server

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2026 License: AGPL-3.0 Imports: 43 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DeltaRegister      = walpkg.DeltaRegister
	DeltaDeregister    = walpkg.DeltaDeregister
	DeltaHeartbeat     = walpkg.DeltaHeartbeat
	DeltaTrustAdd      = walpkg.DeltaTrustAdd
	DeltaTrustRevoke   = walpkg.DeltaTrustRevoke
	DeltaVisibility    = walpkg.DeltaVisibility
	DeltaHostname      = walpkg.DeltaHostname
	DeltaTags          = walpkg.DeltaTags
	DeltaNetworkCreate = walpkg.DeltaNetworkCreate
	DeltaNetworkJoin   = walpkg.DeltaNetworkJoin
	DeltaNetworkLeave  = walpkg.DeltaNetworkLeave
	DeltaKeyRotation   = walpkg.DeltaKeyRotation
	DeltaTaskExec      = walpkg.DeltaTaskExec
	DeltaNetworkDelete = walpkg.DeltaNetworkDelete
)

Re-export the delta-type constants so existing server code compiles without qualification changes.

View Source 
const (
	RoleOwner  = membpkg.RoleOwner
	RoleAdmin  = membpkg.RoleAdmin
	RoleMember = membpkg.RoleMember
)
View Source 
const MaxWALSize = walpkg.MaxWALSize

MaxWALSize is the upper bound enforced by WAL.Append. Exposed for tests.

Variables

View Source 
var (
	LoadBlueprint     = wire.LoadBlueprint
	ValidateBlueprint = wire.ValidateBlueprint
)
View Source 
var ErrWALFull = walpkg.ErrWALFull

ErrWALFull is returned by WAL.Append when the size cap is exceeded.

Functions

func RecoveredPanicCount 

func RecoveredPanicCount() uint64

RecoveredPanicCount returns the total number of panics swallowed by recoverHandler since process start. Used by metrics.go for the gauge.

Types

type AuditEntry 

type AuditEntry = auditpkg.Entry

AuditEntry is an alias for audit.Entry, kept here so existing code and tests in package server can reference AuditEntry without import changes.

type BeaconStatsProvider 

type BeaconStatsProvider = dashpkg.BeaconStatsProvider

BeaconStatsProvider is an alias for dashpkg.BeaconStatsProvider (moved in R5.2).

type BlueprintAuditExport 

type BlueprintAuditExport = wire.BlueprintAuditExport

Blueprint types — canonical definitions live in pkg/registry/wire.

type BlueprintIdentityProvider 

type BlueprintIdentityProvider = wire.BlueprintIdentityProvider

Blueprint types — canonical definitions live in pkg/registry/wire.

type BlueprintPolicy 

type BlueprintPolicy = wire.BlueprintPolicy

Blueprint types — canonical definitions live in pkg/registry/wire.

type BlueprintRole 

type BlueprintRole = wire.BlueprintRole

Blueprint types — canonical definitions live in pkg/registry/wire.

type BlueprintWebhooks 

type BlueprintWebhooks = wire.BlueprintWebhooks

Blueprint types — canonical definitions live in pkg/registry/wire.

type DashboardStats 

type DashboardStats = dashpkg.DashboardStats

DashboardStats is an alias for dashpkg.DashboardStats (moved in R5.2).

type DeltaEntry 

type DeltaEntry = walpkg.DeltaEntry

DeltaEntry records a single state mutation for incremental replication. This is an alias for the canonical definition in the wal sub-package (R6.1).

type DeltaType 

type DeltaType = walpkg.DeltaType

DeltaType identifies what kind of mutation a delta represents. This is an alias for the canonical definition in the wal sub-package (R6.1).

type DirectoryEntry 

type DirectoryEntry = replpkg.DirectoryEntry

DirectoryEntry is an alias for replpkg.DirectoryEntry. Kept here so existing server code and any external callers are unchanged.

type DirectorySyncRequest 

type DirectorySyncRequest = replpkg.DirectorySyncRequest

DirectorySyncRequest is an alias for replpkg.DirectorySyncRequest.

type DirectorySyncResult 

type DirectorySyncResult = replpkg.DirectorySyncResult

DirectorySyncResult is an alias for replpkg.DirectorySyncResult.

type Handler 

type Handler func(s *Server, msg map[string]interface{}, remoteAddr string) (map[string]interface{}, error)

Handler is the unified shape of every registry message handler invoked by the dispatch table. Each entry in `handlers` maps a wire `msgType` (e.g. "register", "create_network", ...) to a thin closure that calls the corresponding `s.handleX(...)` method on *Server.

This file is the R3 dispatch layer per architecture-notes/07-REGISTRY-LAYERS.md. Handlers themselves stay defined as methods on *Server (in server.go and related files); this layer only routes msgType -> handler. Tier R0.1 of the registry-server extraction plan: refactor only, zero behavior change.

type HandshakeRelayMsg 

type HandshakeRelayMsg = trustpkg.HandshakeRelayMsg

type HandshakeResponseMsg 

type HandshakeResponseMsg = trustpkg.HandshakeResponseMsg

type KeyInfo 

type KeyInfo = dirpkg.KeyInfo

type NetworkBlueprint 

type NetworkBlueprint = wire.NetworkBlueprint

Blueprint types — canonical definitions live in pkg/registry/wire.

type NetworkInfo 

type NetworkInfo = membpkg.NetworkInfo

type NetworkInvite 

type NetworkInvite = membpkg.NetworkInvite

type NetworkPolicy 

type NetworkPolicy = membpkg.NetworkPolicy

type NetworkSampleEntry 

type NetworkSampleEntry = dashpkg.NetworkSampleEntry

NetworkSampleEntry is an alias for dashpkg.NetworkSampleEntry (moved in R5.2).

type NetworkStats 

type NetworkStats = dashpkg.NetworkStats

NetworkStats is an alias for dashpkg.NetworkStats (moved in R5.2).

type NodeInfo 

type NodeInfo = dirpkg.NodeInfo

type ProbeState 

type ProbeState = dashpkg.ProbeState

ProbeState is an alias for dashboard.ProbeState, kept here so the snapshot struct and tests in package server can reference ProbeState without changes.

type RateLimiter 

type RateLimiter = acceptpkg.RateLimiter

func NewRateLimiter 

func NewRateLimiter(rate int, window time.Duration, maxBuckets int) *RateLimiter

type RegistryWebhookEvent 

type RegistryWebhookEvent = webhookpkg.Event

type ReleaseBanner 

type ReleaseBanner = dashpkg.ReleaseBanner

ReleaseBanner is an alias for dashpkg.ReleaseBanner (R5.2). Kept here so existing code in package server that references ReleaseBanner still compiles.

type Role 

type Role = membpkg.Role

type Server 

type Server struct {
	// contains filtered or unexported fields
}

func New 

func New(beaconAddr string) *Server

func NewWithStore 

func NewWithStore(beaconAddr, storePath string) *Server

func (*Server) AddRequest 

func (s *Server) AddRequest()

AddRequest satisfies accept.Dispatcher. Increments the server-level request counter.

func (*Server) Addr 

func (s *Server) Addr() net.Addr

Addr returns the bound address. Valid only after Ready() fires.

func (*Server) AdminToken 

func (s *Server) AdminToken() string

AdminToken satisfies trustpkg.NodeView. It returns the current global admin token. Safe for concurrent use.

func (*Server) ApplyBlueprint 

func (s *Server) ApplyBlueprint(bp *identpkg.NetworkBlueprint, adminToken string) (*identpkg.ProvisionResult, error)

func (*Server) CheckAdminToken 

func (s *Server) CheckAdminToken(msg map[string]interface{}) error

CheckAdminToken satisfies identpkg.NodeView. Returns nil if the message carries a valid admin token.

func (*Server) Close 

func (s *Server) Close() error

func (*Server) ConnCount 

func (s *Server) ConnCount() int64

ConnCount returns the current number of active connections (for testing).

func (*Server) GetAuditExportConfig 

func (s *Server) GetAuditExportConfig() *identpkg.BlueprintAuditExport

func (*Server) GetDashboardStats 

func (s *Server) GetDashboardStats() DashboardStats

GetDashboardStats returns aggregate statistics for the dashboard.

func (*Server) GetDashboardStatsExtended 

func (s *Server) GetDashboardStatsExtended() DashboardStats

GetDashboardStatsExtended returns dashboard stats including per-network breakdowns. Requires the dashboard token — only called from the token-gated API path.

func (*Server) GetDashboardStatsWithHistory 

func (s *Server) GetDashboardStatsWithHistory() DashboardStats

GetDashboardStatsWithHistory returns aggregate statistics plus history charts. Used on the unauthenticated public endpoint — version distribution is omitted to avoid advertising what clients run.

func (*Server) GetIdentityProviderConfig 

func (s *Server) GetIdentityProviderConfig() *identpkg.BlueprintIdentityProvider

func (*Server) GetIdentityWebhookURL 

func (s *Server) GetIdentityWebhookURL() string

func (*Server) GetPulseSamples 

func (s *Server) GetPulseSamples() []interface{}

GetPulseSamples returns the ordered pulse samples from the dashboard Handler's ring.

func (*Server) HandleBinaryHeartbeat 

func (s *Server) HandleBinaryHeartbeat(conn net.Conn, payload []byte)

HandleBinaryHeartbeat satisfies accept.Dispatcher.

func (*Server) HandleBinaryLookup 

func (s *Server) HandleBinaryLookup(conn net.Conn, payload []byte, host string)

HandleBinaryLookup satisfies accept.Dispatcher.

func (*Server) HandleBinaryResolve 

func (s *Server) HandleBinaryResolve(conn net.Conn, payload []byte, host string)

HandleBinaryResolve satisfies accept.Dispatcher.

func (*Server) HandleMessage 

func (s *Server) HandleMessage(msg map[string]interface{}, remoteAddr string) (map[string]interface{}, error)

HandleMessage satisfies accept.Dispatcher. It dispatches a decoded JSON message and returns the response map.

func (*Server) HandleSubscribeReplication 

func (s *Server) HandleSubscribeReplication(conn net.Conn)

HandleSubscribeReplication satisfies accept.Dispatcher. It takes over the conn for replication streaming.

func (*Server) IsStandby 

func (s *Server) IsStandby() bool

func (*Server) ListenAndServe 

func (s *Server) ListenAndServe(addr string) error

func (*Server) LookupNode 

func (s *Server) LookupNode(id uint32) (pubKey []byte, networks []uint16, ok bool)

func (*Server) LookupNodeFull 

func (s *Server) LookupNodeFull(id uint32) (pubKey []byte, keyMeta identpkg.KeyInfo, networks []uint16, externalID, owner string, ok bool)

LookupNodeFull satisfies identpkg.NodeView. Returns identity-related fields.

func (*Server) LookupNodeKey 

func (s *Server) LookupNodeKey(id uint32) (pubKey []byte, ok bool)

LookupNodeKey satisfies identpkg.NodeView. Returns the current public key.

func (*Server) MaintenanceBanner 

func (s *Server) MaintenanceBanner() string

func (*Server) NodeAddrs 

func (s *Server) NodeAddrs(nodeA, nodeB uint32) (addrA string, okA bool, addrB string, okB bool)

NodeAddrs returns the RealAddr of nodeA and nodeB using shard locks. Implements routing.PunchBackend.

func (*Server) NodeIsEnterprise 

func (s *Server) NodeIsEnterprise(id uint32) bool

NodeIsEnterprise satisfies identpkg.NodeView. Returns true if the node belongs to at least one enterprise network.

func (*Server) NodePubKeyAndAdminToken 

func (s *Server) NodePubKeyAndAdminToken(nodeID uint32) (pubKey []byte, adminToken string, ok bool)

NodePubKeyAndAdminToken returns the public key and admin token for the given node. Implements routing.PunchBackend.

func (*Server) Now 

func (s *Server) Now() time.Time

Now satisfies identpkg.NodeView. Returns the current time via the server-overridable clock (supports testing).

func (*Server) Ready 

func (s *Server) Ready() <-chan struct{}

func (*Server) Reap 

func (s *Server) Reap()

Reap triggers stale node and beacon cleanup (for testing).

func (*Server) ReplicationToken 

func (s *Server) ReplicationToken() string

ReplicationToken satisfies accept.Dispatcher. Returns the current replication auth token; empty string means replication is disabled. Delegated to walStore (R6.1).

func (*Server) RunStandby 

func (s *Server) RunStandby(primaryAddr string)

RunStandby connects to a primary registry and receives replicated snapshots. On each snapshot, the standby updates its own state and persists to storePath. This blocks until the connection is lost, then retries with backoff.

func (*Server) ServeDashboard 

func (s *Server) ServeDashboard(addr string) error

func (*Server) SetAdminToken 

func (s *Server) SetAdminToken(token string)

SetAdminToken sets the token required for network creation. Empty string disables network creation entirely.

func (*Server) SetBannerPath 

func (s *Server) SetBannerPath(path string)

SetBannerPath enables disk persistence for the maintenance banner. If the file exists when called, its content becomes the initial banner value.

func (*Server) SetBeaconStats 

func (s *Server) SetBeaconStats(b BeaconStatsProvider)

SetBeaconStats wires a BeaconStatsProvider into the registry so /api/stats can return relay-forward counts.

func (*Server) SetClock 

func (s *Server) SetClock(fn func() time.Time)

SetClock replaces the time source. Used in tests for deterministic time.

func (*Server) SetDashboardHTTPAddr 

func (s *Server) SetDashboardHTTPAddr(addr string)

func (*Server) SetDashboardToken 

func (s *Server) SetDashboardToken(token string)

SetDashboardToken gates per-network stats on the dashboard. Empty string restricts the dashboard to global aggregates only.

func (*Server) SetIdentityWebhookURL 

func (s *Server) SetIdentityWebhookURL(url string)

SetIdentityWebhookURL sets the webhook URL used to verify identity tokens.

func (*Server) SetMaintenanceBanner 

func (s *Server) SetMaintenanceBanner(msg string)

SetMaintenanceBanner sets a notice rendered on the dashboard. Empty string clears it. If SetBannerPath was called, the value is atomically written to disk so it survives restart.

func (*Server) SetMaxConnections 

func (s *Server) SetMaxConnections(max int64)

SetMaxConnections overrides the default connection limit. Used in tests to prevent port exhaustion.

func (*Server) SetMaxNodes 

func (s *Server) SetMaxNodes(n int)

SetMaxNodes caps the number of registered nodes. Zero means unlimited.

func (*Server) SetReplicationToken 

func (s *Server) SetReplicationToken(token string)

SetReplicationToken sets the bearer token required for subscribe_replication. Empty string disables replication subscription entirely.

func (*Server) SetStaleNodeThreshold 

func (s *Server) SetStaleNodeThreshold(d time.Duration)

SetStaleNodeThreshold updates the threshold. Zero or negative values are ignored to prevent accidentally disabling staleness detection. Intended for one-time configuration at startup; safe to call concurrently with readers.

func (*Server) SetStandby 

func (s *Server) SetStandby(primary string)

SetStandby puts the server into standby mode: write operations are rejected and state is received from the given primary.

func (*Server) SetTLS 

func (s *Server) SetTLS(certFile, keyFile string) error

SetTLS enables TLS. Empty certFile triggers automatic self-signed certificate generation.

func (*Server) SetWebhookRetryBackoff 

func (s *Server) SetWebhookRetryBackoff(d time.Duration)

SetWebhookRetryBackoff sets the initial backoff for webhook retries. Tests set a short value to avoid waiting on retry exhaustion.

func (*Server) SetWebhookURL 

func (s *Server) SetWebhookURL(url string)

SetWebhookURL sets the endpoint for audit event POSTs. Empty string disables dispatching.

func (*Server) ShouldLog 

func (s *Server) ShouldLog(key string) (bool, int64)

ShouldLog delegates log-sampling to s.accept. Returns true if this occurrence of key should be logged, plus the suppressed count.

func (*Server) StaleNodeThreshold 

func (s *Server) StaleNodeThreshold() time.Duration

StaleNodeThreshold returns the current configured stale-node threshold. Hot path on online-count read sites; uses an atomic load.

func (*Server) SyncTimestamp 

func (s *Server) SyncTimestamp(netID uint16) time.Time

SyncTimestamp returns the last directory sync time for a network.

func (*Server) TriggerSnapshot 

func (s *Server) TriggerSnapshot() error

TriggerSnapshot manually triggers a snapshot save. This is useful for testing and for ensuring data is persisted before shutdown. Returns an error if the save fails, or nil if there's no storePath configured. TriggerSnapshot manually triggers a snapshot save. Delegated to walStore (R6.1).

func (*Server) UpdateNodeExternalID 

func (s *Server) UpdateNodeExternalID(id uint32, externalID string) (oldID string, ok bool)

UpdateNodeExternalID satisfies identpkg.NodeView. Sets the external identity.

func (*Server) UpdateNodeKey 

func (s *Server) UpdateNodeKey(id uint32, expectedPubKey, newPubKey []byte, rotatedAt time.Time) (oldPubKeyB64 string, err error)

UpdateNodeKey satisfies identpkg.NodeView. Atomically swaps the public key if it still matches expectedPubKey (stale-check). Returns the old pubkey (base64-encoded) on success.

func (*Server) UpdateNodeKeyExpiry 

func (s *Server) UpdateNodeKeyExpiry(id uint32, expiresAt time.Time) (oldExpiry time.Time, ok bool)

UpdateNodeKeyExpiry satisfies identpkg.NodeView. Sets/clears key expiry.

func (*Server) VerifyHeartbeatSignature 

func (s *Server) VerifyHeartbeatSignature(pubKey []byte, adminToken string, msg map[string]interface{}, challenge string) error

VerifyHeartbeatSignature satisfies identpkg.NodeView. It delegates to the existing server-internal signature-verification helper.

func (*Server) VerifyPunchSignature 

func (s *Server) VerifyPunchSignature(pubKey []byte, adminToken string, msg map[string]interface{}, challenge string) error

VerifyPunchSignature verifies the Ed25519 (or admin-token fallback) signature on a punch message. Implements routing.PunchBackend.

type StatsSample 

type StatsSample = dashpkg.StatsSample

StatsSample is an alias for dashpkg.StatsSample (moved in R5.2).

type WAL 

type WAL = walpkg.WAL

WAL is an alias for the WAL type in the wal sub-package.

func NewWAL 

func NewWAL(path string) (*WAL, error)

NewWAL opens or creates a WAL file at the given path.

Source Files

View all Source files

Directories

Path Synopsis
Package accept contains the TCP accept layer for the registry server: connection handling, TLS configuration, rate limiting, log sampling, and panic recovery.
 Package accept contains the TCP accept layer for the registry server: connection handling, TLS configuration, rate limiting, log sampling, and panic recovery.
Package api defines the read-only view contracts that observability (R7 — dashboard, metrics, audit, webhook) and auth gates (R4) consume from the registry's R5 state stores (directory, membership, trust, policy, identity).
 Package api defines the read-only view contracts that observability (R7 — dashboard, metrics, audit, webhook) and auth gates (R4) consume from the registry's R5 state stores (directory, membership, trust, policy, identity).
Package audit manages the registry audit log ring buffer and optional external export (Splunk HEC, syslog/CEF, plain JSON).
 Package audit manages the registry audit log ring buffer and optional external export (Splunk HEC, syslog/CEF, plain JSON).
Package authz provides authorization and signature-verification helpers for the registry server (R3.1 of the registry decomposition plan).
 Package authz provides authorization and signature-verification helpers for the registry server (R3.1 of the registry decomposition plan).
Package dashboard implements the HTTP dashboard server, probe loop, and pulse-sample ring for the Pilot Protocol registry.
 Package dashboard implements the HTTP dashboard server, probe loop, and pulse-sample ring for the Pilot Protocol registry.
Package directory implements the registry's node directory: registration, lookup, resolve, deregister, heartbeat, list-nodes, hostname/tag/visibility management, and the stale-node reaper.
 Package directory implements the registry's node directory: registration, lookup, resolve, deregister, heartbeat, list-nodes, hostname/tag/visibility management, and the stale-node reaper.
Package events provides an in-process publish/subscribe event bus for the registry server's internal layers (R2-R7) to communicate without importing each other.
 Package events provides an in-process publish/subscribe event bus for the registry server's internal layers (R2-R7) to communicate without importing each other.
Package identity implements the registry's identity, key-lifecycle, and identity-provider handlers.
 Package identity implements the registry's identity, key-lifecycle, and identity-provider handlers.
Package membership implements the registry's network membership handlers: create, delete, rename, join, leave, invite, kick, promote, demote, transfer-ownership, role query, member-tags, task-exec, and list-networks.
 Package membership implements the registry's network membership handlers: create, delete, rename, join, leave, invite, kick, promote, demote, transfer-ownership, role query, member-tags, task-exec, and list-networks.
Package metrics provides the lightweight Prometheus text-format metrics types and the Store that aggregates them for the registry server.
 Package metrics provides the lightweight Prometheus text-format metrics types and the Store that aggregates them for the registry server.
Package policy implements the registry's network-policy and expression-policy handlers.
 Package policy implements the registry's network-policy and expression-policy handlers.
Package replication provides the push-based replication manager for the registry server and directory-sync support types.
 Package replication provides the push-based replication manager for the registry server and directory-sync support types.
Package routing implements the beacon-registration and NAT punch-coordination handlers extracted from the registry server (R1.4 decomposition).
 Package routing implements the beacon-registration and NAT punch-coordination handlers extracted from the registry server (R1.4 decomposition).
Package trust implements the registry's trust-pair and handshake-relay store.
 Package trust implements the registry's trust-pair and handshake-relay store.
Package wal implements the write-ahead log (WAL) and persistence lifecycle for the registry server.
 Package wal implements the write-ahead log (WAL) and persistence lifecycle for the registry server.
Package webhook provides the audit-event webhook dispatcher for the registry server.
 Package webhook provides the audit-event webhook dispatcher for the registry server.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.