Interactive list

web-gateway/README.md

@@ -7,11 +7,12 @@ HTML5 WebSocket-based gateway for accessing RDP connections through a web browse
 - 🌐 **Browser-Based Access** - Connect to RDP sessions from any modern web browser
 - 🔒 **Secure WebSocket** - Real-time bidirectional communication
 - 🎨 **Modern UI** - Clean, responsive interface
-- 🔑 **Simplified Authentication** - Credentials passed directly to RdpBroker
+- 🔑 **User-Specific Targets** - Each user sees only their authorized RDP servers
 - 📊 **Service Health Monitoring** - Automatic RdpBroker availability checks
-- 🎯 **Dynamic Target Loading** - Targets fetched from configuration or RdpBroker
+- 🎯 **Dynamic Target Loading** - Personalized targets from RdpBroker based on user permissions
 - ⚡ **Low Latency** - Optimized for performance
 - ☁️ **Kubernetes Native** - Console-only logging for cloud environments
+- 🔐 **Samba AD Integration** - Authentication via RdpBroker with Samba Active Directory
 
 ## Architecture
 
@@ -19,12 +20,29 @@ HTML5 WebSocket-based gateway for accessing RDP connections through a web browse
 User Browser (HTML5/WebSocket)
           ↓
     RDP Web Gateway (Node.js)
+          ↓  [WebSocket Protocol]
+          ↓  1. AUTH → receives user-specific targets
+          ↓  2. SELECT → connects to chosen target
           ↓
-      RdpBroker (RDP)
+      RdpBroker (C)
+          ↓  [Samba AD Auth]
+          ↓  [Target Authorization]
+          ↓  [RDP Forwarding]
           ↓
     Target RDP Servers
 ```
 
+## Authentication Flow
+
+1. **User Login** - User enters credentials in web interface
+2. **Health Check** - Web-gateway verifies RdpBroker is available
+3. **WebSocket Auth** - Credentials sent via WebSocket to RdpBroker
+4. **LDAP Authentication** - RdpBroker authenticates against Samba AD
+5. **Target Authorization** - RdpBroker determines user's authorized targets based on groups/permissions
+6. **Targets Display** - User-specific target list sent back to web-gateway
+7. **Target Selection** - User chooses from their authorized servers
+8. **RDP Session** - RdpBroker establishes connection to selected target
+
 ## Prerequisites
 
 - Node.js 18+
@@ -147,22 +165,74 @@ Fetch available RDP targets.
 
 Connect to `ws://localhost:8080/ws/rdp`
 
-#### Client → Server Messages
+The protocol follows a two-phase approach:
+1. **Authentication Phase**: User authenticates and receives personalized target list
+2. **Connection Phase**: User selects target and establishes RDP session
 
-**Connect to target:**
+#### Phase 1: Authentication
+
+**Client → Server - Authenticate:**
+```json
+{
+  "type": "authenticate",
+  "username": "user@domain.com",
+  "password": "password123"
+}
+```
+
+**Server → Client - Authentication Success with Targets:**
+```json
+{
+  "type": "targets",
+  "targets": [
+    {
+      "name": "Windows Server 2022",
+      "host": "ws2022.example.com",
+      "port": 3389,
+      "description": "Production Windows Server (user-specific)"
+    },
+    {
+      "name": "Development Server",
+      "host": "dev.example.com",
+      "port": 3389,
+      "description": "Development environment"
+    }
+  ]
+}
+```
+
+**Server → Client - Authentication Failed:**
+```json
+{
+  "type": "error",
+  "error": "Invalid credentials"
+}
+```
+
+#### Phase 2: Connection
+
+**Client → Server - Connect to Target:**
 ```json
 {
   "type": "connect",
-  "username": "user@domain.com",
-  "password": "password123",
   "target": {
-    "name": "Server 01",
-    "host": "192.168.1.10",
+    "name": "Windows Server 2022",
+    "host": "ws2022.example.com",
     "port": 3389
   }
 }
 ```
 
+**Server → Client - RDP Session Ready:**
+```json
+{
+  "type": "connected",
+  "target": "Windows Server 2022"
+}
+```
+
+#### Client → Server Messages
+
 **Mouse event:**
 ```json
 {