Add SSL support

README.md

@@ -21,7 +21,7 @@ this is just a matter of:
 install some of the dependencies we need there:
 
         $ virtualenv ankisyncd.env
-        $ ankisyncd.env/bin/easy_install webob simplejson
+        $ ankisyncd.env/bin/easy_install webob simplejson eventlet
 
 3. Download and install libanki.  You can find the latest release of Anki here:
 
@@ -38,7 +38,8 @@ install some of the dependencies we need there:
 
     b. Copy the entire directory to /usr/share/anki
 
-4. Copy the example.ini to production.ini and edit for your needs.
+4. Copy the example.ini to production.ini and edit for your needs. Warning: If
+   you disable SSL, login credentials will be transported in plain text!
 
 5. Create authentication database:
 
@@ -63,9 +64,11 @@ To make Anki use ankisyncd as its sync server, create a file (name it something
 like ankisyncd.py) containing the code below and put it in ~/Anki/addons.
 
     import anki.sync
+    import httplib2
 
     anki.sync.SYNC_BASE = 'http://127.0.0.1:27701/'
     anki.sync.SYNC_MEDIA_BASE = 'http://127.0.0.1:27701/msync/'
+    anki.sync.httpCon = lambda: httplib2.Http()
 
 Replace 127.0.0.1 with the IP address or the domain name of your server if
 ankisyncd is not running on the same machine as Anki.

ankisyncd.conf

@@ -1,6 +1,9 @@
 [sync_app]
 host = 127.0.0.1
 port = 27701
+ssl = true
+certfile = /etc/ssl/certs/server.pem
+keyfile = /etc/ssl/private/privkey.pem
 data_root = ./collections
 base_url = /sync/
 base_media_url = /msync/

ankisyncd/sync_app.py

@@ -737,20 +737,28 @@ def make_app(global_conf, **local_conf):
     return SyncApp(**local_conf)
 
 def main():
-    from wsgiref.simple_server import make_server
+    from eventlet import wsgi,wrap_ssl,listen
     from ankisyncd.thread import shutdown
 
     config = SafeConfigParser()
     config.read("ankisyncd.conf")
 
     ankiserver = SyncApp(config)
-    httpd = make_server('', config.getint("sync_app", "port"), ankiserver)
+    host = config.get("sync_app", "host")
+    port = config.getint("sync_app", "port")
+
+    if(config.getboolean("sync_app", "ssl")):
+        certfile = config.get("sync_app", "certfile")
+        keyfile = config.get("sync_app", "keyfile")
+        socket = wrap_ssl(  listen((host, port)),
+                            certfile=certfile,
+                            keyfile=keyfile,
+                            server_side=True )
+    else:
+        socket = listen((host, port))
 
     try:
-        print "Starting..."
-        httpd.serve_forever()
-    except KeyboardInterrupt:
-        print "Exiting ..."
+        wsgi.server(socket, ankiserver)
     finally:
         shutdown()