##// END OF EJS Templates
feat(configs): deprecared old hooks protocol and ssh wrapper....
feat(configs): deprecared old hooks protocol and ssh wrapper. New defaults are now set on v2 keys, so previous installation are automatically set to new keys. Fallback mode is still available.

File last commit:

r5095:aa627a5f default
r5496:cab50adf default
Show More
tweens.py
125 lines | 4.2 KiB | text/x-python | PythonLexer
copyrights: updated for 2023
r5088 # Copyright (C) 2010-2023 RhodeCode GmbH
project: added all source files and assets
r1 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import logging
tweens: use explicit position of measuring tween
r5014
import pyramid.tweens
core: use application wide detection of invalid bytes sent via URL/GET/POST data.
r3145 from pyramid.httpexceptions import HTTPException, HTTPBadRequest
project: added all source files and assets
r1
vcs: do an early detection of vcs-type request....
r1297 from rhodecode.lib.middleware.vcs import (
detect_vcs_request, VCS_TYPE_KEY, VCS_TYPE_SKIP)
project: added all source files and assets
r1
vcs: do an early detection of vcs-type request....
r1297
project: added all source files and assets
r1 log = logging.getLogger(__name__)
core: use proper event to bootstrap pylons env....
r1309 def vcs_detection_tween_factory(handler, registry):
vcs: do an early detection of vcs-type request....
r1297
core: use proper event to bootstrap pylons env....
r1309 def vcs_detection_tween(request):
project: added all source files and assets
r1 """
core: use proper event to bootstrap pylons env....
r1309 Do detection of vcs type, and save results for other layers to re-use
this information
project: added all source files and assets
r1 """
pylons: remove pylons as dependency...
r2351 vcs_server_enabled = request.registry.settings.get('vcs.server.enable')
tweens: use explicit position of measuring tween
r5014
pylons: remove pylons as dependency...
r2351 vcs_handler = vcs_server_enabled and detect_vcs_request(
vcs: do an early detection of vcs-type request....
r1297 request.environ, request.registry.settings.get('vcs.backends'))
if vcs_handler:
code: added more logging, and some notes
r1300 # save detected VCS type for later re-use
vcs: do an early detection of vcs-type request....
r1297 request.environ[VCS_TYPE_KEY] = vcs_handler.SCM
core: use proper event to bootstrap pylons env....
r1309 request.vcs_call = vcs_handler.SCM
pylons: remove pylons as dependency...
r2351
logging: improve handling tween logging name
r4944 log.debug('Processing request with `%s` handler', handler.__name__)
vcs: do an early detection of vcs-type request....
r1297 return handler(request)
code: added more logging, and some notes
r1300 # mark that we didn't detect an VCS, and we can skip detection later on
vcs: do an early detection of vcs-type request....
r1297 request.environ[VCS_TYPE_KEY] = VCS_TYPE_SKIP
project: added all source files and assets
r1
logging: improve handling tween logging name
r4944 log.debug('Processing request with `%s` handler', handler.__name__)
dan
db: move Session.remove to outer wsgi layer and also add it...
r669 return handler(request)
project: added all source files and assets
r1
core: use proper event to bootstrap pylons env....
r1309 return vcs_detection_tween
project: added all source files and assets
r1
core: use application wide detection of invalid bytes sent via URL/GET/POST data.
r3145 def junk_encoding_detector(request):
"""
Detect bad encoded GET params, and fail immediately with BadRequest
"""
try:
request.GET.get("", None)
except UnicodeDecodeError:
raise HTTPBadRequest("Invalid bytes in query string.")
def bad_url_data_detector(request):
"""
Detect invalid bytes in a path.
"""
try:
request.path_info
except UnicodeDecodeError:
raise HTTPBadRequest("Invalid bytes in URL.")
def junk_form_data_detector(request):
"""
Detect bad encoded POST params, and fail immediately with BadRequest
"""
if request.method == "POST":
try:
request.POST.get("", None)
except ValueError:
raise HTTPBadRequest("Invalid bytes in form data.")
def sanity_check_factory(handler, registry):
def sanity_check(request):
tests: fixed some tests for files pages.
r3776 log.debug('Checking current URL sanity for bad data')
core: use application wide detection of invalid bytes sent via URL/GET/POST data.
r3145 try:
junk_encoding_detector(request)
bad_url_data_detector(request)
junk_form_data_detector(request)
except HTTPException as exc:
return exc
return handler(request)
return sanity_check
project: added all source files and assets
r1 def includeme(config):
config.add_subscriber('rhodecode.subscribers.add_renderer_globals',
'pyramid.events.BeforeRender')
celery: update how reqquest object is passed arround....
r4878 config.add_subscriber('rhodecode.subscribers.update_celery_conf',
'pyramid.events.NewRequest')
i18n: use consistent way of setting user language.
r1307 config.add_subscriber('rhodecode.subscribers.set_user_lang',
'pyramid.events.NewRequest')
debugging: expose logs/exception when debug log is enabled.
r4768 config.add_subscriber('rhodecode.subscribers.reset_log_bucket',
'pyramid.events.NewRequest')
pyramid: moved extraction of user into a seperate subscriber.
r1903 config.add_subscriber('rhodecode.subscribers.add_request_user_context',
'pyramid.events.ContextFound')
tweens: check url sanity before vcs detection tween.
r3537 config.add_tween('rhodecode.tweens.vcs_detection_tween_factory')
core: use application wide detection of invalid bytes sent via URL/GET/POST data.
r3145 config.add_tween('rhodecode.tweens.sanity_check_factory')
request-wrapper: ensure we wrap WHOLE request not just logic after http detection.
r4157
# This needs to be the LAST item
tweens: use explicit position of measuring tween
r5014 config.add_tween('rhodecode.lib.middleware.request_wrapper.RequestWrapperTween', under=pyramid.tweens.INGRESS)
token-access: allow token in headers not only in GET/URL
r4608 log.debug('configured all tweens')