← 返回
未分类 中文

Wish Ssh Code Review

Reviews Wish SSH server code for proper middleware, session handling, and security patterns. Use when reviewing SSH server code using charmbracelet/wish.
检查 Wish SSH 服务器代码的中间件、会话处理和安全模式,适用于使用 charmbracelet/wish 审查代码时。
anderskev anderskev 来源
未分类 clawhub v2.3.1 2 版本 100000 Key: 无需
★ 0
Stars
📥 419
下载
💾 3
安装
2
版本
#latest

概述

Wish SSH Code Review

Quick Reference

Issue TypeReference
-----------------------
Server setup, middlewarereferences/server.md
Session handling, securityreferences/sessions.md

Review gates

Run these in order when producing a written review. Do not claim a defect in a later step until the Pass when for the current step is satisfied for the code under review.

  1. Locate Wish entry pointsPass when: you have at least one repo path per server surface that calls wish.NewServer, wish.WithMiddleware, registers bubbletea.Middleware, or defines the top-level ssh.Handler chain (list the paths explicitly).
  2. Capture server-setup evidencePass when: for each path from step 1, you have the actual wish.WithHostKey* / host-key configuration and the full middleware list in source order as written (not recalled from memory). If graceful shutdown exists, note the file(s) where ListenAndServe and Shutdown run.
  3. Capture session / TUI evidencePass when: for each teaHandler (or equivalent), you have noted from source whether s.Pty() is checked before using window size, and whether per-session renderers (bubbletea.MakeRenderer) are used where Lipgloss styles apply.
  4. Write findingsPass when: each finding uses [FILE:LINE] ISSUE_TITLE (line range allowed where needed) and points to the relevant row in Quick Reference (or the matching section in references/).

Review Checklist

Use alongside Review gates; for a written review, complete the gates first so each item below can be tied to cited source.

  • [ ] Host keys are loaded from file or generated securely
  • [ ] Middleware order is correct (logging first, auth early)
  • [ ] Session context is used for per-connection state
  • [ ] Graceful shutdown handles active sessions
  • [ ] PTY requests are handled for terminal apps
  • [ ] Connection limits prevent resource exhaustion
  • [ ] Timeout middleware prevents hung connections
  • [ ] BubbleTea middleware correctly configured

Critical Patterns

Server Setup

// GOOD - complete server setup
s, err := wish.NewServer(
    wish.WithAddress(fmt.Sprintf("%s:%d", host, port)),
    wish.WithHostKeyPath(".ssh/id_ed25519"),
    wish.WithMiddleware(
        logging.Middleware(),       // first: log all connections
        activeterm.Middleware(),    // handle terminal sizing
        bubbletea.Middleware(teaHandler),
    ),
)
if err != nil {
    return fmt.Errorf("creating server: %w", err)
}

Graceful Shutdown

// BAD - abrupt shutdown
log.Fatal(s.ListenAndServe())

// GOOD - graceful shutdown
done := make(chan os.Signal, 1)
signal.Notify(done, os.Interrupt, syscall.SIGTERM)

go func() {
    if err := s.ListenAndServe(); err != nil && !errors.Is(err, ssh.ErrServerClosed) {
        log.Error("server error", "error", err)
    }
}()

<-done
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
if err := s.Shutdown(ctx); err != nil {
    log.Error("shutdown error", "error", err)
}

BubbleTea Handler

func teaHandler(s ssh.Session) (tea.Model, []tea.ProgramOption) {
    pty, _, _ := s.Pty()

    model := NewModel(pty.Window.Width, pty.Window.Height)

    return model, []tea.ProgramOption{
        tea.WithAltScreen(),
        tea.WithMouseCellMotion(),
    }
}

When to Load References

  • Reviewing server initialization → server.md
  • Reviewing authentication, session state → sessions.md

Review Questions

  1. Are host keys handled securely?
  2. Is middleware order correct?
  3. Is graceful shutdown implemented?
  4. Are PTY window sizes passed to the TUI?
  5. Are connection timeouts configured?

版本历史

共 2 个版本

  • v2.3.1 当前
    2026-05-03 07:50 安全 安全
  • v2.3.0
    2026-03-31 06:21 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

dev-programming

Mcporter

steipete
使用 mcporter CLI 直接列出、配置、认证及调用 MCP 服务器/工具(支持 HTTP 或 stdio),涵盖临时服务器、配置编辑及 CLI/类型生成功能。
★ 198 📥 68,229
dev-programming

YouTube

byungkyu
使用托管OAuth集成YouTube Data API,支持搜索视频、管理播放列表、获取频道数据及评论互动,适用于用户需要时使用此技能。
★ 142 📥 42,116
dev-programming

Github

steipete
使用 `gh` CLI 与 GitHub 交互,通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。
★ 686 📥 331,074