Superminaren/kvm - kvm - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Alex P	1671a7706b	[WIP] Optimizations: code readiness optimizations	2025-10-23 01:24:58 +03:00
Alex P	40ccecc902	fix: address critical race conditions and security issues in multi-session This commit resolves multiple critical issues in the multi-session implementation: Race Conditions Fixed: - Add primaryPromotionLock mutex to prevent dual-primary corruption - Implement atomic nickname reservation before session addition - Add corruption detection and auto-fix in transferPrimaryRole - Implement broadcast coalescing to prevent storms Security Improvements: - Add permission check for HID RPC handshake - Implement sliding window rate limiting for emergency promotions - Add global RPC rate limiter (2000 req/sec across all sessions) - Enhance nickname validation (control chars, zero-width chars, unicode) Reliability Enhancements: - Add 5-second timeouts to all WebSocket writes - Add RPC queue monitoring (warns at 200+ messages) - Verify grace period memory leak protection - Verify goroutine cleanup on session removal Technical Details: - Use double-locking pattern (primaryPromotionLock → mu) - Implement deferred cleanup for failed nickname reservations - Use atomic.Bool for broadcast coalescing - Add trust scoring for emergency promotion selection Files Modified: - session_manager.go: Core session management fixes - session_cleanup_handlers.go: Rate limiting for emergency promotions - hidrpc.go: Permission checks for handshake - jsonrpc_session_handlers.go: Enhanced nickname validation - jsonrpc.go: Global RPC rate limiting - webrtc.go: WebSocket timeouts and queue monitoring Total: 266 insertions, 73 deletions across 6 files	2025-10-17 14:28:16 +03:00
Alex P	846caf77ce	refactor: improve code maintainability with focused handler functions Extract large switch statements and functions into focused, reusable handlers to improve code maintainability while preserving 100% functionality. Changes: - Extract onRPCMessage switch (200+ lines → 20 lines) into jsonrpc_session_handlers.go - Extract cleanupInactiveSessions (343 lines → 54 lines) into session_cleanup_handlers.go - Consolidate duplicate emergency promotion logic into attemptEmergencyPromotion() - Simplify shouldBecomePrimary boolean logic with self-documenting variables All changes pass linting (0 issues) and maintain complete functionality.	2025-10-17 11:29:04 +03:00

Author

SHA1

Message

Date

Alex P

1671a7706b

[WIP] Optimizations: code readiness optimizations

2025-10-23 01:24:58 +03:00

Alex P

40ccecc902

fix: address critical race conditions and security issues in multi-session

This commit resolves multiple critical issues in the multi-session implementation:

Race Conditions Fixed:
- Add primaryPromotionLock mutex to prevent dual-primary corruption
- Implement atomic nickname reservation before session addition
- Add corruption detection and auto-fix in transferPrimaryRole
- Implement broadcast coalescing to prevent storms

Security Improvements:
- Add permission check for HID RPC handshake
- Implement sliding window rate limiting for emergency promotions
- Add global RPC rate limiter (2000 req/sec across all sessions)
- Enhance nickname validation (control chars, zero-width chars, unicode)

Reliability Enhancements:
- Add 5-second timeouts to all WebSocket writes
- Add RPC queue monitoring (warns at 200+ messages)
- Verify grace period memory leak protection
- Verify goroutine cleanup on session removal

Technical Details:
- Use double-locking pattern (primaryPromotionLock → mu)
- Implement deferred cleanup for failed nickname reservations
- Use atomic.Bool for broadcast coalescing
- Add trust scoring for emergency promotion selection

Files Modified:
- session_manager.go: Core session management fixes
- session_cleanup_handlers.go: Rate limiting for emergency promotions
- hidrpc.go: Permission checks for handshake
- jsonrpc_session_handlers.go: Enhanced nickname validation
- jsonrpc.go: Global RPC rate limiting
- webrtc.go: WebSocket timeouts and queue monitoring

Total: 266 insertions, 73 deletions across 6 files

2025-10-17 14:28:16 +03:00

Alex P

846caf77ce

refactor: improve code maintainability with focused handler functions

Extract large switch statements and functions into focused, reusable handlers
to improve code maintainability while preserving 100% functionality.

Changes:
- Extract onRPCMessage switch (200+ lines → 20 lines) into jsonrpc_session_handlers.go
- Extract cleanupInactiveSessions (343 lines → 54 lines) into session_cleanup_handlers.go
- Consolidate duplicate emergency promotion logic into attemptEmergencyPromotion()
- Simplify shouldBecomePrimary boolean logic with self-documenting variables

All changes pass linting (0 issues) and maintain complete functionality.

2025-10-17 11:29:04 +03:00

3 Commits