Initial project snapshot

2026-04-28 22:29:50 +03:00
commit 8ba0561f4f
365 changed files with 91832 additions and 0 deletions
@@ -0,0 +1,72 @@
+#include "rdp_worker/runtime/direct_bind_policy.hpp"
+
+#include <algorithm>
+#include <vector>
+
+namespace rdp_worker::runtime {
+
+namespace {
+
+bool ClipboardAllowsServerOrClient(const std::string& mode) {
+    return mode == "client_to_server" || mode == "server_to_client" || mode == "bidirectional";
+}
+
+bool FileTransferAllowsClientToServer(const std::string& mode) {
+    return mode == "client_to_server" || mode == "bidirectional";
+}
+
+bool FileTransferAllowsServerToClient(const std::string& mode) {
+    return mode == "server_to_client" || mode == "bidirectional";
+}
+
+std::vector<std::string> RuntimeAllowedChannels(const Assignment& assignment) {
+    std::vector<std::string> channels{"control", "input", "render", "telemetry"};
+    if (ClipboardAllowsServerOrClient(assignment.policy.clipboard_mode)) {
+        channels.push_back("clipboard");
+    }
+    if (FileTransferAllowsClientToServer(assignment.policy.file_transfer_mode)) {
+        channels.push_back("file_upload");
+    }
+    if (FileTransferAllowsServerToClient(assignment.policy.file_transfer_mode)) {
+        channels.push_back("file_download");
+    }
+    return channels;
+}
+
+bool RequestedChannelsAllowed(const std::vector<std::string>& requested, const std::vector<std::string>& allowed) {
+    return std::all_of(requested.begin(), requested.end(), [&](const auto& channel) {
+        return std::find(allowed.begin(), allowed.end(), channel) != allowed.end();
+    });
+}
+
+}  // namespace
+
+DirectBindValidationResult ValidateDirectDataPlaneBind(const Assignment& assignment,
+                                                       const dataplane::DataPlaneTokenClaims& claims) {
+    if (assignment.state != SessionState::kStarting &&
+        assignment.state != SessionState::kActive &&
+        assignment.state != SessionState::kReconnecting) {
+        return {false, "session_not_attachable"};
+    }
+    if (assignment.worker_id != claims.worker_id) {
+        return {false, "worker_mismatch"};
+    }
+    if (assignment.attachment_id != claims.attachment_id) {
+        return {false, "attachment_mismatch"};
+    }
+    if (assignment.user_id != claims.user_id) {
+        return {false, "user_mismatch"};
+    }
+    if (assignment.organization_id != claims.organization_id) {
+        return {false, "organization_mismatch"};
+    }
+    if (assignment.connection.resource_id != claims.resource_id) {
+        return {false, "resource_mismatch"};
+    }
+    if (!RequestedChannelsAllowed(claims.allowed_channels, RuntimeAllowedChannels(assignment))) {
+        return {false, "channels_exceed_runtime_policy"};
+    }
+    return {true, ""};
+}
+
+}  // namespace rdp_worker::runtime
@@ -0,0 +1,63 @@
+#include "rdp_worker/runtime/session_manager.hpp"
+
+#include "rdp_worker/runtime/direct_bind_policy.hpp"
+
+namespace rdp_worker::runtime {
+
+SessionManager::SessionManager(std::shared_ptr<coordination::ControlPlane> control_plane,
+                               std::shared_ptr<common::Logger> logger)
+    : control_plane_(std::move(control_plane)),
+      logger_(std::move(logger)) {}
+
+void SessionManager::ApplyAssignment(const Assignment& assignment) {
+    std::lock_guard<std::mutex> lock(mutex_);
+    const auto iterator = sessions_.find(assignment.session_id);
+    if (iterator != sessions_.end()) {
+        iterator->second->ApplyAssignment(assignment);
+        logger_->Info("updated assignment for existing session " + assignment.session_id);
+        return;
+    }
+
+    auto runtime = std::make_shared<SessionRuntime>(assignment, control_plane_, logger_);
+    runtime->Start();
+    sessions_.emplace(assignment.session_id, runtime);
+    logger_->Info("started new runtime for session " + assignment.session_id);
+}
+
+void SessionManager::StopAll() {
+    std::lock_guard<std::mutex> lock(mutex_);
+    for (auto& [_, runtime] : sessions_) {
+        runtime->Stop(true, "worker_shutdown");
+    }
+    sessions_.clear();
+}
+
+bool SessionManager::BindDirectDataPlaneAttachment(const dataplane::DataPlaneTokenClaims& claims, std::string& reason) {
+    return BindDirectDataPlaneRuntime(claims, reason) != nullptr;
+}
+
+std::shared_ptr<SessionRuntime> SessionManager::BindDirectDataPlaneRuntime(const dataplane::DataPlaneTokenClaims& claims, std::string& reason) {
+    std::lock_guard<std::mutex> lock(mutex_);
+    const auto iterator = sessions_.find(claims.session_id);
+    if (iterator == sessions_.end()) {
+        reason = "missing_runtime";
+        return nullptr;
+    }
+
+    const Assignment snapshot = iterator->second->Snapshot();
+    const auto validation = ValidateDirectDataPlaneBind(snapshot, claims);
+    if (!validation.ok) {
+        reason = validation.reason;
+        return nullptr;
+    }
+
+    reason.clear();
+    logger_->Info("event=data_plane_bind_success session=" + claims.session_id +
+                  " attachment=" + claims.attachment_id +
+                  " user=" + claims.user_id +
+                  " organization=" + claims.organization_id +
+                  " resource=" + claims.resource_id);
+    return iterator->second;
+}
+
+}  // namespace rdp_worker::runtime