susops 3.0.0rc3.dev1__py3-none-any.whl

susops/core/services_daemon.py

@@ -0,0 +1,312 @@
+"""SusOps services daemon — single long-running process that owns the
+PAC server, status SSE endpoint, reconnect monitor, and bandwidth sampler.
+
+Frontends (tray, TUI, CLI) talk to it over JSON-over-HTTP RPC.
+"""
+from __future__ import annotations
+
+import argparse
+import logging
+import os
+import signal
+import sys
+import threading
+from pathlib import Path
+
+WORKSPACE_DEFAULT = Path.home() / ".susops"
+_PID_FILENAME = "susops-services.pid"
+_PORT_FILENAME = "susops-services.port"
+
+
+def _pid_path(workspace: Path) -> Path:
+    return workspace / "pids" / _PID_FILENAME
+
+
+def _port_path(workspace: Path) -> Path:
+    return workspace / "pids" / _PORT_FILENAME
+
+
+def _write_pid_file(workspace: Path) -> None:
+    p = _pid_path(workspace)
+    p.parent.mkdir(parents=True, exist_ok=True)
+    p.write_text(str(os.getpid()))
+
+
+def _claim_pid_file(workspace: Path) -> bool:
+    """Atomically create the PID file with this process's PID.
+
+    Uses O_CREAT | O_EXCL so two daemons racing each other can't both
+    succeed — at most one will create the file, the other gets
+    FileExistsError. Returns True if we claimed it, False otherwise.
+    """
+    p = _pid_path(workspace)
+    p.parent.mkdir(parents=True, exist_ok=True)
+    try:
+        fd = os.open(str(p), os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o644)
+    except FileExistsError:
+        return False
+    try:
+        os.write(fd, str(os.getpid()).encode())
+    finally:
+        os.close(fd)
+    return True
+
+
+def _remove_pid_file(workspace: Path) -> None:
+    try:
+        _pid_path(workspace).unlink(missing_ok=True)
+    except Exception:
+        pass
+
+
+def _remove_port_file(workspace: Path) -> None:
+    try:
+        _port_path(workspace).unlink(missing_ok=True)
+    except Exception:
+        pass
+
+
+_EXIT_ANOTHER_DAEMON_ALIVE = 2
+_EXIT_PAC_PORT_SQUATTED = 3
+
+
+def _preflight(workspace: Path, log: "logging.Logger") -> None:
+    """Refuse to start if another daemon is alive or PAC port is squatted.
+
+    Atomic via O_EXCL on the PID file — two daemons racing each other
+    can't both pass this check. Converts the silent-failure modes that
+    bit us during development (orphan accumulation, double-spawn races)
+    into loud, actionable exits.
+
+    On success the PID file is written with our pid (which means the
+    daemon's shutdown finally block MUST clean it up).
+    """
+    # Try to claim the PID file atomically.
+    if _claim_pid_file(workspace):
+        # Won the race uncontested.
+        pass
+    else:
+        # File exists. Is the holder alive?
+        pid_file = _pid_path(workspace)
+        try:
+            existing_pid = int(pid_file.read_text().strip())
+            os.kill(existing_pid, 0)  # liveness probe
+        except (OSError, ValueError):
+            # Stale PID file. Remove + retry the atomic claim once.
+            pid_file.unlink(missing_ok=True)
+            _port_path(workspace).unlink(missing_ok=True)
+            if not _claim_pid_file(workspace):
+                # Some other daemon claimed it between our cleanup and retry.
+                log.error(
+                    "another susops-services daemon raced us to start. "
+                    "Try again — or run "
+                    "`pgrep -lf susops-services` to inspect."
+                )
+                sys.exit(_EXIT_ANOTHER_DAEMON_ALIVE)
+        else:
+            log.error(
+                "another susops-services daemon is already running (pid=%d). "
+                "Stop it first with `kill %d` (or `kill -9 %d` if it's wedged) "
+                "before starting a new one.",
+                existing_pid, existing_pid, existing_pid,
+            )
+            sys.exit(_EXIT_ANOTHER_DAEMON_ALIVE)
+
+    # 2. Is the configured PAC port held by an untracked process?
+    try:
+        from susops.core.config import load_config
+        cfg = load_config(workspace)
+        pac_port = cfg.pac_server_port
+    except Exception:
+        pac_port = 0
+    if not pac_port:
+        return  # 0 means auto-allocate, no port to preflight
+
+    import socket as _socket
+    probe = _socket.socket(_socket.AF_INET, _socket.SOCK_STREAM)
+    probe.setsockopt(_socket.SOL_SOCKET, _socket.SO_REUSEADDR, 1)
+    try:
+        probe.bind(("127.0.0.1", pac_port))
+    except OSError as exc:
+        log.error(
+            "PAC port %d is bound by another process (%s). "
+            "Likely an orphan susops-services or susops.core.pac from a "
+            "previous run. Recover with:\n"
+            "  pkill -9 -f 'susops-services|susops.core.services_daemon|susops.core.pac'\n"
+            "  rm -f %s/pids/susops-services.{pid,port}\n"
+            "Then start this daemon again.",
+            pac_port, exc, workspace,
+        )
+        # We claimed the PID file above; clean it up so the next attempt
+        # isn't blocked by us.
+        _remove_pid_file(workspace)
+        sys.exit(_EXIT_PAC_PORT_SQUATTED)
+    finally:
+        probe.close()
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description="SusOps services daemon")
+    parser.add_argument("--workspace", default=str(WORKSPACE_DEFAULT))
+    parser.add_argument("--port", type=int, default=0,
+                        help="RPC port; 0 = auto-allocate")
+    args = parser.parse_args()
+    workspace = Path(args.workspace)
+
+    logging.basicConfig(level=logging.INFO,
+                        format="%(asctime)s [services] %(message)s")
+    log = logging.getLogger("susops.services")
+
+    # Install signal handlers BEFORE preflight: SIGTERM arriving in the
+    # window between claiming the PID file and entering the try block
+    # otherwise triggers Python's default handler, bypassing cleanup.
+    stop_event = threading.Event()
+
+    def _shutdown(signum, _frame) -> None:
+        log.info("Received signal %d, shutting down", signum)
+        stop_event.set()
+
+    signal.signal(signal.SIGTERM, _shutdown)
+    signal.signal(signal.SIGINT, _shutdown)
+
+    _preflight(workspace, log)
+
+    mgr = None
+    try:
+        import time as _time
+        from susops.core.rpc_server import serve
+        from susops.facade import SusOpsManager
+
+        mgr = SusOpsManager(workspace=workspace, _enable_background_threads=True)
+        # CLI `--port` wins. Fall back to the configured `rpc_server_port`,
+        # then 0 (auto-allocate). When we auto-allocate, persist the bound
+        # port back to config so subsequent spawns reuse it.
+        requested_port = args.port or mgr.config.rpc_server_port or 0
+        runner, actual_port = serve(mgr, port=requested_port)
+        if requested_port == 0 and actual_port != mgr.config.rpc_server_port:
+            mgr.config = mgr.config.model_copy(
+                update={"rpc_server_port": actual_port}
+            )
+            mgr._save()
+        _port_path(workspace).write_text(str(actual_port))
+        log.info("RPC listening on 127.0.0.1:%d", actual_port)
+
+        # Start the SSE status server eagerly so frontends can connect
+        # immediately on daemon spawn, and so the daemon-startup log can
+        # report the SSE port too. Previously this was lazy (started on the
+        # first tunnel `start()` call), which left SSE listeners spinning in
+        # backoff for several seconds after a fresh daemon spawn.
+        sse_port = mgr.ensure_sse_status_server()
+
+        # Surface daemon-startup details in the in-memory log buffer too so
+        # they show up in the TUI Logs tab and the tray Logs window — the
+        # `log.info` calls only land on the daemon process's stderr.
+        try:
+            sse_str = f"SSE port {sse_port}" if sse_port else "SSE port unavailable"
+            mgr._log(
+                f"Daemon started — RPC port {actual_port}, {sse_str} (PID {os.getpid()})"
+            )
+            mgr._log(f"Workspace: {workspace}")
+        except Exception:
+            pass
+
+        # Idle-shutdown. Exit when the last SSE client disconnects AND there's
+        # no in-flight work (no SSH masters, no shares, no PAC, no watched
+        # connections). Startup gets a small grace so a frontend that calls
+        # ensure_daemon_running() has time to make its first SSE connection
+        # before the periodic check fires.
+        _IDLE_STARTUP_GRACE_S = 3.0
+        _IDLE_CHECK_INTERVAL_S = 5.0
+        startup_time = _time.monotonic()
+
+        def _should_exit() -> bool:
+            if _time.monotonic() - startup_time < _IDLE_STARTUP_GRACE_S:
+                return False
+            if mgr is None:
+                return False
+            if mgr._status_server.client_count() > 0:
+                return False
+            return mgr.is_idle()
+
+        def _on_clients_changed(count: int) -> None:
+            # Fast path — react immediately when the last SSE client drops.
+            # The periodic check below handles the "no SSE was ever opened"
+            # case (e.g. `susops ps` fires one RPC and exits).
+            if count > 0:
+                return
+            if _should_exit():
+                msg = "Last client disconnected and no work pending — shutting down"
+                log.info(msg)
+                try:
+                    mgr._log(msg)
+                except Exception:
+                    pass
+                stop_event.set()
+
+        mgr._status_server.on_clients_changed = _on_clients_changed
+        # Surface SSE connect/disconnect in the in-memory log buffer so the
+        # TUI Logs tab and tray Logs window can show "tui connected" etc.
+        mgr._status_server.on_log = mgr._log
+
+        def _idle_watcher() -> None:
+            while not stop_event.is_set():
+                if stop_event.wait(_IDLE_CHECK_INTERVAL_S):
+                    return
+                if _should_exit():
+                    msg = (f"Idle for {_IDLE_CHECK_INTERVAL_S:.0f}s with "
+                           f"no clients — shutting down")
+                    log.info(msg)
+                    try:
+                        mgr._log(msg)
+                    except Exception:
+                        pass
+                    stop_event.set()
+                    return
+
+        threading.Thread(
+            target=_idle_watcher, daemon=True, name="susops-idle-watcher",
+        ).start()
+
+        log.info("Daemon started, pid=%d, workspace=%s", os.getpid(), workspace)
+        stop_event.wait()
+        # If we land here it's because the idle-watcher or a signal asked us
+        # to exit — surface it in the in-memory log so frontends can see
+        # *why* the daemon went away rather than just noticing it's gone.
+        if mgr is not None:
+            try:
+                mgr._log("Daemon shutting down")
+            except Exception:
+                pass
+    finally:
+        # Remove PID + port files FIRST so subsequent ensure_daemon_running()
+        # calls don't think we're still alive while we're shutting down.
+        # Anything that hangs below can't strand us with a stale PID file.
+        _remove_pid_file(workspace)
+        _remove_port_file(workspace)
+
+        # Stop the manager (kills SSH masters, stops PAC/status threads).
+        # Wrapped in a watchdog timer — if a child won't die we still exit.
+        def _watchdog():
+            import time as _t
+            _t.sleep(5.0)
+            log.error("Shutdown watchdog tripped, force-exiting")
+            os._exit(1)
+
+        threading.Thread(target=_watchdog, daemon=True, name="susops-services-watchdog").start()
+
+        if mgr is not None:
+            try:
+                mgr.stop_quick()
+            except Exception:
+                log.exception("Error during manager stop")
+        # NOTE: we intentionally do NOT call `asyncio.run(runner.cleanup())`.
+        # The aiohttp runner lives on a separate event loop (see serve() in
+        # rpc_server.py) running on a daemon thread. Spawning a fresh loop
+        # here to await an object from a different loop deadlocks. Process
+        # exit closes the listening sockets cleanly anyway.
+        log.info("Daemon stopped")
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

susops/core/share.py

@@ -0,0 +1,323 @@
+"""Encrypted file sharing server and client for SusOps.
+
+Replaces the bash implementation that used nc + openssl + gzip.
+Uses aiohttp for async HTTP serving + cryptography library for AES-256-CTR encryption.
+
+Protocol (same as original):
+- HTTP Basic auth with credentials ":password" (empty username)
+- File is gzip-compressed then AES-256-CTR encrypted with PBKDF2 key derivation
+- Original filename is AES-encrypted and base64-encoded in Content-Disposition
+- Served as application/octet-stream
+"""
+from __future__ import annotations
+
+import asyncio
+import base64
+import gzip
+import os
+import secrets
+import string
+import threading
+from pathlib import Path
+
+from susops.core.types import ShareInfo
+
+__all__ = ["ShareServer", "fetch_file", "generate_password", "ShareInfo"]
+
+
+def _derive_key(password: str, salt: bytes) -> bytes:
+    """Derive a 32-byte AES key from a password using PBKDF2-HMAC-SHA256."""
+    from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+    from cryptography.hazmat.primitives import hashes
+
+    kdf = PBKDF2HMAC(
+        algorithm=hashes.SHA256(),
+        length=32,
+        salt=salt,
+        iterations=600_000,
+    )
+    return kdf.derive(password.encode())
+
+
+def _encrypt(data: bytes, password: str) -> bytes:
+    """Encrypt bytes using AES-256-CTR.
+
+    Format: magic(8) + salt(8) + iv(16) + ciphertext
+    """
+    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+
+    salt = os.urandom(8)
+    key = _derive_key(password, salt)
+    iv = os.urandom(16)
+
+    cipher = Cipher(algorithms.AES(key), modes.CTR(iv))
+    encryptor = cipher.encryptor()
+    ciphertext = encryptor.update(data) + encryptor.finalize()
+
+    return b"Salted__" + salt + iv + ciphertext
+
+
+def _decrypt(data: bytes, password: str) -> bytes:
+    """Decrypt bytes produced by _encrypt()."""
+    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+
+    if not data.startswith(b"Salted__"):
+        raise ValueError("Invalid encrypted data: missing 'Salted__' header")
+    salt = data[8:16]
+    iv = data[16:32]
+    ciphertext = data[32:]
+
+    key = _derive_key(password, salt)
+    cipher = Cipher(algorithms.AES(key), modes.CTR(iv))
+    decryptor = cipher.decryptor()
+    return decryptor.update(ciphertext) + decryptor.finalize()
+
+
+def _compress_and_encrypt(file_path: Path, password: str) -> bytes:
+    """Gzip-compress then AES-256-CTR encrypt a file."""
+    raw = file_path.read_bytes()
+    compressed = gzip.compress(raw)
+    return _encrypt(compressed, password)
+
+
+def _decrypt_and_decompress(data: bytes, password: str) -> bytes:
+    """AES-256-CTR decrypt then gunzip."""
+    compressed = _decrypt(data, password)
+    return gzip.decompress(compressed)
+
+
+def _encrypt_filename(filename: str, password: str) -> str:
+    """Encrypt a filename string and return base64-encoded ciphertext."""
+    encrypted = _encrypt(filename.encode(), password)
+    return base64.urlsafe_b64encode(encrypted).decode()
+
+
+def _decrypt_filename(encrypted_b64: str, password: str) -> str:
+    """Decrypt a base64-encoded encrypted filename."""
+    encrypted = base64.urlsafe_b64decode(encrypted_b64.encode())
+    return _decrypt(encrypted, password).decode()
+
+
+def generate_password(length: int = 24) -> str:
+    """Generate a secure random password (alphanumeric)."""
+    alphabet = string.ascii_letters + string.digits
+    return "".join(secrets.choice(alphabet) for _ in range(length))
+
+
+# ---------------------------------------------------------------------------
+# Shared event loop — all ShareServer instances and the StatusServer reuse one
+# daemon thread + asyncio loop to avoid creating multiple threads.
+# ---------------------------------------------------------------------------
+
+_loop: asyncio.AbstractEventLoop | None = None
+_loop_lock = threading.Lock()
+
+
+def _get_loop() -> asyncio.AbstractEventLoop:
+    """Return (and lazily initialise) the shared daemon event loop."""
+    global _loop
+    with _loop_lock:
+        if _loop is None or _loop.is_closed():
+            _loop = asyncio.new_event_loop()
+            t = threading.Thread(
+                target=_loop.run_forever,
+                name="susops-async-loop",
+                daemon=True,
+            )
+            t.start()
+        return _loop
+
+
+class ShareServer:
+    """Async HTTP file share server with AES-256-CTR encryption.
+
+    The file is encrypted in memory and served via HTTP Basic auth using aiohttp.
+    Multiple ShareServer instances share one background event loop thread.
+    """
+
+    def __init__(self) -> None:
+        self._runner = None
+        self._port: int = 0
+        self._encrypted_data: bytes = b""
+        self._encrypted_filename: str = ""
+        self._password: str = ""
+        self._access_count: int = 0
+        self._failed_count: int = 0
+
+    def start(
+            self,
+            file_path: Path,
+            password: str,
+            port: int = 0,
+            workspace: Path | None = None,
+    ) -> ShareInfo:
+        """Encrypt and start serving the file asynchronously.
+
+        Returns ShareInfo with the URL and credentials.
+        """
+        if self._runner is not None:
+            raise RuntimeError("Share server is already running")
+
+        self._encrypted_data = _compress_and_encrypt(file_path, password)
+        self._encrypted_filename = _encrypt_filename(file_path.name, password)
+        self._password = password
+
+        loop = _get_loop()
+        future = asyncio.run_coroutine_threadsafe(
+            self._start_async(port), loop
+        )
+        self._port = future.result(timeout=10)
+
+        return ShareInfo(
+            file_path=str(file_path),
+            port=self._port,
+            password=password,
+            url=f"http://localhost:{self._port}",
+        )
+
+    async def _start_async(self, port: int) -> int:
+        from aiohttp import web
+
+        async def handle(request: web.Request) -> web.Response:
+            auth = request.headers.get("Authorization", "")
+            if not auth.startswith("Basic "):
+                self._failed_count += 1
+                return web.Response(
+                    status=401,
+                    headers={"WWW-Authenticate": 'Basic realm="susops share"'},
+                )
+            try:
+                decoded = base64.b64decode(auth[6:]).decode()
+                _, _, pw = decoded.partition(":")
+            except Exception:
+                self._failed_count += 1
+                return web.Response(status=401)
+            if pw != self._password:
+                self._failed_count += 1
+                return web.Response(
+                    status=401,
+                    headers={"WWW-Authenticate": 'Basic realm="susops share"'},
+                )
+
+            self._access_count += 1
+            return web.Response(
+                body=self._encrypted_data,
+                content_type="application/octet-stream",
+                headers={
+                    "Content-Disposition": f'attachment; filename="{self._encrypted_filename}"',
+                    "Connection": "close",
+                },
+            )
+
+        app = web.Application()
+        app.router.add_get("/", handle)
+
+        runner = web.AppRunner(app)
+        await runner.setup()
+        site = web.TCPSite(runner, "127.0.0.1", port)
+        await site.start()
+        self._runner = runner
+        # Resolve the actual bound port (important when port=0)
+        return site._server.sockets[0].getsockname()[1]  # type: ignore[union-attr]
+
+    def stop(self) -> None:
+        """Stop the share server."""
+        if self._runner is not None:
+            loop = _get_loop()
+            future = asyncio.run_coroutine_threadsafe(
+                self._runner.cleanup(), loop
+            )
+            try:
+                future.result(timeout=5)
+            except Exception:
+                pass
+            self._runner = None
+        self._port = 0
+
+    def is_running(self) -> bool:
+        return self._runner is not None
+
+    def get_port(self) -> int:
+        return self._port
+
+    @property
+    def access_count(self) -> int:
+        return self._access_count
+
+    @property
+    def failed_count(self) -> int:
+        return self._failed_count
+
+
+def fetch_file(
+        host: str,
+        port: int,
+        password: str,
+        outfile: Path | None = None,
+) -> Path:
+    """Download and decrypt a file from a ShareServer.
+
+    Args:
+        host: Hostname or IP (e.g. "localhost").
+        port: Port the share server is listening on.
+        password: Decryption password.
+        outfile: Where to save the file. Defaults to ~/Downloads/<original_name>.
+
+    Returns:
+        Path to the saved decrypted file.
+    """
+    loop = _get_loop()
+    future = asyncio.run_coroutine_threadsafe(
+        _fetch_async(host, port, password, outfile), loop
+    )
+    return future.result(timeout=60)
+
+
+async def _fetch_async(
+        host: str,
+        port: int,
+        password: str,
+        outfile: Path | None,
+) -> Path:
+    import aiohttp
+
+    url = f"http://{host}:{port}"
+    credentials = base64.b64encode(f":{password}".encode()).decode()
+
+    async with aiohttp.ClientSession() as session:
+        async with session.get(
+                url,
+                headers={"Authorization": f"Basic {credentials}"},
+                timeout=aiohttp.ClientTimeout(total=30),
+        ) as resp:
+            if resp.status != 200:
+                raise RuntimeError(f"Share server returned HTTP {resp.status}")
+
+            content_disp = resp.headers.get("Content-Disposition", "")
+            encrypted_filename = ""
+            for part in content_disp.split(";"):
+                part = part.strip()
+                if part.startswith("filename="):
+                    encrypted_filename = part[9:].strip('"')
+                    break
+
+            encrypted_data = await resp.read()
+
+    decrypted = _decrypt_and_decompress(encrypted_data, password)
+
+    if outfile is None:
+        if encrypted_filename:
+            try:
+                original_name = _decrypt_filename(encrypted_filename, password)
+            except Exception:
+                original_name = f"download_{secrets.token_hex(4)}"
+        else:
+            original_name = f"download_{secrets.token_hex(4)}"
+
+        downloads = Path.home() / "Downloads"
+        downloads.mkdir(exist_ok=True)
+        outfile = downloads / original_name
+
+    outfile.parent.mkdir(parents=True, exist_ok=True)
+    outfile.write_bytes(decrypted)
+    return outfile