WebSSH/__main__.py

import os
import webssh
import logging
import paramiko
import subprocess
import tornado.web
import tornado.ioloop
from tornado.options import define, options
from webssh.handler import IndexHandler, WsockHandler, NotFoundHandler
from .Fonts import Font, get_font_filename, base_dir, font_dirs, max_body_size
from .Tools import get_ssl_context, get_server_settings, check_encoding_setting, print_version
from .AppHandler import AppHandler

logging.getLogger("tornado.access").setLevel(logging.DEBUG)
logging.getLogger("tornado.application").setLevel(logging.DEBUG)
logging.getLogger("tornado.general").setLevel(logging.DEBUG)

# Define application options
define('address', default='0.0.0.0', help='Listen address')
define('port', type=int, default=7860,  help='Listen port')
define('ssladdress', default='', help='SSL listen address')
define('sslport', type=int, default=4433,  help='SSL listen port')
define('certfile', default='', help='SSL certificate file')
define('keyfile', default='', help='SSL private key file')
define('debug', type=bool, default=True, help='Debug mode')
define('policy', default='autoadd', help='Missing host key policy, reject|autoadd|warning')
define('hostfile', default='', help='User defined host keys file')
define('syshostfile', default='/etc/ssh/ssh_known_hosts', help='System wide host keys file')
define('tdstream', default='', help='Trusted downstream, separated by comma')
define('redirect', type=bool, default=True, help='Redirecting http to https')
define('fbidhttp', type=bool, default=False, help='Forbid public plain http incoming requests')
define('xheaders', type=bool, default=False, help='Support xheaders')
define('xsrf', type=bool, default=False, help='CSRF protection')
define(
    "origin",
    default="*",
    help="""Origin policy,
'same': same origin policy, matches host name and port number;
'primary': primary domain policy, matches primary domain only;
'<domains>': custom domains policy, matches any domain in the <domains> list
separated by comma;
'*': wildcard policy, matches any domain, allowed in debug mode only.""",
)
define('wpintvl', type=float, default=30, help='Websocket ping interval')
define('timeout', type=float, default=20, help='SSH connection timeout')
define('delay', type=float, default=60, help='The delay to call recycle_worker')
define('maxconn', type=int, default=4, help='Maximum live connections (ssh sessions) per client')
define('font', default='', help='custom font filename')

define(
    "encoding",
    default="utf-8",
    help="""The default character encoding of ssh servers.
Example: --encoding='utf-8' to solve the problem with some switches&routers""",
)

define('version', type=bool, help='Show version information',callback=print_version)


def make_app(loop): 
    # Set SSH host key policy
    policy = paramiko.AutoAddPolicy() if options.policy == 'autoadd' else paramiko.RejectPolicy()
    # Define host keys settings
    host_keys_settings = {
        'system_host_keys': paramiko.util.load_host_keys('/etc/ssh/ssh_known_hosts'),
        'host_keys': paramiko.HostKeys(),
        'host_keys_filename': None
    }
    template_path=os.path.join(base_dir, '', 'templates'),
    static_path=os.path.join(base_dir, '', 'static'),

    #print(f"* Path: {base_dir},\n* Template Path: {template_path}, \n* Static Path: {static_path}")

    # Create Tornado application
    return tornado.web.Application(
        [
            (r'/', IndexHandler, dict(loop=loop, policy=policy, host_keys_settings=host_keys_settings)),
            (r'/ws', WsockHandler, dict(loop=loop)),
            (r'/app', AppHandler),  # Route for your new page
        ],
        xsrf_cookies=options.xsrf,
        debug=options.debug,
        font=Font(
            get_font_filename(options.font, os.path.join(base_dir, *font_dirs)),
            font_dirs[1:]
        ),
        template_path=os.path.join(base_dir, '', 'templates'),
        static_path=os.path.join(base_dir, '', 'static'),
        origin_policy=options.origin,
        origin=options.origin,
        #websocket_ping_interval=options.wpintvl,
        #origin_policy=get_origin_setting(options),
    )

def app_listen(app, port, address, server_settings):
    app.listen(port, address, **server_settings)
    if not server_settings.get('ssl_options'):
        server_type = 'http'
    else:
        server_type = 'https'
        handler.redirecting = True if options.redirect else False
    logging.info('Listening on {}:{} ({})'.format(address, port, server_type))


if __name__ == '__main__':
    loop = tornado.ioloop.IOLoop.current()
    check_encoding_setting(options.encoding)
    # Parse command-line options
    tornado.options.parse_command_line()
    # Create and start the application
    app = make_app(loop)
    ssl_ctx = get_ssl_context(options)
    server_settings = get_server_settings(options)
    app_listen(app, options.port, options.address, server_settings)
    if ssl_ctx:
        server_settings.update(ssl_options=ssl_ctx)
        app_listen(app, options.sslport, options.ssladdress, server_settings)

    loop.start()