pywebexec 1.2.10__py3-none-any.whl → 1.3.1__py3-none-any.whl

pywebexec/pywebexec.py

@@ -13,9 +13,12 @@ from datetime import datetime, timezone, timedelta
 import shlex
 from gunicorn.app.base import Application
 import ipaddress
-from socket import gethostname, gethostbyname_ex
+from socket import gethostname, gethostbyname_ex, gethostbyaddr, inet_aton, inet_ntoa
 import ssl
 import re
+import pwd
+from secrets import token_urlsafe
+
 if os.environ.get('PYWEBEXEC_LDAP_SERVER'):
     from ldap3 import Server, Connection, ALL, SIMPLE, SUBTREE, Tls
 
@@ -48,11 +51,38 @@ def generate_random_password(length=12):
 
 
 def resolve_hostname(host):
-    """try get fqdn from DNS"""
+    """try get fqdn from DNS/hosts"""
+    try:
+        hostinfo = gethostbyname_ex(host)
+        return (hostinfo[0].rstrip('.'), hostinfo[2][0])
+    except OSError:
+        return (host, host)
+
+
+def resolve_ip(ip):
+    """try resolve hostname by reverse dns query on ip addr"""
+    ip = inet_ntoa(inet_aton(ip))
     try:
-        return gethostbyname_ex(host)[0]
+        ipinfo = gethostbyaddr(ip)
+        return (ipinfo[0].rstrip('.'), ipinfo[2][0])
     except OSError:
-        return host
+        return (ip, ip)
+
+
+def is_ip(host):
+    """determine if host is valid ip"""
+    try:
+        inet_aton(host)
+        return True
+    except OSError:
+        return False
+
+
+def resolve(host_or_ip):
+    """resolve hostname from ip / hostname"""
+    if is_ip(host_or_ip):
+        return resolve_ip(host_or_ip)
+    return resolve_hostname(host_or_ip)
 
 
 def generate_selfsigned_cert(hostname, ip_addresses=None, key=None):
@@ -118,7 +148,7 @@ def generate_selfsigned_cert(hostname, ip_addresses=None, key=None):
 
 
 
-class StandaloneApplication(Application):
+class PyWebExec(Application):
 
     def __init__(self, app, options=None):
         self.options = options or {}
@@ -180,11 +210,14 @@ def get_last_non_empty_line_of_file(file_path):
         return last_line(f)
     
 
-def start_gunicorn(daemon=False, baselog=None):
-    if daemon:
+def start_gunicorn(daemonized=False, baselog=None):
+    if daemonized:
         errorlog = f"{baselog}.log"
         accesslog = None # f"{baselog}.access.log"
         pidfile = f"{baselog}.pid"
+        if daemon_d('status', pidfilepath=baselog, silent=True):
+            print(f"Error: pywebexec already running on {args.listen}:{args.port}", file=sys.stderr)
+            sys.exit(1)
     else:
         errorlog = "-"
         accesslog = "-"
@@ -195,14 +228,14 @@ def start_gunicorn(daemon=False, baselog=None):
         'timeout': 600,
         'certfile': args.cert,
         'keyfile': args.key,
-        'daemon': daemon,
+        'daemon': daemonized,
         'errorlog': errorlog,
         'accesslog': accesslog,
         'pidfile': pidfile,
     }
-    StandaloneApplication(app, options=options).run()
+    PyWebExec(app, options=options).run()
 
-def daemon_d(action, pidfilepath, hostname=None, args=None):
+def daemon_d(action, pidfilepath, silent=False, hostname=None, args=None):
     """start/stop daemon"""
     import signal
     import daemon, daemon.pidfile
@@ -222,10 +255,14 @@ def daemon_d(action, pidfilepath, hostname=None, args=None):
         if status:
             print(f"pywebexec running pid {pidfile.read_pid()}")
             return True
-        print("pywebexec not running")
+        if not silent:
+            print("pywebexec not running")
         return False
     elif action == "start":
-        print(f"Starting server")
+        status = pidfile.is_locked()
+        if status:
+            print(f"pywebexc already running pid {pidfile.read_pid()}", file=sys.stderr)
+            sys.exit(1)
         log = open(pidfilepath + ".log", "ab+")
         daemon_context = daemon.DaemonContext(
             stderr=log,
@@ -240,7 +277,8 @@ def daemon_d(action, pidfilepath, hostname=None, args=None):
                 print(e)
 
 def parseargs():
-    global app, args
+    global app, args, COMMAND_STATUS_DIR
+
     parser = argparse.ArgumentParser(description='Run the command execution server.')
     parser.add_argument('-u', '--user', help='Username for basic auth')
     parser.add_argument('-P', '--password', help='Password for basic auth')
@@ -263,9 +301,11 @@ def parseargs():
     parser.add_argument("-c", "--cert", type=str, help="Path to https certificate")
     parser.add_argument("-k", "--key", type=str, help="Path to https certificate key")
     parser.add_argument("-g", "--gencert", action="store_true", help="https server self signed cert")
-    parser.add_argument("action", nargs="?", help="daemon action start/stop/restart/status", choices=["start","stop","restart","status"])
+    parser.add_argument("-T", "--tokenurl", action="store_true", help="generate safe url to access")
+    parser.add_argument("action", nargs="?", help="daemon action start/stop/restart/status/term", choices=["start","stop","restart","status","term"])
 
     args = parser.parse_args()
+    cwd = os.getcwd()
     if os.path.isdir(args.dir):
         try:
             os.chdir(args.dir)
@@ -279,8 +319,27 @@ def parseargs():
         os.makedirs(COMMAND_STATUS_DIR)
     if not os.path.exists(CONFDIR):
         os.mkdir(CONFDIR, mode=0o700)
+    if args.action == "term":
+        COMMAND_STATUS_DIR = f"{os.getcwd()}/{COMMAND_STATUS_DIR}"
+        os.chdir(cwd)
+        command_id = str(uuid.uuid4())
+        start_time = datetime.now().isoformat()
+        user = pwd.getpwuid(os.getuid())[0]
+        update_command_status(command_id, 'running', command="term", params=[user,os.ttyname(sys.stdout.fileno())], start_time=start_time, user=user)
+        output_file_path = get_output_file_path(command_id)
+        res = os.system(f"script -f {output_file_path}")
+        end_time = datetime.now().isoformat()
+        update_command_status(command_id, status="success", end_time=end_time, exit_code=res)
+        sys.exit(res)
+    (hostname, ip) = resolve(gethostname()) if args.listen == '0.0.0.0' else resolve(args.listen)
+    url_params = ""
+
+    if args.tokenurl:
+        token = token_urlsafe()
+        app.config["TOKEN_URL"] = token
+        url_params = f"?token={token}"
+
     if args.gencert:
-        hostname = resolve_hostname(gethostname())
         args.cert = args.cert or f"{CONFDIR}/pywebexec.crt"
         args.key = args.key or f"{CONFDIR}/pywebexec.key"
         if not os.path.exists(args.cert):
@@ -301,9 +360,13 @@ def parseargs():
         app.config['USER'] = None
         app.config['PASSWORD'] = None
 
-    return args
+    if args.action != 'stop':
+        print("Starting server:")
+        protocol = 'https' if args.cert else 'http'
+        print(f"{protocol}://{hostname}:{args.port}{url_params}")
+        print(f"{protocol}://{ip}:{args.port}{url_params}")
 
-parseargs()
+    return args
 
 def get_status_file_path(command_id):
     return os.path.join(COMMAND_STATUS_DIR, f'{command_id}.json')
@@ -392,10 +455,22 @@ def run_command(command, params, command_id, user):
         with open(get_output_file_path(command_id), 'a') as output_file:
             output_file.write(str(e))
 
+
+parseargs()
+
+
 @app.before_request
 def check_authentication():
+    # Check for token in URL if TOKEN_URL is set
+    token = app.config.get('TOKEN_URL')
+    if token and request.endpoint not in ['login', 'static']:
+        if request.args.get('token') == token:
+            return
+        return jsonify({'error': 'Forbidden'}), 403
+    
     if not app.config['USER'] and not app.config['LDAP_SERVER']:
         return
+
     if 'username' not in session and request.endpoint not in ['login', 'static']:
         return auth.login_required(lambda: None)()
 
@@ -564,11 +639,13 @@ def get_command_output(command_id):
             output = output_file.read().decode('utf-8', errors='replace')
             new_offset = output_file.tell()
         status_data = read_command_status(command_id) or {}
+        token = app.config.get("TOKEN_URL")
+        token_param = f"&token={token}" if token else ""
         response = {
             'output': output,
             'status': status_data.get("status"),
             'links': {
-                'next': f'{request.url_root}command_output/{command_id}?offset={new_offset}'
+                'next': f'{request.url_root}command_output/{command_id}?offset={new_offset}{token_param}'
             }
         }
         if request.headers.get('Accept') == 'text/plain':
@@ -585,7 +662,7 @@ def list_executables():
 def main():
     basef = f"{CONFDIR}/pywebexec_{args.listen}:{args.port}"
     if args.action == "start":
-        return start_gunicorn(daemon=True, baselog=basef)
+        return start_gunicorn(daemonized=True, baselog=basef)
     if args.action:
         return daemon_d(args.action, pidfilepath=basef)
     return start_gunicorn()

pywebexec/static/js/commands.js

@@ -195,7 +195,7 @@ window.addEventListener('load', () => {
 
 async function fetchExecutables() {
     try {
-        const response = await fetch('/executables');
+        const response = await fetch(`/executables${urlToken}`);
         if (!response.ok) {
             throw new Error('Failed to fetch command status');
         }
@@ -210,6 +210,8 @@ async function fetchExecutables() {
     } catch (error) {
         alert("Failed to fetch executables");
     }
-    commandListSelect.size = Math.min(20, commandListSelect.options.length)
+    commandListSelect.size = Math.min(20, commandListSelect.options.length);
+    if (commandListSelect.options.length == 0)
+        document.getElementById('launchForm').style.display = 'none';
 
 }

pywebexec/static/js/script.js

@@ -8,7 +8,7 @@ const terminal = new Terminal({
     disableStdin: true,
     convertEol: true,
     fontFamily: 'Consolas NF, monospace, courier-new, courier',
-    scrollBack: 999999,
+    scrollback: 999999,
     theme: {
         background: '#111412',
         black: '#111412',
@@ -27,6 +27,12 @@ const fitAddon = new FitAddon.FitAddon();
 terminal.loadAddon(fitAddon);
 terminal.open(document.getElementById('output'));
 fitAddon.fit();
+function getTokenParam() {
+    const urlParams = new URLSearchParams(window.location.search);
+    return urlParams.get('token') ? `?token=${urlParams.get('token')}` : '';
+}
+const urlToken = getTokenParam();
+
 
 terminal.onSelectionChange(() => {
     const selectionText = terminal.getSelection();
@@ -37,12 +43,13 @@ terminal.onSelectionChange(() => {
     }
 });
 
+
 document.getElementById('launchForm').addEventListener('submit', async (event) => {
     event.preventDefault();
     const commandName = document.getElementById('commandName').value;
     const params = document.getElementById('params').value.split(' ');
     try {
-        const response = await fetch('/run_command', {
+        const response = await fetch(`/run_command${urlToken}`, {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json'
@@ -65,7 +72,7 @@ document.getElementById('launchForm').addEventListener('submit', async (event) =
 
 async function fetchCommands() {
     try {
-        const response = await fetch('/commands');
+        const response = await fetch(`/commands${urlToken}`);
         if (!response.ok) {
             document.getElementById('dimmer').style.display = 'block';
             return;
@@ -91,7 +98,7 @@ async function fetchCommands() {
                 <td>${command.command.replace(/^\.\//, '')}</td>
                 <td><span class="status-icon status-${command.status}"></span>${command.status}${command.status === 'failed' ? ` (${command.exit_code})` : ''}</td>
                 <td>
-                    ${command.status === 'running' ? `<button onclick="stopCommand('${command.command_id}', event)">Stop</button>` : `<button onclick="relaunchCommand('${command.command_id}', event)">Run</button>`}
+                    ${command.command.startsWith('term') ? '' : command.status === 'running' ? `<button onclick="stopCommand('${command.command_id}', event)">Stop</button>` : `<button onclick="relaunchCommand('${command.command_id}', event)">Run</button>`}
                 </td>
                 <td class="monospace outcol">${command.last_output_line || ''}</td>
             `;
@@ -129,11 +136,11 @@ async function fetchOutput(url) {
 async function viewOutput(command_id) {
     adjustOutputHeight();
     currentCommandId = command_id;
-    nextOutputLink = `/command_output/${command_id}`;
+    nextOutputLink = `/command_output/${command_id}${urlToken}`;
     clearInterval(outputInterval);
     terminal.clear();
     try {
-        const response = await fetch(`/command_status/${command_id}`);
+        const response = await fetch(`/command_status/${command_id}${urlToken}`);
         if (!response.ok) {
             return;
         }
@@ -154,7 +161,7 @@ async function relaunchCommand(command_id, event) {
     event.stopPropagation();
     event.stopImmediatePropagation();
     try {
-        const response = await fetch(`/command_status/${command_id}`);
+        const response = await fetch(`/command_status/${command_id}${urlToken}`);
         if (!response.ok) {
             throw new Error('Failed to fetch command status');
         }
@@ -163,7 +170,7 @@ async function relaunchCommand(command_id, event) {
             alert(data.error);
             return;
         }
-        const relaunchResponse = await fetch('/run_command', {
+        const relaunchResponse = await fetch(`/run_command${urlToken}`, {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json'
@@ -189,7 +196,7 @@ async function stopCommand(command_id, event) {
     event.stopPropagation();
     event.stopImmediatePropagation();
     try {
-        const response = await fetch(`/stop_command/${command_id}`, {
+        const response = await fetch(`/stop_command/${command_id}${urlToken}`, {
             method: 'POST'
         });
         if (!response.ok) {

pywebexec/templates/index.html

@@ -9,7 +9,7 @@
 </head>
 <body>
     <div id="dimmer" class="dimmer">
-        <div class="dimmer-text">Server not reachable</div>
+        <div class="dimmer-text">Server not available</div>
     </div>
     <h2><span class="status-icon title-icon"></span>{{ title }}</h2>
     <form id="launchForm" class="form-inline">

pywebexec/version.py

@@ -12,5 +12,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '1.2.10'
-__version_tuple__ = version_tuple = (1, 2, 10)
+__version__ = version = '1.3.1'
+__version_tuple__ = version_tuple = (1, 3, 1)

{pywebexec-1.2.10.dist-info → pywebexec-1.3.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: pywebexec
-Version: 1.2.10
+Version: 1.3.1
 Summary: Simple Python HTTP Exec Server
 Home-page: https://github.com/joknarf/pywebexec
 Author: Franck Jouvanceau
@@ -67,7 +67,7 @@ Requires-Dist: ldap3>=2.9.1
 [![Python versions](https://img.shields.io/badge/python-3.6+-blue.svg)](https://shields.io/)
 
 # pywebexec
-Simple Python HTTP(S) API/Web Command Launcher
+Simple Python HTTP(S) API/Web Command Launcher and Terminal sharing
 
 ## Install
 ```
@@ -79,25 +79,29 @@ $ pip install pywebexec
 * put in a directory the scripts/commands/links to commands you want to expose
 * start http server serving current directory executables listening on 0.0.0.0 port 8080
 ```shell
-$ pywebexec
+$ pywebexec -d <dir>
 ```
 
 * Launch commands with params/view live output/Status using browser
-![pywebexecnew6](https://github.com/user-attachments/assets/11415e1f-9f5f-409e-a04c-51eb062a9780)
+* Share your terminal output using `pywebexec -d <dir> term`
+
 
 all commands output / statuses are available in the executables directory in subdirectory `.web_status`
+![pywebexecnew8](https://github.com/user-attachments/assets/b36c98e7-8209-46f9-a320-57f460255bc7)
 
 ## features
 
 * Serve executables in a directory
 * Launch commands with params from web browser or API call
+* multiple share terminal output
 * Follow live output
 * Stop command
 * Relaunch command
 * HTTPS support
 * HTTPS self-signed certificate generator
 * Basic Auth
-* LDAP(S)
+* LDAP(S) password check/group member
+* Safe url token generation
 * Can be started as a daemon (POSIX)
 * Uses gunicorn to serve http/https
 * Linux/MacOS compatible
@@ -108,7 +112,18 @@ $ pywebexec --dir ~/myscripts --listen 0.0.0.0 --port 8080 --title myscripts
 $ pywebexec -d ~/myscripts -l 0.0.0.0 -p 8080 -t myscripts
 ```
 
-## Basic auth 
+## Safe url token
+
+* generate safe url, use the url to access the server
+```shell
+$ pywebexec -T
+$ pywebexec --tokenurl
+Starting server:
+http://<host>:8080?token=jSTWiNgEVkddeEJ7I97x2ekOeaiXs2mErRSKNxm3DP0
+http://x.x.x.x:8080?token=jSTWiNgEVkddeEJ7I97x2ekOeaiXs2mErRSKNxm3DP0
+```
+
+## Basic auth
 
 * single user/password
 ```shell

{pywebexec-1.2.10.dist-info → pywebexec-1.3.1.dist-info}/RECORD

@@ -1,6 +1,6 @@
 pywebexec/__init__.py,sha256=4spIsVaF8RJt8S58AG_wWoORRNkws9Iwqprj27C3ljM,99
-pywebexec/pywebexec.py,sha256=Hoskhr_aloPgev7otR3xdw3QXRJUNLc6G7mzNtQyU7o,22701
-pywebexec/version.py,sha256=GBQrXxH6JrIQea3kLIGtC1SGpO3lQzPp0nhogVjhktk,413
+pywebexec/pywebexec.py,sha256=ljvGw-inDwsP6KQqYwwfKUeN_q9k7JwyP7PfRacnqFQ,25475
+pywebexec/version.py,sha256=cOVPCvD2h2G_2KB6G3ddreYkIQfAnS6WqgAkF_qgGOQ,411
 pywebexec/static/css/style.css,sha256=nuJodEFojt_kCLPqbDBQAaBtWcRZ6uLjfI52mSf3EJA,5302
 pywebexec/static/css/xterm.css,sha256=gy8_LGA7Q61DUf8ElwFQzHqHMBQnbbEmpgZcbdgeSHI,5383
 pywebexec/static/images/aborted.svg,sha256=_mP43hU5QdRLFZIknBgjx-dIXrHgQG23-QV27ApXK2A,381
@@ -11,17 +11,17 @@ pywebexec/static/images/failed.svg,sha256=ADZ7IKrUyOXtqpivnz3VcH0-Wru-I5MOi3OJAk
 pywebexec/static/images/favicon.svg,sha256=ti80IfuDZwIvQcmJxkOeUaB1iMsiyOPmQmVO-h0y1IU,1126
 pywebexec/static/images/running.gif,sha256=iYuzQGkMxrakSIwt6gPieKCImGZoSAHmU5MUNZa7cpw,25696
 pywebexec/static/images/success.svg,sha256=PJDcCSTevJh7rkfSFLtc7P0pbeh8PVQBS8DaOLQemmc,489
-pywebexec/static/js/commands.js,sha256=4noexrtU-nTNV1L-qp6QpoGxokELKOdYDxGChYELb0w,7347
-pywebexec/static/js/script.js,sha256=-MAcmmeRqH4b0xcbHZWiOkJaIa9C6boZ-QOHuXXbMpc,9775
+pywebexec/static/js/commands.js,sha256=VdMeCop9V5KwsR2v1J_OY1xFE7tJUYgcMg_lh2VGNjs,7476
+pywebexec/static/js/script.js,sha256=WL8wvYjbAQpm_uMrGmuqx6rmHz9V_yMiGZPb1mU8xOU,10103
 pywebexec/static/js/xterm/LICENSE,sha256=EU1P4eXTull-_T9I80VuwnJXubB-zLzUl3xpEYj2T1M,1083
 pywebexec/static/js/xterm/ansi_up.min.js,sha256=KNGV0vEr30hNqKQimTAvGVy-icD5A1JqMQTtvYtKR2Y,13203
 pywebexec/static/js/xterm/xterm-addon-fit.js,sha256=Pprm9pZe4SadVXS5Bc8b9VnC9Ex4QlWwA0pxOH53Gck,1460
 pywebexec/static/js/xterm/xterm.js,sha256=Bzka76jZwEhVt_LlS0e0qMw7ryGa1p5qfxFyeohphBo,283371
 pywebexec/templates/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pywebexec/templates/index.html,sha256=M-9JUAR5vrk-19oF8CpxkWJvyWJkZIa71AI-1jpsMWE,2116
-pywebexec-1.2.10.dist-info/LICENSE,sha256=gRJf0JPT_wsZJsUGlWPTS8Vypfl9vQ1qjp6sNbKykuA,1064
-pywebexec-1.2.10.dist-info/METADATA,sha256=N-9PcmLHh_G5cZRuO8pXFyIXRdVWdASAGTbFZer-V8Q,6937
-pywebexec-1.2.10.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-pywebexec-1.2.10.dist-info/entry_points.txt,sha256=l52GBkPCXRkmlHfEyoVauyfBdg8o-CAtC8qQpOIjJK0,55
-pywebexec-1.2.10.dist-info/top_level.txt,sha256=vHoHyzngrfGdm_nM7Xn_5iLmaCrf10XO1EhldgNLEQ8,10
-pywebexec-1.2.10.dist-info/RECORD,,
+pywebexec/templates/index.html,sha256=LaRXHXsOR2eWkBcLIlPxGKHSLTa8JfDkDCJZWadn_1Q,2116
+pywebexec-1.3.1.dist-info/LICENSE,sha256=gRJf0JPT_wsZJsUGlWPTS8Vypfl9vQ1qjp6sNbKykuA,1064
+pywebexec-1.3.1.dist-info/METADATA,sha256=lO1a0YsGGQR_yxguJZ5M-lSSETyT4MD8g7nLy_e0cQU,7397
+pywebexec-1.3.1.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+pywebexec-1.3.1.dist-info/entry_points.txt,sha256=l52GBkPCXRkmlHfEyoVauyfBdg8o-CAtC8qQpOIjJK0,55
+pywebexec-1.3.1.dist-info/top_level.txt,sha256=vHoHyzngrfGdm_nM7Xn_5iLmaCrf10XO1EhldgNLEQ8,10
+pywebexec-1.3.1.dist-info/RECORD,,