config

package

v0.1.0 Latest Latest Go to latest Published: Mar 21, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/schrodit/ssh-proxy

Links

Open Source Insights

Documentation ¶

Index ¶

func ResolveHost(host string, match *RouteMatch, username string) (string, error)
type AuthMethod
type Config
- func Load(path string) (*Config, error)
- func LoadWithData(path string) (*Config, []byte, error)
- func (c *Config) Validate() error
type ConfigManager
- func NewConfigManager(path string) (*ConfigManager, error)
type HostTemplateData
type Route
type RouteMatch
type Target
type TargetAuth
type WebhookConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ResolveHost ¶

func ResolveHost(host string, match *RouteMatch, username string) (string, error)

ResolveHost resolves the target host, executing it as a Go template if it contains template syntax. The template has access to the username, positional groups, and named groups from the regex match.

Types ¶

type AuthMethod ¶

type AuthMethod struct {
	Type           string         `yaml:"type"`                     // "password", "key", "password_hash", or "external_auth"
	Password       string         `yaml:"password,omitempty"`       // for password auth (plain text)
	PasswordHash   string         `yaml:"passwordHash,omitempty"`   // for hashed password auth
	HashType       string         `yaml:"hashType,omitempty"`       // hash algorithm used (bcrypt, sha256, etc.)
	AuthorizedKeys []string       `yaml:"authorizedKeys,omitempty"` // for key auth (inline public keys)
	ExternalAuth   *WebhookConfig `yaml:"externalAuth,omitempty"`   // for external auth via webhook
}

AuthMethod represents an authentication method for client connections

type Config ¶

type Config struct {
	Routes []Route `yaml:"routes"`
}

Config represents the main configuration structure

func Load ¶

func Load(path string) (*Config, error)

Load reads and parses a configuration file

func LoadWithData ¶

func LoadWithData(path string) (*Config, []byte, error)

LoadWithData reads and parses a configuration file, returning both config and raw data

func (*Config) Validate ¶

func (c *Config) Validate() error

Validate validates the configuration and compiles regex patterns.

type ConfigManager ¶

type ConfigManager struct {
	// contains filtered or unexported fields
}

ConfigManager manages configuration with dynamic reloading and concurrent access

func NewConfigManager ¶

func NewConfigManager(path string) (*ConfigManager, error)

NewConfigManager creates a new configuration manager

func (*ConfigManager) Close ¶

func (cm *ConfigManager) Close() error

Close stops watching for config changes

func (*ConfigManager) FindRoute ¶

func (cm *ConfigManager) FindRoute(username string) *RouteMatch

FindRoute finds a matching route for the given username. It first checks for exact username matches, then falls back to regex matching. Returns a RouteMatch with the matched route and any captured groups, or nil if no match.

func (*ConfigManager) GetConfig ¶

func (cm *ConfigManager) GetConfig() *Config

GetConfig returns the current configuration (concurrent-safe)

func (*ConfigManager) GetRouteMap ¶

func (cm *ConfigManager) GetRouteMap() map[string]*Route

GetRouteMap returns a concurrent-safe copy of the route map

type HostTemplateData ¶

type HostTemplateData struct {
	Username string
	Groups   []string
	Named    map[string]string
}

HostTemplateData is the data available to Go templates in the host field

type Route ¶

type Route struct {
	Username      string       `yaml:"username"`
	UsernameRegex string       `yaml:"usernameRegex,omitempty"`
	Target        Target       `yaml:"target"`
	Auth          []AuthMethod `yaml:"auth"`
	// contains filtered or unexported fields
}

Route represents a routing rule for a specific username

type RouteMatch ¶

type RouteMatch struct {
	Route  *Route
	Groups []string          // positional groups (index 0 = full match)
	Named  map[string]string // named capture groups
}

RouteMatch contains information about a matched route including any captured groups

type Target ¶

type Target struct {
	Host     string     `yaml:"host"`
	Port     int        `yaml:"port"`
	User     string     `yaml:"user"`
	Auth     TargetAuth `yaml:"auth"`
	HostKey  string     `yaml:"hostKey"`  // known public key of the target server (e.g. "ssh-ed25519 AAAA..."); required if insecure is false
	Insecure bool       `yaml:"insecure"` // skip host key verification; must be explicitly true if hostKey is not set
}

Target represents the target SSH server configuration

type TargetAuth ¶

type TargetAuth struct {
	Type     string `yaml:"type"`     // "password", "key", or "password_hash"
	Password string `yaml:"password"` // for password auth (plain text)
	KeyPath  string `yaml:"keyPath"`  // for key auth (file path)
}

TargetAuth represents authentication configuration for target server connections

type WebhookConfig ¶

type WebhookConfig struct {
	URL     string            `yaml:"url"`               // URL of the webhook endpoint
	Headers map[string]string `yaml:"headers,omitempty"` // optional HTTP headers (e.g., Authorization)
	Timeout string            `yaml:"timeout,omitempty"` // Go duration string (e.g., "5s", "30s"); default "5s"
}

WebhookConfig represents the configuration for an external authentication webhook. The webhook receives a JSON POST with user credentials and returns whether the user is authenticated.

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL