package web import ( "encoding/json" "sort" "time" "github.com/yuanyuanxiang/SimpleRemoter/server/go/hub" "github.com/yuanyuanxiang/SimpleRemoter/server/go/protocol" "github.com/yuanyuanxiang/SimpleRemoter/server/go/wsauth" ) // rotateChallenge replaces the client's nonce with a fresh one and pushes a // {cmd:"challenge"} message so the browser updates its stored nonce. Called // after every login failure so a retry on the SAME WebSocket works without // the user having to refresh — the old nonce is still burned for replay // protection, but the client now has a usable new one. func (h *wsHub) rotateChallenge(c *wsClient) { n, err := wsauth.NewNonce() if err != nil { h.log.Error("nonce regen failed: %v", err) c.nonce = "" return } c.nonce = n c.queue([]byte(`{"cmd":"challenge","nonce":"` + n + `"}`)) } // dispatch routes one inbound message to its handler. The `raw` payload is // passed through so handlers can re-parse to their own shape. // // Phase 3 implements: get_salt, login, get_devices, ping, disconnect. // Phase 4 adds: connect, screen frame relay. // Phase 5 adds: mouse, key (input forwarding to the device screen sub-conn). // Phase 6 adds: term_open / term_input / term_resize / term_close (PTY relay). // Phase 7 covers admin: create_user / delete_user / list_users / get_groups. func (h *wsHub) dispatch(c *wsClient, cmd string, raw []byte) { switch cmd { case "get_salt": h.handleGetSalt(c, raw) case "login": h.handleLogin(c, raw) case "get_devices": h.handleGetDevices(c, raw) case "ping": // no-op heartbeat; the read itself was the keep-alive signal case "disconnect": h.handleDisconnect(c, raw) case "connect": h.handleConnect(c, raw) case "rdp_reset": h.handleRdpReset(c, raw) case "audio_toggle": // Audio capture/forwarding is not yet ported from the C++ WebService // (see project_go_webservice_port). Reply explicitly so the front-end // console shows why the toolbar button has no effect, instead of the // request being silently dropped by the default case. c.queue(mustJSON(map[string]any{ "cmd": "audio_toggle_result", "ok": false, "msg": "Audio toggle not supported on Go server yet", })) case "mouse": h.handleMouse(c, raw) case "key": h.handleKey(c, raw) case "term_open": h.handleTermOpen(c, raw) case "term_input": h.handleTermInput(c, raw) case "term_resize": h.handleTermResize(c, raw) case "term_close": h.handleTermClose(c, raw) // Admin operations (Phase 7). case "create_user": h.handleCreateUser(c, raw) case "delete_user": h.handleDeleteUser(c, raw) case "list_users": h.handleListUsers(c, raw) case "get_groups": h.handleGetGroups(c, raw) } } // requireAdmin combines token validation with a role=="admin" check. The // reply on failure has the standard `{cmd, ok:false, msg}` shape so the // front-end's generic toast handler can surface the reason. func (h *wsHub) requireAdmin(c *wsClient, raw []byte, replyCmd string) (ok bool) { if !h.requireAuth(c, raw, replyCmd) { return false } // c.role is cached on first successful requireAuth; safe to read here. if c.role != "admin" { c.queue(mustJSON(map[string]any{ "cmd": replyCmd, "ok": false, "msg": "Permission denied", })) return false } return true } // ----- handlers ------------------------------------------------------------ func (h *wsHub) handleGetSalt(c *wsClient, raw []byte) { // Throttle the salt-probe surface together with login: an attacker // who can poll get_salt freely would otherwise still learn nothing // (the unknown-user fake salt mitigation handles that), but the // endpoint is otherwise free CPU on the server. Limiting by IP is // enough; we don't have a username yet to limit by user. if !h.allowLoginByIP(c) { // Stall the response so a tight-loop attacker doesn't flood the // queue. Still return a well-formed salt to avoid making the // limit detectable from the client side. time.Sleep(250 * time.Millisecond) } var in struct { Username string `json:"username"` } _ = json.Unmarshal(raw, &in) salt, _ := h.auth.GetSalt(in.Username) // GetSalt now returns a deterministic fake salt (16 hex chars) for // unknown users — same shape as a real salt — so an attacker can't // tell from this response alone whether the username exists. c.queue(mustJSON(map[string]any{ "cmd": "salt", "ok": true, "salt": salt, })) } func (h *wsHub) handleLogin(c *wsClient, raw []byte) { var in struct { Username string `json:"username"` Response string `json:"response"` Nonce string `json:"nonce"` } if err := json.Unmarshal(raw, &in); err != nil { c.queue(mustJSON(map[string]any{"cmd": "login_result", "ok": false, "msg": "Invalid request"})) return } // Rate-limit BEFORE doing the hash work, so a flood doesn't pin CPU. // Two-dimensional throttle: per-IP catches scanners that try many // usernames; per-username catches scanners that rotate IPs against a // known account (admin). Either dimension tripping rejects the call // with a uniform "credentials" error so the limit is not detectable. if !h.allowLoginByIP(c) || !h.allowLoginByUsername(in.Username) { h.log.Warn("ws login throttled: user=%s addr=%s", in.Username, c.addr) time.Sleep(500 * time.Millisecond) c.queue(mustJSON(map[string]any{"cmd": "login_result", "ok": false, "msg": "Invalid credentials"})) // Rotate the challenge: burns the previous nonce (replay protection) // AND hands the client a fresh one so the next attempt does not // require a page refresh. h.rotateChallenge(c) return } // Bind the response to the challenge we issued at connect time so that // replays from a different connection can't reuse a captured response. if in.Nonce == "" || in.Nonce != c.nonce { c.queue(mustJSON(map[string]any{"cmd": "login_result", "ok": false, "msg": "Invalid challenge"})) h.rotateChallenge(c) return } token, role, err := h.auth.VerifyLogin(in.Username, in.Response, in.Nonce) if err != nil { // Fixed delay on failure: makes online brute force impractical // even within the rate-limit budget, and erases the timing // difference between "wrong password" and "wrong nonce". time.Sleep(250 * time.Millisecond) c.queue(mustJSON(map[string]any{"cmd": "login_result", "ok": false, "msg": "Invalid credentials"})) h.rotateChallenge(c) return } // Successful login: clear the per-IP/per-user budgets so a legitimate // user who fat-fingered a few times doesn't stay throttled. h.resetLoginThrottle(c, in.Username) c.nonce = "" c.token = token c.role = role h.log.Info("ws login: user=%s role=%s addr=%s", in.Username, role, c.addr) c.queue(mustJSON(map[string]any{ "cmd": "login_result", "ok": true, "token": token, "role": role, })) } // allowLoginByIP / allowLoginByUsername return true when the call is // within budget; nil limiter always returns true (effectively disabled). func (h *wsHub) allowLoginByIP(c *wsClient) bool { if h.loginIPLimit == nil || c == nil || c.addr == "" { return true } return h.loginIPLimit.Allow(c.addr) } func (h *wsHub) allowLoginByUsername(username string) bool { if h.loginUserLimit == nil || username == "" { return true } return h.loginUserLimit.Allow(username) } func (h *wsHub) resetLoginThrottle(c *wsClient, username string) { if h.loginIPLimit != nil && c != nil && c.addr != "" { h.loginIPLimit.Reset(c.addr) } if h.loginUserLimit != nil && username != "" { h.loginUserLimit.Reset(username) } } // handleConnect kicks off a screen-sharing session for the browser. We send // COMMAND_SCREEN_SPY to the device's main TCP connection; the device then // opens a new sub-connection (TOKEN_BITMAPINFO) which the TCP side binds to // the device via hub.BindScreenConn. Frame relay to the browser is handled // in Phase 4.2 once frames actually arrive. // // Reply semantics: returning connect_result.ok=true (without width/height) // triggers the browser's "Waiting for video..." spinner. We can't deliver // width/height here because we don't yet know them — they show up in the // first TOKEN_BITMAPINFO from the device. // handleDisconnect detaches this client from any device it was watching and // — if no other authenticated client is still watching — closes the device's // screen sub-connection. Closing the TCP sub-conn is the signal the C++ // device firmware uses to stop screen capture, so this is how we ask the // device to free its encoder. func (h *wsHub) handleDisconnect(c *wsClient, _ []byte) { // Mirror handleConnect: take h.mu so event-handler readers // (OnResolutionChange/OnScreenFrame) get a consistent view of c.watching. h.mu.Lock() prev := c.watching c.watching = "" h.mu.Unlock() c.queue([]byte(`{"cmd":"disconnect_result","ok":true}`)) if prev != "" && h.countWatchers(prev) == 0 { h.devices.CloseScreen(prev) } } // countWatchers returns how many authenticated clients still have their // `watching` field pointing at deviceID. Called from disconnect paths. func (h *wsHub) countWatchers(deviceID string) int { h.mu.RLock() defer h.mu.RUnlock() n := 0 for c := range h.clients { if c.watching == deviceID { n++ } } return n } func (h *wsHub) handleConnect(c *wsClient, raw []byte) { if !h.requireAuth(c, raw, "connect_result") { return } var in struct { ID string `json:"id"` } if err := json.Unmarshal(raw, &in); err != nil || in.ID == "" { c.queue(mustJSON(map[string]any{"cmd": "connect_result", "ok": false, "msg": "Bad request"})) return } // If a screen session is already live for this device (another browser // is already watching), reuse it: hand the new viewer the current // resolution and the most recent IDR keyframe so its decoder can start // rendering immediately, without waiting for the next IDR (~15 s). cache := h.devices.ScreenState(in.ID) if cache.Active { c.queue(mustJSON(map[string]any{ "cmd": "connect_result", "ok": true, "width": cache.Width, "height": cache.Height, })) if len(cache.Keyframe) > 0 { c.queueBinary(cache.Keyframe) } h.mu.Lock() c.watching = in.ID h.mu.Unlock() return } // No active session — kick the device to start capturing. We send the // same 32-byte COMMAND_SCREEN_SPY payload the C++ WebService sends: // [0]=COMMAND_SCREEN_SPY, [1]=0 (GDI), [2]=ALGORITHM_H264, [3]=1 (multi-screen), // [4..31]=0. cmd := make([]byte, 32) cmd[0] = protocol.CommandScreenSpy cmd[2] = protocol.AlgorithmH264 cmd[3] = 1 // CRITICAL: bind c.watching BEFORE asking the device to start capturing. // On fast reconnects the device's screen sub-conn handshake completes in // <100 ms, so TOKEN_BITMAPINFO and even the first H264 frame can arrive // before this handler finishes — and the resolution_changed / frame // broadcasts in wsHub filter on c.watching. With the assignment after // SendToDevice the new viewer silently misses the very first IDR and // resolution_changed, leaving the page stuck on "Waiting for video". // // The write needs to share the lock event handlers use to read c.watching // (they iterate h.clients under h.mu.RLock). Without that the write is a // data race; on a fast reconnect the reader goroutine can keep observing // the previous value ("") long enough to drop the first resolution_changed // and the first IDR, which produces the exact "every other quick reconnect // goes black" symptom — the C++ server avoids it because it does the same // state mutation under std::mutex and reaps the memory-barrier as a bonus. h.mu.Lock() c.watching = in.ID h.mu.Unlock() if err := h.devices.SendToDevice(in.ID, cmd); err != nil { // Roll back the watching flag if we never managed to kick capture. h.mu.Lock() c.watching = "" h.mu.Unlock() msg := "Device offline" if err != hub.ErrDeviceOffline { msg = "Failed to start screen capture" h.log.Error("SendToDevice(%s): %v", in.ID, err) } c.queue(mustJSON(map[string]any{"cmd": "connect_result", "ok": false, "msg": msg})) return } h.log.Info("[timing] COMMAND_SCREEN_SPY sent to device=%s (cold start)", in.ID) c.queue(mustJSON(map[string]any{"cmd": "connect_result", "ok": true})) } // handleRdpReset asks the device to switch its screen capture back to the // physical console session ("RDP 会话归位"). Useful when someone has RDP'd into // the box: the device's screen thread is by default attached to whatever WTS // session is currently active, so the operator may otherwise see a login // screen or a different user's desktop instead of the local console. // // Fire-and-forget on purpose, matching the C++ server and the browser UI — // front-end ignores any reply, so we don't send one. Failures (device offline, // no active screen session, browser hasn't called `connect` yet) are warn- // logged server-side only. func (h *wsHub) handleRdpReset(c *wsClient, raw []byte) { if !h.requireAuth(c, raw, "rdp_reset_result") { return } deviceID := c.watching if deviceID == "" { h.log.Warn("rdp_reset: no device watched (addr=%s role=%s)", c.addr, c.role) return } // CMD_RESTORE_CONSOLE must go through the screen sub-conn — the client // dispatches it from CScreenManager::OnReceive, which only reads from // the screen sub-conn (see client/ScreenManager.cpp:996). Sending on the // main conn would silently no-op. if err := h.devices.SendToScreen(deviceID, []byte{protocol.CmdRestoreConsole}); err != nil { h.log.Warn("rdp_reset: device=%s: %v", deviceID, err) return } h.log.Info("rdp_reset sent: device=%s", deviceID) } func (h *wsHub) handleGetDevices(c *wsClient, raw []byte) { if !h.requireAuth(c, raw, "device_list") { return } devices := h.devices.ListDevices() c.queue(mustJSON(map[string]any{ "cmd": "device_list", "ok": true, "devices": devices, })) } // requireAuth validates the token embedded in raw against the authenticator's // session store (not against c.token). Tokens live independently of WS // connections — the browser may reconnect after a visibility/network blip and // resume with the same token, so we must not tie validity to one WS lifetime. // On the first authenticated message we cache the token/role on the wsClient // so broadcasts know to deliver to this connection. func (h *wsHub) requireAuth(c *wsClient, raw []byte, replyCmd string) bool { var in struct { Token string `json:"token"` } _ = json.Unmarshal(raw, &in) if in.Token == "" { c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": false})) return false } sess, err := h.auth.ValidateToken(in.Token) if err != nil { c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": false})) return false } if c.token == "" { c.token = in.Token c.role = sess.Role } return true } // handleMouse forwards one mouse event from the browser to the device's // screen sub-connection as a COMMAND_SCREEN_CONTROL packet carrying a // single MSG64. Mirrors the C++ CWebService::HandleMouse path // (server/2015Remote/WebService.cpp:773) so the client's // CScreenManager::ProcessCommand sees identical bytes regardless of which // server is serving the device. Unauthenticated and unknown event types // drop silently — input is high-frequency, error replies would just spam // the WS. func (h *wsHub) handleMouse(c *wsClient, raw []byte) { if !h.requireAuth(c, raw, "mouse_result") { return } var in struct { Type string `json:"type"` X int32 `json:"x"` Y int32 `json:"y"` Button int `json:"button"` Delta int `json:"delta"` } if err := json.Unmarshal(raw, &in); err != nil { return } deviceID := c.watching if deviceID == "" { return // browser hasn't picked a device yet } var message, wParam uint64 switch in.Type { case "down": switch in.Button { case 0: message, wParam = protocol.WMLButtonDown, protocol.MKLButton case 1: message, wParam = protocol.WMMButtonDown, protocol.MKMButton case 2: message, wParam = protocol.WMRButtonDown, protocol.MKRButton default: return } case "up": switch in.Button { case 0: message = protocol.WMLButtonUp case 1: message = protocol.WMMButtonUp case 2: message = protocol.WMRButtonUp default: return } case "move": message = protocol.WMMouseMove case "wheel": message = protocol.WMMouseWheel // Windows expects ±120 per notch in HIWORD(wParam). Browsers report // `deltaY` in pixels with sign flipped relative to Win32 conventions // (positive deltaY = scroll down). Normalize to one notch per call, // signed so up scrolls "up" on the remote. var wheel int16 switch { case in.Delta > 0: wheel = -120 case in.Delta < 0: wheel = 120 } wParam = uint64(uint16(wheel)) << 16 case "dblclick": // Windows synthesizes double-click from rapid down/up sequences, so // the C++ server only forwards this for macOS clients. We don't // currently track client OS on the Go side; drop the event — the // down/up pair the browser already sent is sufficient on Windows. return default: return } lParam := protocol.MakeLParam(in.X, in.Y) pkt := protocol.BuildScreenControlPacket(message, wParam, lParam, in.X, in.Y, tickMillis()) _ = h.devices.SendToScreen(deviceID, pkt) } // handleKey forwards one keyboard event to the device. lParam is built to // match the Windows convention so applications relying on TranslateMessage // (e.g. text input fields) behave correctly. Mirrors // CWebService::HandleKey at server/2015Remote/WebService.cpp:878. // // Scan code: the C++ server resolves the VK -> scan code via the local // MapVirtualKey. Go is cross-platform so we leave the scan-code bits zero; // the client side ultimately delivers events via SendInput/keybd_event // which accept VK-only input, and the extended-key bit (bit 24) is what // actually matters for distinguishing numpad/arrow keys. func (h *wsHub) handleKey(c *wsClient, raw []byte) { if !h.requireAuth(c, raw, "key_result") { return } var in struct { KeyCode int `json:"keyCode"` Down bool `json:"down"` Alt bool `json:"alt"` } if err := json.Unmarshal(raw, &in); err != nil { return } if in.KeyCode == protocol.VKLWin || in.KeyCode == protocol.VKRWin { return // Windows keys stay local; matches both C++ server and client } deviceID := c.watching if deviceID == "" { return } var message uint64 switch { case in.Alt && in.Down: message = protocol.WMSysKeyDown case in.Alt && !in.Down: message = protocol.WMSysKeyUp case in.Down: message = protocol.WMKeyDown default: message = protocol.WMKeyUp } // lParam layout (Win32 keyboard message): // bits 0..15: repeat count (= 1) // bits 16..23: scan code (we leave zero — see handleKey doc) // bit 24: extended-key flag (arrows, numpad, RCtrl, RAlt, ...) // bit 29: context code (Alt held) // bits 30..31: previous-key/transition flags (both set on key-up) lParam := uint64(1) if protocol.IsExtendedKey(in.KeyCode) { lParam |= 1 << 24 } if in.Alt { lParam |= 1 << 29 } if !in.Down { lParam |= 3 << 30 } wParam := uint64(uint32(in.KeyCode)) pkt := protocol.BuildScreenControlPacket(message, wParam, lParam, 0, 0, tickMillis()) _ = h.devices.SendToScreen(deviceID, pkt) } // handleCreateUser provisions a new web account. Admin-only. Mirrors the // C++ CWebService::HandleCreateUser semantics (WebService.cpp:1009): the // password is hashed with a fresh salt, the user table is persisted, and // any duplicate username is rejected. func (h *wsHub) handleCreateUser(c *wsClient, raw []byte) { const replyCmd = "create_user_result" if !h.requireAdmin(c, raw, replyCmd) { return } var in struct { Username string `json:"username"` Password string `json:"password"` Role string `json:"role"` AllowedGroups []string `json:"allowed_groups"` } if err := json.Unmarshal(raw, &in); err != nil { c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": false, "msg": "Invalid JSON"})) return } if in.Role == "" { in.Role = "viewer" } if err := h.auth.CreateUser(in.Username, in.Password, in.Role, in.AllowedGroups); err != nil { c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": false, "msg": err.Error()})) return } h.log.Info("user created by %s: name=%s role=%s groups=%d", c.role, in.Username, in.Role, len(in.AllowedGroups)) c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": true})) } // handleDeleteUser removes an account and revokes any of its live sessions. // Admin-only. The bootstrap "admin" account is rejected at the wsauth layer. func (h *wsHub) handleDeleteUser(c *wsClient, raw []byte) { const replyCmd = "delete_user_result" if !h.requireAdmin(c, raw, replyCmd) { return } var in struct { Username string `json:"username"` } if err := json.Unmarshal(raw, &in); err != nil { c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": false, "msg": "Invalid JSON"})) return } if err := h.auth.DeleteUser(in.Username); err != nil { c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": false, "msg": err.Error()})) return } h.log.Info("user deleted by %s: name=%s", c.role, in.Username) c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": true})) } // handleListUsers returns the account table to admin callers. Field shape // matches the C++ list_users_result the browser already parses: an array // of {username, role, allowed_groups}. func (h *wsHub) handleListUsers(c *wsClient, raw []byte) { const replyCmd = "list_users_result" if !h.requireAdmin(c, raw, replyCmd) { return } users := h.auth.ListUsers() out := make([]map[string]any, 0, len(users)) for _, u := range users { groups := u.AllowedGroups if groups == nil { groups = []string{} } out = append(out, map[string]any{ "username": u.Username, "role": u.Role, "allowed_groups": groups, }) } c.queue(mustJSON(map[string]any{ "cmd": replyCmd, "ok": true, "users": out, })) } // handleGetGroups returns the deduplicated set of group labels currently // observed on online devices, plus a synthetic "default" entry that the // admin UI uses for ungrouped devices. Admin-only — non-admins don't get // to enumerate the device fleet's groups. Matches the contract of // CWebService::HandleGetGroups (WebService.cpp:1130). func (h *wsHub) handleGetGroups(c *wsClient, raw []byte) { const replyCmd = "groups" if !h.requireAdmin(c, raw, replyCmd) { return } seen := map[string]struct{}{"default": {}} for _, d := range h.devices.ListDevices() { g := d.Group if g == "" { g = "default" } seen[g] = struct{}{} } groups := make([]string, 0, len(seen)) for g := range seen { groups = append(groups, g) } sort.Strings(groups) c.queue(mustJSON(map[string]any{ "cmd": replyCmd, "ok": true, "groups": groups, })) } // handleTermOpen kicks off a web terminal session. On success the wsClient // records `termWatching = deviceID` so subsequent term_input / term_resize // have a target, and the hub sends COMMAND_SHELL to the device. The // device's shell sub-conn arrives separately and is bound by the TCP layer // via Hub.BindTerminalConn; that step fires OnTerminalReady to flip the // browser into "ready" state. // // Single-viewer is enforced at the hub. The C++ side matches: // server/2015Remote/WebService.cpp:1799. func (h *wsHub) handleTermOpen(c *wsClient, raw []byte) { const replyCmd = "term_closed" if !h.requireAuth(c, raw, replyCmd) { return } var in struct { ID string `json:"id"` } if err := json.Unmarshal(raw, &in); err != nil || in.ID == "" { c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": false, "msg": "Bad request"})) return } // Pin termWatching BEFORE asking the hub to open the session: the // device's shell sub-conn can arrive in <100 ms on LAN, and // OnTerminalReady filters by termWatching. Same race shape as the // screen path in handleConnect. h.mu.Lock() if c.termWatching != "" && c.termWatching != in.ID { h.mu.Unlock() c.queue(mustJSON(map[string]any{ "cmd": replyCmd, "ok": false, "msg": "Close current terminal before opening another", })) return } c.termWatching = in.ID h.mu.Unlock() if err := h.devices.OpenTerminalSession(in.ID); err != nil { h.mu.Lock() c.termWatching = "" h.mu.Unlock() msg := "Device offline" switch err { case hub.ErrTerminalBusy: msg = "Terminal already open by another viewer" case hub.ErrDeviceOffline: msg = "Device offline" default: msg = "Failed to start terminal" h.log.Error("OpenTerminalSession(%s): %v", in.ID, err) } c.queue(mustJSON(map[string]any{"cmd": replyCmd, "ok": false, "msg": msg})) return } h.log.Info("term_open: device=%s role=%s", in.ID, c.role) } // handleTermInput forwards xterm.js keystrokes to the device's shell // sub-conn verbatim. The client's ConPTYManager treats anything that // isn't a known control byte (CMD_TERMINAL_RESIZE / COMMAND_NEXT) as // raw PTY input — see client/ConPTYManager.cpp:244. func (h *wsHub) handleTermInput(c *wsClient, raw []byte) { if !h.requireAuth(c, raw, "term_input_result") { return } var in struct { ID string `json:"id"` Data string `json:"data"` } if err := json.Unmarshal(raw, &in); err != nil { return } if in.ID == "" || in.Data == "" { return } if c.termWatching != in.ID { return // someone else's session, or no session } _ = h.devices.SendToTerminal(in.ID, []byte(in.Data)) } // handleTermResize forwards xterm.js fit/resize events to the device's // PTY. Legacy cmd-pipe mode silently ignores resize (the underlying // pipes have no notion of geometry). func (h *wsHub) handleTermResize(c *wsClient, raw []byte) { if !h.requireAuth(c, raw, "term_resize_result") { return } var in struct { ID string `json:"id"` Cols int `json:"cols"` Rows int `json:"rows"` } if err := json.Unmarshal(raw, &in); err != nil { return } if in.ID == "" || in.Cols <= 0 || in.Rows <= 0 { return } if c.termWatching != in.ID { return } if !h.devices.TerminalIsPTY(in.ID) { return // legacy cmd pipe — ignored, same as the C++ guard } _ = h.devices.SendToTerminal(in.ID, protocol.BuildTerminalResize(in.Cols, in.Rows)) } // handleTermClose tears down the active session. CloseTerminalSession // fires OnTerminalClosed which the wsHub broadcast loop turns into the // front-end's `term_closed` notification — no need to ack here. func (h *wsHub) handleTermClose(c *wsClient, raw []byte) { if !h.requireAuth(c, raw, "term_closed") { return } var in struct { ID string `json:"id"` } if err := json.Unmarshal(raw, &in); err != nil || in.ID == "" { return } if c.termWatching != in.ID { return } h.devices.CloseTerminalSession(in.ID) } // tickMillis returns a 32-bit-truncated ms timestamp suitable for the // MSG64.time field. The client compares these with GetTickCount(), which // is also a 32-bit ms counter — exact origin doesn't matter, only that // successive events have non-decreasing values within the wrap window. func tickMillis() uint32 { return uint32(time.Now().UnixMilli() & 0xFFFFFFFF) } func mustJSON(v any) []byte { b, err := json.Marshal(v) if err != nil { // All callers pass simple map[string]any with primitive values; // marshal can't realistically fail. If it does, return a safe fallback. return []byte(`{"cmd":"error","msg":"internal encode error"}`) } return b }