#!/usr/bin/env python3
"""Serve host.html / remote.html / modem.js over HTTPS.

Auto-generates a self-signed cert on first run. Listens on 0.0.0.0:8443.
"""
import http.server
import os
import socket
import ssl
import subprocess
import sys
from pathlib import Path

HERE = Path(__file__).resolve().parent
CERT = HERE / 'cert.pem'
KEY  = HERE / 'key.pem'
PORT = 8443

def ensure_cert():
    if CERT.exists() and KEY.exists():
        return
    print(f'[+] generating self-signed cert at {CERT}')
    subprocess.run([
        'openssl', 'req', '-x509', '-newkey', 'rsa:2048',
        '-keyout', str(KEY), '-out', str(CERT),
        '-days', '3650', '-nodes',
        '-subj', '/CN=glrm10-transfer',
        '-addext', 'subjectAltName=DNS:localhost,IP:127.0.0.1',
    ], check=True)

def lan_ip():
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    try:
        s.connect(('8.8.8.8', 80))
        return s.getsockname()[0]
    finally:
        s.close()

def main():
    os.chdir(HERE)
    ensure_cert()

    ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
    ctx.load_cert_chain(str(CERT), str(KEY))

    class NoCacheHandler(http.server.SimpleHTTPRequestHandler):
        def end_headers(self):
            self.send_header('Cache-Control', 'no-store')
            super().end_headers()

    srv = http.server.ThreadingHTTPServer(('0.0.0.0', PORT), NoCacheHandler)
    srv.socket = ctx.wrap_socket(srv.socket, server_side=True)

    ip = lan_ip()
    print(f'[+] serving {HERE} on:')
    print(f'    https://localhost:{PORT}/host.html   (host browser — operator\'s machine)')
    print(f'    https://{ip}:{PORT}/remote.html  (remote Windows browser)')
    print(f'    accept the self-signed cert warning on each page.')
    print(f'[+] Ctrl-C to stop')
    try:
        srv.serve_forever()
    except KeyboardInterrupt:
        print('\n[+] stopped')

if __name__ == '__main__':
    sys.exit(main())