Add CBOR and agent initiated WebSocket connections (#51, #490, #646, #845, etc)

- Add version exchange between hub and agent.
- Introduce ConnectionManager for managing WebSocket and SSH connections.
- Implement fingerprint generation and storage in agent.
- Create expiry map package to store universal tokens.
- Update config.yml configuration to include tokens.
- Enhance system management with new methods for handling system states and alerts.
- Update front-end components to support token / fingerprint management features.
- Introduce utility functions for token generation and hub URL retrieval.

Co-authored-by: nhas <jordanatararimu@gmail.com>

beszel/internal/agent/server.go

@@ -1,25 +1,44 @@
 package agent
 
 import (
+	"beszel"
 	"beszel/internal/common"
+	"beszel/internal/entities/system"
 	"encoding/json"
+	"errors"
 	"fmt"
+	"io"
 	"log/slog"
 	"net"
 	"os"
 	"strings"
+	"time"
 
+	"github.com/blang/semver"
+	"github.com/fxamacker/cbor/v2"
 	"github.com/gliderlabs/ssh"
 	gossh "golang.org/x/crypto/ssh"
 )
 
+// ServerOptions contains configuration options for starting the SSH server.
 type ServerOptions struct {
-	Addr    string
-	Network string
-	Keys    []gossh.PublicKey
+	Addr    string            // Network address to listen on (e.g., ":45876" or "/path/to/socket")
+	Network string            // Network type ("tcp" or "unix")
+	Keys    []gossh.PublicKey // SSH public keys for authentication
 }
 
+// hubVersions caches hub versions by session ID to avoid repeated parsing.
+var hubVersions map[string]semver.Version
+
+// StartServer starts the SSH server with the provided options.
+// It configures the server with secure defaults, sets up authentication,
+// and begins listening for connections. Returns an error if the server
+// is already running or if there's an issue starting the server.
 func (a *Agent) StartServer(opts ServerOptions) error {
+	if a.server != nil {
+		return errors.New("server already started")
+	}
+
 	slog.Info("Starting SSH server", "addr", opts.Addr, "network", opts.Network)
 
 	if opts.Network == "unix" {
@@ -37,7 +56,9 @@ func (a *Agent) StartServer(opts ServerOptions) error {
 	defer ln.Close()
 
 	// base config (limit to allowed algorithms)
-	config := &gossh.ServerConfig{}
+	config := &gossh.ServerConfig{
+		ServerVersion: fmt.Sprintf("SSH-2.0-%s_%s", beszel.AppName, beszel.Version),
+	}
 	config.KeyExchanges = common.DefaultKeyExchanges
 	config.MACs = common.DefaultMACs
 	config.Ciphers = common.DefaultCiphers
@@ -45,42 +66,92 @@ func (a *Agent) StartServer(opts ServerOptions) error {
 	// set default handler
 	ssh.Handle(a.handleSession)
 
-	server := ssh.Server{
+	a.server = &ssh.Server{
 		ServerConfigCallback: func(ctx ssh.Context) *gossh.ServerConfig {
 			return config
 		},
 		// check public key(s)
 		PublicKeyHandler: func(ctx ssh.Context, key ssh.PublicKey) bool {
+			remoteAddr := ctx.RemoteAddr()
 			for _, pubKey := range opts.Keys {
 				if ssh.KeysEqual(key, pubKey) {
+					slog.Info("SSH connected", "addr", remoteAddr)
 					return true
 				}
 			}
+			slog.Warn("Invalid SSH key", "addr", remoteAddr)
 			return false
 		},
 		// disable pty
 		PtyCallback: func(ctx ssh.Context, pty ssh.Pty) bool {
 			return false
 		},
-		// log failed connections
-		ConnectionFailedCallback: func(conn net.Conn, err error) {
-			slog.Warn("Failed connection attempt", "addr", conn.RemoteAddr().String(), "err", err)
-		},
+		// close idle connections after 70 seconds
+		IdleTimeout: 70 * time.Second,
 	}
 
 	// Start SSH server on the listener
-	return server.Serve(ln)
+	return a.server.Serve(ln)
 }
 
+// getHubVersion retrieves and caches the hub version for a given session.
+// It extracts the version from the SSH client version string and caches
+// it to avoid repeated parsing. Returns a zero version if parsing fails.
+func (a *Agent) getHubVersion(sessionId string, sessionCtx ssh.Context) semver.Version {
+	if hubVersions == nil {
+		hubVersions = make(map[string]semver.Version, 1)
+	}
+	hubVersion, ok := hubVersions[sessionId]
+	if ok {
+		return hubVersion
+	}
+	// Extract hub version from SSH client version
+	clientVersion := sessionCtx.Value(ssh.ContextKeyClientVersion)
+	if versionStr, ok := clientVersion.(string); ok {
+		hubVersion, _ = extractHubVersion(versionStr)
+	}
+	hubVersions[sessionId] = hubVersion
+	return hubVersion
+}
+
+// handleSession handles an incoming SSH session by gathering system statistics
+// and sending them to the hub. It signals connection events, determines the
+// appropriate encoding format based on hub version, and exits with appropriate
+// status codes.
 func (a *Agent) handleSession(s ssh.Session) {
-	slog.Debug("New session", "client", s.RemoteAddr())
-	stats := a.gatherStats(s.Context().SessionID())
-	if err := json.NewEncoder(s).Encode(stats); err != nil {
+	a.connectionManager.eventChan <- SSHConnect
+
+	sessionCtx := s.Context()
+	sessionID := sessionCtx.SessionID()
+
+	hubVersion := a.getHubVersion(sessionID, sessionCtx)
+
+	stats := a.gatherStats(sessionID)
+
+	err := a.writeToSession(s, stats, hubVersion)
+	if err != nil {
 		slog.Error("Error encoding stats", "err", err, "stats", stats)
 		s.Exit(1)
-		return
+	} else {
+		s.Exit(0)
 	}
-	s.Exit(0)
+}
+
+// writeToSession encodes and writes system statistics to the session.
+// It chooses between CBOR and JSON encoding based on the hub version,
+// using CBOR for newer versions and JSON for legacy compatibility.
+func (a *Agent) writeToSession(w io.Writer, stats *system.CombinedData, hubVersion semver.Version) error {
+	if hubVersion.GTE(beszel.MinVersionCbor) {
+		return cbor.NewEncoder(w).Encode(stats)
+	}
+	return json.NewEncoder(w).Encode(stats)
+}
+
+// extractHubVersion extracts the beszel version from SSH client version string.
+// Expected format: "SSH-2.0-beszel_X.Y.Z" or "beszel_X.Y.Z"
+func extractHubVersion(versionString string) (semver.Version, error) {
+	_, after, _ := strings.Cut(versionString, "_")
+	return semver.Parse(after)
 }
 
 // ParseKeys parses a string containing SSH public keys in authorized_keys format.
@@ -103,7 +174,9 @@ func ParseKeys(input string) ([]gossh.PublicKey, error) {
 	return parsedKeys, nil
 }
 
-// GetAddress gets the address to listen on or connect to from environment variables or default value.
+// GetAddress determines the network address to listen on from various sources.
+// It checks the provided address, then environment variables (LISTEN, PORT),
+// and finally defaults to ":45876".
 func GetAddress(addr string) string {
 	if addr == "" {
 		addr, _ = GetEnv("LISTEN")
@@ -122,7 +195,9 @@ func GetAddress(addr string) string {
 	return addr
 }
 
-// GetNetwork returns the network type to use based on the address
+// GetNetwork determines the network type based on the address format.
+// It checks the NETWORK environment variable first, then infers from
+// the address format: addresses starting with "/" are "unix", others are "tcp".
 func GetNetwork(addr string) string {
 	if network, ok := GetEnv("NETWORK"); ok && network != "" {
 		return network
@@ -132,3 +207,17 @@ func GetNetwork(addr string) string {
 	}
 	return "tcp"
 }
+
+// StopServer stops the SSH server if it's running.
+// It returns an error if the server is not running or if there's an error stopping it.
+func (a *Agent) StopServer() error {
+	if a.server == nil {
+		return errors.New("SSH server not running")
+	}
+
+	slog.Info("Stopping SSH server")
+	_ = a.server.Close()
+	a.server = nil
+	a.connectionManager.eventChan <- SSHDisconnect
+	return nil
+}