py-web-ssh 0.1.0__tar.gz

py_web_ssh-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 GGN_2015
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

py_web_ssh-0.1.0/PKG-INFO

@@ -0,0 +1,75 @@
+Metadata-Version: 2.4
+Name: py-web-ssh
+Version: 0.1.0
+Summary: A Python web SSH client with xterm.js, reconnectable sessions, logs, and file transfer.
+License-Expression: MIT
+License-File: LICENSE
+Requires-Python: >=3.10
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Provides-Extra: dev
+Requires-Dist: fastapi (>=0.111.0)
+Requires-Dist: paramiko (>=3.4.0)
+Requires-Dist: pytest (>=8.2.0) ; extra == "dev"
+Requires-Dist: python-multipart (>=0.0.9)
+Requires-Dist: ruff (>=0.5.0) ; extra == "dev"
+Requires-Dist: uvicorn[standard] (>=0.30.0)
+Description-Content-Type: text/markdown
+
+# py-web-ssh
+
+一个基于 Python/FastAPI/Paramiko 的 Web SSH 客户端。前端使用 xterm.js 渲染真实终端控制序列，后端通过 WebSocket 转发 SSH 交互数据，并为每个网页客户端分配随机 UUID，支持同 UUID 断线重连、终端快照恢复、日志查看和文件上传下载。
+
+## 功能
+
+- SSH 交互终端：Paramiko 后端 `invoke_shell`，xterm.js 前端实时交互。
+- 登录方式：密码、浏览器上传私钥、私钥口令、SSH agent、服务端本机 `~/.ssh` 密钥、免口令/none auth。
+- Legacy 兼容：启动时按当前 Paramiko 运行时能力尽量启用旧 KEX/Cipher/MAC/HostKey/Pubkey 算法，并在日志中列出不可用算法。
+- UUID 会话：创建会话后返回 UUID，WebSocket 断开后可用同 UUID 重连。
+- 会话回收：同一个 UUID 如果所有浏览器连接都断开并且 5 分钟内无人重连，服务端会主动断开 SSH 并清理内存缓存。
+- 终端恢复：服务端保存 SSH 输出流，浏览器定期回传 xterm serialize 快照；重连时先恢复快照，再补放快照之后的输出。
+- 日志页面：`/sessions/{uuid}/logs` 展示完整连接、认证、错误和文件传输日志。
+- 文件传输：优先 SFTP；SFTP 不可用时参考 `simple-ssh-copy` 思路，使用远端 `base64` shell 命令 fallback 上传/下载。
+
+## 安装
+
+```bash
+python -m venv .venv
+.venv\Scripts\activate
+pip install -e .
+```
+
+## 启动
+
+```bash
+py-web-ssh
+```
+
+或者：
+
+```bash
+uvicorn webssh.app:app --host 127.0.0.1 --port 8000
+```
+
+打开 <http://127.0.0.1:8000>。
+
+前端默认从 jsDelivr 加载 xterm.js、fit addon 和 serialize addon。离线内网部署时，请把这些静态资源 vendoring 到 `webssh/static/` 并替换 `index.html` 里的 CDN 地址。
+
+## API 概览
+
+- `POST /api/sessions` 创建 SSH 会话。
+- `GET /api/sessions/{uuid}` 查看会话状态。
+- `GET /api/sessions/{uuid}/logs` 获取完整日志 JSON。
+- `DELETE /api/sessions/{uuid}` 主动断开 SSH。
+- `WS /ws/sessions/{uuid}` 终端输入、输出、resize、快照和断开控制。
+- `POST /api/sessions/{uuid}/files/upload` 上传文件，multipart 字段：`remote_path`、`file`。
+- `GET /api/sessions/{uuid}/files/download?remote_path=/path/file` 下载远端文件。
+
+## 安全提示
+
+这个项目默认面向可信内网或本机使用。私钥和口令只保存在进程内存中，不写入日志；如果要暴露到公网，请务必加 HTTPS、登录认证、CSRF/来源限制、审计和会话回收策略。
+

py_web_ssh-0.1.0/README.md

@@ -0,0 +1,52 @@
+# py-web-ssh
+
+一个基于 Python/FastAPI/Paramiko 的 Web SSH 客户端。前端使用 xterm.js 渲染真实终端控制序列，后端通过 WebSocket 转发 SSH 交互数据，并为每个网页客户端分配随机 UUID，支持同 UUID 断线重连、终端快照恢复、日志查看和文件上传下载。
+
+## 功能
+
+- SSH 交互终端：Paramiko 后端 `invoke_shell`，xterm.js 前端实时交互。
+- 登录方式：密码、浏览器上传私钥、私钥口令、SSH agent、服务端本机 `~/.ssh` 密钥、免口令/none auth。
+- Legacy 兼容：启动时按当前 Paramiko 运行时能力尽量启用旧 KEX/Cipher/MAC/HostKey/Pubkey 算法，并在日志中列出不可用算法。
+- UUID 会话：创建会话后返回 UUID，WebSocket 断开后可用同 UUID 重连。
+- 会话回收：同一个 UUID 如果所有浏览器连接都断开并且 5 分钟内无人重连，服务端会主动断开 SSH 并清理内存缓存。
+- 终端恢复：服务端保存 SSH 输出流，浏览器定期回传 xterm serialize 快照；重连时先恢复快照，再补放快照之后的输出。
+- 日志页面：`/sessions/{uuid}/logs` 展示完整连接、认证、错误和文件传输日志。
+- 文件传输：优先 SFTP；SFTP 不可用时参考 `simple-ssh-copy` 思路，使用远端 `base64` shell 命令 fallback 上传/下载。
+
+## 安装
+
+```bash
+python -m venv .venv
+.venv\Scripts\activate
+pip install -e .
+```
+
+## 启动
+
+```bash
+py-web-ssh
+```
+
+或者：
+
+```bash
+uvicorn webssh.app:app --host 127.0.0.1 --port 8000
+```
+
+打开 <http://127.0.0.1:8000>。
+
+前端默认从 jsDelivr 加载 xterm.js、fit addon 和 serialize addon。离线内网部署时，请把这些静态资源 vendoring 到 `webssh/static/` 并替换 `index.html` 里的 CDN 地址。
+
+## API 概览
+
+- `POST /api/sessions` 创建 SSH 会话。
+- `GET /api/sessions/{uuid}` 查看会话状态。
+- `GET /api/sessions/{uuid}/logs` 获取完整日志 JSON。
+- `DELETE /api/sessions/{uuid}` 主动断开 SSH。
+- `WS /ws/sessions/{uuid}` 终端输入、输出、resize、快照和断开控制。
+- `POST /api/sessions/{uuid}/files/upload` 上传文件，multipart 字段：`remote_path`、`file`。
+- `GET /api/sessions/{uuid}/files/download?remote_path=/path/file` 下载远端文件。
+
+## 安全提示
+
+这个项目默认面向可信内网或本机使用。私钥和口令只保存在进程内存中，不写入日志；如果要暴露到公网，请务必加 HTTPS、登录认证、CSRF/来源限制、审计和会话回收策略。

py_web_ssh-0.1.0/pyproject.toml

@@ -0,0 +1,37 @@
+[project]
+name = "py-web-ssh"
+version = "0.1.0"
+description = "A Python web SSH client with xterm.js, reconnectable sessions, logs, and file transfer."
+readme = "README.md"
+requires-python = ">=3.10"
+license = "MIT"
+dependencies = [
+    "fastapi>=0.111.0",
+    "uvicorn[standard]>=0.30.0",
+    "paramiko>=3.4.0",
+    "python-multipart>=0.0.9",
+]
+
+[tool.poetry]
+packages = [{ include = "webssh" }]
+include = ["webssh/static/*"]
+
+[build-system]
+requires = ["poetry-core>=2.0.0,<3.0.0"]
+build-backend = "poetry.core.masonry.api"
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=8.2.0",
+    "ruff>=0.5.0",
+]
+
+[project.scripts]
+py-web-ssh = "webssh.app:main"
+
+[tool.ruff]
+line-length = 100
+target-version = "py310"
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]

py_web_ssh-0.1.0/webssh/__init__.py

@@ -0,0 +1,5 @@
+"""Web SSH application package."""
+
+__all__ = ["__version__"]
+
+__version__ = "0.1.0"

py_web_ssh-0.1.0/webssh/app.py

@@ -0,0 +1,200 @@
+from __future__ import annotations
+
+import asyncio
+import base64
+from pathlib import Path
+from typing import Annotated
+
+from fastapi import FastAPI, File, Form, HTTPException, UploadFile, WebSocket, WebSocketDisconnect
+from fastapi.responses import FileResponse, HTMLResponse, JSONResponse, StreamingResponse
+from fastapi.staticfiles import StaticFiles
+
+from .files import download_file, filename_for_download, upload_file
+from .models import ConnectRequest, CreateSessionResponse, FileTransferResponse
+from .session import SessionManager
+
+
+BASE_DIR = Path(__file__).resolve().parent
+STATIC_DIR = BASE_DIR / "static"
+
+app = FastAPI(title="py-web-ssh", version="0.1.0")
+app.mount("/static", StaticFiles(directory=STATIC_DIR), name="static")
+sessions = SessionManager()
+
+
+@app.get("/", response_class=HTMLResponse)
+def index() -> FileResponse:
+    return FileResponse(STATIC_DIR / "index.html")
+
+
+@app.get("/sessions/{session_id}/logs", response_class=HTMLResponse)
+def logs_page(session_id: str) -> HTMLResponse:
+    html = (STATIC_DIR / "logs.html").read_text(encoding="utf-8")
+    return HTMLResponse(html.replace("__SESSION_ID__", session_id))
+
+
+@app.post("/api/sessions", response_model=CreateSessionResponse)
+def create_session(config: ConnectRequest) -> CreateSessionResponse:
+    session = sessions.create(config)
+    return CreateSessionResponse(
+        session_id=session.id,
+        logs_url=f"/sessions/{session.id}/logs",
+        websocket_url=f"/ws/sessions/{session.id}",
+    )
+
+
+@app.get("/api/sessions")
+def list_sessions() -> JSONResponse:
+    return JSONResponse([session.summary().model_dump(mode="json") for session in sessions.list()])
+
+
+@app.get("/api/sessions/{session_id}")
+def get_session(session_id: str) -> JSONResponse:
+    session = _require_session(session_id)
+    return JSONResponse(session.summary().model_dump(mode="json"))
+
+
+@app.get("/api/sessions/{session_id}/logs")
+def get_logs(session_id: str) -> JSONResponse:
+    session = _require_session(session_id)
+    return JSONResponse(
+        {
+            "session": session.summary().model_dump(mode="json"),
+            "logs": [entry.model_dump(mode="json") for entry in session.logs()],
+        }
+    )
+
+
+@app.delete("/api/sessions/{session_id}")
+def close_session(session_id: str) -> JSONResponse:
+    if not sessions.close(session_id):
+        raise HTTPException(status_code=404, detail="Session not found.")
+    return JSONResponse({"ok": True})
+
+
+@app.post("/api/sessions/{session_id}/files/upload", response_model=FileTransferResponse)
+def upload(
+    session_id: str,
+    remote_path: Annotated[str, Form(min_length=1)],
+    file: Annotated[UploadFile, File()],
+) -> FileTransferResponse:
+    session = _require_session(session_id)
+    try:
+        method, transferred = upload_file(
+            session.ssh_client,
+            file.file,
+            remote_path,
+            _content_length(file),
+        )
+    except Exception as exc:
+        session.log("error", f"File upload failed: {exc}", None)
+        raise HTTPException(status_code=500, detail=str(exc)) from exc
+    message = f"Uploaded {transferred} bytes to {remote_path} using {method}."
+    session.log("info", message, None)
+    return FileTransferResponse(
+        ok=True,
+        method=method,
+        bytes_transferred=transferred,
+        remote_path=remote_path,
+        message=message,
+    )
+
+
+@app.get("/api/sessions/{session_id}/files/download")
+def download(session_id: str, remote_path: str) -> StreamingResponse:
+    session = _require_session(session_id)
+    try:
+        method, stream = download_file(session.ssh_client, remote_path)
+    except Exception as exc:
+        session.log("error", f"File download failed: {exc}", None)
+        raise HTTPException(status_code=500, detail=str(exc)) from exc
+    session.log("info", f"Downloading {remote_path} using {method}.", None)
+    return StreamingResponse(
+        stream,
+        media_type="application/octet-stream",
+        headers={
+            "Content-Disposition": f'attachment; filename="{filename_for_download(remote_path)}"',
+            "X-Transfer-Method": method,
+        },
+    )
+
+
+@app.websocket("/ws/sessions/{session_id}")
+async def websocket_session(websocket: WebSocket, session_id: str) -> None:
+    session = sessions.get(session_id)
+    if session is None:
+        await websocket.close(code=4404, reason="Session not found")
+        return
+
+    await websocket.accept()
+    connection = session.attach(websocket)
+    sender: asyncio.Task | None = None
+    try:
+        await websocket.send_json({"type": "session", "session_id": session.id})
+        await websocket.send_json(session.replay_payload())
+        sender = asyncio.create_task(_websocket_sender(websocket, connection.queue))
+        while True:
+            message = await websocket.receive_json()
+            await _handle_ws_message(session, message)
+    except WebSocketDisconnect:
+        pass
+    finally:
+        session.detach(connection)
+        if sender is not None:
+            sender.cancel()
+            try:
+                await sender
+            except asyncio.CancelledError:
+                pass
+
+
+async def _websocket_sender(websocket: WebSocket, queue: asyncio.Queue[dict]) -> None:
+    while True:
+        message = await queue.get()
+        await websocket.send_json(message)
+
+
+async def _handle_ws_message(session, message: dict) -> None:
+    message_type = message.get("type")
+    try:
+        if message_type == "input":
+            session.send_input(base64.b64decode(message.get("data", "")))
+        elif message_type == "resize":
+            session.resize(int(message.get("cols", 100)), int(message.get("rows", 30)))
+        elif message_type == "snapshot":
+            session.save_snapshot(int(message.get("seq", 0)), base64.b64decode(message.get("data", "")))
+        elif message_type == "disconnect":
+            session.close("Browser requested SSH disconnect.")
+        elif message_type == "ping":
+            return
+        else:
+            session.log("warning", f"Unknown WebSocket message type: {message_type}", None)
+    except Exception as exc:
+        session.log("warning", f"Could not process browser message {message_type}: {exc}", None)
+
+
+def _require_session(session_id: str):
+    session = sessions.get(session_id)
+    if session is None:
+        raise HTTPException(status_code=404, detail="Session not found.")
+    return session
+
+
+def _content_length(upload: UploadFile) -> int | None:
+    size_header = upload.headers.get("content-length")
+    if size_header:
+        try:
+            return int(size_header)
+        except ValueError:
+            return None
+    return None
+
+
+def main() -> None:
+    import uvicorn
+
+    uvicorn.run("webssh.app:app", host="127.0.0.1", port=8000, reload=False)
+
+
+if __name__ == "__main__":
+    main()

py_web_ssh-0.1.0/webssh/files.py

@@ -0,0 +1,189 @@
+from __future__ import annotations
+
+import base64
+import binascii
+import os
+import posixpath
+import shlex
+import uuid
+from collections.abc import Iterator
+from typing import BinaryIO
+
+import paramiko
+
+
+class FileTransferError(RuntimeError):
+    pass
+
+
+def upload_file(
+    client: paramiko.SSHClient,
+    source: BinaryIO,
+    remote_path: str,
+    size: int | None,
+) -> tuple[str, int]:
+    try:
+        return _upload_sftp(client, source, remote_path, size)
+    except Exception as sftp_exc:
+        source.seek(0)
+        try:
+            return _upload_shell(client, source, remote_path, size)
+        except Exception as shell_exc:
+            raise FileTransferError(
+                f"SFTP upload failed: {sftp_exc}\nShell fallback upload failed: {shell_exc}"
+            ) from shell_exc
+
+
+def download_file(client: paramiko.SSHClient, remote_path: str) -> tuple[str, Iterator[bytes]]:
+    try:
+        return "sftp", _download_sftp(client, remote_path)
+    except Exception as sftp_exc:
+        try:
+            return "shell", _download_shell(client, remote_path)
+        except Exception as shell_exc:
+            raise FileTransferError(
+                f"SFTP download failed: {sftp_exc}\nShell fallback download failed: {shell_exc}"
+            ) from shell_exc
+
+
+def _upload_sftp(
+    client: paramiko.SSHClient,
+    source: BinaryIO,
+    remote_path: str,
+    size: int | None,
+) -> tuple[str, int]:
+    transferred = 0
+
+    def callback(sent: int, _total: int) -> None:
+        nonlocal transferred
+        transferred = max(transferred, sent)
+
+    with client.open_sftp() as sftp:
+        parent = posixpath.dirname(remote_path)
+        if parent and parent != ".":
+            _sftp_mkdirs(sftp, parent)
+        sftp.putfo(source, remote_path, file_size=size or 0, callback=callback)
+
+    if transferred == 0 and size is not None:
+        transferred = size
+    elif transferred == 0:
+        transferred = _remote_size(client, remote_path)
+    return "sftp", transferred
+
+
+def _sftp_mkdirs(sftp: paramiko.SFTPClient, path: str) -> None:
+    if path in ("", "/"):
+        return
+    parts = [part for part in path.split("/") if part]
+    current = "/" if path.startswith("/") else ""
+    for part in parts:
+        current = posixpath.join(current, part) if current else part
+        try:
+            sftp.stat(current)
+        except IOError:
+            sftp.mkdir(current)
+
+
+def _upload_shell(
+    client: paramiko.SSHClient,
+    source: BinaryIO,
+    remote_path: str,
+    size: int | None,
+) -> tuple[str, int]:
+    remote_dir = posixpath.dirname(remote_path) or "."
+    temp_path = posixpath.join(remote_dir, f".py-web-ssh-upload-{uuid.uuid4().hex}.tmp")
+    command = (
+        "set -e; "
+        f"mkdir -p -- {shlex.quote(remote_dir)}; "
+        f"({_base64_decode_command()}) > {shlex.quote(temp_path)}; "
+        f"mv -- {shlex.quote(temp_path)} {shlex.quote(remote_path)}"
+    )
+    stdin, stdout, stderr = client.exec_command(f"sh -c {shlex.quote(command)}")
+    transferred = 0
+    try:
+        while True:
+            chunk = source.read(48 * 1024)
+            if not chunk:
+                break
+            transferred += len(chunk)
+            stdin.write(base64.b64encode(chunk).decode("ascii"))
+            stdin.write("\n")
+        stdin.channel.shutdown_write()
+        exit_code = stdout.channel.recv_exit_status()
+        error_text = stderr.read().decode("utf-8", errors="replace")
+    finally:
+        stdin.close()
+        stdout.close()
+        stderr.close()
+    if exit_code != 0:
+        raise FileTransferError(f"Remote upload command failed with exit code {exit_code}: {error_text}")
+    if size is not None and transferred != size:
+        raise FileTransferError(f"Uploaded {transferred} bytes, expected {size} bytes.")
+    return "shell", transferred
+
+
+def _download_sftp(client: paramiko.SSHClient, remote_path: str) -> Iterator[bytes]:
+    sftp = client.open_sftp()
+    remote_file = sftp.open(remote_path, "rb")
+
+    def iterator() -> Iterator[bytes]:
+        try:
+            while True:
+                chunk = remote_file.read(64 * 1024)
+                if not chunk:
+                    break
+                yield chunk
+        finally:
+            remote_file.close()
+            sftp.close()
+
+    return iterator()
+
+
+def _download_shell(client: paramiko.SSHClient, remote_path: str) -> Iterator[bytes]:
+    command = f"base64 < {shlex.quote(remote_path)}"
+    stdin, stdout, stderr = client.exec_command(f"sh -c {shlex.quote(command)}")
+    stdin.close()
+
+    def iterator() -> Iterator[bytes]:
+        buffered = b""
+        try:
+            while True:
+                chunk = stdout.channel.recv(64 * 1024)
+                if not chunk:
+                    break
+                buffered += b"".join(chunk.split())
+                keep = len(buffered) % 4
+                ready = buffered[:-keep] if keep else buffered
+                buffered = buffered[-keep:] if keep else b""
+                if ready:
+                    yield base64.b64decode(ready)
+            if buffered:
+                yield base64.b64decode(buffered)
+            exit_code = stdout.channel.recv_exit_status()
+            error_text = stderr.read().decode("utf-8", errors="replace")
+            if exit_code != 0:
+                raise FileTransferError(
+                    f"Remote download command failed with exit code {exit_code}: {error_text}"
+                )
+        except binascii.Error as exc:
+            raise FileTransferError(f"Remote command returned invalid base64: {exc}") from exc
+        finally:
+            stdout.close()
+            stderr.close()
+
+    return iterator()
+
+
+def _base64_decode_command() -> str:
+    return "base64 -d 2>/dev/null || base64 -D"
+
+
+def _remote_size(client: paramiko.SSHClient, remote_path: str) -> int:
+    with client.open_sftp() as sftp:
+        return int(sftp.stat(remote_path).st_size or 0)
+
+
+def filename_for_download(remote_path: str) -> str:
+    name = posixpath.basename(remote_path.rstrip("/")) or "download.bin"
+    return os.path.basename(name)

py_web_ssh-0.1.0/webssh/history.py

@@ -0,0 +1,66 @@
+from __future__ import annotations
+
+from collections import deque
+from dataclasses import dataclass
+
+
+@dataclass(frozen=True)
+class OutputChunk:
+    seq: int
+    data: bytes
+
+    @property
+    def end_seq(self) -> int:
+        return self.seq + len(self.data)
+
+
+class OutputHistory:
+    """Bounded byte history for terminal replay.
+
+    The sequence number is an absolute byte offset in the SSH output stream.
+    Keeping absolute offsets lets a reconnecting browser resume from the last
+    xterm snapshot even when old chunks have been trimmed.
+    """
+
+    def __init__(self, max_bytes: int) -> None:
+        self.max_bytes = max(1, max_bytes)
+        self._chunks: deque[OutputChunk] = deque()
+        self._bytes = 0
+        self._next_seq = 0
+
+    @property
+    def next_seq(self) -> int:
+        return self._next_seq
+
+    @property
+    def earliest_seq(self) -> int:
+        if not self._chunks:
+            return self._next_seq
+        return self._chunks[0].seq
+
+    def append(self, data: bytes) -> OutputChunk:
+        chunk = OutputChunk(seq=self._next_seq, data=data)
+        self._chunks.append(chunk)
+        self._next_seq = chunk.end_seq
+        self._bytes += len(data)
+        self._trim()
+        return chunk
+
+    def since(self, seq: int | None = None) -> list[OutputChunk]:
+        if seq is None:
+            return list(self._chunks)
+        chunks: list[OutputChunk] = []
+        for chunk in self._chunks:
+            if chunk.end_seq <= seq:
+                continue
+            if chunk.seq < seq:
+                offset = seq - chunk.seq
+                chunks.append(OutputChunk(seq=seq, data=chunk.data[offset:]))
+            else:
+                chunks.append(chunk)
+        return chunks
+
+    def _trim(self) -> None:
+        while self._bytes > self.max_bytes and self._chunks:
+            dropped = self._chunks.popleft()
+            self._bytes -= len(dropped.data)