summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/TODO9
-rw-r--r--doc/auth_server_proto.json235
-rw-r--r--doc/auth_server_proto.yaml146
-rw-r--r--doc/config_sample79
-rw-r--r--doc/nginx_config_sample.conf44
-rw-r--r--doc/nginx_location31
-rw-r--r--doc/remote_control_protocol70
7 files changed, 614 insertions, 0 deletions
diff --git a/doc/TODO b/doc/TODO
new file mode 100644
index 0000000..9f0b7d6
--- /dev/null
+++ b/doc/TODO
@@ -0,0 +1,9 @@
+Optimization:
+ core:
+ ws_protocol:
+ 1. zero copy sending api
+ ws-protocol:
+ 1. compaction (currently all data stored as arrays of int32, including char (int8) arrays)
+ rdp module:
+ 1. use internal resource management via new switchable transport freerdp api
+
diff --git a/doc/auth_server_proto.json b/doc/auth_server_proto.json
new file mode 100644
index 0000000..b9ff117
--- /dev/null
+++ b/doc/auth_server_proto.json
@@ -0,0 +1,235 @@
+{
+ "openapi": "3.0.0",
+ "info": {
+ "version": "1.0.0",
+ "title": "nstportal api",
+ "description": "Nst Portal api discriber",
+ "contact": {
+ "name": "New Safty Technology",
+ "email": "support@newinfosec.ru",
+ "url": "https://www.newinfosec.ru"
+ },
+ "license": {
+ "name": "Apache 2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0.html"
+ }
+ },
+ "servers": [
+ {
+ "url": "/"
+ }
+ ],
+ "security": [
+ {
+ "cookieAuth": []
+ },
+ {
+ "CSRFtoken": []
+ }
+ ],
+ "paths": {
+ "/getconf/": {
+ "get": {
+ "security": [],
+ "description": "Returns all connection params for reqested session",
+ "operationId": "getConf",
+ "parameters": [
+ {
+ "name": "sid",
+ "in": "query",
+ "required": true,
+ "style": "form",
+ "schema": {
+ "$ref": "#/components/schemas/Sid"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "config response",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/Config"
+ }
+ }
+ }
+ },
+ "default": {
+ "description": "unexpected error",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/Error"
+ }
+ }
+ }
+ }
+ }
+ },
+ "post": {
+ "security": [],
+ "description": "Returns all connection params for reqested session",
+ "operationId": "getConf",
+ "parameters": [
+ {
+ "name": "sid",
+ "in": "query",
+ "required": true,
+ "style": "form",
+ "schema": {
+ "$ref": "#/components/schemas/Sid"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "config response",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/Config"
+ }
+ }
+ }
+ },
+ "default": {
+ "description": "unexpected error",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/Error"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "components": {
+ "schemas": {
+ "Answer": {
+ "description": "Base for any server answers",
+ "type": "string",
+ "enum": [
+ "setconf",
+ "getconf",
+ "error"
+ ]
+ },
+ "Sid": {
+ "description": "Sid(token) - случайный набор байт(64) в формате base64 urlsafe, подписанный hmac-sha256\n",
+ "type": "string",
+ "example": "xvwuWLOqAwIK2rlw9OoMLteD5aWKdzXbbApzLRKop4Vooc4CmEV3ZP9sHlrYMVHdNbHHdS9YtH5DFVycSZQmWG_TqjtRd06e2AQJ1OugAsdbWe7_p6GZ-9qO74k5CTkD"
+ },
+ "Config": {
+ "required": [
+ "answer"
+ ],
+ "properties": {
+ "answer": {
+ "$ref": "#/components/schemas/Answer"
+ },
+ "settings": {
+ "$ref": "#/components/schemas/Settings"
+ },
+ "host": {
+ "type": "string",
+ "example": "localhost",
+ "description": "адрес конечного ресурса или SI"
+ },
+ "login": {
+ "type": "string"
+ },
+ "password": {
+ "type": "string"
+ },
+ "port": {
+ "type": "integer"
+ },
+ "proto": {
+ "type": "string",
+ "enum": [
+ "ssh",
+ "rdp",
+ "http"
+ ]
+ },
+ "sid": {
+ "$ref": "#/components/schemas/Sid"
+ }
+ }
+ },
+ "Settings": {
+ "properties": {
+ "pcb": {
+ "type": "boolean"
+ },
+ "fntlm": {
+ "type": "boolean"
+ },
+ "nowallp": {
+ "type": "boolean"
+ },
+ "nowdrag": {
+ "type": "boolean"
+ },
+ "nomani": {
+ "type": "boolean"
+ },
+ "notheme": {
+ "type": "boolean"
+ },
+ "nonla": {
+ "type": "boolean"
+ },
+ "notls": {
+ "type": "boolean"
+ },
+ "dtsize": {
+ "type": "string",
+ "example": "1280x720"
+ },
+ "libsettings": {
+ "$ref": "#/components/schemas/LibSettings"
+ }
+ }
+ },
+ "LibSettings": {
+ "description": "\"https://github.com/FreeRDP/FreeRDP/blob/master/libfreerdp/core/settings.c\"\n",
+ "properties": {
+ "a": {
+ "type": "integer",
+ "enum": [
+ 0,
+ 1
+ ]
+ }
+ }
+ },
+ "Error": {
+ "required": [
+ "message"
+ ],
+ "properties": {
+ "message": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "securitySchemes": {
+ "cookieAuth": {
+ "type": "apiKey",
+ "in": "cookie",
+ "name": "portal_user"
+ },
+ "CSRFtoken": {
+ "type": "apiKey",
+ "in": "cookie",
+ "name": "xsrf"
+ }
+ }
+ }
+} \ No newline at end of file
diff --git a/doc/auth_server_proto.yaml b/doc/auth_server_proto.yaml
new file mode 100644
index 0000000..ee6f8cd
--- /dev/null
+++ b/doc/auth_server_proto.yaml
@@ -0,0 +1,146 @@
+openapi: 3.0.0
+info:
+ version: 1.0.0
+ title: nstportal api
+ description: Nst Portal api discriber
+ contact:
+ name: New Safty Technology
+ email: support@newinfosec.ru
+ url: 'https://www.newinfosec.ru'
+ license:
+ name: Apache 2.0
+ url: 'https://www.apache.org/licenses/LICENSE-2.0.html'
+servers:
+ - url: /
+security:
+ - cookieAuth: []
+ - CSRFtoken: []
+paths:
+ '/getconf/':
+ get:
+ security: []
+ description: Returns all connection params for reqested session
+ operationId: getConf
+ parameters:
+ - name: sid
+ in: query # path will also works
+ required: true
+ style: form
+ schema:
+ $ref: '#/components/schemas/Sid'
+ responses:
+ '200':
+ description: config response
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Config'
+ default:
+ description: unexpected error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ post:
+ security: []
+ description: Returns all connection params for reqested session
+ operationId: getConf
+ parameters:
+ - name: sid
+ in: query # path will also works
+ required: true
+ style: form
+ schema:
+ $ref: '#/components/schemas/Sid'
+ responses:
+ '200':
+ description: config response
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Config'
+ default:
+ description: unexpected error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+components:
+ schemas:
+ Answer:
+ description: Base for any server answers
+ type: string
+ enum: ['setconf', 'getconf', 'error']
+ Sid:
+ description: |
+ Sid(token) - случайный набор байт(64) в формате base64 urlsafe, подписанный hmac-sha256
+ type: string
+ example: "xvwuWLOqAwIK2rlw9OoMLteD5aWKdzXbbApzLRKop4Vooc4CmEV3ZP9sHlrYMVHdNbHHdS9YtH5DFVycSZQmWG_TqjtRd06e2AQJ1OugAsdbWe7_p6GZ-9qO74k5CTkD"
+ Config:
+ required:
+ - answer
+ properties:
+ answer:
+ $ref: '#/components/schemas/Answer'
+ settings:
+ $ref: '#/components/schemas/Settings'
+ host:
+ type: string
+ example: localhost
+ description: адрес конечного ресурса или SI
+ login:
+ type: string
+ password:
+ type: string
+ port:
+ type: integer
+ proto:
+ type: string
+ enum: ['ssh', 'rdp', 'http']
+ sid:
+ $ref: '#/components/schemas/Sid'
+ Settings:
+ properties:
+ pcb:
+ type: boolean
+ fntlm:
+ type: boolean
+ nowallp:
+ type: boolean
+ nowdrag:
+ type: boolean
+ nomani:
+ type: boolean
+ notheme:
+ type: boolean
+ nonla:
+ type: boolean
+ notls:
+ type: boolean
+ dtsize:
+ type: string
+ example: "1280x720"
+ libsettings:
+ $ref: '#/components/schemas/LibSettings'
+ LibSettings:
+ description: |
+ "https://github.com/FreeRDP/FreeRDP/blob/master/libfreerdp/core/settings.c"
+ properties:
+ a:
+ type: integer
+ enum: [ 0, 1 ]
+ Error:
+ required:
+ - message
+ properties:
+ message:
+ type: string
+ securitySchemes:
+ cookieAuth:
+ type: apiKey
+ in: cookie
+ name: portal_user
+ CSRFtoken:
+ type: apiKey
+ in: cookie
+ name: xsrf \ No newline at end of file
diff --git a/doc/config_sample b/doc/config_sample
new file mode 100644
index 0000000..d5a1a27
--- /dev/null
+++ b/doc/config_sample
@@ -0,0 +1,79 @@
+// this is described example of webrdp config file
+// NOTE: json format does not support comments, all comment line begining with "//" must be removed from file before using it
+{
+ // fork to background after start (not implemented yet)
+ // default: false
+ "daemon": false,
+
+ // set log_level to one of "error", "warning", "info", "debug", "trace"
+ // default: "error"
+ "log_level": "error"
+
+ // set worker thread count, 0 for one thread per logical cpu core in current system
+ // default: 0
+ "thread_count": 0,
+
+ // set maximum tasks per worker thread
+ // default: 1024
+ "tasks_per_thread": 1024,
+
+ // set http (websocket in plain non-ssl mode) listen port, set -1 to disable
+ // default: 8080
+ "ws_port": 8080,
+
+ // set http (websocket in plain non-ssl mode) socket path, set empty to disable
+ // default: disabled
+ "ws_socket_path": "/var/run/wrdp_sock",
+
+ // set external auth server url to handle token based authentication,
+ // can be any protocol supported by bundled version of libcurl
+ // default: unset
+ "auth_server_url": "protocol://server/path",
+
+ // set base64 encoded 512bit token verification key, mandatory option
+ "secret_key_verify": "key string",
+
+ // set base64 encoded 512bit token signing key
+ // "verify key" used if unset
+ "secret_key_sign": "key string",
+
+ // set control listen port, set -1 to disable
+ // default: 13666
+ "ctl_port": 13666,
+
+ // set control socket path, set empty to disable
+ // default: disabled
+ "ctl_socket_path": "",
+
+ // set control server CAfile pointing to file containing CA certificate(s) in PEM format, The file can contain several CA certificates, set empty to disable
+ // default: disabled
+ "ctl_ssl_cafile": "",
+
+ // set control server CApath pointing to directory containing CA certificates in PEM format, The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available.
+ // set empty to disable
+ // default: disabled
+ "ctl_ssl_capath": "",
+
+ // if both "ctl_ssl_cafile" and "ctl_ssl_capath" not set, system store will be used
+
+
+ // set control server ssl certificate in PEM format, mandatory option
+ "ctl_ssl_cert": "/path/to/cert.pem"
+
+ // set control server ssl key in PEM format, madatory option
+ "ctl_ssl_key": "/path/to/key.pem"
+
+
+
+ // set global session defaults for all backends
+ "session": {
+ // set maximum session time in sceonds, 0 for no limit
+ // default: 0
+ "session_time_limit": 0,
+
+ // set session idle timeout in seconds, 0 for no limit
+ // default: 0
+ "session_idle_timeout": 0
+ }
+}
+
diff --git a/doc/nginx_config_sample.conf b/doc/nginx_config_sample.conf
new file mode 100644
index 0000000..2358b86
--- /dev/null
+++ b/doc/nginx_config_sample.conf
@@ -0,0 +1,44 @@
+worker_processes 1;
+pcre_jit on;
+error_log /tmp/nginx_error.log error;
+pid ./nginx.pid;
+
+events {
+ worker_connections 512;
+ use epoll;
+ accept_mutex off;
+ multi_accept on;
+}
+
+http {
+ charset utf-8;
+ access_log off;
+ server_tokens off;
+ sendfile on;
+ sendfile_max_chunk 4M;
+ client_max_body_size 16m;
+ map $http_upigrade $connection_upgrade {
+ default Upgrade;
+ '' close;
+ }
+ server {
+ listen 192.168.0.2:8080;
+ location /rdp {
+ alias /home/sss/git/work/rozhuk_ivan/backend/www;
+ index index.html;
+
+ }
+ location /wrdp {
+
+ #address of webrdp listen port/socket should be set here
+ proxy_pass http://192.168.0.2:8081;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ }
+ }
+
+
+}
+
diff --git a/doc/nginx_location b/doc/nginx_location
new file mode 100644
index 0000000..8b5e396
--- /dev/null
+++ b/doc/nginx_location
@@ -0,0 +1,31 @@
+#nginx location example
+
+#....
+
+#NOTE: "Upgrade", first letter must be large
+map $http_upgrade $connection_upgrade {
+ default Upgrade;
+ '' close;
+}
+
+#......
+
+server {
+
+ #....
+
+ #NOTE: no trailing slash '/' in location
+ location /wrdp {
+
+ #address of webrdp listen port/socket should be set here
+ proxy_pass http://192.168.0.2:8080;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ }
+
+ #....
+
+}
+
diff --git a/doc/remote_control_protocol b/doc/remote_control_protocol
new file mode 100644
index 0000000..c42c379
--- /dev/null
+++ b/doc/remote_control_protocol
@@ -0,0 +1,70 @@
+// this file describing remote control protocol in json format
+/ /NOTE: json format does not support comments, all comment line begining with "//" must be removed from file before using it
+
+
+// get list of ids of all runing sessions
+// client->server
+{
+ "cmd": "get_session_list"
+}
+// server->client
+{
+ "sessions": [
+ "id",
+ "id",
+ ...
+ ]
+}
+
+// destroy session
+// client->server
+{
+ "cmd": "kill",
+ // one or more session id got by "get_session_list"
+ "sessions": [
+ "sid",
+ ...
+ ],
+ //message for client
+ "message": "you`re fired",
+ // set random string as sequence id to associate response with this exact request
+ // optional parameter
+ "seq_id": "random_id"
+}
+
+// update connection settings
+// client->server
+{
+ "cmd": "update",
+ // one or more session id got by "get_session_list"
+ "sessions": [
+ {
+ "sid": "sid",
+ "settings": ""
+ },
+ ...
+ ],
+ // set random string as sequence id to associate response with this exact request
+ // optional parameter
+ "seq_id": "random_id"
+}
+
+// server->client
+{
+ // status can be one of: "ok", "error"
+ "status": "ok",
+
+ // response may contain error description in case of error
+ // optional parameter
+ "error_description": "some readable information about error",
+
+ // one ore more session id
+ "sessions": [
+ "sid",
+ ...
+ ],
+
+ // string passed as "seq_id" in associated request
+ // optional parameter
+ "seq_id": "random_id"
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 16:11:04 +0000