server

package
v0.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 11, 2026 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AdminAPI 

type AdminAPI struct {
	// contains filtered or unexported fields
}

AdminAPI provides the RESTful management API.

func NewAdminAPI 

func NewAdminAPI(server *Server) *AdminAPI

NewAdminAPI creates a new admin API handler.

func (*AdminAPI) Handler 

func (a *AdminAPI) Handler() http.Handler

Handler returns the http.Handler for the admin API.

type ClientInfo 

type ClientInfo struct {
	ID         string       `json:"id"`
	Subdomain  string       `json:"subdomain"`
	RemoteAddr string       `json:"remote_addr"`
	CreatedAt  time.Time    `json:"created_at"`
	LastSeen   time.Time    `json:"last_seen"`
	BytesIn    uint64       `json:"bytes_in"`
	BytesOut   uint64       `json:"bytes_out"`
	Tunnels    []TunnelJSON `json:"tunnels"`
}

ClientInfo is the per-client info returned by the API.

type ClientSession 

type ClientSession struct {
	ID        string
	Subdomain string
	Mux       *tunnel.Mux
	Tunnels   []*TunnelInfo
	CreatedAt time.Time
	LastSeen  time.Time
	BytesIn   uint64
	BytesOut  uint64

	// Authentication info.
	TeamName string
	Role     auth.Role

	// P2P info.
	P2PPublicAddr string
	P2PNATType    string
	P2PLocalAddr  string
	P2PPublicKey  string // ECDH public key (base64-encoded) for E2E encryption.
	// contains filtered or unexported fields
}

ClientSession represents a connected client.

type Config 

type Config struct {
	// ListenAddr is the address to listen on for client connections.
	ListenAddr string

	// HTTPAddr is the address to listen on for HTTP traffic.
	HTTPAddr string

	// AdminAddr is the address to listen on for the admin API.
	AdminAddr string

	// Domain is the base domain for tunnel URLs.
	Domain string

	// TLSEnabled enables TLS for client connections.
	TLSEnabled bool

	// TLSCertFile is the path to the TLS certificate.
	TLSCertFile string

	// TLSKeyFile is the path to the TLS private key.
	TLSKeyFile string

	// AutoTLS enables automatic TLS certificate via Let's Encrypt.
	AutoTLS bool

	// AutoTLSEmail is the email for Let's Encrypt registration.
	AutoTLSEmail string

	// TunnelTLSEnabled enables TLS for the tunnel control listener.
	// When true, the tunnel listener is also wrapped with TLS.
	// Defaults to the value of TLSEnabled if not explicitly set.
	TunnelTLSEnabled bool

	// TCPPortRange is the range of ports for TCP tunnels.
	TCPPortRangeStart int
	TCPPortRangeEnd   int

	// MuxConfig is the multiplexer configuration.
	MuxConfig tunnel.MuxConfig

	// ReadTimeout is the read timeout for connections.
	ReadTimeout time.Duration

	// WriteTimeout is the write timeout for connections.
	WriteTimeout time.Duration

	// IdleTimeout is the idle timeout for connections.
	IdleTimeout time.Duration

	// MaxClients is the maximum number of concurrent clients.
	// 0 means unlimited.
	MaxClients int

	// MaxTunnelsPerClient is the maximum number of tunnels a single client can register.
	// 0 means unlimited.
	MaxTunnelsPerClient int

	// RequireAuth requires authentication for connections.
	RequireAuth bool

	// AuthTokens is a list of valid authentication tokens (simple mode).
	AuthTokens []string

	// AuthSecret is the HMAC secret for signed token mode.
	// Must be at least 16 bytes. If empty, only simple token mode is available.
	AuthSecret string

	// AuthTimeout is the timeout for the authentication handshake.
	AuthTimeout time.Duration

	// AdminToken is the token required to access the admin API.
	// If empty, the admin API requires no authentication.
	AdminToken string

	// RateLimitEnabled enables authentication failure rate limiting.
	RateLimitEnabled bool

	// RateLimitMaxFailures is the max failures before blocking an IP.
	RateLimitMaxFailures int

	// RateLimitWindow is the time window for counting failures.
	RateLimitWindow time.Duration

	// RateLimitBlockDuration is how long to block after exceeding failures.
	RateLimitBlockDuration time.Duration

	// Persistence configures the storage backend for auth data.
	// Options: "memory" (default), "sqlite"
	Persistence PersistenceType

	// PersistencePath is the path to the SQLite database file.
	// Only used when Persistence is "sqlite".
	// If empty, defaults to ~/.wormhole/wormhole.db
	PersistencePath string
}

Config holds the server configuration.

func DefaultConfig 

func DefaultConfig() Config

DefaultConfig returns the default server configuration.

type CreateTeamRequest 

type CreateTeamRequest struct {
	Name string `json:"name"`
}

CreateTeamRequest is the request body for creating a team.

type ErrorResponse 

type ErrorResponse struct {
	Error string `json:"error"`
}

ErrorResponse is the standard error response for the admin API.

type GenerateTokenRequest 

type GenerateTokenRequest struct {
	Team string `json:"team"`
	Role string `json:"role"`
}

GenerateTokenRequest is the request body for token generation.

type GenerateTokenResponse 

type GenerateTokenResponse struct {
	Token   string `json:"token"`
	Team    string `json:"team"`
	Role    string `json:"role"`
	Expires string `json:"expires,omitempty"`
}

GenerateTokenResponse is the response for token generation.

type HTTPHandler 

type HTTPHandler struct {
	// contains filtered or unexported fields
}

HTTPHandler handles incoming HTTP requests and routes them through tunnels.

func NewHTTPHandler 

func NewHTTPHandler(router *Router, server *Server) *HTTPHandler

NewHTTPHandler creates a new HTTP handler.

func (*HTTPHandler) ServeHTTP 

func (h *HTTPHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP implements http.Handler.

type HealthResponse 

type HealthResponse struct {
	Status  string `json:"status"`
	Version string `json:"version,omitempty"`
	Uptime  string `json:"uptime"`
}

HealthResponse is the response for the health endpoint.

type PersistenceType 

type PersistenceType string

PersistenceType represents the storage backend type. 

const (
	// PersistenceMemory uses in-memory storage (no persistence).
	PersistenceMemory PersistenceType = "memory"
	// PersistenceSQLite uses SQLite for persistent storage.
	PersistenceSQLite PersistenceType = "sqlite"
)

type RateLimitResponse 

type RateLimitResponse struct {
	Enabled    bool     `json:"enabled"`
	TrackedIPs int      `json:"tracked_ips"`
	BlockedIPs []string `json:"blocked_ips"`
}

RateLimitResponse is the response for the rate limit status endpoint.

type RefreshTokenRequest 

type RefreshTokenRequest struct {
	Token     string `json:"token"`
	RevokeOld bool   `json:"revoke_old"`
	ExtendBy  string `json:"extend_by,omitempty"`
}

type RevokeTeamTokensRequest added in v0.3.0 

type RevokeTeamTokensRequest struct {
	Team string `json:"team"`
}

RevokeTeamTokensRequest is the request body for team-level token revocation.

type RevokeTokenRequest 

type RevokeTokenRequest struct {
	Token   string `json:"token,omitempty"`
	TokenID string `json:"token_id,omitempty"`
}

RevokeTokenRequest is the request body for token revocation.

type Router 

type Router struct {
	// contains filtered or unexported fields
}

Router manages the mapping between hostnames/paths and client sessions. It supports both subdomain-based routing (e.g., myapp.tunnel.example.com) and path-based routing (e.g., tunnel.example.com/myapp/).

func NewRouter 

func NewRouter(domain string) *Router

NewRouter creates a new router with the given base domain.

func (*Router) ActiveRoutes 

func (r *Router) ActiveRoutes() int

ActiveRoutes returns the number of active routes.

func (*Router) RegisterHostname 

func (r *Router) RegisterHostname(hostname string, client *ClientSession) error

RegisterHostname registers a custom hostname route for a client session.

func (*Router) RegisterPath 

func (r *Router) RegisterPath(pathPrefix string, client *ClientSession) error

RegisterPath registers a path-based route for a client session.

func (*Router) RegisterSubdomain 

func (r *Router) RegisterSubdomain(subdomain string, client *ClientSession) error

RegisterSubdomain registers a subdomain route for a client session.

func (*Router) Route 

func (r *Router) Route(host, path string) *ClientSession

Route resolves a host and path to a client session. It checks in order: custom hostname, subdomain, path prefix.

func (*Router) SubdomainURL 

func (r *Router) SubdomainURL(subdomain string, useTLS bool) string

SubdomainURL returns the public URL for a subdomain.

func (*Router) Unregister 

func (r *Router) Unregister(client *ClientSession)

Unregister removes all routes for the given client session.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server is the wormhole server.

func NewServer 

func NewServer(config Config) *Server

NewServer creates a new server instance.

func (*Server) FindPeerForP2P 

func (s *Server) FindPeerForP2P(excludeClientID string) *ClientSession

FindPeerForP2P looks up a peer client that could establish a P2P connection. Returns nil if no suitable peer is found.

func (*Server) Shutdown 

func (s *Server) Shutdown() error

Shutdown gracefully shuts down the server.

func (*Server) Start 

func (s *Server) Start(ctx context.Context) error

Start starts the server.

type Stats 

type Stats struct {
	ActiveClients uint64
	TotalClients  uint64
	ActiveTunnels uint64
	BytesIn       uint64
	BytesOut      uint64
	Requests      uint64
	StartTime     time.Time
}

Stats contains server statistics.

type StatsResponse 

type StatsResponse struct {
	ActiveClients       uint64 `json:"active_clients"`
	TotalClients        uint64 `json:"total_clients"`
	ActiveTunnels       uint64 `json:"active_tunnels"`
	ActiveRoutes        int    `json:"active_routes"`
	Requests            uint64 `json:"requests"`
	BytesIn             uint64 `json:"bytes_in"`
	BytesOut            uint64 `json:"bytes_out"`
	UptimeSeconds       int64  `json:"uptime_seconds"`
	AllocatedPorts      int    `json:"allocated_ports"`
	MaxClients          int    `json:"max_clients"`
	MaxTunnelsPerClient int    `json:"max_tunnels_per_client"`
}

StatsResponse is the response for the stats endpoint.

type TCPPortAllocator 

type TCPPortAllocator struct {
	// contains filtered or unexported fields
}

TCPPortAllocator manages TCP port allocation for raw TCP tunnels.

func NewTCPPortAllocator 

func NewTCPPortAllocator(start, end int) *TCPPortAllocator

NewTCPPortAllocator creates a new port allocator for the given range.

func (*TCPPortAllocator) Allocate 

func (a *TCPPortAllocator) Allocate(ctx context.Context) (int, net.Listener, error)

Allocate allocates a TCP port and starts listening on it. Returns the port number and the listener.

func (*TCPPortAllocator) AllocatedPorts 

func (a *TCPPortAllocator) AllocatedPorts() int

AllocatedPorts returns the count of currently allocated ports.

func (*TCPPortAllocator) CloseAll 

func (a *TCPPortAllocator) CloseAll()

CloseAll closes all allocated port listeners.

func (*TCPPortAllocator) Release 

func (a *TCPPortAllocator) Release(port int)

Release releases a previously allocated port.

type TLSManager 

type TLSManager struct {
	// contains filtered or unexported fields
}

TLSManager manages TLS configuration and automatic certificate provisioning.

func NewTLSManager 

func NewTLSManager(config Config) *TLSManager

NewTLSManager creates a new TLS manager from the server config.

func (*TLSManager) HTTPChallengeHandler 

func (m *TLSManager) HTTPChallengeHandler() http.Handler

HTTPChallengeHandler returns an HTTP handler for ACME HTTP-01 challenges. This should be served on port 80 when using AutoTLS. Non-challenge requests are redirected to HTTPS.

func (*TLSManager) TLSConfig 

func (m *TLSManager) TLSConfig() (*tls.Config, error)

TLSConfig returns a *tls.Config suitable for the HTTP server. It supports three modes:

  1. AutoTLS with Let's Encrypt (when AutoTLS=true and Domain is set).
  2. Manual TLS with provided cert/key files.
  3. No TLS (returns nil).

func (*TLSManager) WrapListener 

func (m *TLSManager) WrapListener(ln net.Listener) net.Listener

WrapListener wraps a net.Listener with TLS if configured.

type TeamResponse 

type TeamResponse struct {
	Name           string `json:"name"`
	CreatedAt      string `json:"created_at"`
	Tokens         int    `json:"tokens"`
	RevokedVersion int64  `json:"revoked_version"`
}

TeamResponse is the response for team endpoints.

type TunnelInfo 

type TunnelInfo struct {
	ID        string
	LocalPort uint32
	Protocol  proto.Protocol
	PublicURL string
	TCPPort   uint32
	CreatedAt time.Time
}

TunnelInfo contains information about a tunnel.

type TunnelJSON 

type TunnelJSON struct {
	ID        string `json:"id"`
	LocalPort uint32 `json:"local_port"`
	Protocol  string `json:"protocol"`
	PublicURL string `json:"public_url"`
	TCPPort   uint32 `json:"tcp_port,omitempty"`
	CreatedAt string `json:"created_at"`
}

TunnelJSON is the JSON representation of a tunnel.

type UnblockRequest 

type UnblockRequest struct {
	IP string `json:"ip"`
}

UnblockRequest is the request body for unblocking an IP.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.