EverydayTech Platform - Developer Reference
Complete Source Code Documentation - All Applications
Loading...
Searching...
No Matches
guacamoleService.js
Go to the documentation of this file.
1/**
2 * @file Guacamole Integration Service - Remote Desktop Gateway Management
3 * @module services/guacamoleService
4 * @description
5 * Apache Guacamole integration service providing clientless remote desktop access (RDP, VNC, SSH)
6 * through web browsers. Manages connections, users, authentication, and multi-tenant isolation
7 * via Guacamole's REST API and PostgreSQL database.
8 *
9 * **Apache Guacamole Overview:**
10 *
11 * Guacamole is a clientless remote desktop gateway supporting:
12 * - **RDP** (Remote Desktop Protocol) - Windows remote access
13 * - **VNC** (Virtual Network Computing) - Cross-platform screen sharing
14 * - **SSH** (Secure Shell) - Terminal access
15 * - Browser-based access via HTML5 WebSocket/HTTP
16 * - No client software required
17 *
18 * **Architecture:**
19 * ```
20 * ┌──────────────┐ ┌──────────────────┐ ┌──────────────┐
21 * │ Browser │◄────►│ Guacamole │◄────►│ RMM Agent │
22 * │ (HTML5) │ │ Gateway │ │ (RDP/VNC) │
23 * └──────────────┘ └──────────────────┘ └──────────────┘
24 * │
25 * ▼
26 * ┌──────────────────┐
27 * │ PostgreSQL │
28 * │ (Connections) │
29 * └──────────────────┘
30 * ```
31 *
32 * **Multi-Tenancy Model:**
33 *
34 * Implements tenant isolation using Guacamole's connection group hierarchy:
35 * ```
36 * ROOT/
37 * ├── tenant_1/
38 * │ ├── agent_connection_1
39 * │ └── agent_connection_2
40 * ├── tenant_2/
41 * │ └── agent_connection_3
42 * └── tenant_3/
43 * └── agent_connection_4
44 * ```
45 *
46 * Each tenant gets:
47 * - Dedicated connection group
48 * - Isolated user permissions
49 * - Separate connection credentials
50 * - Access control per agent
51 *
52 * **Connection Lifecycle:**
53 *
54 * 1. **Agent Registration**: Agent enrolls with RMM platform
55 * 2. **Connection Creation**: Service creates Guacamole connection for agent
56 * 3. **User Provisioning**: Dashboard users get Guacamole accounts
57 * 4. **Permission Grant**: Users assigned READ permission to tenant connections
58 * 5. **Session Initiation**: User requests remote access via dashboard
59 * 6. **Token Generation**: Service generates temporary connection token
60 * 7. **Browser Connect**: User opens Guacamole URL with token
61 * 8. **Tunnel Establishment**: Guacamole connects to agent via persistent tunnel
62 * 9. **Session Active**: User interacts with remote desktop in browser
63 * 10. **Session Cleanup**: Connection closed, logs saved to database
64 *
65 * **Persistent Tunnels:**
66 *
67 * Uses guacamoleTunnelService for persistent SSH tunnels to agents:
68 * - Agent opens reverse SSH tunnel on port 45000+
69 * - Guacamole connects to localhost:assigned_port
70 * - Eliminates need for public RDP/VNC exposure
71 * - Works through firewalls and NAT
72 *
73 * **Configuration:**
74 * - `GUACAMOLE_URL` - Guacamole server URL (default: http://localhost:8080/guacamole)
75 * - `GUACAMOLE_USERNAME` - Admin username (default: guacadmin)
76 * - `GUACAMOLE_PASSWORD` - Admin password (required)
77 *
78 * **Database Schema:**
79 * - `agent_guacamole_connections` - Agent → Connection mapping
80 * - Guacamole native tables (guacamole_connection, guacamole_user, etc.)
81 *
82 * **API Endpoints Used:**
83 * - POST `/api/tokens` - Authentication
84 * - GET/POST `/api/session/data/postgresql/connectionGroups` - Groups
85 * - GET/POST/PATCH `/api/session/data/postgresql/connections` - Connections
86 * - GET/POST `/api/session/data/postgresql/users` - User management
87 * - PATCH `/api/session/data/postgresql/users/{user}/permissions` - Permissions
88 * - GET `/api/session/data/postgresql/activeConnections` - Active sessions
89 *
90 * **Key Features:**
91 * - **Token caching**: Admin token cached for 50 minutes to reduce auth overhead
92 * - **Auto-provisioning**: Users/connections created automatically on first access
93 * - **Permission management**: READ permissions granted per tenant
94 * - **Port allocation**: Dynamic port assignment for persistent tunnels
95 * - **Connection tracking**: Database records for audit and monitoring
96 * - **Idle detection**: Automatic cleanup of stale connections
97 *
98 * **Security:**
99 * - Tenant isolation via connection groups
100 * - User authentication required
101 * - Permission-based access control
102 * - Temporary session tokens (short-lived)
103 * - Encrypted tunnels (SSH)
104 * - Audit logging
105 * @example
106 * // Create connection for new agent
107 * const guacamoleService = require('./services/guacamoleService');
108 * await guacamoleService.createOrUpdateConnection({
109 * agent_uuid: '550e8400-e29b-41d4-a716-446655440000',
110 * hostname: 'WORKSTATION-01',
111 * tenant_id: 5
112 * }, 5);
113 * @example
114 * // Generate session token for user
115 * const token = await guacamoleService.generateConnectionToken(
116 * connectionId,
117 * agentUuid,
118 * tenantId,
119 * 'user@example.com'
120 * );
121 * const url = guacamoleService.getConnectionUrl(connectionId, token);
122 * // User opens URL in browser to start remote session
123 * @example
124 * // Provision dashboard user
125 * await guacamoleService.createOrUpdateGuacamoleUser(
126 * 'admin@example.com',
127 * tenantId,
128 * tenantGroupId
129 * );
130 * @see {@link https://guacamole.apache.org/doc/gug/} Guacamole User Guide
131 * @see {@link https://guacamole.apache.org/api-documentation/} Guacamole REST API
132 * @see {@link module:services/guacamoleTunnelService} for persistent tunnel management
133 * @see {@link module:services/websocketManager} for RDS session alternative
134 * @requires axios - HTTP client for Guacamole API
135 * @requires ./db - PostgreSQL connection pool
136 * @requires ./guacamoleTunnelService - SSH tunnel management
137 */
138
139/**
140 * Guacamole Service
141 * Manages Guacamole connections via API and database
142 */
143
144const axios = require('axios');
145const pool = require('./db');
146const tunnelService = require('./guacamoleTunnelService');
147
148const GUACAMOLE_URL = process.env.GUACAMOLE_URL || 'http://localhost:8080/guacamole';
149const GUACAMOLE_USERNAME = process.env.GUACAMOLE_USERNAME || 'guacadmin';
150const GUACAMOLE_PASSWORD = process.env.GUACAMOLE_PASSWORD;
151
152let cachedToken = null;
153let tokenExpiry = 0;
154
155/**
156 * Authenticate with Guacamole and get auth token (admin)
157 */
158async function getAuthToken() {
159 // Return cached token if still valid
160 if (cachedToken && Date.now() < tokenExpiry) {
161 return cachedToken;
162 }
163
164 try {
165 const response = await axios.post(
166 `${GUACAMOLE_URL}/api/tokens`,
167 `username=${encodeURIComponent(GUACAMOLE_USERNAME)}&password=${encodeURIComponent(GUACAMOLE_PASSWORD)}`,
168 {
169 headers: {
170 'Content-Type': 'application/x-www-form-urlencoded'
171 }
172 }
173 );
174
175 cachedToken = response.data.authToken;
176 // Token expires after 60 minutes, cache for 50 minutes to be safe
177 tokenExpiry = Date.now() + (50 * 60 * 1000);
178
179 return cachedToken;
180 } catch (error) {
181 console.error('[Guacamole] Authentication failed:', error.response?.data || error.message);
182 throw new Error('Failed to authenticate with Guacamole');
183 }
184}
185
186/**
187 * Authenticate as a specific user and get their token
188 * @param username
189 * @param password
190 */
191async function getUserAuthToken(username, password) {
192 try {
193 const response = await axios.post(
194 `${GUACAMOLE_URL}/api/tokens`,
195 `username=${encodeURIComponent(username)}&password=${encodeURIComponent(password)}`,
196 {
197 headers: {
198 'Content-Type': 'application/x-www-form-urlencoded'
199 }
200 }
201 );
202
203 return response.data.authToken;
204 } catch (error) {
205 console.error('[Guacamole] User authentication failed:', error.response?.data || error.message);
206 throw new Error('Failed to authenticate user with Guacamole');
207 }
208}
209
210/**
211 * Create or get a connection group for a tenant
212 * @param {string} tenantId - Tenant ID
213 * @param {string} tenantName - Tenant name for display
214 * @returns {Promise<string>} Group identifier
215 */
216async function createOrGetTenantGroup(tenantId, tenantName) {
217 try {
218 const token = await getAuthToken();
219
220 // Check if group already exists
221 const groupsResponse = await axios.get(
222 `${GUACAMOLE_URL}/api/session/data/postgresql/connectionGroups/ROOT/tree`,
223 {
224 headers: {
225 'Guacamole-Token': token
226 }
227 }
228 );
229
230 // Search for existing tenant group
231 const existingGroup = groupsResponse.data.childConnectionGroups?.find(
232 g => g.identifier === `tenant_${tenantId}` || g.name === `Tenant: ${tenantName}`
233 );
234
235 if (existingGroup) {
236 console.log(`[Guacamole] Found existing group for tenant ${tenantId}: ${existingGroup.identifier}`);
237 return existingGroup.identifier;
238 }
239
240 // Create new connection group for tenant
241 const createResponse = await axios.post(
242 `${GUACAMOLE_URL}/api/session/data/postgresql/connectionGroups`,
243 {
244 parentIdentifier: 'ROOT',
245 name: `Tenant: ${tenantName}`,
246 type: 'ORGANIZATIONAL',
247 attributes: {
248 'max-connections': '',
249 'max-connections-per-user': ''
250 }
251 },
252 {
253 headers: {
254 'Guacamole-Token': token
255 }
256 }
257 );
258
259 const groupId = createResponse.data.identifier;
260 console.log(`[Guacamole] Created connection group ${groupId} for tenant ${tenantId}`);
261
262 return groupId;
263 } catch (error) {
264 console.error('[Guacamole] Error creating/getting tenant group:', error.response?.data || error.message);
265 throw error;
266 }
267}
268
269/**
270 * Create or update a Guacamole user for a dashboard user
271 * @param {string} userEmail - User email
272 * @param {string} tenantId - Tenant ID
273 * @param {string} tenantGroupId - Tenant group identifier
274 * @returns {Promise<{username: string, password: string}>}
275 */
276async function createOrUpdateGuacamoleUser(userEmail, tenantId, tenantGroupId) {
277 try {
278 const token = await getAuthToken();
279 const crypto = require('crypto');
280
281 // Handle undefined userEmail gracefully
282 if (!userEmail) {
283 userEmail = `user_${Date.now()}@tenant.local`;
284 }
285
286 // Generate username from email (sanitize)
287 const username = `tenant_${tenantId}_${userEmail.split('@')[0].replace(/[^a-zA-Z0-9]/g, '_')}`;
288
289 // Check if user exists
290 let userExists = false;
291 try {
292 await axios.get(
293 `${GUACAMOLE_URL}/api/session/data/postgresql/users/${username}`,
294 {
295 headers: {
296 'Guacamole-Token': token
297 }
298 }
299 );
300 userExists = true;
301 } catch (err) {
302 // User doesn't exist
303 }
304
305 // Generate or retrieve password (store in database)
306 let password;
307 const passwordResult = await pool.query(
308 'SELECT guac_password FROM users WHERE email = $1',
309 [userEmail]
310 );
311
312 if (passwordResult.rows.length > 0 && passwordResult.rows[0].guac_password) {
313 password = passwordResult.rows[0].guac_password;
314 } else {
315 // Generate new password
316 password = crypto.randomBytes(32).toString('hex');
317
318 // Store password in database
319 await pool.query(
320 `UPDATE users SET guac_password = $1 WHERE email = $2`,
321 [password, userEmail]
322 );
323 }
324
325 if (userExists) {
326 // Update existing user permissions
327 await axios.put(
328 `${GUACAMOLE_URL}/api/session/data/postgresql/users/${username}/permissions`,
329 [{
330 op: 'add',
331 path: `/connectionGroupPermissions/${tenantGroupId}`,
332 value: 'READ'
333 }],
334 {
335 headers: {
336 'Guacamole-Token': token,
337 'Content-Type': 'application/json'
338 }
339 }
340 );
341
342 console.log(`[Guacamole] Updated permissions for user ${username}`);
343 } else {
344 // Create new user
345 await axios.post(
346 `${GUACAMOLE_URL}/api/session/data/postgresql/users`,
347 {
348 username,
349 password,
350 attributes: {
351 'disabled': '',
352 'expired': '',
353 'access-window-start': '',
354 'access-window-end': '',
355 'valid-from': '',
356 'valid-until': '',
357 'timezone': null
358 }
359 },
360 {
361 headers: {
362 'Guacamole-Token': token
363 }
364 }
365 );
366
367 // Grant READ permission on tenant group
368 await axios.patch(
369 `${GUACAMOLE_URL}/api/session/data/postgresql/users/${username}/permissions`,
370 [{
371 op: 'add',
372 path: `/connectionGroupPermissions/${tenantGroupId}`,
373 value: 'READ'
374 }],
375 {
376 headers: {
377 'Guacamole-Token': token,
378 'Content-Type': 'application/json'
379 }
380 }
381 );
382
383 console.log(`[Guacamole] Created user ${username} with access to group ${tenantGroupId}`);
384 }
385
386 return { username, password };
387 } catch (error) {
388 console.error('[Guacamole] Error creating/updating user:', error.response?.data || error.message);
389 throw error;
390 }
391}
392
393/**
394 * Create or update a Guacamole connection for an agent
395 * @param {object} agent - Agent object with uuid, hostname, ip_address, os
396 * @param {string} tenantId - Tenant ID
397 * @returns {object} Connection details
398 */
399async function createOrUpdateConnection(agent, tenantId) {
400 try {
401 const token = await getAuthToken();
402
403 // Get tenant info for group creation
404 const tenantResult = await pool.query(
405 'SELECT name FROM tenants WHERE id = $1',
406 [tenantId]
407 );
408
409 const tenantName = tenantResult.rows.length > 0 ? tenantResult.rows[0].name : tenantId;
410
411 // Create or get tenant connection group
412 const tenantGroupId = await createOrGetTenantGroup(tenantId, tenantName);
413
414 // Determine connection protocol based on OS
415 const protocol = agent.os?.toLowerCase().includes('windows') ? 'rdp' : 'vnc';
416 const remotePort = protocol === 'rdp' ? 3389 : 5900;
417
418 // Check if connection already exists in our database
419 const existingResult = await pool.query(
420 'SELECT guac_connection_id FROM agent_guacamole_connections WHERE agent_uuid = $1',
421 [agent.agent_uuid]
422 );
423
424 let connectionId = existingResult.rows.length > 0 ? existingResult.rows[0].guac_connection_id : null;
425
426 // Don't create tunnel here - tunnels are created on-demand when "Request Access" is clicked
427 // Initial connection points to a placeholder (will be updated when tunnel is active)
428 const connectionName = `${agent.hostname || agent.agent_uuid}`;
429
430 if (existingResult.rows.length > 0) {
431 // Update existing connection metadata only (don't change host/port)
432 connectionId = existingResult.rows[0].guac_connection_id;
433
434 // Get current connection to preserve host/port
435 const token = await getAuthToken();
436 const currentResponse = await axios.get(
437 `${GUACAMOLE_URL}/api/session/data/postgresql/connections/${connectionId}`,
438 { headers: { 'Guacamole-Token': token } }
439 );
440
441 await axios.put(
442 `${GUACAMOLE_URL}/api/session/data/postgresql/connections/${connectionId}`,
443 {
444 name: connectionName,
445 protocol: protocol,
446 parameters: {
447 ...currentResponse.data.parameters, // Preserve existing host/port
448 hostname: currentResponse.data.parameters.hostname || '0.0.0.0', // Placeholder if not set
449 port: currentResponse.data.parameters.port || remotePort.toString(),
450 'ignore-cert': 'true',
451 'security': 'any',
452 'enable-wallpaper': 'false',
453 'enable-theming': 'false',
454 'enable-font-smoothing': 'true',
455 'resize-method': 'display-update',
456 // System-level access - no authentication required
457 username: '', // Blank username for system access
458 password: '', // Blank password for system access
459 domain: '' // No domain required
460 },
461 attributes: {
462 'max-connections': '2',
463 'max-connections-per-user': '1'
464 }
465 },
466 {
467 headers: {
468 'Guacamole-Token': token
469 }
470 }
471 );
472
473 console.log(`[Guacamole] Updated connection ${connectionId} for agent ${agent.agent_uuid}`);
474 } else {
475 // Create new connection under tenant group with placeholder address
476 const token = await getAuthToken();
477 const response = await axios.post(
478 `${GUACAMOLE_URL}/api/session/data/postgresql/connections`,
479 {
480 parentIdentifier: tenantGroupId, // Place in tenant-specific group
481 name: connectionName,
482 protocol: protocol,
483 parameters: {
484 hostname: '0.0.0.0', // Placeholder - will be updated when tunnel is created
485 port: remotePort.toString(),
486 'ignore-cert': 'true',
487 'security': 'any',
488 'enable-wallpaper': 'false',
489 'enable-theming': 'false',
490 'enable-font-smoothing': 'true',
491 'resize-method': 'display-update',
492 // System-level access - no authentication required
493 username: '', // Blank username for system access
494 password: '', // Blank password for system access
495 domain: '' // No domain required
496 },
497 attributes: {
498 'max-connections': '2',
499 'max-connections-per-user': '1'
500 }
501 },
502 {
503 headers: {
504 'Guacamole-Token': token
505 }
506 }
507 );
508
509 connectionId = response.data.identifier;
510
511 // Store connection ID in our database
512 await pool.query(
513 `INSERT INTO agent_guacamole_connections (agent_uuid, tenant_id, guac_connection_id, protocol, created_at, updated_at)
514 VALUES ($1, $2, $3, $4, NOW(), NOW())`,
515 [agent.agent_uuid, tenantId, connectionId, protocol]
516 );
517
518 console.log(`[Guacamole] Created connection ${connectionId} for agent ${agent.agent_uuid}`);
519 }
520
521 return {
522 connectionId,
523 protocol,
524 name: connectionName
525 };
526 } catch (error) {
527 console.error('[Guacamole] Error creating/updating connection:', error.response?.data || error.message);
528 throw error;
529 }
530}
531
532/**
533 * Delete a Guacamole connection
534 * @param {string} agentUuid - Agent UUID
535 */
536async function deleteConnection(agentUuid) {
537 try {
538 // Get connection ID from database
539 const result = await pool.query(
540 'SELECT guac_connection_id FROM agent_guacamole_connections WHERE agent_uuid = $1',
541 [agentUuid]
542 );
543
544 if (result.rows.length === 0) {
545 return; // No connection to delete
546 }
547
548 const connectionId = result.rows[0].guac_connection_id;
549 const token = await getAuthToken();
550
551 // Delete from Guacamole
552 await axios.delete(
553 `${GUACAMOLE_URL}/api/session/data/postgresql/connections/${connectionId}`,
554 {
555 headers: {
556 'Guacamole-Token': token
557 }
558 }
559 );
560
561 // Delete from our database
562 await pool.query(
563 'DELETE FROM agent_guacamole_connections WHERE agent_uuid = $1',
564 [agentUuid]
565 );
566
567 console.log(`[Guacamole] Deleted connection ${connectionId} for agent ${agentUuid}`);
568 } catch (error) {
569 console.error('[Guacamole] Error deleting connection:', error.response?.data || error.message);
570 // Don't throw - best effort deletion
571 }
572}
573
574/**
575 * Get connection details for an agent
576 * @param {string} agentUuid - Agent UUID
577 * @returns {object | null} Connection details
578 */
579async function getConnection(agentUuid) {
580 const result = await pool.query(
581 'SELECT * FROM agent_guacamole_connections WHERE agent_uuid = $1',
582 [agentUuid]
583 );
584
585 return result.rows.length > 0 ? result.rows[0] : null;
586}
587
588/**
589 * Get connections URL for embedding in dashboard
590 * @param {string} connectionId - Guacamole connection ID
591 * @param {string} authToken - Authentication token
592 * @returns {string} Complete Guacamole client URL with token
593 */
594function getConnectionUrl(connectionId, authToken) {
595 // Use external URL for dashboard/frontend access
596 const externalUrl = process.env.GUACAMOLE_EXTERNAL_URL || 'https://guacamole.everydaytech.au';
597
598 // Standard Guacamole client URL format
599 // The token should be passed as a URL parameter for auto-login
600 return `${externalUrl}/guacamole/#/client/${connectionId}?token=${authToken}`;
601}
602
603/**
604 * Generate a connection token for auto-login
605 * IMPORTANT: This generates a user-specific token with ONLY access to their tenant's connections
606 * This prevents cross-tenant access and ensures proper tenant isolation
607 * @param {string} connectionId - Guacamole connection ID
608 * @param {string} agentUuid - Agent UUID for tenant verification
609 * @param {string} tenantId - Tenant ID for isolation
610 * @param {string} userEmail - User email for audit logging
611 * @returns {Promise<string>} Token for auto-login URL
612 */
613async function generateConnectionToken(connectionId, agentUuid, tenantId, userEmail) {
614 try {
615 // Ensure userEmail has a fallback value
616 if (!userEmail || userEmail === 'undefined') {
617 userEmail = `user_${Date.now()}@tenant${tenantId}.local`;
618 }
619
620 // Verify this connection belongs to the tenant
621 const verifyResult = await pool.query(
622 `SELECT agc.guac_connection_id, agc.tenant_id, a.hostname, t.name as tenant_name
623 FROM agent_guacamole_connections agc
624 JOIN agents a ON a.agent_uuid = agc.agent_uuid
625 JOIN tenants t ON t.tenant_id = agc.tenant_id
626 WHERE agc.agent_uuid = $1 AND agc.tenant_id = $2`,
627 [agentUuid, tenantId]
628 );
629
630 if (verifyResult.rows.length === 0) {
631 throw new Error('Connection not found or access denied');
632 }
633
634 // Get tenant info
635 const tenantName = verifyResult.rows[0].tenant_name;
636
637 // Create or get tenant connection group
638 const tenantGroupId = await createOrGetTenantGroup(tenantId, tenantName);
639
640 // Create or update Guacamole user for this dashboard user
641 // This user will ONLY have access to their tenant's connection group
642 const { username, password } = await createOrUpdateGuacamoleUser(userEmail, tenantId, tenantGroupId);
643
644 // Authenticate as the tenant-specific user (not admin)
645 const userToken = await getUserAuthToken(username, password);
646
647 // Log access for audit trail
648 await pool.query(
649 `INSERT INTO activity_logs (agent_uuid, tenant_id, action, details, user_email)
650 VALUES ($1, $2, $3, $4, $5)`,
651 [
652 agentUuid,
653 tenantId,
654 'guacamole_token_generated',
655 JSON.stringify({
656 connection_id: connectionId,
657 hostname: verifyResult.rows[0].hostname,
658 guacamole_user: username
659 }),
660 userEmail
661 ]
662 );
663
664 console.log(`[Guacamole] Generated user-specific token for ${userEmail} (${username}) to access connection ${connectionId} (tenant ${tenantId})`);
665
666 // Return user-specific token - this user can ONLY see their tenant's connections
667 return userToken;
668 } catch (error) {
669 console.error('[Guacamole] Error generating connection token:', error.message);
670 throw error;
671 }
672}
673
674/**
675 * Create a new Guacamole connection (wrapper for createOrUpdateConnection)
676 * @param {string} agentUuid - Agent UUID
677 * @param {object} config - Connection configuration
678 * @returns {object} Connection details with identifier
679 */
680async function createConnection(agentUuid, config) {
681 const token = await getAuthToken();
682
683 // Create connection via Guacamole API
684 const response = await axios.post(
685 `${GUACAMOLE_URL}/api/session/data/postgresql/connections`,
686 {
687 parentIdentifier: 'ROOT',
688 name: config.name,
689 protocol: config.protocol || 'rdp',
690 parameters: config.parameters,
691 attributes: {
692 'max-connections': '2',
693 'max-connections-per-user': '1'
694 }
695 },
696 {
697 headers: {
698 'Guacamole-Token': token
699 }
700 }
701 );
702
703 return {
704 identifier: response.data.identifier,
705 name: config.name,
706 protocol: config.protocol || 'rdp'
707 };
708}
709
710/**
711 * Update Guacamole connection with new tunnel port
712 * @param {string} agentUuid - Agent UUID
713 * @param {number} port - Local tunnel port
714 * @param {string} protocol - Connection protocol (rdp/vnc/ssh)
715 */
716async function updateConnectionPort(agentUuid, port, protocol) {
717 try {
718 // Get connection ID from database
719 const result = await pool.query(
720 'SELECT guac_connection_id FROM agent_guacamole_connections WHERE agent_uuid = $1',
721 [agentUuid]
722 );
723
724 if (result.rows.length === 0) {
725 throw new Error('Connection not found');
726 }
727
728 const connectionId = result.rows[0].guac_connection_id;
729 const token = await getAuthToken();
730
731 // Get current connection details first
732 const currentResponse = await axios.get(
733 `${GUACAMOLE_URL}/api/session/data/postgresql/connections/${connectionId}`,
734 {
735 headers: {
736 'Guacamole-Token': token
737 }
738 }
739 );
740
741 const currentConnection = currentResponse.data;
742
743 // Update connection with new port using Docker gateway IP
744 // 172.19.0.1 is the host IP accessible from inside Docker containers
745 await axios.put(
746 `${GUACAMOLE_URL}/api/session/data/postgresql/connections/${connectionId}`,
747 {
748 ...currentConnection,
749 parameters: {
750 ...currentConnection.parameters,
751 hostname: '172.19.0.1', // Docker gateway to reach host
752 port: port.toString()
753 }
754 },
755 {
756 headers: {
757 'Guacamole-Token': token
758 }
759 }
760 );
761
762 console.log(`[Guacamole] Updated connection ${connectionId} to use tunnel port ${port}`);
763 } catch (error) {
764 console.error('[Guacamole] Error updating connection port:', error.response?.data || error.message);
765 throw error;
766 }
767}
768
769module.exports = {
770 getAuthToken,
771 getUserAuthToken,
772 createOrGetTenantGroup,
773 createOrUpdateGuacamoleUser,
774 createConnection,
775 createOrUpdateConnection,
776 deleteConnection,
777 getConnection,
778 getConnectionUrl,
779 generateConnectionToken,
780 updateConnectionPort
781};