The fact that in amongst the doc comment is "not really safe" should probably be a big red flag.
Then this happens:
Not to mention that here:
It'll just let you in if you can guess someone else's session.
Seriously. Systems ship with crypto API's. And uuid libraries.
USE THEM, FFS.
I commented with a link to the CPRNG you should be using.
Who on earth is thinking "man, I wish I could run a terminal in my browser!"
Cool project, and I love the "because we can, and because it's cool" aspect of it, I'm just curious if I'm missing a use case for "why".
Restrictive computers where you can't run Putty or SSH (though you shouldn't connect from those anyway, but well).
I can't think of any other reasons.
The product itself seems very useful.
The benefit of the latter is you can get a shell on your box behind a restrictive firewall where only HTTP(S) traffic is allowed.
I currently use GateOne. It's a little bloated and buggy though. I may give tty.js a shot. I've heard good things.
Thanks for all the positive comments. I'm glad people are like it.
Actually oterm was designed as an advanced example of a use of the onion http library (agreed, not the best name, accepting suggestions).
Maybe I should make it a separate project.
What kind of projects do you intend to use the HTTP library for? That sounds almost more interesting than the terminal use case.
Nice projects are right now rasppi-style projects where you are interested in doing an application that almost does not consume resources: 2MB RAM for example for oterm, not including shared libraries, as fast as the fastest.
Also I use it as a platform to easily develop C/C++ web services where performance is paramount, on real big servers.
But seriously, the github wiki says that it uses SSL also.
Check out https://github.com/chjj/tty.js