ptn 0.1.4__py3-none-any.whl → 0.3.2__py3-none-any.whl

porterminal/cli/args.py

@@ -61,6 +61,23 @@ def parse_args() -> argparse.Namespace:
         action="store_true",
         help="Run in background and return immediately",
     )
+    parser.add_argument(
+        "--init",
+        action="store_true",
+        help="Create .ptn/ptn.yaml config file in current directory",
+    )
+    parser.add_argument(
+        "-p",
+        "--password",
+        action="store_true",
+        help="Prompt for password to protect terminal access",
+    )
+    parser.add_argument(
+        "-dp",
+        "--default-password",
+        action="store_true",
+        help="Toggle password requirement in config (on/off)",
+    )
     # Internal argument for background mode communication
     parser.add_argument(
         "--_url-file",
@@ -88,4 +105,90 @@ def parse_args() -> argparse.Namespace:
         success = update_package()
         sys.exit(0 if success else 1)
 
+    if args.init:
+        _init_config()
+        sys.exit(0)
+
+    if args.default_password:
+        _toggle_password_requirement()
+        sys.exit(0)
+
     return args
+
+
+DEFAULT_CONFIG = """\
+# ptn configuration file
+# Docs: https://github.com/lyehe/porterminal/blob/master/docs/configuration.md
+
+# Custom buttons (appear in third toolbar row)
+buttons:
+  - label: "git"
+    send: "git status\\r"
+  - label: "build"
+    send: "npm run build\\r"
+  # Multi-step button with delays (ms):
+  # - label: "deploy"
+  #   send:
+  #     - "npm run build"
+  #     - 100
+  #     - "\\r"
+
+# Terminal settings (optional)
+# terminal:
+#   default_shell: bash
+#   cols: 120
+#   rows: 30
+"""
+
+
+def _init_config() -> None:
+    """Create .ptn/ptn.yaml in current directory."""
+    from pathlib import Path
+
+    config_dir = Path.cwd() / ".ptn"
+    config_file = config_dir / "ptn.yaml"
+
+    if config_file.exists():
+        print(f"Config already exists: {config_file}")
+        return
+
+    config_dir.mkdir(exist_ok=True)
+    config_file.write_text(DEFAULT_CONFIG)
+    print(f"Created: {config_file}")
+
+
+def _toggle_password_requirement() -> None:
+    """Toggle security.require_password in config file."""
+    from pathlib import Path
+
+    import yaml
+
+    from porterminal.config import find_config_file
+
+    # Find existing config or use default location
+    config_path = find_config_file()
+    if config_path is None:
+        config_dir = Path.cwd() / ".ptn"
+        config_path = config_dir / "ptn.yaml"
+        config_dir.mkdir(exist_ok=True)
+
+    # Read existing config or create empty
+    if config_path.exists():
+        with open(config_path, encoding="utf-8") as f:
+            data = yaml.safe_load(f) or {}
+    else:
+        data = {}
+
+    # Toggle the value
+    if "security" not in data:
+        data["security"] = {}
+    current = data["security"].get("require_password", False)
+    data["security"]["require_password"] = not current
+
+    # Write back
+    with open(config_path, "w", encoding="utf-8") as f:
+        yaml.safe_dump(data, f, default_flow_style=False, sort_keys=False)
+
+    new_value = data["security"]["require_password"]
+    status = "enabled" if new_value else "disabled"
+    print(f"Password requirement {status} in {config_path}")

porterminal/cli/display.py

@@ -136,7 +136,7 @@ def display_startup_screen(
         *tagline_colored,
         "",
         f"[bold yellow]{get_caution()}[/bold yellow]",
-        "[bright_red]The URL is the only security. Use at your own risk.[/bright_red]",
+        "[dim]Use -p for password protection if your screen is exposed[/dim]",
         status,
         f"[bold cyan]{url}[/bold cyan]",
     ]

porterminal/composition.py

@@ -3,12 +3,15 @@
 from collections.abc import Callable
 from pathlib import Path
 
+import yaml
+
 from porterminal.application.services import (
     ManagementService,
     SessionService,
     TabService,
     TerminalService,
 )
+from porterminal.config import find_config_file
 from porterminal.container import Container
 from porterminal.domain import (
     EnvironmentRules,
@@ -19,7 +22,7 @@ from porterminal.domain import (
     TabLimitChecker,
     TerminalDimensions,
 )
-from porterminal.infrastructure.config import ShellDetector, YAMLConfigLoader
+from porterminal.infrastructure.config import ShellDetector
 from porterminal.infrastructure.registry import UserConnectionRegistry
 from porterminal.infrastructure.repositories import InMemorySessionRepository, InMemoryTabRepository
 
@@ -107,8 +110,9 @@ class PTYManagerAdapter:
 
 
 def create_container(
-    config_path: Path | str = "config.yaml",
+    config_path: Path | str | None = None,
     cwd: str | None = None,
+    password_hash: bytes | None = None,
 ) -> Container:
     """Create the dependency container with all wired dependencies.
 
@@ -116,15 +120,21 @@ def create_container(
     dependencies are created and wired together.
 
     Args:
-        config_path: Path to config file.
+        config_path: Path to config file, or None to search standard locations.
         cwd: Working directory for PTY sessions.
+        password_hash: Bcrypt hash of password for authentication (None = no auth).
 
     Returns:
         Fully wired dependency container.
     """
     # Load configuration
-    loader = YAMLConfigLoader(config_path)
-    config_data = loader.load()
+    if config_path is None:
+        config_path = find_config_file()
+
+    config_data: dict = {}
+    if config_path is not None and Path(config_path).exists():
+        with open(config_path, encoding="utf-8") as f:
+            config_data = yaml.safe_load(f) or {}
 
     # Detect shells
     detector = ShellDetector()
@@ -133,6 +143,7 @@ def create_container(
     # Get config values with defaults
     server_data = config_data.get("server", {})
     terminal_data = config_data.get("terminal", {})
+    security_data = config_data.get("security", {})
 
     server_host = server_data.get("host", "127.0.0.1")
     server_port = server_data.get("port", 8000)
@@ -140,6 +151,7 @@ def create_container(
     default_rows = terminal_data.get("rows", 30)
     default_shell_id = terminal_data.get("default_shell") or detector.get_default_shell_id()
     buttons = config_data.get("buttons", [])
+    max_auth_attempts = security_data.get("max_auth_attempts", 5)
 
     # Use configured shells if provided, otherwise use detected
     configured_shells = terminal_data.get("shells", [])
@@ -205,4 +217,6 @@ def create_container(
         default_rows=default_rows,
         buttons=buttons,
         cwd=cwd,
+        password_hash=password_hash,
+        max_auth_attempts=max_auth_attempts,
     )

porterminal/config.py

@@ -1,12 +1,14 @@
 """Configuration loading and validation using Pydantic."""
 
+import os
 import shutil
-import sys
 from pathlib import Path
 
 import yaml
 from pydantic import BaseModel, Field, field_validator
 
+from porterminal.infrastructure.config import ShellDetector
+
 
 class ServerConfig(BaseModel):
     """Server configuration."""
@@ -37,67 +39,6 @@ class ShellConfig(BaseModel):
         raise ValueError(f"Shell executable not found: {v}")
 
 
-def detect_available_shells() -> list[ShellConfig]:
-    """Auto-detect available shells based on the platform."""
-    shells = []
-
-    if sys.platform == "win32":
-        # Windows shells
-        candidates = [
-            ("PowerShell", "powershell", "powershell.exe", ["-NoLogo"]),
-            ("PowerShell 7", "pwsh", "pwsh.exe", ["-NoLogo"]),
-            ("CMD", "cmd", "cmd.exe", []),
-            ("WSL", "wsl", "wsl.exe", []),
-            ("Git Bash", "gitbash", r"C:\Program Files\Git\bin\bash.exe", ["--login"]),
-        ]
-    else:
-        # Unix-like shells (Linux, macOS)
-        candidates = [
-            ("Bash", "bash", "bash", ["--login"]),
-            ("Zsh", "zsh", "zsh", ["--login"]),
-            ("Fish", "fish", "fish", []),
-            ("Sh", "sh", "sh", []),
-        ]
-
-    for name, shell_id, command, args in candidates:
-        # Check if shell exists
-        shell_path = shutil.which(command)
-        if shell_path or Path(command).exists():
-            shells.append(
-                ShellConfig(
-                    name=name,
-                    id=shell_id,
-                    command=shell_path or command,
-                    args=args,
-                )
-            )
-
-    return shells
-
-
-def get_default_shell_id() -> str:
-    """Get the default shell ID for the current platform."""
-    if sys.platform == "win32":
-        # Prefer PowerShell 7, then PowerShell, then CMD
-        if shutil.which("pwsh"):
-            return "pwsh"
-        if shutil.which("powershell"):
-            return "powershell"
-        return "cmd"
-    elif sys.platform == "darwin":
-        # macOS defaults to zsh
-        if shutil.which("zsh"):
-            return "zsh"
-        return "bash"
-    else:
-        # Linux - prefer bash
-        if shutil.which("bash"):
-            return "bash"
-        if shutil.which("zsh"):
-            return "zsh"
-        return "sh"
-
-
 class TerminalConfig(BaseModel):
     """Terminal configuration."""
 
@@ -118,7 +59,7 @@ class ButtonConfig(BaseModel):
     """Custom button configuration."""
 
     label: str
-    send: str
+    send: str | list[str | int] = ""  # string or list of strings/ints (ints = wait ms)
 
 
 class CloudflareConfig(BaseModel):
@@ -128,6 +69,20 @@ class CloudflareConfig(BaseModel):
     access_aud: str = ""
 
 
+class UpdateConfig(BaseModel):
+    """Update checker configuration."""
+
+    notify_on_startup: bool = True  # Show "update available" on startup
+    check_interval: int = Field(default=86400, ge=0)  # Seconds between checks (0 = always)
+
+
+class SecurityConfig(BaseModel):
+    """Security configuration."""
+
+    require_password: bool = False  # Prompt for password at startup
+    max_auth_attempts: int = Field(default=5, ge=1, le=100)
+
+
 class Config(BaseModel):
     """Application configuration."""
 
@@ -135,13 +90,47 @@ class Config(BaseModel):
     terminal: TerminalConfig = Field(default_factory=TerminalConfig)
     buttons: list[ButtonConfig] = Field(default_factory=list)
     cloudflare: CloudflareConfig = Field(default_factory=CloudflareConfig)
+    update: UpdateConfig = Field(default_factory=UpdateConfig)
+    security: SecurityConfig = Field(default_factory=SecurityConfig)
+
+
+def find_config_file(cwd: Path | None = None) -> Path | None:
+    """Find config file in standard locations.
+
+    Search order:
+    1. PORTERMINAL_CONFIG_PATH env var (if set)
+    2. ptn.yaml in cwd
+    3. .ptn/ptn.yaml in cwd
+    4. ~/.ptn/ptn.yaml (user home directory)
+    """
+    # Check env var first
+    if env_path := os.environ.get("PORTERMINAL_CONFIG_PATH"):
+        return Path(env_path)
+
+    base = cwd or Path.cwd()
 
+    # Search order: cwd first, then home
+    candidates = [
+        base / "ptn.yaml",
+        base / ".ptn" / "ptn.yaml",
+        Path.home() / ".ptn" / "ptn.yaml",
+    ]
 
-def load_config(config_path: Path | str = "config.yaml") -> Config:
+    for path in candidates:
+        if path.exists():
+            return path
+
+    return None  # No config found, use defaults
+
+
+def load_config(config_path: Path | str | None = None) -> Config:
     """Load configuration from YAML file."""
-    config_path = Path(config_path)
+    if config_path is None:
+        config_path = find_config_file()
+
+    detector = ShellDetector()
 
-    if not config_path.exists():
+    if config_path is None or not Path(config_path).exists():
         data = {}
     else:
         with open(config_path, encoding="utf-8") as f:
@@ -162,10 +151,13 @@ def load_config(config_path: Path | str = "config.yaml") -> Config:
         except Exception:
             pass
 
-    # If no valid shells from config, auto-detect
+    # If no valid shells from config, auto-detect using ShellDetector
     if not valid_shells:
-        detected = detect_available_shells()
-        terminal_data["shells"] = [s.model_dump() for s in detected]
+        detected = detector.detect_shells()
+        terminal_data["shells"] = [
+            {"id": s.id, "name": s.name, "command": s.command, "args": list(s.args)}
+            for s in detected
+        ]
     else:
         terminal_data["shells"] = valid_shells
 
@@ -173,7 +165,7 @@ def load_config(config_path: Path | str = "config.yaml") -> Config:
     default_shell = terminal_data.get("default_shell", "")
     shell_ids = [s.get("id") or s.get("name", "").lower() for s in terminal_data.get("shells", [])]
     if not default_shell or default_shell not in shell_ids:
-        terminal_data["default_shell"] = get_default_shell_id()
+        terminal_data["default_shell"] = detector.get_default_shell_id()
         # Make sure the default shell is in the list
         if terminal_data["default_shell"] not in shell_ids and terminal_data.get("shells"):
             terminal_data["default_shell"] = terminal_data["shells"][0].get("id", "")

porterminal/container.py

@@ -53,13 +53,6 @@ class Container:
     # Working directory
     cwd: str | None = None
 
-    def get_shell(self, shell_id: str | None = None) -> ShellCommand | None:
-        """Get shell by ID or default."""
-        target_id = shell_id or self.default_shell_id
-
-        for shell in self.available_shells:
-            if shell.id == target_id:
-                return shell
-
-        # Return first available if target not found
-        return self.available_shells[0] if self.available_shells else None
+    # Security
+    password_hash: bytes | None = None
+    max_auth_attempts: int = 5

porterminal/domain/__init__.py

@@ -15,7 +15,6 @@ from .entities import (
 
 # Ports
 from .ports import (
-    PTYFactory,
     PTYPort,
     SessionRepository,
     TabRepository,
@@ -87,5 +86,4 @@ __all__ = [
     "SessionRepository",
     "TabRepository",
     "PTYPort",
-    "PTYFactory",
 ]

porterminal/domain/entities/output_buffer.py

@@ -67,7 +67,3 @@ class OutputBuffer:
         """Clear the buffer."""
         self._buffer.clear()
         self._size = 0
-
-    def __len__(self) -> int:
-        """Return number of chunks in buffer."""
-        return len(self._buffer)

porterminal/domain/ports/__init__.py

@@ -1,6 +1,6 @@
 """Domain ports - interfaces for infrastructure to implement."""
 
-from .pty_port import PTYFactory, PTYPort
+from .pty_port import PTYPort
 from .session_repository import SessionRepository
 from .tab_repository import TabRepository
 
@@ -8,5 +8,4 @@ __all__ = [
     "SessionRepository",
     "TabRepository",
     "PTYPort",
-    "PTYFactory",
 ]

porterminal/domain/ports/pty_port.py

@@ -2,7 +2,6 @@
 
 from abc import ABC, abstractmethod
 
-from ..values.shell_command import ShellCommand
 from ..values.terminal_dimensions import TerminalDimensions
 
 
@@ -50,31 +49,3 @@ class PTYPort(ABC):
     def dimensions(self) -> TerminalDimensions:
         """Get current terminal dimensions."""
         ...
-
-
-class PTYFactory(ABC):
-    """Abstract interface for PTY creation.
-
-    Infrastructure provides platform-specific factory.
-    """
-
-    @abstractmethod
-    def create(
-        self,
-        shell: ShellCommand,
-        dimensions: TerminalDimensions,
-        environment: dict[str, str],
-        working_directory: str | None = None,
-    ) -> PTYPort:
-        """Create and spawn a new PTY.
-
-        Args:
-            shell: Shell command to run.
-            dimensions: Initial terminal dimensions.
-            environment: Sanitized environment variables.
-            working_directory: Optional working directory.
-
-        Returns:
-            PTY port implementation.
-        """
-        ...

porterminal/domain/ports/tab_repository.py

@@ -68,8 +68,3 @@ class TabRepository(ABC):
     def count_for_user(self, user_id: UserId) -> int:
         """Get tab count for a user."""
         ...
-
-    @abstractmethod
-    def all_tabs(self) -> list[Tab]:
-        """Get all tabs (for cleanup iteration)."""
-        ...

porterminal/infrastructure/auth.py

@@ -0,0 +1,131 @@
+"""Authentication utilities for WebSocket connections."""
+
+from __future__ import annotations
+
+import asyncio
+import logging
+import os
+import signal
+from typing import TYPE_CHECKING
+
+import bcrypt
+
+if TYPE_CHECKING:
+    from porterminal.application.ports import ConnectionPort
+
+logger = logging.getLogger(__name__)
+
+
+def _shutdown_server() -> None:
+    """Trigger server shutdown due to auth failure."""
+    import time
+
+    # Print plain text - parent's drain_process_output handles formatting
+    print("", flush=True)
+    print("SECURITY WARNING", flush=True)
+    print("Max authentication attempts exceeded.", flush=True)
+    print("Your URL may have been leaked. Investigate before restarting.", flush=True)
+    print("", flush=True)
+
+    logger.warning(
+        "SECURITY: Max authentication attempts exceeded. "
+        "Shutting down server to prevent brute force attack."
+    )
+
+    # Delay to ensure message is visible before shutdown
+    time.sleep(1)
+    os.kill(os.getpid(), signal.SIGTERM)
+
+
+async def authenticate_connection(
+    connection: ConnectionPort,
+    password_hash: bytes,
+    max_attempts: int = 5,
+    timeout_seconds: int = 30,
+) -> bool:
+    """Authenticate a WebSocket connection with password.
+
+    Sends auth_required, waits for auth message, validates password.
+    Returns True if authenticated, False otherwise.
+
+    Args:
+        connection: WebSocket connection adapter
+        password_hash: bcrypt hash of the expected password
+        max_attempts: Maximum number of password attempts
+        timeout_seconds: Timeout for receiving auth message
+
+    Returns:
+        True if successfully authenticated, False otherwise
+    """
+    await connection.send_message({"type": "auth_required"})
+
+    attempts = 0
+    while attempts < max_attempts:
+        try:
+            message = await asyncio.wait_for(connection.receive(), timeout=timeout_seconds)
+        except TimeoutError:
+            await connection.send_message(
+                {
+                    "type": "auth_failed",
+                    "attempts_remaining": 0,
+                    "error": "Authentication timeout",
+                }
+            )
+            return False
+
+        if not isinstance(message, dict) or message.get("type") != "auth":
+            await connection.send_message(
+                {
+                    "type": "error",
+                    "error": "Authentication required",
+                }
+            )
+            continue
+
+        password = message.get("password", "")
+        if bcrypt.checkpw(password.encode(), password_hash):
+            await connection.send_message({"type": "auth_success"})
+            return True
+
+        attempts += 1
+        remaining = max_attempts - attempts
+        await connection.send_message(
+            {
+                "type": "auth_failed",
+                "attempts_remaining": remaining,
+                "error": "Invalid password" if remaining > 0 else "Too many failed attempts",
+            }
+        )
+
+    # Max attempts exhausted - shutdown to prevent brute force
+    _shutdown_server()
+    return False
+
+
+async def validate_auth_message(
+    connection: ConnectionPort,
+    password_hash: bytes,
+    timeout_seconds: int = 10,
+) -> bool:
+    """Validate a single auth message from a connection.
+
+    For terminal WebSocket where we expect auth as first message.
+
+    Args:
+        connection: WebSocket connection adapter
+        password_hash: bcrypt hash of the expected password
+        timeout_seconds: Timeout for receiving auth message
+
+    Returns:
+        True if valid, False otherwise
+    """
+    try:
+        message = await asyncio.wait_for(connection.receive(), timeout=timeout_seconds)
+    except TimeoutError:
+        return False
+
+    if not isinstance(message, dict) or message.get("type") != "auth":
+        return False
+
+    password = message.get("password", "")
+    return bcrypt.checkpw(password.encode(), password_hash)

porterminal/infrastructure/cloudflared.py

@@ -172,12 +172,16 @@ class CloudflaredInstaller:
                 try:
                     # Add Cloudflare repo first for apt
                     if name == "apt":
+                        # Use "any" distribution - works on all Debian-based systems
+                        # (Ubuntu, Debian, Mint, Pop!_OS, etc.) without codename detection
+                        # See: https://pkg.cloudflare.com/
                         subprocess.run(
                             [
                                 "bash",
                                 "-c",
+                                "sudo mkdir -p --mode=0755 /usr/share/keyrings && "
                                 "curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null && "
-                                "echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main' | sudo tee /etc/apt/sources.list.d/cloudflared.list && "
+                                "echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared any main' | sudo tee /etc/apt/sources.list.d/cloudflared.list && "
                                 "sudo apt-get update",
                             ],
                             capture_output=True,

porterminal/infrastructure/config/__init__.py

@@ -1,9 +1,7 @@
 """Configuration infrastructure - loading and detection."""
 
 from .shell_detector import ShellDetector
-from .yaml_loader import YAMLConfigLoader
 
 __all__ = [
-    "YAMLConfigLoader",
     "ShellDetector",
 ]