fix: ssh会话连接泄露

2026-02-04 06:47:20 +08:00 · 2025-11-23 03:03:56 +08:00
parent c60bba465d
commit ad3e375d33
5 changed files with 17 additions and 27 deletions
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	github.com/libdns/westcn v1.0.2
 	github.com/libtnb/chix v1.3.2
 	github.com/libtnb/gormstore v1.1.1
-	github.com/libtnb/sessions v1.2.2-0.20251122173530-a4002b1c459d
+	github.com/libtnb/sessions v1.2.2
 	github.com/libtnb/utils v1.2.1
 	github.com/mholt/acmez/v3 v3.1.4
 	github.com/moby/moby/api v1.52.0
--- a/go.sum
+++ b/go.sum
@@ -280,8 +280,8 @@ github.com/libtnb/gormstore v1.1.1 h1:FG/3P4PuWM6/vB4weVJ31meiSaoeXns1NQlP66quKe
 github.com/libtnb/gormstore v1.1.1/go.mod h1:8A5QzeZxi1MpSmjUVsHTDAL6KnU84feIXMutFLPawwA=
 github.com/libtnb/securecookie v1.2.0 h1:2uc0PBDm0foeSTrcZ9QTX1IEjf6kFEwfgEYSIXQSKrA=
 github.com/libtnb/securecookie v1.2.0/go.mod h1:ja+wNGnQzYqcqXQnJWu6icsaWi5JEBwNEMJ2ReTVDxA=
-github.com/libtnb/sessions v1.2.2-0.20251122173530-a4002b1c459d h1:PIS6RcMg03UlAkLuif8go4G5fv1x6xFZBK7koBwNd4c=
-github.com/libtnb/sessions v1.2.2-0.20251122173530-a4002b1c459d/go.mod h1:qw+FWtBtrPDYCf6MfX0Lk5EhTArpvT72z5Ei4RUMTRg=
+github.com/libtnb/sessions v1.2.2 h1:VTTzzeBDJEkJbaPaIU9C4bRj2oAqD0rgQ7UHFkkaNT4=
+github.com/libtnb/sessions v1.2.2/go.mod h1:qw+FWtBtrPDYCf6MfX0Lk5EhTArpvT72z5Ei4RUMTRg=
 github.com/libtnb/utils v1.2.1 h1:LJmReRREnpqfHyy9PZtNgBh3ZaIGct81b8ZaAsolMkM=
 github.com/libtnb/utils v1.2.1/go.mod h1:o6LEDeC42PXI21uLWdWJWTVYvR9BtAZfzzTGJVQoQiU=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
--- a/internal/data/app.go
+++ b/internal/data/app.go
@@ -191,7 +191,7 @@ func (r *appRepo) Install(channel, slug string) error {

 	// 下载回调
 	if err = r.api.AppCallback(slug); err != nil {
-		r.log.Warn("[App] download callback failed", slog.String("app", slug), slog.Any("error", err))
+		r.log.Warn("[App] download callback failed", slog.String("app", slug), slog.Any("err", err))
 	}

 	if app.IsCli {
@@ -306,7 +306,7 @@ func (r *appRepo) Update(slug string) error {

 	// 下载回调
 	if err = r.api.AppCallback(slug); err != nil {
-		r.log.Warn("[App] download callback failed", slog.String("app", slug), slog.Any("error", err))
+		r.log.Warn("[App] download callback failed", slog.String("app", slug), slog.Any("err", err))
 	}

 	if app.IsCli {
--- a/internal/service/ws.go
+++ b/internal/service/ws.go
@@ -5,7 +5,6 @@ import (
 	"context"
 	"log/slog"
 	"net/http"
-	"sync"

 	"github.com/coder/websocket"
 	"github.com/knadh/koanf/v2"
@@ -48,7 +47,7 @@ func (s *WsService) Session(w http.ResponseWriter, r *http.Request) {

 	ws, err := s.upgrade(w, r)
 	if err != nil {
-		s.log.Warn("[Websocket] upgrade session ws error", slog.Any("error", err))
+		s.log.Warn("[Websocket] upgrade session ws error", slog.Any("err", err))
 		return
 	}
 	defer func(ws *websocket.Conn) { _ = ws.CloseNow() }(ws)
@@ -68,27 +67,19 @@ func (s *WsService) Session(w http.ResponseWriter, r *http.Request) {
 		_ = ws.Close(websocket.StatusNormalClosure, err.Error())
 		return
 	}
-	defer func(turn *ssh.Turn) { _ = turn.Close() }(turn)
-
-	wg := sync.WaitGroup{}
-	wg.Add(2)

 	go func() {
-		defer wg.Done()
+		defer turn.Close() // Handle 退出后关闭 SSH 连接，以结束 Wait 阶段
 		_ = turn.Handle(ctx)
 	}()
-	go func() {
-		defer wg.Done()
-		_ = turn.Wait()
-	}()

-	wg.Wait()
+	turn.Wait()
 }

 func (s *WsService) Exec(w http.ResponseWriter, r *http.Request) {
 	ws, err := s.upgrade(w, r)
 	if err != nil {
-		s.log.Warn("[Websocket] upgrade exec ws error", slog.Any("error", err))
+		s.log.Warn("[Websocket] upgrade exec ws error", slog.Any("err", err))
 		return
 	}
 	defer func(ws *websocket.Conn) { _ = ws.CloseNow() }(ws)
--- a/pkg/ssh/turn.go
+++ b/pkg/ssh/turn.go
@@ -3,7 +3,6 @@ package ssh
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"

@@ -61,19 +60,19 @@ func (t *Turn) Write(p []byte) (n int, err error) {
 	return len(p), nil
 }

-func (t *Turn) Close() error {
-	if t.session != nil {
-		_ = t.session.Close()
-	}
-	return t.ws.CloseNow()
+func (t *Turn) Close() {
+	_ = t.stdin.Close()
+	_ = t.session.Signal(ssh.SIGTERM)
+	_ = t.session.Close()
 }

 func (t *Turn) Handle(ctx context.Context) error {
 	var resize MessageResize
+
 	for {
 		select {
 		case <-ctx.Done():
-			return errors.New("ssh context done exit")
+			return ctx.Err()
 		default:
 			_, data, err := t.ws.Read(ctx)
 			if err != nil {
@@ -98,6 +97,6 @@ func (t *Turn) Handle(ctx context.Context) error {
 	}
 }

-func (t *Turn) Wait() error {
-	return t.session.Wait()
+func (t *Turn) Wait() {
+	_ = t.session.Wait()
 }