string
	Duration  time.Duration
	UserAgent string
}

SessionInfo is a serializable snapshot of session metadata (for bot commands).

type StealthConfig 

type StealthConfig struct {
	RandomPort   bool
	PortRangeMin int
	PortRangeMax int
	AutoCloseTTL time.Duration
}

StealthConfig configures the stealth controller.

type StealthController 

type StealthController struct {
	// contains filtered or unexported fields
}

StealthController manages dynamic port selection and auto-close timers.

func NewStealthController 

func NewStealthController(srv *Server, cfg StealthConfig) *StealthController

NewStealthController creates a new stealth controller for the given server.

func (*StealthController) ActivePort 

func (sc *StealthController) ActivePort() int

ActivePort returns the port the server is currently listening on, or 0 if not listening.

func (*StealthController) Close 

func (sc *StealthController) Close() error

Close stops the listener and cancels any auto-close timer.

func (*StealthController) Open 

func (sc *StealthController) Open(ttl time.Duration) (int, error)

Open starts the listener, optionally on a random port, with an auto-close timer. ttl overrides the default auto-close TTL if > 0.

type WSMessage 

type WSMessage struct {
	Type string `json:"type"`
	Data string `json:"data,omitempty"`
	Cols uint16 `json:"cols,omitempty"`
	Rows uint16 `json:"rows,omitempty"`
}

WSMessage represents a WebSocket message exchanged between client and server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.