Command goat provides an implementation of a BitTorrent tracker, written in Go.
goat can be built using Go 1.1+. It can be downloaded, built, and installed,
simply by running:
In addition, goat depends on a MySQL server for data storage. After creating a
database and user for goat, its database schema may be imported from the SQL
files located in 'res/'. goat will not run unless MySQL is installed, and a
database and user are properly configured for its use.
Optionally, goat can be built to use ql (https://github.com/cznic/ql) as its storage
backend. This is done by supplying the 'ql' tag in the go get command:
A blank ql database file is located under 'res/ql/goat.db', and will be copied to
'~/.config/goat/goat.db' on UNIX systems. goat is now able to use ql as its
storage backend, for those who do not wish to use an external, MySQL backend.
goat is capable of listening for torrent traffic in three modes: HTTP, HTTPS,
and UDP. HTTP/HTTPS are the recommended methods, and are required in order for
goat to serve its API, and to allow use of private tracker passkeys.
HTTP is considered the standard mode of operation for goat. HTTP allows gathering
a great number of metrics, use of passkeys, use of a client whitelist, and access
to goat's RESTful API, when configured. For most trackers, this will be the only
listener which is necessary in order for goat to function properly.
The HTTPS listener provides a method to encrypt traffic to the tracker, but must
be used with caution. Unless the SSL certificate in use is signed by a proper
certificate authority, it will distress most clients, and they may outright refuse
to announce to it. If you are in possession of a certificate signed by a certificate
authority, this mode may be more ideal, as it provides added security for your
clients.
The UDP listener is the most unusual method of the three, and should only be used
for public trackers. The BitTorrent UDP tracker protocol specifies a very specific
packet format, meaning that additional information or parameters cannot be packed
into a UDP datagram in a standard way. The UDP tracker may be the fastest and least
bandwidth-intensive, but as stated, should only be used for public trackers.
A new feature goat added to goat in order to allow better interoperability with many
languages is a RESTful API, which is served using the HTTP or HTTPS listeners. This
API enables easy retrieval of tracker statistics, while allowing goat to run as a
completely independent process.
It should be noted that the API is only enabled when configured, and when a HTTP or
HTTPS listener is enabled. Without a transport mechanism, the API will be inaccessible.
The API features several modes of authentication, including HTTP Basic for login and
HMAC-SHA1 other calls. Upon logging into the API using HTTP Basic with a username
and password pair, an API public key and secret will be generated. The public key
is used as the username for HTTP Basic authentication, and the secret key is used
to calculate a HMAC-SHA1 signature for the password.
As part of API signature generation, a random nonce value must be generated and added
to the request. It is added to the password portion of the HTTP Basic request, and
also to the string which is used to create the signature. Nonce values must be changed
on every request, or the request will fail.
The current pseudocode format of the HMAC-SHA1 signature is as follows:
The proper format for a HTTP Basic request is as follows:
When the public key, nonce, and API signature are sent via HTTP Basic, the server will
verify the signature. Successful authentication will allow access to the API.
This list contains all API calls currently recognized by goat. Each call must be
authenticated using the aforementioned methods.
Request an API public key and secret key for this user. The public key, user ID,
and secret key are used to authenticate further API calls. The expire time indicates
when this key is set to expire. Further API calls will extend the expiration time.
Retrieve a list of all files tracked by goat. Some extended attributes are not added
to reduce strain on database, and to provide a more general overview.
Retrieve extended attributes about a specific file with matching ID. This provides
counts for number of completions, seeders, leechers, and a list of fileUser relationships
associated with a given file.
Retrieve a variety of metrics about the current status of goat, including its PID,
hostname, memory usage, number of HTTP/UDP hits, etc.
Create a user with the specified username, password, and torrent limit.
Reterieve a list of all users registered to goat, including their ID, torrent limit,
and username.
Retrieve information about a single user with matching ID, including their ID, torrent
limit, and username.
goat is configured using a JSON file, which will be created under
'~/.config/goat/config.json' on UNIX systems. Here is an example configuration,
describing the settings available to the user.