m/rdp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

рабочий вариант, но скороть 10 МБит
build / backend (push) Has been cancelled
Details
build / node-agent (push) Has been cancelled
Details
build / worker (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Mikhail
2026-05-22 21:46:49 +03:00
parent 469fa0e860
commit 20d361a886
280 changed files with 954890 additions and 18524 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/README.md
+4 -4
View File
@@ -47,7 +47,7 @@ Resource secret-readiness is controlled by `APP_ENV`:
- in development and smoke environments, plaintext metadata remains allowed
until the encrypted secret resolver is implemented
- the production guard is enforced both on resource create/update and on
session start, so legacy plaintext resources cannot be started in production
session start, so compat plaintext resources cannot be started in production
accidentally
- `SECRET_ENCRYPTION_KEY_B64` or `SECRET_ENCRYPTION_KEY_FILE` supplies the
AES-256-GCM master key for the MVP encrypted store; production mode refuses
@@ -139,7 +139,7 @@ gateway fallback instead. Trusted direct candidates include `tls_trust_mode`,
- production (`APP_ENV=production` or `prod`) requires strict installation
authority plus `INSTALLATION_PRODUCT_ROOT_PUBLIC_KEY_B64` or
`INSTALLATION_PRODUCT_ROOT_PUBLIC_KEY_FILE`
- legacy/dev installs can keep database-role behavior, and insecure first-owner
- compat/dev installs can keep database-role behavior, and insecure first-owner
bootstrap is available only when
`INSTALLATION_INSECURE_BOOTSTRAP_ENABLED=true`
- `org_owner` and `org_admin` can create and update resources inside their organization and can manage any remote session inside that organization
@@ -205,7 +205,7 @@ gateway fallback instead. Trusted direct candidates include `tls_trust_mode`,
RDP text clipboard is controlled per resource through `resource_policies.clipboard_mode`.
Allowed values are `disabled`, `client_to_server`, `server_to_client`, and
`bidirectional`; the default is `disabled`. The legacy `clipboard_enabled`
`bidirectional`; the default is `disabled`. The compat `clipboard_enabled`
column is retained only for compatibility and migration/backfill, while new
runtime decisions use `clipboard_mode`.
@@ -230,7 +230,7 @@ feature. The authoritative policy field is
`resource_policies.file_transfer_mode`; allowed values are `disabled`,
`client_to_server`, `server_to_client`, and `bidirectional`, but only
`client_to_server` behavior is implemented in this stage. The default is
`disabled`. The legacy `file_transfer_enabled` column is retained only as a
`disabled`. The compat `file_transfer_enabled` column is retained only as a
derived compatibility flag and must not be treated as the primary policy.
Enforcement is deliberately duplicated in the real data path: