- wssshd2/assets.c: Modified to handle users page dynamically instead of static HTML
- wssshd2/configure.sh: Added SQLite3 library dependency checking and linking

These changes ensure proper SQLite integration in the build system and dynamic user management interface.

- README.md: Updated installation, architecture, and build instructions for C implementation
- CHANGELOG.md: Added v1.7.0 entry documenting major transition from Python to C
- DOCUMENTATION.md: Updated project structure, dependencies, and build instructions
- TODO.md: Added v1.7.0 completion status and updated roadmap

All documentation now reflects the new C-based architecture with SQLite database and embedded web interface.

- Removed templates/ directory (no longer needed with embedded HTML)
- Removed wssshd.py (Python server entry point)
- Removed wsssd/ directory (entire Python server implementation)
- Project now uses only wssshd2/ C implementation
- Cleaner codebase with single server implementation
- Reduced maintenance overhead and confusion

- Updated package version from 1.6.1-1 to 1.6.5-1 for consistency
- Added changelog entry documenting the transition to C binary
- Maintained version alignment with wssshtools package
- Preserved all existing package functionality and dependencies

- Change build dependencies from Python to C build tools (gcc, make, libssl-dev, libsqlite3-dev, uuid-dev)
- Update runtime dependencies to include libsqlite3-0 and libssl3
- Modify debian/rules to build wssshd2 C binary instead of PyInstaller
- Update man page with C version command line options
- Update package description to reflect C binary with embedded web interface
- Keep all existing init scripts, logrotate, and service files unchanged
- Maintain same user creation and path configurations

- Add SQLite support with proper database initialization
- Create users table with id, username, password_hash, is_admin columns
- Implement user management functions (add, update, delete, find)
- Add security warning for default admin credentials
- Add ASCII art banner on startup
- Fix login/logout redirects to home page
- Add --debug-database option for database operations logging
- Support root user directory selection (/etc/wssshd vs ~/.config/wssshd)
- Generate dynamic user management interface
- Maintain compatibility with existing web interface features

- Added --debug-web command line option for comprehensive web request debugging
- Fixed HTTP request parsing to properly separate headers from POST body
- Implemented Content-Length based body extraction for reliable form data parsing
- Added extensive debug output for troubleshooting web requests
- Updated configuration system to support debug_web flag

The login form now correctly parses username/password from POST requests.

- Added debug_web flag to wssshd_config_t structure
- Added --debug-web command line option parsing
- Added comprehensive debug output for web requests including:
  * Request method, path, query parameters, and content
  * Session validation and authentication status
  * Login attempts with username/password logging
  * HTTP response details (status, headers, content type, length)
- Updated help text and configuration display
- Fixed compiler warning in debug output

- Moved login page HTML to html_pages/login_page.h
- Moved users page HTML to html_pages/users_page.h
- Updated assets.c to use templates from header files
- Updated web.c to use login and users templates directly
- Updated configure.sh and regenerated Makefile with all new dependencies

- Created html_pages/ directory for HTML templates
- Moved index page HTML template to html_pages/index_page.h
- Moved terminal page HTML template to html_pages/terminal_page.h
- Updated web.c to use templates from header files instead of embedded strings
- Updated configure.sh to include new header file dependencies in generated Makefile

- Move web_start_server() before websocket_start_server() to ensure web server starts
- Implement full HTTP server with request parsing and response handling
- Fix HTTP redirect to properly send Location header instead of Set-Cookie
- Remove non-blocking socket setting that caused inconsistent responses
- Update shutdown sequence to stop web server before WebSocket server

- Fix wssshc tunnel uptime display by correcting start_time initialization
- Standardize tunnel uptime formatting in wssshd2 to match wssshc (days-hours:minutes:seconds)
- Fix wssshd2 last rate calculation to use data transferred since last status print instead of accumulated period

- Add missing start_time assignment in wsssht tunnel creation
- Update uptime display to show days-hours:minutes:seconds format
- Improve last rate calculation in wssshc status display to use actual time intervals

- Added format_bytes() function to display data sizes in B, kB, MB, or GB with 2 decimal places
- Updated status logging in both wssshc.c and wssshd2/websocket.c to use formatted data sizes for total data, sent/received bytes, and transfer rates

- Added log_message() function to prepend YYYY-MM-DD HH:MM:SS timestamps to log messages
- Updated all non-debug printf statements to use log_message() in wssshc.c and wssshd2/websocket.c
- Fixed variable redefinition issues in wssshc.c
- Adapted status logging to use correct tunnel_t fields for wssshd2

- Modified wssshc.c to print status every 15 seconds instead of 60
- Added status printing thread to wssshd2 that prints uptime and active tunnels every 15 seconds when not in debug mode

- Modified websocket_handle_message to properly forward tunnel_close messages
  to the correct endpoint regardless of sender (wssshc or wsssht)
- Fixed build warning by casting ws_state_t to int
- Added client registration/disconnection events in non-debug mode

Simplify ws_connection_is_healthy to avoid false positives from SSL_peek.
The complex SSL_peek-based health check was incorrectly marking healthy
connections as unhealthy, causing premature tunnel closures during
wsscp file transfers. Now uses simple state checks and relies on
send/receive operations to determine actual connection health.

- Add comprehensive thread-safety with mutex locks for all shared data structures
- Implement proper tunnel cleanup when websocket connections close to prevent use-after-free
- Add immediate connection state updates when receive operations fail to prevent race conditions
- Enhance error handling with graceful failure management for SSL operations
- Prevent server crashes during client disconnections and file transfer interruptions

Root cause: Use-after-free vulnerability when freed websocket connections were still referenced by active tunnels during client interruptions.

Solution: Complete overhaul of connection lifecycle management with proper synchronization and cleanup procedures.

Fixes issue where pressing Ctrl+C during wsscp file transfers caused wssshd2 to segfault.

- Add comprehensive error handling for pong frame transmission
- Improve SSL error diagnostics in ws_send_frame function
- Add connection state validation before sending frames
- Prevent sending frames on broken or NULL connections
- Better handling of SSL write failures with detailed error reporting
- Graceful degradation when pong frames fail to send
- Enhanced debugging for connection stability issues

The server now handles network interruptions and SSL timeouts more gracefully,
preventing premature connection closures during large file transfers.

- Set payload limits to 50MB for both client and server
- Maintains protection against memory exhaustion attacks
- Large files still work through SCP chunking mechanism
- 50MB limit provides good balance of security and functionality

Individual WebSocket frames limited to 50MB:
- Protects against DoS attacks with oversized frames
- Large files transferred as multiple smaller chunks
- Total file size remains unlimited

- Documented comprehensive bounds checking in wssshd2/websocket.c
- Added details about JSON structure validation
- Listed parameter length limits for security
- Explained DoS attack prevention measures
- Described heap corruption prevention through validated operations

- Added comprehensive bounds checking to all WebSocket message parsing
- Validate JSON structure (braces) before processing to prevent crashes
- Added length limits and bounds validation for all parameter extractions:
  * client_id: max 64 chars
  * password: max 256 chars
  * request_id: max 64 chars
  * enc/service/version: max 32 chars each
- Prevent buffer overflows that could corrupt heap metadata
- Ensure all string operations stay within allocated buffer bounds
- Server now logs errors and continues running instead of crashing on malformed packets
- Critical defense against DoS attacks via malformed WebSocket messages

- Documented critical security fix for heap corruption prevention
- Added details about comprehensive bounds validation in wsssht.c
- Explained protection against malformed JSON message attacks
- Described enhanced error handling and debug logging improvements

- Prevent heap corruption from malformed JSON messages
- Add bounds validation for all string operations in message parsing
- Ensure all pointers stay within payload buffer limits
- Validate data field lengths to prevent excessive memory allocation
- Protect against buffer overflows in tunnel_data, tunnel_close, tunnel_keepalive, tunnel_ack, and tunnel_ko message parsing
- Add debug logging for malformed messages to aid troubleshooting

- Documented wssshd memory corruption fix with bounds checking and validation
- Added details about WebSocket frame size reduction for large file transfers
- Explained technical fixes for heap corruption and network reliability issues

- Large WebSocket frames (131KB+) were causing SSL write failures during large file transfers
- Reduced MAX_CHUNK_SIZE from 65536 to 4096 bytes to create smaller, more manageable frames
- Smaller chunks improve network reliability and reduce timeout issues
- Hex-encoded 4KB binary data becomes 8KB frames, which is much more network-friendly

- Added bounds checking and validation for enc, service, and version parameter extraction
- Prevent buffer overflows by limiting parameter lengths to reasonable sizes (< 32 chars)
- Added null pointer and bounds validation before string operations
- Increased request_msg buffer size from 512 to 1024 bytes for safety
- Fixed potential heap corruption that was causing 'malloc(): invalid next size' errors

- Added --enc option to wsssh and wsscp for data encoding control
- wsssh and wsscp now accept optional --enc hex|base64|bin argument
- Encoding option is passed to wsssht ProxyCommand when specified
- Updated help text and usage messages for both tools

- Fixed wssshd tunnel request forwarding to include enc, service, and version parameters
- wssshd now extracts enc, service, and version from incoming tunnel_request messages
- Forwarded tunnel_request to wssshc includes all required parameters
- Added proper memory management for extracted parameters

- Updated documentation to reflect --enc option availability for all tools
- Maintained backward compatibility - --enc option is completely optional

- Fixed critical data corruption in WebSocket tunnels between wsssht, wssshd, and wssshc
- Root cause: Inconsistent encoding between components (wsssht used base64, wssshc used hex)
- Solution: Implemented consistent hex encoding across all tunnel data transmission
- Added encoding field to tunnel structures for proper encoding negotiation
- Fixed handle_tunnel_data() to decode using correct encoding type instead of guessing

- Added --enc option to wsssht for data encoding control
- --enc hex: Hexadecimal encoding (default, backward compatible)
- --enc base64: Base64 encoding for efficiency
- --enc bin: Direct binary data transmission
- Configuration file support with enc = hex option in wsssht.conf
- Automatic encoding negotiation between wsssht and wssshc clients
- wsssh and wsscp can pass --enc option to ProxyCommand for wsssht

- Updated documentation and examples
- Maintained backward compatibility

- Added --enc option to wsssht with hex/base64/bin encoding modes
- Updated tunnel request messages to include encoding specification
- Enhanced wssshc to parse and handle different encoding formats
- Added configuration file support for encoding option
- Updated documentation, man pages, and changelog
- Maintained backward compatibility with hex encoding as default

- Full WebSocket protocol implementation from scratch (RFC 6455)
- SSL/TLS encryption with automatic certificate generation
- Client registration and authentication system
- Tunnel request processing and forwarding
- Terminal/PTY session management
- HTTP web interface with embedded assets
- Multi-threaded concurrent connection handling
- Memory-safe implementation with proper resource management
- Compatible with existing wssshc/wsssht clients
- Self-contained binary (42KB) vs Python version (10MB+)

- FIX: Tunnel close forwarding between wssshc, server, and wsssht
  * Server now properly forwards tunnel_close messages to wsssht
  * Prevents wsssht processes from hanging after client-initiated closure
  * Ensures proper cleanup of tunnel resources on all endpoints

- FIX: Web terminal JavaScript issues
  * Fixed FitAddon loading issues by switching to unpkg CDN
  * Resolved JavaScript variable scoping error (fitAddon undefined)
  * Added proper error handling for xterm.js library loading failures
  * Enhanced debug logging for library loading and terminal initialization

- FEATURE: Fullscreen terminal support
  * Added fullscreen toggle button (⛶/⛝) to terminal interface
  * Cross-browser fullscreen API support (Chrome, Firefox, Safari, IE11)
  * Automatic terminal resizing when entering/exiting fullscreen mode
  * Backend synchronization of terminal dimensions during fullscreen changes

- FIX: Logo serving path
  * Updated Flask routes to serve logo files from logos/ directory
  * Added proper PyInstaller support for bundled logo assets
  * Fixed favicon.ico and image.jpg serving for both development and frozen executables

- DOCS: Updated changelog, README, and documentation
  * Added version 1.6.2 changelog with comprehensive change details
  * Updated README with fullscreen feature mention
  * Enhanced documentation with recent updates section

Technical Details:
- Server-side tunnel close message routing in websocket.py
- JavaScript library management with robust error recovery
- Cross-browser fullscreen API implementation
- Asset management for both development and production environments

- Added SIGINT signal handler to wsscp.c for proper signal handling
- Modified execute_scp_command() to fork/exec instead of using system()
- Added process tracking with scp_pid global variable
- Signal handler sends SIGTERM to SCP process when Ctrl+C is received
- Added proper cleanup and exit code handling for interrupted transfers
- Ensures wsssht (ProxyCommand) gets time to send tunnel_close message
- Prevents orphaned processes and ensures clean tunnel closure

This resolves the issue where Ctrl+C on wsscp didn't allow the underlying wsssht process to send tunnel_close messages to the server.

- Replaced counter-based signal handling with flag-based approach
- Added sigint_handled flag to prevent multiple signal handler executions
- First Ctrl+C: Sets flag and initiates graceful shutdown
- Second Ctrl+C: Forces immediate exit with os._exit(1)
- Prevents race conditions and multiple signal handler calls
- Ensures proper single-signal behavior for graceful shutdown

This resolves the issue where a single Ctrl+C was triggering both graceful shutdown and immediate exit messages.

- Changed logo reference from logos/logo-256.png to image.jpg
- Updated main documentation to use the new logo image directly
- Maintains backward compatibility with existing logos system for web interface

This ensures the README displays the logo correctly using the image.jpg file.

- Add missing object files to wssshc target in configure.sh
- Include libwsssht/control_messages.o and libwsssht/data_messages.o in wssshc linking
- Resolve undefined reference errors for:
  - send_registration_message
  - send_ping_frame
  - send_pong_frame
  - send_tunnel_data_message
  - send_tunnel_response_message
- Update configure.sh to generate correct Makefile with all required dependencies
- Ensure wssshc builds successfully with all message functions available

This fixes the ld linker errors that were preventing wssshc from building properly.