Add connection type tracking and secure telnet port support

MorquinDevlar · MorquinDevlar · commit 02bde6397dd5 · 2025-08-12T07:59:40.000+02:00
Overview:
Secure ports only listen to localhost like the LocalPort, and will
display on the website as secure if added to config.

Added:
  - ConnectionType field to OnlineInfo struct showing "Web", "Telnet",
or "Secure"
  - GetLocalPort method to ConnectionDetails for port detection
  - GetConnectionPort helper function in connections package
  - SecureTelnetPort configuration field for localhost-only secure
connections
  - Automatic listening on SecureTelnetPort (localhost-only, like
LocalPort)
  - Connection type detection based on WebSocket status and port number
  - Connection type column to online users HTML table

  Changed:
  - GetOnlineInfo method to determine and include connection type
  - Online page to display how each user is connected
  - Config documentation to clarify SecureTelnetPort behavior
diff --git a/_datafiles/config.yaml b/_datafiles/config.yaml
@@ -384,9 +384,9 @@ Network:
   #   ports by separating them with commas. For example, [33333, 33334, 33335]
   TelnetPort: [33333, 44444]
   # - SecureTelnetPort -
-  #   The port the server listens on for secure telnet connections. Listen on multiple
-  #   ports by separating them with commas. For example, [33334, 33335]
-  #   Set to [0] to disable secure telnet.
+  #   Localhost-only ports for secure telnet connections (e.g., TLS proxy forwarding).
+  #   Like LocalPort but shown on website. Multiple ports supported: [33334, 33335]
+  #   Set to [0] to disable.
   SecureTelnetPort: [0]
   # - LocalPort -
   #   A port that can only be accessed via localhost, but will not limit based on connection count
diff --git a/_datafiles/html/public/online.html b/_datafiles/html/public/online.html
@@ -12,6 +12,7 @@ <h3>Users Online: </h3>
                 <th>Alignment</th>
                 <th>Profession</th>
                 <th>Time Online</th>
+                <th>Connection</th>
                 <th>Role</th>
             </tr>
             {{range $index, $uInfo := .STATS.OnlineUsers}}
@@ -22,6 +23,7 @@ <h3>Users Online: </h3>
                 <td align="center">{{ $uInfo.Alignment }}</td>
                 <td align="center">{{ $uInfo.Profession }}</td>
                 <td align="center">{{ $uInfo.OnlineTimeStr }}{{ if $uInfo.IsAFK }} (AFK){{end}}</td>
+                <td align="center">{{ $uInfo.ConnectionType }}</td>
                 <td align="center">{{ $uInfo.Role }}</td>
             </tr>
             {{end}}
diff --git a/internal/connections/connectiondetails.go b/internal/connections/connectiondetails.go
@@ -3,6 +3,7 @@ package connections
 import (
 	"errors"
 	"net"
+	"strconv"
 	"strings"
 	"sync"
 	"sync/atomic"
@@ -278,6 +279,32 @@ func (cd *ConnectionDetails) RemoteAddr() net.Addr {
 	return cd.conn.RemoteAddr()
 }
 
+// GetLocalPort returns the local port the connection came in on
+func (cd *ConnectionDetails) GetLocalPort() int {
+	var localAddr net.Addr
+	if cd.wsConn != nil {
+		localAddr = cd.wsConn.LocalAddr()
+	} else if cd.conn != nil {
+		localAddr = cd.conn.LocalAddr()
+	} else {
+		return 0
+	}
+
+	// Extract port from address
+	if tcpAddr, ok := localAddr.(*net.TCPAddr); ok {
+		return tcpAddr.Port
+	}
+
+	// Try parsing as string
+	_, portStr, err := net.SplitHostPort(localAddr.String())
+	if err != nil {
+		return 0
+	}
+
+	port, _ := strconv.Atoi(portStr)
+	return port
+}
+
 // get for uniqueId
 func (cd *ConnectionDetails) ConnectionId() ConnectionId {
 	return ConnectionId(atomic.LoadUint64((*uint64)(&cd.connectionId)))
diff --git a/internal/connections/connections.go b/internal/connections/connections.go
@@ -80,6 +80,17 @@ func IsWebsocket(id ConnectionId) bool {
 	return false
 }
 
+func GetConnectionPort(id ConnectionId) int {
+	lock.Lock()
+	defer lock.Unlock()
+
+	if cd, ok := netConnections[id]; ok {
+		return cd.GetLocalPort()
+	}
+
+	return 0
+}
+
 func GetAllConnectionIds() []ConnectionId {
 
 	lock.Lock()
diff --git a/internal/users/onlineinfo.go b/internal/users/onlineinfo.go
@@ -1,13 +1,14 @@
 package users
 
 type OnlineInfo struct {
-	Username      string
-	CharacterName string
-	Level         int
-	Alignment     string
-	Profession    string
-	OnlineTime    int64
-	OnlineTimeStr string
-	IsAFK         bool
-	Role          string
+	Username       string
+	CharacterName  string
+	Level          int
+	Alignment      string
+	Profession     string
+	OnlineTime     int64
+	OnlineTimeStr  string
+	IsAFK          bool
+	Role           string
+	ConnectionType string // "Web", "Telnet", or "Secure"
 }
diff --git a/internal/users/userrecord.go b/internal/users/userrecord.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"math"
 	"math/big"
+	"strconv"
 	"strings"
 	"time"
 
@@ -619,6 +620,23 @@ func (u *UserRecord) GetOnlineInfo() OnlineInfo {
 		isAfk = true
 	}
 
+	// Determine connection type
+	connectionType := "Telnet"
+	if connections.IsWebsocket(u.connectionId) {
+		connectionType = "Web"
+	} else {
+		// Check if connected through a secure telnet port
+		port := connections.GetConnectionPort(u.connectionId)
+		networkConfig := configs.GetNetworkConfig()
+		for _, securePortStr := range networkConfig.SecureTelnetPort {
+			securePort, _ := strconv.Atoi(securePortStr)
+			if securePort > 0 && port == securePort {
+				connectionType = "Secure"
+				break
+			}
+		}
+	}
+
 	return OnlineInfo{
 		u.Username,
 		u.Character.Name,
@@ -629,6 +647,7 @@ func (u *UserRecord) GetOnlineInfo() OnlineInfo {
 		timeStr,
 		isAfk,
 		u.Role,
+		connectionType,
 	}
 }
 
diff --git a/internal/web/web.go b/internal/web/web.go
@@ -58,7 +58,8 @@ func getClientIP(r *http.Request) string {
 	}
 
 	// Only trust proxy headers if the connection is from localhost
-	if host == "127.0.0.1" || host == "::1" || host == "localhost" {
+	// Check for various localhost representations
+	if host == "127.0.0.1" || host == "::1" || host == "localhost" || host == "0.0.0.0" {
 		// Check X-Real-IP first (higher priority)
 		if realIP := r.Header.Get("X-Real-IP"); realIP != "" {
 			return realIP
diff --git a/main.go b/main.go
@@ -271,6 +271,15 @@ func main() {
 		TelnetListenOnPort(`127.0.0.1`, int(c.Network.LocalPort), &wg, 0)
 	}
 
+	// Secure telnet ports - same as LocalPort but tracked differently
+	for _, port := range c.Network.SecureTelnetPort {
+		if p, err := strconv.Atoi(port); err == nil && p > 0 {
+			mudlog.Info("Telnet", "stage", "Listening on secure port (localhost only)", "port", p)
+			// Same as LocalPort - localhost only, no connection limit
+			TelnetListenOnPort(`127.0.0.1`, p, &wg, 0)
+		}
+	}
+
 	go worldManager.InputWorker(workerShutdownChan, &wg)
 	go worldManager.MainWorker(workerShutdownChan, &wg)
 

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,8 @@ func getClientIP(r *http.Request) string {`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`// Only trust proxy headers if the connection is from localhost`
`61`		`- if host == "127.0.0.1" \|\| host == "::1" \|\| host == "localhost" {`
	`61`	`+ // Check for various localhost representations`
	`62`	`+ if host == "127.0.0.1" \|\| host == "::1" \|\| host == "localhost" \|\| host == "0.0.0.0" {`
`62`	`63`	`// Check X-Real-IP first (higher priority)`
`63`	`64`	`if realIP := r.Header.Get("X-Real-IP"); realIP != "" {`
`64`	`65`	`return realIP`