relayclient

package
v0.0.0-...-db76e96 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package relayclient talks to the relay control plane: it creates a session over REST and dials the runner WebSocket. It carries no terminal IO and knows nothing about the end-to-end keys — the relay is untrusted, so this is deliberately thin.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client targets one relay origin (e.g. https://relay.example.com).

func New

func New(base string, allowInsecure bool) (*Client, error)

New parses the relay base URL. Plain http:// is allowed only to a loopback host (local development); for any other host it requires https unless allowInsecure is set, since the relay delivers executable viewer code and the secret rides in a fragment the browser refuses to use over an insecure non-local context.

func (*Client) CreateSession

func (c *Client) CreateSession(ctx context.Context, id, runnerToken string, ttl time.Duration) (*Session, error)

CreateSession registers the runner-chosen session id + token with the relay, or re-claims them after a node loss. The runner generates both so the SAME session can be re-established on any relay node. Returns the relay's view (the assigned expiry).

func (*Client) DialRunner

func (c *Client) DialRunner(ctx context.Context, id, token string) (*websocket.Conn, error)

DialRunner opens the privileged runner WebSocket. A 401/404 handshake response is returned as *FatalDialError; other failures are transient and worth retrying.

func (*Client) ViewerURL

func (c *Client) ViewerURL(id, secretB64 string, passphrase bool) string

ViewerURL builds the link a browser opens. secretB64 is base64url(S); it goes in the fragment, which never reaches the relay. A passphrase is flagged with ".p" so the viewer knows to prompt for it.

type FatalDialError

type FatalDialError struct {
	Status int
}

FatalDialError marks a handshake rejection the runner should not retry: the session is unknown/expired (404) or the runner token is wrong (401).

func (*FatalDialError) Error

func (e *FatalDialError) Error() string

func (*FatalDialError) NotFound

func (e *FatalDialError) NotFound() bool

NotFound reports whether the relay had no such session (404). Unlike a 401 token rejection, this is recoverable: the runner can re-create the same id+token (e.g. after the relay node was replaced in a deploy) and keep relaying.

type Session

type Session struct {
	ID          string `json:"id"`
	RunnerToken string `json:"runner_token"`
	ExpiresAt   int64  `json:"expires_at"`
}

Session is the relay's response to a create request. It never contains the end-to-end secret — that is generated by the runner and never sent to the relay.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL