Merge af6636ce81 into c98592a412

2025-09-08 09:30:22 -05:00
18 changed files with 93 additions and 609 deletions
--- a/17
+++ b/17
@ -62,22 +62,7 @@ build_dev_test: build_test2json build_gotestsum
 	tar czfv device-tests.tar.gz -C $(BIN_DIR)/tests .
 frontend:
-	cd ui && npm ci && npm run build:device && \
+	cd ui && npm ci && npm run build:device
 	find ../static/ \
 		-type f \
 		\( -name '*.js' \
 		-o -name '*.css' \
 		-o -name '*.html' \
 		-o -name '*.ico' \
 		-o -name '*.png' \
 		-o -name '*.jpg' \
 		-o -name '*.jpeg' \
 		-o -name '*.gif' \
 		-o -name '*.svg' \
 		-o -name '*.webp' \
 		-o -name '*.woff2' \
 		\) \
 		-exec sh -c 'gzip -9 -kfv {}' \;
 dev_release: frontend build_dev
 	@echo "Uploading release..."
--- a/config.go
+++ b/config.go
@ -118,7 +118,6 @@ var defaultConfig = &Config{
 	DisplayMaxBrightness: 64,
 	DisplayDimAfterSec:   120,  // 2 minutes
 	DisplayOffAfterSec:   1800, // 30 minutes
 	JigglerEnabled:       false,
 	// This is the "Standard" jiggler option in the UI
 	JigglerConfig: &JigglerConfig{
 		InactivityLimitSeconds: 60,
@ -206,15 +205,6 @@ func LoadConfig() {
 		loadedConfig.NetworkConfig = defaultConfig.NetworkConfig
 	}
 	if loadedConfig.JigglerConfig == nil {
 		loadedConfig.JigglerConfig = defaultConfig.JigglerConfig
 	}
 	// fixup old keyboard layout value
 	if loadedConfig.KeyboardLayout == "en_US" {
 		loadedConfig.KeyboardLayout = "en-US"
 	}
 	config = &loadedConfig
 	logging.GetRootLogger().UpdateLogLevel(config.DefaultLogLevel)
@ -231,11 +221,6 @@ func SaveConfig() error {
 	logger.Trace().Str("path", configPath).Msg("Saving config")
 	// fixup old keyboard layout value
 	if config.KeyboardLayout == "en_US" {
 		config.KeyboardLayout = "en-US"
 	}
 	file, err := os.Create(configPath)
 	if err != nil {
 		return fmt.Errorf("failed to create config file: %w", err)
@ -248,11 +233,6 @@ func SaveConfig() error {
 		return fmt.Errorf("failed to encode config: %w", err)
 	}
 	if err := file.Sync(); err != nil {
 		return fmt.Errorf("failed to wite config: %w", err)
 	}
 	logger.Info().Str("path", configPath).Msg("config saved")
 	return nil
 }
--- a/go.mod
+++ b/go.mod
@ -81,7 +81,6 @@ require (
 	github.com/rogpeppe/go-internal v1.14.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.0 // indirect
 	github.com/vearutop/statigz v1.5.0 // indirect
 	github.com/vishvananda/netns v0.0.5 // indirect
 	github.com/wlynxg/anet v0.0.5 // indirect
 	golang.org/x/arch v0.18.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -171,8 +171,6 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA=
 github.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
 github.com/vearutop/statigz v1.5.0 h1:FuWwZiT82yBw4xbWdWIawiP2XFTyEPhIo8upRxiKLqk=
 github.com/vearutop/statigz v1.5.0/go.mod h1:oHmjFf3izfCO804Di1ZjB666P3fAlVzJEx2k6jNt/Gk=
 github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0=
 github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4=
 github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
--- a/internal/utils/ssh.go
+++ b/internal/utils/ssh.go
@ -1,71 +0,0 @@
 package utils
 import (
 	"fmt"
 	"slices"
 	"strings"
 	"golang.org/x/crypto/ssh"
 )
 // ValidSSHKeyTypes is a list of valid SSH key types
 //
 // Please make sure that all the types in this list are supported by dropbear
 // https://github.com/mkj/dropbear/blob/003c5fcaabc114430d5d14142e95ffdbbd2d19b6/src/signkey.c#L37
 //
 // ssh-dss is not allowed here as it's insecure
 var ValidSSHKeyTypes = []string{
 	ssh.KeyAlgoRSA,
 	ssh.KeyAlgoED25519,
 	ssh.KeyAlgoECDSA256,
 	ssh.KeyAlgoECDSA384,
 	ssh.KeyAlgoECDSA521,
 }
 // ValidateSSHKey validates authorized_keys file content
 func ValidateSSHKey(sshKey string) error {
 	// validate SSH key
 	var (
 		hasValidPublicKey = false
 		lastError         = fmt.Errorf("no valid SSH key found")
 	)
 	for _, key := range strings.Split(sshKey, "\n") {
 		key = strings.TrimSpace(key)
 		// skip empty lines and comments
 		if key == "" || strings.HasPrefix(key, "#") {
 			continue
 		}
 		parsedPublicKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(key))
 		if err != nil {
 			lastError = err
 			continue
 		}
 		if parsedPublicKey == nil {
 			continue
 		}
 		parsedType := parsedPublicKey.Type()
 		textType := strings.Fields(key)[0]
 		if parsedType != textType {
 			lastError = fmt.Errorf("parsed SSH key type %s does not match type in text %s", parsedType, textType)
 			continue
 		}
 		if !slices.Contains(ValidSSHKeyTypes, parsedType) {
 			lastError = fmt.Errorf("invalid SSH key type: %s", parsedType)
 			continue
 		}
 		hasValidPublicKey = true
 	}
 	if !hasValidPublicKey {
 		return lastError
 	}
 	return nil
 }
--- a/internal/utils/ssh_test.go
+++ b/internal/utils/ssh_test.go
@ -1,208 +0,0 @@
 package utils
 import (
 	"strings"
 	"testing"
 )
 func TestValidateSSHKey(t *testing.T) {
 	tests := []struct {
 		name        string
 		sshKey      string
 		expectError bool
 		errorMsg    string
 	}{
 		{
 			name:        "valid RSA key",
 			sshKey:      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiYUb9Fy2vlPfO+HwubnshimpVrWPoePyvyN+jPC5gWqZSycjMy6Is2vFVn7oQc72bkY0wZalspT5wUOwKtltSoLpL7vcqGL9zHVw4yjYXtPGIRd3zLpU9wdngevnepPQWTX3LvZTZfmOsrGoMDKIG+Lbmiq/STMuWYecIqMp7tUKRGS8vfAmpu6MsrN9/4UTcdWWXYWJQQn+2nCyMz28jYlWRsKtqFK6owrdZWt8WQnPN+9Upcf2ByQje+0NLnpNrnh+yd2ocuVW9wQYKAZXy7IaTfEJwd5m34sLwkqlZTaBBcmWJU+3RfpYXE763cf3rUoPIGQ8eUEBJ8IdM4vhp test@example.com",
 			expectError: false,
 		},
 		{
 			name:        "valid ED25519 key",
 			sshKey:      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSbM8wuD5ab0nHsXaYOqaD3GLLUwmDzSk79Xi/N+H2j test@example.com",
 			expectError: false,
 		},
 		{
 			name:        "valid ECDSA key",
 			sshKey:      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAlTkxIo4mXBR+gEX0Q74BpYX4bFFHoX+8Uz7tsob8HvsnMvsEE+BW9h9XrbWX4/4ppL/o6sHbvsqNr9HcyKfdc= test@example.com",
 			expectError: false,
 		},
 		{
 			name:        "multiple valid keys",
 			sshKey:      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiYUb9Fy2vlPfO+HwubnshimpVrWPoePyvyN+jPC5gWqZSycjMy6Is2vFVn7oQc72bkY0wZalspT5wUOwKtltSoLpL7vcqGL9zHVw4yjYXtPGIRd3zLpU9wdngevnepPQWTX3LvZTZfmOsrGoMDKIG+Lbmiq/STMuWYecIqMp7tUKRGS8vfAmpu6MsrN9/4UTcdWWXYWJQQn+2nCyMz28jYlWRsKtqFK6owrdZWt8WQnPN+9Upcf2ByQje+0NLnpNrnh+yd2ocuVW9wQYKAZXy7IaTfEJwd5m34sLwkqlZTaBBcmWJU+3RfpYXE763cf3rUoPIGQ8eUEBJ8IdM4vhp test@example.com\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSbM8wuD5ab0nHsXaYOqaD3GLLUwmDzSk79Xi/N+H2j test@example.com",
 			expectError: false,
 		},
 		{
 			name:        "valid key with comment",
 			sshKey:      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiYUb9Fy2vlPfO+HwubnshimpVrWPoePyvyN+jPC5gWqZSycjMy6Is2vFVn7oQc72bkY0wZalspT5wUOwKtltSoLpL7vcqGL9zHVw4yjYXtPGIRd3zLpU9wdngevnepPQWTX3LvZTZfmOsrGoMDKIG+Lbmiq/STMuWYecIqMp7tUKRGS8vfAmpu6MsrN9/4UTcdWWXYWJQQn+2nCyMz28jYlWRsKtqFK6owrdZWt8WQnPN+9Upcf2ByQje+0NLnpNrnh+yd2ocuVW9wQYKAZXy7IaTfEJwd5m34sLwkqlZTaBBcmWJU+3RfpYXE763cf3rUoPIGQ8eUEBJ8IdM4vhp user@example.com",
 			expectError: false,
 		},
 		{
 			name:        "valid key with options and comment (we don't support options yet)",
 			sshKey:      "command=\"echo hello\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiYUb9Fy2vlPfO+HwubnshimpVrWPoePyvyN+jPC5gWqZSycjMy6Is2vFVn7oQc72bkY0wZalspT5wUOwKtltSoLpL7vcqGL9zHVw4yjYXtPGIRd3zLpU9wdngevnepPQWTX3LvZTZfmOsrGoMDKIG+Lbmiq/STMuWYecIqMp7tUKRGS8vfAmpu6MsrN9/4UTcdWWXYWJQQn+2nCyMz28jYlWRsKtqFK6owrdZWt8WQnPN+9Upcf2ByQje+0NLnpNrnh+yd2ocuVW9wQYKAZXy7IaTfEJwd5m34sLwkqlZTaBBcmWJU+3RfpYXE763cf3rUoPIGQ8eUEBJ8IdM4vhp user@example.com",
 			expectError: true,
 		},
 		{
 			name:        "empty string",
 			sshKey:      "",
 			expectError: true,
 			errorMsg:    "no valid SSH key found",
 		},
 		{
 			name:        "whitespace only",
 			sshKey:      "   \n\t  \n  ",
 			expectError: true,
 			errorMsg:    "no valid SSH key found",
 		},
 		{
 			name:        "comment only",
 			sshKey:      "# This is a comment\n# Another comment",
 			expectError: true,
 			errorMsg:    "no valid SSH key found",
 		},
 		{
 			name:        "invalid key format",
 			sshKey:      "not-a-valid-ssh-key",
 			expectError: true,
 		},
 		{
 			name:        "invalid key type",
 			sshKey:      "ssh-dss AAAAB3NzaC1kc3MAAACBAOeB...",
 			expectError: true,
 			errorMsg:    "invalid SSH key type: ssh-dss",
 		},
 		{
 			name:        "unsupported key type",
 			sshKey:      "ssh-rsa-cert-v01@openssh.com AAAAB3NzaC1yc2EAAAADAQABAAABgQC7vbqajDhA...",
 			expectError: true,
 			errorMsg:    "invalid SSH key type: ssh-rsa-cert-v01@openssh.com",
 		},
 		{
 			name:        "malformed key data",
 			sshKey:      "ssh-rsa invalid-base64-data",
 			expectError: true,
 		},
 		{
 			name:        "type mismatch",
 			sshKey:      "ssh-rsa AAAAC3NzaC1lZDI1NTE5AAAAIGomKoH...",
 			expectError: true,
 			errorMsg:    "parsed SSH key type ssh-ed25519 does not match type in text ssh-rsa",
 		},
 		{
 			name:        "mixed valid and invalid keys",
 			sshKey:      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiYUb9Fy2vlPfO+HwubnshimpVrWPoePyvyN+jPC5gWqZSycjMy6Is2vFVn7oQc72bkY0wZalspT5wUOwKtltSoLpL7vcqGL9zHVw4yjYXtPGIRd3zLpU9wdngevnepPQWTX3LvZTZfmOsrGoMDKIG+Lbmiq/STMuWYecIqMp7tUKRGS8vfAmpu6MsrN9/4UTcdWWXYWJQQn+2nCyMz28jYlWRsKtqFK6owrdZWt8WQnPN+9Upcf2ByQje+0NLnpNrnh+yd2ocuVW9wQYKAZXy7IaTfEJwd5m34sLwkqlZTaBBcmWJU+3RfpYXE763cf3rUoPIGQ8eUEBJ8IdM4vhp test@example.com\ninvalid-key\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSbM8wuD5ab0nHsXaYOqaD3GLLUwmDzSk79Xi/N+H2j test@example.com",
 			expectError: false,
 		},
 		{
 			name:        "valid key with empty lines and comments",
 			sshKey:      "# Comment line\n\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiYUb9Fy2vlPfO+HwubnshimpVrWPoePyvyN+jPC5gWqZSycjMy6Is2vFVn7oQc72bkY0wZalspT5wUOwKtltSoLpL7vcqGL9zHVw4yjYXtPGIRd3zLpU9wdngevnepPQWTX3LvZTZfmOsrGoMDKIG+Lbmiq/STMuWYecIqMp7tUKRGS8vfAmpu6MsrN9/4UTcdWWXYWJQQn+2nCyMz28jYlWRsKtqFK6owrdZWt8WQnPN+9Upcf2ByQje+0NLnpNrnh+yd2ocuVW9wQYKAZXy7IaTfEJwd5m34sLwkqlZTaBBcmWJU+3RfpYXE763cf3rUoPIGQ8eUEBJ8IdM4vhp test@example.com\n# Another comment\n\t\n",
 			expectError: false,
 		},
 		{
 			name:        "all invalid keys",
 			sshKey:      "invalid-key-1\ninvalid-key-2\nssh-dss AAAAB3NzaC1kc3MAAACBAOeB...",
 			expectError: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			err := ValidateSSHKey(tt.sshKey)
 			if tt.expectError {
 				if err == nil {
 					t.Errorf("ValidateSSHKey() expected error but got none")
 				} else if tt.errorMsg != "" && !strings.ContainsAny(err.Error(), tt.errorMsg) {
 					t.Errorf("ValidateSSHKey() error = %v, expected to contain %v", err, tt.errorMsg)
 				}
 			} else {
 				if err != nil {
 					t.Errorf("ValidateSSHKey() unexpected error = %v", err)
 				}
 			}
 		})
 	}
 }
 func TestValidSSHKeyTypes(t *testing.T) {
 	expectedTypes := []string{
 		"ssh-rsa",
 		"ssh-ed25519",
 		"ecdsa-sha2-nistp256",
 		"ecdsa-sha2-nistp384",
 		"ecdsa-sha2-nistp521",
 	}
 	if len(ValidSSHKeyTypes) != len(expectedTypes) {
 		t.Errorf("ValidSSHKeyTypes length = %d, expected %d", len(ValidSSHKeyTypes), len(expectedTypes))
 	}
 	for _, expectedType := range expectedTypes {
 		found := false
 		for _, actualType := range ValidSSHKeyTypes {
 			if actualType == expectedType {
 				found = true
 				break
 			}
 		}
 		if !found {
 			t.Errorf("ValidSSHKeyTypes missing expected type: %s", expectedType)
 		}
 	}
 }
 // TestValidateSSHKeyEdgeCases tests edge cases and boundary conditions
 func TestValidateSSHKeyEdgeCases(t *testing.T) {
 	tests := []struct {
 		name        string
 		sshKey      string
 		expectError bool
 	}{
 		{
 			name:        "key with only type",
 			sshKey:      "ssh-rsa",
 			expectError: true,
 		},
 		{
 			name:        "key with type and empty data",
 			sshKey:      "ssh-rsa ",
 			expectError: true,
 		},
 		{
 			name:        "key with type and whitespace data",
 			sshKey:      "ssh-rsa   \t  ",
 			expectError: true,
 		},
 		{
 			name:        "key with multiple spaces between type and data",
 			sshKey:      "ssh-rsa    AAAAB3NzaC1yc2EAAAADAQABAAABAQDiYUb9Fy2vlPfO+HwubnshimpVrWPoePyvyN+jPC5gWqZSycjMy6Is2vFVn7oQc72bkY0wZalspT5wUOwKtltSoLpL7vcqGL9zHVw4yjYXtPGIRd3zLpU9wdngevnepPQWTX3LvZTZfmOsrGoMDKIG+Lbmiq/STMuWYecIqMp7tUKRGS8vfAmpu6MsrN9/4UTcdWWXYWJQQn+2nCyMz28jYlWRsKtqFK6owrdZWt8WQnPN+9Upcf2ByQje+0NLnpNrnh+yd2ocuVW9wQYKAZXy7IaTfEJwd5m34sLwkqlZTaBBcmWJU+3RfpYXE763cf3rUoPIGQ8eUEBJ8IdM4vhp test@example.com",
 			expectError: false,
 		},
 		{
 			name:        "key with tabs",
 			sshKey:      "\tssh-rsa\tAAAAB3NzaC1yc2EAAAADAQABAAABAQDiYUb9Fy2vlPfO+HwubnshimpVrWPoePyvyN+jPC5gWqZSycjMy6Is2vFVn7oQc72bkY0wZalspT5wUOwKtltSoLpL7vcqGL9zHVw4yjYXtPGIRd3zLpU9wdngevnepPQWTX3LvZTZfmOsrGoMDKIG+Lbmiq/STMuWYecIqMp7tUKRGS8vfAmpu6MsrN9/4UTcdWWXYWJQQn+2nCyMz28jYlWRsKtqFK6owrdZWt8WQnPN+9Upcf2ByQje+0NLnpNrnh+yd2ocuVW9wQYKAZXy7IaTfEJwd5m34sLwkqlZTaBBcmWJU+3RfpYXE763cf3rUoPIGQ8eUEBJ8IdM4vhp test@example.com",
 			expectError: false,
 		},
 		{
 			name:        "very long line",
 			sshKey:      "ssh-rsa " + string(make([]byte, 10000)),
 			expectError: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			err := ValidateSSHKey(tt.sshKey)
 			if tt.expectError {
 				if err == nil {
 					t.Errorf("ValidateSSHKey() expected error but got none")
 				}
 			} else {
 				if err != nil {
 					t.Errorf("ValidateSSHKey() unexpected error = %v", err)
 				}
 			}
 		})
 	}
 }
--- a/jiggler.go
+++ b/jiggler.go
@ -17,20 +17,16 @@ type JigglerConfig struct {
 	Timezone               string `json:"timezone,omitempty"`
 }
 var jigglerEnabled = false
 var jobDelta time.Duration = 0
 var scheduler gocron.Scheduler = nil
-func rpcSetJigglerState(enabled bool) error {
+func rpcSetJigglerState(enabled bool) {
-	config.JigglerEnabled = enabled
+	jigglerEnabled = enabled
 	err := SaveConfig()
 	if err != nil {
 		return fmt.Errorf("failed to save config: %w", err)
 	}
 	return nil
 }
 func rpcGetJigglerState() bool {
-	return config.JigglerEnabled
+	return jigglerEnabled
 }
 func rpcGetTimezones() []string {
@ -122,7 +118,7 @@ func runJigglerCronTab() error {
 }
 func runJiggler() {
-	if config.JigglerEnabled {
+	if jigglerEnabled {
 		if config.JigglerConfig.JitterPercentage != 0 {
 			jitter := calculateJitterDuration(jobDelta)
 			time.Sleep(jitter)
--- a/jsonrpc.go
+++ b/jsonrpc.go
@ -17,7 +17,6 @@ import (
 	"go.bug.st/serial"
 	"github.com/jetkvm/kvm/internal/usbgadget"
 	"github.com/jetkvm/kvm/internal/utils"
 )
 type JSONRPCRequest struct {
@ -430,27 +429,21 @@ func rpcGetSSHKeyState() (string, error) {
 }
 func rpcSetSSHKeyState(sshKey string) error {
-	if sshKey == "" {
+	if sshKey != "" {
 		// Create directory if it doesn't exist
 		if err := os.MkdirAll(sshKeyDir, 0700); err != nil {
 			return fmt.Errorf("failed to create SSH key directory: %w", err)
 		}
 		// Write SSH key to file
 		if err := os.WriteFile(sshKeyFile, []byte(sshKey), 0600); err != nil {
 			return fmt.Errorf("failed to write SSH key: %w", err)
 		}
 	} else {
 		// Remove SSH key file if empty string is provided
 		if err := os.Remove(sshKeyFile); err != nil && !os.IsNotExist(err) {
 			return fmt.Errorf("failed to remove SSH key file: %w", err)
 		}
 		return nil
 	}
 	// Validate SSH key
 	if err := utils.ValidateSSHKey(sshKey); err != nil {
 		return err
 	}
 	// Create directory if it doesn't exist
 	if err := os.MkdirAll(sshKeyDir, 0700); err != nil {
 		return fmt.Errorf("failed to create SSH key directory: %w", err)
 	}
 	// Write SSH key to file
 	if err := os.WriteFile(sshKeyFile, []byte(sshKey), 0600); err != nil {
 		return fmt.Errorf("failed to write SSH key: %w", err)
 	}
 	return nil
--- a/resource/netboot.xyz-multiarch.iso
+++ b/resource/netboot.xyz-multiarch.iso
--- a/scripts/update_netboot_xyz.sh
+++ b/scripts/update_netboot_xyz.sh
@ -1,77 +0,0 @@
 #!/usr/bin/env bash
 #
 # Exit immediately if a command exits with a non-zero status
 set -e
 C_RST="$(tput sgr0)"
 C_ERR="$(tput setaf 1)"
 C_OK="$(tput setaf 2)"
 C_WARN="$(tput setaf 3)"
 C_INFO="$(tput setaf 5)"
 msg() { printf '%s%s%s\n' $2 "$1" $C_RST; }
 msg_info() { msg "$1" $C_INFO; }
 msg_ok() { msg "$1" $C_OK; }
 msg_err() { msg "$1" $C_ERR; }
 msg_warn() { msg "$1" $C_WARN; }
 # Get the latest release information
 msg_info "Getting latest release information ..."
 LATEST_RELEASE=$(curl -s \
  -H "Accept: application/vnd.github+json" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/netbootxyz/netboot.xyz/releases | jq '
  [.[] | select(.prerelease == false and .draft == false and .assets != null and (.assets | length > 0))] |
  sort_by(.created_at) | 
  .[-1]')
 # Extract version, download URL, and digest
 VERSION=$(echo "$LATEST_RELEASE" | jq -r '.tag_name')
 ISO_URL=$(echo "$LATEST_RELEASE" | jq -r '.assets[] | select(.name == "netboot.xyz-multiarch.iso") | .browser_download_url')
 EXPECTED_CHECKSUM=$(echo "$LATEST_RELEASE" | jq -r '.assets[] | select(.name == "netboot.xyz-multiarch.iso") | .digest' | sed 's/sha256://')
 msg_ok "Latest version: $VERSION"
 msg_ok "ISO URL: $ISO_URL"
 msg_ok "Expected SHA256: $EXPECTED_CHECKSUM"
 # Check if we already have the same version
 if [ -f "resource/netboot.xyz-multiarch.iso" ]; then
    msg_info "Checking current resource file ..."
    # First check by checksum (fastest)
    CURRENT_CHECKSUM=$(shasum -a 256 resource/netboot.xyz-multiarch.iso | awk '{print $1}')
    if [ "$CURRENT_CHECKSUM" = "$EXPECTED_CHECKSUM" ]; then
        msg_ok "Resource file is already up to date (version $VERSION). No update needed."
        exit 0
    else
        msg_info "Checksums differ, proceeding with download ..."
    fi
 fi
 # Download ISO file
 TMP_ISO=$(mktemp -t netbootxyziso)
 msg_info "Downloading ISO file ..."
 curl -L -o "$TMP_ISO" "$ISO_URL"
 # Verify SHA256 checksum
 msg_info "Verifying SHA256 checksum ..."
 ACTUAL_CHECKSUM=$(shasum -a 256 "$TMP_ISO" | awk '{print $1}')
 if [ "$EXPECTED_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then
    msg_ok "Verified SHA256 checksum."
    mv -f "$TMP_ISO" "resource/netboot.xyz-multiarch.iso"
    msg_ok "Updated ISO file."
    git add "resource/netboot.xyz-multiarch.iso"
    git commit -m "chore: update netboot.xyz-multiarch.iso to $VERSION"
    msg_ok "Committed changes."
    msg_ok "You can now push the changes to the remote repository."
    exit 0
 else
    msg_err "Inconsistent SHA256 checksum."
    msg_err "Expected: $EXPECTED_CHECKSUM"
    msg_err "Actual:   $ACTUAL_CHECKSUM"
    exit 1
 fi
--- a/ui/index.html
+++ b/ui/index.html
@ -6,34 +6,27 @@
    <!-- These are the fonts used in the app -->
    <link
      rel="preload"
-      href="./public/fonts/CircularXXWeb-Medium.woff2"
+      href="/fonts/CircularXXWeb-Medium.woff2"
      as="font"
      type="font/woff2"
      crossorigin
    />
    <link
      rel="preload"
-      href="./public/fonts/CircularXXWeb-Book.woff2"
+      href="/fonts/CircularXXWeb-Book.woff2"
      as="font"
      type="font/woff2"
      crossorigin
    />
    <link
      rel="preload"
-      href="./public/fonts/CircularXXWeb-Regular.woff2"
+      href="/fonts/CircularXXWeb-Regular.woff2"
      as="font"
      type="font/woff2"
      crossorigin
    />
    <link
      rel="preload"
      href="./public/fonts/CircularXXWeb-Black.woff2"
      as="font"
      type="font/woff2"
      crossorigin
    />
    <title>JetKVM</title>
-    <link rel="stylesheet" href="./public/fonts/fonts.css" />
+    <link rel="stylesheet" href="/fonts/fonts.css" />
    <link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <link rel="shortcut icon" href="/favicon.ico" />
@ -43,21 +36,23 @@
    <meta name="theme-color" content="#051946" />
    <meta name="description" content="A web-based KVM console for managing remote servers." />
    <script>
-      function applyThemeFromPreference() {
+      // Initial theme setup
-        // dark theme setup
+      document.documentElement.classList.toggle(
-        var darkDesired = localStorage.theme === "dark" ||
+        "dark",
        localStorage.theme === "dark" ||
          (!("theme" in localStorage) &&
-            window.matchMedia("(prefers-color-scheme: dark)").matches)
+            window.matchMedia("(prefers-color-scheme: dark)").matches),
-
+      );
        document.documentElement.classList.toggle("dark", darkDesired)
      }
      // initial theme application
      applyThemeFromPreference();
      // Listen for system theme changes
-      window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change", applyThemeFromPreference);
+      window
-      window.matchMedia("(prefers-color-scheme: light)").addEventListener("change", applyThemeFromPreference);
+        .matchMedia("(prefers-color-scheme: dark)")
        .addEventListener("change", ({ matches }) => {
          if (!("theme" in localStorage)) {
            // Only auto-switch if user hasn't manually set a theme
            document.documentElement.classList.toggle("dark", matches);
          }
        });
    </script>
  </head>
  <body
--- a/ui/package-lock.json
+++ b/ui/package-lock.json
@ -68,7 +68,7 @@
        "prettier-plugin-tailwindcss": "^0.6.14",
        "tailwindcss": "^4.1.12",
        "typescript": "^5.9.2",
-        "vite": "^7.1.5",
+        "vite": "^7.1.4",
        "vite-tsconfig-paths": "^5.1.4"
      },
      "engines": {
@ -1793,66 +1793,6 @@
        "node": ">=14.0.0"
      }
    },
    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/core": {
      "version": "1.4.5",
      "dev": true,
      "inBundle": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "@emnapi/wasi-threads": "1.0.4",
        "tslib": "^2.4.0"
      }
    },
    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/runtime": {
      "version": "1.4.5",
      "dev": true,
      "inBundle": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "tslib": "^2.4.0"
      }
    },
    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/wasi-threads": {
      "version": "1.0.4",
      "dev": true,
      "inBundle": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "tslib": "^2.4.0"
      }
    },
    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
      "version": "0.2.12",
      "dev": true,
      "inBundle": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "@emnapi/core": "^1.4.3",
        "@emnapi/runtime": "^1.4.3",
        "@tybys/wasm-util": "^0.10.0"
      }
    },
    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@tybys/wasm-util": {
      "version": "0.10.0",
      "dev": true,
      "inBundle": true,
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "tslib": "^2.4.0"
      }
    },
    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/tslib": {
      "version": "2.8.0",
      "dev": true,
      "inBundle": true,
      "license": "0BSD",
      "optional": true
    },
    "node_modules/@tailwindcss/oxide-win32-arm64-msvc": {
      "version": "4.1.12",
      "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.1.12.tgz",
@ -6623,13 +6563,13 @@
      "license": "MIT"
    },
    "node_modules/tinyglobby": {
-      "version": "0.2.15",
+      "version": "0.2.14",
-      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
+      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.14.tgz",
-      "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
+      "integrity": "sha512-tX5e7OM1HnYr2+a2C/4V0htOcSQcoSTH9KgJnVvNm5zm/cyEWKJ7j7YutsH9CxMdtOkkLFy2AHrMci9IM8IPZQ==",
      "license": "MIT",
      "dependencies": {
-        "fdir": "^6.5.0",
+        "fdir": "^6.4.4",
-        "picomatch": "^4.0.3"
+        "picomatch": "^4.0.2"
      },
      "engines": {
        "node": ">=12.0.0"
@ -6953,9 +6893,9 @@
      }
    },
    "node_modules/vite": {
-      "version": "7.1.5",
+      "version": "7.1.4",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.5.tgz",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.4.tgz",
-      "integrity": "sha512-4cKBO9wR75r0BeIWWWId9XK9Lj6La5X846Zw9dFfzMRw38IlTk2iCcUt6hsyiDRcPidc55ZParFYDXi0nXOeLQ==",
+      "integrity": "sha512-X5QFK4SGynAeeIt+A7ZWnApdUyHYm+pzv/8/A57LqSGcI88U6R6ipOs3uCesdc6yl7nl+zNO0t8LmqAdXcQihw==",
      "license": "MIT",
      "dependencies": {
        "esbuild": "^0.25.0",
@ -6963,7 +6903,7 @@
        "picomatch": "^4.0.3",
        "postcss": "^8.5.6",
        "rollup": "^4.43.0",
-        "tinyglobby": "^0.2.15"
+        "tinyglobby": "^0.2.14"
      },
      "bin": {
        "vite": "bin/vite.js"
--- a/ui/package.json
+++ b/ui/package.json
@ -79,7 +79,7 @@
    "prettier-plugin-tailwindcss": "^0.6.14",
    "tailwindcss": "^4.1.12",
    "typescript": "^5.9.2",
-    "vite": "^7.1.5",
+    "vite": "^7.1.4",
    "vite-tsconfig-paths": "^5.1.4"
  }
 }
--- a/ui/public/robots.txt
+++ b/ui/public/robots.txt
@ -0,0 +1,2 @@
 User-agent: *
 Disallow: /
--- a/ui/src/components/USBStateStatus.tsx
+++ b/ui/src/components/USBStateStatus.tsx
@ -22,39 +22,6 @@ const USBStateMap: Record<USBStates, string> = {
  "not attached": "Disconnected",
  suspended: "Low power mode",
 };
 const StatusCardProps: StatusProps = {
  configured: {
    icon: ({ className }) => (
      <img className={cx(className)} src={KeyboardAndMouseConnectedIcon} alt="" />
    ),
    iconClassName: "h-5 w-5 shrink-0",
    statusIndicatorClassName: "bg-green-500 border-green-600",
  },
  attached: {
    icon: ({ className }) => <LoadingSpinner className={cx(className)} />,
    iconClassName: "h-5 w-5 text-blue-500",
    statusIndicatorClassName: "bg-slate-300 border-slate-400",
  },
  addressed: {
    icon: ({ className }) => <LoadingSpinner className={cx(className)} />,
    iconClassName: "h-5 w-5 text-blue-500",
    statusIndicatorClassName: "bg-slate-300 border-slate-400",
  },
  "not attached": {
    icon: ({ className }) => (
      <img className={cx(className)} src={KeyboardAndMouseConnectedIcon} alt="" />
    ),
    iconClassName: "h-5 w-5 opacity-50 grayscale filter",
    statusIndicatorClassName: "bg-slate-300 border-slate-400",
  },
  suspended: {
    icon: ({ className }) => (
      <img className={cx(className)} src={KeyboardAndMouseConnectedIcon} alt="" />
    ),
    iconClassName: "h-5 w-5 opacity-50 grayscale filter",
    statusIndicatorClassName: "bg-green-500 border-green-600",
  },
 };
 export default function USBStateStatus({
  state,
@ -63,7 +30,39 @@ export default function USBStateStatus({
  state: USBStates;
  peerConnectionState?: RTCPeerConnectionState | null;
 }) {
-
+  const StatusCardProps: StatusProps = {
    configured: {
      icon: ({ className }) => (
        <img className={cx(className)} src={KeyboardAndMouseConnectedIcon} alt="" />
      ),
      iconClassName: "h-5 w-5 shrink-0",
      statusIndicatorClassName: "bg-green-500 border-green-600",
    },
    attached: {
      icon: ({ className }) => <LoadingSpinner className={cx(className)} />,
      iconClassName: "h-5 w-5 text-blue-500",
      statusIndicatorClassName: "bg-slate-300 border-slate-400",
    },
    addressed: {
      icon: ({ className }) => <LoadingSpinner className={cx(className)} />,
      iconClassName: "h-5 w-5 text-blue-500",
      statusIndicatorClassName: "bg-slate-300 border-slate-400",
    },
    "not attached": {
      icon: ({ className }) => (
        <img className={cx(className)} src={KeyboardAndMouseConnectedIcon} alt="" />
      ),
      iconClassName: "h-5 w-5 opacity-50 grayscale filter",
      statusIndicatorClassName: "bg-slate-300 border-slate-400",
    },
    suspended: {
      icon: ({ className }) => (
        <img className={cx(className)} src={KeyboardAndMouseConnectedIcon} alt="" />
      ),
      iconClassName: "h-5 w-5 opacity-50 grayscale filter",
      statusIndicatorClassName: "bg-green-500 border-green-600",
    },
  };
  const props = StatusCardProps[state];
  if (!props) {
    console.warn("Unsupported USB state: ", state);
--- a/ui/src/routes/devices.$id.settings.mouse.tsx
+++ b/ui/src/routes/devices.$id.settings.mouse.tsx
@ -90,7 +90,6 @@ export default function SettingsMouseRoute() {
    send("getJigglerState", {}, (resp: JsonRpcResponse) => {
      if ("error" in resp) return;
      const isEnabled = resp.result as boolean;
      console.log("Jiggler is enabled:", isEnabled);
      // If the jiggler is disabled, set the selected option to "disabled" and nothing else
      if (!isEnabled) return setSelectedJigglerOption("disabled");
--- a/ui/vite.config.ts
+++ b/ui/vite.config.ts
@ -31,36 +31,20 @@ export default defineConfig(({ mode, command }) => {
    esbuild: {
      pure: ["console.debug"],
    },
-    assetsInclude: ["**/*.woff2"],
+    build: { outDir: isCloud ? "dist" : "../static" },
    build: {
      outDir: isCloud ? "dist" : "../static",
      rollupOptions: {
        output: {
          manualChunks: (id) => {
            if (id.includes("node_modules")) {
              return "vendor";
            }
            return null;
          },
          assetFileNames: "assets/immutable/[name]-[hash][extname]",
          chunkFileNames: "assets/immutable/[name]-[hash].js",
          entryFileNames: "assets/immutable/[name]-[hash].js",
        },
      },
    },
    server: {
      host: "0.0.0.0",
      https: useSSL,
      proxy: JETKVM_PROXY_URL
        ? {
-          "/me": JETKVM_PROXY_URL,
+            "/me": JETKVM_PROXY_URL,
-          "/device": JETKVM_PROXY_URL,
+            "/device": JETKVM_PROXY_URL,
-          "/webrtc": JETKVM_PROXY_URL,
+            "/webrtc": JETKVM_PROXY_URL,
-          "/auth": JETKVM_PROXY_URL,
+            "/auth": JETKVM_PROXY_URL,
-          "/storage": JETKVM_PROXY_URL,
+            "/storage": JETKVM_PROXY_URL,
-          "/cloud": JETKVM_PROXY_URL,
+            "/cloud": JETKVM_PROXY_URL,
-          "/developer": JETKVM_PROXY_URL,
+            "/developer": JETKVM_PROXY_URL,
-        }
+          }
        : undefined,
    },
    base: onDevice && command === "build" ? "/static" : "/",
--- a/web.go
+++ b/web.go
@ -11,7 +11,6 @@ import (
 	"net/http"
 	"net/http/pprof"
 	"path/filepath"
 	"slices"
 	"strings"
 	"time"
@ -25,7 +24,6 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/rs/zerolog"
 	"github.com/vearutop/statigz"
 	"golang.org/x/crypto/bcrypt"
 )
@ -68,10 +66,6 @@ type SetupRequest struct {
 	Password      string `json:"password,omitempty"`
 }
 var cachableFileExtensions = []string{
 	".jpg", ".jpeg", ".png", ".svg", ".gif", ".webp", ".ico", ".woff2",
 }
 func setupRouter() *gin.Engine {
 	gin.SetMode(gin.ReleaseMode)
 	gin.DisableConsoleColor()
@ -81,47 +75,23 @@ func setupRouter() *gin.Engine {
 			return *ginLogger
 		}),
 	))
-
+	staticFS, _ := fs.Sub(staticFiles, "static")
 	staticFS, err := fs.Sub(staticFiles, "static")
 	if err != nil {
 		logger.Fatal().Err(err).Msg("failed to get rooted static files subdirectory")
 	}
 	staticFileServer := http.StripPrefix("/static", statigz.FileServer(
 		staticFS.(fs.ReadDirFS),
 	))
 	// Add a custom middleware to set cache headers for images
 	// This is crucial for optimizing the initial welcome screen load time
 	// By enabling caching, we ensure that pre-loaded images are stored in the browser cache
 	// This allows for a smoother enter animation and improved user experience on the welcome screen
 	r.Use(func(c *gin.Context) {
 		if strings.HasPrefix(c.Request.URL.Path, "/static/assets/immutable/") {
 			c.Header("Cache-Control", "public, max-age=31536000, immutable") // Cache for 1 year
 			c.Next()
 			return
 		}
 		if strings.HasPrefix(c.Request.URL.Path, "/static/") {
 			ext := filepath.Ext(c.Request.URL.Path)
-			if slices.Contains(cachableFileExtensions, ext) {
+			if ext == ".jpg" || ext == ".jpeg" || ext == ".png" || ext == ".gif" || ext == ".webp" {
 				c.Header("Cache-Control", "public, max-age=300") // Cache for 5 minutes
 			}
 		}
 		c.Next()
 	})
-	r.GET("/robots.txt", func(c *gin.Context) {
+	r.StaticFS("/static", http.FS(staticFS))
 		c.Header("Content-Type", "text/plain")
 		c.Header("Cache-Control", "public, max-age=31536000, immutable") // Cache for 1 year
 		c.String(http.StatusOK, "User-agent: *\nDisallow: /")
 	})
 	r.Any("/static/*w", func(c *gin.Context) {
 		staticFileServer.ServeHTTP(c.Writer, c.Request)
 	})
 	// Public routes (no authentication required)
 	r.POST("/auth/login-local", handleLogin)
 	// We use this to determine if the device is setup