generate

package
v0.0.0-...-618b1d7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2026 License: GPL-3.0 Imports: 29 Imported by: 0

Documentation

Overview

Package generate provides functions for generating cryptographic credentials used in cheburbox server configurations.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildInbound 

func BuildInbound(in config.Inbound, creds InboundCredentials) (option.Inbound, error)

BuildInbound converts a cheburbox Inbound config and resolved credentials into a sing-box Inbound option.

func BuildOutbound 

func BuildOutbound(out config.Outbound) (option.Outbound, error)

BuildOutbound converts a cheburbox Outbound to a sing-box option.Outbound.

func BuildOutboundWithState 

func BuildOutboundWithState(
	out config.Outbound,
	state *ServerState,
	opts ...OutboundBuildOption,
) (option.Outbound, error)

BuildOutboundWithState converts a cheburbox Outbound to a sing-box option.Outbound using the provided ServerState for cross-server credential resolution.

func CertNeedsRegeneration 

func CertNeedsRegeneration(cert *x509.Certificate, serverName string) bool

func ComputePinSHA256 

func ComputePinSHA256(certPEM []byte) (string, error)

ComputePinSHA256 computes the SHA-256 pin of a PEM-encoded certificate's public key.

func ConvertDNS 

func ConvertDNS(cfg config.DNS) (*option.DNSOptions, error)

ConvertDNS converts cheburbox DNS configuration to sing-box DNSOptions.

func ConvertRoute 

func ConvertRoute(route *config.Route) (*option.RouteOptions, error)

ConvertRoute converts cheburbox route configuration to sing-box RouteOptions. Returns an empty RouteOptions if route is nil.

func DerivePublicKey 

func DerivePublicKey(privateKeyBase64 string) (string, error)

func GeneratePassword 

func GeneratePassword() (string, error)

GeneratePassword returns a base64-encoded 24-byte random password.

func GenerateSelfSignedCert 

func GenerateSelfSignedCert(serverName string) ([]byte, ed25519.PrivateKey, error)

GenerateSelfSignedCert creates a self-signed certificate and Ed25519 private key for the given server name, returning the DER-encoded certificate and the typed private key.

func GenerateSelfSignedCertPEM 

func GenerateSelfSignedCertPEM(serverName string) ([]byte, []byte, error)

GenerateSelfSignedCertPEM creates a self-signed certificate and private key for the given server name, returning PEM-encoded certificate and PKCS#8 private key.

func GenerateShortID 

func GenerateShortID() (string, error)

GenerateShortID returns a hex-encoded 8-byte random short identifier.

func GenerateUUID 

func GenerateUUID() (string, error)

GenerateUUID returns a random UUIDv4 string.

func GenerateX25519KeyPair 

func GenerateX25519KeyPair() (string, string, error)

GenerateX25519KeyPair generates an X25519 key pair and returns the private and public keys as base64-encoded strings.

func ReadCertFiles 

func ReadCertFiles(certPath string, keyPath string) ([]byte, []byte, error)

ReadCertFiles reads PEM-encoded certificate and key from the given paths. Returns nil values without error if files do not exist.

func WriteCertFiles 

func WriteCertFiles(certPath string, keyPath string, certPEM []byte, keyPEM []byte) error

WriteCertFiles writes PEM-encoded certificate and key to the given paths.

Types

type Edge 

type Edge struct {
	From string
	To   string
}

Edge represents a directed dependency from one server to another.

type FileOutput 

type FileOutput struct {
	Path    string
	Content []byte
}

FileOutput represents a generated file with its relative path and content.

type GenerateConfig 

type GenerateConfig struct {
	FullReset bool
	Orphan    bool
}

GenerateConfig controls server generation behavior.

type GenerateResult 

type GenerateResult struct {
	Server string
	Files  []FileOutput
}

GenerateResult holds the generated server name and output files.

func GenerateAll 

func GenerateAll(projectRoot string, jpath string, genCfg GenerateConfig) ([]GenerateResult, error)

GenerateAll discovers all servers in the project, builds a dependency graph, topologically sorts them, and generates configs in order with shared state for cross-server credential resolution. Uses two-pass generation to handle cross-server user provisioning.

func GenerateServer 

func GenerateServer(dir string, cfg config.Config, genCfg GenerateConfig) (GenerateResult, error)

GenerateServer generates a complete sing-box configuration for a server.

func GenerateServers 

func GenerateServers(
	projectRoot string,
	jpath string,
	serverName string,
	genCfg GenerateConfig,
) ([]GenerateResult, error)

GenerateServers generates configs for the specified server and its transitive dependencies.

type Graph 

type Graph struct {
	Nodes map[string]bool
	Edges []Edge
}

Graph represents a directed graph of server dependencies.

func BuildGraph 

func BuildGraph(configs map[string]config.Config) (*Graph, error)

BuildGraph constructs a dependency graph from a set of server configurations. Each outbound with a non-empty Server field creates an edge from the owning server to the target. Returns an error for self-references, unknown server references, or dependency cycles.

func (*Graph) TopologicalSort 

func (g *Graph) TopologicalSort() ([]string, error)

TopologicalSort returns servers in dependency order: servers with no dependencies come first. Returns an error if a cycle is detected.

func (*Graph) TransitiveDependencies 

func (g *Graph) TransitiveDependencies(server string) ([]string, error)

TransitiveDependencies returns all servers transitively depended on by the given server, including the server itself.

type InboundCredentials 

type InboundCredentials struct {
	Users        map[string]UserCreds
	Reality      *RealityKeys
	ObfsPassword string
	ServerName   string
	ALPN         []string
}

InboundCredentials holds resolved credentials for building inbound options.

type OutboundBuildOption 

type OutboundBuildOption func(*outboundBuildConfig)

OutboundBuildOption configures outbound building behavior.

func WithDefaultUser 

func WithDefaultUser(user string) OutboundBuildOption

WithDefaultUser sets a fallback user for cross-server outbounds when no explicit user is specified in the config.

type RealityKeys 

type RealityKeys struct {
	PrivateKey string
	PublicKey  string
	ShortID    []string
}

RealityKeys holds generated reality key pair and short IDs.

type ServerState 

type ServerState struct {
	// contains filtered or unexported fields
}

ServerState holds per-server state for credentials, pin-SHA256, endpoints, inbound types, and listen ports.

func NewServerState 

func NewServerState() *ServerState

NewServerState creates an empty ServerState ready for use.

func (*ServerState) EnsureUser 

func (s *ServerState) EnsureUser(server string, tag string, userName string) error

EnsureUser adds a user with generated credentials to an existing inbound. If the user already exists, their credentials are preserved.

func (*ServerState) GetEndpoint 

func (s *ServerState) GetEndpoint(server string) (string, bool)

GetEndpoint retrieves the public endpoint address for a server.

func (*ServerState) GetInboundCredentials 

func (s *ServerState) GetInboundCredentials(server string, tag string) (InboundCredentials, bool)

GetInboundCredentials retrieves credentials for a server's inbound.

func (*ServerState) GetInboundType 

func (s *ServerState) GetInboundType(server string, tag string) (string, bool)

GetInboundType retrieves the inbound protocol type for a server's inbound.

func (*ServerState) GetListenPort 

func (s *ServerState) GetListenPort(server string, tag string) (uint16, bool)

GetListenPort retrieves the listen port for a server's inbound.

func (*ServerState) GetPinSHA256 

func (s *ServerState) GetPinSHA256(server string, tag string) (string, bool)

GetPinSHA256 retrieves the TLS pin-SHA256 fingerprint for a server's inbound.

func (*ServerState) StoreEndpoint 

func (s *ServerState) StoreEndpoint(server string, endpoint string)

StoreEndpoint saves the public endpoint address for a server.

func (*ServerState) StoreInboundCredentials 

func (s *ServerState) StoreInboundCredentials(server string, tag string, creds InboundCredentials)

StoreInboundCredentials saves credentials for a server's inbound.

func (*ServerState) StoreInboundType 

func (s *ServerState) StoreInboundType(server string, tag string, inboundType string)

StoreInboundType saves the inbound protocol type for a server's inbound.

func (*ServerState) StoreListenPort 

func (s *ServerState) StoreListenPort(server string, tag string, port uint16)

StoreListenPort saves the listen port for a server's inbound.

func (*ServerState) StorePinSHA256 

func (s *ServerState) StorePinSHA256(server string, tag string, pin string)

StorePinSHA256 saves the TLS pin-SHA256 fingerprint for a server's inbound.

type UserCreds 

type UserCreds struct {
	UUID     string
	Password string
	Flow     string
}

UserCreds holds per-user credentials.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.