RBAC-ready multi-session support with role-based permissions

cloud.go

@@ -197,6 +197,20 @@ func wsResetMetrics(established bool, sourceType string, source string) {
 }
 
 func handleCloudRegister(c *gin.Context) {
+	sessionID, _ := c.Cookie("sessionId")
+	authToken, _ := c.Cookie("authToken")
+
+	if sessionID != "" && authToken != "" && authToken == config.LocalAuthToken {
+		session := sessionManager.GetSession(sessionID)
+		if session != nil && !session.HasPermission(PermissionSettingsWrite) {
+			c.JSON(403, gin.H{"error": "Permission denied: settings modify permission required"})
+			return
+		}
+	} else if sessionID != "" {
+		c.JSON(401, gin.H{"error": "Authentication required"})
+		return
+	}
+
 	var req CloudRegisterRequest
 
 	if err := c.ShouldBindJSON(&req); err != nil {
@@ -426,8 +440,15 @@ func handleSessionRequest(
 	req WebRTCSessionRequest,
 	isCloudConnection bool,
 	source string,
+	connectionID string,
 	scopedLogger *zerolog.Logger,
-) error {
+) (returnErr error) {
+	defer func() {
+		if r := recover(); r != nil {
+			websocketLogger.Error().Interface("panic", r).Msg("PANIC in handleSessionRequest")
+			returnErr = fmt.Errorf("panic: %v", r)
+		}
+	}()
 	var sourceType string
 	if isCloudConnection {
 		sourceType = "cloud"
@@ -453,6 +474,7 @@ func handleSessionRequest(
 		IsCloud:    isCloudConnection,
 		LocalIP:    req.IP,
 		ICEServers: req.ICEServers,
+		UserAgent:  req.UserAgent,
 		Logger:     scopedLogger,
 	})
 	if err != nil {
@@ -462,26 +484,73 @@ func handleSessionRequest(
 
 	sd, err := session.ExchangeOffer(req.Sd)
 	if err != nil {
+		scopedLogger.Warn().Err(err).Msg("failed to exchange offer")
 		_ = wsjson.Write(context.Background(), c, gin.H{"error": err})
 		return err
 	}
-	if currentSession != nil {
-		writeJSONRPCEvent("otherSessionConnected", nil, currentSession)
-		peerConn := currentSession.peerConnection
-		go func() {
-			time.Sleep(1 * time.Second)
-			_ = peerConn.Close()
-		}()
+	session.Source = source
+
+	if isCloudConnection && req.OidcGoogle != "" {
+		session.Identity = config.GoogleIdentity
+
+		// Use client-provided sessionId for reconnection, otherwise generate new one
+		// This enables multi-tab support while preserving reconnection on refresh
+		if req.SessionId != "" {
+			session.ID = req.SessionId
+			scopedLogger.Info().Str("sessionId", session.ID).Msg("Cloud session reconnecting with client-provided ID")
+		} else {
+			session.ID = connectionID
+			scopedLogger.Info().Str("sessionId", session.ID).Msg("New cloud session established")
+		}
+	} else {
+		session.ID = connectionID
+		scopedLogger.Info().Str("sessionId", session.ID).Msg("Local session established")
 	}
 
-	cloudLogger.Info().Interface("session", session).Msg("new session accepted")
-	cloudLogger.Trace().Interface("session", session).Msg("new session accepted")
+	if sessionManager == nil {
+		scopedLogger.Error().Msg("sessionManager is nil")
+		_ = wsjson.Write(context.Background(), c, gin.H{"error": "session manager not initialized"})
+		return fmt.Errorf("session manager not initialized")
+	}
 
-	// Cancel any ongoing keyboard macro when session changes
-	cancelKeyboardMacro()
+	err = sessionManager.AddSession(session, req.SessionSettings)
+	if err != nil {
+		scopedLogger.Warn().Err(err).Msg("failed to add session to session manager")
+		if err == ErrMaxSessionsReached {
+			_ = wsjson.Write(context.Background(), c, gin.H{"error": "maximum sessions reached"})
+		} else {
+			_ = wsjson.Write(context.Background(), c, gin.H{"error": err.Error()})
+		}
+		return err
+	}
+
+	if session.HasPermission(PermissionPaste) {
+		cancelKeyboardMacro()
+	}
+
+	requireNickname := false
+	requireApproval := false
+	if currentSessionSettings != nil {
+		requireNickname = currentSessionSettings.RequireNickname
+		requireApproval = currentSessionSettings.RequireApproval
+	}
 
-	currentSession = session
-	_ = wsjson.Write(context.Background(), c, gin.H{"type": "answer", "data": sd})
+	err = wsjson.Write(context.Background(), c, gin.H{
+		"type":            "answer",
+		"data":            sd,
+		"sessionId":       session.ID,
+		"mode":            session.Mode,
+		"nickname":        session.Nickname,
+		"requireNickname": requireNickname,
+		"requireApproval": requireApproval,
+	})
+	if err != nil {
+		return err
+	}
+
+	if session.flushCandidates != nil {
+		session.flushCandidates()
+	}
 	return nil
 }
 

config.go

@@ -77,11 +77,21 @@ func (m *KeyboardMacro) Validate() error {
 	return nil
 }
 
+// MultiSessionConfig defines settings for multi-session support
+type MultiSessionConfig struct {
+	Enabled             bool `json:"enabled"`
+	MaxSessions         int  `json:"max_sessions"`
+	PrimaryTimeout      int  `json:"primary_timeout_seconds"`
+	AllowCloudOverride  bool `json:"allow_cloud_override"`
+	RequireAuthTransfer bool `json:"require_auth_transfer"`
+}
+
 type Config struct {
 	CloudURL             string                 `json:"cloud_url"`
 	CloudAppURL          string                 `json:"cloud_app_url"`
 	CloudToken           string                 `json:"cloud_token"`
 	GoogleIdentity       string                 `json:"google_identity"`
+	MultiSession         *MultiSessionConfig    `json:"multi_session"`
 	JigglerEnabled       bool                   `json:"jiggler_enabled"`
 	JigglerConfig        *JigglerConfig         `json:"jiggler_config"`
 	AutoUpdateEnabled    bool                   `json:"auto_update_enabled"`
@@ -104,6 +114,7 @@ type Config struct {
 	UsbDevices           *usbgadget.Devices     `json:"usb_devices"`
 	NetworkConfig        *network.NetworkConfig `json:"network_config"`
 	DefaultLogLevel      string                 `json:"default_log_level"`
+	SessionSettings      *SessionSettings       `json:"session_settings"`
 	VideoSleepAfterSec   int                    `json:"video_sleep_after_sec"`
 }
 
@@ -129,17 +140,31 @@ func (c *Config) SetDisplayRotation(rotation string) error {
 const configPath = "/userdata/kvm_config.json"
 
 var defaultConfig = &Config{
-	CloudURL:             "https://api.jetkvm.com",
-	CloudAppURL:          "https://app.jetkvm.com",
-	AutoUpdateEnabled:    true, // Set a default value
-	ActiveExtension:      "",
+	CloudURL:          "https://api.jetkvm.com",
+	CloudAppURL:       "https://app.jetkvm.com",
+	AutoUpdateEnabled: true, // Set a default value
+	ActiveExtension:   "",
+	MultiSession: &MultiSessionConfig{
+		Enabled:             true,  // Enable by default for new features
+		MaxSessions:         10,    // Reasonable default
+		PrimaryTimeout:      300,   // 5 minutes
+		AllowCloudOverride:  true,  // Cloud sessions can take control
+		RequireAuthTransfer: false, // Don't require auth by default
+	},
 	KeyboardMacros:       []KeyboardMacro{},
 	DisplayRotation:      "270",
 	KeyboardLayout:       "en-US",
 	DisplayMaxBrightness: 64,
 	DisplayDimAfterSec:   120,  // 2 minutes
 	DisplayOffAfterSec:   1800, // 30 minutes
-	JigglerEnabled:       false,
+	SessionSettings: &SessionSettings{
+		RequireApproval:      false,
+		RequireNickname:      false,
+		ReconnectGrace:       10,
+		PrivateKeystrokes:    false,
+		MaxRejectionAttempts: 3,
+	},
+	JigglerEnabled: false,
 	// This is the "Standard" jiggler option in the UI
 	JigglerConfig: &JigglerConfig{
 		InactivityLimitSeconds: 60,

datachannel_helpers.go

@@ -0,0 +1,11 @@
+package kvm
+
+import "github.com/pion/webrtc/v4"
+
+func handlePermissionDeniedChannel(d *webrtc.DataChannel, message string) {
+	d.OnOpen(func() {
+		_ = d.SendText(message + "\r\n")
+		d.Close()
+	})
+	d.OnMessage(func(msg webrtc.DataChannelMessage) {})
+}

errors.go

@@ -0,0 +1,10 @@
+package kvm
+
+import "errors"
+
+var (
+	ErrPermissionDeniedKeyboard = errors.New("permission denied: keyboard input")
+	ErrPermissionDeniedMouse    = errors.New("permission denied: mouse input")
+	ErrNotPrimarySession        = errors.New("operation requires primary session")
+	ErrSessionNotFound          = errors.New("session not found")
+)

hidrpc.go

@@ -27,27 +27,45 @@ func handleHidRPCMessage(message hidrpc.Message, session *Session) {
 		}
 		session.hidRPCAvailable = true
 	case hidrpc.TypeKeypressReport, hidrpc.TypeKeyboardReport:
+		if !session.HasPermission(PermissionKeyboardInput) {
+			return
+		}
 		rpcErr = handleHidRPCKeyboardInput(message)
 	case hidrpc.TypeKeyboardMacroReport:
+		if !session.HasPermission(PermissionPaste) {
+			return
+		}
 		keyboardMacroReport, err := message.KeyboardMacroReport()
 		if err != nil {
 			logger.Warn().Err(err).Msg("failed to get keyboard macro report")
 			return
 		}
 		rpcErr = rpcExecuteKeyboardMacro(keyboardMacroReport.Steps)
 	case hidrpc.TypeCancelKeyboardMacroReport:
+		if !session.HasPermission(PermissionPaste) {
+			return
+		}
 		rpcCancelKeyboardMacro()
 		return
 	case hidrpc.TypeKeypressKeepAliveReport:
+		if !session.HasPermission(PermissionKeyboardInput) {
+			return
+		}
 		rpcErr = handleHidRPCKeypressKeepAlive(session)
 	case hidrpc.TypePointerReport:
+		if !session.HasPermission(PermissionMouseInput) {
+			return
+		}
 		pointerReport, err := message.PointerReport()
 		if err != nil {
 			logger.Warn().Err(err).Msg("failed to get pointer report")
 			return
 		}
-		rpcErr = rpcAbsMouseReport(pointerReport.X, pointerReport.Y, pointerReport.Button)
+		rpcErr = rpcAbsMouseReport(int16(pointerReport.X), int16(pointerReport.Y), pointerReport.Button)
 	case hidrpc.TypeMouseReport:
+		if !session.HasPermission(PermissionMouseInput) {
+			return
+		}
 		mouseReport, err := message.MouseReport()
 		if err != nil {
 			logger.Warn().Err(err).Msg("failed to get mouse report")