move server to server directory.

server/internal/api/members/bluk.go

@@ -0,0 +1,84 @@
+package members
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+type MemberBulkUpdatePayload struct {
+	IDs     []string            `json:"ids"`
+	Profile types.MemberProfile `json:"profile"`
+}
+
+func (h *MembersHandler) membersBulkUpdate(w http.ResponseWriter, r *http.Request) error {
+	bytes, err := io.ReadAll(r.Body)
+	if err != nil {
+		return utils.HttpBadRequest("unable to read post body").WithInternalErr(err)
+	}
+
+	header := &MemberBulkUpdatePayload{}
+	if err := json.Unmarshal(bytes, &header); err != nil {
+		return utils.HttpBadRequest("unable to unmarshal payload").WithInternalErr(err)
+	}
+
+	for _, memberId := range header.IDs {
+		// TODO: Bulk select?
+		profile, err := h.members.Select(memberId)
+		if err != nil {
+			return utils.HttpInternalServerError().
+				WithInternalErr(err).
+				WithInternalMsg("unable to select member profile").
+				Msgf("failed to update member %s", memberId)
+		}
+
+		body := &MemberBulkUpdatePayload{
+			Profile: profile,
+		}
+
+		if err := json.Unmarshal(bytes, &body); err != nil {
+			return utils.HttpBadRequest().
+				WithInternalErr(err).
+				Msgf("unable to unmarshal payload for member %s", memberId)
+		}
+
+		if err := h.members.UpdateProfile(memberId, body.Profile); err != nil {
+			return utils.HttpInternalServerError().
+				WithInternalErr(err).
+				WithInternalMsg("unable to update member profile").
+				Msgf("failed to update member %s", memberId)
+		}
+	}
+
+	return utils.HttpSuccess(w)
+}
+
+type MemberBulkDeletePayload struct {
+	IDs []string `json:"ids"`
+}
+
+func (h *MembersHandler) membersBulkDelete(w http.ResponseWriter, r *http.Request) error {
+	bytes, err := io.ReadAll(r.Body)
+	if err != nil {
+		return utils.HttpBadRequest("unable to read post body").WithInternalErr(err)
+	}
+
+	data := &MemberBulkDeletePayload{}
+	if err := json.Unmarshal(bytes, &data); err != nil {
+		return utils.HttpBadRequest("unable to unmarshal payload").WithInternalErr(err)
+	}
+
+	for _, memberId := range data.IDs {
+		if err := h.members.Delete(memberId); err != nil {
+			return utils.HttpInternalServerError().
+				WithInternalErr(err).
+				WithInternalMsg("unable to delete member").
+				Msgf("failed to delete member %s", memberId)
+		}
+	}
+
+	return utils.HttpSuccess(w)
+}

server/internal/api/members/controler.go

@@ -0,0 +1,144 @@
+package members
+
+import (
+	"errors"
+	"net/http"
+	"strconv"
+
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+type MemberDataPayload struct {
+	ID      string              `json:"id"`
+	Profile types.MemberProfile `json:"profile"`
+}
+
+type MemberCreatePayload struct {
+	Username string              `json:"username"`
+	Password string              `json:"password"`
+	Profile  types.MemberProfile `json:"profile"`
+}
+
+type MemberPasswordPayload struct {
+	Password string `json:"password"`
+}
+
+func (h *MembersHandler) membersList(w http.ResponseWriter, r *http.Request) error {
+	limit, err := strconv.Atoi(r.URL.Query().Get("limit"))
+	if err != nil {
+		// TODO: Default zero.
+		limit = 0
+	}
+
+	offset, err := strconv.Atoi(r.URL.Query().Get("offset"))
+	if err != nil {
+		// TODO: Default zero.
+		offset = 0
+	}
+
+	entries, err := h.members.SelectAll(limit, offset)
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	members := []MemberDataPayload{}
+	for id, profile := range entries {
+		members = append(members, MemberDataPayload{
+			ID:      id,
+			Profile: profile,
+		})
+	}
+
+	return utils.HttpSuccess(w, members)
+}
+
+func (h *MembersHandler) membersCreate(w http.ResponseWriter, r *http.Request) error {
+	data := &MemberCreatePayload{
+		// default values
+		Profile: types.MemberProfile{
+			IsAdmin:               false,
+			CanLogin:              true,
+			CanConnect:            true,
+			CanWatch:              true,
+			CanHost:               true,
+			CanShareMedia:         true,
+			CanAccessClipboard:    true,
+			SendsInactiveCursor:   true,
+			CanSeeInactiveCursors: true,
+		},
+	}
+
+	if err := utils.HttpJsonRequest(w, r, data); err != nil {
+		return err
+	}
+
+	if data.Username == "" {
+		return utils.HttpBadRequest("username cannot be empty")
+	}
+
+	if data.Password == "" {
+		return utils.HttpBadRequest("password cannot be empty")
+	}
+
+	id, err := h.members.Insert(data.Username, data.Password, data.Profile)
+	if err != nil {
+		if errors.Is(err, types.ErrMemberAlreadyExists) {
+			return utils.HttpUnprocessableEntity("member already exists")
+		}
+
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w, MemberDataPayload{
+		ID:      id,
+		Profile: data.Profile,
+	})
+}
+
+func (h *MembersHandler) membersRead(w http.ResponseWriter, r *http.Request) error {
+	member := GetMember(r)
+	profile := member.Profile
+
+	return utils.HttpSuccess(w, profile)
+}
+
+func (h *MembersHandler) membersUpdateProfile(w http.ResponseWriter, r *http.Request) error {
+	member := GetMember(r)
+	data := &member.Profile
+
+	if err := utils.HttpJsonRequest(w, r, data); err != nil {
+		return err
+	}
+
+	if err := h.members.UpdateProfile(member.ID, *data); err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *MembersHandler) membersUpdatePassword(w http.ResponseWriter, r *http.Request) error {
+	member := GetMember(r)
+	data := &MemberPasswordPayload{}
+
+	if err := utils.HttpJsonRequest(w, r, data); err != nil {
+		return err
+	}
+
+	if err := h.members.UpdatePassword(member.ID, data.Password); err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *MembersHandler) membersDelete(w http.ResponseWriter, r *http.Request) error {
+	member := GetMember(r)
+
+	if err := h.members.Delete(member.ID); err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w)
+}

server/internal/api/members/handler.go

@@ -0,0 +1,83 @@
+package members
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	"github.com/go-chi/chi"
+
+	"github.com/demodesk/neko/pkg/auth"
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+type key int
+
+const keyMemberCtx key = iota
+
+type MembersHandler struct {
+	members types.MemberManager
+}
+
+func New(
+	members types.MemberManager,
+) *MembersHandler {
+	// Init
+
+	return &MembersHandler{
+		members: members,
+	}
+}
+
+func (h *MembersHandler) Route(r types.Router) {
+	r.Get("/", h.membersList)
+
+	r.With(auth.AdminsOnly).Group(func(r types.Router) {
+		r.Post("/", h.membersCreate)
+		r.With(h.ExtractMember).Route("/{memberId}", func(r types.Router) {
+			r.Get("/", h.membersRead)
+			r.Post("/", h.membersUpdateProfile)
+			r.Post("/password", h.membersUpdatePassword)
+			r.Delete("/", h.membersDelete)
+		})
+	})
+}
+
+func (h *MembersHandler) RouteBulk(r types.Router) {
+	r.With(auth.AdminsOnly).Group(func(r types.Router) {
+		r.Post("/update", h.membersBulkUpdate)
+		r.Post("/delete", h.membersBulkDelete)
+	})
+}
+
+type MemberData struct {
+	ID      string
+	Profile types.MemberProfile
+}
+
+func SetMember(r *http.Request, session MemberData) context.Context {
+	return context.WithValue(r.Context(), keyMemberCtx, session)
+}
+
+func GetMember(r *http.Request) MemberData {
+	return r.Context().Value(keyMemberCtx).(MemberData)
+}
+
+func (h *MembersHandler) ExtractMember(w http.ResponseWriter, r *http.Request) (context.Context, error) {
+	memberId := chi.URLParam(r, "memberId")
+
+	profile, err := h.members.Select(memberId)
+	if err != nil {
+		if errors.Is(err, types.ErrMemberDoesNotExist) {
+			return nil, utils.HttpNotFound("member not found")
+		}
+
+		return nil, utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return SetMember(r, MemberData{
+		ID:      memberId,
+		Profile: profile,
+	}), nil
+}

server/internal/api/room/broadcast.go

@@ -0,0 +1,70 @@
+package room
+
+import (
+	"net/http"
+
+	"github.com/demodesk/neko/pkg/types/event"
+	"github.com/demodesk/neko/pkg/types/message"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+type BroadcastStatusPayload struct {
+	URL      string `json:"url,omitempty"`
+	IsActive bool   `json:"is_active"`
+}
+
+func (h *RoomHandler) broadcastStatus(w http.ResponseWriter, r *http.Request) error {
+	broadcast := h.capture.Broadcast()
+
+	return utils.HttpSuccess(w, BroadcastStatusPayload{
+		IsActive: broadcast.Started(),
+		URL:      broadcast.Url(),
+	})
+}
+
+func (h *RoomHandler) boradcastStart(w http.ResponseWriter, r *http.Request) error {
+	data := &BroadcastStatusPayload{}
+	if err := utils.HttpJsonRequest(w, r, data); err != nil {
+		return err
+	}
+
+	if data.URL == "" {
+		return utils.HttpBadRequest("missing broadcast URL")
+	}
+
+	broadcast := h.capture.Broadcast()
+	if broadcast.Started() {
+		return utils.HttpUnprocessableEntity("server is already broadcasting")
+	}
+
+	if err := broadcast.Start(data.URL); err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	h.sessions.AdminBroadcast(
+		event.BORADCAST_STATUS,
+		message.BroadcastStatus{
+			IsActive: broadcast.Started(),
+			URL:      broadcast.Url(),
+		})
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) boradcastStop(w http.ResponseWriter, r *http.Request) error {
+	broadcast := h.capture.Broadcast()
+	if !broadcast.Started() {
+		return utils.HttpUnprocessableEntity("server is not broadcasting")
+	}
+
+	broadcast.Stop()
+
+	h.sessions.AdminBroadcast(
+		event.BORADCAST_STATUS,
+		message.BroadcastStatus{
+			IsActive: broadcast.Started(),
+			URL:      broadcast.Url(),
+		})
+
+	return utils.HttpSuccess(w)
+}

server/internal/api/room/clipboard.go

@@ -0,0 +1,107 @@
+package room
+
+import (
+	// TODO: Unused now.
+	//"bytes"
+	//"strings"
+
+	"net/http"
+
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+type ClipboardPayload struct {
+	Text string `json:"text,omitempty"`
+	HTML string `json:"html,omitempty"`
+}
+
+func (h *RoomHandler) clipboardGetText(w http.ResponseWriter, r *http.Request) error {
+	data, err := h.desktop.ClipboardGetText()
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w, ClipboardPayload{
+		Text: data.Text,
+		HTML: data.HTML,
+	})
+}
+
+func (h *RoomHandler) clipboardSetText(w http.ResponseWriter, r *http.Request) error {
+	data := &ClipboardPayload{}
+	if err := utils.HttpJsonRequest(w, r, data); err != nil {
+		return err
+	}
+
+	err := h.desktop.ClipboardSetText(types.ClipboardText{
+		Text: data.Text,
+		HTML: data.HTML,
+	})
+
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) clipboardGetImage(w http.ResponseWriter, r *http.Request) error {
+	bytes, err := h.desktop.ClipboardGetBinary("image/png")
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+	w.Header().Set("Content-Type", "image/png")
+
+	_, err = w.Write(bytes)
+	return err
+}
+
+/* TODO: Unused now.
+func (h *RoomHandler) clipboardSetImage(w http.ResponseWriter, r *http.Request) error {
+	err := r.ParseMultipartForm(MAX_UPLOAD_SIZE)
+	if err != nil {
+		return utils.HttpBadRequest("failed to parse multipart form").WithInternalErr(err)
+	}
+
+	//nolint
+	defer r.MultipartForm.RemoveAll()
+
+	file, header, err := r.FormFile("file")
+	if err != nil {
+		return utils.HttpBadRequest("no file received").WithInternalErr(err)
+	}
+
+	defer file.Close()
+
+	mime := header.Header.Get("Content-Type")
+	if !strings.HasPrefix(mime, "image/") {
+		return utils.HttpBadRequest("file must be image")
+	}
+
+	buffer := new(bytes.Buffer)
+	_, err = buffer.ReadFrom(file)
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err).WithInternalMsg("unable to read from uploaded file")
+	}
+
+	err = h.desktop.ClipboardSetBinary("image/png", buffer.Bytes())
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err).WithInternalMsg("unable set image to clipboard")
+	}
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) clipboardGetTargets(w http.ResponseWriter, r *http.Request) error {
+	targets, err := h.desktop.ClipboardGetTargets()
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w, targets)
+}
+
+*/

server/internal/api/room/control.go

@@ -0,0 +1,109 @@
+package room
+
+import (
+	"net/http"
+
+	"github.com/go-chi/chi"
+
+	"github.com/demodesk/neko/pkg/auth"
+	"github.com/demodesk/neko/pkg/types/event"
+	"github.com/demodesk/neko/pkg/types/message"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+type ControlStatusPayload struct {
+	HasHost bool   `json:"has_host"`
+	HostId  string `json:"host_id,omitempty"`
+}
+
+type ControlTargetPayload struct {
+	ID string `json:"id"`
+}
+
+func (h *RoomHandler) controlStatus(w http.ResponseWriter, r *http.Request) error {
+	host, hasHost := h.sessions.GetHost()
+
+	var hostId string
+	if hasHost {
+		hostId = host.ID()
+	}
+
+	return utils.HttpSuccess(w, ControlStatusPayload{
+		HasHost: hasHost,
+		HostId:  hostId,
+	})
+}
+
+func (h *RoomHandler) controlRequest(w http.ResponseWriter, r *http.Request) error {
+	session, _ := auth.GetSession(r)
+	host, hasHost := h.sessions.GetHost()
+	if hasHost {
+		// TODO: Some throttling mechanism to prevent spamming.
+
+		// let host know that someone wants to take control
+		host.Send(
+			event.CONTROL_REQUEST,
+			message.SessionID{
+				ID: session.ID(),
+			})
+
+		return utils.HttpError(http.StatusAccepted, "control request sent")
+	}
+
+	if h.sessions.Settings().LockedControls && !session.Profile().IsAdmin {
+		return utils.HttpForbidden("controls are locked")
+	}
+
+	session.SetAsHost()
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) controlRelease(w http.ResponseWriter, r *http.Request) error {
+	session, _ := auth.GetSession(r)
+	if !session.IsHost() {
+		return utils.HttpUnprocessableEntity("session is not the host")
+	}
+
+	h.desktop.ResetKeys()
+	session.ClearHost()
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) controlTake(w http.ResponseWriter, r *http.Request) error {
+	session, _ := auth.GetSession(r)
+	session.SetAsHost()
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) controlGive(w http.ResponseWriter, r *http.Request) error {
+	session, _ := auth.GetSession(r)
+	sessionId := chi.URLParam(r, "sessionId")
+
+	target, ok := h.sessions.Get(sessionId)
+	if !ok {
+		return utils.HttpNotFound("target session was not found")
+	}
+
+	if !target.Profile().CanHost {
+		return utils.HttpBadRequest("target session is not allowed to host")
+	}
+
+	target.SetAsHostBy(session)
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) controlReset(w http.ResponseWriter, r *http.Request) error {
+	session, _ := auth.GetSession(r)
+	_, hasHost := h.sessions.GetHost()
+
+	if hasHost {
+		h.desktop.ResetKeys()
+		session.ClearHost()
+	}
+
+	return utils.HttpSuccess(w)
+}

server/internal/api/room/handler.go

@@ -0,0 +1,126 @@
+package room
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/rs/zerolog/log"
+
+	"github.com/demodesk/neko/pkg/auth"
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+type RoomHandler struct {
+	sessions types.SessionManager
+	desktop  types.DesktopManager
+	capture  types.CaptureManager
+
+	privateModeImage []byte
+}
+
+func New(
+	sessions types.SessionManager,
+	desktop types.DesktopManager,
+	capture types.CaptureManager,
+) *RoomHandler {
+	h := &RoomHandler{
+		sessions: sessions,
+		desktop:  desktop,
+		capture:  capture,
+	}
+
+	// generate fallback image for private mode when needed
+	sessions.OnSettingsChanged(func(session types.Session, new, old types.Settings) {
+		if old.PrivateMode && !new.PrivateMode {
+			log.Debug().Msg("clearing private mode fallback image")
+			h.privateModeImage = nil
+			return
+		}
+
+		if !old.PrivateMode && new.PrivateMode {
+			img := h.desktop.GetScreenshotImage()
+			bytes, err := utils.CreateJPGImage(img, 90)
+			if err != nil {
+				log.Err(err).Msg("could not generate private mode fallback image")
+				return
+			}
+
+			log.Debug().Msg("using private mode fallback image")
+			h.privateModeImage = bytes
+		}
+	})
+
+	return h
+}
+
+func (h *RoomHandler) Route(r types.Router) {
+	r.With(auth.AdminsOnly).Route("/settings", func(r types.Router) {
+		r.Post("/", h.settingsSet)
+		r.Get("/", h.settingsGet)
+	})
+
+	r.With(auth.AdminsOnly).Route("/broadcast", func(r types.Router) {
+		r.Get("/", h.broadcastStatus)
+		r.Post("/start", h.boradcastStart)
+		r.Post("/stop", h.boradcastStop)
+	})
+
+	r.With(auth.CanAccessClipboardOnly).With(auth.HostsOnly).Route("/clipboard", func(r types.Router) {
+		r.Get("/", h.clipboardGetText)
+		r.Post("/", h.clipboardSetText)
+		r.Get("/image.png", h.clipboardGetImage)
+
+		// TODO: Refactor. xclip is failing to set propper target type
+		// and this content is sent back to client as text in another
+		// clipboard update. Therefore endpoint is not usable!
+		//r.Post("/image", h.clipboardSetImage)
+
+		// TODO: Refactor. If there would be implemented custom target
+		// retrieval, this endpoint would be useful.
+		//r.Get("/targets", h.clipboardGetTargets)
+	})
+
+	r.With(auth.CanHostOnly).Route("/keyboard", func(r types.Router) {
+		r.Get("/map", h.keyboardMapGet)
+		r.With(auth.HostsOnly).Post("/map", h.keyboardMapSet)
+
+		r.Get("/modifiers", h.keyboardModifiersGet)
+		r.With(auth.HostsOnly).Post("/modifiers", h.keyboardModifiersSet)
+	})
+
+	r.With(auth.CanHostOnly).Route("/control", func(r types.Router) {
+		r.Get("/", h.controlStatus)
+		r.Post("/request", h.controlRequest)
+		r.Post("/release", h.controlRelease)
+
+		r.With(auth.AdminsOnly).Post("/take", h.controlTake)
+		r.With(auth.AdminsOnly).Post("/give/{sessionId}", h.controlGive)
+		r.With(auth.AdminsOnly).Post("/reset", h.controlReset)
+	})
+
+	r.With(auth.CanWatchOnly).Route("/screen", func(r types.Router) {
+		r.Get("/", h.screenConfiguration)
+		r.With(auth.AdminsOnly).Post("/", h.screenConfigurationChange)
+		r.With(auth.AdminsOnly).Get("/configurations", h.screenConfigurationsList)
+
+		r.Get("/cast.jpg", h.screenCastGet)
+		r.With(auth.AdminsOnly).Get("/shot.jpg", h.screenShotGet)
+	})
+
+	r.With(h.uploadMiddleware).Route("/upload", func(r types.Router) {
+		r.Post("/drop", h.uploadDrop)
+		r.Post("/dialog", h.uploadDialogPost)
+		r.Delete("/dialog", h.uploadDialogClose)
+	})
+
+}
+
+func (h *RoomHandler) uploadMiddleware(w http.ResponseWriter, r *http.Request) (context.Context, error) {
+	session, ok := auth.GetSession(r)
+	if !ok || (!session.IsHost() && (!session.Profile().CanHost || !h.sessions.Settings().ImplicitHosting)) {
+		return nil, utils.HttpForbidden("without implicit hosting, only host can upload files")
+	}
+
+	return nil, nil
+}

server/internal/api/room/keyboard.go

@@ -0,0 +1,47 @@
+package room
+
+import (
+	"net/http"
+
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+func (h *RoomHandler) keyboardMapSet(w http.ResponseWriter, r *http.Request) error {
+	keyboardMap := types.KeyboardMap{}
+	if err := utils.HttpJsonRequest(w, r, &keyboardMap); err != nil {
+		return err
+	}
+
+	err := h.desktop.SetKeyboardMap(keyboardMap)
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) keyboardMapGet(w http.ResponseWriter, r *http.Request) error {
+	keyboardMap, err := h.desktop.GetKeyboardMap()
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w, keyboardMap)
+}
+
+func (h *RoomHandler) keyboardModifiersSet(w http.ResponseWriter, r *http.Request) error {
+	keyboardModifiers := types.KeyboardModifiers{}
+	if err := utils.HttpJsonRequest(w, r, &keyboardModifiers); err != nil {
+		return err
+	}
+
+	h.desktop.SetKeyboardModifiers(keyboardModifiers)
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) keyboardModifiersGet(w http.ResponseWriter, r *http.Request) error {
+	keyboardModifiers := h.desktop.GetKeyboardModifiers()
+
+	return utils.HttpSuccess(w, keyboardModifiers)
+}

server/internal/api/room/screen.go

@@ -0,0 +1,101 @@
+package room
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/demodesk/neko/pkg/auth"
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/types/event"
+	"github.com/demodesk/neko/pkg/types/message"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+func (h *RoomHandler) screenConfiguration(w http.ResponseWriter, r *http.Request) error {
+	screenSize := h.desktop.GetScreenSize()
+
+	return utils.HttpSuccess(w, screenSize)
+}
+
+func (h *RoomHandler) screenConfigurationChange(w http.ResponseWriter, r *http.Request) error {
+	auth, _ := auth.GetSession(r)
+
+	data := &types.ScreenSize{}
+	if err := utils.HttpJsonRequest(w, r, data); err != nil {
+		return err
+	}
+
+	size, err := h.desktop.SetScreenSize(types.ScreenSize{
+		Width:  data.Width,
+		Height: data.Height,
+		Rate:   data.Rate,
+	})
+
+	if err != nil {
+		return utils.HttpUnprocessableEntity("cannot set screen size").WithInternalErr(err)
+	}
+
+	h.sessions.Broadcast(event.SCREEN_UPDATED, message.ScreenSizeUpdate{
+		ID:         auth.ID(),
+		ScreenSize: size,
+	})
+
+	return utils.HttpSuccess(w, data)
+}
+
+// TODO: remove.
+func (h *RoomHandler) screenConfigurationsList(w http.ResponseWriter, r *http.Request) error {
+	configurations := h.desktop.ScreenConfigurations()
+
+	return utils.HttpSuccess(w, configurations)
+}
+
+func (h *RoomHandler) screenShotGet(w http.ResponseWriter, r *http.Request) error {
+	quality, err := strconv.Atoi(r.URL.Query().Get("quality"))
+	if err != nil {
+		quality = 90
+	}
+
+	img := h.desktop.GetScreenshotImage()
+	bytes, err := utils.CreateJPGImage(img, quality)
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+	w.Header().Set("Content-Type", "image/jpeg")
+
+	_, err = w.Write(bytes)
+	return err
+}
+
+func (h *RoomHandler) screenCastGet(w http.ResponseWriter, r *http.Request) error {
+	// display fallback image when private mode is enabled even if screencast is not
+	if session, ok := auth.GetSession(r); ok && session.PrivateModeEnabled() {
+		if h.privateModeImage != nil {
+			w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+			w.Header().Set("Content-Type", "image/jpeg")
+
+			_, err := w.Write(h.privateModeImage)
+			return err
+		}
+
+		return utils.HttpBadRequest("private mode is enabled but no fallback image available")
+	}
+
+	screencast := h.capture.Screencast()
+	if !screencast.Enabled() {
+		return utils.HttpBadRequest("screencast pipeline is not enabled")
+	}
+
+	bytes, err := screencast.Image()
+	if err != nil {
+		return utils.HttpInternalServerError().WithInternalErr(err)
+	}
+
+	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+	w.Header().Set("Content-Type", "image/jpeg")
+
+	_, err = w.Write(bytes)
+	return err
+}

server/internal/api/room/settings.go

@@ -0,0 +1,38 @@
+package room
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+
+	"github.com/demodesk/neko/pkg/auth"
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+func (h *RoomHandler) settingsGet(w http.ResponseWriter, r *http.Request) error {
+	settings := h.sessions.Settings()
+	return utils.HttpSuccess(w, settings)
+}
+
+func (h *RoomHandler) settingsSet(w http.ResponseWriter, r *http.Request) error {
+	session, _ := auth.GetSession(r)
+
+	// We read the request body first and unmashal it inside the UpdateSettingsFunc
+	// to ensure atomicity of the operation.
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		return utils.HttpBadRequest("unable to read request body").WithInternalErr(err)
+	}
+
+	h.sessions.UpdateSettingsFunc(session, func(settings *types.Settings) bool {
+		err = json.Unmarshal(body, settings)
+		return err == nil
+	})
+
+	if err != nil {
+		return utils.HttpBadRequest("unable to parse provided data").WithInternalErr(err)
+	}
+
+	return utils.HttpSuccess(w)
+}

server/internal/api/room/upload.go

@@ -0,0 +1,172 @@
+package room
+
+import (
+	"io"
+	"net/http"
+	"os"
+	"path"
+	"strconv"
+
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+// TODO: Extract file uploading to custom utility.
+
+// maximum upload size of 32 MB
+const maxUploadSize = 32 << 20
+
+func (h *RoomHandler) uploadDrop(w http.ResponseWriter, r *http.Request) error {
+	if !h.desktop.IsUploadDropEnabled() {
+		return utils.HttpBadRequest("upload drop is disabled")
+	}
+
+	err := r.ParseMultipartForm(maxUploadSize)
+	if err != nil {
+		return utils.HttpBadRequest("failed to parse multipart form").WithInternalErr(err)
+	}
+
+	//nolint
+	defer r.MultipartForm.RemoveAll()
+
+	X, err := strconv.Atoi(r.FormValue("x"))
+	if err != nil {
+		return utils.HttpBadRequest("no X coordinate received").WithInternalErr(err)
+	}
+
+	Y, err := strconv.Atoi(r.FormValue("y"))
+	if err != nil {
+		return utils.HttpBadRequest("no Y coordinate received").WithInternalErr(err)
+	}
+
+	req_files := r.MultipartForm.File["files"]
+	if len(req_files) == 0 {
+		return utils.HttpBadRequest("no files received")
+	}
+
+	dir, err := os.MkdirTemp("", "neko-drop-*")
+	if err != nil {
+		return utils.HttpInternalServerError().
+			WithInternalErr(err).
+			WithInternalMsg("unable to create temporary directory")
+	}
+
+	files := []string{}
+	for _, req_file := range req_files {
+		path := path.Join(dir, req_file.Filename)
+
+		srcFile, err := req_file.Open()
+		if err != nil {
+			return utils.HttpInternalServerError().
+				WithInternalErr(err).
+				WithInternalMsg("unable to open uploaded file")
+		}
+
+		defer srcFile.Close()
+
+		dstFile, err := os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			return utils.HttpInternalServerError().
+				WithInternalErr(err).
+				WithInternalMsg("unable to open destination file")
+		}
+
+		defer dstFile.Close()
+
+		_, err = io.Copy(dstFile, srcFile)
+		if err != nil {
+			return utils.HttpInternalServerError().
+				WithInternalErr(err).
+				WithInternalMsg("unable to copy uploaded file to destination file")
+		}
+
+		files = append(files, path)
+	}
+
+	if !h.desktop.DropFiles(X, Y, files) {
+		return utils.HttpInternalServerError().
+			WithInternalMsg("unable to drop files")
+	}
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) uploadDialogPost(w http.ResponseWriter, r *http.Request) error {
+	if !h.desktop.IsFileChooserDialogEnabled() {
+		return utils.HttpBadRequest("file chooser dialog is disabled")
+	}
+
+	err := r.ParseMultipartForm(maxUploadSize)
+	if err != nil {
+		return utils.HttpBadRequest("failed to parse multipart form").WithInternalErr(err)
+	}
+
+	//nolint
+	defer r.MultipartForm.RemoveAll()
+
+	req_files := r.MultipartForm.File["files"]
+	if len(req_files) == 0 {
+		return utils.HttpBadRequest("no files received")
+	}
+
+	if !h.desktop.IsFileChooserDialogOpened() {
+		return utils.HttpUnprocessableEntity("file chooser dialog is not open")
+	}
+
+	dir, err := os.MkdirTemp("", "neko-dialog-*")
+	if err != nil {
+		return utils.HttpInternalServerError().
+			WithInternalErr(err).
+			WithInternalMsg("unable to create temporary directory")
+	}
+
+	for _, req_file := range req_files {
+		path := path.Join(dir, req_file.Filename)
+
+		srcFile, err := req_file.Open()
+		if err != nil {
+			return utils.HttpInternalServerError().
+				WithInternalErr(err).
+				WithInternalMsg("unable to open uploaded file")
+		}
+
+		defer srcFile.Close()
+
+		dstFile, err := os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			return utils.HttpInternalServerError().
+				WithInternalErr(err).
+				WithInternalMsg("unable to open destination file")
+		}
+
+		defer dstFile.Close()
+
+		_, err = io.Copy(dstFile, srcFile)
+		if err != nil {
+			return utils.HttpInternalServerError().
+				WithInternalErr(err).
+				WithInternalMsg("unable to copy uploaded file to destination file")
+		}
+	}
+
+	if err := h.desktop.HandleFileChooserDialog(dir); err != nil {
+		return utils.HttpInternalServerError().
+			WithInternalErr(err).
+			WithInternalMsg("unable to handle file chooser dialog")
+	}
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *RoomHandler) uploadDialogClose(w http.ResponseWriter, r *http.Request) error {
+	if !h.desktop.IsFileChooserDialogEnabled() {
+		return utils.HttpBadRequest("file chooser dialog is disabled")
+	}
+
+	if !h.desktop.IsFileChooserDialogOpened() {
+		return utils.HttpUnprocessableEntity("file chooser dialog is not open")
+	}
+
+	h.desktop.CloseFileChooserDialog()
+
+	return utils.HttpSuccess(w)
+}

server/internal/api/router.go

@@ -0,0 +1,85 @@
+package api
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	"github.com/demodesk/neko/internal/api/members"
+	"github.com/demodesk/neko/internal/api/room"
+	"github.com/demodesk/neko/internal/api/sessions"
+	"github.com/demodesk/neko/pkg/auth"
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+type ApiManagerCtx struct {
+	sessions types.SessionManager
+	members  types.MemberManager
+	desktop  types.DesktopManager
+	capture  types.CaptureManager
+	routers  map[string]func(types.Router)
+}
+
+func New(
+	sessions types.SessionManager,
+	members types.MemberManager,
+	desktop types.DesktopManager,
+	capture types.CaptureManager,
+) *ApiManagerCtx {
+
+	return &ApiManagerCtx{
+		sessions: sessions,
+		members:  members,
+		desktop:  desktop,
+		capture:  capture,
+		routers:  make(map[string]func(types.Router)),
+	}
+}
+
+func (api *ApiManagerCtx) Route(r types.Router) {
+	r.Post("/login", api.Login)
+
+	// Authenticated area
+	r.Group(func(r types.Router) {
+		r.Use(api.Authenticate)
+
+		r.Post("/logout", api.Logout)
+		r.Get("/whoami", api.Whoami)
+
+		sessionsHandler := sessions.New(api.sessions)
+		r.Route("/sessions", sessionsHandler.Route)
+
+		membersHandler := members.New(api.members)
+		r.Route("/members", membersHandler.Route)
+		r.Route("/members_bulk", membersHandler.RouteBulk)
+
+		roomHandler := room.New(api.sessions, api.desktop, api.capture)
+		r.Route("/room", roomHandler.Route)
+
+		for path, router := range api.routers {
+			r.Route(path, router)
+		}
+	})
+}
+
+func (api *ApiManagerCtx) Authenticate(w http.ResponseWriter, r *http.Request) (context.Context, error) {
+	session, err := api.sessions.Authenticate(r)
+	if err != nil {
+		if api.sessions.CookieEnabled() {
+			api.sessions.CookieClearToken(w, r)
+		}
+
+		if errors.Is(err, types.ErrSessionLoginDisabled) {
+			return nil, utils.HttpForbidden("login is disabled for this session")
+		}
+
+		return nil, utils.HttpUnauthorized().WithInternalErr(err)
+	}
+
+	return auth.SetSession(r, session), nil
+}
+
+func (api *ApiManagerCtx) AddRouter(path string, router func(types.Router)) {
+	api.routers[path] = router
+}

server/internal/api/session.go

@@ -0,0 +1,85 @@
+package api
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/demodesk/neko/pkg/auth"
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+)
+
+type SessionLoginPayload struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type SessionDataPayload struct {
+	ID      string              `json:"id"`
+	Token   string              `json:"token,omitempty"`
+	Profile types.MemberProfile `json:"profile"`
+	State   types.SessionState  `json:"state"`
+}
+
+func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) error {
+	data := &SessionLoginPayload{}
+	if err := utils.HttpJsonRequest(w, r, data); err != nil {
+		return err
+	}
+
+	session, token, err := api.members.Login(data.Username, data.Password)
+	if err != nil {
+		if errors.Is(err, types.ErrSessionAlreadyConnected) {
+			return utils.HttpUnprocessableEntity("session already connected")
+		} else if errors.Is(err, types.ErrMemberDoesNotExist) || errors.Is(err, types.ErrMemberInvalidPassword) {
+			return utils.HttpUnauthorized().WithInternalErr(err)
+		} else if errors.Is(err, types.ErrSessionLoginsLocked) {
+			return utils.HttpForbidden("logins are locked").WithInternalErr(err)
+		} else {
+			return utils.HttpInternalServerError().WithInternalErr(err)
+		}
+	}
+
+	sessionData := SessionDataPayload{
+		ID:      session.ID(),
+		Profile: session.Profile(),
+		State:   session.State(),
+	}
+
+	if api.sessions.CookieEnabled() {
+		api.sessions.CookieSetToken(w, token)
+	} else {
+		sessionData.Token = token
+	}
+
+	return utils.HttpSuccess(w, sessionData)
+}
+
+func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) error {
+	session, _ := auth.GetSession(r)
+
+	err := api.members.Logout(session.ID())
+	if err != nil {
+		if errors.Is(err, types.ErrSessionNotFound) {
+			return utils.HttpBadRequest("session is not logged in")
+		} else {
+			return utils.HttpInternalServerError().WithInternalErr(err)
+		}
+	}
+
+	if api.sessions.CookieEnabled() {
+		api.sessions.CookieClearToken(w, r)
+	}
+
+	return utils.HttpSuccess(w, true)
+}
+
+func (api *ApiManagerCtx) Whoami(w http.ResponseWriter, r *http.Request) error {
+	session, _ := auth.GetSession(r)
+
+	return utils.HttpSuccess(w, SessionDataPayload{
+		ID:      session.ID(),
+		Profile: session.Profile(),
+		State:   session.State(),
+	})
+}

server/internal/api/sessions/controller.go

@@ -0,0 +1,80 @@
+package sessions
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/demodesk/neko/pkg/auth"
+	"github.com/demodesk/neko/pkg/types"
+	"github.com/demodesk/neko/pkg/utils"
+	"github.com/go-chi/chi"
+)
+
+type SessionDataPayload struct {
+	ID      string              `json:"id"`
+	Profile types.MemberProfile `json:"profile"`
+	State   types.SessionState  `json:"state"`
+}
+
+func (h *SessionsHandler) sessionsList(w http.ResponseWriter, r *http.Request) error {
+	sessions := []SessionDataPayload{}
+	for _, session := range h.sessions.List() {
+		sessions = append(sessions, SessionDataPayload{
+			ID:      session.ID(),
+			Profile: session.Profile(),
+			State:   session.State(),
+		})
+	}
+
+	return utils.HttpSuccess(w, sessions)
+}
+
+func (h *SessionsHandler) sessionsRead(w http.ResponseWriter, r *http.Request) error {
+	sessionId := chi.URLParam(r, "sessionId")
+
+	session, ok := h.sessions.Get(sessionId)
+	if !ok {
+		return utils.HttpNotFound("session not found")
+	}
+
+	return utils.HttpSuccess(w, SessionDataPayload{
+		ID:      session.ID(),
+		Profile: session.Profile(),
+		State:   session.State(),
+	})
+}
+
+func (h *SessionsHandler) sessionsDelete(w http.ResponseWriter, r *http.Request) error {
+	session, _ := auth.GetSession(r)
+
+	sessionId := chi.URLParam(r, "sessionId")
+	if sessionId == session.ID() {
+		return utils.HttpBadRequest("cannot delete own session")
+	}
+
+	err := h.sessions.Delete(sessionId)
+	if err != nil {
+		if errors.Is(err, types.ErrSessionNotFound) {
+			return utils.HttpBadRequest("session not found")
+		} else {
+			return utils.HttpInternalServerError().WithInternalErr(err)
+		}
+	}
+
+	return utils.HttpSuccess(w)
+}
+
+func (h *SessionsHandler) sessionsDisconnect(w http.ResponseWriter, r *http.Request) error {
+	sessionId := chi.URLParam(r, "sessionId")
+
+	err := h.sessions.Disconnect(sessionId)
+	if err != nil {
+		if errors.Is(err, types.ErrSessionNotFound) {
+			return utils.HttpBadRequest("session not found")
+		} else {
+			return utils.HttpInternalServerError().WithInternalErr(err)
+		}
+	}
+
+	return utils.HttpSuccess(w)
+}

server/internal/api/sessions/handler.go

@@ -0,0 +1,30 @@
+package sessions
+
+import (
+	"github.com/demodesk/neko/pkg/auth"
+	"github.com/demodesk/neko/pkg/types"
+)
+
+type SessionsHandler struct {
+	sessions types.SessionManager
+}
+
+func New(
+	sessions types.SessionManager,
+) *SessionsHandler {
+	// Init
+
+	return &SessionsHandler{
+		sessions: sessions,
+	}
+}
+
+func (h *SessionsHandler) Route(r types.Router) {
+	r.Get("/", h.sessionsList)
+
+	r.With(auth.AdminsOnly).Route("/{sessionId}", func(r types.Router) {
+		r.Get("/", h.sessionsRead)
+		r.Delete("/", h.sessionsDelete)
+		r.Post("/disconnect", h.sessionsDisconnect)
+	})
+}