feat: implement sessions request from grpc server

- Replace ReadString with ReadSlice to eliminate allocations
- Use bytes operations instead of strings
- Add FromBytes variant for in-memory parsing

.dockerignore

@@ -0,0 +1,32 @@
+.git/
+.github/
+.gitea/
+.gitignore
+
+.idea/
+*.swp
+*.swo
+*~
+
+tmp/
+*.log
+
+.env
+.env.*
+
+certs/
+id_rsa*
+*.pub
+
+README.md
+LICENSE.md
+*.md
+
+renovate.json
+renovate-config.js
+
+*_test.go
+testdata/
+
+app
+

.gitea/workflows/build.yml

@@ -5,14 +5,25 @@ on:
     branches:
       - main
       - staging
+    tags:
+      - 'v*'
+    paths:
+      - '**.go'
+      - 'go.mod'
+      - 'go.sum'
+      - 'Dockerfile'
+      - 'Dockerfile.*'
+      - '.dockerignore'
+      - '.gitea/workflows/build.yml'
 
 jobs:
-  build-and-push:
+  build-and-push-branches:
     runs-on: ubuntu-latest
+    if: github.ref_type == 'branch'
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -24,6 +35,17 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
+      - name: Set version variables
+        id: vars
+        run: |
+          if [ "${{ github.ref }}" == "refs/heads/main" ]; then
+            echo "VERSION=dev-main" >> $GITHUB_OUTPUT
+          else
+            echo "VERSION=dev-staging" >> $GITHUB_OUTPUT
+          fi
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
+
       - name: Build and push Docker image for main
         uses: docker/build-push-action@v6
         with:
@@ -32,6 +54,10 @@ jobs:
           tags: |
             git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:latest
           platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=${{ steps.vars.outputs.VERSION }}
+            BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
+            COMMIT=${{ steps.vars.outputs.COMMIT }}
         if: github.ref == 'refs/heads/main'
 
       - name: Build and push Docker image for staging
@@ -42,4 +68,85 @@ jobs:
           tags: |
             git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:staging
           platforms: linux/amd64,linux/arm64
-        if: github.ref == 'refs/heads/staging'
+          build-args: |
+            VERSION=${{ steps.vars.outputs.VERSION }}
+            BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
+            COMMIT=${{ steps.vars.outputs.COMMIT }}
+        if: github.ref == 'refs/heads/staging'
+
+  build-and-push-tags:
+    runs-on: ubuntu-latest
+    if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: git.fossy.my.id
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract version and determine release type
+        id: version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/v}
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
+          
+          if echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$'; then
+            MAJOR=$(echo "$VERSION" | cut -d. -f1)
+            MINOR=$(echo "$VERSION" | cut -d. -f2)
+            
+            echo "MAJOR=$MAJOR" >> $GITHUB_OUTPUT
+            echo "MINOR=$MINOR" >> $GITHUB_OUTPUT
+            
+            if echo "$VERSION" | grep -q '-'; then
+              echo "IS_PRERELEASE=true" >> $GITHUB_OUTPUT
+              echo "ADDITIONAL_TAG=staging" >> $GITHUB_OUTPUT
+            else
+              echo "IS_PRERELEASE=false" >> $GITHUB_OUTPUT
+              echo "ADDITIONAL_TAG=latest" >> $GITHUB_OUTPUT
+            fi
+          else
+            echo "Invalid version format: $VERSION"
+            exit 1
+          fi
+
+      - name: Build and push Docker image for release
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.VERSION }}
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.MAJOR }}.${{ steps.version.outputs.MINOR }}
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.MAJOR }}
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.version.outputs.ADDITIONAL_TAG }}
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=${{ steps.version.outputs.VERSION }}
+            BUILD_DATE=${{ steps.version.outputs.BUILD_DATE }}
+            COMMIT=${{ steps.version.outputs.COMMIT }}
+        if: steps.version.outputs.IS_PRERELEASE == 'false'
+
+      - name: Build and push Docker image for pre-release
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:v${{ steps.version.outputs.VERSION }}
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please:${{ steps.version.outputs.ADDITIONAL_TAG }}
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=${{ steps.version.outputs.VERSION }}
+            BUILD_DATE=${{ steps.version.outputs.BUILD_DATE }}
+            COMMIT=${{ steps.version.outputs.COMMIT }}
+        if: steps.version.outputs.IS_PRERELEASE == 'true'

.gitea/workflows/renovate.yml

@@ -5,16 +5,17 @@ on:
     - cron: "0 0 * * *"
   push:
     branches:
-      - main
+      - staging
 
 jobs:
   renovate:
     runs-on: ubuntu-latest
     container: git.fossy.my.id/renovate-clanker/renovate:latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - run: renovate
         env:
           RENOVATE_CONFIG_FILE: ${{ gitea.workspace }}/renovate-config.js
           LOG_LEVEL: "debug"
-          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          GITHUB_COM_TOKEN: ${{ secrets.COM_TOKEN }}

.github/workflows/sync-to-gitea.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

.gitignore

@@ -4,3 +4,4 @@ id_rsa*
 .env
 tmp
 certs
+app

Dockerfile

@@ -1,20 +1,59 @@
 FROM golang:1.25.5-alpine AS go_builder
 
+ARG VERSION=dev
+ARG BUILD_DATE=unknown
+ARG COMMIT=unknown
+
+RUN apk update && apk upgrade && \
+    apk add --no-cache ca-certificates tzdata git && \
+    update-ca-certificates
+
 WORKDIR /src
+
+COPY go.mod go.sum ./
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    go mod download && go mod verify
+
 COPY . .
 
-RUN apk update && apk upgrade && apk add --no-cache ca-certificates tzdata
-RUN update-ca-certificates
-RUN go build -o ./tmp/main
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    CGO_ENABLED=0 GOOS=linux \
+    go build -trimpath \
+    -ldflags="-w -s -X tunnel_pls/version.Version=${VERSION} -X tunnel_pls/version.BuildDate=${BUILD_DATE} -X tunnel_pls/version.Commit=${COMMIT}" \
+    -o /app/tunnel_pls \
+    .
+
+RUN adduser -D -u 10001 -g '' appuser && \
+    mkdir -p /app/certs/ssh /app/certs/tls && \
+    chown -R appuser:appuser /app
 
 FROM scratch
 
-WORKDIR /src
+ARG VERSION=dev
+ARG BUILD_DATE=unknown
+ARG COMMIT=unknown
 
 COPY --from=go_builder /usr/share/zoneinfo /usr/share/zoneinfo
 COPY --from=go_builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=go_builder /src/tmp/main /src
+COPY --from=go_builder /etc/passwd /etc/passwd
+COPY --from=go_builder /etc/group /etc/group
+COPY --from=go_builder --chown=appuser:appuser /app /app
 
-ENV TZ Asia/Jakarta
+WORKDIR /app
 
-ENTRYPOINT ["./main"]
+USER appuser
+
+ENV TZ=Asia/Jakarta
+
+EXPOSE 2200 8080 8443
+
+LABEL org.opencontainers.image.title="Tunnel Please" \
+      org.opencontainers.image.description="SSH-based tunnel server" \
+      org.opencontainers.image.version="${VERSION}" \
+      org.opencontainers.image.revision="${COMMIT}" \
+      org.opencontainers.image.created="${BUILD_DATE}"
+
+ENTRYPOINT ["/app/tunnel_pls"]

README.md

@@ -6,7 +6,6 @@ A lightweight SSH-based tunnel server written in Go that enables secure TCP and
 
 - SSH interactive session with real-time command handling
 - Custom subdomain management for HTTP tunnels
-- Active connection control with drop functionality
 - Dual protocol support: HTTP and TCP tunnels
 - Real-time connection monitoring
 ## Requirements
@@ -22,20 +21,22 @@ The following environment variables can be configured in the `.env` file:
 |----------|-------------|---------|----------|
 | `DOMAIN` | Domain name for subdomain routing | `localhost` | No |
 | `PORT` | SSH server port | `2200` | No |
+| `HTTP_PORT` | HTTP server port | `8080` | No |
+| `HTTPS_PORT` | HTTPS server port | `8443` | No |
 | `TLS_ENABLED` | Enable TLS/HTTPS | `false` | No |
 | `TLS_REDIRECT` | Redirect HTTP to HTTPS | `false` | No |
-| `CERT_LOC` | Path to TLS certificate | `certs/cert.pem` | No |
-| `KEY_LOC` | Path to TLS private key | `certs/privkey.pem` | No |
-| `CERT_STORAGE_PATH` | Path for CertMagic certificate storage | `certs/certmagic` | No |
 | `ACME_EMAIL` | Email for Let's Encrypt registration | `admin@<DOMAIN>` | No |
 | `CF_API_TOKEN` | Cloudflare API token for DNS-01 challenge | - | Yes (if auto-cert) |
 | `ACME_STAGING` | Use Let's Encrypt staging server | `false` | No |
-| `SSH_PRIVATE_KEY` | Path to SSH private key (auto-generated if missing) | `certs/id_rsa` | No |
 | `CORS_LIST` | Comma-separated list of allowed CORS origins | - | No |
 | `ALLOWED_PORTS` | Port range for TCP tunnels (e.g., 40000-41000) | `40000-41000` | No |
 | `BUFFER_SIZE` | Buffer size for io.Copy operations in bytes (4096-1048576) | `32768` | No |
 | `PPROF_ENABLED` | Enable pprof profiling server | `false` | No |
 | `PPROF_PORT` | Port for pprof server | `6060` | No |
+| `MODE` | Runtime mode: `standalone` (default, no gRPC/auth) or `node` (enable gRPC + auth) | `standalone` | No |
+| `GRPC_ADDRESS` | gRPC server address/host used in `node` mode | `localhost` | No |
+| `GRPC_PORT` | gRPC server port used in `node` mode | `8080` | No |
+| `NODE_TOKEN` | Authentication token sent to controller in `node` mode | - (required in `node`) | Yes (node mode) |
 
 **Note:** All environment variables now use UPPERCASE naming. The application includes sensible defaults for all variables, so you can run it without a `.env` file for basic functionality.
 
@@ -43,8 +44,14 @@ The following environment variables can be configured in the `.env` file:
 
 The server supports automatic TLS certificate generation and renewal using [CertMagic](https://github.com/caddyserver/certmagic) with Cloudflare DNS-01 challenge. This is required for wildcard certificate support (`*.yourdomain.com`).
 
+**Certificate Storage:**
+- TLS certificates are stored in `certs/tls/` (relative to application directory)
+- User-provided certificates: `certs/tls/cert.pem` and `certs/tls/privkey.pem`
+- CertMagic automatic certificates: `certs/tls/certmagic/`
+- SSH keys are stored separately in `certs/ssh/`
+
 **How it works:**
-1. If user-provided certificates (`CERT_LOC`, `KEY_LOC`) exist and cover both `DOMAIN` and `*.DOMAIN`, they will be used
+1. If user-provided certificates exist at `certs/tls/cert.pem` and `certs/tls/privkey.pem` and cover both `DOMAIN` and `*.DOMAIN`, they will be used
 2. If certificates are missing, expired, expiring within 30 days, or don't cover the required domains, CertMagic will automatically obtain new certificates from Let's Encrypt
 3. Certificates are automatically renewed before expiration
 4. User-provided certificates support hot-reload (changes detected every 30 seconds)
@@ -71,7 +78,7 @@ ACME_EMAIL=admin@example.com
 
 ### SSH Key Auto-Generation
 
-If the SSH private key specified in `SSH_PRIVATE_KEY` doesn't exist, the application will automatically generate a new 4096-bit RSA key pair at the specified location. This makes it easier to get started without manually creating SSH keys.
+The application will automatically generate a new 4096-bit RSA key pair at `certs/ssh/id_rsa` if it doesn't exist. This makes it easier to get started without manually creating SSH keys. SSH keys are stored separately from TLS certificates.
 
 ### Memory Optimization
 
@@ -112,6 +119,110 @@ go tool pprof http://localhost:6060/debug/pprof/profile?seconds=30
 go tool pprof http://localhost:6060/debug/pprof/heap
 ```
 
+## Docker Deployment
+
+Three Docker Compose configurations are available for different deployment scenarios. Each configuration uses the image `git.fossy.my.id/bagas/tunnel-please:latest`.
+
+### Configuration Options
+
+#### 1. Root with Host Networking (RECOMMENDED)
+
+**File:** `docker-compose.root.yml`
+
+**Advantages:**
+- Full TCP port forwarding support (ports 40000-41000)
+- Direct binding to privileged ports (80, 443, 2200)
+- Best performance with no NAT overhead
+- Maximum flexibility for all tunnel types
+- No port mapping limitations
+
+**Use Case:** Production deployments where you need unrestricted TCP forwarding and maximum performance.
+
+**Deploy:**
+```bash
+docker-compose -f docker-compose.root.yml up -d
+```
+
+#### 2. Standard (HTTP/HTTPS Only)
+
+**File:** `docker-compose.standard.yml`
+
+**Advantages:**
+- Runs with unprivileged user (more secure)
+- Standard port mappings (2200, 80, 443)
+- Simple and predictable networking
+- TCP port forwarding disabled (`ALLOWED_PORTS=none`)
+
+**Use Case:** Deployments where you only need HTTP/HTTPS tunneling without custom TCP port forwarding.
+
+**Deploy:**
+```bash
+docker-compose -f docker-compose.standard.yml up -d
+```
+
+#### 3. Limited TCP Forwarding
+
+**File:** `docker-compose.tcp.yml`
+
+**Advantages:**
+- Runs with unprivileged user (more secure)
+- Standard port mappings (2200, 80, 443)
+- Limited TCP forwarding (ports 30000-31000)
+- Controlled port range exposure
+
+**Use Case:** Deployments where you need both HTTP/HTTPS tunneling and limited TCP forwarding within a specific port range.
+
+**Deploy:**
+```bash
+docker-compose -f docker-compose.tcp.yml up -d
+```
+
+### Quick Start
+
+1. **Choose your configuration** based on your requirements
+2. **Edit the environment variables** in the chosen compose file:
+   - `DOMAIN`: Your domain name (e.g., `example.com`)
+   - `ACME_EMAIL`: Your email for Let's Encrypt
+   - `CF_API_TOKEN`: Your Cloudflare API token (if using automatic TLS)
+3. **Deploy:**
+   ```bash
+   docker-compose -f docker-compose.root.yml up -d
+   ```
+4. **Check logs:**
+   ```bash
+   docker-compose -f docker-compose.root.yml logs -f
+   ```
+5. **Stop the service:**
+   ```bash
+   docker-compose -f docker-compose.root.yml down
+   ```
+
+### Volume Management
+
+All configurations use a named volume `certs` for persistent storage:
+- SSH keys: `/app/certs/ssh/`
+- TLS certificates: `/app/certs/tls/`
+
+To backup certificates:
+```bash
+docker run --rm -v tunnel_pls_certs:/data -v $(pwd):/backup alpine tar czf /backup/certs-backup.tar.gz -C /data .
+```
+
+To restore certificates:
+```bash
+docker run --rm -v tunnel_pls_certs:/data -v $(pwd):/backup alpine tar xzf /backup/certs-backup.tar.gz -C /data
+```
+
+### Recommendation
+
+**Use `docker-compose.root.yml`** for production deployments if you need:
+- Full TCP port forwarding capabilities
+- Any port range configuration
+- Direct port binding without mapping overhead
+- Maximum performance and flexibility
+
+This is the recommended configuration for most use cases as it provides the complete feature set without limitations.
+
 ## Contributing
 Contributions are welcome!
 

docker-compose.root.yml

@@ -0,0 +1,37 @@
+version: '3.8'
+
+services:
+  tunnel-please:
+    image: git.fossy.my.id/bagas/tunnel-please:latest
+    container_name: tunnel-please-root
+    user: root
+    network_mode: host
+    restart: unless-stopped
+    volumes:
+      - certs:/app/certs
+    environment:
+      DOMAIN: example.com
+      PORT: 2200
+      HTTP_PORT: 8080
+      HTTPS_PORT: 8443
+      TLS_ENABLED: "true"
+      TLS_REDIRECT: "true"
+      ACME_EMAIL: admin@example.com
+      CF_API_TOKEN: your_cloudflare_api_token_here
+      ACME_STAGING: "false"
+      CORS_LIST: http://localhost:3000,https://example.com
+      ALLOWED_PORTS: 40000-41000
+      BUFFER_SIZE: 32768
+      PPROF_ENABLED: "false"
+      PPROF_PORT: 6060
+    healthcheck:
+      test: ["CMD", "/bin/sh", "-c", "netstat -tln | grep -q :2200"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+volumes:
+  certs:
+    driver: local
+

docker-compose.standard.yml

@@ -0,0 +1,39 @@
+version: '3.8'
+
+services:
+  tunnel-please:
+    image: git.fossy.my.id/bagas/tunnel-please:latest
+    container_name: tunnel-please-standard
+    restart: unless-stopped
+    ports:
+      - "2200:2200"
+      - "80:8080"
+      - "443:8443"
+    volumes:
+      - certs:/app/certs
+    environment:
+      DOMAIN: example.com
+      PORT: 2200
+      HTTP_PORT: 8080
+      HTTPS_PORT: 8443
+      TLS_ENABLED: "true"
+      TLS_REDIRECT: "true"
+      ACME_EMAIL: admin@example.com
+      CF_API_TOKEN: your_cloudflare_api_token_here
+      ACME_STAGING: "false"
+      CORS_LIST: http://localhost:3000,https://example.com
+      ALLOWED_PORTS: none
+      BUFFER_SIZE: 32768
+      PPROF_ENABLED: "false"
+      PPROF_PORT: 6060
+    healthcheck:
+      test: ["CMD", "/bin/sh", "-c", "netstat -tln | grep -q :2200"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+volumes:
+  certs:
+    driver: local
+

docker-compose.tcp.yml

@@ -0,0 +1,40 @@
+version: '3.8'
+
+services:
+  tunnel-please:
+    image: git.fossy.my.id/bagas/tunnel-please:latest
+    container_name: tunnel-please-tcp
+    restart: unless-stopped
+    ports:
+      - "2200:2200"
+      - "80:8080"
+      - "443:8443"
+      - "30000-31000:30000-31000"
+    volumes:
+      - certs:/app/certs
+    environment:
+      DOMAIN: example.com
+      PORT: 2200
+      HTTP_PORT: 8080
+      HTTPS_PORT: 8443
+      TLS_ENABLED: "true"
+      TLS_REDIRECT: "true"
+      ACME_EMAIL: admin@example.com
+      CF_API_TOKEN: your_cloudflare_api_token_here
+      ACME_STAGING: "false"
+      CORS_LIST: http://localhost:3000,https://example.com
+      ALLOWED_PORTS: 30000-31000
+      BUFFER_SIZE: 32768
+      PPROF_ENABLED: "false"
+      PPROF_PORT: 6060
+    healthcheck:
+      test: ["CMD", "/bin/sh", "-c", "netstat -tln | grep -q :2200"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+volumes:
+  certs:
+    driver: local
+

go.mod

@@ -1,28 +1,55 @@
 module tunnel_pls
 
-go 1.24.4
+go 1.25.5
 
 require (
+	git.fossy.my.id/bagas/tunnel-please-grpc v1.2.0
 	github.com/caddyserver/certmagic v0.25.0
+	github.com/charmbracelet/bubbles v0.21.0
+	github.com/charmbracelet/bubbletea v1.3.10
+	github.com/charmbracelet/lipgloss v1.1.0
 	github.com/joho/godotenv v1.5.1
 	github.com/libdns/cloudflare v0.2.2
+	github.com/muesli/termenv v0.16.0
 	golang.org/x/crypto v0.46.0
+	google.golang.org/grpc v1.78.0
+	google.golang.org/protobuf v1.36.11
 )
 
 require (
+	github.com/atotto/clipboard v0.1.4 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/caddyserver/zerossl v0.1.3 // indirect
+	github.com/charmbracelet/colorprofile v0.4.1 // indirect
+	github.com/charmbracelet/x/ansi v0.11.3 // indirect
+	github.com/charmbracelet/x/cellbuf v0.0.14 // indirect
+	github.com/charmbracelet/x/term v0.2.2 // indirect
+	github.com/clipperhouse/displaywidth v0.6.2 // indirect
+	github.com/clipperhouse/stringish v0.1.1 // indirect
+	github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
+	github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/libdns/libdns v1.1.1 // indirect
-	github.com/mholt/acmez/v3 v3.1.3 // indirect
-	github.com/miekg/dns v1.1.68 // indirect
+	github.com/lucasb-eyer/go-colorful v1.3.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-localereader v0.0.1 // indirect
+	github.com/mattn/go-runewidth v0.0.19 // indirect
+	github.com/mholt/acmez/v3 v3.1.4 // indirect
+	github.com/miekg/dns v1.1.69 // indirect
+	github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
+	github.com/muesli/cancelreader v0.2.2 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/sahilm/fuzzy v0.1.1 // indirect
+	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.0 // indirect
+	go.uber.org/zap v1.27.1 // indirect
 	go.uber.org/zap/exp v0.3.0 // indirect
-	golang.org/x/mod v0.30.0 // indirect
-	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/mod v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
 	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.39.0 // indirect
 	golang.org/x/text v0.32.0 // indirect
-	golang.org/x/tools v0.39.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
 )

go.sum

@@ -1,57 +1,142 @@
+git.fossy.my.id/bagas/tunnel-please-grpc v1.2.0 h1:BS1dJU3wa2ILgTGwkV95Knle0il0OQtErGqyb6xV7SU=
+git.fossy.my.id/bagas/tunnel-please-grpc v1.2.0/go.mod h1:fG+VkArdkceGB0bNA7IFQus9GetLAwdF5Oi4jdMlXtY=
+github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
+github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
+github.com/aymanbagabas/go-udiff v0.2.0 h1:TK0fH4MteXUDspT88n8CKzvK0X9O2xu9yQjWpi6yML8=
+github.com/aymanbagabas/go-udiff v0.2.0/go.mod h1:RE4Ex0qsGkTAJoQdQQCA0uG+nAzJO/pI/QwceO5fgrA=
 github.com/caddyserver/certmagic v0.25.0 h1:VMleO/XA48gEWes5l+Fh6tRWo9bHkhwAEhx63i+F5ic=
 github.com/caddyserver/certmagic v0.25.0/go.mod h1:m9yB7Mud24OQbPHOiipAoyKPn9pKHhpSJxXR1jydBxA=
 github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+YTAyA=
 github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4=
+github.com/charmbracelet/bubbles v0.21.0 h1:9TdC97SdRVg/1aaXNVWfFH3nnLAwOXr8Fn6u6mfQdFs=
+github.com/charmbracelet/bubbles v0.21.0/go.mod h1:HF+v6QUR4HkEpz62dx7ym2xc71/KBHg+zKwJtMw+qtg=
+github.com/charmbracelet/bubbletea v1.3.10 h1:otUDHWMMzQSB0Pkc87rm691KZ3SWa4KUlvF9nRvCICw=
+github.com/charmbracelet/bubbletea v1.3.10/go.mod h1:ORQfo0fk8U+po9VaNvnV95UPWA1BitP1E0N6xJPlHr4=
+github.com/charmbracelet/colorprofile v0.4.1 h1:a1lO03qTrSIRaK8c3JRxJDZOvhvIeSco3ej+ngLk1kk=
+github.com/charmbracelet/colorprofile v0.4.1/go.mod h1:U1d9Dljmdf9DLegaJ0nGZNJvoXAhayhmidOdcBwAvKk=
+github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY=
+github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=
+github.com/charmbracelet/x/ansi v0.11.3 h1:6DcVaqWI82BBVM/atTyq6yBoRLZFBsnoDoX9GCu2YOI=
+github.com/charmbracelet/x/ansi v0.11.3/go.mod h1:yI7Zslym9tCJcedxz5+WBq+eUGMJT0bM06Fqy1/Y4dI=
+github.com/charmbracelet/x/cellbuf v0.0.14 h1:iUEMryGyFTelKW3THW4+FfPgi4fkmKnnaLOXuc+/Kj4=
+github.com/charmbracelet/x/cellbuf v0.0.14/go.mod h1:P447lJl49ywBbil/KjCk2HexGh4tEY9LH0/1QrZZ9rA=
+github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91 h1:payRxjMjKgx2PaCWLZ4p3ro9y97+TVLZNaRZgJwSVDQ=
+github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91/go.mod h1:wDlXFlCrmJ8J+swcL/MnGUuYnqgQdW9rhSD61oNMb6U=
+github.com/charmbracelet/x/term v0.2.2 h1:xVRT/S2ZcKdhhOuSP4t5cLi5o+JxklsoEObBSgfgZRk=
+github.com/charmbracelet/x/term v0.2.2/go.mod h1:kF8CY5RddLWrsgVwpw4kAa6TESp6EB5y3uxGLeCqzAI=
+github.com/clipperhouse/displaywidth v0.6.2 h1:ZDpTkFfpHOKte4RG5O/BOyf3ysnvFswpyYrV7z2uAKo=
+github.com/clipperhouse/displaywidth v0.6.2/go.mod h1:R+kHuzaYWFkTm7xoMmK1lFydbci4X2CicfbGstSGg0o=
+github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs=
+github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA=
+github.com/clipperhouse/uax29/v2 v2.3.0 h1:SNdx9DVUqMoBuBoW3iLOj4FQv3dN5mDtuqwuhIGpJy4=
+github.com/clipperhouse/uax29/v2 v2.3.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=
+github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/libdns/cloudflare v0.2.2 h1:XWHv+C1dDcApqazlh08Q6pjytYLgR2a+Y3xrXFu0vsI=
 github.com/libdns/cloudflare v0.2.2/go.mod h1:w9uTmRCDlAoafAsTPnn2nJ0XHK/eaUMh86DUk8BWi60=
 github.com/libdns/libdns v1.1.1 h1:wPrHrXILoSHKWJKGd0EiAVmiJbFShguILTg9leS/P/U=
 github.com/libdns/libdns v1.1.1/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
-github.com/mholt/acmez/v3 v3.1.3 h1:gUl789rjbJSuM5hYzOFnNaGgWPV1xVfnOs59o0dZEcc=
-github.com/mholt/acmez/v3 v3.1.3/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
-github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
-github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
+github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag=
+github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4=
+github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
+github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw=
+github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
+github.com/mholt/acmez/v3 v3.1.4 h1:DyzZe/RnAzT3rpZj/2Ii5xZpiEvvYk3cQEN/RmqxwFQ=
+github.com/mholt/acmez/v3 v3.1.4/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
+github.com/miekg/dns v1.1.69 h1:Kb7Y/1Jo+SG+a2GtfoFUfDkG//csdRPwRLkCsxDG9Sc=
+github.com/miekg/dns v1.1.69/go.mod h1:7OyjD9nEba5OkqQ/hB4fy3PIoxafSZJtducccIelz3g=
+github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=
+github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo=
+github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA=
+github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
+github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
+github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA=
+github.com/sahilm/fuzzy v0.1.1/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
+github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY=
+github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
 github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI=
 github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE=
+github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
+github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
+go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
+go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
+go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
+go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
+go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
+go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
+go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
+go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
+go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
+go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
-go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc=
+go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go.uber.org/zap/exp v0.3.0 h1:6JYzdifzYkGmTdRR59oYH+Ng7k49H9qVpWwNSsGJj3U=
 go.uber.org/zap/exp v0.3.0/go.mod h1:5I384qq7XGxYyByIhHm6jg5CHkGY0nsTfbDLgDDlgJQ=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
 golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
 golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
-golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
-golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
-golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
-golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
-golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
 golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
 golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
-golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
-golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b h1:Mv8VFug0MP9e5vUxfBcE3vUkV6CImK3cMNMIDFjmzxU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
+google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/config/config.go

@@ -0,0 +1,35 @@
+package config
+
+import (
+	"log"
+	"os"
+	"strconv"
+
+	"github.com/joho/godotenv"
+)
+
+func init() {
+	if _, err := os.Stat(".env"); err == nil {
+		if err := godotenv.Load(".env"); err != nil {
+			log.Printf("Warning: Failed to load .env file: %s", err)
+		}
+	}
+}
+
+func Getenv(key, defaultValue string) string {
+	val := os.Getenv(key)
+	if val == "" {
+		val = defaultValue
+	}
+
+	return val
+}
+
+func GetBufferSize() int {
+	sizeStr := Getenv("BUFFER_SIZE", "32768")
+	size, err := strconv.Atoi(sizeStr)
+	if err != nil || size < 4096 || size > 1048576 {
+		return 32768
+	}
+	return size
+}

internal/grpc/client/client.go

@@ -0,0 +1,377 @@
+package client
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"time"
+	"tunnel_pls/internal/config"
+
+	"tunnel_pls/session"
+
+	proto "git.fossy.my.id/bagas/tunnel-please-grpc/gen"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/keepalive"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+type GrpcConfig struct {
+	Address             string
+	UseTLS              bool
+	InsecureSkipVerify  bool
+	Timeout             time.Duration
+	KeepAlive           bool
+	MaxRetries          int
+	KeepAliveTime       time.Duration
+	KeepAliveTimeout    time.Duration
+	PermitWithoutStream bool
+}
+
+type Client struct {
+	conn                       *grpc.ClientConn
+	config                     *GrpcConfig
+	sessionRegistry            session.Registry
+	slugService                proto.SlugChangeClient
+	eventService               proto.EventServiceClient
+	authorizeConnectionService proto.UserServiceClient
+}
+
+func DefaultConfig() *GrpcConfig {
+	return &GrpcConfig{
+		Address:             "localhost:50051",
+		UseTLS:              false,
+		InsecureSkipVerify:  false,
+		Timeout:             10 * time.Second,
+		KeepAlive:           true,
+		MaxRetries:          3,
+		KeepAliveTime:       2 * time.Minute,
+		KeepAliveTimeout:    10 * time.Second,
+		PermitWithoutStream: false,
+	}
+}
+
+func New(config *GrpcConfig, sessionRegistry session.Registry) (*Client, error) {
+	if config == nil {
+		config = DefaultConfig()
+	} else {
+		defaults := DefaultConfig()
+		if config.Address == "" {
+			config.Address = defaults.Address
+		}
+		if config.Timeout == 0 {
+			config.Timeout = defaults.Timeout
+		}
+		if config.MaxRetries == 0 {
+			config.MaxRetries = defaults.MaxRetries
+		}
+		if config.KeepAliveTime == 0 {
+			config.KeepAliveTime = defaults.KeepAliveTime
+		}
+		if config.KeepAliveTimeout == 0 {
+			config.KeepAliveTimeout = defaults.KeepAliveTimeout
+		}
+	}
+
+	var opts []grpc.DialOption
+
+	if config.UseTLS {
+		tlsConfig := &tls.Config{
+			InsecureSkipVerify: config.InsecureSkipVerify,
+		}
+		creds := credentials.NewTLS(tlsConfig)
+		opts = append(opts, grpc.WithTransportCredentials(creds))
+	} else {
+		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
+	}
+
+	if config.KeepAlive {
+		kaParams := keepalive.ClientParameters{
+			Time:                config.KeepAliveTime,
+			Timeout:             config.KeepAliveTimeout,
+			PermitWithoutStream: config.PermitWithoutStream,
+		}
+		opts = append(opts, grpc.WithKeepaliveParams(kaParams))
+	}
+
+	opts = append(opts,
+		grpc.WithDefaultCallOptions(
+			grpc.MaxCallRecvMsgSize(4*1024*1024),
+			grpc.MaxCallSendMsgSize(4*1024*1024),
+		),
+	)
+
+	conn, err := grpc.NewClient(config.Address, opts...)
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect to gRPC server at %s: %w", config.Address, err)
+	}
+
+	slugService := proto.NewSlugChangeClient(conn)
+	eventService := proto.NewEventServiceClient(conn)
+	authorizeConnectionService := proto.NewUserServiceClient(conn)
+
+	return &Client{
+		conn:                       conn,
+		config:                     config,
+		slugService:                slugService,
+		sessionRegistry:            sessionRegistry,
+		eventService:               eventService,
+		authorizeConnectionService: authorizeConnectionService,
+	}, nil
+}
+
+func (c *Client) SubscribeEvents(ctx context.Context, identity, authToken string) error {
+	const (
+		baseBackoff = time.Second
+		maxBackoff  = 30 * time.Second
+	)
+
+	backoff := baseBackoff
+	wait := func() error {
+		if backoff <= 0 {
+			return nil
+		}
+		select {
+		case <-time.After(backoff):
+			return nil
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+	}
+	growBackoff := func() {
+		backoff *= 2
+		if backoff > maxBackoff {
+			backoff = maxBackoff
+		}
+	}
+
+	for {
+		subscribe, err := c.eventService.Subscribe(ctx)
+		if err != nil {
+			if !isConnectionError(err) {
+				return err
+			}
+			if status.Code(err) == codes.Unauthenticated {
+				return err
+			}
+			if err := wait(); err != nil {
+				return err
+			}
+			growBackoff()
+			continue
+		}
+
+		err = subscribe.Send(&proto.Node{
+			Type: proto.EventType_AUTHENTICATION,
+			Payload: &proto.Node_AuthEvent{
+				AuthEvent: &proto.Authentication{
+					Identity:  identity,
+					AuthToken: authToken,
+				},
+			},
+		})
+
+		if err != nil {
+			log.Println("Authentication failed to send to gRPC server:", err)
+			if isConnectionError(err) {
+				if err := wait(); err != nil {
+					return err
+				}
+				growBackoff()
+				continue
+			}
+			return err
+		}
+		log.Println("Authentication Successfully sent to gRPC server")
+		backoff = baseBackoff
+
+		if err = c.processEventStream(subscribe); err != nil {
+			if isConnectionError(err) {
+				log.Printf("Reconnect to controller within %v sec", backoff.Seconds())
+				if err := wait(); err != nil {
+					return err
+				}
+				growBackoff()
+				continue
+			}
+			return err
+		}
+	}
+}
+
+func (c *Client) processEventStream(subscribe grpc.BidiStreamingClient[proto.Node, proto.Events]) error {
+	for {
+		recv, err := subscribe.Recv()
+		if err != nil {
+			if isConnectionError(err) {
+				log.Printf("connection error receiving from gRPC server: %v", err)
+				return err
+			}
+			if status.Code(err) == codes.Unauthenticated {
+				log.Printf("Authentication failed: %v", err)
+				return err
+			}
+			log.Printf("non-connection receive error from gRPC server: %v", err)
+			continue
+		}
+		switch recv.GetType() {
+		case proto.EventType_SLUG_CHANGE:
+			oldSlug := recv.GetSlugEvent().GetOld()
+			newSlug := recv.GetSlugEvent().GetNew()
+			sess, err := c.sessionRegistry.Get(oldSlug)
+			if err != nil {
+				errSend := subscribe.Send(&proto.Node{
+					Type: proto.EventType_SLUG_CHANGE_RESPONSE,
+					Payload: &proto.Node_SlugEventResponse{
+						SlugEventResponse: &proto.SlugChangeEventResponse{
+							Success: false,
+							Message: err.Error(),
+						},
+					},
+				})
+				if errSend != nil {
+					if isConnectionError(errSend) {
+						log.Printf("connection error sending slug change failure: %v", errSend)
+						return errSend
+					}
+					log.Printf("non-connection send error for slug change failure: %v", errSend)
+				}
+				continue
+			}
+			err = c.sessionRegistry.Update(oldSlug, newSlug)
+			if err != nil {
+				errSend := subscribe.Send(&proto.Node{
+					Type: proto.EventType_SLUG_CHANGE_RESPONSE,
+					Payload: &proto.Node_SlugEventResponse{
+						SlugEventResponse: &proto.SlugChangeEventResponse{
+							Success: false,
+							Message: err.Error(),
+						},
+					},
+				})
+				if errSend != nil {
+					if isConnectionError(errSend) {
+						log.Printf("connection error sending slug change failure: %v", errSend)
+						return errSend
+					}
+					log.Printf("non-connection send error for slug change failure: %v", errSend)
+				}
+				continue
+			}
+			sess.GetInteraction().Redraw()
+			err = subscribe.Send(&proto.Node{
+				Type: proto.EventType_SLUG_CHANGE_RESPONSE,
+				Payload: &proto.Node_SlugEventResponse{
+					SlugEventResponse: &proto.SlugChangeEventResponse{
+						Success: true,
+						Message: "",
+					},
+				},
+			})
+			if err != nil {
+				if isConnectionError(err) {
+					log.Printf("connection error sending slug change success: %v", err)
+					return err
+				}
+				log.Printf("non-connection send error for slug change success: %v", err)
+				continue
+			}
+		case proto.EventType_GET_SESSIONS:
+			sessions := c.sessionRegistry.GetAllSessionFromUser(recv.GetGetSessionsEvent().GetIdentity())
+			var details []*proto.Detail
+			for _, ses := range sessions {
+				detail := ses.Detail()
+				details = append(details, &proto.Detail{
+					Node:           config.Getenv("domain", "localhost"),
+					ForwardingType: detail.ForwardingType,
+					Slug:           detail.Slug,
+					UserId:         detail.UserID,
+					Active:         detail.Active,
+					StartedAt:      timestamppb.New(detail.StartedAt),
+				})
+			}
+			err = subscribe.Send(&proto.Node{
+				Type: proto.EventType_GET_SESSIONS,
+				Payload: &proto.Node_GetSessionsEvent{
+					GetSessionsEvent: &proto.GetSessionsResponse{
+						Details: details,
+					},
+				},
+			})
+			if err != nil {
+				if isConnectionError(err) {
+					log.Printf("connection error sending sessions success: %v", err)
+					return err
+				}
+				log.Printf("non-connection send error for sessions success: %v", err)
+				continue
+			}
+		default:
+			log.Printf("Unknown event type received: %v", recv.GetType())
+		}
+	}
+}
+
+func (c *Client) GetConnection() *grpc.ClientConn {
+	return c.conn
+}
+
+func (c *Client) AuthorizeConn(ctx context.Context, token string) (authorized bool, user string, err error) {
+	check, err := c.authorizeConnectionService.Check(ctx, &proto.CheckRequest{AuthToken: token})
+	if err != nil {
+		return false, "UNAUTHORIZED", err
+	}
+
+	if check.GetResponse() == proto.AuthorizationResponse_MESSAGE_TYPE_UNAUTHORIZED {
+		return false, "UNAUTHORIZED", nil
+	}
+	return true, check.GetUser(), nil
+}
+
+func (c *Client) Close() error {
+	if c.conn != nil {
+		log.Printf("Closing gRPC connection to %s", c.config.Address)
+		return c.conn.Close()
+	}
+	return nil
+}
+
+func (c *Client) CheckServerHealth(ctx context.Context) error {
+	healthClient := grpc_health_v1.NewHealthClient(c.GetConnection())
+	resp, err := healthClient.Check(ctx, &grpc_health_v1.HealthCheckRequest{
+		Service: "",
+	})
+	if err != nil {
+		return fmt.Errorf("health check failed: %w", err)
+	}
+	if resp.Status != grpc_health_v1.HealthCheckResponse_SERVING {
+		return fmt.Errorf("server not serving: %v", resp.Status)
+	}
+	return nil
+}
+
+func (c *Client) GetConfig() *GrpcConfig {
+	return c.config
+}
+
+func isConnectionError(err error) bool {
+	if err == nil {
+		return false
+	}
+	if errors.Is(err, io.EOF) {
+		return true
+	}
+	switch status.Code(err) {
+	case codes.Unavailable, codes.Canceled, codes.DeadlineExceeded:
+		return true
+	default:
+		return false
+	}
+}

internal/key/key.go

@@ -1,4 +1,4 @@
-package utils
+package key
 
 import (
 	"crypto/rand"
@@ -6,72 +6,12 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"log"
-	mathrand "math/rand"
 	"os"
 	"path/filepath"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
 
-	"github.com/joho/godotenv"
 	"golang.org/x/crypto/ssh"
 )
 
-type Env struct {
-	value map[string]string
-	mu    sync.Mutex
-}
-
-var env *Env
-
-func init() {
-	env = &Env{value: map[string]string{}}
-}
-
-func GenerateRandomString(length int) string {
-	const charset = "abcdefghijklmnopqrstuvwxyz"
-	seededRand := mathrand.New(mathrand.NewSource(time.Now().UnixNano() + int64(mathrand.Intn(9999))))
-	var result strings.Builder
-	for i := 0; i < length; i++ {
-		randomIndex := seededRand.Intn(len(charset))
-		result.WriteString(string(charset[randomIndex]))
-	}
-	return result.String()
-}
-
-func Getenv(key, defaultValue string) string {
-	env.mu.Lock()
-	defer env.mu.Unlock()
-	if val, ok := env.value[key]; ok {
-		return val
-	}
-
-	if os.Getenv("HOSTNAME") == "" {
-		err := godotenv.Load(".env")
-		if err != nil {
-			log.Fatalf("Error loading .env file: %s", err)
-		}
-	}
-
-	val := os.Getenv(key)
-	if val == "" {
-		val = defaultValue
-	}
-	env.value[key] = val
-
-	return val
-}
-
-func GetBufferSize() int {
-	sizeStr := Getenv("BUFFER_SIZE", "32768")
-	size, err := strconv.Atoi(sizeStr)
-	if err != nil || size < 4096 || size > 1048576 {
-		return 32768
-	}
-	return size
-}
-
 func GenerateSSHKeyIfNotExist(keyPath string) error {
 	if _, err := os.Stat(keyPath); err == nil {
 		log.Printf("SSH key already exists at %s", keyPath)

internal/port/port.go

@@ -6,39 +6,50 @@ import (
 	"strconv"
 	"strings"
 	"sync"
-	"tunnel_pls/utils"
+	"tunnel_pls/internal/config"
 )
 
-type PortManager struct {
+type Manager interface {
+	AddPortRange(startPort, endPort uint16) error
+	GetUnassignedPort() (uint16, bool)
+	SetPortStatus(port uint16, assigned bool) error
+	GetPortStatus(port uint16) (bool, bool)
+}
+
+type manager struct {
 	mu          sync.RWMutex
 	ports       map[uint16]bool
 	sortedPorts []uint16
 }
 
-var Manager = PortManager{
+var Default Manager = &manager{
 	ports:       make(map[uint16]bool),
 	sortedPorts: []uint16{},
 }
 
 func init() {
-	rawRange := utils.Getenv("ALLOWED_PORTS", "40000-41000")
+	rawRange := config.Getenv("ALLOWED_PORTS", "")
+	if rawRange == "" {
+		return
+	}
+
 	splitRange := strings.Split(rawRange, "-")
 	if len(splitRange) != 2 {
-		Manager.AddPortRange(30000, 31000)
-	} else {
-		start, err := strconv.ParseUint(splitRange[0], 10, 16)
-		if err != nil {
-			start = 30000
-		}
-		end, err := strconv.ParseUint(splitRange[1], 10, 16)
-		if err != nil {
-			end = 31000
-		}
-		Manager.AddPortRange(uint16(start), uint16(end))
+		return
 	}
+
+	start, err := strconv.ParseUint(splitRange[0], 10, 16)
+	if err != nil {
+		return
+	}
+	end, err := strconv.ParseUint(splitRange[1], 10, 16)
+	if err != nil {
+		return
+	}
+	_ = Default.AddPortRange(uint16(start), uint16(end))
 }
 
-func (pm *PortManager) AddPortRange(startPort, endPort uint16) error {
+func (pm *manager) AddPortRange(startPort, endPort uint16) error {
 	pm.mu.Lock()
 	defer pm.mu.Unlock()
 
@@ -57,7 +68,7 @@ func (pm *PortManager) AddPortRange(startPort, endPort uint16) error {
 	return nil
 }
 
-func (pm *PortManager) GetUnassignedPort() (uint16, bool) {
+func (pm *manager) GetUnassignedPort() (uint16, bool) {
 	pm.mu.Lock()
 	defer pm.mu.Unlock()
 
@@ -70,7 +81,7 @@ func (pm *PortManager) GetUnassignedPort() (uint16, bool) {
 	return 0, false
 }
 
-func (pm *PortManager) SetPortStatus(port uint16, assigned bool) error {
+func (pm *manager) SetPortStatus(port uint16, assigned bool) error {
 	pm.mu.Lock()
 	defer pm.mu.Unlock()
 
@@ -78,7 +89,7 @@ func (pm *PortManager) SetPortStatus(port uint16, assigned bool) error {
 	return nil
 }
 
-func (pm *PortManager) GetPortStatus(port uint16) (bool, bool) {
+func (pm *manager) GetPortStatus(port uint16) (bool, bool) {
 	pm.mu.RLock()
 	defer pm.mu.RUnlock()
 

internal/random/random.go

@@ -0,0 +1,18 @@
+package random
+
+import (
+	mathrand "math/rand"
+	"strings"
+	"time"
+)
+
+func GenerateRandomString(length int) string {
+	const charset = "abcdefghijklmnopqrstuvwxyz"
+	seededRand := mathrand.New(mathrand.NewSource(time.Now().UnixNano() + int64(mathrand.Intn(9999))))
+	var result strings.Builder
+	for i := 0; i < length; i++ {
+		randomIndex := seededRand.Intn(len(charset))
+		result.WriteString(string(charset[randomIndex]))
+	}
+	return result.String()
+}

main.go

@@ -1,24 +1,41 @@
 package main
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"net/http"
 	_ "net/http/pprof"
 	"os"
+	"strings"
+	"time"
+	"tunnel_pls/internal/config"
+	"tunnel_pls/internal/grpc/client"
+	"tunnel_pls/internal/key"
 	"tunnel_pls/server"
-	"tunnel_pls/utils"
+	"tunnel_pls/session"
+	"tunnel_pls/version"
 
 	"golang.org/x/crypto/ssh"
 )
 
 func main() {
+	if len(os.Args) > 1 && (os.Args[1] == "--version" || os.Args[1] == "-v") {
+		fmt.Println(version.GetVersion())
+		os.Exit(0)
+	}
+
 	log.SetOutput(os.Stdout)
 	log.SetFlags(log.LstdFlags | log.Lshortfile)
 
-	pprofEnabled := utils.Getenv("PPROF_ENABLED", "false")
+	log.Printf("Starting %s", version.GetVersion())
+
+	mode := strings.ToLower(config.Getenv("MODE", "standalone"))
+	isNodeMode := mode == "node"
+
+	pprofEnabled := config.Getenv("PPROF_ENABLED", "false")
 	if pprofEnabled == "true" {
-		pprofPort := utils.Getenv("PPROF_PORT", "6060")
+		pprofPort := config.Getenv("PPROF_PORT", "6060")
 		go func() {
 			pprofAddr := fmt.Sprintf("localhost:%s", pprofPort)
 			log.Printf("Starting pprof server on http://%s/debug/pprof/", pprofAddr)
@@ -30,11 +47,11 @@ func main() {
 
 	sshConfig := &ssh.ServerConfig{
 		NoClientAuth:  true,
-		ServerVersion: "SSH-2.0-TunnlPls-1.0",
+		ServerVersion: fmt.Sprintf("SSH-2.0-TunnlPls-%s", version.GetShortVersion()),
 	}
 
-	sshKeyPath := utils.Getenv("SSH_PRIVATE_KEY", "certs/id_rsa")
-	if err := utils.GenerateSSHKeyIfNotExist(sshKeyPath); err != nil {
+	sshKeyPath := "certs/ssh/id_rsa"
+	if err := key.GenerateSSHKeyIfNotExist(sshKeyPath); err != nil {
 		log.Fatalf("Failed to generate SSH key: %s", err)
 	}
 
@@ -49,6 +66,62 @@ func main() {
 	}
 
 	sshConfig.AddHostKey(private)
-	app := server.NewServer(sshConfig)
+	sessionRegistry := session.NewRegistry()
+
+	var grpcClient *client.Client
+	var cancel context.CancelFunc = func() {}
+	var ctx context.Context = context.Background()
+
+	if isNodeMode {
+		grpcHost := config.Getenv("GRPC_ADDRESS", "localhost")
+		grpcPort := config.Getenv("GRPC_PORT", "8080")
+		grpcAddr := fmt.Sprintf("%s:%s", grpcHost, grpcPort)
+		nodeToken := config.Getenv("NODE_TOKEN", "")
+		if nodeToken == "" {
+			log.Fatalf("NODE_TOKEN is required in node mode")
+			return
+		}
+		
+		grpcClient, err = client.New(&client.GrpcConfig{
+			Address:            grpcAddr,
+			UseTLS:             false,
+			InsecureSkipVerify: false,
+			Timeout:            10 * time.Second,
+			KeepAlive:          true,
+			MaxRetries:         3,
+		}, sessionRegistry)
+		if err != nil {
+			return
+		}
+		defer func(grpcClient *client.Client) {
+			err := grpcClient.Close()
+			if err != nil {
+
+			}
+		}(grpcClient)
+
+		ctx, cancel = context.WithTimeout(context.Background(), time.Second*5)
+		err = grpcClient.CheckServerHealth(ctx)
+		if err != nil {
+			log.Fatalf("gRPC health check failed: %s", err)
+			return
+		}
+		cancel()
+
+		ctx, cancel = context.WithCancel(context.Background())
+		go func() {
+			identity := config.Getenv("DOMAIN", "localhost")
+			err = grpcClient.SubscribeEvents(ctx, identity, nodeToken)
+			if err != nil {
+				return
+			}
+		}()
+	}
+
+	app, err := server.NewServer(sshConfig, sessionRegistry, grpcClient)
+	if err != nil {
+		log.Fatalf("Failed to start server: %s", err)
+	}
 	app.Start()
+	cancel()
 }

renovate-config.js

@@ -1,6 +1,6 @@
 module.exports = {
     "endpoint": "https://git.fossy.my.id/api/v1",
-    "gitAuthor": "Renovate Bot <renovate-bot@fossy.my.id>",
+    "gitAuthor": "Renovate-Clanker <renovate-bot@fossy.my.id>",
     "platform": "gitea",
     "onboardingConfigFileName": "renovate.json",
     "autodiscover": true,

renovate.json

@@ -1,11 +1,19 @@
 {
   "extends": [
-    "config:base"
+    "config:recommended"
   ],
   "packageRules": [
     {
-      "updateTypes": ["minor", "patch", "pin", "digest"],
-      "automerge": true
+      "matchUpdateTypes": [
+        "minor",
+        "patch",
+        "pin",
+        "digest"
+      ],
+      "automerge": true,
+      "baseBranchPatterns": [
+        "staging"
+      ]
     }
   ]
-}
+}

server/handler.go

@@ -1,28 +0,0 @@
-package server
-
-import (
-	"log"
-	"net"
-	"tunnel_pls/session"
-
-	"golang.org/x/crypto/ssh"
-)
-
-func (s *Server) handleConnection(conn net.Conn) {
-	sshConn, chans, forwardingReqs, err := ssh.NewServerConn(conn, s.Config)
-	if err != nil {
-		log.Printf("failed to establish SSH connection: %v", err)
-		err := conn.Close()
-		if err != nil {
-			log.Printf("failed to close SSH connection: %v", err)
-			return
-		}
-		return
-	}
-
-	log.Println("SSH connection established:", sshConn.User())
-
-	session.New(sshConn, forwardingReqs, chans)
-
-	return
-}

server/header.go

@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
-	"strings"
 )
 
 type HeaderManager interface {
@@ -14,63 +13,169 @@ type HeaderManager interface {
 	Finalize() []byte
 }
 
-type ResponseHeaderFactory struct {
+type ResponseHeaderManager interface {
+	Get(key string) string
+	Set(key string, value string)
+	Remove(key string)
+	Finalize() []byte
+}
+
+type RequestHeaderManager interface {
+	Get(key string) string
+	Set(key string, value string)
+	Remove(key string)
+	Finalize() []byte
+	GetMethod() string
+	GetPath() string
+	GetVersion() string
+}
+
+type responseHeaderFactory struct {
 	startLine []byte
 	headers   map[string]string
 }
 
-type RequestHeaderFactory struct {
-	Method    string
-	Path      string
-	Version   string
+type requestHeaderFactory struct {
+	method    string
+	path      string
+	version   string
 	startLine []byte
 	headers   map[string]string
 }
 
-func NewRequestHeaderFactory(br *bufio.Reader) (*RequestHeaderFactory, error) {
-	header := &RequestHeaderFactory{
-		headers: make(map[string]string),
+func NewRequestHeaderFactory(r interface{}) (RequestHeaderManager, error) {
+	switch v := r.(type) {
+	case []byte:
+		return parseHeadersFromBytes(v)
+	case *bufio.Reader:
+		return parseHeadersFromReader(v)
+	default:
+		return nil, fmt.Errorf("unsupported type: %T", r)
+	}
+}
+
+func parseHeadersFromBytes(headerData []byte) (RequestHeaderManager, error) {
+	header := &requestHeaderFactory{
+		headers: make(map[string]string, 16),
 	}
 
-	startLine, err := br.ReadString('\n')
-	if err != nil {
-		return nil, err
+	lineEnd := bytes.IndexByte(headerData, '\n')
+	if lineEnd == -1 {
+		return nil, fmt.Errorf("invalid request: no newline found")
 	}
-	startLine = strings.TrimRight(startLine, "\r\n")
-	header.startLine = []byte(startLine)
 
-	parts := strings.Split(startLine, " ")
+	startLine := bytes.TrimRight(headerData[:lineEnd], "\r\n")
+	header.startLine = make([]byte, len(startLine))
+	copy(header.startLine, startLine)
+
+	parts := bytes.Split(startLine, []byte{' '})
 	if len(parts) < 3 {
 		return nil, fmt.Errorf("invalid request line")
 	}
 
-	header.Method = parts[0]
-	header.Path = parts[1]
-	header.Version = parts[2]
+	header.method = string(parts[0])
+	header.path = string(parts[1])
+	header.version = string(parts[2])
 
-	for {
-		line, err := br.ReadString('\n')
-		if err != nil {
-			return nil, err
+	remaining := headerData[lineEnd+1:]
+
+	for len(remaining) > 0 {
+		lineEnd = bytes.IndexByte(remaining, '\n')
+		if lineEnd == -1 {
+			lineEnd = len(remaining)
 		}
-		line = strings.TrimRight(line, "\r\n")
 
-		if line == "" {
+		line := bytes.TrimRight(remaining[:lineEnd], "\r\n")
+
+		if len(line) == 0 {
 			break
 		}
 
-		kv := strings.SplitN(line, ":", 2)
-		if len(kv) != 2 {
-			continue
+		colonIdx := bytes.IndexByte(line, ':')
+		if colonIdx != -1 {
+			key := bytes.TrimSpace(line[:colonIdx])
+			value := bytes.TrimSpace(line[colonIdx+1:])
+			header.headers[string(key)] = string(value)
 		}
-		header.headers[strings.TrimSpace(kv[0])] = strings.TrimSpace(kv[1])
+
+		if lineEnd == len(remaining) {
+			break
+		}
+		remaining = remaining[lineEnd+1:]
 	}
 
 	return header, nil
 }
 
-func NewResponseHeaderFactory(startLine []byte) *ResponseHeaderFactory {
-	header := &ResponseHeaderFactory{
+func parseHeadersFromReader(br *bufio.Reader) (RequestHeaderManager, error) {
+	header := &requestHeaderFactory{
+		headers: make(map[string]string, 16),
+	}
+
+	startLineBytes, err := br.ReadSlice('\n')
+	if err != nil {
+		if err == bufio.ErrBufferFull {
+			var startLine string
+			startLine, err = br.ReadString('\n')
+			if err != nil {
+				return nil, err
+			}
+			startLineBytes = []byte(startLine)
+		} else {
+			return nil, err
+		}
+	}
+
+	startLineBytes = bytes.TrimRight(startLineBytes, "\r\n")
+	header.startLine = make([]byte, len(startLineBytes))
+	copy(header.startLine, startLineBytes)
+
+	parts := bytes.Split(startLineBytes, []byte{' '})
+	if len(parts) < 3 {
+		return nil, fmt.Errorf("invalid request line")
+	}
+
+	header.method = string(parts[0])
+	header.path = string(parts[1])
+	header.version = string(parts[2])
+
+	for {
+		lineBytes, err := br.ReadSlice('\n')
+		if err != nil {
+			if err == bufio.ErrBufferFull {
+				var line string
+				line, err = br.ReadString('\n')
+				if err != nil {
+					return nil, err
+				}
+				lineBytes = []byte(line)
+			} else {
+				return nil, err
+			}
+		}
+
+		lineBytes = bytes.TrimRight(lineBytes, "\r\n")
+
+		if len(lineBytes) == 0 {
+			break
+		}
+
+		colonIdx := bytes.IndexByte(lineBytes, ':')
+		if colonIdx == -1 {
+			continue
+		}
+
+		key := bytes.TrimSpace(lineBytes[:colonIdx])
+		value := bytes.TrimSpace(lineBytes[colonIdx+1:])
+
+		header.headers[string(key)] = string(value)
+	}
+
+	return header, nil
+}
+
+func NewResponseHeaderFactory(startLine []byte) ResponseHeaderManager {
+	header := &responseHeaderFactory{
 		startLine: nil,
 		headers:   make(map[string]string),
 	}
@@ -96,19 +201,19 @@ func NewResponseHeaderFactory(startLine []byte) *ResponseHeaderFactory {
 	return header
 }
 
-func (resp *ResponseHeaderFactory) Get(key string) string {
+func (resp *responseHeaderFactory) Get(key string) string {
 	return resp.headers[key]
 }
 
-func (resp *ResponseHeaderFactory) Set(key string, value string) {
+func (resp *responseHeaderFactory) Set(key string, value string) {
 	resp.headers[key] = value
 }
 
-func (resp *ResponseHeaderFactory) Remove(key string) {
+func (resp *responseHeaderFactory) Remove(key string) {
 	delete(resp.headers, key)
 }
 
-func (resp *ResponseHeaderFactory) Finalize() []byte {
+func (resp *responseHeaderFactory) Finalize() []byte {
 	var buf bytes.Buffer
 
 	buf.Write(resp.startLine)
@@ -125,7 +230,7 @@ func (resp *ResponseHeaderFactory) Finalize() []byte {
 	return buf.Bytes()
 }
 
-func (req *RequestHeaderFactory) Get(key string) string {
+func (req *requestHeaderFactory) Get(key string) string {
 	val, ok := req.headers[key]
 	if !ok {
 		return ""
@@ -133,15 +238,27 @@ func (req *RequestHeaderFactory) Get(key string) string {
 	return val
 }
 
-func (req *RequestHeaderFactory) Set(key string, value string) {
+func (req *requestHeaderFactory) Set(key string, value string) {
 	req.headers[key] = value
 }
 
-func (req *RequestHeaderFactory) Remove(key string) {
+func (req *requestHeaderFactory) Remove(key string) {
 	delete(req.headers, key)
 }
 
-func (req *RequestHeaderFactory) Finalize() []byte {
+func (req *requestHeaderFactory) GetMethod() string {
+	return req.method
+}
+
+func (req *requestHeaderFactory) GetPath() string {
+	return req.path
+}
+
+func (req *requestHeaderFactory) GetVersion() string {
+	return req.version
+}
+
+func (req *requestHeaderFactory) Finalize() []byte {
 	var buf bytes.Buffer
 
 	buf.Write(req.startLine)

server/http.go

@@ -11,34 +11,61 @@ import (
 	"regexp"
 	"strings"
 	"time"
+	"tunnel_pls/internal/config"
 	"tunnel_pls/session"
-	"tunnel_pls/utils"
 
 	"golang.org/x/crypto/ssh"
 )
 
-type Interaction interface {
-	SendMessage(message string)
-}
-type CustomWriter struct {
-	RemoteAddr  net.Addr
-	writer      io.Writer
-	reader      io.Reader
-	headerBuf   []byte
-	buf         []byte
-	respHeader  *ResponseHeaderFactory
-	reqHeader   *RequestHeaderFactory
-	interaction Interaction
-	respMW      []ResponseMiddleware
-	reqStartMW  []RequestMiddleware
-	reqEndMW    []RequestMiddleware
+type HTTPWriter interface {
+	io.Reader
+	io.Writer
+	GetRemoteAddr() net.Addr
+	GetWriter() io.Writer
+	AddResponseMiddleware(mw ResponseMiddleware)
+	AddRequestStartMiddleware(mw RequestMiddleware)
+	SetRequestHeader(header RequestHeaderManager)
+	GetRequestStartMiddleware() []RequestMiddleware
 }
 
-func (cw *CustomWriter) SetInteraction(interaction Interaction) {
-	cw.interaction = interaction
+type customWriter struct {
+	remoteAddr net.Addr
+	writer     io.Writer
+	reader     io.Reader
+	headerBuf  []byte
+	buf        []byte
+	respHeader ResponseHeaderManager
+	reqHeader  RequestHeaderManager
+	respMW     []ResponseMiddleware
+	reqStartMW []RequestMiddleware
+	reqEndMW   []RequestMiddleware
 }
 
-func (cw *CustomWriter) Read(p []byte) (int, error) {
+func (cw *customWriter) GetRemoteAddr() net.Addr {
+	return cw.remoteAddr
+}
+
+func (cw *customWriter) GetWriter() io.Writer {
+	return cw.writer
+}
+
+func (cw *customWriter) AddResponseMiddleware(mw ResponseMiddleware) {
+	cw.respMW = append(cw.respMW, mw)
+}
+
+func (cw *customWriter) AddRequestStartMiddleware(mw RequestMiddleware) {
+	cw.reqStartMW = append(cw.reqStartMW, mw)
+}
+
+func (cw *customWriter) SetRequestHeader(header RequestHeaderManager) {
+	cw.reqHeader = header
+}
+
+func (cw *customWriter) GetRequestStartMiddleware() []RequestMiddleware {
+	return cw.reqStartMW
+}
+
+func (cw *customWriter) Read(p []byte) (int, error) {
 	tmp := make([]byte, len(p))
 	read, err := cw.reader.Read(tmp)
 	if read == 0 && err != nil {
@@ -72,8 +99,7 @@ func (cw *CustomWriter) Read(p []byte) (int, error) {
 		}
 	}
 
-	headerReader := bufio.NewReader(bytes.NewReader(header))
-	reqhf, err := NewRequestHeaderFactory(headerReader)
+	reqhf, err := NewRequestHeaderFactory(header)
 	if err != nil {
 		return 0, err
 	}
@@ -95,13 +121,12 @@ func (cw *CustomWriter) Read(p []byte) (int, error) {
 	return n, nil
 }
 
-func NewCustomWriter(writer io.Writer, reader io.Reader, remoteAddr net.Addr) *CustomWriter {
-	return &CustomWriter{
-		RemoteAddr:  remoteAddr,
-		writer:      writer,
-		reader:      reader,
-		buf:         make([]byte, 0, 4096),
-		interaction: nil,
+func NewCustomWriter(writer io.Writer, reader io.Reader, remoteAddr net.Addr) HTTPWriter {
+	return &customWriter{
+		remoteAddr: remoteAddr,
+		writer:     writer,
+		reader:     reader,
+		buf:        make([]byte, 0, 4096),
 	}
 }
 
@@ -129,7 +154,7 @@ func isHTTPHeader(buf []byte) bool {
 	return true
 }
 
-func (cw *CustomWriter) Write(p []byte) (int, error) {
+func (cw *customWriter) Write(p []byte) (int, error) {
 	if cw.respHeader != nil && len(cw.buf) == 0 && len(p) >= 5 && string(p[0:5]) == "HTTP/" {
 		cw.respHeader = nil
 	}
@@ -186,18 +211,29 @@ func (cw *CustomWriter) Write(p []byte) (int, error) {
 	return len(p), nil
 }
 
-func (cw *CustomWriter) AddInteraction(interaction Interaction) {
-	cw.interaction = interaction
-}
-
 var redirectTLS = false
 
-func NewHTTPServer() error {
-	listener, err := net.Listen("tcp", ":80")
+type HTTPServer interface {
+	ListenAndServe() error
+	ListenAndServeTLS() error
+	handler(conn net.Conn)
+	handlerTLS(conn net.Conn)
+}
+type httpServer struct {
+	sessionRegistry session.Registry
+}
+
+func NewHTTPServer(sessionRegistry session.Registry) HTTPServer {
+	return &httpServer{sessionRegistry: sessionRegistry}
+}
+
+func (hs *httpServer) ListenAndServe() error {
+	httpPort := config.Getenv("HTTP_PORT", "8080")
+	listener, err := net.Listen("tcp", ":"+httpPort)
 	if err != nil {
 		return errors.New("Error listening: " + err.Error())
 	}
-	if utils.Getenv("TLS_ENABLED", "false") == "true" && utils.Getenv("TLS_REDIRECT", "false") == "true" {
+	if config.Getenv("TLS_ENABLED", "false") == "true" && config.Getenv("TLS_REDIRECT", "false") == "true" {
 		redirectTLS = true
 	}
 	go func() {
@@ -212,13 +248,13 @@ func NewHTTPServer() error {
 				continue
 			}
 
-			go Handler(conn)
+			go hs.handler(conn)
 		}
 	}()
 	return nil
 }
 
-func Handler(conn net.Conn) {
+func (hs *httpServer) handler(conn net.Conn) {
 	defer func() {
 		err := conn.Close()
 		if err != nil && !errors.Is(err, net.ErrClosed) {
@@ -249,7 +285,7 @@ func Handler(conn net.Conn) {
 
 	if redirectTLS {
 		_, err = conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" +
-			fmt.Sprintf("Location: https://%s.%s/\r\n", slug, utils.Getenv("DOMAIN", "localhost")) +
+			fmt.Sprintf("Location: https://%s.%s/\r\n", slug, config.Getenv("DOMAIN", "localhost")) +
 			"Content-Length: 0\r\n" +
 			"Connection: close\r\n" +
 			"\r\n"))
@@ -277,8 +313,8 @@ func Handler(conn net.Conn) {
 		return
 	}
 
-	sshSession, ok := session.Clients[slug]
-	if !ok {
+	sshSession, err := hs.sessionRegistry.Get(slug)
+	if err != nil {
 		_, err = conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" +
 			fmt.Sprintf("Location: https://tunnl.live/tunnel-not-found?slug=%s\r\n", slug) +
 			"Content-Length: 0\r\n" +
@@ -291,13 +327,12 @@ func Handler(conn net.Conn) {
 		return
 	}
 	cw := NewCustomWriter(conn, dstReader, conn.RemoteAddr())
-	cw.SetInteraction(sshSession.Interaction)
 	forwardRequest(cw, reqhf, sshSession)
 	return
 }
 
-func forwardRequest(cw *CustomWriter, initialRequest *RequestHeaderFactory, sshSession *session.SSHSession) {
-	payload := sshSession.Forwarder.CreateForwardedTCPIPPayload(cw.RemoteAddr)
+func forwardRequest(cw HTTPWriter, initialRequest RequestHeaderManager, sshSession *session.SSHSession) {
+	payload := sshSession.GetForwarder().CreateForwardedTCPIPPayload(cw.GetRemoteAddr())
 
 	type channelResult struct {
 		channel ssh.Channel
@@ -307,7 +342,7 @@ func forwardRequest(cw *CustomWriter, initialRequest *RequestHeaderFactory, sshS
 	resultChan := make(chan channelResult, 1)
 
 	go func() {
-		channel, reqs, err := sshSession.Lifecycle.GetConnection().OpenChannel("forwarded-tcpip", payload)
+		channel, reqs, err := sshSession.GetLifecycle().GetConnection().OpenChannel("forwarded-tcpip", payload)
 		resultChan <- channelResult{channel, reqs, err}
 	}()
 
@@ -318,29 +353,28 @@ func forwardRequest(cw *CustomWriter, initialRequest *RequestHeaderFactory, sshS
 	case result := <-resultChan:
 		if result.err != nil {
 			log.Printf("Failed to open forwarded-tcpip channel: %v", result.err)
-			sshSession.Forwarder.WriteBadGatewayResponse(cw.writer)
+			sshSession.GetForwarder().WriteBadGatewayResponse(cw.GetWriter())
 			return
 		}
 		channel = result.channel
 		reqs = result.reqs
 	case <-time.After(5 * time.Second):
 		log.Printf("Timeout opening forwarded-tcpip channel")
-		sshSession.Forwarder.WriteBadGatewayResponse(cw.writer)
+		sshSession.GetForwarder().WriteBadGatewayResponse(cw.GetWriter())
 		return
 	}
 
 	go ssh.DiscardRequests(reqs)
 
 	fingerprintMiddleware := NewTunnelFingerprint()
-	forwardedForMiddleware := NewForwardedFor(cw.RemoteAddr)
+	forwardedForMiddleware := NewForwardedFor(cw.GetRemoteAddr())
 
-	cw.respMW = append(cw.respMW, fingerprintMiddleware)
-	cw.reqStartMW = append(cw.reqStartMW, forwardedForMiddleware)
-	cw.reqEndMW = nil
-	cw.reqHeader = initialRequest
+	cw.AddResponseMiddleware(fingerprintMiddleware)
+	cw.AddRequestStartMiddleware(forwardedForMiddleware)
+	cw.SetRequestHeader(initialRequest)
 
-	for _, m := range cw.reqStartMW {
-		if err := m.HandleRequest(cw.reqHeader); err != nil {
+	for _, m := range cw.GetRequestStartMiddleware() {
+		if err := m.HandleRequest(initialRequest); err != nil {
 			log.Printf("Error handling request: %v", err)
 			return
 		}
@@ -352,6 +386,6 @@ func forwardRequest(cw *CustomWriter, initialRequest *RequestHeaderFactory, sshS
 		return
 	}
 
-	sshSession.Forwarder.HandleConnection(cw, channel, cw.RemoteAddr)
+	sshSession.GetForwarder().HandleConnection(cw, channel, cw.GetRemoteAddr())
 	return
 }

server/https.go

@@ -8,19 +8,19 @@ import (
 	"log"
 	"net"
 	"strings"
-	"tunnel_pls/session"
-	"tunnel_pls/utils"
+	"tunnel_pls/internal/config"
 )
 
-func NewHTTPSServer() error {
-	domain := utils.Getenv("DOMAIN", "localhost")
+func (hs *httpServer) ListenAndServeTLS() error {
+	domain := config.Getenv("DOMAIN", "localhost")
+	httpsPort := config.Getenv("HTTPS_PORT", "8443")
 
 	tlsConfig, err := NewTLSConfig(domain)
 	if err != nil {
 		return fmt.Errorf("failed to initialize TLS config: %w", err)
 	}
 
-	ln, err := tls.Listen("tcp", ":443", tlsConfig)
+	ln, err := tls.Listen("tcp", ":"+httpsPort, tlsConfig)
 	if err != nil {
 		return err
 	}
@@ -37,13 +37,13 @@ func NewHTTPSServer() error {
 				continue
 			}
 
-			go HandlerTLS(conn)
+			go hs.handlerTLS(conn)
 		}
 	}()
 	return nil
 }
 
-func HandlerTLS(conn net.Conn) {
+func (hs *httpServer) handlerTLS(conn net.Conn) {
 	defer func() {
 		err := conn.Close()
 		if err != nil {
@@ -89,8 +89,8 @@ func HandlerTLS(conn net.Conn) {
 		return
 	}
 
-	sshSession, ok := session.Clients[slug]
-	if !ok {
+	sshSession, err := hs.sessionRegistry.Get(slug)
+	if err != nil {
 		_, err = conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" +
 			fmt.Sprintf("Location: https://tunnl.live/tunnel-not-found?slug=%s\r\n", slug) +
 			"Content-Length: 0\r\n" +
@@ -103,7 +103,6 @@ func HandlerTLS(conn net.Conn) {
 		return
 	}
 	cw := NewCustomWriter(conn, dstReader, conn.RemoteAddr())
-	cw.SetInteraction(sshSession.Interaction)
 	forwardRequest(cw, reqhf, sshSession)
 	return
 }

server/middleware.go

@@ -5,11 +5,11 @@ import (
 )
 
 type RequestMiddleware interface {
-	HandleRequest(header *RequestHeaderFactory) error
+	HandleRequest(header RequestHeaderManager) error
 }
 
 type ResponseMiddleware interface {
-	HandleResponse(header *ResponseHeaderFactory, body []byte) error
+	HandleResponse(header ResponseHeaderManager, body []byte) error
 }
 
 type TunnelFingerprint struct{}
@@ -18,16 +18,11 @@ func NewTunnelFingerprint() *TunnelFingerprint {
 	return &TunnelFingerprint{}
 }
 
-func (h *TunnelFingerprint) HandleResponse(header *ResponseHeaderFactory, body []byte) error {
+func (h *TunnelFingerprint) HandleResponse(header ResponseHeaderManager, body []byte) error {
 	header.Set("Server", "Tunnel Please")
 	return nil
 }
 
-type RequestLogger struct {
-	interaction Interaction
-	remoteAddr  net.Addr
-}
-
 type ForwardedFor struct {
 	addr net.Addr
 }
@@ -36,7 +31,7 @@ func NewForwardedFor(addr net.Addr) *ForwardedFor {
 	return &ForwardedFor{addr: addr}
 }
 
-func (ff *ForwardedFor) HandleRequest(header *RequestHeaderFactory) error {
+func (ff *ForwardedFor) HandleRequest(header RequestHeaderManager) error {
 	host, _, err := net.SplitHostPort(ff.addr.String())
 	if err != nil {
 		return err

server/server.go

@@ -1,47 +1,58 @@
 package server
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"net"
-	"net/http"
-	"tunnel_pls/utils"
+	"tunnel_pls/internal/config"
+	"tunnel_pls/internal/grpc/client"
+	"tunnel_pls/session"
 
 	"golang.org/x/crypto/ssh"
 )
 
 type Server struct {
-	Conn       *net.Listener
-	Config     *ssh.ServerConfig
-	HttpServer *http.Server
+	conn            *net.Listener
+	config          *ssh.ServerConfig
+	sessionRegistry session.Registry
+	grpcClient      *client.Client
 }
 
-func NewServer(config *ssh.ServerConfig) *Server {
-	listener, err := net.Listen("tcp", fmt.Sprintf(":%s", utils.Getenv("PORT", "2200")))
+func NewServer(sshConfig *ssh.ServerConfig, sessionRegistry session.Registry, grpcClient *client.Client) (*Server, error) {
+	listener, err := net.Listen("tcp", fmt.Sprintf(":%s", config.Getenv("PORT", "2200")))
 	if err != nil {
 		log.Fatalf("failed to listen on port 2200: %v", err)
-		return nil
+		return nil, err
 	}
-	if utils.Getenv("TLS_ENABLED", "false") == "true" {
-		err = NewHTTPSServer()
-		if err != nil {
-			log.Fatalf("failed to start https server: %v", err)
-		}
-	}
-	err = NewHTTPServer()
+
+	HttpServer := NewHTTPServer(sessionRegistry)
+	err = HttpServer.ListenAndServe()
 	if err != nil {
 		log.Fatalf("failed to start http server: %v", err)
+		return nil, err
 	}
+
+	if config.Getenv("TLS_ENABLED", "false") == "true" {
+		err = HttpServer.ListenAndServeTLS()
+		if err != nil {
+			log.Fatalf("failed to start https server: %v", err)
+			return nil, err
+		}
+	}
+
 	return &Server{
-		Conn:   &listener,
-		Config: config,
-	}
+		conn:            &listener,
+		config:          sshConfig,
+		sessionRegistry: sessionRegistry,
+		grpcClient:      grpcClient,
+	}, nil
 }
 
 func (s *Server) Start() {
 	log.Println("SSH server is starting on port 2200...")
 	for {
-		conn, err := (*s.Conn).Accept()
+		conn, err := (*s.conn).Accept()
 		if err != nil {
 			log.Printf("failed to accept connection: %v", err)
 			continue
@@ -50,3 +61,39 @@ func (s *Server) Start() {
 		go s.handleConnection(conn)
 	}
 }
+
+func (s *Server) handleConnection(conn net.Conn) {
+	sshConn, chans, forwardingReqs, err := ssh.NewServerConn(conn, s.config)
+	defer func(sshConn *ssh.ServerConn) {
+		err = sshConn.Close()
+		if err != nil {
+			log.Printf("failed to close SSH server: %v", err)
+		}
+	}(sshConn)
+
+	if err != nil {
+		log.Printf("failed to establish SSH connection: %v", err)
+		err := conn.Close()
+		if err != nil {
+			log.Printf("failed to close SSH connection: %v", err)
+			return
+		}
+		return
+	}
+	ctx := context.Background()
+	log.Println("SSH connection established:", sshConn.User())
+
+	user := "UNAUTHORIZED"
+	if s.grpcClient != nil {
+		_, u, _ := s.grpcClient.AuthorizeConn(ctx, sshConn.User())
+		user = u
+	}
+
+	sshSession := session.New(sshConn, forwardingReqs, chans, s.sessionRegistry, user)
+	err = sshSession.Start()
+	if err != nil {
+		log.Printf("SSH session ended with error: %v", err)
+		return
+	}
+	return
+}

server/tls.go

@@ -10,13 +10,22 @@ import (
 	"os"
 	"sync"
 	"time"
-	"tunnel_pls/utils"
+	"tunnel_pls/internal/config"
 
 	"github.com/caddyserver/certmagic"
 	"github.com/libdns/cloudflare"
 )
 
-type TLSManager struct {
+type TLSManager interface {
+	userCertsExistAndValid() bool
+	loadUserCerts() error
+	startCertWatcher()
+	initCertMagic() error
+	getTLSConfig() *tls.Config
+	getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
+}
+
+type tlsManager struct {
 	domain      string
 	certPath    string
 	keyPath     string
@@ -30,18 +39,18 @@ type TLSManager struct {
 	useCertMagic bool
 }
 
-var tlsManager *TLSManager
+var globalTLSManager TLSManager
 var tlsManagerOnce sync.Once
 
 func NewTLSConfig(domain string) (*tls.Config, error) {
 	var initErr error
 
 	tlsManagerOnce.Do(func() {
-		certPath := utils.Getenv("CERT_LOC", "certs/cert.pem")
-		keyPath := utils.Getenv("KEY_LOC", "certs/privkey.pem")
-		storagePath := utils.Getenv("CERT_STORAGE_PATH", "certs/certmagic")
+		certPath := "certs/tls/cert.pem"
+		keyPath := "certs/tls/privkey.pem"
+		storagePath := "certs/tls/certmagic"
 
-		tm := &TLSManager{
+		tm := &tlsManager{
 			domain:      domain,
 			certPath:    certPath,
 			keyPath:     keyPath,
@@ -72,22 +81,22 @@ func NewTLSConfig(domain string) (*tls.Config, error) {
 			tm.useCertMagic = true
 		}
 
-		tlsManager = tm
+		globalTLSManager = tm
 	})
 
 	if initErr != nil {
 		return nil, initErr
 	}
 
-	return tlsManager.getTLSConfig(), nil
+	return globalTLSManager.getTLSConfig(), nil
 }
 
 func isACMEConfigComplete() bool {
-	cfAPIToken := utils.Getenv("CF_API_TOKEN", "")
+	cfAPIToken := config.Getenv("CF_API_TOKEN", "")
 	return cfAPIToken != ""
 }
 
-func (tm *TLSManager) userCertsExistAndValid() bool {
+func (tm *tlsManager) userCertsExistAndValid() bool {
 	if _, err := os.Stat(tm.certPath); os.IsNotExist(err) {
 		log.Printf("Certificate file not found: %s", tm.certPath)
 		return false
@@ -158,7 +167,7 @@ func ValidateCertDomains(certPath, domain string) bool {
 	return hasBase && hasWildcard
 }
 
-func (tm *TLSManager) loadUserCerts() error {
+func (tm *tlsManager) loadUserCerts() error {
 	cert, err := tls.LoadX509KeyPair(tm.certPath, tm.keyPath)
 	if err != nil {
 		return err
@@ -172,7 +181,7 @@ func (tm *TLSManager) loadUserCerts() error {
 	return nil
 }
 
-func (tm *TLSManager) startCertWatcher() {
+func (tm *tlsManager) startCertWatcher() {
 	go func() {
 		var lastCertMod, lastKeyMod time.Time
 
@@ -227,14 +236,14 @@ func (tm *TLSManager) startCertWatcher() {
 	}()
 }
 
-func (tm *TLSManager) initCertMagic() error {
+func (tm *tlsManager) initCertMagic() error {
 	if err := os.MkdirAll(tm.storagePath, 0700); err != nil {
 		return fmt.Errorf("failed to create cert storage directory: %w", err)
 	}
 
-	acmeEmail := utils.Getenv("ACME_EMAIL", "admin@"+tm.domain)
-	cfAPIToken := utils.Getenv("CF_API_TOKEN", "")
-	acmeStaging := utils.Getenv("ACME_STAGING", "false") == "true"
+	acmeEmail := config.Getenv("ACME_EMAIL", "admin@"+tm.domain)
+	cfAPIToken := config.Getenv("CF_API_TOKEN", "")
+	acmeStaging := config.Getenv("ACME_STAGING", "false") == "true"
 
 	if cfAPIToken == "" {
 		return fmt.Errorf("CF_API_TOKEN environment variable is required for automatic certificate generation")
@@ -289,14 +298,29 @@ func (tm *TLSManager) initCertMagic() error {
 	return nil
 }
 
-func (tm *TLSManager) getTLSConfig() *tls.Config {
+func (tm *tlsManager) getTLSConfig() *tls.Config {
 	return &tls.Config{
 		GetCertificate: tm.getCertificate,
-		MinVersion:     tls.VersionTLS12,
+		MinVersion:     tls.VersionTLS13,
+		MaxVersion:     tls.VersionTLS13,
+
+		SessionTicketsDisabled: false,
+
+		CipherSuites: []uint16{
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+		},
+
+		CurvePreferences: []tls.CurveID{
+			tls.X25519,
+		},
+
+		ClientAuth: tls.NoClientCert,
+		NextProtos: nil,
 	}
 }
 
-func (tm *TLSManager) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+func (tm *tlsManager) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	if tm.useCertMagic {
 		return tm.magic.GetCertificate(hello)
 	}

session/forwarder/forwarder.go

@@ -10,16 +10,16 @@ import (
 	"strconv"
 	"sync"
 	"time"
+	"tunnel_pls/internal/config"
 	"tunnel_pls/session/slug"
 	"tunnel_pls/types"
-	"tunnel_pls/utils"
 
 	"golang.org/x/crypto/ssh"
 )
 
 var bufferPool = sync.Pool{
 	New: func() interface{} {
-		bufSize := utils.GetBufferSize()
+		bufSize := config.GetBufferSize()
 		return make([]byte, bufSize)
 	},
 }
@@ -31,11 +31,21 @@ func copyWithBuffer(dst io.Writer, src io.Reader) (written int64, err error) {
 }
 
 type Forwarder struct {
-	Listener      net.Listener
-	TunnelType    types.TunnelType
-	ForwardedPort uint16
-	SlugManager   slug.Manager
-	Lifecycle     Lifecycle
+	listener      net.Listener
+	tunnelType    types.TunnelType
+	forwardedPort uint16
+	slugManager   slug.Manager
+	lifecycle     Lifecycle
+}
+
+func NewForwarder(slugManager slug.Manager) *Forwarder {
+	return &Forwarder{
+		listener:      nil,
+		tunnelType:    "",
+		forwardedPort: 0,
+		slugManager:   slugManager,
+		lifecycle:     nil,
+	}
 }
 
 type Lifecycle interface {
@@ -58,7 +68,7 @@ type ForwardingController interface {
 }
 
 func (f *Forwarder) SetLifecycle(lifecycle Lifecycle) {
-	f.Lifecycle = lifecycle
+	f.lifecycle = lifecycle
 }
 
 func (f *Forwarder) AcceptTCPConnections() {
@@ -90,7 +100,7 @@ func (f *Forwarder) AcceptTCPConnections() {
 		resultChan := make(chan channelResult, 1)
 
 		go func() {
-			channel, reqs, err := f.Lifecycle.GetConnection().OpenChannel("forwarded-tcpip", payload)
+			channel, reqs, err := f.lifecycle.GetConnection().OpenChannel("forwarded-tcpip", payload)
 			resultChan <- channelResult{channel, reqs, err}
 		}()
 
@@ -142,49 +152,50 @@ func (f *Forwarder) HandleConnection(dst io.ReadWriter, src ssh.Channel, remoteA
 
 	log.Printf("Handling new forwarded connection from %s", remoteAddr)
 
-	done := make(chan struct{}, 2)
-
-	go func() {
-		_, err := copyWithBuffer(src, dst)
-		if err != nil && !errors.Is(err, io.EOF) && !errors.Is(err, net.ErrClosed) {
-			log.Printf("Error copying from conn.Reader to channel: %v", err)
-		}
-		done <- struct{}{}
-	}()
+	var wg sync.WaitGroup
+	wg.Add(2)
 
 	go func() {
+		defer wg.Done()
 		_, err := copyWithBuffer(dst, src)
 		if err != nil && !errors.Is(err, io.EOF) && !errors.Is(err, net.ErrClosed) {
-			log.Printf("Error copying from channel to conn.Writer: %v", err)
+			log.Printf("Error copying src→dst: %v", err)
 		}
-		done <- struct{}{}
 	}()
 
-	<-done
+	go func() {
+		defer wg.Done()
+		_, err := copyWithBuffer(src, dst)
+		if err != nil && !errors.Is(err, io.EOF) && !errors.Is(err, net.ErrClosed) {
+			log.Printf("Error copying dst→src: %v", err)
+		}
+	}()
+
+	wg.Wait()
 }
 
 func (f *Forwarder) SetType(tunnelType types.TunnelType) {
-	f.TunnelType = tunnelType
+	f.tunnelType = tunnelType
 }
 
 func (f *Forwarder) GetTunnelType() types.TunnelType {
-	return f.TunnelType
+	return f.tunnelType
 }
 
 func (f *Forwarder) GetForwardedPort() uint16 {
-	return f.ForwardedPort
+	return f.forwardedPort
 }
 
 func (f *Forwarder) SetForwardedPort(port uint16) {
-	f.ForwardedPort = port
+	f.forwardedPort = port
 }
 
 func (f *Forwarder) SetListener(listener net.Listener) {
-	f.Listener = listener
+	f.listener = listener
 }
 
 func (f *Forwarder) GetListener() net.Listener {
-	return f.Listener
+	return f.listener
 }
 
 func (f *Forwarder) WriteBadGatewayResponse(dst io.Writer) {
@@ -197,7 +208,7 @@ func (f *Forwarder) WriteBadGatewayResponse(dst io.Writer) {
 
 func (f *Forwarder) Close() error {
 	if f.GetListener() != nil {
-		return f.Listener.Close()
+		return f.listener.Close()
 	}
 	return nil
 }

session/handler.go

@@ -7,10 +7,9 @@ import (
 	"log"
 	"net"
 	portUtil "tunnel_pls/internal/port"
+	"tunnel_pls/internal/random"
 	"tunnel_pls/types"
 
-	"tunnel_pls/utils"
-
 	"golang.org/x/crypto/ssh"
 )
 
@@ -19,7 +18,28 @@ var blockedReservedPorts = []uint16{1080, 1433, 1521, 1900, 2049, 3306, 3389, 54
 func (s *SSHSession) HandleGlobalRequest(GlobalRequest <-chan *ssh.Request) {
 	for req := range GlobalRequest {
 		switch req.Type {
-		case "shell", "pty-req", "window-change":
+		case "shell", "pty-req":
+			err := req.Reply(true, nil)
+			if err != nil {
+				log.Println("Failed to reply to request:", err)
+				return
+			}
+		case "window-change":
+			p := req.Payload
+			if len(p) < 16 {
+				log.Println("invalid window-change payload")
+				err := req.Reply(false, nil)
+				if err != nil {
+					log.Println("Failed to reply to request:", err)
+					return
+				}
+				return
+			}
+			cols := binary.BigEndian.Uint32(p[0:4])
+			rows := binary.BigEndian.Uint32(p[4:8])
+
+			s.interaction.SetWH(int(cols), int(rows))
+
 			err := req.Reply(true, nil)
 			if err != nil {
 				log.Println("Failed to reply to request:", err)
@@ -49,7 +69,7 @@ func (s *SSHSession) HandleTCPIPForward(req *ssh.Request) {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
-		err = s.Lifecycle.Close()
+		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
@@ -59,13 +79,12 @@ func (s *SSHSession) HandleTCPIPForward(req *ssh.Request) {
 	var rawPortToBind uint32
 	if err := binary.Read(reader, binary.BigEndian, &rawPortToBind); err != nil {
 		log.Println("Failed to read port from payload:", err)
-		s.Interaction.SendMessage(fmt.Sprintf("Port %d is already in use or restricted. Please choose a different port. (02) \r\n", rawPortToBind))
 		err := req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
-		err = s.Lifecycle.Close()
+		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
@@ -73,13 +92,13 @@ func (s *SSHSession) HandleTCPIPForward(req *ssh.Request) {
 	}
 
 	if rawPortToBind > 65535 {
-		s.Interaction.SendMessage(fmt.Sprintf("Port %d is larger then allowed port of 65535. (02)\r\n", rawPortToBind))
+		log.Printf("Port %d is larger than allowed port of 65535", rawPortToBind)
 		err := req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
-		err = s.Lifecycle.Close()
+		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
@@ -87,15 +106,14 @@ func (s *SSHSession) HandleTCPIPForward(req *ssh.Request) {
 	}
 
 	portToBind := uint16(rawPortToBind)
-
 	if isBlockedPort(portToBind) {
-		s.Interaction.SendMessage(fmt.Sprintf("Port %d is already in use or restricted. Please choose a different port. (02)\r\n", portToBind))
+		log.Printf("Port %d is blocked or restricted", portToBind)
 		err := req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
-		err = s.Lifecycle.Close()
+		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
@@ -105,56 +123,49 @@ func (s *SSHSession) HandleTCPIPForward(req *ssh.Request) {
 	if portToBind == 80 || portToBind == 443 {
 		s.HandleHTTPForward(req, portToBind)
 		return
-	} else {
-		if portToBind == 0 {
-			unassign, success := portUtil.Manager.GetUnassignedPort()
-			portToBind = unassign
-			if !success {
-				s.Interaction.SendMessage("No available port\r\n")
-				err := req.Reply(false, nil)
-				if err != nil {
-					log.Println("Failed to reply to request:", err)
-					return
-				}
-				err = s.Lifecycle.Close()
-				if err != nil {
-					log.Printf("failed to close session: %v", err)
-				}
-				return
-			}
-		} else if isUse, isExist := portUtil.Manager.GetPortStatus(portToBind); isExist && isUse {
-			s.Interaction.SendMessage(fmt.Sprintf("Port %d is already in use or restricted. Please choose a different port. (03)\r\n", portToBind))
+	}
+	if portToBind == 0 {
+		unassign, success := portUtil.Default.GetUnassignedPort()
+		portToBind = unassign
+		if !success {
+			log.Println("No available port")
 			err := req.Reply(false, nil)
 			if err != nil {
 				log.Println("Failed to reply to request:", err)
 				return
 			}
-			err = s.Lifecycle.Close()
+			err = s.lifecycle.Close()
 			if err != nil {
 				log.Printf("failed to close session: %v", err)
 			}
 			return
 		}
-		err := portUtil.Manager.SetPortStatus(portToBind, true)
+	} else if isUse, isExist := portUtil.Default.GetPortStatus(portToBind); isExist && isUse {
+		log.Printf("Port %d is already in use or restricted", portToBind)
+		err := req.Reply(false, nil)
 		if err != nil {
-			log.Println("Failed to set port status:", err)
+			log.Println("Failed to reply to request:", err)
 			return
 		}
+		err = s.lifecycle.Close()
+		if err != nil {
+			log.Printf("failed to close session: %v", err)
+		}
+		return
 	}
+	err = portUtil.Default.SetPortStatus(portToBind, true)
+	if err != nil {
+		log.Println("Failed to set port status:", err)
+		return
+	}
+
 	s.HandleTCPForward(req, addr, portToBind)
 }
 
 func (s *SSHSession) HandleHTTPForward(req *ssh.Request, portToBind uint16) {
-	slug := generateUniqueSlug()
-	if slug == "" {
-		err := req.Reply(false, nil)
-		if err != nil {
-			log.Println("Failed to reply to request:", err)
-		}
-		return
-	}
+	slug := random.GenerateRandomString(20)
 
-	if !registerClient(slug, s) {
+	if !s.registry.Register(slug, s) {
 		log.Printf("Failed to register client with slug: %s", slug)
 		err := req.Reply(false, nil)
 		if err != nil {
@@ -167,7 +178,7 @@ func (s *SSHSession) HandleHTTPForward(req *ssh.Request, portToBind uint16) {
 	err := binary.Write(buf, binary.BigEndian, uint32(portToBind))
 	if err != nil {
 		log.Println("Failed to write port to buffer:", err)
-		unregisterClient(slug)
+		s.registry.Remove(slug)
 		err = req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
@@ -176,16 +187,10 @@ func (s *SSHSession) HandleHTTPForward(req *ssh.Request, portToBind uint16) {
 	}
 	log.Printf("HTTP forwarding approved on port: %d", portToBind)
 
-	domain := utils.Getenv("DOMAIN", "localhost")
-	protocol := "http"
-	if utils.Getenv("TLS_ENABLED", "false") == "true" {
-		protocol = "https"
-	}
-
 	err = req.Reply(true, buf.Bytes())
 	if err != nil {
 		log.Println("Failed to reply to request:", err)
-		unregisterClient(slug)
+		s.registry.Remove(slug)
 		err = req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
@@ -193,22 +198,19 @@ func (s *SSHSession) HandleHTTPForward(req *ssh.Request, portToBind uint16) {
 		return
 	}
 
-	s.Forwarder.SetType(types.HTTP)
-	s.Forwarder.SetForwardedPort(portToBind)
-	s.SlugManager.Set(slug)
-	s.Interaction.SendMessage("\033[H\033[2J")
-	s.Interaction.ShowWelcomeMessage()
-	s.Interaction.SendMessage(fmt.Sprintf("Forwarding your traffic to %s://%s.%s\r\n", protocol, slug, domain))
-	s.Lifecycle.SetStatus(types.RUNNING)
-	s.Interaction.HandleUserInput()
+	s.forwarder.SetType(types.HTTP)
+	s.forwarder.SetForwardedPort(portToBind)
+	s.slugManager.Set(slug)
+	s.lifecycle.SetStatus(types.RUNNING)
+	s.interaction.Start()
 }
 
 func (s *SSHSession) HandleTCPForward(req *ssh.Request, addr string, portToBind uint16) {
 	log.Printf("Requested forwarding on %s:%d", addr, portToBind)
 	listener, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", portToBind))
 	if err != nil {
-		s.Interaction.SendMessage(fmt.Sprintf("Port %d is already in use or restricted. Please choose a different port.\r\n", portToBind))
-		if setErr := portUtil.Manager.SetPortStatus(portToBind, false); setErr != nil {
+		log.Printf("Port %d is already in use or restricted", portToBind)
+		if setErr := portUtil.Default.SetPortStatus(portToBind, false); setErr != nil {
 			log.Printf("Failed to reset port status: %v", setErr)
 		}
 		err = req.Reply(false, nil)
@@ -216,7 +218,7 @@ func (s *SSHSession) HandleTCPForward(req *ssh.Request, addr string, portToBind
 			log.Println("Failed to reply to request:", err)
 			return
 		}
-		err = s.Lifecycle.Close()
+		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
@@ -227,7 +229,7 @@ func (s *SSHSession) HandleTCPForward(req *ssh.Request, addr string, portToBind
 	err = binary.Write(buf, binary.BigEndian, uint32(portToBind))
 	if err != nil {
 		log.Println("Failed to write port to buffer:", err)
-		if setErr := portUtil.Manager.SetPortStatus(portToBind, false); setErr != nil {
+		if setErr := portUtil.Default.SetPortStatus(portToBind, false); setErr != nil {
 			log.Printf("Failed to reset port status: %v", setErr)
 		}
 		err = listener.Close()
@@ -242,7 +244,7 @@ func (s *SSHSession) HandleTCPForward(req *ssh.Request, addr string, portToBind
 	err = req.Reply(true, buf.Bytes())
 	if err != nil {
 		log.Println("Failed to reply to request:", err)
-		if setErr := portUtil.Manager.SetPortStatus(portToBind, false); setErr != nil {
+		if setErr := portUtil.Default.SetPortStatus(portToBind, false); setErr != nil {
 			log.Printf("Failed to reset port status: %v", setErr)
 		}
 		err = listener.Close()
@@ -253,34 +255,12 @@ func (s *SSHSession) HandleTCPForward(req *ssh.Request, addr string, portToBind
 		return
 	}
 
-	s.Forwarder.SetType(types.TCP)
-	s.Forwarder.SetListener(listener)
-	s.Forwarder.SetForwardedPort(portToBind)
-	s.Interaction.SendMessage("\033[H\033[2J")
-	s.Interaction.ShowWelcomeMessage()
-	s.Interaction.SendMessage(fmt.Sprintf("Forwarding your traffic to tcp://%s:%d \r\n", utils.Getenv("DOMAIN", "localhost"), s.Forwarder.GetForwardedPort()))
-	s.Lifecycle.SetStatus(types.RUNNING)
-	go s.Forwarder.AcceptTCPConnections()
-	s.Interaction.HandleUserInput()
-}
-
-func generateUniqueSlug() string {
-	maxAttempts := 5
-
-	for i := 0; i < maxAttempts; i++ {
-		slug := utils.GenerateRandomString(20)
-
-		clientsMutex.RLock()
-		_, exists := Clients[slug]
-		clientsMutex.RUnlock()
-
-		if !exists {
-			return slug
-		}
-	}
-
-	log.Println("Failed to generate unique slug after multiple attempts")
-	return ""
+	s.forwarder.SetType(types.TCP)
+	s.forwarder.SetListener(listener)
+	s.forwarder.SetForwardedPort(portToBind)
+	s.lifecycle.SetStatus(types.RUNNING)
+	go s.forwarder.AcceptTCPConnections()
+	s.interaction.Start()
 }
 
 func readSSHString(reader *bytes.Reader) (string, error) {

session/interaction/constants.go

@@ -1,27 +0,0 @@
-package interaction
-
-const (
-	backspaceChar    = 8
-	deleteChar       = 127
-	enterChar        = 13
-	escapeChar       = 27
-	ctrlC            = 3
-	forwardSlash     = '/'
-	minPrintableChar = 32
-	maxPrintableChar = 126
-
-	minSlugLength = 3
-	maxSlugLength = 20
-
-	clearScreen    = "\033[H\033[2J"
-	clearLine      = "\033[K"
-	clearToLineEnd = "\r\033[K"
-	backspaceSeq   = "\b \b"
-
-	minBoxWidth  = 50
-	paddingRight = 4
-)
-
-var forbiddenSlugs = []string{
-	"ping",
-}

session/lifecycle/lifecycle.go

@@ -4,6 +4,8 @@ import (
 	"errors"
 	"io"
 	"net"
+	"time"
+
 	portUtil "tunnel_pls/internal/port"
 	"tunnel_pls/session/slug"
 	"tunnel_pls/types"
@@ -11,10 +13,6 @@ import (
 	"golang.org/x/crypto/ssh"
 )
 
-type Interaction interface {
-	SendMessage(string)
-}
-
 type Forwarder interface {
 	Close() error
 	GetTunnelType() types.TunnelType
@@ -22,14 +20,25 @@ type Forwarder interface {
 }
 
 type Lifecycle struct {
-	Status  types.Status
-	Conn    ssh.Conn
-	Channel ssh.Channel
-
-	Interaction      Interaction
-	Forwarder        Forwarder
-	SlugManager      slug.Manager
+	status           types.Status
+	conn             ssh.Conn
+	channel          ssh.Channel
+	forwarder        Forwarder
+	slugManager      slug.Manager
 	unregisterClient func(slug string)
+	startedAt        time.Time
+}
+
+func NewLifecycle(conn ssh.Conn, forwarder Forwarder, slugManager slug.Manager) *Lifecycle {
+	return &Lifecycle{
+		status:           types.INITIALIZING,
+		conn:             conn,
+		channel:          nil,
+		forwarder:        forwarder,
+		slugManager:      slugManager,
+		unregisterClient: nil,
+		startedAt:        time.Now(),
+	}
 }
 
 func (l *Lifecycle) SetUnregisterClient(unregisterClient func(slug string)) {
@@ -43,49 +52,54 @@ type SessionLifecycle interface {
 	GetChannel() ssh.Channel
 	SetChannel(channel ssh.Channel)
 	SetUnregisterClient(unregisterClient func(slug string))
+	IsActive() bool
+	StartedAt() time.Time
 }
 
 func (l *Lifecycle) GetChannel() ssh.Channel {
-	return l.Channel
+	return l.channel
 }
 
 func (l *Lifecycle) SetChannel(channel ssh.Channel) {
-	l.Channel = channel
+	l.channel = channel
 }
 func (l *Lifecycle) GetConnection() ssh.Conn {
-	return l.Conn
+	return l.conn
 }
 func (l *Lifecycle) SetStatus(status types.Status) {
-	l.Status = status
+	l.status = status
+	if status == types.RUNNING && l.startedAt.IsZero() {
+		l.startedAt = time.Now()
+	}
 }
 
 func (l *Lifecycle) Close() error {
-	err := l.Forwarder.Close()
+	err := l.forwarder.Close()
 	if err != nil && !errors.Is(err, net.ErrClosed) {
 		return err
 	}
 
-	if l.Channel != nil {
-		err := l.Channel.Close()
+	if l.channel != nil {
+		err := l.channel.Close()
 		if err != nil && !errors.Is(err, io.EOF) {
 			return err
 		}
 	}
 
-	if l.Conn != nil {
-		err := l.Conn.Close()
+	if l.conn != nil {
+		err := l.conn.Close()
 		if err != nil && !errors.Is(err, net.ErrClosed) {
 			return err
 		}
 	}
 
-	clientSlug := l.SlugManager.Get()
+	clientSlug := l.slugManager.Get()
 	if clientSlug != "" {
 		l.unregisterClient(clientSlug)
 	}
 
-	if l.Forwarder.GetTunnelType() == types.TCP {
-		err := portUtil.Manager.SetPortStatus(l.Forwarder.GetForwardedPort(), false)
+	if l.forwarder.GetTunnelType() == types.TCP {
+		err := portUtil.Default.SetPortStatus(l.forwarder.GetForwardedPort(), false)
 		if err != nil {
 			return err
 		}
@@ -93,3 +107,11 @@ func (l *Lifecycle) Close() error {
 
 	return nil
 }
+
+func (l *Lifecycle) IsActive() bool {
+	return l.status == types.RUNNING
+}
+
+func (l *Lifecycle) StartedAt() time.Time {
+	return l.startedAt
+}

session/registry.go

@@ -0,0 +1,290 @@
+package session
+
+import (
+	"fmt"
+	"sync"
+)
+
+type Registry interface {
+	Get(slug string) (session *SSHSession, err error)
+	Update(oldSlug, newSlug string) error
+	Register(slug string, session *SSHSession) (success bool)
+	Remove(slug string)
+	GetAllSessionFromUser(user string) []*SSHSession
+}
+type registry struct {
+	mu        sync.RWMutex
+	byUser    map[string]map[string]*SSHSession
+	slugIndex map[string]string
+}
+
+func NewRegistry() Registry {
+	return &registry{
+		byUser:    make(map[string]map[string]*SSHSession),
+		slugIndex: make(map[string]string),
+	}
+}
+
+func (r *registry) Get(slug string) (session *SSHSession, err error) {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+
+	userID, ok := r.slugIndex[slug]
+	if !ok {
+		return nil, fmt.Errorf("session not found")
+	}
+
+	client, ok := r.byUser[userID][slug]
+	if !ok {
+		return nil, fmt.Errorf("session not found")
+	}
+	return client, nil
+}
+
+func (r *registry) Update(oldSlug, newSlug string) error {
+	if isForbiddenSlug(newSlug) {
+		return fmt.Errorf("this subdomain is reserved. Please choose a different one")
+	} else if !isValidSlug(newSlug) {
+		return fmt.Errorf("invalid subdomain. Follow the rules")
+	}
+
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	userID, ok := r.slugIndex[oldSlug]
+	if !ok {
+		return fmt.Errorf("session not found")
+	}
+
+	if _, exists := r.slugIndex[newSlug]; exists && newSlug != oldSlug {
+		return fmt.Errorf("someone already uses this subdomain")
+	}
+
+	client, ok := r.byUser[userID][oldSlug]
+	if !ok {
+		return fmt.Errorf("session not found")
+	}
+
+	delete(r.byUser[userID], oldSlug)
+	delete(r.slugIndex, oldSlug)
+
+	client.slugManager.Set(newSlug)
+	r.slugIndex[newSlug] = userID
+
+	if r.byUser[userID] == nil {
+		r.byUser[userID] = make(map[string]*SSHSession)
+	}
+	r.byUser[userID][newSlug] = client
+	return nil
+}
+
+func (r *registry) Register(slug string, session *SSHSession) (success bool) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if _, exists := r.slugIndex[slug]; exists {
+		return false
+	}
+
+	userID := session.userID
+	if r.byUser[userID] == nil {
+		r.byUser[userID] = make(map[string]*SSHSession)
+	}
+
+	r.byUser[userID][slug] = session
+	r.slugIndex[slug] = userID
+	return true
+}
+
+func (r *registry) GetAllSessionFromUser(user string) []*SSHSession {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+
+	m := r.byUser[user]
+	if len(m) == 0 {
+		return []*SSHSession{}
+	}
+
+	sessions := make([]*SSHSession, 0, len(m))
+	for _, s := range m {
+		sessions = append(sessions, s)
+	}
+	return sessions
+}
+
+func (r *registry) Remove(slug string) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	userID, ok := r.slugIndex[slug]
+	if !ok {
+		return
+	}
+
+	delete(r.byUser[userID], slug)
+	if len(r.byUser[userID]) == 0 {
+		delete(r.byUser, userID)
+	}
+	delete(r.slugIndex, slug)
+}
+
+func isValidSlug(slug string) bool {
+	if len(slug) < minSlugLength || len(slug) > maxSlugLength {
+		return false
+	}
+
+	if slug[0] == '-' || slug[len(slug)-1] == '-' {
+		return false
+	}
+
+	for _, c := range slug {
+		if !isValidSlugChar(byte(c)) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func isValidSlugChar(c byte) bool {
+	return (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '-'
+}
+
+func isForbiddenSlug(slug string) bool {
+	_, ok := forbiddenSlugs[slug]
+	return ok
+}
+
+var forbiddenSlugs = map[string]struct{}{
+	"ping":          {},
+	"staging":       {},
+	"admin":         {},
+	"root":          {},
+	"api":           {},
+	"www":           {},
+	"support":       {},
+	"help":          {},
+	"status":        {},
+	"health":        {},
+	"login":         {},
+	"logout":        {},
+	"signup":        {},
+	"register":      {},
+	"settings":      {},
+	"config":        {},
+	"null":          {},
+	"undefined":     {},
+	"example":       {},
+	"test":          {},
+	"dev":           {},
+	"system":        {},
+	"administrator": {},
+	"dashboard":     {},
+	"account":       {},
+	"profile":       {},
+	"user":          {},
+	"users":         {},
+	"auth":          {},
+	"oauth":         {},
+	"callback":      {},
+	"webhook":       {},
+	"webhooks":      {},
+	"static":        {},
+	"assets":        {},
+	"cdn":           {},
+	"mail":          {},
+	"email":         {},
+	"ftp":           {},
+	"ssh":           {},
+	"git":           {},
+	"svn":           {},
+	"blog":          {},
+	"news":          {},
+	"about":         {},
+	"contact":       {},
+	"terms":         {},
+	"privacy":       {},
+	"legal":         {},
+	"billing":       {},
+	"payment":       {},
+	"checkout":      {},
+	"cart":          {},
+	"shop":          {},
+	"store":         {},
+	"download":      {},
+	"uploads":       {},
+	"images":        {},
+	"img":           {},
+	"css":           {},
+	"js":            {},
+	"fonts":         {},
+	"public":        {},
+	"private":       {},
+	"internal":      {},
+	"external":      {},
+	"proxy":         {},
+	"cache":         {},
+	"debug":         {},
+	"metrics":       {},
+	"monitoring":    {},
+	"graphql":       {},
+	"rest":          {},
+	"rpc":           {},
+	"socket":        {},
+	"ws":            {},
+	"wss":           {},
+	"app":           {},
+	"apps":          {},
+	"mobile":        {},
+	"desktop":       {},
+	"embed":         {},
+	"widget":        {},
+	"docs":          {},
+	"documentation": {},
+	"wiki":          {},
+	"forum":         {},
+	"community":     {},
+	"feedback":      {},
+	"report":        {},
+	"abuse":         {},
+	"spam":          {},
+	"security":      {},
+	"verify":        {},
+	"confirm":       {},
+	"reset":         {},
+	"password":      {},
+	"recovery":      {},
+	"unsubscribe":   {},
+	"subscribe":     {},
+	"notifications": {},
+	"alerts":        {},
+	"messages":      {},
+	"inbox":         {},
+	"outbox":        {},
+	"sent":          {},
+	"draft":         {},
+	"trash":         {},
+	"archive":       {},
+	"search":        {},
+	"explore":       {},
+	"discover":      {},
+	"trending":      {},
+	"popular":       {},
+	"featured":      {},
+	"new":           {},
+	"latest":        {},
+	"top":           {},
+	"best":          {},
+	"hot":           {},
+	"random":        {},
+	"all":           {},
+	"any":           {},
+	"none":          {},
+	"true":          {},
+	"false":         {},
+}
+
+var (
+	minSlugLength = 3
+	maxSlugLength = 20
+)

session/session.go

@@ -1,25 +1,18 @@
 package session
 
 import (
-	"bytes"
 	"fmt"
 	"log"
-	"sync"
 	"time"
+	"tunnel_pls/internal/config"
 	"tunnel_pls/session/forwarder"
 	"tunnel_pls/session/interaction"
 	"tunnel_pls/session/lifecycle"
 	"tunnel_pls/session/slug"
-	"tunnel_pls/utils"
 
 	"golang.org/x/crypto/ssh"
 )
 
-var (
-	clientsMutex sync.RWMutex
-	Clients      = make(map[string]*SSHSession)
-)
-
 type Session interface {
 	HandleGlobalRequest(ch <-chan *ssh.Request)
 	HandleTCPIPForward(req *ssh.Request)
@@ -28,80 +21,109 @@ type Session interface {
 }
 
 type SSHSession struct {
-	Lifecycle   lifecycle.SessionLifecycle
-	Interaction interaction.Controller
-	Forwarder   forwarder.ForwardingController
-	SlugManager slug.Manager
+	initialReq    <-chan *ssh.Request
+	sshReqChannel <-chan ssh.NewChannel
+	lifecycle     lifecycle.SessionLifecycle
+	interaction   interaction.Controller
+	forwarder     forwarder.ForwardingController
+	slugManager   slug.Manager
+	registry      Registry
+	userID        string
 }
 
-func New(conn *ssh.ServerConn, forwardingReq <-chan *ssh.Request, sshChan <-chan ssh.NewChannel) {
+func (s *SSHSession) GetLifecycle() lifecycle.SessionLifecycle {
+	return s.lifecycle
+}
+
+func (s *SSHSession) GetInteraction() interaction.Controller {
+	return s.interaction
+}
+
+func (s *SSHSession) GetForwarder() forwarder.ForwardingController {
+	return s.forwarder
+}
+
+func (s *SSHSession) GetSlugManager() slug.Manager {
+	return s.slugManager
+}
+
+func New(conn *ssh.ServerConn, forwardingReq <-chan *ssh.Request, sshChan <-chan ssh.NewChannel, sessionRegistry Registry, userID string) *SSHSession {
 	slugManager := slug.NewManager()
-	forwarderManager := &forwarder.Forwarder{
-		Listener:      nil,
-		TunnelType:    "",
-		ForwardedPort: 0,
-		SlugManager:   slugManager,
-	}
-	interactionManager := &interaction.Interaction{
-		CommandBuffer:   bytes.NewBuffer(make([]byte, 0, 20)),
-		InteractiveMode: false,
-		EditSlug:        "",
-		SlugManager:     slugManager,
-		Forwarder:       forwarderManager,
-		Lifecycle:       nil,
-	}
-	lifecycleManager := &lifecycle.Lifecycle{
-		Status:      "",
-		Conn:        conn,
-		Channel:     nil,
-		Interaction: interactionManager,
-		Forwarder:   forwarderManager,
-		SlugManager: slugManager,
-	}
+	forwarderManager := forwarder.NewForwarder(slugManager)
+	interactionManager := interaction.NewInteraction(slugManager, forwarderManager)
+	lifecycleManager := lifecycle.NewLifecycle(conn, forwarderManager, slugManager)
 
 	interactionManager.SetLifecycle(lifecycleManager)
-	interactionManager.SetSlugModificator(updateClientSlug)
+	interactionManager.SetSlugModificator(sessionRegistry.Update)
 	forwarderManager.SetLifecycle(lifecycleManager)
-	lifecycleManager.SetUnregisterClient(unregisterClient)
+	lifecycleManager.SetUnregisterClient(sessionRegistry.Remove)
 
-	session := &SSHSession{
-		Lifecycle:   lifecycleManager,
-		Interaction: interactionManager,
-		Forwarder:   forwarderManager,
-		SlugManager: slugManager,
-	}
-
-	var once sync.Once
-	for channel := range sshChan {
-		ch, reqs, err := channel.Accept()
-		if err != nil {
-			log.Printf("failed to accept channel: %v", err)
-			continue
-		}
-		once.Do(func() {
-			session.Lifecycle.SetChannel(ch)
-			session.Interaction.SetChannel(ch)
-
-			tcpipReq := session.waitForTCPIPForward(forwardingReq)
-			if tcpipReq == nil {
-				session.Interaction.SendMessage(fmt.Sprintf("Port forwarding request not received.\r\nEnsure you ran the correct command with -R flag.\r\nExample: ssh %s -p %s -R 80:localhost:3000\r\nFor more details, visit https://tunnl.live.\r\n\r\n", utils.Getenv("DOMAIN", "localhost"), utils.Getenv("PORT", "2200")))
-				if err := session.Lifecycle.Close(); err != nil {
-					log.Printf("failed to close session: %v", err)
-				}
-				return
-			}
-			session.HandleTCPIPForward(tcpipReq)
-		})
-		go session.HandleGlobalRequest(reqs)
-	}
-	if err := session.Lifecycle.Close(); err != nil {
-		log.Printf("failed to close session: %v", err)
+	return &SSHSession{
+		initialReq:    forwardingReq,
+		sshReqChannel: sshChan,
+		lifecycle:     lifecycleManager,
+		interaction:   interactionManager,
+		forwarder:     forwarderManager,
+		slugManager:   slugManager,
+		registry:      sessionRegistry,
+		userID:        userID,
 	}
 }
 
-func (s *SSHSession) waitForTCPIPForward(forwardingReq <-chan *ssh.Request) *ssh.Request {
+type Detail struct {
+	ForwardingType string    `json:"forwarding_type,omitempty"`
+	Slug           string    `json:"slug,omitempty"`
+	UserID         string    `json:"user_id,omitempty"`
+	Active         bool      `json:"active,omitempty"`
+	StartedAt      time.Time `json:"started_at,omitempty"`
+}
+
+func (s *SSHSession) Detail() Detail {
+	return Detail{
+		ForwardingType: string(s.forwarder.GetTunnelType()),
+		Slug:           s.slugManager.Get(),
+		UserID:         s.userID,
+		Active:         s.lifecycle.IsActive(),
+		StartedAt:      s.lifecycle.StartedAt(),
+	}
+}
+
+func (s *SSHSession) Start() error {
+	channel := <-s.sshReqChannel
+	ch, reqs, err := channel.Accept()
+	if err != nil {
+		log.Printf("failed to accept channel: %v", err)
+		return err
+	}
+	go s.HandleGlobalRequest(reqs)
+
+	tcpipReq := s.waitForTCPIPForward()
+	if tcpipReq == nil {
+		_, err := ch.Write([]byte(fmt.Sprintf("Port forwarding request not received. Ensure you ran the correct command with -R flag. Example: ssh %s -p %s -R 80:localhost:3000", config.Getenv("DOMAIN", "localhost"), config.Getenv("PORT", "2200"))))
+		if err != nil {
+			return err
+		}
+		if err := s.lifecycle.Close(); err != nil {
+			log.Printf("failed to close session: %v", err)
+		}
+		return fmt.Errorf("no forwarding Request")
+	}
+
+	s.lifecycle.SetChannel(ch)
+	s.interaction.SetChannel(ch)
+
+	s.HandleTCPIPForward(tcpipReq)
+
+	if err := s.lifecycle.Close(); err != nil {
+		log.Printf("failed to close session: %v", err)
+		return err
+	}
+	return nil
+}
+
+func (s *SSHSession) waitForTCPIPForward() *ssh.Request {
 	select {
-	case req, ok := <-forwardingReq:
+	case req, ok := <-s.initialReq:
 		if !ok {
 			log.Println("Forwarding request channel closed")
 			return nil
@@ -119,41 +141,3 @@ func (s *SSHSession) waitForTCPIPForward(forwardingReq <-chan *ssh.Request) *ssh
 		return nil
 	}
 }
-
-func updateClientSlug(oldSlug, newSlug string) bool {
-	clientsMutex.Lock()
-	defer clientsMutex.Unlock()
-
-	if _, exists := Clients[newSlug]; exists && newSlug != oldSlug {
-		return false
-	}
-
-	client, ok := Clients[oldSlug]
-	if !ok {
-		return false
-	}
-
-	delete(Clients, oldSlug)
-	client.SlugManager.Set(newSlug)
-	Clients[newSlug] = client
-	return true
-}
-
-func registerClient(slug string, session *SSHSession) bool {
-	clientsMutex.Lock()
-	defer clientsMutex.Unlock()
-
-	if _, exists := Clients[slug]; exists {
-		return false
-	}
-
-	Clients[slug] = session
-	return true
-}
-
-func unregisterClient(slug string) {
-	clientsMutex.Lock()
-	defer clientsMutex.Unlock()
-
-	delete(Clients, slug)
-}

session/slug/slug.go

@@ -1,32 +1,24 @@
 package slug
 
-import "sync"
-
 type Manager interface {
 	Get() string
 	Set(slug string)
 }
 
 type manager struct {
-	slug   string
-	slugMu sync.RWMutex
+	slug string
 }
 
 func NewManager() Manager {
 	return &manager{
-		slug:   "",
-		slugMu: sync.RWMutex{},
+		slug: "",
 	}
 }
 
 func (s *manager) Get() string {
-	s.slugMu.RLock()
-	defer s.slugMu.RUnlock()
 	return s.slug
 }
 
 func (s *manager) Set(slug string) {
-	s.slugMu.Lock()
 	s.slug = slug
-	s.slugMu.Unlock()
 }

types/types.go

@@ -15,12 +15,6 @@ const (
 	TCP  TunnelType = "TCP"
 )
 
-type InteractionType string
-
-const (
-	Slug InteractionType = "SLUG"
-)
-
 var BadGatewayResponse = []byte("HTTP/1.1 502 Bad Gateway\r\n" +
 	"Content-Length: 11\r\n" +
 	"Content-Type: text/plain\r\n\r\n" +

version/version.go

@@ -0,0 +1,17 @@
+package version
+
+import "fmt"
+
+var (
+	Version   = "dev"
+	BuildDate = "unknown"
+	Commit    = "unknown"
+)
+
+func GetVersion() string {
+	return fmt.Sprintf("tunnel_pls %s (commit: %s, built: %s)", Version, Commit, BuildDate)
+}
+
+func GetShortVersion() string {
+	return Version
+}