init_guac

2025-11-25 09:58:37 +03:00
parent 68c8f0e80d
commit 9d5bdd57a7
57 changed files with 18272 additions and 0 deletions
--- a/guacamole_test_11_26/003-create-api-schema.sql
+++ b/guacamole_test_11_26/003-create-api-schema.sql
@ -0,0 +1,135 @@
+--
+-- API Schema for Remote Access Platform
+-- Isolated from Guacamole schema for security
+--
+
+-- Create API schema
+CREATE SCHEMA IF NOT EXISTS api;
+
+-- User saved machines
+CREATE TABLE api.user_saved_machines (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    
+    -- Guacamole user reference (via username, linked to guacamole_entity.name)
+    user_id VARCHAR(255) NOT NULL,
+    
+    -- Machine data
+    name VARCHAR(255) NOT NULL,
+    hostname VARCHAR(255) NOT NULL,
+    port INTEGER NOT NULL,
+    protocol VARCHAR(50) NOT NULL,  -- rdp, ssh, vnc, telnet
+    os VARCHAR(255),  -- OS (e.g., Windows Server 2019, Ubuntu 22.04)
+    
+    -- Optional credentials (passwords NOT stored, provided per-connection via HTTPS)
+    username VARCHAR(255),
+    
+    -- Metadata
+    description TEXT,
+    tags TEXT[],  -- Tag array for grouping
+    is_favorite BOOLEAN DEFAULT FALSE,
+    
+    -- Timestamps
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    last_connected_at TIMESTAMP WITH TIME ZONE,
+    
+    -- Integrity constraints
+    CONSTRAINT valid_protocol CHECK (protocol IN ('rdp', 'ssh', 'vnc', 'telnet')),
+    CONSTRAINT valid_port CHECK (port > 0 AND port < 65536),
+    CONSTRAINT valid_hostname CHECK (char_length(hostname) > 0),
+    CONSTRAINT valid_name CHECK (char_length(name) > 0)
+);
+
+-- Search indexes
+CREATE INDEX idx_api_user_machines_user_id ON api.user_saved_machines(user_id);
+CREATE INDEX idx_api_user_machines_protocol ON api.user_saved_machines(protocol);
+CREATE INDEX idx_api_user_machines_tags ON api.user_saved_machines USING GIN(tags);
+CREATE INDEX idx_api_user_machines_favorite ON api.user_saved_machines(is_favorite) WHERE is_favorite = TRUE;
+CREATE INDEX idx_api_user_machines_created ON api.user_saved_machines(created_at DESC);
+
+-- Auto-update updated_at function
+CREATE OR REPLACE FUNCTION api.update_modified_column()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = NOW();
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Auto-update updated_at trigger
+CREATE TRIGGER update_user_saved_machines_modtime
+    BEFORE UPDATE ON api.user_saved_machines
+    FOR EACH ROW
+    EXECUTE FUNCTION api.update_modified_column();
+
+-- Connection history (statistics and audit)
+CREATE TABLE api.connection_history (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    user_id VARCHAR(255) NOT NULL,
+    machine_id UUID REFERENCES api.user_saved_machines(id) ON DELETE CASCADE,
+    
+    -- Connection data
+    connected_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    disconnected_at TIMESTAMP WITH TIME ZONE,
+    duration_seconds INTEGER,
+    
+    -- Status
+    success BOOLEAN DEFAULT TRUE,
+    error_message TEXT,
+    
+    -- Metadata
+    client_ip VARCHAR(45),  -- IPv4/IPv6
+    user_agent TEXT
+);
+
+-- History indexes
+CREATE INDEX idx_api_connection_history_user_id ON api.connection_history(user_id);
+CREATE INDEX idx_api_connection_history_machine_id ON api.connection_history(machine_id);
+CREATE INDEX idx_api_connection_history_connected_at ON api.connection_history(connected_at DESC);
+
+-- User statistics view
+CREATE OR REPLACE VIEW api.user_machine_stats AS
+SELECT 
+    m.user_id,
+    m.id as machine_id,
+    m.name,
+    m.hostname,
+    m.protocol,
+    COUNT(h.id) as total_connections,
+    MAX(h.connected_at) as last_connection,
+    AVG(h.duration_seconds) as avg_duration_seconds,
+    SUM(CASE WHEN h.success = TRUE THEN 1 ELSE 0 END) as successful_connections,
+    SUM(CASE WHEN h.success = FALSE THEN 1 ELSE 0 END) as failed_connections
+FROM 
+    api.user_saved_machines m
+LEFT JOIN 
+    api.connection_history h ON m.id = h.machine_id
+GROUP BY 
+    m.user_id, m.id, m.name, m.hostname, m.protocol;
+
+-- Documentation comments
+COMMENT ON SCHEMA api IS 'API-specific tables, isolated from Guacamole schema';
+COMMENT ON TABLE api.user_saved_machines IS 'User-saved machines for quick access. Passwords are NOT stored - provided per-connection via HTTPS.';
+COMMENT ON TABLE api.connection_history IS 'Audit log of all connections to saved machines';
+COMMENT ON COLUMN api.user_saved_machines.tags IS 'Array of tags for categorization (e.g., ["production", "web-servers"])';
+COMMENT ON VIEW api.user_machine_stats IS 'Aggregated statistics per machine per user';
+
+-- Application grants (if using separate user)
+-- GRANT USAGE ON SCHEMA api TO guacamole_user;
+-- GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA api TO guacamole_user;
+-- GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA api TO guacamole_user;
+-- GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA api TO guacamole_user;
+
+-- Test data (remove in production)
+-- INSERT INTO api.user_saved_machines (user_id, name, hostname, port, protocol, os, username, description, tags) VALUES
+-- ('guacadmin', 'Test Windows Server', '192.168.1.100', 3389, 'rdp', 'Windows Server 2019', 'Administrator', 'Windows test machine', ARRAY['test', 'windows']),
+-- ('guacadmin', 'Test Linux Server', '192.168.1.101', 22, 'ssh', 'Ubuntu 22.04 LTS', 'root', 'Ubuntu server for testing', ARRAY['test', 'linux']);
+
+-- Migration completion
+DO $$ 
+BEGIN
+    RAISE NOTICE 'API schema created successfully';
+    RAISE NOTICE 'Tables: user_saved_machines, connection_history';
+    RAISE NOTICE 'View: user_machine_stats';
+END $$;
+