unitlab 2.3.3__py3-none-any.whl → 2.3.5__py3-none-any.whl

unitlab/binary_manager.py

@@ -0,0 +1,137 @@
+import os
+import platform
+import hashlib
+import urllib.request
+from pathlib import Path
+import stat
+import json
+
+class CloudflaredBinaryManager:
+    """
+    Manages cloudflared binary automatically
+    - Downloads on first use
+    - Caches for future use  
+    - Verifies integrity
+    - Zero user configuration
+    """
+
+    # Binary URLs and checksums
+    BINARIES = {
+        'linux-amd64': {
+            'url': 'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64',
+            'checksum': 'sha256:...',  # Add real checksums
+            'filename': 'cloudflared'
+        },
+        'linux-arm64': {
+            'url': 'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64',
+            'checksum': 'sha256:...',
+            'filename': 'cloudflared'
+        },
+        'darwin-amd64': {
+            'url': 'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-darwin-amd64.tgz',
+            'checksum': 'sha256:...',
+            'filename': 'cloudflared',
+            'compressed': True
+        },
+        'windows-amd64': {
+            'url': 'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-windows-amd64.exe',
+            'checksum': 'sha256:...',
+            'filename': 'cloudflared.exe'
+        }
+    }
+
+    def __init__(self):
+        # User's home directory - works on all platforms
+        self.cache_dir = Path.home() / '.unitlab' / 'bin'
+        self.cache_dir.mkdir(parents=True, exist_ok=True)
+
+        # Detect platform once
+        self.platform_key = self._detect_platform()
+
+    def _detect_platform(self):
+        """Detect OS and architecture"""
+        system = platform.system().lower()
+        machine = platform.machine().lower()
+
+        if system == 'linux':
+            if machine in ['x86_64', 'amd64']:
+                return 'linux-amd64'
+            elif machine in ['aarch64', 'arm64']:
+                return 'linux-arm64'
+
+        elif system == 'darwin':  # macOS
+            # Check if ARM (M1/M2) or Intel
+            if machine == 'arm64':
+                return 'darwin-arm64'
+            return 'darwin-amd64'
+
+        elif system == 'windows':
+            return 'windows-amd64'
+
+        raise RuntimeError(f"Unsupported platform: {system} {machine}")
+
+    def get_binary_path(self):
+        """Get path to cloudflared binary, downloading if needed"""
+
+        binary_info = self.BINARIES[self.platform_key]
+        binary_path = self.cache_dir / binary_info['filename']
+
+        # Check if already downloaded
+        if binary_path.exists():
+            print("✓ Using cached cloudflared")
+            return str(binary_path)
+
+        # Download for first time
+        print("🔄 First time setup - downloading cloudflared...")
+        self._download_binary(binary_info, binary_path)
+
+        return str(binary_path)
+
+    def _download_binary(self, info, target_path):
+        """Download and verify binary"""
+
+        # Download with progress bar
+        def download_progress(block_num, block_size, total_size):
+            downloaded = block_num * block_size
+            if total_size > 0:
+                percent = min(downloaded * 100 / total_size, 100)
+                print(f"Downloading: {percent:.0f}%", end='\r')
+            else:
+                print(f"Downloading: {downloaded} bytes", end='\r')
+
+        temp_file = target_path.with_suffix('.tmp')
+
+        try:
+            # Download file
+            urllib.request.urlretrieve(
+                info['url'],
+                temp_file,
+                reporthook=download_progress
+            )
+            print("\n✓ Download complete")
+
+            # Handle compressed files (macOS .tgz)
+            if info.get('compressed'):
+                import tarfile
+                with tarfile.open(temp_file, 'r:gz') as tar:
+                    # Extract just the cloudflared binary
+                    tar.extract('cloudflared', self.cache_dir)
+                temp_file.unlink()
+            else:
+                # Move to final location
+                temp_file.rename(target_path)
+
+            # Make executable on Unix systems
+            if platform.system() != 'Windows':
+                target_path.chmod(target_path.stat().st_mode | stat.S_IEXEC)
+
+            print("✓ Cloudflared ready!")
+
+        except Exception as e:
+            print(f"❌ Download failed: {e}")
+            if temp_file.exists():
+                temp_file.unlink()
+            raise
+        
+            
+        

unitlab/client.py

@@ -16,7 +16,9 @@ import threading
 import psutil
 from datetime import datetime, timezone
 from .tunnel_config import CloudflareTunnel
+from .cloudflare_api_tunnel import CloudflareAPITunnel
 from .utils import get_api_url, handle_exceptions
+from pathlib import Path
 
 
 try:
@@ -26,6 +28,18 @@ except ImportError:
     HAS_GPU = False
 
 
+try:
+    from dotenv import load_dotenv
+    env_path = Path(__file__).parent.parent.parent / '.env'
+    if env_path.exists():
+        load_dotenv(env_path)
+except ImportError:
+    pass  # dotenv not installed, use system env vars only
+
+
+
+
+
 logger = logging.getLogger(__name__)
 
 class UnitlabClient:
@@ -270,7 +284,17 @@ class UnitlabClient:
         self.base_domain = base_domain
         
         # Initialize tunnel manager if available
-        if CloudflareTunnel:
+        # Use API-based tunnel if API token is available
+        print(os.getenv('CLOUDFLARE_API_TOKEN'), 'api tokennn')
+
+        if os.getenv("CLOUDFLARE_API_TOKEN"):
+            logger.info("Using API-based Cloudflare tunnel management")
+
+            self.tunnel_manager = CloudflareAPITunnel(base_domain, device_id)
+            self.jupyter_url = self.tunnel_manager.jupyter_url
+            self.ssh_url = self.tunnel_manager.ssh_url
+        elif CloudflareTunnel:
+            logger.info("Using service token Cloudflare tunnel")
             self.tunnel_manager = CloudflareTunnel(base_domain, device_id)
             self.jupyter_url = self.tunnel_manager.jupyter_url
             self.ssh_url = self.tunnel_manager.ssh_url
@@ -299,19 +323,25 @@ class UnitlabClient:
         # Add API key if provided
         if self.api_key:
             headers['Authorization'] = f'Api-Key {self.api_key}'
+            logger.debug(f"Added API key to headers: Api-Key {self.api_key[:8]}...")
+        else:
+            logger.warning("No API key found for device agent request")
         
         return headers
     
     def _post_device(self, endpoint, data=None):
         """Make authenticated POST request for device agent"""
         full_url = urllib.parse.urljoin(self.server_url, endpoint)
-        logger.debug(f"Posting to {full_url} with data: {data}")
+        headers = self._get_device_headers()
+        logger.debug(f"Posting to {full_url}")
+        logger.debug(f"Headers: {headers}")
+        logger.debug(f"Data: {data}")
         
         try:
             response = self.api_session.post(
                 full_url,
                 json=data or {},
-                headers=self._get_device_headers(),
+                headers=headers,
             )
             logger.debug(f"Response status: {response.status_code}, Response: {response.text}")
             response.raise_for_status()
@@ -331,7 +361,8 @@ class UnitlabClient:
                 "--ServerApp.token=''",
                 "--ServerApp.password=''",
                 "--ServerApp.allow_origin='*'",
-                "--ServerApp.ip='0.0.0.0'"
+                "--ServerApp.ip='0.0.0.0'",
+                "--ServerApp.port=8888"  # Explicitly use 8888 to match Cloudflare config
             ]
             
             self.jupyter_proc = subprocess.Popen(
@@ -427,6 +458,9 @@ class UnitlabClient:
             }
             
             logger.info(f"Reporting Jupyter service with URL: {self.jupyter_url}")
+            logger.debug(f"API key present: {bool(self.api_key)}")
+            if self.api_key:
+                logger.debug(f"API key value: {self.api_key[:8]}...")
             jupyter_response = self._post_device(
                 f"/api/tunnel/agent/jupyter/{self.device_id}/", 
                 jupyter_data

unitlab/cloudflare_api_tunnel.py

@@ -0,0 +1,286 @@
+"""
+Cloudflare API-based Tunnel Configuration
+Uses API to dynamically manage DNS and routes
+"""
+
+import os
+import requests
+import subprocess
+import time
+import logging
+from pathlib import Path
+from .binary_manager import CloudflaredBinaryManager
+
+# Try to load .env file if it exists
+try:
+    from dotenv import load_dotenv
+    env_path = Path(__file__).parent.parent.parent / '.env'
+    if env_path.exists():
+        load_dotenv(env_path)
+except ImportError:
+    pass  # dotenv not installed, use system env vars only
+
+logger = logging.getLogger(__name__)
+
+
+class CloudflareAPITunnel:
+    def __init__(self, base_domain, device_id):
+        """
+        Initialize API-based tunnel manager
+        """
+        self.base_domain = "1scan.uz"
+        self.device_id = device_id
+        
+        # Clean device ID for subdomain
+        self.clean_device_id = device_id.replace('-', '').replace('_', '').lower()[:20]
+        
+        # Cloudflare IDs (hardcoded for now, can move to env vars)
+        self.zone_id = "78182c3883adad79d8f1026851a68176"
+        self.account_id = "c91192ae20a5d43f65e087550d8dc89b"
+        self.tunnel_id = "0777fc10-49c4-472d-8661-f60d80d6184d"  # unitlab-agent tunnel
+        
+        # API token from environment
+        self.api_token = os.getenv("CLOUDFLARE_API_TOKEN")
+        if not self.api_token:
+            logger.warning("CLOUDFLARE_API_TOKEN not set. API features will be disabled.")
+        
+        # API setup
+        self.api_base = "https://api.cloudflare.com/client/v4"
+        self.headers = {
+            "Authorization": f"Bearer {self.api_token}",
+            "Content-Type": "application/json"
+        } if self.api_token else {}
+        
+        # URLs for services
+        self.jupyter_subdomain = f"j{self.clean_device_id}"
+        self.ssh_subdomain = f"s{self.clean_device_id}"
+        self.jupyter_url = f"https://{self.jupyter_subdomain}.{self.base_domain}"
+        self.ssh_hostname = f"{self.ssh_subdomain}.{self.base_domain}"
+        self.ssh_url = self.ssh_hostname  # For backward compatibility
+        
+        self.tunnel_process = None
+        self.created_dns_records = []
+        self.binary_manager = CloudflaredBinaryManager()
+
+    def create_dns_records(self):
+        """
+        Create DNS CNAME records for this device
+        """
+        if not self.api_token:
+            print("⚠️  No API token configured. Skipping DNS creation.")
+            print("   Assuming DNS records already exist or will be created manually.")
+            return True
+        
+        print(f"📡 Creating DNS records for device {self.device_id}...")
+        
+        records = [
+            {"name": self.jupyter_subdomain, "comment": f"Jupyter for {self.device_id}"},
+            {"name": self.ssh_subdomain, "comment": f"SSH for {self.device_id}"}
+        ]
+        
+        for record in records:
+            try:
+                # Check if record exists
+                check_url = f"{self.api_base}/zones/{self.zone_id}/dns_records"
+                params = {"name": f"{record['name']}.{self.base_domain}", "type": "CNAME"}
+                
+                response = requests.get(check_url, headers=self.headers, params=params)
+                existing = response.json()
+                
+                if existing.get("result") and len(existing["result"]) > 0:
+                    # Record exists
+                    print(f"   ✓ DNS record {record['name']}.{self.base_domain} already exists")
+                    continue
+                
+                # Create new record
+                data = {
+                    "type": "CNAME",
+                    "name": record["name"],
+                    "content": f"{self.tunnel_id}.cfargotunnel.com",
+                    "ttl": 1,  # Auto
+                    "proxied": True,
+                    "comment": record["comment"]
+                }
+                
+                response = requests.post(check_url, headers=self.headers, json=data)
+                
+                if response.status_code == 200:
+                    result = response.json()
+                    if result.get("success"):
+                        print(f"   ✅ Created DNS: {record['name']}.{self.base_domain}")
+                        self.created_dns_records.append(result["result"]["id"])
+                    else:
+                        print(f"   ⚠️  Failed to create {record['name']}: {result.get('errors')}")
+                else:
+                    print(f"   ❌ HTTP error {response.status_code} for {record['name']}")
+                    
+            except Exception as e:
+                print(f"   ❌ Error creating DNS record: {e}")
+                continue
+        
+        return True
+
+    def update_tunnel_config(self, jupyter_port=8888, ssh_port=22):
+        """
+        Update tunnel configuration via API
+        """
+        if not self.api_token:
+            print("⚠️  No API token. Tunnel will use existing configuration.")
+            return True
+        
+        print(f"🔧 Configuring tunnel routes...")
+        
+        # Get current tunnel config first
+        get_url = f"{self.api_base}/accounts/{self.account_id}/cfd_tunnel/{self.tunnel_id}/configurations"
+        
+        try:
+            # Get existing config
+            response = requests.get(get_url, headers=self.headers)
+            current_config = response.json()
+            
+            # Build new ingress rules
+            new_ingress = [
+                {
+                    "hostname": f"{self.jupyter_subdomain}.{self.base_domain}",
+                    "service": f"http://localhost:{jupyter_port}",
+                    "originRequest": {
+                        "noTLSVerify": True
+                    }
+                },
+                {
+                    "hostname": f"{self.ssh_subdomain}.{self.base_domain}",
+                    "service": f"ssh://localhost:{ssh_port}"
+                }
+            ]
+            
+            # Merge with existing ingress if any
+            if current_config.get("success") and current_config.get("result"):
+                existing_ingress = current_config["result"].get("config", {}).get("ingress", [])
+                
+                # Filter out our hostnames from existing
+                filtered_ingress = [
+                    rule for rule in existing_ingress
+                    if rule.get("hostname") not in [
+                        f"{self.jupyter_subdomain}.{self.base_domain}",
+                        f"{self.ssh_subdomain}.{self.base_domain}"
+                    ] and rule.get("service") != "http_status:404"
+                ]
+                
+                # Combine
+                new_ingress = new_ingress + filtered_ingress
+            
+            # Add catch-all at the end
+            new_ingress.append({"service": "http_status:404"})
+            
+            # Update configuration
+            config_data = {
+                "config": {
+                    "ingress": new_ingress
+                }
+            }
+            
+            put_url = f"{self.api_base}/accounts/{self.account_id}/cfd_tunnel/{self.tunnel_id}/configurations"
+            response = requests.put(put_url, headers=self.headers, json=config_data)
+            
+            if response.status_code == 200:
+                print(f"   ✅ Tunnel routes configured")
+                return True
+            else:
+                print(f"   ⚠️  Route configuration status: {response.status_code}")
+                # Continue anyway - routes might be configured manually
+                return True
+                
+        except Exception as e:
+            print(f"   ⚠️  Could not update routes via API: {e}")
+            print("   Assuming routes are configured in dashboard.")
+            return True
+
+    def start_tunnel_with_token(self):
+        """
+        Start tunnel using the existing service token
+        """
+        try:
+            print("🚀 Starting Cloudflare tunnel...")
+            
+            # First, try to set up DNS and routes via API
+            if self.api_token:
+                self.create_dns_records()
+                self.update_tunnel_config()
+            
+            # Get cloudflared binary
+            cloudflared_path = self.binary_manager.get_binary_path()
+            
+            # Use the existing service token from environment
+            service_token = os.getenv(
+                "CLOUDFLARE_TUNNEL_TOKEN",
+                "eyJhIjoiYzkxMTkyYWUyMGE1ZDQzZjY1ZTA4NzU1MGQ4ZGM4OWIiLCJ0IjoiMDc3N2ZjMTAtNDljNC00NzJkLTg2NjEtZjYwZDgwZDYxODRkIiwicyI6Ik9XRTNaak5tTVdVdE1tWTRaUzAwTmpoakxUazBaalF0WXpjek1tSm1ZVGt4WlRRMCJ9"
+            )
+            
+            # Start tunnel with service token
+            cmd = [
+                cloudflared_path,
+                "tunnel",
+                "--no-autoupdate",
+                "run",
+                "--token",
+                service_token
+            ]
+            
+            self.tunnel_process = subprocess.Popen(
+                cmd,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.STDOUT,
+                text=True,
+                bufsize=1
+            )
+            
+            print("⏳ Waiting for tunnel to connect...")
+            time.sleep(5)
+            
+            if self.tunnel_process.poll() is None:
+                print("✅ Tunnel is running!")
+                print(f"📌 Device ID: {self.clean_device_id}")
+                print(f"📌 Jupyter URL: {self.jupyter_url}")
+                print(f"📌 SSH hostname: {self.ssh_hostname}")
+                print(f"📌 SSH command: ssh -o ProxyCommand='cloudflared access ssh --hostname {self.ssh_hostname}' user@localhost")
+                return self.tunnel_process
+            else:
+                output = self.tunnel_process.stdout.read() if self.tunnel_process.stdout else ""
+                print(f"❌ Tunnel failed to start: {output}")
+                return None
+                
+        except Exception as e:
+            print(f"❌ Error starting tunnel: {e}")
+            return None
+
+    def setup(self, jupyter_port=8888):
+        """
+        Setup and start tunnel (maintains compatibility)
+        """
+        return self.start_tunnel_with_token()
+
+    def stop(self):
+        """
+        Stop the tunnel if running
+        """
+        if self.tunnel_process and self.tunnel_process.poll() is None:
+            print("Stopping tunnel...")
+            self.tunnel_process.terminate()
+            self.tunnel_process.wait(timeout=5)
+            print("Tunnel stopped")
+
+    def cleanup_dns(self):
+        """
+        Remove created DNS records (optional cleanup)
+        """
+        if not self.api_token or not self.created_dns_records:
+            return
+        
+        print("🧹 Cleaning up DNS records...")
+        for record_id in self.created_dns_records:
+            try:
+                url = f"{self.api_base}/zones/{self.zone_id}/dns_records/{record_id}"
+                requests.delete(url, headers=self.headers)
+                print(f"   Deleted record {record_id}")
+            except:
+                pass

unitlab/main.py

@@ -125,7 +125,7 @@ def send_metrics_into_server():
 
 @agent_app.command(name="run", help="Run the device agent with Jupyter, SSH tunnels and metrics")
 def run_agent(
-    api_key: str,
+    api_key: API_KEY,
     device_id: Annotated[str, typer.Option(help="Device ID")] = None,
     base_domain: Annotated[str, typer.Option(help="Base domain for tunnels")] = "1scan.uz",
   
@@ -140,7 +140,7 @@ def run_agent(
     )
 
     # Get server URL from environment or use default
-    server_url = 'https://api-dev.unitlab.ai/'
+    server_url = 'http://localhost:8000/'
     
     # Generate unique device ID if not provided
     if not device_id:

unitlab/tunnel_config.py

@@ -1,192 +1,165 @@
 """
-Cloudflare Tunnel Configuration for persistent subdomains
+Cloudflare Tunnel Configuration using Service Token
+No user login required - uses pre-generated service token
 """
 
-import json
+import os
 import subprocess
 import socket
 import time
-import yaml
-from pathlib import Path
+import logging
+from .binary_manager import CloudflaredBinaryManager
+
+logger = logging.getLogger(__name__)
 
 
 class CloudflareTunnel:
-    def __init__(self, base_domain, device_id):
-        # Hardcode the base domain here
-        self.base_domain = "1scan.uz"  # HARDCODED - ignore the passed base_domain
+    def __init__(self, base_domain, device_id):  # base_domain kept for compatibility
+        """
+        Initialize tunnel with service token
+        No login or credential files needed
+        """
+        # Configuration
+        self.base_domain = "1scan.uz"  # Hardcoded domain
         self.device_id = device_id
         self.hostname = socket.gethostname()
-        self.tunnel_name = f"device-{device_id}"
-        self.config_dir = Path.home() / ".cloudflared"
-        self.config_dir.mkdir(exist_ok=True)
         
-        # Subdomain names
-        self.jupyter_subdomain = f"jupyter-{device_id}"
-        self.ssh_subdomain = f"ssh-{device_id}"
+        # Initialize binary manager to handle cloudflared
+        self.binary_manager = CloudflaredBinaryManager()
+        
+        # Service token - replace with your actual token from cloudflared tunnel token command
+        # This token can ONLY run the tunnel, cannot modify or delete it
+        # To generate: cloudflared tunnel token [tunnel-name]
+        self.service_token = os.getenv(
+            "CLOUDFLARE_TUNNEL_TOKEN",
+            "eyJhIjoiYzkxMTkyYWUyMGE1ZDQzZjY1ZTA4NzU1MGQ4ZGM4OWIiLCJ0IjoiMDc3N2ZjMTAtNDljNC00NzJkLTg2NjEtZjYwZDgwZDYxODRkIiwicyI6Ik9XRTNaak5tTVdVdE1tWTRaUzAwTmpoakxUazBaalF0WXpjek1tSm1ZVGt4WlRRMCJ9"  # TODO: Replace with your new tunnel's token
+        )
+        
+        if self.service_token == "YOUR_SERVICE_TOKEN_HERE":
+            logger.warning(
+                "⚠️  No service token configured. "
+                "Set CLOUDFLARE_TUNNEL_TOKEN env var or update the token in tunnel_config.py"
+            )
+        
+        # Use single subdomain per device with service differentiation
+        # This works with *.1scan.uz wildcard certificate
+        self.device_subdomain = f"{device_id.replace('-', '').replace('_', '').lower()[:20]}"
         
-        # Full URLs - using hardcoded base_domain
-        self.jupyter_url = f"https://{self.jupyter_subdomain}.{self.base_domain}"
-        self.ssh_url = f"https://{self.ssh_subdomain}.{self.base_domain}"
+        # Both services use same subdomain
+        self.jupyter_url = f"https://{self.device_subdomain}.{self.base_domain}"
+        self.ssh_hostname = f"{self.device_subdomain}.{self.base_domain}"  # For SSH ProxyCommand
+        self.ssh_url = self.ssh_hostname  # Keep for backward compatibility
         
-        self.tunnel_uuid = None
-        self.credentials_file = None
+        self.tunnel_process = None
 
-    def login(self):
-        """Login to Cloudflare (one-time setup)"""
+    def check_cloudflared_installed(self):
+        """Check if cloudflared is installed"""
         try:
-            print("🔐 Checking Cloudflare authentication...")
             result = subprocess.run(
-                ["cloudflared", "tunnel", "login"],
+                ["cloudflared", "--version"],
                 capture_output=True,
                 text=True
             )
-            if result.returncode == 0:
-                print("✅ Cloudflare authentication successful")
-                return True
-            else:
-                print("❌ Cloudflare authentication failed")
-                return False
-        except Exception as e:
-            print(f"❌ Error during Cloudflare login: {e}")
+            return result.returncode == 0
+        except FileNotFoundError:
             return False
 
-    def create_tunnel(self):
-        """Create a named tunnel"""
+    def install_cloudflared(self):
+        """Auto-install cloudflared if not present"""
+        import platform
+        
+        system = platform.system().lower()
+        machine = platform.machine().lower()
+        
+        print("📦 Installing cloudflared...")
+        
         try:
-            print(f"🚇 Creating tunnel: {self.tunnel_name}")
-            
-            # Check if tunnel already exists
-            list_result = subprocess.run(
-                ["cloudflared", "tunnel", "list", "--output", "json"],
-                capture_output=True,
-                text=True
-            )
-            
-            if list_result.returncode == 0:
-                tunnels = json.loads(list_result.stdout)
-                for tunnel in tunnels:
-                    if tunnel.get("name") == self.tunnel_name:
-                        self.tunnel_uuid = tunnel.get("id")
-                        print(f"✅ Tunnel already exists with ID: {self.tunnel_uuid}")
-                        self.credentials_file = self.config_dir / f"{self.tunnel_uuid}.json"
-                        return True
-            
-            # Create new tunnel
-            result = subprocess.run(
-                ["cloudflared", "tunnel", "create", self.tunnel_name],
-                capture_output=True,
-                text=True
-            )
-            
-            if result.returncode == 0:
-                for line in result.stdout.split('\n'):
-                    if "Created tunnel" in line and "with id" in line:
-                        self.tunnel_uuid = line.split("with id")[1].strip()
-                        break
+            if system == "linux":
+                # Determine architecture
+                if machine in ["x86_64", "amd64"]:
+                    arch = "amd64"
+                elif machine in ["aarch64", "arm64"]:
+                    arch = "arm64"
+                else:
+                    arch = "386"
                 
-                if not self.tunnel_uuid:
-                    list_result = subprocess.run(
-                        ["cloudflared", "tunnel", "list", "--output", "json"],
-                        capture_output=True,
-                        text=True
-                    )
-                    if list_result.returncode == 0:
-                        tunnels = json.loads(list_result.stdout)
-                        for tunnel in tunnels:
-                            if tunnel.get("name") == self.tunnel_name:
-                                self.tunnel_uuid = tunnel.get("id")
-                                break
+                # Download and install
+                url = f"https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-{arch}"
                 
-                if self.tunnel_uuid:
-                    self.credentials_file = self.config_dir / f"{self.tunnel_uuid}.json"
-                    print(f"✅ Tunnel created with ID: {self.tunnel_uuid}")
-                    return True
-                    
-            print(f"❌ Failed to create tunnel: {result.stderr}")
-            return False
-            
-        except Exception as e:
-            print(f"❌ Error creating tunnel: {e}")
-            return False
-
-    def configure_dns(self):
-        """Configure DNS routes for the tunnel"""
-        try:
-            print("🌐 Configuring DNS routes...")
-            
-            # Route for Jupyter
-            jupyter_result = subprocess.run(
-                ["cloudflared", "tunnel", "route", "dns", 
-                 self.tunnel_name, f"{self.jupyter_subdomain}.{self.base_domain}"],
-                capture_output=True,
-                text=True
-            )
-            
-            if jupyter_result.returncode == 0:
-                print(f"✅ Jupyter route configured: {self.jupyter_url}")
-            else:
-                print(f"⚠️  Jupyter route may already exist or failed: {jupyter_result.stderr}")
-            
-            # Route for SSH
-            ssh_result = subprocess.run(
-                ["cloudflared", "tunnel", "route", "dns",
-                 self.tunnel_name, f"{self.ssh_subdomain}.{self.base_domain}"],
-                capture_output=True,
-                text=True
-            )
-            
-            if ssh_result.returncode == 0:
-                print(f"✅ SSH route configured: {self.ssh_url}")
-            else:
-                print(f"⚠️  SSH route may already exist or failed: {ssh_result.stderr}")
+                commands = [
+                    f"curl -L {url} -o /tmp/cloudflared",
+                    "chmod +x /tmp/cloudflared",
+                    "sudo mv /tmp/cloudflared /usr/local/bin/cloudflared 2>/dev/null || "
+                    "mkdir -p ~/.local/bin && mv /tmp/cloudflared ~/.local/bin/cloudflared"
+                ]
+                
+                for cmd in commands:
+                    subprocess.run(cmd, shell=True, check=False)
+                
+                # Add ~/.local/bin to PATH if needed
+                local_bin = os.path.expanduser("~/.local/bin")
+                if local_bin not in os.environ.get("PATH", ""):
+                    os.environ["PATH"] = f"{local_bin}:{os.environ['PATH']}"
+                
+                return self.check_cloudflared_installed()
+                
+            elif system == "darwin":
+                # Try homebrew first
+                result = subprocess.run(["brew", "install", "cloudflared"], capture_output=True)
+                if result.returncode != 0:
+                    # Fallback to direct download
+                    url = "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-darwin-amd64.tgz"
+                    subprocess.run(f"curl -L {url} | tar xz", shell=True)
+                    subprocess.run("sudo mv cloudflared /usr/local/bin/", shell=True)
+                
+                return self.check_cloudflared_installed()
+                
+            elif system == "windows":
+                print("⚠️  Please install cloudflared manually on Windows")
+                print("   Download from: https://github.com/cloudflare/cloudflared/releases")
+                return False
                 
-            return True
-            
         except Exception as e:
-            print(f"❌ Error configuring DNS: {e}")
+            logger.error(f"Failed to install cloudflared: {e}")
             return False
 
-    def create_config_file(self, jupyter_port):
-        """Create tunnel configuration file"""
-        config = {
-            "tunnel": self.tunnel_uuid,
-            "credentials-file": str(self.credentials_file),
-            "ingress": [
-                {
-                    "hostname": f"{self.jupyter_subdomain}.{self.base_domain}",
-                    "service": f"http://localhost:{jupyter_port}",
-                    "originRequest": {
-                        "noTLSVerify": True
-                    }
-                },
-                {
-                    "hostname": f"{self.ssh_subdomain}.{self.base_domain}",
-                    "service": "ssh://localhost:22",
-                    "originRequest": {
-                        "noTLSVerify": True
-                    }
-                },
-                {
-                    "service": "http_status:404"
-                }
-            ]
-        }
+    def setup(self, jupyter_port):  # jupyter_port kept for compatibility
+        """
+        Setup and start tunnel with service token
+        No login required! Binary is automatically downloaded if needed.
+        """
+        print("🚀 Setting up Cloudflare tunnel with service token...")
         
-        config_file = self.config_dir / f"config-{self.device_id}.yml"
-        with open(config_file, 'w') as f:
-            yaml.dump(config, f, default_flow_style=False)
+        # Binary manager will automatically download cloudflared if needed
+        # No manual installation required!
         
-        print(f"📝 Configuration saved to: {config_file}")
-        return config_file
+        # Start tunnel with service token
+        return self.start_tunnel_with_token()
 
-    def start_tunnel(self, config_file):
-        """Start the tunnel with the configuration"""
+    def start_tunnel_with_token(self):
+        """
+        Start the tunnel using service token
+        Binary is automatically downloaded if needed
+        """
         try:
             print("🚀 Starting Cloudflare tunnel...")
             
-            cmd = ["cloudflared", "tunnel", "--config", str(config_file), "run"]
+            # Get cloudflared binary path (downloads if needed)
+            cloudflared_path = self.binary_manager.get_binary_path()
+            print(f"📍 Using cloudflared at: {cloudflared_path}")
+            
+            # Simple command with service token
+            cmd = [
+                cloudflared_path,
+                "tunnel",
+                "--no-autoupdate",  # Prevent auto-updates during run
+                "run",
+                "--token",
+                self.service_token
+            ]
             
-            process = subprocess.Popen(
+            # Start the tunnel process
+            self.tunnel_process = subprocess.Popen(
                 cmd,
                 stdout=subprocess.PIPE,
                 stderr=subprocess.STDOUT,
@@ -195,44 +168,37 @@ class CloudflareTunnel:
             )
             
             # Wait for tunnel to establish
+            print("⏳ Waiting for tunnel to connect...")
             time.sleep(5)
             
-            if process.poll() is None:
-                print("✅ Tunnel is running")
-                return process
+            # Check if process is still running
+            if self.tunnel_process.poll() is None:
+                print("✅ Tunnel is running!")
+                print(f"📌 Device subdomain: {self.device_subdomain}.{self.base_domain}")
+                print(f"📌 Jupyter URL: {self.jupyter_url}")
+                print(f"📌 SSH access: ssh -o ProxyCommand='cloudflared access ssh --hostname {self.ssh_hostname}' user@localhost")
+                return self.tunnel_process
             else:
+                # Read any error output
+                output = self.tunnel_process.stdout.read()
                 print("❌ Tunnel failed to start")
+                print(f"Error output: {output}")
                 return None
                 
         except Exception as e:
             print(f"❌ Error starting tunnel: {e}")
             return None
 
-    def setup(self, jupyter_port):
-        """Complete setup process"""
-        # Check if we need to login
-        if not (self.config_dir / "cert.pem").exists():
-            if not self.login():
-                return None
-        
-        # Create tunnel
-        if not self.create_tunnel():
-            return None
-        
-        # Configure DNS
-        if not self.configure_dns():
-            return None
-        
-        # Create config file
-        config_file = self.create_config_file(jupyter_port)
-        
-        # Start tunnel
-        tunnel_process = self.start_tunnel(config_file)
-        
-        if tunnel_process:
-            print("\n✅ Tunnel setup complete!")
-            print(f"📌 Jupyter URL: {self.jupyter_url}")
-            print(f"📌 SSH URL: {self.ssh_url}")
-            return tunnel_process
-        
-        return None
+    def stop(self):
+        """Stop the tunnel if running"""
+        if self.tunnel_process and self.tunnel_process.poll() is None:
+            print("Stopping tunnel...")
+            self.tunnel_process.terminate()
+            self.tunnel_process.wait(timeout=5)
+            print("Tunnel stopped")
+
+    # Removed all the old methods that are no longer needed:
+    # - login() - not needed with service token
+    # - create_tunnel() - tunnel already exists
+    # - configure_dns() - already configured
+    # - create_config_file() - not needed with service token

unitlab/tunnel_service_token.py

@@ -0,0 +1,104 @@
+"""
+Service Token implementation for Cloudflare Tunnel
+More secure than embedding full credentials
+"""
+
+import os
+import subprocess
+import time
+from pathlib import Path
+
+
+class ServiceTokenTunnel:
+    """
+    Use Cloudflare Service Token instead of credentials file
+    This is more secure and doesn't require login
+    """
+    
+    # Embed the service token (generated once by admin)
+    # This token can ONLY run the tunnel, cannot modify it
+    DEFAULT_SERVICE_TOKEN = "eyJhIjoiYzkxMTkyYWUyMGE1ZDQzZjY1ZTA4NzU1MGQ4ZGM4OWIiLCJzIjoiZmdnSHowbFJFRnBHa05TZzIzV3JKMVBiaDVROGVUd0oyYWtJWThXdjhtTT0iLCJ0IjoiYjMzZGFhOGYtMmNjMy00Y2FkLWEyMjgtOTdlMDYwNzBlNjAwIn0="
+    
+    def __init__(self, device_id, service_token=None):
+        self.device_id = device_id
+        # Allow override via environment variable or parameter
+        self.service_token = (
+            service_token or 
+            os.getenv("CLOUDFLARE_TUNNEL_TOKEN") or 
+            self.DEFAULT_SERVICE_TOKEN
+        )
+        
+        # With service token, we don't need credential files
+        # The token contains all necessary information
+        
+    def start_tunnel_with_token(self):
+        """
+        Start tunnel using service token
+        No login, no credential files needed
+        """
+        print("🚀 Starting tunnel with service token...")
+        
+        # Service token method - super simple!
+        cmd = [
+            "cloudflared", 
+            "tunnel", 
+            "run",
+            "--token",
+            self.service_token
+        ]
+        
+        try:
+            # Start the tunnel
+            process = subprocess.Popen(
+                cmd,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                text=True
+            )
+            
+            # Wait for tunnel to establish
+            time.sleep(3)
+            
+            if process.poll() is None:
+                print("✅ Tunnel running with service token")
+                return process
+            else:
+                print("❌ Failed to start tunnel")
+                return None
+                
+        except Exception as e:
+            print(f"❌ Error: {e}")
+            return None
+    
+    def get_tunnel_info(self):
+        """
+        Service tokens use predetermined URLs
+        The admin sets these up when creating the tunnel
+        """
+        # These URLs are configured when creating the tunnel
+        base_domain = "1scan.uz"
+        return {
+            "jupyter_url": f"https://jupyter-{self.device_id}.{base_domain}",
+            "ssh_url": f"https://ssh-{self.device_id}.{base_domain}"
+        }
+
+
+# Usage example
+def run_with_service_token(device_id):
+    """
+    Example of how simple it is with service token
+    """
+    tunnel = ServiceTokenTunnel(device_id)
+    
+    # No login needed!
+    # No credential files needed!
+    # Just run with the token
+    process = tunnel.start_tunnel_with_token()
+    
+    if process:
+        urls = tunnel.get_tunnel_info()
+        print(f"Jupyter: {urls['jupyter_url']}")
+        print(f"SSH: {urls['ssh_url']}")
+        return process
+    
+    return None

{unitlab-2.3.3.dist-info → unitlab-2.3.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: unitlab
-Version: 2.3.3
+Version: 2.3.5
 Home-page: https://github.com/teamunitlab/unitlab-sdk
 Author: Unitlab Inc.
 Author-email: team@unitlab.ai
@@ -23,4 +23,5 @@ Requires-Dist: typer
 Requires-Dist: validators
 Requires-Dist: psutil
 Requires-Dist: pyyaml
+Requires-Dist: jupyter
 

unitlab-2.3.5.dist-info/RECORD

@@ -0,0 +1,16 @@
+unitlab/__init__.py,sha256=Wtk5kQ_MTlxtd3mxJIn2qHVK5URrVcasMMPjD3BtrVM,214
+unitlab/__main__.py,sha256=6Hs2PV7EYc5Tid4g4OtcLXhqVHiNYTGzSBdoOnW2HXA,29
+unitlab/binary_manager.py,sha256=bZmT07K2InCrZp1KYXgLntEqnQxPFLqPBDf-LcG25Yo,4544
+unitlab/client.py,sha256=G4qDgqhLK4wMvQaLbYSpMUZQgaJ_0kjpBTF-_Qjc2oA,24252
+unitlab/cloudflare_api_tunnel.py,sha256=9HLr4ebwYVv5gsM6gKRyDUSTUoeULt48hmz6ABoP_FA,11093
+unitlab/exceptions.py,sha256=68Tr6LreEzjQ3Vns8HAaWdtewtkNUJOvPazbf6NSnXU,950
+unitlab/main.py,sha256=4EM2A3cHVOBe_Bp31zRE-0-WCrqxpIf8mtF5fP-gADw,5252
+unitlab/tunnel_config.py,sha256=7CiAqasfg26YQfJYXapCBQPSoqw4jIx6yR64saybLLo,8312
+unitlab/tunnel_service_token.py,sha256=ji96a4s4W2cFJrHZle0zBD85Ac_T862-gCKzBUomrxM,3125
+unitlab/utils.py,sha256=83ekAxxfXecFTg76Z62BGDybC_skKJHYoLyawCD9wGM,1920
+unitlab-2.3.5.dist-info/LICENSE.md,sha256=Gn7RRvByorAcAaM-WbyUpsgi5ED1-bKFFshbWfYYz2Y,1069
+unitlab-2.3.5.dist-info/METADATA,sha256=fj1zH_aN8EHYrIl8QFCvl5_e41JD2HdKHlW5fwpTp3Y,814
+unitlab-2.3.5.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
+unitlab-2.3.5.dist-info/entry_points.txt,sha256=ig-PjKEqSCj3UTdyANgEi4tsAU84DyXdaOJ02NHX4bY,45
+unitlab-2.3.5.dist-info/top_level.txt,sha256=Al4ZlTYE3fTJK2o6YLCDMH5_DjuQkffRBMxgmWbKaqQ,8
+unitlab-2.3.5.dist-info/RECORD,,

unitlab-2.3.3.dist-info/RECORD

@@ -1,13 +0,0 @@
-unitlab/__init__.py,sha256=Wtk5kQ_MTlxtd3mxJIn2qHVK5URrVcasMMPjD3BtrVM,214
-unitlab/__main__.py,sha256=6Hs2PV7EYc5Tid4g4OtcLXhqVHiNYTGzSBdoOnW2HXA,29
-unitlab/client.py,sha256=LGbjto3jisF5LojlYjJyLKRc55wxfZTO_tkoipZBKd4,22910
-unitlab/exceptions.py,sha256=68Tr6LreEzjQ3Vns8HAaWdtewtkNUJOvPazbf6NSnXU,950
-unitlab/main.py,sha256=XD8PF_EJ1gAKqHcRT_bWy62LWrODGWMx2roKoaQaoY4,5253
-unitlab/tunnel_config.py,sha256=lfWXKTPKlhHOxECUA0_HhynrKfOZ345nLo0qA7XtfbE,8571
-unitlab/utils.py,sha256=83ekAxxfXecFTg76Z62BGDybC_skKJHYoLyawCD9wGM,1920
-unitlab-2.3.3.dist-info/LICENSE.md,sha256=Gn7RRvByorAcAaM-WbyUpsgi5ED1-bKFFshbWfYYz2Y,1069
-unitlab-2.3.3.dist-info/METADATA,sha256=pO2UGvjS3FoVgAXZKlHUeBONoWAnLgVkZ2I55UyiSGs,791
-unitlab-2.3.3.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
-unitlab-2.3.3.dist-info/entry_points.txt,sha256=ig-PjKEqSCj3UTdyANgEi4tsAU84DyXdaOJ02NHX4bY,45
-unitlab-2.3.3.dist-info/top_level.txt,sha256=Al4ZlTYE3fTJK2o6YLCDMH5_DjuQkffRBMxgmWbKaqQ,8
-unitlab-2.3.3.dist-info/RECORD,,