g&(UddlmZddlZddlZddlmZmZmZddlm Z ddl Z ddl Z ddl Z ddlZ ddlZ ddlmZddlmZddlmZddlmZdd lmZdd lmZmZmZdd lmZdd lm Z m!Z!m"Z"er dd l#m$Z$ddl%m&Z&ee'Z(de)d<GddeeZ*y)) annotationsN) TYPE_CHECKINGAnyFinal)urlparse)utf8)WebSocketHandler)config) get_logger)BackMsg)Runtime SessionClientSessionClientDisconnectedError)serialize_forward_msg)AUTH_COOKIE_NAMEis_url_from_allowed_originsis_xsrf_enabled) Awaitable) ForwardMsgr_LOGGERceZdZdZd dZ d dfd Zdfd ZddZddZddZ ddZ dd Z dd Z dd Z dd ZxZS)BrowserWebSocketHandlerz/Handles a WebSocket connection from the browsercN||_d|_tr |j}yyN)_runtime _session_idr xsrf_token)selfruntime_s c/var/www/openai/venv/lib/python3.12/site-packages/streamlit/web/server/browser_websocket_handler.py initializez"BrowserWebSocketHandler.initialize4s' '+  A cl t|||||S#t$rt| ||||cYSwxYw)zGet a signed cookie from the request. Added for compatibility with Tornado < 6.3.0. See release notes: https://www.tornadoweb.org/en/stable/releases/v6.3.0.html#deprecation-notices )superget_signed_cookieAttributeErrorget_secure_cookie)rnamevalue max_age_days min_version __class__s r!r&z)BrowserWebSocketHandler.get_signed_cookie?sF U7,T5, T T U7,T5, T T Us 33c<t||xs t|S)z Set up CORS.)r% check_originr)roriginr-s r!r/z$BrowserWebSocketHandler.check_originOsw#F+R/J6/RRr#c|j|\}}}|j\}}}t|}t|}|r|sytj||S)zInspired by tornado.web.RequestHandler.check_xsrf_cookie method, to check the XSRF token passed in Websocket connection header. F)_decode_xsrf_token_get_raw_xsrf_tokenrhmaccompare_digest)rsupplied_tokenr tokenexpected_token decoded_tokendecoded_expected_tokens r!_validate_xsrf_tokenz,BrowserWebSocketHandler._validate_xsrf_tokenSs`--n= 5!#779>1U !%n!5$:""=2HIIr#c6tj|}i}|jdd}t|jj d}|j dz|jz}||k(r,|jdd|d<|d=|d=|j||S)zProcess the user cookie and extract the user info after validating the origin. Origin is validated for security reasons. r0NOriginz:// is_logged_inF) jsonloadsgetrrequestheadersschemenetlocupdate)rraw_cookie_value cookie_value user_infocookie_value_originparsed_origin_from_headerexpected_origin_values r!_parse_user_cookiez*BrowserWebSocketHandler._parse_user_cookieaszz"23  *..x>$,T\\-A-A(-K$L! % , ,u 47P7W7W W  "7 7(4(8(8(OIn %X&^,   \ *r#c |jt|dy#tjj$r }t |d}~wwxYw)z!Send a ForwardMsg to the browser.T)binaryN) write_messagertornado websocketWebSocketClosedErrorr)rmsges r!write_forward_msgz)BrowserWebSocketHandler.write_forward_msgusD 8   4S9$  G  55 80a 7 8sAAAc|r|dSy)aReturn the first subprotocol in the given list. This method is used by Tornado to select a protocol when the Sec-WebSocket-Protocol header is set in an HTTP Upgrade request. NOTE: We repurpose the Sec-WebSocket-Protocol header here in a slightly unfortunate (but necessary) way. The browser WebSocket API doesn't allow us to set arbitrary HTTP headers, and this header is the only one where we have the ability to set it to arbitrary values, so we use it to pass tokens (in this case, the previous session ID to allow us to reconnect to it) from client to server as the *third* value in the list. The reason why the auth token is set as the third value is that: - when Sec-WebSocket-Protocol is set, many clients expect the server to respond with a selected subprotocol to use. We don't want that reply to be the session token, so we by convention have the client always set the first protocol to "streamlit" and select that. - the second protocol in the list is reserved in some deployment environments for an auth token that we currently don't use rN)r subprotocolss r!select_subprotocolz*BrowserWebSocketHandler.select_subprotocol|s* ? "r#ci}d} |jjdjdDcgc]}|j}}|j t }t r8|r6|d}|j|r |j|j|t|dk\r|d}|jj||||_ycc}w#t$rY4wxYw)NzSec-Websocket-Protocol,)clientrIexisting_session_id)rBrCsplitstripr&rrr;rFrMlenKeyErrorrconnect_sessionr) rargskwargsrIrap ws_protocolsrGcsrf_protocol_values r!openzBrowserWebSocketHandler.opens24 " --.FGMMcRRA R  $556FG  %5&21o#,,-@A$$T%<%<=M%NO< A%'31o#  ==88 39  5    s#*CCA,CC C('C(cv|jsy|jj|jd|_yr)rrdisconnect_sessionrs r!on_closez BrowserWebSocketHandler.on_closes.  (()9)9:r#c2tjdriSy)zEnable WebSocket compression. Returning an empty dict enables websocket compression. Returning None disables it. (See the docstring in the parent class.) z!server.enableWebsocketCompressionN)r get_optionros r!get_compression_optionsz/BrowserWebSocketHandler.get_compression_optionss   @ AIr#cN|jsy t|tr tdt }|j |t jd||jddk(rQtjdstjdr|jyt j!dy|jdd k(r[tjdstjdr|jj#yt j!d y|jj%|j|y#t$rE}t jd|jj|j|Yd}~yd}~wwxYw) NzIWebSocket received an unexpected `str` message. (We expect `bytes` only.)z'Received the following back message: %sz Error deserializing back messagetypedebug_disconnect_websocketzglobal.developmentModezglobal.e2eTestzQClient tried to disconnect websocket when not in development mode or e2e testing.debug_shutdown_runtimezNClient tried to shut down runtime when not in development mode or e2e testing.)r isinstancestr RuntimeErrorr ParseFromStringrdebug Exception exceptionr(handle_backmsg_deserialization_exception WhichOneofr rrclosewarningstophandle_backmsg)rpayloadrTexs r! on_messagez"BrowserWebSocketHandler.on_messagesS  '3'#0 )C    ( MMDc J >>& !%A A  !9:f>O>O ? g^^F #'? ?  !9:f>O>O ? ""$d MM ( ()9)93 ?9    @ A MM B B4CSCSUW X  sA E F$;FF$)rr returnNone)NN) r)ryr* str | Noner+floatr,z int | Nonerz bytes | None)r0ryrbool)r6ryrr)rGbytesrzdict[str, Any])rTrrr)rYz list[str]rr)rzAwaitable[None] | None)rr)rzdict[Any, Any] | None)rz str | bytesrr)__name__ __module__ __qualname____doc__r"r&r/r;rMrVrZrlrprsr __classcell__)r-s@r!rr1s9  ! "& UUU U  U  U S J(84B -@r#r)+ __future__rr4r?typingrrr urllib.parsertornado.concurrentrQ tornado.lockstornado.netutil tornado.webtornado.websockettornado.escaperr streamlitr streamlit.loggerr streamlit.proto.BackMsg_pb2r streamlit.runtimer rrstreamlit.runtime.runtime_utilr streamlit.web.server.server_utilrrrcollections.abcrstreamlit.proto.ForwardMsg_pb2rrr__annotations__rrXr#r!rsw# ,,!.'/TT@ )9H%%E@. E@r#