middleware.py
466 lines
| 16.4 KiB
| text/x-python
|
PythonLexer
r5088 | # Copyright (C) 2010-2023 RhodeCode GmbH | |||
r1 | # | |||
# This program is free software: you can redistribute it and/or modify | ||||
# it under the terms of the GNU Affero General Public License, version 3 | ||||
# (only), as published by the Free Software Foundation. | ||||
# | ||||
# This program is distributed in the hope that it will be useful, | ||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
# | ||||
# You should have received a copy of the GNU Affero General Public License | ||||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
# | ||||
# This program is dual-licensed. If you wish to learn more about the | ||||
# RhodeCode Enterprise Edition, including its added features, Support services, | ||||
# and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
r2818 | import os | |||
r2907 | import sys | |||
r2321 | import collections | |||
r5329 | ||||
r3238 | import time | |||
r4823 | import logging.config | |||
r1 | ||||
from paste.gzipper import make_gzip_middleware | ||||
r2930 | import pyramid.events | |||
r2351 | from pyramid.wsgi import wsgiapp | |||
r1 | from pyramid.config import Configurator | |||
from pyramid.settings import asbool, aslist | ||||
Martin Bornhold
|
r945 | from pyramid.httpexceptions import ( | ||
r2351 | HTTPException, HTTPError, HTTPInternalServerError, HTTPFound, HTTPNotFound) | |||
Martin Bornhold
|
r595 | from pyramid.renderers import render_to_response | ||
r1785 | ||||
r669 | from rhodecode.model import meta | |||
r121 | from rhodecode.config import patches | |||
r5329 | ||||
r4823 | from rhodecode.config.environment import load_pyramid_environment | |||
r1785 | ||||
r2930 | import rhodecode.events | |||
r5329 | from rhodecode.config.config_maker import sanitize_settings_and_apply_defaults | |||
r2351 | from rhodecode.lib.middleware.vcs import VCSMiddleware | |||
r2794 | from rhodecode.lib.request import Request | |||
r1785 | from rhodecode.lib.vcs import VCSCommunicationError | |||
from rhodecode.lib.exceptions import VCSServerUnavailable | ||||
r1 | from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled | |||
from rhodecode.lib.middleware.https_fixup import HttpsFixup | ||||
from rhodecode.lib.plugins.utils import register_rhodecode_plugin | ||||
r4823 | from rhodecode.lib.utils2 import AttributeDict | |||
r5127 | from rhodecode.lib.exc_tracking import store_exception, format_exc | |||
r1392 | from rhodecode.subscribers import ( | |||
r1680 | scan_repositories_if_enabled, write_js_routes_if_enabled, | |||
r4548 | write_metadata_if_needed, write_usage_data) | |||
r4792 | from rhodecode.lib.statsd_client import StatsdClient | |||
r1 | ||||
log = logging.getLogger(__name__) | ||||
r2351 | def is_http_error(response): | |||
# error which should have traceback | ||||
return response.status_code > 499 | ||||
r1 | ||||
r3241 | def should_load_all(): | |||
""" | ||||
Returns if all application components should be loaded. In some cases it's | ||||
desired to skip apps loading for faster shell script execution | ||||
""" | ||||
r3910 | ssh_cmd = os.environ.get('RC_CMD_SSH_WRAPPER') | |||
if ssh_cmd: | ||||
return False | ||||
r3241 | return True | |||
r1 | def make_pyramid_app(global_config, **settings): | |||
""" | ||||
r2351 | Constructs the WSGI application based on Pyramid. | |||
r1 | ||||
Specials: | ||||
* The application can also be integrated like a plugin via the call to | ||||
`includeme`. This is accompanied with the other utility functions which | ||||
are called. Changing this should be done with great care to not break | ||||
cases when these fragments are assembled from another place. | ||||
""" | ||||
r3238 | start_time = time.time() | |||
r4610 | log.info('Pyramid app config starting') | |||
r3238 | ||||
r4823 | sanitize_settings_and_apply_defaults(global_config, settings) | |||
r4822 | ||||
r4792 | # init and bootstrap StatsdClient | |||
StatsdClient.setup(settings) | ||||
r1 | config = Configurator(settings=settings) | |||
r4792 | # Init our statsd at very start | |||
config.registry.statsd = StatsdClient.statsd | ||||
r2114 | ||||
r2351 | # Apply compatibility patches | |||
patches.inspect_getargspec() | ||||
load_pyramid_environment(global_config, settings) | ||||
r116 | ||||
r2325 | # Static file view comes first | |||
r463 | includeme_first(config) | |||
r2325 | ||||
r1 | includeme(config) | |||
r1927 | ||||
r1 | pyramid_app = config.make_wsgi_app() | |||
pyramid_app = wrap_app_in_wsgi_middlewares(pyramid_app, config) | ||||
r619 | pyramid_app.config = config | |||
r669 | ||||
r4823 | celery_settings = get_celery_config(settings) | |||
config.configure_celery(celery_settings) | ||||
r4610 | ||||
r669 | # creating the app uses a connection - return it after we are done | |||
meta.Session.remove() | ||||
r4792 | ||||
r3238 | total_time = time.time() - start_time | |||
r5060 | log.info('Pyramid app created and configured in %.2fs', total_time) | |||
r1 | return pyramid_app | |||
r4823 | def get_celery_config(settings): | |||
""" | ||||
Converts basic ini configuration into celery 4.X options | ||||
""" | ||||
def key_converter(key_name): | ||||
pref = 'celery.' | ||||
if key_name.startswith(pref): | ||||
return key_name[len(pref):].replace('.', '_').lower() | ||||
def type_converter(parsed_key, value): | ||||
# cast to int | ||||
if value.isdigit(): | ||||
return int(value) | ||||
# cast to bool | ||||
if value.lower() in ['true', 'false', 'True', 'False']: | ||||
return value.lower() == 'true' | ||||
return value | ||||
celery_config = {} | ||||
for k, v in settings.items(): | ||||
pref = 'celery.' | ||||
if k.startswith(pref): | ||||
celery_config[key_converter(k)] = type_converter(key_converter(k), v) | ||||
# TODO:rethink if we want to support celerybeat based file config, probably NOT | ||||
# beat_config = {} | ||||
# for section in parser.sections(): | ||||
# if section.startswith('celerybeat:'): | ||||
# name = section.split(':', 1)[1] | ||||
# beat_config[name] = get_beat_config(parser, section) | ||||
# final compose of settings | ||||
celery_settings = {} | ||||
if celery_config: | ||||
celery_settings.update(celery_config) | ||||
# if beat_config: | ||||
# celery_settings.update({'beat_schedule': beat_config}) | ||||
return celery_settings | ||||
r2351 | def not_found_view(request): | |||
Martin Bornhold
|
r581 | """ | ||
Martin Bornhold
|
r595 | This creates the view which should be registered as not-found-view to | ||
r2351 | pyramid. | |||
Martin Bornhold
|
r581 | """ | ||
r2351 | if not getattr(request, 'vcs_call', None): | |||
# handle like regular case with our error_handler | ||||
return error_handler(HTTPNotFound(), request) | ||||
Martin Bornhold
|
r595 | |||
r2351 | # handle not found view as a vcs call | |||
settings = request.registry.settings | ||||
ae_client = getattr(request, 'ae_client', None) | ||||
vcs_app = VCSMiddleware( | ||||
HTTPNotFound(), request.registry, settings, | ||||
appenlight_client=ae_client) | ||||
Martin Bornhold
|
r609 | |||
r2351 | return wsgiapp(vcs_app)(None, request) | |||
r1 | ||||
r194 | def error_handler(exception, request): | |||
r1496 | import rhodecode | |||
r1748 | from rhodecode.lib import helpers | |||
r187 | ||||
r1496 | rhodecode_title = rhodecode.CONFIG.get('rhodecode_title') or 'RhodeCode' | |||
r187 | ||||
r194 | base_response = HTTPInternalServerError() | |||
# prefer original exception for the response since it may have headers set | ||||
r1499 | if isinstance(exception, HTTPException): | |||
r194 | base_response = exception | |||
r1785 | elif isinstance(exception, VCSCommunicationError): | |||
base_response = VCSServerUnavailable() | ||||
r194 | ||||
r1314 | if is_http_error(base_response): | |||
r5127 | traceback_info = format_exc(request.exc_info) | |||
log.error( | ||||
'error occurred handling this request for path: %s, \n%s', | ||||
request.path, traceback_info) | ||||
r1314 | ||||
r2115 | error_explanation = base_response.explanation or str(base_response) | |||
if base_response.status_code == 404: | ||||
r3321 | error_explanation += " Optionally you don't have permission to access this page." | |||
r187 | c = AttributeDict() | |||
r194 | c.error_message = base_response.status | |||
r2115 | c.error_explanation = error_explanation | |||
r187 | c.visual = AttributeDict() | |||
c.visual.rhodecode_support_url = ( | ||||
request.registry.settings.get('rhodecode_support_url') or | ||||
request.route_url('rhodecode_support') | ||||
) | ||||
c.redirect_time = 0 | ||||
r1496 | c.rhodecode_name = rhodecode_title | |||
r187 | if not c.rhodecode_name: | |||
c.rhodecode_name = 'Rhodecode' | ||||
r683 | c.causes = [] | |||
r2116 | if is_http_error(base_response): | |||
c.causes.append('Server is overloaded.') | ||||
c.causes.append('Server database connection is lost.') | ||||
c.causes.append('Server expected unhandled error.') | ||||
r683 | if hasattr(base_response, 'causes'): | |||
c.causes = base_response.causes | ||||
r2116 | ||||
r1908 | c.messages = helpers.flash.pop_messages(request=request) | |||
r2907 | exc_info = sys.exc_info() | |||
c.exception_id = id(exc_info) | ||||
c.show_exception_id = isinstance(base_response, VCSServerUnavailable) \ | ||||
or base_response.status_code > 499 | ||||
c.exception_id_url = request.route_url( | ||||
'admin_settings_exception_tracker_show', exception_id=c.exception_id) | ||||
r5060 | debug_mode = rhodecode.ConfigGet().get_bool('debug') | |||
r2907 | if c.show_exception_id: | |||
store_exception(c.exception_id, exc_info) | ||||
r5060 | c.exception_debug = debug_mode | |||
r4768 | c.exception_config_ini = rhodecode.CONFIG.get('__file__') | |||
r2907 | ||||
r5060 | if debug_mode: | |||
try: | ||||
from rich.traceback import install | ||||
install(show_locals=True) | ||||
log.debug('Installing rich tracebacks...') | ||||
except ImportError: | ||||
pass | ||||
r187 | response = render_to_response( | |||
r1748 | '/errors/error_document.mako', {'c': c, 'h': helpers}, request=request, | |||
r190 | response=base_response) | |||
r5173 | response.headers["X-RC-Exception-Id"] = str(c.exception_id) | |||
r4808 | statsd = request.registry.statsd | |||
if statsd and base_response.status_code > 499: | ||||
r5095 | exc_type = f"{exception.__class__.__module__}.{exception.__class__.__name__}" | |||
r4808 | statsd.incr('rhodecode_exception_total', | |||
tags=["exc_source:web", | ||||
r5095 | f"http_code:{base_response.status_code}", | |||
f"type:{exc_type}"]) | ||||
r4808 | ||||
r187 | return response | |||
r2326 | def includeme_first(config): | |||
# redirect automatic browser favicon.ico requests to correct place | ||||
def favicon_redirect(context, request): | ||||
return HTTPFound( | ||||
request.static_path('rhodecode:public/images/favicon.ico')) | ||||
config.add_view(favicon_redirect, route_name='favicon') | ||||
config.add_route('favicon', '/favicon.ico') | ||||
def robots_redirect(context, request): | ||||
return HTTPFound( | ||||
request.static_path('rhodecode:public/robots.txt')) | ||||
config.add_view(robots_redirect, route_name='robots') | ||||
config.add_route('robots', '/robots.txt') | ||||
config.add_static_view( | ||||
'_static/deform', 'deform:static') | ||||
config.add_static_view( | ||||
'_static/rhodecode', path='rhodecode:public', cache_max_age=3600 * 24) | ||||
r5060 | ce_auth_resources = [ | |||
'rhodecode.authentication.plugins.auth_crowd', | ||||
'rhodecode.authentication.plugins.auth_headers', | ||||
'rhodecode.authentication.plugins.auth_jasig_cas', | ||||
'rhodecode.authentication.plugins.auth_ldap', | ||||
'rhodecode.authentication.plugins.auth_pam', | ||||
'rhodecode.authentication.plugins.auth_rhodecode', | ||||
'rhodecode.authentication.plugins.auth_token', | ||||
] | ||||
r4602 | def includeme(config, auth_resources=None): | |||
r4621 | from rhodecode.lib.celerylib.loader import configure_celery | |||
r3238 | log.debug('Initializing main includeme from %s', os.path.basename(__file__)) | |||
r1 | settings = config.registry.settings | |||
r2794 | config.set_request_factory(Request) | |||
r1 | ||||
r470 | # plugin information | |||
r2321 | config.registry.rhodecode_plugins = collections.OrderedDict() | |||
r470 | ||||
config.add_directive( | ||||
'register_rhodecode_plugin', register_rhodecode_plugin) | ||||
r2359 | config.add_directive('configure_celery', configure_celery) | |||
r4823 | if settings.get('appenlight', False): | |||
r194 | config.include('appenlight_client.ext.pyramid_tween') | |||
r3241 | load_all = should_load_all() | |||
r1 | # Includes which are required. The application would fail without them. | |||
config.include('pyramid_mako') | ||||
r3748 | config.include('rhodecode.lib.rc_beaker') | |||
r2845 | config.include('rhodecode.lib.rc_cache') | |||
r5433 | config.include('rhodecode.lib.archive_cache') | |||
r5060 | ||||
r3238 | config.include('rhodecode.apps._base.navigation') | |||
config.include('rhodecode.apps._base.subscribers') | ||||
config.include('rhodecode.tweens') | ||||
r3910 | config.include('rhodecode.authentication') | |||
r3238 | ||||
r3910 | if load_all: | |||
r4602 | ||||
r3241 | # load CE authentication plugins | |||
r4602 | ||||
if auth_resources: | ||||
ce_auth_resources.extend(auth_resources) | ||||
for resource in ce_auth_resources: | ||||
config.include(resource) | ||||
r3241 | ||||
# Auto discover authentication plugins and include their configuration. | ||||
r4108 | if asbool(settings.get('auth_plugin.import_legacy_plugins', 'true')): | |||
from rhodecode.authentication import discover_legacy_plugins | ||||
discover_legacy_plugins(config) | ||||
r3241 | ||||
r1502 | # apps | |||
r3241 | if load_all: | |||
r5024 | log.debug('Starting config.include() calls') | |||
config.include('rhodecode.api.includeme') | ||||
config.include('rhodecode.apps._base.includeme') | ||||
config.include('rhodecode.apps._base.navigation.includeme') | ||||
config.include('rhodecode.apps._base.subscribers.includeme') | ||||
config.include('rhodecode.apps.hovercards.includeme') | ||||
config.include('rhodecode.apps.ops.includeme') | ||||
config.include('rhodecode.apps.channelstream.includeme') | ||||
config.include('rhodecode.apps.file_store.includeme') | ||||
config.include('rhodecode.apps.admin.includeme') | ||||
config.include('rhodecode.apps.login.includeme') | ||||
config.include('rhodecode.apps.home.includeme') | ||||
config.include('rhodecode.apps.journal.includeme') | ||||
r4610 | ||||
r5024 | config.include('rhodecode.apps.repository.includeme') | |||
config.include('rhodecode.apps.repo_group.includeme') | ||||
config.include('rhodecode.apps.user_group.includeme') | ||||
config.include('rhodecode.apps.search.includeme') | ||||
config.include('rhodecode.apps.user_profile.includeme') | ||||
config.include('rhodecode.apps.user_group_profile.includeme') | ||||
config.include('rhodecode.apps.my_account.includeme') | ||||
config.include('rhodecode.apps.gist.includeme') | ||||
r4610 | ||||
r5024 | config.include('rhodecode.apps.svn_support.includeme') | |||
config.include('rhodecode.apps.ssh_support.includeme') | ||||
r3241 | config.include('rhodecode.apps.debug_style') | |||
r4610 | ||||
if load_all: | ||||
r5024 | config.include('rhodecode.integrations.includeme') | |||
config.include('rhodecode.integrations.routes.includeme') | ||||
r1503 | ||||
r3238 | config.add_route('rhodecode_support', 'https://rhodecode.com/help/', static=True) | |||
r4997 | settings['default_locale_name'] = settings.get('lang', 'en') | |||
r1303 | config.add_translation_dirs('rhodecode:i18n/') | |||
Martin Bornhold
|
r580 | # Add subscribers. | ||
r3910 | if load_all: | |||
r5257 | log.debug('Adding subscribers...') | |||
r3910 | config.add_subscriber(scan_repositories_if_enabled, | |||
pyramid.events.ApplicationCreated) | ||||
config.add_subscriber(write_metadata_if_needed, | ||||
pyramid.events.ApplicationCreated) | ||||
r4473 | config.add_subscriber(write_usage_data, | |||
pyramid.events.ApplicationCreated) | ||||
r3910 | config.add_subscriber(write_js_routes_if_enabled, | |||
pyramid.events.ApplicationCreated) | ||||
r1789 | ||||
r1 | ||||
# Set the default renderer for HTML templates to mako. | ||||
config.add_mako_renderer('.html') | ||||
r1664 | config.add_renderer( | |||
name='json_ext', | ||||
factory='rhodecode.lib.ext_json_renderer.pyramid_ext_json') | ||||
r4500 | config.add_renderer( | |||
name='string_html', | ||||
factory='rhodecode.lib.string_renderer.html') | ||||
r1 | # include RhodeCode plugins | |||
includes = aslist(settings.get('rhodecode.includes', [])) | ||||
r5024 | log.debug('processing rhodecode.includes data...') | |||
r1 | for inc in includes: | |||
config.include(inc) | ||||
r2351 | # custom not found view, if our pyramid app doesn't know how to handle | |||
# the request pass it to potential VCS handling ap | ||||
config.add_notfound_view(not_found_view) | ||||
r449 | if not settings.get('debugtoolbar.enabled', False): | |||
r1912 | # disabled debugtoolbar handle all exceptions via the error_handlers | |||
r449 | config.add_view(error_handler, context=Exception) | |||
r2351 | # all errors including 403/404/50X | |||
r449 | config.add_view(error_handler, context=HTTPError) | |||
r1 | ||||
def wrap_app_in_wsgi_middlewares(pyramid_app, config): | ||||
""" | ||||
Apply outer WSGI middlewares around the application. | ||||
""" | ||||
r2921 | registry = config.registry | |||
settings = registry.settings | ||||
r1 | ||||
r181 | # enable https redirects based on HTTP_X_URL_SCHEME set by proxy | |||
pyramid_app = HttpsFixup(pyramid_app, settings) | ||||
r2351 | pyramid_app, _ae_client = wrap_in_appenlight_if_enabled( | |||
pyramid_app, settings) | ||||
r2921 | registry.ae_client = _ae_client | |||
r194 | ||||
Martin Bornhold
|
r598 | if settings['gzip_responses']: | ||
r1 | pyramid_app = make_gzip_middleware( | |||
pyramid_app, settings, compress_level=1) | ||||
r669 | # this should be the outer most middleware in the wsgi stack since | |||
# middleware like Routes make database calls | ||||
def pyramid_app_with_cleanup(environ, start_response): | ||||
r4997 | start = time.time() | |||
r669 | try: | |||
return pyramid_app(environ, start_response) | ||||
finally: | ||||
# Dispose current database session and rollback uncommitted | ||||
# transactions. | ||||
meta.Session.remove() | ||||
# In a single threaded mode server, on non sqlite db we should have | ||||
# '0 Current Checked out connections' at the end of a request, | ||||
# if not, then something, somewhere is leaving a connection open | ||||
r5060 | pool = meta.get_engine().pool | |||
r669 | log.debug('sa pool status: %s', pool.status()) | |||
r4997 | total = time.time() - start | |||
log.debug('Request processing finalized: %.4fs', total) | ||||
r669 | ||||
return pyramid_app_with_cleanup | ||||