Add test signaling server scripts

modulrmike · modulrmike · commit 34b89fa55d39 · 2025-11-19T12:56:11.000Z
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,5 @@
 /target
 Cargo.lock
+
+scripts/venv
+scripts/certs
diff --git a/README.md b/README.md
@@ -92,6 +92,51 @@ cargo run -- start
 cargo run -- -vvv start
 ```
 
+## Developer Signaling Server
+
+In addition to running the Robot Teleapp webapp at https://github.com/ModulrCloud/robot-teleop-webapp, the `scripts` folder provides a local signaling server for testing robot connections. Note that this doesn't expose the server to the internet (without further user configuration), so only robots on the same LAN will be able to access it.
+
+Python with virtualenv is recommended to run the server. To install dependencies and create certificates on Ubuntu:
+
+```bash
+sudo apt install -y python3-virtualenv
+cd scripts
+virtualenv venv
+source venv/bin/activate
+pip install -r requirements.txt
+./make_creds.sh
+```
+
+After creating the certificates, your OS will need to trust that certificate before you can connect using it. On Windows, this means following the steps [in this guide](https://learn.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate).
+
+Linux can accomplish the same using these commands:
+
+```bash
+sudo cp certs/dev-root-ca.pem /usr/local/share/ca-certificates/dev-root-ca.crt
+sudo update-ca-certificates
+```
+
+Once the CA has been added, run the signaling server:
+
+```bash
+python signaling_server.py
+```
+
+You can test a connection by sourcing the virtual environment in another terminal and running:
+
+```bash
+python test_signaling_server.py
+```
+
+Check the logs of the signaling server to see that a robot with ID robot1 has connected and disconnected. If this is successful, use your local IP address as the signaling server for both your robot and the teleop webapp. The address is `wss://<your ip>:8765`, e.g. `wss://192.168.0.200:8765`. The argument `--allow-skip-cert-check` will also need to be passed to the robot. For example:
+
+```bash
+# Set the new signaling server URL to a test config
+cargo run -- initial-setup --config-override ./test_config.json --robot-id testrobot --signaling-url wss://192.168.0.200:8765
+# Run the agent, skipping the security checks
+cargo run -- -vvv start --config-override ./test_config.json --allow-skip-cert-check
+```
+
 ## Running in Simulation
 
 If not running on a real robot, you can test the system using a Turtlebot simulation. Install the turtlebot simulator using:
diff --git a/scripts/make_creds.sh b/scripts/make_creds.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+set -e
+
+# -----------------------------
+# Config
+# -----------------------------
+ROOT_CA_NAME="dev-root-ca"
+SERVER_CERT_NAME="dev-server"
+CERT_DIR="./certs"
+DAYS=3650  # Validity in days
+
+# -----------------------------
+# Create certs directory
+# -----------------------------
+mkdir -p "$CERT_DIR"
+
+# -----------------------------
+# Detect local IP address
+# -----------------------------
+LOCAL_IP=$(hostname -I | awk '{print $1}')
+echo "Detected local IP: $LOCAL_IP"
+
+# -----------------------------
+# Generate Root CA
+# -----------------------------
+echo "Generating root CA..."
+openssl genrsa -out "$CERT_DIR/$ROOT_CA_NAME.key" 2048
+openssl req -x509 -new -nodes -key "$CERT_DIR/$ROOT_CA_NAME.key" \
+  -sha256 -days $DAYS -out "$CERT_DIR/$ROOT_CA_NAME.pem" \
+  -subj "/C=US/ST=Local/L=Local/O=Dev/OU=Dev/CN=DevRootCA"
+
+# -----------------------------
+# Generate server key & CSR
+# -----------------------------
+echo "Generating server key & CSR..."
+openssl genrsa -out "$CERT_DIR/$SERVER_CERT_NAME.key" 2048
+openssl req -new -key "$CERT_DIR/$SERVER_CERT_NAME.key" \
+  -out "$CERT_DIR/$SERVER_CERT_NAME.csr" \
+  -subj "/C=US/ST=Local/L=Local/O=Dev/OU=Dev/CN=localhost"
+
+# -----------------------------
+# Create SAN config file
+# -----------------------------
+SAN_CONF="$CERT_DIR/san.conf"
+cat > "$SAN_CONF" <<EOL
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+
+[req_distinguished_name]
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost
+IP.1 = 127.0.0.1
+IP.2 = $LOCAL_IP
+EOL
+
+# -----------------------------
+# Generate server certificate signed by root CA
+# -----------------------------
+echo "Signing server certificate..."
+openssl x509 -req -in "$CERT_DIR/$SERVER_CERT_NAME.csr" \
+  -CA "$CERT_DIR/$ROOT_CA_NAME.pem" -CAkey "$CERT_DIR/$ROOT_CA_NAME.key" \
+  -CAcreateserial -out "$CERT_DIR/$SERVER_CERT_NAME.crt" \
+  -days $DAYS -sha256 -extfile "$SAN_CONF" -extensions v3_req
+
+# -----------------------------
+# Done
+# -----------------------------
+echo "✅ Certificates generated in $CERT_DIR:"
+echo " - Root CA: $CERT_DIR/$ROOT_CA_NAME.pem (import into browser)"
+echo " - Server cert: $CERT_DIR/$SERVER_CERT_NAME.crt"
+echo " - Server key: $CERT_DIR/$SERVER_CERT_NAME.key"
+
+echo ""
+echo "Next steps:"
+echo "1. Import $CERT_DIR/$ROOT_CA_NAME.pem into your OS/browser as a trusted CA."
+echo "2. Use $CERT_DIR/$SERVER_CERT_NAME.crt and $CERT_DIR/$SERVER_CERT_NAME.key in your WSS server."
diff --git a/scripts/requirements.txt b/scripts/requirements.txt
@@ -0,0 +1 @@
+websockets
diff --git a/scripts/signaling_server.py b/scripts/signaling_server.py
@@ -0,0 +1,38 @@
+import asyncio, websockets, json, ssl
+
+
+clients = {}
+
+async def handler(ws):
+    print("Waiting for connections. Connected clients: {}".format(clients))
+    async for message in ws:
+        msg = json.loads(message)
+        print("Received message: {}".format(msg))
+
+        # Robot registers itself
+        if msg["type"] == "register":
+            clients[msg["from"]] = ws
+            print(f"Registered {msg['from']}")
+            continue
+
+        # Forward signaling messages
+        target = clients.get(msg["to"])
+        print("Found target: {}".format(target))
+        if target:
+            await target.send(json.dumps(msg))
+    print("Connection closed")
+
+
+async def main():
+    local_ip = "0.0.0.0"
+    port = 8765
+
+    # TLS configuration
+    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+    ssl_context.load_cert_chain("certs/dev-server.crt", "certs/dev-server.key")
+
+    print(f"Starting secure WebSocket server at wss://{local_ip}:{port}")
+    async with websockets.serve(handler, local_ip, port, ssl=ssl_context):
+        await asyncio.Future()
+
+asyncio.run(main())
diff --git a/scripts/test_signaling_server.py b/scripts/test_signaling_server.py
@@ -0,0 +1,43 @@
+import asyncio
+import websockets
+import json
+import ssl
+
+SERVER_HOST = "localhost"
+SERVER_PORT = 8765
+URI = f"wss://{SERVER_HOST}:{SERVER_PORT}"
+
+# SSL context (use self-signed cert)
+ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+ssl_context.check_hostname = False  # Skip hostname verification (for self-signed)
+ssl_context.verify_mode = ssl.CERT_NONE  # Skip certificate verification (for testing)
+
+async def test_client():
+    print(f"Connecting to wss://{SERVER_HOST}:{SERVER_PORT}...")
+
+    try:
+        async with websockets.connect(
+            URI,
+            ssl=ssl_context
+        ) as websocket:
+            print("Connected to server!")
+
+            register_msg = {
+                "type": "register",
+                "from": "robot1"
+            }
+            await websocket.send(json.dumps(register_msg))
+            print("Sent registration: robot1")
+
+            print("Closing connection. Check logs of signaling server to verify success...")
+
+    except websockets.exceptions.ConnectionClosedError as e:
+        print(f"Connection closed unexpectedly: {e}")
+    except Exception as e:
+        print(f"Error: {e}")
+    finally:
+        print("Test client finished.")
+
+
+if __name__ == "__main__":
+    asyncio.run(test_client())
