#!/usr/bin/env python3 """Hermes Web Chat Server - password-protected web chat interface. Uses only Python standard library. No pip installs required. Usage: python3 server.py Then open http://:8888 in a browser. Default password: Hermes2026! (change it below) """ import http.server import json import urllib.parse import hashlib import os import sys import subprocess import time import threading # ========== CONFIG ========== PASSWORD = "Hermes2026!" PORT = 8888 HOST = "0.0.0.0" HERMES_CLI = "hermes" USE_SSL = False # Set True only if NOT behind Nginx SSL termination SSL_CERT = "/etc/nginx/hermes.crt" SSL_KEY = "/etc/nginx/hermes.key" # ============================ sessions = {} sessions_lock = threading.Lock() def gen_session_id(): return hashlib.sha256(os.urandom(32) + str(time.time()).encode()).hexdigest()[:32] LOGIN_PAGE = """ Hermes Chat - 登录

🦉 Hermes Chat

输入密码进入聊天

密码错误

""" CHAT_PAGE = """ Hermes Chat

你好！我是 Hermes Agent，有什么可以帮你的？

""" class Handler(http.server.BaseHTTPRequestHandler): def log_message(self, fmt, *args): pass def get_session(self): cookie = self.headers.get('Cookie', '') for part in cookie.split(';'): part = part.strip() if part.startswith('sid='): sid = part[4:] with sessions_lock: if sid in sessions: return sid, sessions[sid] return None, None def set_session(self, sid, data): with sessions_lock: sessions[sid] = data def del_session(self, sid): with sessions_lock: sessions.pop(sid, None) def do_GET(self): sid, data = self.get_session() path = self.path.split('?')[0] if path == '/': if sid and data: self.send_response(200) self.send_header('Content-Type', 'text/html; charset=utf-8') self.end_headers() self.wfile.write(CHAT_PAGE.encode()) else: self.send_response(200) self.send_header('Content-Type', 'text/html; charset=utf-8') self.end_headers() self.wfile.write(LOGIN_PAGE.encode()) else: self.send_response(404) self.end_headers() def do_POST(self): path = self.path.split('?')[0] content_len = int(self.headers.get('Content-Length', 0)) body = self.rfile.read(content_len) if content_len else b'' if path == '/api/login': try: data = json.loads(body) if data.get('password') == PASSWORD: sid = gen_session_id() self.set_session(sid, {'created': time.time()}) self.send_response(200) self.send_header('Content-Type', 'application/json') self.send_header('Set-Cookie', f'sid={sid}; Path=/; HttpOnly; SameSite=Strict; Max-Age=86400') self.end_headers() self.wfile.write(json.dumps({'ok': True}).encode()) else: self.send_response(200) self.send_header('Content-Type', 'application/json') self.end_headers() self.wfile.write(json.dumps({'ok': False, 'error': '密码错误'}).encode()) except Exception as e: self.send_response(400) self.send_header('Content-Type', 'application/json') self.end_headers() self.wfile.write(json.dumps({'ok': False, 'error': str(e)}).encode()) elif path == '/api/logout': sid, _ = self.get_session() if sid: self.del_session(sid) self.send_response(200) self.send_header('Content-Type', 'application/json') self.send_header('Set-Cookie', 'sid=; Path=/; Max-Age=0') self.end_headers() self.wfile.write(json.dumps({'ok': True}).encode()) elif path == '/api/chat': sid, data = self.get_session() if not sid: self.send_response(401) self.send_header('Content-Type', 'application/json') self.end_headers() self.wfile.write(json.dumps({'ok': False, 'error': '未登录'}).encode()) return try: req = json.loads(body) message = req.get('message', '').strip() if not message: self.send_response(200) self.send_header('Content-Type', 'application/json') self.end_headers() self.wfile.write(json.dumps({'ok': False, 'error': '消息为空'}).encode()) return result = subprocess.run( [HERMES_CLI, 'chat', '-Q', '-q', message, '--yolo'], capture_output=True, text=True, timeout=120, env={**os.environ, 'PATH': os.environ.get('PATH', '')} ) response = result.stdout.strip() lines = [l for l in response.split('\n') if l.strip() and not l.strip().startswith('session_id:')] response = '\n'.join(lines).strip() if result.returncode != 0 and not response: response = f"Error: {result.stderr.strip()}" if result.stderr.strip() else "未知错误" self.send_response(200) self.send_header('Content-Type', 'application/json') self.end_headers() self.wfile.write(json.dumps({'ok': True, 'response': response}).encode()) except subprocess.TimeoutExpired: self.send_response(200) self.send_header('Content-Type', 'application/json') self.end_headers() self.wfile.write(json.dumps({'ok': False, 'error': '请求超时，请重试'}).encode()) except Exception as e: self.send_response(200) self.send_header('Content-Type', 'application/json') self.end_headers() self.wfile.write(json.dumps({'ok': False, 'error': str(e)}).encode()) else: self.send_response(404) self.end_headers() def main(): server = http.server.HTTPServer((HOST, PORT), Handler) if USE_SSL: import ssl ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) ctx.load_cert_chain(SSL_CERT, SSL_KEY) server.socket = ctx.wrap_socket(server.socket, server_side=True) proto = "HTTPS" else: proto = "HTTP" print(f"Hermes Web Chat running on {proto}://{HOST}:{PORT}") print(f"Password: {PASSWORD}") try: server.serve_forever() except KeyboardInterrupt: print("\nShutting down...") server.shutdown() if __name__ == '__main__': main()