RBAC-ready multi-session support with role-based permissions

Makefile

@@ -2,8 +2,8 @@ BRANCH    := $(shell git rev-parse --abbrev-ref HEAD)
 BUILDDATE := $(shell date -u +%FT%T%z)
 BUILDTS   := $(shell date -u +%s)
 REVISION  := $(shell git rev-parse HEAD)
-VERSION_DEV := 0.4.9-dev$(shell date +%Y%m%d%H%M)
-VERSION := 0.4.8
+VERSION_DEV ?= 0.4.9-dev$(shell date +%Y%m%d%H%M)
+VERSION ?= 0.4.8
 
 PROMETHEUS_TAG := github.com/prometheus/common/version
 KVM_PKG_NAME := github.com/jetkvm/kvm

cloud.go

@@ -197,6 +197,24 @@ func wsResetMetrics(established bool, sourceType string, source string) {
 }
 
 func handleCloudRegister(c *gin.Context) {
+	sessionID, _ := c.Cookie("sessionId")
+	authToken, _ := c.Cookie("authToken")
+
+	// Require authentication for this endpoint
+	if authToken == "" || authToken != config.LocalAuthToken {
+		c.JSON(401, gin.H{"error": "Authentication required"})
+		return
+	}
+
+	// Check session permissions if session exists
+	if sessionID != "" {
+		session := sessionManager.GetSession(sessionID)
+		if session != nil && !session.HasPermission(PermissionSettingsWrite) {
+			c.JSON(403, gin.H{"error": "Permission denied: settings modify permission required"})
+			return
+		}
+	}
+
 	var req CloudRegisterRequest
 
 	if err := c.ShouldBindJSON(&req); err != nil {
@@ -426,8 +444,15 @@ func handleSessionRequest(
 	req WebRTCSessionRequest,
 	isCloudConnection bool,
 	source string,
+	connectionID string,
 	scopedLogger *zerolog.Logger,
-) error {
+) (returnErr error) {
+	defer func() {
+		if r := recover(); r != nil {
+			websocketLogger.Error().Interface("panic", r).Msg("PANIC in handleSessionRequest")
+			returnErr = fmt.Errorf("panic: %v", r)
+		}
+	}()
 	var sourceType string
 	if isCloudConnection {
 		sourceType = "cloud"
@@ -453,6 +478,7 @@ func handleSessionRequest(
 		IsCloud:    isCloudConnection,
 		LocalIP:    req.IP,
 		ICEServers: req.ICEServers,
+		UserAgent:  req.UserAgent,
 		Logger:     scopedLogger,
 	})
 	if err != nil {
@@ -462,26 +488,73 @@ func handleSessionRequest(
 
 	sd, err := session.ExchangeOffer(req.Sd)
 	if err != nil {
+		scopedLogger.Warn().Err(err).Msg("failed to exchange offer")
 		_ = wsjson.Write(context.Background(), c, gin.H{"error": err})
 		return err
 	}
-	if currentSession != nil {
-		writeJSONRPCEvent("otherSessionConnected", nil, currentSession)
-		peerConn := currentSession.peerConnection
-		go func() {
-			time.Sleep(1 * time.Second)
-			_ = peerConn.Close()
-		}()
+	session.Source = source
+
+	if isCloudConnection && req.OidcGoogle != "" {
+		session.Identity = config.GoogleIdentity
+
+		// Use client-provided sessionId for reconnection, otherwise generate new one
+		// This enables multi-tab support while preserving reconnection on refresh
+		if req.SessionId != "" {
+			session.ID = req.SessionId
+			scopedLogger.Info().Str("sessionId", session.ID).Msg("Cloud session reconnecting with client-provided ID")
+		} else {
+			session.ID = connectionID
+			scopedLogger.Info().Str("sessionId", session.ID).Msg("New cloud session established")
+		}
+	} else {
+		session.ID = connectionID
+		scopedLogger.Info().Str("sessionId", session.ID).Msg("Local session established")
+	}
+
+	if sessionManager == nil {
+		scopedLogger.Error().Msg("sessionManager is nil")
+		_ = wsjson.Write(context.Background(), c, gin.H{"error": "session manager not initialized"})
+		return fmt.Errorf("session manager not initialized")
+	}
+
+	err = sessionManager.AddSession(session, req.SessionSettings)
+	if err != nil {
+		scopedLogger.Warn().Err(err).Msg("failed to add session to session manager")
+		if err == ErrMaxSessionsReached {
+			_ = wsjson.Write(context.Background(), c, gin.H{"error": "maximum sessions reached"})
+		} else {
+			_ = wsjson.Write(context.Background(), c, gin.H{"error": err.Error()})
+		}
+		return err
+	}
+
+	if session.HasPermission(PermissionPaste) {
+		cancelKeyboardMacro()
 	}
 
-	cloudLogger.Info().Interface("session", session).Msg("new session accepted")
-	cloudLogger.Trace().Interface("session", session).Msg("new session accepted")
+	requireNickname := false
+	requireApproval := false
+	if currentSessionSettings != nil {
+		requireNickname = currentSessionSettings.RequireNickname
+		requireApproval = currentSessionSettings.RequireApproval
+	}
 
-	// Cancel any ongoing keyboard macro when session changes
-	cancelKeyboardMacro()
+	err = wsjson.Write(context.Background(), c, gin.H{
+		"type":            "answer",
+		"data":            sd,
+		"sessionId":       session.ID,
+		"mode":            session.Mode,
+		"nickname":        session.Nickname,
+		"requireNickname": requireNickname,
+		"requireApproval": requireApproval,
+	})
+	if err != nil {
+		return err
+	}
 
-	currentSession = session
-	_ = wsjson.Write(context.Background(), c, gin.H{"type": "answer", "data": sd})
+	if session.flushCandidates != nil {
+		session.flushCandidates()
+	}
 	return nil
 }
 

config.go

@@ -78,11 +78,21 @@ func (m *KeyboardMacro) Validate() error {
 	return nil
 }
 
+// MultiSessionConfig defines settings for multi-session support
+type MultiSessionConfig struct {
+	Enabled             bool `json:"enabled"`
+	MaxSessions         int  `json:"max_sessions"`
+	PrimaryTimeout      int  `json:"primary_timeout_seconds"`
+	AllowCloudOverride  bool `json:"allow_cloud_override"`
+	RequireAuthTransfer bool `json:"require_auth_transfer"`
+}
+
 type Config struct {
 	CloudURL             string               `json:"cloud_url"`
 	CloudAppURL          string               `json:"cloud_app_url"`
 	CloudToken           string               `json:"cloud_token"`
 	GoogleIdentity       string               `json:"google_identity"`
+	MultiSession         *MultiSessionConfig  `json:"multi_session"`
 	JigglerEnabled       bool                 `json:"jiggler_enabled"`
 	JigglerConfig        *JigglerConfig       `json:"jiggler_config"`
 	AutoUpdateEnabled    bool                 `json:"auto_update_enabled"`
@@ -105,6 +115,7 @@ type Config struct {
 	UsbDevices           *usbgadget.Devices   `json:"usb_devices"`
 	NetworkConfig        *types.NetworkConfig `json:"network_config"`
 	DefaultLogLevel      string               `json:"default_log_level"`
+	SessionSettings      *SessionSettings     `json:"session_settings"`
 	VideoSleepAfterSec   int                  `json:"video_sleep_after_sec"`
 	VideoQualityFactor   float64              `json:"video_quality_factor"`
 }
@@ -156,17 +167,31 @@ var (
 
 func getDefaultConfig() Config {
 	return Config{
-		CloudURL:             "https://api.jetkvm.com",
-		CloudAppURL:          "https://app.jetkvm.com",
-		AutoUpdateEnabled:    true, // Set a default value
-		ActiveExtension:      "",
+		CloudURL:          "https://api.jetkvm.com",
+		CloudAppURL:       "https://app.jetkvm.com",
+		AutoUpdateEnabled: true, // Set a default value
+		ActiveExtension:   "",
+		MultiSession: &MultiSessionConfig{
+			Enabled:             true,  // Enable by default for new features
+			MaxSessions:         10,    // Reasonable default
+			PrimaryTimeout:      300,   // 5 minutes
+			AllowCloudOverride:  true,  // Cloud sessions can take control
+			RequireAuthTransfer: false, // Don't require auth by default
+		},
 		KeyboardMacros:       []KeyboardMacro{},
 		DisplayRotation:      "270",
 		KeyboardLayout:       "en-US",
 		DisplayMaxBrightness: 64,
 		DisplayDimAfterSec:   120,  // 2 minutes
 		DisplayOffAfterSec:   1800, // 30 minutes
-		JigglerEnabled:       false,
+		SessionSettings: &SessionSettings{
+			RequireApproval:      false,
+			RequireNickname:      false,
+			ReconnectGrace:       10,
+			PrivateKeystrokes:    false,
+			MaxRejectionAttempts: 3,
+		},
+		JigglerEnabled: false,
 		// This is the "Standard" jiggler option in the UI
 		JigglerConfig: func() *JigglerConfig { c := defaultJigglerConfig; return &c }(),
 		TLSMode:       "",
@@ -248,6 +273,14 @@ func LoadConfig() {
 		loadedConfig.JigglerConfig = getDefaultConfig().JigglerConfig
 	}
 
+	if loadedConfig.MultiSession == nil {
+		loadedConfig.MultiSession = getDefaultConfig().MultiSession
+	}
+
+	if loadedConfig.SessionSettings == nil {
+		loadedConfig.SessionSettings = getDefaultConfig().SessionSettings
+	}
+
 	// fixup old keyboard layout value
 	if loadedConfig.KeyboardLayout == "en_US" {
 		loadedConfig.KeyboardLayout = "en-US"

datachannel_helpers.go

@@ -0,0 +1,11 @@
+package kvm
+
+import "github.com/pion/webrtc/v4"
+
+func handlePermissionDeniedChannel(d *webrtc.DataChannel, message string) {
+	d.OnOpen(func() {
+		_ = d.SendText(message + "\r\n")
+		d.Close()
+	})
+	d.OnMessage(func(msg webrtc.DataChannelMessage) {})
+}

display.go

@@ -70,7 +70,7 @@ func updateDisplay() {
 		nativeInstance.UpdateLabelIfChanged("hdmi_status_label", "Disconnected")
 		_, _ = nativeInstance.UIObjClearState("hdmi_status_label", "LV_STATE_CHECKED")
 	}
-	nativeInstance.UpdateLabelIfChanged("cloud_status_label", fmt.Sprintf("%d active", actionSessions))
+	nativeInstance.UpdateLabelIfChanged("cloud_status_label", fmt.Sprintf("%d active", getActiveSessions()))
 
 	if networkManager != nil && networkManager.IsUp() {
 		nativeInstance.UISetVar("main_screen", "home_screen")

errors.go

@@ -0,0 +1,10 @@
+package kvm
+
+import "errors"
+
+var (
+	ErrPermissionDeniedKeyboard = errors.New("permission denied: keyboard input")
+	ErrPermissionDeniedMouse    = errors.New("permission denied: mouse input")
+	ErrNotPrimarySession        = errors.New("operation requires primary session")
+	ErrSessionNotFound          = errors.New("session not found")
+)

hidrpc.go

@@ -16,6 +16,13 @@ func handleHidRPCMessage(message hidrpc.Message, session *Session) {
 
 	switch message.Type() {
 	case hidrpc.TypeHandshake:
+		if !session.HasPermission(PermissionVideoView) {
+			logger.Debug().
+				Str("sessionID", session.ID).
+				Str("mode", string(session.Mode)).
+				Msg("handshake blocked: session lacks PermissionVideoView")
+			return
+		}
 		message, err := hidrpc.NewHandshakeMessage().Marshal()
 		if err != nil {
 			logger.Warn().Err(err).Msg("failed to marshal handshake message")
@@ -27,27 +34,57 @@ func handleHidRPCMessage(message hidrpc.Message, session *Session) {
 		}
 		session.hidRPCAvailable = true
 	case hidrpc.TypeKeypressReport, hidrpc.TypeKeyboardReport:
+		if !session.HasPermission(PermissionKeyboardInput) {
+			logger.Debug().
+				Str("sessionID", session.ID).
+				Str("mode", string(session.Mode)).
+				Msg("keyboard input blocked: session lacks PermissionKeyboardInput")
+			return
+		}
 		rpcErr = handleHidRPCKeyboardInput(message)
 	case hidrpc.TypeKeyboardMacroReport:
+		if !session.HasPermission(PermissionPaste) {
+			return
+		}
 		keyboardMacroReport, err := message.KeyboardMacroReport()
 		if err != nil {
 			logger.Warn().Err(err).Msg("failed to get keyboard macro report")
 			return
 		}
 		rpcErr = rpcExecuteKeyboardMacro(keyboardMacroReport.Steps)
 	case hidrpc.TypeCancelKeyboardMacroReport:
+		if !session.HasPermission(PermissionPaste) {
+			return
+		}
 		rpcCancelKeyboardMacro()
 		return
 	case hidrpc.TypeKeypressKeepAliveReport:
+		if !session.HasPermission(PermissionKeyboardInput) {
+			return
+		}
 		rpcErr = handleHidRPCKeypressKeepAlive(session)
 	case hidrpc.TypePointerReport:
+		if !session.HasPermission(PermissionMouseInput) {
+			logger.Debug().
+				Str("sessionID", session.ID).
+				Str("mode", string(session.Mode)).
+				Msg("pointer report blocked: session lacks PermissionMouseInput")
+			return
+		}
 		pointerReport, err := message.PointerReport()
 		if err != nil {
 			logger.Warn().Err(err).Msg("failed to get pointer report")
 			return
 		}
 		rpcErr = rpcAbsMouseReport(pointerReport.X, pointerReport.Y, pointerReport.Button)
 	case hidrpc.TypeMouseReport:
+		if !session.HasPermission(PermissionMouseInput) {
+			logger.Debug().
+				Str("sessionID", session.ID).
+				Str("mode", string(session.Mode)).
+				Msg("mouse report blocked: session lacks PermissionMouseInput")
+			return
+		}
 		mouseReport, err := message.MouseReport()
 		if err != nil {
 			logger.Warn().Err(err).Msg("failed to get mouse report")
@@ -116,14 +153,15 @@ const baseExtension = expectedRate + maxLateness // 100ms extension on perfect t
 const maxStaleness = 225 * time.Millisecond // discard ancient packets outright
 
 func handleHidRPCKeypressKeepAlive(session *Session) error {
+	// NOTE: Do NOT update LastActive here - jiggler keep-alives are automated,
+	// not human input. Only actual keyboard/mouse input should prevent timeout.
+
 	session.keepAliveJitterLock.Lock()
 	defer session.keepAliveJitterLock.Unlock()
 
 	now := time.Now()
 
-	// 1) Staleness guard: ensures packets that arrive far beyond the life of a valid key hold
-	// (e.g. after a network stall, retransmit burst, or machine sleep) are ignored outright.
-	// This prevents “zombie” keepalives from reviving a key that should already be released.
+	// Staleness guard: discard ancient packets after network stall/machine sleep
 	if !session.lastTimerResetTime.IsZero() && now.Sub(session.lastTimerResetTime) > maxStaleness {
 		return nil
 	}