bagas/tunnel-please
Public Access
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: close connection if no tunneling request is specified
All checks were successful
Docker Build and Push / build-and-push (push) Successful in 7m18s
Details

Browse Source
This commit is contained in:
bagas
2025-10-20 12:28:52 +00:00
parent 659b2b82ec
commit e02b7ed937
7 changed files with 82 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
internal/port/port.go
View File

@ -1,4 +1,4 @@
package port package SSH_PORT
import ( import (
"fmt" "fmt"
@ -45,10 +45,10 @@ func (pm *PortManager) AddPortRange(startPort, endPort uint16) error {
if startPort > endPort { if startPort > endPort {
return fmt.Errorf("start port cannot be greater than end port") return fmt.Errorf("start port cannot be greater than end port")
} }
for port := startPort; port <= endPort; port++ { for SSH_PORT := startPort; SSH_PORT <= endPort; SSH_PORT++ {
if _, exists := pm.ports[port]; !exists { if _, exists := pm.ports[SSH_PORT]; !exists {
pm.ports[port] = false pm.ports[SSH_PORT] = false
pm.sortedPorts = append(pm.sortedPorts, port) pm.sortedPorts = append(pm.sortedPorts, SSH_PORT)
} }
} }
sort.Slice(pm.sortedPorts, func(i, j int) bool { sort.Slice(pm.sortedPorts, func(i, j int) bool {
@ -61,30 +61,30 @@ func (pm *PortManager) GetUnassignedPort() (uint16, bool) {
pm.mu.Lock() pm.mu.Lock()
defer pm.mu.Unlock() defer pm.mu.Unlock()
for _, port := range pm.sortedPorts { for _, SSH_PORT := range pm.sortedPorts {
if !pm.ports[port] { if !pm.ports[SSH_PORT] {
pm.ports[port] = true pm.ports[SSH_PORT] = true
return port, true return SSH_PORT, true
} }
} }
return 0, false return 0, false
} }
func (pm *PortManager) SetPortStatus(port uint16, assigned bool) error { func (pm *PortManager) SetPortStatus(SSH_PORT uint16, assigned bool) error {
pm.mu.Lock() pm.mu.Lock()
defer pm.mu.Unlock() defer pm.mu.Unlock()
if _, exists := pm.ports[port]; !exists { if _, exists := pm.ports[SSH_PORT]; !exists {
return fmt.Errorf("port %d is not in the allowed range", port) return fmt.Errorf("port %d is not in the allowed range", SSH_PORT)
} }
pm.ports[port] = assigned pm.ports[SSH_PORT] = assigned
return nil return nil
} }
func (pm *PortManager) GetPortStatus(port uint16) (bool, bool) { func (pm *PortManager) GetPortStatus(SSH_PORT uint16) (bool, bool) {
pm.mu.RLock() pm.mu.RLock()
defer pm.mu.RUnlock() defer pm.mu.RUnlock()
status, exists := pm.ports[port] status, exists := pm.ports[SSH_PORT]
return status, exists return status, exists
} }

5
main.go
View File

@ -1,11 +1,12 @@
package main package main
import ( import (
"golang.org/x/crypto/ssh"
"log" "log"
"os" "os"
"tunnel_pls/server" "tunnel_pls/server"
"tunnel_pls/utils" "tunnel_pls/utils"
"golang.org/x/crypto/ssh"
) )
func main() { func main() {
@ -20,7 +21,7 @@ func main() {
log.SetOutput(os.Stdout) log.SetOutput(os.Stdout)
log.SetFlags(log.LstdFlags | log.Lshortfile) log.SetFlags(log.LstdFlags | log.Lshortfile)
privateBytes, err := os.ReadFile(utils.Getenv("ssh_private_key")) privateBytes, err := os.ReadFile(utils.Getenv("SSH_PRIVATE_KEY"))
if err != nil { if err != nil {
log.Fatalf("Failed to load private key : %s", err.Error()) log.Fatalf("Failed to load private key : %s", err.Error())
} }

8
server/http.go
View File

@ -63,7 +63,7 @@ var allowedCors = make(map[string]bool)
var isAllowedAllCors = false var isAllowedAllCors = false
func init() { func init() {
corsList := utils.Getenv("cors_list") corsList := utils.Getenv("CORS_LIST")
if corsList == "*" { if corsList == "*" {
isAllowedAllCors = true isAllowedAllCors = true
} else { } else {
@ -86,11 +86,11 @@ func NewHTTPServer() error {
} }
} }
listener, err := net.Listen("tcp", ":80") listener, err := net.Listen("tcp", fmt.Sprintf(":%s", utils.Getenv("HTTP_PORT")))
if err != nil { if err != nil {
return errors.New("Error listening: " + err.Error()) return errors.New("Error listening: " + err.Error())
} }
if utils.Getenv("tls_enabled") == "true" && utils.Getenv("tls_redirect") == "true" { if utils.Getenv("TLS_ENABLED") == "true" && utils.Getenv("TLS_ENABLED") == "true" {
redirectTLS = true redirectTLS = true
} }
go func() { go func() {
@ -129,7 +129,7 @@ func Handler(conn net.Conn) {
if redirectTLS { if redirectTLS {
conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" + conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" +
fmt.Sprintf("Location: https://%s.%s/\r\n", slug, utils.Getenv("domain")) + fmt.Sprintf("Location: https://%s.%s/\r\n", slug, utils.Getenv("DOMAIN")) +
"Content-Length: 0\r\n" + "Content-Length: 0\r\n" +
"Connection: close\r\n" + "Connection: close\r\n" +
"\r\n")) "\r\n"))

2
server/https.go
View File

@ -16,7 +16,7 @@ import (
) )
func NewHTTPSServer() error { func NewHTTPSServer() error {
cert, err := tls.LoadX509KeyPair(utils.Getenv("cert_loc"), utils.Getenv("key_loc")) cert, err := tls.LoadX509KeyPair(utils.Getenv("CERT_LOC"), utils.Getenv("KEY_LOC"))
if err != nil { if err != nil {
return err return err
} }

7
server/server.go
View File

@ -2,11 +2,12 @@ package server
import ( import (
"fmt" "fmt"
"golang.org/x/crypto/ssh"
"log" "log"
"net" "net"
"net/http" "net/http"
"tunnel_pls/utils" "tunnel_pls/utils"
"golang.org/x/crypto/ssh"
) )
type Server struct { type Server struct {
@ -16,12 +17,12 @@ type Server struct {
} }
func NewServer(config ssh.ServerConfig) *Server { func NewServer(config ssh.ServerConfig) *Server {
listener, err := net.Listen("tcp", fmt.Sprintf(":%s", utils.Getenv("port"))) listener, err := net.Listen("tcp", fmt.Sprintf(":%s", utils.Getenv("SSH_PORT")))
if err != nil { if err != nil {
log.Fatalf("failed to listen on port 2200: %v", err) log.Fatalf("failed to listen on port 2200: %v", err)
return nil return nil
} }
if utils.Getenv("tls_enabled") == "true" { if utils.Getenv("TLS_ENABLED") == "true" {
go func() { go func() {
err := NewHTTPSServer() err := NewHTTPSServer()
if err != nil { if err != nil {

74
session/handler.go
View File

@ -92,7 +92,6 @@ func (s *Session) Close() error {
if s.Listener != nil { if s.Listener != nil {
err := s.Listener.Close() err := s.Listener.Close()
if err != nil && !errors.Is(err, net.ErrClosed) { if err != nil && !errors.Is(err, net.ErrClosed) {
fmt.Println("1")
return err return err
} }
} }
@ -100,7 +99,6 @@ func (s *Session) Close() error {
if s.ConnChannel != nil { if s.ConnChannel != nil {
err := s.ConnChannel.Close() err := s.ConnChannel.Close()
if err != nil && !errors.Is(err, io.EOF) { if err != nil && !errors.Is(err, io.EOF) {
fmt.Println("2")
return err return err
} }
} }
@ -108,8 +106,6 @@ func (s *Session) Close() error {
if s.Connection != nil { if s.Connection != nil {
err := s.Connection.Close() err := s.Connection.Close()
if err != nil && !errors.Is(err, net.ErrClosed) { if err != nil && !errors.Is(err, net.ErrClosed) {
fmt.Println("3")
return err return err
} }
} }
@ -121,7 +117,6 @@ func (s *Session) Close() error {
if s.TunnelType == TCP { if s.TunnelType == TCP {
err := portUtil.Manager.SetPortStatus(s.ForwardedPort, false) err := portUtil.Manager.SetPortStatus(s.ForwardedPort, false)
if err != nil { if err != nil {
fmt.Println("4")
return err return err
} }
} }
@ -131,9 +126,18 @@ func (s *Session) Close() error {
} }
func (s *Session) HandleGlobalRequest(GlobalRequest <-chan *ssh.Request) { func (s *Session) HandleGlobalRequest(GlobalRequest <-chan *ssh.Request) {
for req := range GlobalRequest { ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
defer cancel()
for {
select {
case req, ok := <-GlobalRequest:
if !ok || req == nil {
log.Println("GlobalRequest channel closed")
return
}
switch req.Type { switch req.Type {
case "tcpip-forward": case "tcpip-forward":
cancel()
s.handleTCPIPForward(req) s.handleTCPIPForward(req)
return return
case "shell", "pty-req", "window-change": case "shell", "pty-req", "window-change":
@ -142,6 +146,16 @@ func (s *Session) HandleGlobalRequest(GlobalRequest <-chan *ssh.Request) {
log.Println("Unknown request type:", req.Type) log.Println("Unknown request type:", req.Type)
req.Reply(false, nil) req.Reply(false, nil)
} }
case <-ctx.Done():
if s.Status == SETUP {
s.sendMessage("No forwarding request detected. See https://tunnl.live for setup help.\n\r")
err := s.Close()
if err != nil {
log.Println("Cannot close connection: ", err)
return
}
}
}
} }
} }
@ -216,15 +230,15 @@ func (s *Session) handleTCPIPForward(req *ssh.Request) {
var blockedReservedPorts = []uint16{1080, 1433, 1521, 1900, 2049, 3306, 3389, 5432, 5900, 6379, 8080, 8443, 9000, 9200, 27017} var blockedReservedPorts = []uint16{1080, 1433, 1521, 1900, 2049, 3306, 3389, 5432, 5900, 6379, 8080, 8443, 9000, 9200, 27017}
func isBlockedPort(port uint16) bool { func isBlockedPort(SSH_PORT uint16) bool {
if port == 80 || port == 443 { if SSH_PORT == 80 || SSH_PORT == 443 {
return false return false
} }
if port < 1024 && port != 0 { if SSH_PORT < 1024 && SSH_PORT != 0 {
return true return true
} }
for _, p := range blockedReservedPorts { for _, p := range blockedReservedPorts {
if p == port { if p == SSH_PORT {
return true return true
} }
} }
@ -250,13 +264,13 @@ func (s *Session) handleHTTPForward(req *ssh.Request, portToBind uint16) {
s.waitForRunningStatus() s.waitForRunningStatus()
domain := utils.Getenv("domain") DOMAIN := utils.Getenv("DOMAIN")
protocol := "http" protocol := "http"
if utils.Getenv("tls_enabled") == "true" { if utils.Getenv("TLS_ENABLED") == "true" {
protocol = "https" protocol = "https"
} }
s.sendMessage(fmt.Sprintf("Forwarding your traffic to %s://%s.%s\r\n", protocol, slug, domain)) s.sendMessage(fmt.Sprintf("Forwarding your traffic to %s://%s.%s\r\n", protocol, slug, DOMAIN))
req.Reply(true, buf.Bytes()) req.Reply(true, buf.Bytes())
} }
@ -403,13 +417,13 @@ func (s *Session) handleSlugEditMode(connection ssh.Channel, inSlugEditMode *boo
if len(*editSlug) > 0 { if len(*editSlug) > 0 {
*editSlug = (*editSlug)[:len(*editSlug)-1] *editSlug = (*editSlug)[:len(*editSlug)-1]
connection.Write([]byte("\r\033[K")) connection.Write([]byte("\r\033[K"))
connection.Write([]byte("➤ " + *editSlug + "." + utils.Getenv("domain"))) connection.Write([]byte("➤ " + *editSlug + "." + utils.Getenv("DOMAIN")))
} }
} else if char >= 32 && char <= 126 { } else if char >= 32 && char <= 126 {
if (char >= 'a' && char <= 'z') || (char >= '0' && char <= '9') || char == '-' { if (char >= 'a' && char <= 'z') || (char >= '0' && char <= '9') || char == '-' {
*editSlug += string(char) *editSlug += string(char)
connection.Write([]byte("\r\033[K")) connection.Write([]byte("\r\033[K"))
connection.Write([]byte("➤ " + *editSlug + "." + utils.Getenv("domain"))) connection.Write([]byte("➤ " + *editSlug + "." + utils.Getenv("DOMAIN")))
} }
} }
} }
@ -438,7 +452,7 @@ func (s *Session) handleSlugSave(connection ssh.Channel, inSlugEditMode *bool, e
} }
connection.Write([]byte("\r\n\r\n✅ SUBDOMAIN UPDATED ✅\r\n\r\n")) connection.Write([]byte("\r\n\r\n✅ SUBDOMAIN UPDATED ✅\r\n\r\n"))
connection.Write([]byte("Your new address is: " + newSlug + "." + utils.Getenv("domain") + "\r\n\r\n")) connection.Write([]byte("Your new address is: " + newSlug + "." + utils.Getenv("DOMAIN") + "\r\n\r\n"))
connection.Write([]byte("Press any key to continue...\r\n")) connection.Write([]byte("Press any key to continue...\r\n"))
} else if isForbiddenSlug(*editSlug) { } else if isForbiddenSlug(*editSlug) {
connection.Write([]byte("\r\n\r\n❌ FORBIDDEN SUBDOMAIN ❌\r\n\r\n")) connection.Write([]byte("\r\n\r\n❌ FORBIDDEN SUBDOMAIN ❌\r\n\r\n"))
@ -457,12 +471,12 @@ func (s *Session) handleSlugSave(connection ssh.Channel, inSlugEditMode *bool, e
connection.Write([]byte("\033[H\033[2J")) connection.Write([]byte("\033[H\033[2J"))
showWelcomeMessage(connection) showWelcomeMessage(connection)
domain := utils.Getenv("domain") DOMAIN := utils.Getenv("DOMAIN")
protocol := "http" protocol := "http"
if utils.Getenv("tls_enabled") == "true" { if utils.Getenv("TLS_ENABLED") == "true" {
protocol = "https" protocol = "https"
} }
connection.Write([]byte(fmt.Sprintf("Forwarding your traffic to %s://%s.%s \r\n", protocol, s.Slug, domain))) connection.Write([]byte(fmt.Sprintf("Forwarding your traffic to %s://%s.%s \r\n", protocol, s.Slug, DOMAIN)))
*inSlugEditMode = false *inSlugEditMode = false
commandBuffer.Reset() commandBuffer.Reset()
@ -534,15 +548,15 @@ func (s *Session) handleCommand(connection ssh.Channel, command string, inSlugEd
case "/clear": case "/clear":
connection.Write([]byte("\033[H\033[2J")) connection.Write([]byte("\033[H\033[2J"))
showWelcomeMessage(s.ConnChannel) showWelcomeMessage(s.ConnChannel)
domain := utils.Getenv("domain") DOMAIN := utils.Getenv("DOMAIN")
if s.TunnelType == HTTP { if s.TunnelType == HTTP {
protocol := "http" protocol := "http"
if utils.Getenv("tls_enabled") == "true" { if utils.Getenv("TLS_ENABLED") == "true" {
protocol = "https" protocol = "https"
} }
s.sendMessage(fmt.Sprintf("Forwarding your traffic to %s://%s.%s \r\n", protocol, s.Slug, domain)) s.sendMessage(fmt.Sprintf("Forwarding your traffic to %s://%s.%s \r\n", protocol, s.Slug, DOMAIN))
} else { } else {
s.sendMessage(fmt.Sprintf("Forwarding your traffic to %s://%s:%d \r\n", s.TunnelType, domain, s.ForwardedPort)) s.sendMessage(fmt.Sprintf("Forwarding your traffic to %s://%s:%d \r\n", s.TunnelType, DOMAIN, s.ForwardedPort))
} }
case "/slug": case "/slug":
@ -553,7 +567,7 @@ func (s *Session) handleCommand(connection ssh.Channel, command string, inSlugEd
*editSlug = s.Slug *editSlug = s.Slug
connection.Write([]byte("\033[H\033[2J")) connection.Write([]byte("\033[H\033[2J"))
displaySlugEditor(connection, s.Slug) displaySlugEditor(connection, s.Slug)
connection.Write([]byte("➤ " + *editSlug + "." + utils.Getenv("domain"))) connection.Write([]byte("➤ " + *editSlug + "." + utils.Getenv("DOMAIN")))
} }
default: default:
connection.Write([]byte("\r\nUnknown command")) connection.Write([]byte("\r\nUnknown command"))
@ -684,8 +698,8 @@ func showWelcomeMessage(connection ssh.Channel) {
} }
func displaySlugEditor(connection ssh.Channel, currentSlug string) { func displaySlugEditor(connection ssh.Channel, currentSlug string) {
domain := utils.Getenv("domain") DOMAIN := utils.Getenv("DOMAIN")
fullDomain := currentSlug + "." + domain fullDomain := currentSlug + "." + DOMAIN
const paddingRight = 4 const paddingRight = 4
@ -742,15 +756,15 @@ func ParseAddr(addr string) (string, uint32) {
log.Printf("Failed to parse origin address: %s from address %s", err.Error(), addr) log.Printf("Failed to parse origin address: %s from address %s", err.Error(), addr)
return "0.0.0.0", uint32(0) return "0.0.0.0", uint32(0)
} }
port, _ := strconv.Atoi(portStr) SSH_PORT, _ := strconv.Atoi(portStr)
return host, uint32(port) return host, uint32(SSH_PORT)
} }
func createForwardedTCPIPPayload(host string, originPort, port uint16) []byte { func createForwardedTCPIPPayload(host string, originPort, SSH_PORT uint16) []byte {
var buf bytes.Buffer var buf bytes.Buffer
writeSSHString(&buf, "localhost") writeSSHString(&buf, "localhost")
binary.Write(&buf, binary.BigEndian, uint32(port)) binary.Write(&buf, binary.BigEndian, uint32(SSH_PORT))
writeSSHString(&buf, host) writeSSHString(&buf, host)
binary.Write(&buf, binary.BigEndian, uint32(originPort)) binary.Write(&buf, binary.BigEndian, uint32(originPort))

4
session/session.go
View File

@ -1,9 +1,10 @@
package session package session
import ( import (
"golang.org/x/crypto/ssh"
"net" "net"
"sync" "sync"
"golang.org/x/crypto/ssh"
) )
type TunnelType string type TunnelType string
@ -44,7 +45,6 @@ func New(conn *ssh.ServerConn, forwardingReq <-chan *ssh.Request) *Session {
ch, reqs, _ := channel.Accept() ch, reqs, _ := channel.Accept()
if session.ConnChannel == nil { if session.ConnChannel == nil {
session.ConnChannel = ch session.ConnChannel = ch
session.Status = RUNNING
go session.HandleGlobalRequest(forwardingReq) go session.HandleGlobalRequest(forwardingReq)
} }
go session.HandleGlobalRequest(reqs) go session.HandleGlobalRequest(reqs)