support SSL ws session

hbd/server.py

@@ -5,6 +5,8 @@ import socket
 import time
 import signal
 import sys
+import ssl
+import pathlib
 from . import __version__
 
 from . import udp
@@ -82,7 +84,6 @@ async def _run_async(config):
 
     notify_mod.setup(config)
 
-    email = notify_mod.email
     pushmsg = notify_mod.pushmsg_from_config
 
     sock = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
@@ -106,7 +107,6 @@ async def _run_async(config):
             config=config,
             hbdclass=hbdclass,
             log=log,
-            email=email,
             pushmsg=pushmsg,
             msg_to_websockets=msg_to_websockets,
             DEBUG=config.get("debug", 0),
@@ -129,7 +129,6 @@ async def _run_async(config):
                 hbdclass=hbdclass,
                 msgs_getter=lambda: msgs,
                 log=log,
-                email=email,
                 pushmsg=pushmsg,
                 msg_to_websockets=msg_to_websockets,
                 tcss=None,
@@ -146,19 +145,33 @@ async def _run_async(config):
     # start dns update worker (async)
     dns_task = None
     try:
-        dns_task = dns_mod.start_dns_worker(hbdclass, config, log=log, email=email, loop=loop)
+        dns_task = dns_mod.start_dns_worker(hbdclass, config, log=log, pushmsg=pushmsg, loop=loop)
         logger.info("dns update worker started")
     except Exception as e:
         logger.exception("dns worker failed to start: %s", e)
 
     # Start the websocket servers as a background task
+    if config.get("wss_port", None):
+        ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+        ssl_path = config.get("cert_path", "")
+        wss_pem = ssl_path + config.get("wss_pem", "")
+        wss_key = ssl_path + config.get("wss_key", "")
+        try:
+            ssl_context.load_cert_chain(wss_pem, keyfile=wss_key)
+        except FileNotFoundError:
+            logger.error("error: missing SSL keys %s or %s", wss_pem, wss_key)
+            sys.exit(1)
+        logger.info("Starting secure WebSocket server on port %s with cert %s", config.get("wss_port", None), wss_pem)
+    else:
+        ssl_context = None
+
     try:
         ws_task = asyncio.create_task(
             ws_mod.start(
                 host=config.get("hbd_host", ""),
-                ws_port=config.get("ws_port", 50005),
+                ws_port=config.get("ws_port", None),
                 wss_port=config.get("wss_port", None),
-                ssl_context=None,
+                ssl_context=ssl_context,
                 get_hosts=lambda: [hbdclass.Host.hosts[h].stateinfo() for h in sorted(hbdclass.Host.hosts)],
                 get_msgs=lambda: msgs,
                 verbose=config.get("verbose", False),
@@ -175,7 +188,6 @@ async def _run_async(config):
                 config=config,
                 hbdclass=hbdclass,
                 log=log,
-                email=email,
                 pushmsg=pushmsg,
                 msg_to_websockets=msg_to_websockets,
             )