remoteRF-server-testing 0.0.0__py3-none-any.whl

remoteRF_server/tools/__init__.py

@@ -0,0 +1,191 @@
+#!/usr/bin/env python3
+from __future__ import annotations
+
+import argparse
+import shutil
+import socket
+import subprocess
+import sys
+import tempfile
+from pathlib import Path
+
+
+def _run(cmd: list[str]) -> None:
+    try:
+        subprocess.run(cmd, check=True)
+    except subprocess.CalledProcessError as e:
+        print(f"\nCommand failed:\n  {' '.join(cmd)}\n", file=sys.stderr)
+        raise SystemExit(e.returncode)
+
+
+def _ensure_openssl() -> None:
+    if shutil.which("openssl") is None:
+        raise SystemExit("openssl not found on PATH. Install OpenSSL and try again.")
+
+
+def _default_config_dir() -> Path:
+    # ~/.config/remoterf (matches your cert_fetcher convention)
+    return Path.home() / ".config" / "remoterf"
+
+
+def _detect_local_ip() -> str:
+    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    try:
+        # No packets need to actually leave; this forces route selection
+        s.connect(("8.8.8.8", 80))
+        return s.getsockname()[0]
+    finally:
+        s.close()
+
+
+def main() -> None:
+    _ensure_openssl()
+
+    ap = argparse.ArgumentParser(
+        prog="RRRFcerts",
+        description="Generate a local CA and server TLS cert/key with proper SANs into ~/.config/remoterf/certs",
+    )
+    ap.add_argument("--config-dir", default=str(_default_config_dir()), help="Base config dir (default: ~/.config/remoterf)")
+    ap.add_argument("--out-subdir", default="certs", help="Subdir under config-dir (default: certs)")
+    ap.add_argument("--ip", action="append", default=[], help="IP to include in SAN (repeatable)")
+    ap.add_argument("--dns", action="append", default=[], help="DNS name to include in SAN (repeatable)")
+    ap.add_argument("--cn", default=None, help="Common Name (defaults to first SAN entry)")
+    ap.add_argument("--days", type=int, default=365, help="Server cert validity in days")
+    ap.add_argument("--ca-days", type=int, default=3650, help="CA cert validity in days")
+    ap.add_argument("--bits", type=int, default=2048, help="RSA key size")
+    ap.add_argument("--force", action="store_true", help="Overwrite existing certs/keys")
+    ap.add_argument("--no-detect-ip", action="store_true", help="Do not auto-detect IP when none provided")
+    args = ap.parse_args()
+
+    base_dir = Path(args.config_dir).expanduser().resolve()
+    out_dir = (base_dir / args.out_subdir).resolve()
+    out_dir.mkdir(parents=True, exist_ok=True)
+
+    # If no SANs specified, auto-detect local IP unless disabled
+    ips = [x.strip() for x in args.ip if x and x.strip()]
+    dns = [x.strip() for x in args.dns if x and x.strip()]
+
+    if not ips and not dns and not args.no_detect_ip:
+        ips = [_detect_local_ip()]
+
+    if not ips and not dns:
+        raise SystemExit("Provide at least one --ip and/or --dns (or omit --no-detect-ip).")
+
+    sans: list[str] = [f"IP:{ip}" for ip in ips] + [f"DNS:{d}" for d in dns]
+    san_line = ",".join(sans)
+    cn = args.cn or (dns[0] if dns else ips[0])
+
+    # Filenames
+    ca_key = out_dir / "ca.key"
+    ca_crt = out_dir / "ca.crt"
+
+    srv_key = out_dir / "server.key"
+    srv_csr = out_dir / "server.csr"
+    srv_crt = out_dir / "server.crt"
+
+    targets = [ca_key, ca_crt, srv_key, srv_csr, srv_crt]
+
+    if not args.force:
+        existing = [p for p in targets if p.exists()]
+        if existing:
+            raise SystemExit(
+                "Refusing to overwrite existing files:\n  "
+                + "\n  ".join(str(p) for p in existing)
+                + "\nRe-run with --force to replace them."
+            )
+    else:
+        for p in targets:
+            if p.exists():
+                p.unlink()
+
+        # openssl may have left-over serial files from previous runs
+        for extra in (out_dir / "ca.srl",):
+            if extra.exists():
+                extra.unlink()
+
+    # 1) CA key + self-signed cert
+    _run(["openssl", "genrsa", "-out", str(ca_key), str(args.bits)])
+    _run([
+        "openssl", "req", "-x509", "-new", "-nodes",
+        "-key", str(ca_key),
+        "-sha256",
+        "-days", str(args.ca_days),
+        "-subj", "/CN=remoteRF Local CA",
+        "-out", str(ca_crt),
+    ])
+
+    # 2) Server key
+    _run(["openssl", "genrsa", "-out", str(srv_key), str(args.bits)])
+
+    # 3) CSR with SANs, then sign with CA including v3 extensions
+    with tempfile.TemporaryDirectory() as td:
+        td_path = Path(td)
+
+        csr_cnf = td_path / "csr.cnf"
+        csr_cnf.write_text(
+            f"""\
+[ req ]
+default_bits       = {args.bits}
+prompt             = no
+default_md         = sha256
+distinguished_name = dn
+req_extensions     = req_ext
+
+[ dn ]
+CN = {cn}
+
+[ req_ext ]
+subjectAltName = {san_line}
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+""",
+            encoding="utf-8",
+        )
+
+        _run([
+            "openssl", "req", "-new",
+            "-key", str(srv_key),
+            "-out", str(srv_csr),
+            "-config", str(csr_cnf),
+        ])
+
+        sign_cnf = td_path / "sign.cnf"
+        sign_cnf.write_text(
+            f"""\
+[ v3_req ]
+basicConstraints = CA:FALSE
+subjectAltName = {san_line}
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+""",
+            encoding="utf-8",
+        )
+
+        _run([
+            "openssl", "x509", "-req",
+            "-in", str(srv_csr),
+            "-CA", str(ca_crt),
+            "-CAkey", str(ca_key),
+            "-CAcreateserial",
+            "-out", str(srv_crt),
+            "-days", str(args.days),
+            "-sha256",
+            "-extfile", str(sign_cnf),
+            "-extensions", "v3_req",
+        ])
+
+    print("\nGenerated certs/keys:")
+    print(f"  Output dir: {out_dir}")
+    print(f"  CA cert:    {ca_crt}")
+    print(f"  Server cert:{srv_crt}")
+    print(f"  Server key: {srv_key}")
+    print("\nSANs:")
+    for s in sans:
+        print(f"  - {s}")
+    print("\nClient trust:")
+    print("  Clients should trust ca.crt (NOT server.crt).")
+    print("  Clients must dial an address that matches one of the SANs.\n")
+
+
+if __name__ == "__main__":
+    main()

remoteRF_server/tools/gen_certs.py

@@ -0,0 +1,274 @@
+from __future__ import annotations
+
+import shutil
+import socket
+import subprocess
+import sys
+import tempfile
+from pathlib import Path
+
+import time
+from datetime import datetime, timezone
+
+def _x509_dates(cert_path: Path) -> tuple[datetime | None, datetime | None]:
+    # openssl prints:
+    #   notBefore=Feb 16 23:12:02 2026 GMT
+    #   notAfter=Feb 16 23:12:02 2027 GMT
+    p = subprocess.run(
+        ["openssl", "x509", "-in", str(cert_path), "-noout", "-startdate", "-enddate"],
+        stdout=subprocess.PIPE,
+        stderr=subprocess.STDOUT,
+        text=True,
+        check=False,
+    )
+    if p.returncode != 0:
+        return None, None
+
+    nb = na = None
+    for line in p.stdout.splitlines():
+        line = line.strip()
+        if line.startswith("notBefore="):
+            s = line.split("=", 1)[1].strip()
+            s = s.removesuffix(" GMT").strip()
+            try:
+                nb = datetime.strptime(s, "%b %d %H:%M:%S %Y").replace(tzinfo=timezone.utc)
+            except Exception:
+                nb = None
+        elif line.startswith("notAfter="):
+            s = line.split("=", 1)[1].strip()
+            s = s.removesuffix(" GMT").strip()
+            try:
+                na = datetime.strptime(s, "%b %d %H:%M:%S %Y").replace(tzinfo=timezone.utc)
+            except Exception:
+                na = None
+
+    return nb, na
+
+
+def _run(cmd: list[str]) -> None:
+    try:
+        subprocess.run(cmd, check=True)
+    except subprocess.CalledProcessError as e:
+        print(f"\nCommand failed:\n  {' '.join(cmd)}\n", file=sys.stderr)
+        raise SystemExit(e.returncode)
+
+
+def _ensure_openssl() -> None:
+    if shutil.which("openssl") is None:
+        raise SystemExit("openssl not found on PATH. Install OpenSSL and try again.")
+
+
+def _default_config_dir() -> Path:
+    return Path.home() / ".config" / "remoterf"
+
+
+def _detect_local_ip() -> str:
+    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    try:
+        s.connect(("8.8.8.8", 80))
+        return s.getsockname()[0]
+    finally:
+        s.close()
+
+
+def generate_certs(
+    *,
+    static_ip: str | None,
+    days: int = 365,
+    ca_days: int = 3650,
+    bits: int = 2048,
+    config_dir: Path | None = None,
+    out_subdir: str = "certs",
+    dns: list[str] | None = None,
+    cn: str | None = None,
+    force: bool = False,
+) -> None:
+    _ensure_openssl()
+
+    base_dir = (config_dir or _default_config_dir()).expanduser().resolve()
+    out_dir = (base_dir / out_subdir).resolve()
+    out_dir.mkdir(parents=True, exist_ok=True)
+
+    ips: list[str] = []
+    if static_ip and static_ip.strip():
+        ips.append(static_ip.strip())
+    else:
+        ips.append(_detect_local_ip())
+
+    dns = [d.strip() for d in (dns or []) if d and d.strip()]
+    sans: list[str] = [f"IP:{ip}" for ip in ips] + [f"DNS:{d}" for d in dns]
+    san_line = ",".join(sans)
+    cn = cn or (dns[0] if dns else ips[0])
+
+    ca_key = out_dir / "ca.key"
+    ca_crt = out_dir / "ca.crt"
+    srv_key = out_dir / "server.key"
+    srv_csr = out_dir / "server.csr"
+    srv_crt = out_dir / "server.crt"
+
+    targets = [ca_key, ca_crt, srv_key, srv_csr, srv_crt]
+
+    if not force:
+        existing = [p for p in targets if p.exists()]
+        if existing:
+            raise SystemExit(
+                "Refusing to overwrite existing files:\n  "
+                + "\n  ".join(str(p) for p in existing)
+                + "\nRe-run with --force to replace them."
+            )
+    else:
+        for p in targets:
+            if p.exists():
+                p.unlink()
+        extra = out_dir / "ca.srl"
+        if extra.exists():
+            extra.unlink()
+
+    _run(["openssl", "genrsa", "-out", str(ca_key), str(bits)])
+    _run([
+        "openssl", "req", "-x509", "-new", "-nodes",
+        "-key", str(ca_key),
+        "-sha256",
+        "-days", str(ca_days),
+        "-subj", "/CN=remoteRF Local CA",
+        "-out", str(ca_crt),
+    ])
+
+    _run(["openssl", "genrsa", "-out", str(srv_key), str(bits)])
+
+    with tempfile.TemporaryDirectory() as td:
+        td_path = Path(td)
+
+        csr_cnf = td_path / "csr.cnf"
+        csr_cnf.write_text(
+            f"""\
+[ req ]
+default_bits       = {bits}
+prompt             = no
+default_md         = sha256
+distinguished_name = dn
+req_extensions     = req_ext
+
+[ dn ]
+CN = {cn}
+
+[ req_ext ]
+subjectAltName = {san_line}
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+""",
+            encoding="utf-8",
+        )
+
+        _run([
+            "openssl", "req", "-new",
+            "-key", str(srv_key),
+            "-out", str(srv_csr),
+            "-config", str(csr_cnf),
+        ])
+
+        sign_cnf = td_path / "sign.cnf"
+        sign_cnf.write_text(
+            f"""\
+[ v3_req ]
+basicConstraints = CA:FALSE
+subjectAltName = {san_line}
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+""",
+            encoding="utf-8",
+        )
+
+        _run([
+            "openssl", "x509", "-req",
+            "-in", str(srv_csr),
+            "-CA", str(ca_crt),
+            "-CAkey", str(ca_key),
+            "-CAcreateserial",
+            "-out", str(srv_crt),
+            "-days", str(days),
+            "-sha256",
+            "-extfile", str(sign_cnf),
+            "-extensions", "v3_req",
+        ])
+
+    print("\nGenerated certs/keys:")
+    print(f"  Output dir: {out_dir}")
+    print(f"  CA cert:    {ca_crt}")
+    print(f"  Server cert:{srv_crt}")
+    print(f"  Server key: {srv_key}")
+    print("\nSANs:")
+    for s in sans:
+        print(f"  - {s}")
+    print("\nClient trust:")
+    print("  Clients should trust ca.crt (NOT server.crt).")
+    print("  Clients must dial an address that matches one of the SANs.\n")
+    
+    ca_nb, ca_na = _x509_dates(ca_crt)
+    srv_nb, srv_na = _x509_dates(srv_crt)
+
+    if srv_nb and srv_na:
+        now = datetime.now(timezone.utc)
+        remaining = srv_na - now
+        # clamp negative (if clock skew or already expired)
+        if remaining.total_seconds() < 0:
+            rem_str = "EXPIRED"
+        else:
+            days_left = remaining.days
+            hours_left = (remaining.seconds // 3600)
+            mins_left = (remaining.seconds % 3600) // 60
+            rem_str = f"{days_left}d {hours_left}h {mins_left}m"
+
+        print("  Server:")
+        print(f"    notBefore (UTC): {srv_nb.isoformat(timespec='seconds')}")
+        print(f"    notAfter  (UTC): {srv_na.isoformat(timespec='seconds')}")
+        print(f"    expires (local): {srv_na.astimezone().strftime('%Y-%m-%d %H:%M:%S %Z')}")
+        print(f"    expires in:      {rem_str}")
+    else:
+        print("  Server: (failed to parse dates)")
+
+
+
+import argparse
+
+def main() -> int:
+    ap = argparse.ArgumentParser(prog="gen_certs.py", description="Generate RemoteRF TLS certs")
+    ap.add_argument("--ip", dest="static_ip", default=None, help="Static IP to include in SAN (if omitted, auto-detect unless --no-detect-ip)")
+    ap.add_argument("--no-detect-ip", action="store_true", help="Require --ip; do not auto-detect")
+
+    ap.add_argument("--days", type=int, default=365)
+    ap.add_argument("--ca-days", type=int, default=3650)
+    ap.add_argument("--bits", type=int, default=2048)
+
+    ap.add_argument("--config-dir", default=None, help="Base config dir (default: ~/.config/remoterf)")
+    ap.add_argument("--out-subdir", default="certs", help="Subdir under config dir (default: certs)")
+
+    ap.add_argument("--dns", action="append", default=[], help="DNS SAN entry (repeatable)")
+    ap.add_argument("--cn", default=None, help="Common Name (default: first SAN entry)")
+    ap.add_argument("--force", action="store_true", help="Overwrite existing certs/keys")
+
+    args = ap.parse_args()
+
+    if args.no_detect_ip and not (args.static_ip and args.static_ip.strip()):
+        print("ERROR: --no-detect-ip set but no --ip provided", file=sys.stderr)
+        return 2
+
+    cfg = Path(args.config_dir).expanduser().resolve() if args.config_dir else None
+
+    generate_certs(
+        static_ip=args.static_ip,
+        days=args.days,
+        ca_days=args.ca_days,
+        bits=args.bits,
+        config_dir=cfg,
+        out_subdir=args.out_subdir,
+        dns=args.dns,
+        cn=args.cn,
+        force=args.force,
+    )
+
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

remoteRF_server/tools/gist_status.py

@@ -0,0 +1,139 @@
+# remoteRF_server/tools/gist_status.py
+
+from __future__ import annotations
+
+import json
+import os
+import sys
+import time
+import threading
+from pathlib import Path
+from typing import Dict, Optional
+
+import requests
+
+
+def _xdg_config_home() -> Path:
+    return Path(os.getenv("XDG_CONFIG_HOME", Path.home() / ".config"))
+
+
+def _cfg_dir() -> Path:
+    return Path(os.getenv("REMOTERF_CONFIG_DIR", _xdg_config_home() / "remoterf"))
+
+
+def _read_env_kv(path: Path) -> Dict[str, str]:
+    out: Dict[str, str] = {}
+    if not path.exists():
+        return out
+    for raw in path.read_text(encoding="utf-8").splitlines():
+        line = raw.strip()
+        if not line or line.startswith("#") or "=" not in line:
+            continue
+        k, v = line.split("=", 1)
+        out[k.strip()] = v.strip().strip('"').strip("'")
+    return out
+
+
+def _load_gist_env() -> tuple[str, str, str]:
+    p = _cfg_dir() / "gist.env"
+    kv = _read_env_kv(p)
+
+    gist_id = kv.get("STATUS_GIST_ID", "").strip()
+    token = kv.get("GITHUB_TOKEN", "").strip()
+    filename = kv.get("STATUS_GIST_FILENAME", "").strip()
+
+    missing = []
+    if not gist_id:
+        missing.append("STATUS_GIST_ID")
+    if not token:
+        missing.append("GITHUB_TOKEN")
+    if not filename:
+        missing.append("STATUS_GIST_FILENAME")
+
+    if missing:
+        print(f"[gist_status] Missing {', '.join(missing)} in {p}", file=sys.stderr)
+        print(
+            "[gist_status] Fix: run:\n"
+            "  serverrf --gist --set --id <gist_id> --file <filename>\n"
+            "Or manually create gist.env with those keys.",
+            file=sys.stderr,
+        )
+        raise SystemExit(2)
+
+    return gist_id, token, filename
+
+
+def build_status() -> dict:
+    payload = {
+        "updated_unix": int(time.time()),
+        "reservation_history_days": 90,
+        "reservations": [],
+    }
+
+    from ..server.reservation import reservation_handler
+    payload["reservations"] = reservation_handler.get_obfuscated_device_reservations_grouped_past_days(90)
+    payload["usage"] = reservation_handler.get_obfuscated_usage_summary()
+
+    return payload
+
+
+def push_gist(*, gist_id: str, gh_token: str, filename: str, payload: dict) -> None:
+    url = f"https://api.github.com/gists/{gist_id}"
+    headers = {
+        "Authorization": f"Bearer {gh_token}",
+        "Accept": "application/vnd.github+json",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+    body = {
+        "files": {
+            filename: {
+                "content": json.dumps(payload, separators=(",", ":"), sort_keys=True) + "\n"
+            }
+        }
+    }
+    r = requests.patch(url, headers=headers, json=body, timeout=10)
+    r.raise_for_status()
+
+
+def _publisher_loop(period_sec: int) -> None:
+    gist_id, gh_token, filename = _load_gist_env()
+
+    try:
+        push_gist(gist_id=gist_id, gh_token=gh_token, filename=filename, payload=build_status())
+        print("[gist_status] initial publish ok", file=sys.stderr)
+    except Exception as e:
+        print(f"[gist_status] initial publish failed: {e}", file=sys.stderr)
+
+    while True:
+        try:
+            push_gist(gist_id=gist_id, gh_token=gh_token, filename=filename, payload=build_status())
+        except Exception as e:
+            print(f"[gist_status] publish failed: {e}", file=sys.stderr)
+        time.sleep(period_sec)
+
+
+_publisher_thread: Optional[threading.Thread] = None
+_publisher_lock = threading.Lock()
+
+
+def start_status_publisher() -> None:
+    global _publisher_thread
+    with _publisher_lock:
+        if _publisher_thread is not None and _publisher_thread.is_alive():
+            return
+
+        t = threading.Thread(
+            target=_publisher_loop,
+            args=(int(120),),
+            name="gist-status-publisher",
+            daemon=True,
+        )
+        t.start()
+        _publisher_thread = t
+        print(f"[gist_status] started (period={120}s)", file=sys.stderr)
+
+
+# if __name__ == "__main__":
+#     start_status_publisher(period_sec=120)
+#     while True:
+#         time.sleep(3600)

remoteRF_server/tools/gist_status_testing.py

@@ -0,0 +1,67 @@
+# remoteRF_server/tools/gist_status.py
+
+import json
+import os
+import time
+import threading
+import requests  
+
+# Create public gist on your github. Keep note of the file name
+# https://gist.github.com/ethange1/2a35e08a90bf88a70dfe7f42a55685ed
+
+# The last one is the "GIST_ID" part of the URL, e.g. "2a35e08a90bf88a70dfe7f42a55685ed"
+
+GIST_ID = "2a35e08a90bf88a70dfe7f42a55685ed"      
+
+# Create the GITHUB_TOKEN (so your server can update it)
+# GitHub → Settings
+# Developer settings
+# Personal access tokens → Fine-grained tokens
+# Generate new token
+# Set repository access to "Public Respositories"
+# Permissions: enable Gists: Read and write
+# Generate + copy the token (you only see it once)
+
+# LIMIT OF 1 per minute ! BE MINDFUL OF RATE LIMITS! 
+
+GH_TOKEN = ""
+
+FILENAME = "ucla-wlab-remoterf-status.json"
+
+# HOW TO PULL! https://gist.githubusercontent.com/ethange1/2a35e08a90bf88a70dfe7f42a55685ed/raw/ucla-wlab-remoterf-status.json
+
+def build_status() -> dict:
+    return {
+        "updated_unix": int(time.time()),
+    }
+
+def push_gist(payload: dict) -> None:
+    url = f"https://api.github.com/gists/{GIST_ID}"
+    headers = {
+        "Authorization": f"Bearer {GH_TOKEN}",
+        "Accept": "application/vnd.github+json",
+    }
+    body = {
+        "files": {
+            FILENAME: {
+                "content": json.dumps(payload, separators=(",", ":"), sort_keys=True) + "\n"
+            }
+        }
+    }
+    r = requests.patch(url, headers=headers, json=body, timeout=10)
+    print(r.status_code, r.text)
+    print("Retry-After:", r.headers.get("Retry-After"))
+    print("X-RateLimit-Remaining:", r.headers.get("X-RateLimit-Remaining"))
+    r.raise_for_status()
+
+def status_publisher_loop(period_sec: int = 30) -> None:
+    while True:
+        try:
+            push_gist(build_status())
+        except Exception as e:
+            print(f"[status] publish failed: {e}")
+        time.sleep(period_sec)
+        
+status_publisher_loop(60)
+
+# threading.Thread(target=status_publisher_loop, daemon=True).start()