switch to using unix-sockets

FZJ-JSC · May 23, 2024 · eac6e03 · eac6e03
1 parent 13ddd96
commit eac6e03
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 60 deletions.
diff --git a/jupyter_xprahtml5_proxy/__init__.py b/jupyter_xprahtml5_proxy/__init__.py
@@ -33,15 +33,7 @@ def get_xpra_executable(prog):
 
 
 def _xprahtml5_urlparams():
-    from getpass import getuser
-
-    url_params = '?' + '&'.join([
-        'username=' + getuser(),
-        'password=' + _xprahtml5_passwd,
-        'encryption=AES',
-        'key=' + _xprahtml5_aeskey,
-        'sharing=true',
-    ])
+    url_params = '?sharing=true'
 
     return url_params
 
@@ -60,48 +52,12 @@ def setup_xprahtml5():
     """ Setup commands and and return a dictionary compatible
         with jupyter-server-proxy.
     """
-    from pathlib import Path
-    from tempfile import gettempdir, mkstemp, mkdtemp
-    from random import choice
-    from string import ascii_letters, digits
-
-    global _xprahtml5_passwd, _xprahtml5_aeskey
-
-    # password generator
-    def _get_random_alphanumeric_string(length):
-        letters_and_digits = ascii_letters + digits
-        return (''.join((choice(letters_and_digits) for i in range(length))))
+    from tempfile import mkdtemp
 
     # ensure a known secure sockets directory exists, as /run/user/$UID might not be available
-    socket_path = mkdtemp(prefix='xpra_sockets_' + str(os.getuid()))
+    socket_path = mkdtemp(prefix='xpra_sockets_' + str(os.getuid()) + '_')
     logger.info('Created secure socket directory for Xpra: ' + socket_path)
 
-    # generate file with random one-time-password
-    _xprahtml5_passwd = _get_random_alphanumeric_string(16)
-    try:
-        fd_passwd, fpath_passwd = mkstemp()
-        logger.info('Created secure password file for Xpra: ' + fpath_passwd)
-
-        with open(fd_passwd, 'w') as f:
-            f.write(_xprahtml5_passwd)
-
-    except Exception:
-        logger.error("Passwd generation in temp file FAILED")
-        raise FileNotFoundError("Passwd generation in temp file FAILED")
-
-    # generate file with random encryption key
-    _xprahtml5_aeskey = _get_random_alphanumeric_string(16)
-    try:
-        fd_aeskey, fpath_aeskey = mkstemp()
-        logger.info('Created secure encryption key file for Xpra: ' + fpath_aeskey)
-
-        with open(fd_aeskey, 'w') as f:
-            f.write(_xprahtml5_aeskey)
-
-    except Exception:
-        logger.error("Encryption key generation in temp file FAILED")
-        raise FileNotFoundError("Encryption key generation in temp file FAILED")
-
     # launchers url file including url parameters
     path_info = 'xprahtml5/index.html' + _xprahtml5_urlparams()
 
@@ -110,15 +66,9 @@ def _get_random_alphanumeric_string(length):
         get_xpra_executable('xpra'),
         'start',
         '--html=on',
-        '--bind-tcp=0.0.0.0:{port}',
-        # '--socket-dir="' + socket_path + '/"',  # fixme: socket_dir not recognized
-        # '--server-idle-timeout=86400',  # stop server after 24h with no client connection
-        # '--exit-with-client=yes',  # stop Xpra when the browser disconnects
+        '--bind={unix_socket},auth=none',  # using sockets + jupyter-server-proxy => auth is not needed here
+        '--socket-dir=' + socket_path,
         '--start=xterm -fa "DejaVu Sans Mono" -fs 14',
-        # '--start-child=xterm', '--exit-with-children',
-        '--tcp-auth=file:filename=' + fpath_passwd,
-        '--tcp-encryption=AES',
-        '--tcp-encryption-keyfile=' + fpath_aeskey,
         '--clipboard-direction=both',
         '--no-keyboard-sync',  # prevent keys from repeating unexpectedly on high latency
         '--no-mdns',  # do not advertise the xpra session on the local network
@@ -127,18 +77,19 @@ def _get_random_alphanumeric_string(length):
         '--no-printing',
         '--no-microphone',
         '--no-notifications',
+        # '--dbus-control=no',
         '--no-systemd-run',  # do not delegated start-cmd to the system wide proxy server instance
-        # '--dpi=96',  # only needed if Xserver does not support dynamic dpi change
         '--sharing',  # this allows to open the desktop in multiple browsers at the same time
         '--no-daemon',  # mandatory
     ]
     logger.info('Xpra command: ' + ' '.join(cmd))
 
     return {
-        'environment': {  # as '--socket-dir' does not work as expected, we set this
+        'environment': {
             'XDG_RUNTIME_DIR': socket_path,
         },
         'command': cmd,
+        'unix_socket': socket_path + '/xpra-server',
         'mappath': _xprahtml5_mappath,
         'absolute_url': False,
         'timeout': 90,

diff --git a/requirements.txt b/requirements.txt
@@ -1 +1,2 @@
-jupyter-server-proxy>=1.4
+jupyter-server-proxy>=4.0
+tornado>=6.3
diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 with open(path.join(HERE, 'README.md'), 'r', encoding = 'utf-8') as fh:
     long_description = fh.read()
 
-version='0.3.5'
+version='0.4.0'
 setup(
     name = 'jupyter-xprahtml5-proxy',
     version = version,
@@ -35,7 +35,10 @@
         ]
     },
     python_requires = '>=3.6',
-    install_requires = ['jupyter-server-proxy>=3.1.0'],
+    install_requires=[
+        'jupyter-server-proxy>=4.0.0',
+        'tornado>=6.3'
+    ],
     include_package_data = True,
     zip_safe = False
 )