821675cd21
This commit addresses multiple CRITICAL and HIGH severity security issues identified during the multi-session implementation review. CRITICAL Fixes: - Fix race condition in session approval handlers (jsonrpc.go) Previously approveNewSession and denyNewSession directly mutated session.Mode without holding the SessionManager.mu lock, potentially causing data corruption during concurrent access. - Add validation to ApprovePrimaryRequest (session_manager.go:795-810) Now verifies that requester session exists and is in Queued mode before approving transfer, preventing invalid state transitions. - Close dual-primary window during reconnection (session_manager.go:208) Added explicit primaryExists check to prevent brief window where two sessions could both be primary during reconnection. HIGH Priority Fixes: - Add nickname uniqueness validation (session_manager.go:152-159) Prevents multiple sessions from having the same nickname, both in AddSession and updateSessionNickname RPC handler. Code Quality: - Remove debug scaffolding from cloud.go (lines 515-520, 530) Cleaned up temporary debug logs that are no longer needed. Thread Safety: - Add centralized ApproveSession() method (session_manager.go:870-890) - Add centralized DenySession() method (session_manager.go:894-912) Both methods properly acquire locks and validate session state. - Update RPC handlers to use thread-safe methods approveNewSession and denyNewSession now call sessionManager methods instead of direct session mutation. All changes have been verified with linters (golangci-lint: 0 issues). |
||
|---|---|---|
| .devcontainer | ||
| .github | ||
| .vscode | ||
| bin | ||
| cmd | ||
| internal | ||
| resource | ||
| scripts | ||
| ui | ||
| .gitignore | ||
| .golangci.yml | ||
| CODE_OF_CONDUCT.md | ||
| DEVELOPMENT.md | ||
| Dockerfile.build | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| block_device.go | ||
| block_device_linux.go | ||
| block_device_notlinux.go | ||
| cloud.go | ||
| config.go | ||
| datachannel_helpers.go | ||
| dc_metrics.go | ||
| dev_deploy.sh | ||
| display.go | ||
| errors.go | ||
| go.mod | ||
| go.sum | ||
| hidrpc.go | ||
| hw.go | ||
| jiggler.go | ||
| jsonrpc.go | ||
| log.go | ||
| main.go | ||
| mdns.go | ||
| native.go | ||
| network.go | ||
| ota.go | ||
| prometheus.go | ||
| publish_source.sh | ||
| serial.go | ||
| session_manager.go | ||
| session_permissions.go | ||
| terminal.go | ||
| timesync.go | ||
| usb.go | ||
| usb_mass_storage.go | ||
| version.go | ||
| video.go | ||
| web.go | ||
| web_tls.go | ||
| webrtc.go | ||
| wol.go | ||
README.md
JetKVM is a high-performance, open-source KVM over IP (Keyboard, Video, Mouse) solution designed for efficient remote management of computers, servers, and workstations. Whether you're dealing with boot failures, installing a new operating system, adjusting BIOS settings, or simply taking control of a machine from afar, JetKVM provides the tools to get it done effectively.
Features
- Ultra-low Latency - 1080p@60FPS video with 30-60ms latency using H.264 encoding. Smooth mouse and keyboard interaction for responsive remote control.
- Free & Optional Remote Access - Remote management via JetKVM Cloud using WebRTC.
- Open-source software - Written in Golang on Linux. Easily customizable through SSH access to the JetKVM device.
Contributing
We welcome contributions from the community! Whether it's improving the firmware, adding new features, or enhancing documentation, your input is valuable. We also have some rules and taboos here, so please read this page and our Code of Conduct carefully.
I need help
The best place to search for answers is our Documentation. If you can't find the answer there, check our Discord Server.
I want to report an issue
If you've found an issue and want to report it, please check our Issues page. Make sure the description contains information about the firmware version you're using, your platform, and a clear explanation of the steps to reproduce the issue.
Development
JetKVM is written in Go & TypeScript. with some bits and pieces written in C. An intermediate level of Go & TypeScript knowledge is recommended for comfortable programming.
The project contains two main parts, the backend software that runs on the KVM device and the frontend software that is served by the KVM device, and also the cloud.
For comprehensive development information, including setup, testing, debugging, and contribution guidelines, see DEVELOPMENT.md.
For quick device development, use the ./dev_deploy.sh script. It will build the frontend and backend and deploy them to the local KVM device. Run ./dev_deploy.sh --help for more information.
Backend
The backend is written in Go and is responsible for the KVM device management, the cloud API and the cloud web.
Frontend
The frontend is written in React and TypeScript and is served by the KVM device. It has three build targets: device, development and production. Development is used for development of the cloud version on your local machine, device is used for building the frontend for the KVM device and production is used for building the frontend for the cloud.