RBAC-ready multi-session support with role-based permissions #880
+6,182
−457
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implements concurrent WebRTC session management with granular permission control, enabling multiple users to connect simultaneously with different access levels. Features: - Session modes: Primary (full control), Observer (view-only), Queued, Pending - Role-based permissions (31 permissions across video, input, settings, system) - Session approval workflow with configurable access control - Primary control transfer, request, and approval mechanisms - Grace period reconnection (prevents interruption on network issues) - Automatic session timeout and cleanup - Nickname system with browser-based auto-generation - Trust-based emergency promotion (deadlock prevention) - Session blacklisting (prevents transfer abuse) Technical Implementation: - Centralized permission system (internal/session package) - Broadcast throttling (100ms global, 50ms per-session) for DoS protection - Defense-in-depth permission validation - Pre-allocated event maps for hot-path performance - Lock-free session iteration with snapshot pattern - Comprehensive session management UI with real-time updates New Files: - session_manager.go (1628 lines) - Core session lifecycle - internal/session/permissions.go (306 lines) - Permission rules - session_permissions.go (77 lines) - Package integration - datachannel_helpers.go (11 lines) - Permission denied handler - errors.go (10 lines) - Error definitions - 14 new UI components (session management, approval dialogs, overlays) 50 files changed, 5836 insertions(+), 442 deletions(-)
pennycoders
changed the title
pennycoders
changed the title
Address all linting warnings and errors in both backend and frontend code: **Go (golangci-lint):** - Add error checking for ignored return values (errcheck) - Remove unused RPC functions (unused) - Fix import formatting (goimports) **TypeScript/React (eslint):** - Replace all 'any' and 'Function' types with proper type definitions - Add RpcSendFunction type for consistent JSON-RPC callback signatures - Fix React Hook exhaustive-deps warnings by adding missing dependencies - Wrap functions in useCallback where needed to stabilize dependencies - Remove unused variables and imports - Remove empty code blocks - Suppress exhaustive-deps warnings where intentional (with comments) All linting now passes with 0 errors and 0 warnings.
|
Nice job with this one, will try it out myself. Any things i need to know about to set it up @pennycoders ? |
CRITICAL SECURITY FIX: Pending sessions (awaiting approval) were granted video.view permission, allowing denied sessions to see video when they reconnected. **Vulnerability:** 1. Session requests access and enters pending mode 2. Primary session denies the request 3. Denied session clicks "Try Again" and reconnects 4. New session enters pending mode but has video.view permission 5. User can see video stream despite being denied **Fix:** Remove PermissionVideoView from SessionModePending. Pending sessions now have NO permissions until explicitly approved by the primary session. This ensures: - Denied sessions cannot access video on reconnection - Only approved sessions (observer/queued/primary) can view video - CanReceiveVideo() properly blocks video frames for pending sessions
… limits Backend improvements: - Keep denied sessions alive in pending mode instead of removing them - Add requestSessionApproval RPC method for re-requesting access - Fix security issue: preserve pending mode on reconnection for denied sessions - Add MaxRejectionAttempts field to SessionSettings (default: 3, configurable 1-10) Frontend improvements: - Change "Try Again" button to "Request Access Again" that re-requests approval - Add rejection counter with configurable maximum attempts - Hide modal after max rejections; session stays pending in SessionPopover - Add "Dismiss" button for primary to hide approval requests without deciding - Add MaxRejectionAttempts control in multi-session settings page - Reset rejection count when session is approved This improves the user experience by allowing denied users to retry without page reloads, while preventing spam with configurable rejection limits.
Sessions in pending mode do not have PermissionVideoView and should not attempt to call getLocalVersion RPC method. Add permission check before calling getLocalVersion to prevent unnecessary permission denied errors.
… logout promotion Observer-to-primary promotion protections: - Block auto-promotion during active primary grace periods - Prevent creating multiple primary sessions simultaneously - Validate transfer source is actual current primary - Check for duplicate primaries before promotion Immediate promotion on logout: - Trigger validateSinglePrimary() immediately when primary disconnects - Smart grace period bypass: allow promotion within 2 seconds of disconnect - Provides instant promotion on logout while protecting against network blips Enhanced validation and logging: - Log session additions/removals with counts - Display session IDs in validation logs for debugging - Track grace period timing for smart bypass decisions
- Remove broken bypass logic that caused immediate observer promotion on refresh - Add session map debugging logs to validateSinglePrimary - Ensure grace period properly blocks auto-promotion until expiration
pennycoders
force-pushed
the
feat/multisession-support
branch
from
f9eda52 to
541d2bd
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements concurrent WebRTC session management with granular permission control, enabling multiple users to connect simultaneously with different access levels.
Features:
Technical Implementation: