qtoggleserver 0.28.0b1__py3-none-any.whl

qtoggleserver/commands/__init__.py

@@ -0,0 +1,28 @@
+import asyncio
+
+from collections.abc import Awaitable, Callable
+
+from qtoggleserver import startup
+
+
+def execute(main_func: Callable[[], Awaitable[bool]]) -> None:
+    loop = asyncio.new_event_loop()
+
+    loop.run_until_complete(startup.init_loop())
+    loop.run_until_complete(startup.init())
+
+    try:
+        run_loop = loop.run_until_complete(main_func())
+        if run_loop:
+            loop.run_forever()
+        loop.run_until_complete(startup.cleanup())
+
+    finally:
+        try:
+            loop.run_until_complete(startup.cleanup_loop())
+        except asyncio.CancelledError:
+            pass  # ignore any cancelled errors
+
+        loop.close()
+
+    startup.logger.info("bye!")

qtoggleserver/commands/server.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python
+
+from qtoggleserver import commands
+from qtoggleserver.web import server as web_server
+
+
+async def main() -> bool:
+    await web_server.init()
+
+    return True  # run loop afterwards
+
+
+def execute() -> None:
+    commands.execute(main)
+
+
+if __name__ == "__main__":
+    execute()

qtoggleserver/commands/shell.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+import code
+
+from qtoggleserver import commands
+
+
+async def main() -> bool:
+    import qtoggleserver  # noqa: F401 - Required for locals()
+
+    code.interact(local=locals())
+
+    return False  # don't run loop afterwards
+
+
+def execute() -> None:
+    commands.execute(main)
+
+
+if __name__ == "__main__":
+    execute()

qtoggleserver/conf/settings.py

@@ -0,0 +1,158 @@
+from typing import Any as _Any
+
+
+source: str | None = None  # full path to the configuration file, automatically set at startup
+
+debug: bool = False
+
+public_url: str | None = None
+
+
+logging: dict[str, _Any] = {
+    "version": 1,
+    "memory_logs_buffer_len": 10000,
+    "formatters": {
+        "default": {"format": "%(asctime)s: %(levelname)7s: [%(name)s] %(message)s", "datefmt": "%Y-%m-%d %H:%M:%S"}
+    },
+    "handlers": {"console": {"class": "logging.StreamHandler", "formatter": "default"}},
+    "loggers": {
+        # Double quotes are necessary to avoid HOCON key split
+        '"asyncio"': {"level": "INFO"},
+        '"bleak"': {"level": "INFO"},
+        '"qtoggleserver.core.sessions"': {"level": "INFO"},
+        '"qtoggleserver.persist"': {"level": "INFO"},
+        '"qtoggleserver.drivers.persist"': {"level": "INFO"},
+        '"qtoggleserver.utils.cmd"': {"level": "INFO"},
+    },
+    "root": {"level": "DEBUG", "handlers": ["console"]},
+}
+
+
+class core:
+    class device_name:
+        get_cmd: str | None = None
+        set_cmd: str | None = None
+
+    class passwords:
+        set_cmd: str | None = None
+
+    tick_interval: int = 50
+    persist_interval: int = 2000
+    event_queue_size: int = 1024
+    max_client_time_skew: int = 300
+    backup_support: bool = True
+    history_support: bool = True
+    history_janitor_interval: int = 3600
+    listen_support: bool = True
+    sequences_support: bool = True
+    tls_support: bool = True
+    virtual_ports: int = 1024
+
+
+class server:
+    addr: str = "0.0.0.0"
+    port: int = 8888
+    compress_response: bool = True
+
+    class https:
+        cert_file: str | None = None
+        key_file: str | None = None
+
+
+class persist:
+    driver: str = "qtoggleserver.drivers.persist.JSONDriver"
+    file_path: str = "qtoggleserver-data.json"
+
+
+class system:
+    setup_mode_cmd: str | None = None
+
+    class date:
+        set_cmd: str | None = None
+        set_format: str | None = "%Y-%m-%dT%H:%M:%SZ"
+
+    class timezone:
+        get_cmd: str | None = None
+        set_cmd: str | None = None
+
+    class net:
+        class wifi:
+            get_cmd: str | None = None
+            set_cmd: str | None = None
+
+        class ip:
+            get_cmd: str | None = None
+            set_cmd: str | None = None
+
+    class storage:
+        path: str | None = None
+
+    class temperature:
+        get_cmd: str | None = None
+        sensor_name: str | None = None
+        sensor_index: int = 0
+        min: int | None = 0
+        max: int | None = 100
+
+    class battery:
+        get_cmd: str | None = None
+
+    class fwupdate:
+        driver: str | None = None
+
+
+class frontend:
+    enabled: bool = True
+    debug: bool = False
+    static_url: str | None = None
+    display_name: str = "qToggleServer"
+    display_short_name: str = "qToggleServer"
+    description: str = "An application to control qToggleServer"  # TODO: i18n
+
+
+class slaves:
+    enabled: bool = True
+    timeout: int = 10
+    long_timeout: int = 60
+    keepalive: int = 10
+    retry_interval: int = 5
+    retry_count: int = 3
+
+    class discover:
+        request_timeout: int = 5
+        dhcp_timeout: int = 10
+        dhcp_interface: str | None = None
+
+        class ap:
+            interface: str | None = None
+            interface_cmd: str | None = None
+            ssid: str = "qToggleSetup"
+            psk: str | None = None
+            own_ip: str = "192.168.43.1"
+            mask_len: int = 24
+            start_ip: str = "192.168.43.50"
+            stop_ip: str = "192.168.43.250"
+            hostapd_binary: str | None = None
+            hostapd_cli_binary: str | None = None
+            dnsmasq_binary: str | None = None
+            hostapd_log: str = "/tmp/hostapd.log"
+            dnsmasq_log: str = "/tmp/dnsmasq.log"
+            finish_timeout: int = 300
+
+
+class webhooks:
+    enabled: bool = False
+
+
+class reverse:
+    enabled: bool = False
+    retry_interval: int = 5
+
+
+event_handlers: list[dict[str, _Any]] = []
+
+peripherals: list[dict[str, _Any]] = []
+
+ports: list[dict[str, _Any]] = []
+
+port_mappings: dict[str, str] = {}

qtoggleserver/core/api/__init__.py

@@ -0,0 +1,111 @@
+from __future__ import annotations
+
+import functools
+import logging
+
+from collections.abc import Callable
+from typing import Any
+
+from qtoggleserver.core import responses as core_responses
+from qtoggleserver.core.typing import GenericJSONDict
+from qtoggleserver.web import APIHandler
+
+
+API_VERSION = "1.1"
+
+ACCESS_LEVEL_ADMIN = 30
+ACCESS_LEVEL_NORMAL = 20
+ACCESS_LEVEL_VIEWONLY = 10
+ACCESS_LEVEL_NONE = 0
+
+ACCESS_LEVEL_MAPPING = {
+    ACCESS_LEVEL_ADMIN: "admin",
+    ACCESS_LEVEL_NORMAL: "normal",
+    ACCESS_LEVEL_VIEWONLY: "viewonly",
+    ACCESS_LEVEL_NONE: "none",
+    "admin": ACCESS_LEVEL_ADMIN,
+    "normal": ACCESS_LEVEL_NORMAL,
+    "viewonly": ACCESS_LEVEL_VIEWONLY,
+    "none": ACCESS_LEVEL_NONE,
+}
+
+logger = logging.getLogger(__name__)
+
+
+class APIError(Exception):
+    def __init__(self, status: int, code: str, **params) -> None:
+        self.status: int = status
+        self.code: str = code
+        self.params: dict = params
+
+        super().__init__(code)
+
+    @staticmethod
+    def from_http_error(http_error: core_responses.HTTPError) -> APIError:
+        return APIError(http_error.status, http_error.code, **http_error.params)
+
+    def to_json(self) -> GenericJSONDict:
+        return dict(error=self.code, **self.params)
+
+
+class APIAccepted(Exception):
+    def __init__(self, response: Any = None) -> None:
+        self.response: Any = response
+
+
+class APIRequest:
+    def __init__(self, handler: APIHandler) -> None:
+        self.handler: APIHandler = handler
+
+    @property
+    def access_level(self) -> int:
+        return self.handler.access_level
+
+    @property
+    def username(self) -> str:
+        return self.handler.username
+
+    @property
+    def session_id(self) -> str | None:
+        return self.handler.request.headers.get("Session-Id")
+
+    @property
+    def method(self) -> str:
+        return self.handler.request.method
+
+    @property
+    def path(self) -> str:
+        return self.handler.request.path
+
+    @property
+    def query(self) -> dict[str, str]:
+        return {k: self.handler.decode_argument(v[0]) for k, v in self.handler.request.query_arguments.items()}
+
+    @property
+    def headers(self) -> dict[str, str]:
+        return self.handler.request.headers
+
+    @property
+    def body(self) -> bytes:
+        return self.handler.request.body
+
+
+def api_call(access_level: int = ACCESS_LEVEL_NONE) -> Callable:
+    def decorator(func: Callable) -> Callable:
+        @functools.wraps(func)
+        def wrapper(request_handler: APIHandler, *args, **kwargs) -> Any:
+            logger.debug('executing API call "%s"', func.__name__)
+
+            if request_handler.access_level < access_level:
+                if request_handler.access_level == ACCESS_LEVEL_NONE:  # indicates missing or invalid auth data
+                    raise APIError(401, "authentication-required")
+                else:
+                    raise APIError(403, "forbidden", required_level=ACCESS_LEVEL_MAPPING.get(access_level))
+
+            request = APIRequest(request_handler)
+
+            return func(request, *args, **kwargs)
+
+        return wrapper
+
+    return decorator

qtoggleserver/core/api/auth.py

@@ -0,0 +1,105 @@
+import hashlib
+import logging
+import re
+import time
+
+from collections.abc import Callable
+
+import jwt
+
+from qtoggleserver import system
+from qtoggleserver.conf import settings
+from qtoggleserver.core.device import attrs as core_device_attrs
+
+
+JWT_ISS = "qToggle"
+JWT_ALG = "HS256"
+
+ORIGIN_DEVICE = "device"
+ORIGIN_CONSUMER = "consumer"
+
+EMPTY_PASSWORD_HASH = hashlib.sha256(b"").hexdigest()
+
+_AUTH_TOKEN_RE = re.compile(r"^Bearer\s+([a-z0-9_.-]+)$", re.IGNORECASE)
+
+logger = logging.getLogger(__name__)
+
+
+class AuthError(Exception):
+    pass
+
+
+def make_auth_header(origin: str, username: str | None, password_hash: str) -> str:
+    claims: dict[str, str | int] = {"iss": JWT_ISS, "ori": origin}
+
+    if username:
+        claims["usr"] = username
+
+    if system.date.has_real_date_time():
+        claims["iat"] = int(time.time())
+
+    token = jwt.encode(claims, key=password_hash or "", algorithm=JWT_ALG)
+
+    return f"Bearer {token}"
+
+
+def parse_auth_header(auth: str, origin: str, password_hash_func: Callable, require_usr: bool = True) -> str:
+    m = _AUTH_TOKEN_RE.match(auth)
+    if not m:
+        raise AuthError("Invalid authorization header")
+
+    # Decode but don't validate token yet
+    token = m.group(1)
+
+    try:
+        payload = jwt.decode(
+            token, algorithms=[JWT_ALG], options={"verify_signature": False}, leeway=settings.core.max_client_time_skew
+        )
+    except jwt.exceptions.InvalidTokenError as e:
+        raise AuthError(f"Invalid JWT: {e}") from e
+
+    # Validate claims
+    if payload.get("iss") != JWT_ISS:
+        raise AuthError("Missing or invalid iss claim in JWT")
+
+    if payload.get("ori") != origin:
+        raise AuthError("Missing or invalid ori claim in JWT")
+
+    iat = payload.get("iat")
+    if (iat is not None) and system.date.has_real_date_time():
+        delta = time.time() - iat
+        if abs(delta) > settings.core.max_client_time_skew:
+            raise AuthError("JWT too old or too much in the future")
+
+    usr = payload.get("usr")
+    if require_usr:
+        if not usr or not isinstance(usr, str):
+            raise AuthError("Missing or invalid usr claim in JWT")
+
+    # Validate username & signature
+    password_hash = password_hash_func(usr)
+    if not password_hash:
+        raise AuthError(f"Unknown usr in JWT: {usr}")
+
+    # Decode again to verify signature
+    try:
+        jwt.decode(
+            token, key=password_hash, algorithms=[JWT_ALG], verify=True, leeway=settings.core.max_client_time_skew
+        )
+    except jwt.exceptions.InvalidSignatureError as e:
+        raise AuthError("Invalid JWT signature") from e
+    except jwt.exceptions.InvalidTokenError as e:
+        raise AuthError(f"Invalid JWT: {e}") from e
+
+    return usr
+
+
+def consumer_password_hash_func(usr: str) -> str | None:
+    if usr == "admin":
+        return core_device_attrs.admin_password_hash
+    elif usr == "normal":
+        return core_device_attrs.normal_password_hash
+    elif usr == "viewonly":
+        return core_device_attrs.viewonly_password_hash
+    else:
+        return None

qtoggleserver/core/api/funcs/backup.py

@@ -0,0 +1,26 @@
+import logging
+
+from qtoggleserver.conf import settings
+from qtoggleserver.core import api as core_api
+from qtoggleserver.core.typing import GenericJSONList
+from qtoggleserver.system import conf as system_conf
+
+
+logger = logging.getLogger(__name__)
+
+
+@core_api.api_call(core_api.ACCESS_LEVEL_ADMIN)
+async def get_backup_endpoints(request: core_api.APIRequest) -> GenericJSONList:
+    endpoints = [{"path": "/peripherals", "display_name": "Peripherals", "restore_method": "PUT", "order": 15}]
+
+    if system_conf.can_write_conf_file():
+        endpoints.append(
+            {"path": "/system", "display_name": "System Configuration", "restore_method": "PUT", "order": 5}
+        )
+
+    if settings.frontend.enabled:
+        endpoints.append(
+            {"path": "/frontend", "display_name": "App Configuration", "restore_method": "PUT", "order": 45}
+        )
+
+    return endpoints

qtoggleserver/core/api/funcs/device.py

@@ -0,0 +1,68 @@
+from qtoggleserver import system
+from qtoggleserver.core import api as core_api
+from qtoggleserver.core import device as core_device
+from qtoggleserver.core import main
+from qtoggleserver.core.api import schema as core_api_schema
+from qtoggleserver.core.device import attrs as core_device_attrs
+from qtoggleserver.core.device import events as core_device_events
+from qtoggleserver.core.typing import Attributes
+
+
+@core_api.api_call(core_api.ACCESS_LEVEL_ADMIN)
+async def get_device(request: core_api.APIRequest) -> Attributes:
+    return await core_device_attrs.to_json()
+
+
+@core_api.api_call(core_api.ACCESS_LEVEL_ADMIN)
+async def put_device(request: core_api.APIRequest, params: Attributes) -> None:
+    core_api_schema.validate(params, core_device_attrs.get_schema(loose=True))
+
+    # Password fields must explicitly be ignored, so we pop them from supplied data
+    for f in ("admin", "normal", "viewonly"):
+        params.pop(f"{f}_password", None)
+
+    # Ignore the date attribute
+    params.pop("date", None)
+
+    # Reset device attributes
+    await core_device.reset(preserve_attrs=["admin_password_hash", "normal_password_hash", "viewonly_password_hash"])
+    await core_device.load()
+
+    try:
+        await core_device_attrs.set_attrs(params, ignore_extra=True)
+    except core_device_attrs.DeviceAttributeError as e:
+        raise core_api.APIError(400, e.error, attribute=e.attribute)
+    except Exception as e:
+        raise core_api.APIError(500, "unexpected-error", message=str(e)) from e
+
+    await core_device.save()
+    await core_device_events.trigger_update()
+
+
+@core_api.api_call(core_api.ACCESS_LEVEL_ADMIN)
+async def patch_device(request: core_api.APIRequest, params: Attributes) -> None:
+    def unexpected_field_code(field: str) -> str:
+        if field in core_device_attrs.get_attrdefs():
+            return "attribute-not-modifiable"
+        else:
+            return "no-such-attribute"
+
+    core_api_schema.validate(
+        params,
+        core_device_attrs.get_schema(),
+        unexpected_field_code=unexpected_field_code,
+        unexpected_field_name="attribute",
+    )
+
+    try:
+        reboot_required = await core_device_attrs.set_attrs(params)
+    except core_device_attrs.DeviceAttributeError as e:
+        raise core_api.APIError(400, e.error, attribute=e.attribute)
+    except Exception as e:
+        raise core_api.APIError(500, "unexpected-error", message=str(e)) from e
+
+    await core_device.save()
+    await core_device_events.trigger_update()
+
+    if reboot_required:
+        main.loop.call_later(2, system.reboot)

qtoggleserver/core/api/funcs/firmware.py

@@ -0,0 +1,47 @@
+import logging
+
+from qtoggleserver.core import api as core_api
+from qtoggleserver.core.api import schema as core_api_schema
+from qtoggleserver.core.typing import GenericJSONDict
+from qtoggleserver.system import fwupdate
+
+
+logger = logging.getLogger(__name__)
+
+
+@core_api.api_call(core_api.ACCESS_LEVEL_ADMIN)
+async def get_firmware(request: core_api.APIRequest) -> GenericJSONDict:
+    current_version = await fwupdate.get_current_version()
+    status = await fwupdate.get_status()
+
+    if status in (fwupdate.STATUS_IDLE, fwupdate.STATUS_ERROR):
+        try:
+            latest_version, latest_date, latest_url = await fwupdate.get_latest()
+
+            return {
+                "version": current_version,
+                "latest_version": latest_version,
+                "latest_date": latest_date,
+                "latest_url": latest_url,
+                "status": status,
+            }
+        except Exception as e:
+            logger.error("get latest firmware failed: %s", e, exc_info=True)
+
+            return {"version": current_version, "status": status}
+    else:
+        return {"version": current_version, "status": status}
+
+
+@core_api.api_call(core_api.ACCESS_LEVEL_ADMIN)
+async def patch_firmware(request: core_api.APIRequest, params: GenericJSONDict) -> None:
+    core_api_schema.validate(params, core_api_schema.PATCH_FIRMWARE)
+
+    status = await fwupdate.get_status()
+    if status not in (fwupdate.STATUS_IDLE, fwupdate.STATUS_ERROR):
+        raise core_api.APIError(503, "busy")
+
+    if params.get("url"):
+        await fwupdate.update_to_url(params["url"])
+    else:  # assuming params['version']
+        await fwupdate.update_to_version(params["version"])