Architecture¶

Components¶

Component diagram¶

flowchart TD
    Browser["Browser (WebSocket)"] -->|"/ws/rdp"| Web["internal/web\nHTTP + WebSocket"]
    Web -->|CredRequest chan| Broker["internal/broker\nCredential broker"]
    Broker -->|Win32 NetUserAdd| WinAccounts["Windows local accounts"]
    Web -->|SessionEvent chan| Manager["internal/session\nSession manager"]
    Web -->|TCP| Guacd["guacd\n(Guacamole daemon)"]
    Guacd -->|RDP| WinRDP["Windows RDP Server"]

Runtime flow¶

1. Client connects to /ws/rdp.
2. Session manager enforces MAX_SESSIONS.
3. Broker provisions a temporary local user and returns credentials.
4. Session worker connects to guacd and sends the RDP handshake.
5. WebSocket and guacd traffic are proxied bidirectionally.
6. On close, error, or shutdown the temporary account is deleted and capacity is released.

sequenceDiagram
    participant Browser
    participant Web
    participant Manager
    participant Broker
    participant Guacd

    Browser->>Web: WebSocket connect /ws/rdp
    Web->>Manager: Admit(sessionID)
    Web->>Broker: CredRequest
    Broker-->>Web: CredResponse (username, password)
    Web->>Guacd: TCP connect + RDP handshake
    loop Proxy
        Browser->>Web: guacd instruction
        Web->>Guacd: forward
        Guacd-->>Web: guacd instruction
        Web-->>Browser: forward
    end
    Browser->>Web: close
    Web->>Manager: SessionClosed event
    Web->>Broker: SessionClosed event → delete temp user

Shutdown behaviour¶

A shared shutdown channel closes all worker loops and triggers temporary account cleanup before the process exits.