##// END OF EJS Templates
license: added a flag to allow hidding license info.
marcink -
r4006:1e9547aa default
parent child Browse files
Show More
@@ -1,739 +1,742 b''
1
1
2
2
3 ################################################################################
3 ################################################################################
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 ################################################################################
5 ################################################################################
6
6
7 [DEFAULT]
7 [DEFAULT]
8 ## Debug flag sets all loggers to debug, and enables request tracking
8 ## Debug flag sets all loggers to debug, and enables request tracking
9 debug = true
9 debug = true
10
10
11 ################################################################################
11 ################################################################################
12 ## EMAIL CONFIGURATION ##
12 ## EMAIL CONFIGURATION ##
13 ## Uncomment and replace with the email address which should receive ##
13 ## Uncomment and replace with the email address which should receive ##
14 ## any error reports after an application crash ##
14 ## any error reports after an application crash ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 ################################################################################
16 ################################################################################
17
17
18 ## prefix all emails subjects with given prefix, helps filtering out emails
18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 #email_prefix = [RhodeCode]
19 #email_prefix = [RhodeCode]
20
20
21 ## email FROM address all mails will be sent
21 ## email FROM address all mails will be sent
22 #app_email_from = rhodecode-noreply@localhost
22 #app_email_from = rhodecode-noreply@localhost
23
23
24 #smtp_server = mail.server.com
24 #smtp_server = mail.server.com
25 #smtp_username =
25 #smtp_username =
26 #smtp_password =
26 #smtp_password =
27 #smtp_port =
27 #smtp_port =
28 #smtp_use_tls = false
28 #smtp_use_tls = false
29 #smtp_use_ssl = true
29 #smtp_use_ssl = true
30
30
31 [server:main]
31 [server:main]
32 ## COMMON ##
32 ## COMMON ##
33 host = 127.0.0.1
33 host = 127.0.0.1
34 port = 5000
34 port = 5000
35
35
36 ###########################################################
36 ###########################################################
37 ## WAITRESS WSGI SERVER - Recommended for Development ####
37 ## WAITRESS WSGI SERVER - Recommended for Development ####
38 ###########################################################
38 ###########################################################
39
39
40 use = egg:waitress#main
40 use = egg:waitress#main
41 ## number of worker threads
41 ## number of worker threads
42 threads = 5
42 threads = 5
43 ## MAX BODY SIZE 100GB
43 ## MAX BODY SIZE 100GB
44 max_request_body_size = 107374182400
44 max_request_body_size = 107374182400
45 ## Use poll instead of select, fixes file descriptors limits problems.
45 ## Use poll instead of select, fixes file descriptors limits problems.
46 ## May not work on old windows systems.
46 ## May not work on old windows systems.
47 asyncore_use_poll = true
47 asyncore_use_poll = true
48
48
49
49
50 ##########################
50 ##########################
51 ## GUNICORN WSGI SERVER ##
51 ## GUNICORN WSGI SERVER ##
52 ##########################
52 ##########################
53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
54
54
55 #use = egg:gunicorn#main
55 #use = egg:gunicorn#main
56 ## Sets the number of process workers. More workers means more concurrent connections
56 ## Sets the number of process workers. More workers means more concurrent connections
57 ## RhodeCode can handle at the same time. Each additional worker also it increases
57 ## RhodeCode can handle at the same time. Each additional worker also it increases
58 ## memory usage as each has it's own set of caches.
58 ## memory usage as each has it's own set of caches.
59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
62 ## when using more than 1 worker.
62 ## when using more than 1 worker.
63 #workers = 2
63 #workers = 2
64 ## process name visible in process list
64 ## process name visible in process list
65 #proc_name = rhodecode
65 #proc_name = rhodecode
66 ## type of worker class, one of sync, gevent
66 ## type of worker class, one of sync, gevent
67 ## recommended for bigger setup is using of of other than sync one
67 ## recommended for bigger setup is using of of other than sync one
68 #worker_class = gevent
68 #worker_class = gevent
69 ## The maximum number of simultaneous clients. Valid only for Gevent
69 ## The maximum number of simultaneous clients. Valid only for Gevent
70 #worker_connections = 10
70 #worker_connections = 10
71 ## max number of requests that worker will handle before being gracefully
71 ## max number of requests that worker will handle before being gracefully
72 ## restarted, could prevent memory leaks
72 ## restarted, could prevent memory leaks
73 #max_requests = 1000
73 #max_requests = 1000
74 #max_requests_jitter = 30
74 #max_requests_jitter = 30
75 ## amount of time a worker can spend with handling a request before it
75 ## amount of time a worker can spend with handling a request before it
76 ## gets killed and restarted. Set to 6hrs
76 ## gets killed and restarted. Set to 6hrs
77 #timeout = 21600
77 #timeout = 21600
78
78
79
79
80 ## prefix middleware for RhodeCode.
80 ## prefix middleware for RhodeCode.
81 ## recommended when using proxy setup.
81 ## recommended when using proxy setup.
82 ## allows to set RhodeCode under a prefix in server.
82 ## allows to set RhodeCode under a prefix in server.
83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
84 ## And set your prefix like: `prefix = /custom_prefix`
84 ## And set your prefix like: `prefix = /custom_prefix`
85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
86 ## to make your cookies only work on prefix url
86 ## to make your cookies only work on prefix url
87 [filter:proxy-prefix]
87 [filter:proxy-prefix]
88 use = egg:PasteDeploy#prefix
88 use = egg:PasteDeploy#prefix
89 prefix = /
89 prefix = /
90
90
91 [app:main]
91 [app:main]
92 ## The %(here)s variable will be replaced with the absolute path of parent directory
92 ## The %(here)s variable will be replaced with the absolute path of parent directory
93 ## of this file
93 ## of this file
94 ## In addition ENVIRONMENT variables usage is possible, e.g
94 ## In addition ENVIRONMENT variables usage is possible, e.g
95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
96
96
97 use = egg:rhodecode-enterprise-ce
97 use = egg:rhodecode-enterprise-ce
98
98
99 ## enable proxy prefix middleware, defined above
99 ## enable proxy prefix middleware, defined above
100 #filter-with = proxy-prefix
100 #filter-with = proxy-prefix
101
101
102 # During development the we want to have the debug toolbar enabled
102 # During development the we want to have the debug toolbar enabled
103 pyramid.includes =
103 pyramid.includes =
104 pyramid_debugtoolbar
104 pyramid_debugtoolbar
105 rhodecode.lib.middleware.request_wrapper
105 rhodecode.lib.middleware.request_wrapper
106
106
107 pyramid.reload_templates = true
107 pyramid.reload_templates = true
108
108
109 debugtoolbar.hosts = 0.0.0.0/0
109 debugtoolbar.hosts = 0.0.0.0/0
110 debugtoolbar.exclude_prefixes =
110 debugtoolbar.exclude_prefixes =
111 /css
111 /css
112 /fonts
112 /fonts
113 /images
113 /images
114 /js
114 /js
115
115
116 ## RHODECODE PLUGINS ##
116 ## RHODECODE PLUGINS ##
117 rhodecode.includes =
117 rhodecode.includes =
118 rhodecode.api
118 rhodecode.api
119
119
120
120
121 # api prefix url
121 # api prefix url
122 rhodecode.api.url = /_admin/api
122 rhodecode.api.url = /_admin/api
123
123
124
124
125 ## END RHODECODE PLUGINS ##
125 ## END RHODECODE PLUGINS ##
126
126
127 ## encryption key used to encrypt social plugin tokens,
127 ## encryption key used to encrypt social plugin tokens,
128 ## remote_urls with credentials etc, if not set it defaults to
128 ## remote_urls with credentials etc, if not set it defaults to
129 ## `beaker.session.secret`
129 ## `beaker.session.secret`
130 #rhodecode.encrypted_values.secret =
130 #rhodecode.encrypted_values.secret =
131
131
132 ## decryption strict mode (enabled by default). It controls if decryption raises
132 ## decryption strict mode (enabled by default). It controls if decryption raises
133 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
133 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
134 #rhodecode.encrypted_values.strict = false
134 #rhodecode.encrypted_values.strict = false
135
135
136 ## Pick algorithm for encryption. Either fernet (more secure) or aes (default)
136 ## Pick algorithm for encryption. Either fernet (more secure) or aes (default)
137 ## fernet is safer, and we strongly recommend switching to it.
137 ## fernet is safer, and we strongly recommend switching to it.
138 ## Due to backward compatibility aes is used as default.
138 ## Due to backward compatibility aes is used as default.
139 #rhodecode.encrypted_values.algorithm = fernet
139 #rhodecode.encrypted_values.algorithm = fernet
140
140
141 ## return gzipped responses from RhodeCode (static files/application)
141 ## return gzipped responses from RhodeCode (static files/application)
142 gzip_responses = false
142 gzip_responses = false
143
143
144 ## auto-generate javascript routes file on startup
144 ## auto-generate javascript routes file on startup
145 generate_js_files = false
145 generate_js_files = false
146
146
147 ## System global default language.
147 ## System global default language.
148 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
148 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
149 lang = en
149 lang = en
150
150
151 ## Perform a full repository scan and import on each server start.
151 ## Perform a full repository scan and import on each server start.
152 ## Settings this to true could lead to very long startup time.
152 ## Settings this to true could lead to very long startup time.
153 startup.import_repos = false
153 startup.import_repos = false
154
154
155 ## Uncomment and set this path to use archive download cache.
155 ## Uncomment and set this path to use archive download cache.
156 ## Once enabled, generated archives will be cached at this location
156 ## Once enabled, generated archives will be cached at this location
157 ## and served from the cache during subsequent requests for the same archive of
157 ## and served from the cache during subsequent requests for the same archive of
158 ## the repository.
158 ## the repository.
159 #archive_cache_dir = /tmp/tarballcache
159 #archive_cache_dir = /tmp/tarballcache
160
160
161 ## URL at which the application is running. This is used for Bootstrapping
161 ## URL at which the application is running. This is used for Bootstrapping
162 ## requests in context when no web request is available. Used in ishell, or
162 ## requests in context when no web request is available. Used in ishell, or
163 ## SSH calls. Set this for events to receive proper url for SSH calls.
163 ## SSH calls. Set this for events to receive proper url for SSH calls.
164 app.base_url = http://rhodecode.local
164 app.base_url = http://rhodecode.local
165
165
166 ## Unique application ID. Should be a random unique string for security.
166 ## Unique application ID. Should be a random unique string for security.
167 app_instance_uuid = rc-production
167 app_instance_uuid = rc-production
168
168
169 ## Cut off limit for large diffs (size in bytes). If overall diff size on
169 ## Cut off limit for large diffs (size in bytes). If overall diff size on
170 ## commit, or pull request exceeds this limit this diff will be displayed
170 ## commit, or pull request exceeds this limit this diff will be displayed
171 ## partially. E.g 512000 == 512Kb
171 ## partially. E.g 512000 == 512Kb
172 cut_off_limit_diff = 512000
172 cut_off_limit_diff = 512000
173
173
174 ## Cut off limit for large files inside diffs (size in bytes). Each individual
174 ## Cut off limit for large files inside diffs (size in bytes). Each individual
175 ## file inside diff which exceeds this limit will be displayed partially.
175 ## file inside diff which exceeds this limit will be displayed partially.
176 ## E.g 128000 == 128Kb
176 ## E.g 128000 == 128Kb
177 cut_off_limit_file = 128000
177 cut_off_limit_file = 128000
178
178
179 ## use cached version of vcs repositories everywhere. Recommended to be `true`
179 ## use cached version of vcs repositories everywhere. Recommended to be `true`
180 vcs_full_cache = true
180 vcs_full_cache = true
181
181
182 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
182 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
183 ## Normally this is controlled by proper http flags sent from http server
183 ## Normally this is controlled by proper http flags sent from http server
184 force_https = false
184 force_https = false
185
185
186 ## use Strict-Transport-Security headers
186 ## use Strict-Transport-Security headers
187 use_htsts = false
187 use_htsts = false
188
188
189 # Set to true if your repos are exposed using the dumb protocol
189 # Set to true if your repos are exposed using the dumb protocol
190 git_update_server_info = false
190 git_update_server_info = false
191
191
192 ## RSS/ATOM feed options
192 ## RSS/ATOM feed options
193 rss_cut_off_limit = 256000
193 rss_cut_off_limit = 256000
194 rss_items_per_page = 10
194 rss_items_per_page = 10
195 rss_include_diff = false
195 rss_include_diff = false
196
196
197 ## gist URL alias, used to create nicer urls for gist. This should be an
197 ## gist URL alias, used to create nicer urls for gist. This should be an
198 ## url that does rewrites to _admin/gists/{gistid}.
198 ## url that does rewrites to _admin/gists/{gistid}.
199 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
199 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
200 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
200 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
201 gist_alias_url =
201 gist_alias_url =
202
202
203 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
203 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
204 ## used for access.
204 ## used for access.
205 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
205 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
206 ## came from the the logged in user who own this authentication token.
206 ## came from the the logged in user who own this authentication token.
207 ## Additionally @TOKEN syntax can be used to bound the view to specific
207 ## Additionally @TOKEN syntax can be used to bound the view to specific
208 ## authentication token. Such view would be only accessible when used together
208 ## authentication token. Such view would be only accessible when used together
209 ## with this authentication token
209 ## with this authentication token
210 ##
210 ##
211 ## list of all views can be found under `/_admin/permissions/auth_token_access`
211 ## list of all views can be found under `/_admin/permissions/auth_token_access`
212 ## The list should be "," separated and on a single line.
212 ## The list should be "," separated and on a single line.
213 ##
213 ##
214 ## Most common views to enable:
214 ## Most common views to enable:
215 # RepoCommitsView:repo_commit_download
215 # RepoCommitsView:repo_commit_download
216 # RepoCommitsView:repo_commit_patch
216 # RepoCommitsView:repo_commit_patch
217 # RepoCommitsView:repo_commit_raw
217 # RepoCommitsView:repo_commit_raw
218 # RepoCommitsView:repo_commit_raw@TOKEN
218 # RepoCommitsView:repo_commit_raw@TOKEN
219 # RepoFilesView:repo_files_diff
219 # RepoFilesView:repo_files_diff
220 # RepoFilesView:repo_archivefile
220 # RepoFilesView:repo_archivefile
221 # RepoFilesView:repo_file_raw
221 # RepoFilesView:repo_file_raw
222 # GistView:*
222 # GistView:*
223 api_access_controllers_whitelist =
223 api_access_controllers_whitelist =
224
224
225 ## Default encoding used to convert from and to unicode
225 ## Default encoding used to convert from and to unicode
226 ## can be also a comma separated list of encoding in case of mixed encodings
226 ## can be also a comma separated list of encoding in case of mixed encodings
227 default_encoding = UTF-8
227 default_encoding = UTF-8
228
228
229 ## instance-id prefix
229 ## instance-id prefix
230 ## a prefix key for this instance used for cache invalidation when running
230 ## a prefix key for this instance used for cache invalidation when running
231 ## multiple instances of RhodeCode, make sure it's globally unique for
231 ## multiple instances of RhodeCode, make sure it's globally unique for
232 ## all running RhodeCode instances. Leave empty if you don't use it
232 ## all running RhodeCode instances. Leave empty if you don't use it
233 instance_id =
233 instance_id =
234
234
235 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
235 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
236 ## of an authentication plugin also if it is disabled by it's settings.
236 ## of an authentication plugin also if it is disabled by it's settings.
237 ## This could be useful if you are unable to log in to the system due to broken
237 ## This could be useful if you are unable to log in to the system due to broken
238 ## authentication settings. Then you can enable e.g. the internal RhodeCode auth
238 ## authentication settings. Then you can enable e.g. the internal RhodeCode auth
239 ## module to log in again and fix the settings.
239 ## module to log in again and fix the settings.
240 ##
240 ##
241 ## Available builtin plugin IDs (hash is part of the ID):
241 ## Available builtin plugin IDs (hash is part of the ID):
242 ## egg:rhodecode-enterprise-ce#rhodecode
242 ## egg:rhodecode-enterprise-ce#rhodecode
243 ## egg:rhodecode-enterprise-ce#pam
243 ## egg:rhodecode-enterprise-ce#pam
244 ## egg:rhodecode-enterprise-ce#ldap
244 ## egg:rhodecode-enterprise-ce#ldap
245 ## egg:rhodecode-enterprise-ce#jasig_cas
245 ## egg:rhodecode-enterprise-ce#jasig_cas
246 ## egg:rhodecode-enterprise-ce#headers
246 ## egg:rhodecode-enterprise-ce#headers
247 ## egg:rhodecode-enterprise-ce#crowd
247 ## egg:rhodecode-enterprise-ce#crowd
248 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
248 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
249
249
250 ## alternative return HTTP header for failed authentication. Default HTTP
250 ## alternative return HTTP header for failed authentication. Default HTTP
251 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
251 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
252 ## handling that causing a series of failed authentication calls.
252 ## handling that causing a series of failed authentication calls.
253 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
253 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
254 ## This will be served instead of default 401 on bad authentication
254 ## This will be served instead of default 401 on bad authentication
255 auth_ret_code =
255 auth_ret_code =
256
256
257 ## use special detection method when serving auth_ret_code, instead of serving
257 ## use special detection method when serving auth_ret_code, instead of serving
258 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
258 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
259 ## and then serve auth_ret_code to clients
259 ## and then serve auth_ret_code to clients
260 auth_ret_code_detection = false
260 auth_ret_code_detection = false
261
261
262 ## locking return code. When repository is locked return this HTTP code. 2XX
262 ## locking return code. When repository is locked return this HTTP code. 2XX
263 ## codes don't break the transactions while 4XX codes do
263 ## codes don't break the transactions while 4XX codes do
264 lock_ret_code = 423
264 lock_ret_code = 423
265
265
266 ## allows to change the repository location in settings page
266 ## allows to change the repository location in settings page
267 allow_repo_location_change = true
267 allow_repo_location_change = true
268
268
269 ## allows to setup custom hooks in settings page
269 ## allows to setup custom hooks in settings page
270 allow_custom_hooks_settings = true
270 allow_custom_hooks_settings = true
271
271
272 ## Generated license token required for EE edition license.
272 ## Generated license token required for EE edition license.
273 ## New generated token value can be found in Admin > settings > license page.
273 ## New generated token value can be found in Admin > settings > license page.
274 license_token =
274 license_token =
275
275
276 ## This flag would hide sensitive information on the license page
277 license.hide_license_info = false
278
276 ## supervisor connection uri, for managing supervisor and logs.
279 ## supervisor connection uri, for managing supervisor and logs.
277 supervisor.uri =
280 supervisor.uri =
278 ## supervisord group name/id we only want this RC instance to handle
281 ## supervisord group name/id we only want this RC instance to handle
279 supervisor.group_id = dev
282 supervisor.group_id = dev
280
283
281 ## Display extended labs settings
284 ## Display extended labs settings
282 labs_settings_active = true
285 labs_settings_active = true
283
286
284 ## Custom exception store path, defaults to TMPDIR
287 ## Custom exception store path, defaults to TMPDIR
285 ## This is used to store exception from RhodeCode in shared directory
288 ## This is used to store exception from RhodeCode in shared directory
286 #exception_tracker.store_path =
289 #exception_tracker.store_path =
287
290
288 ## File store configuration. This is used to store and serve uploaded files
291 ## File store configuration. This is used to store and serve uploaded files
289 file_store.enabled = true
292 file_store.enabled = true
290 ## Storage backend, available options are: local
293 ## Storage backend, available options are: local
291 file_store.backend = local
294 file_store.backend = local
292 ## path to store the uploaded binaries
295 ## path to store the uploaded binaries
293 file_store.storage_path = %(here)s/data/file_store
296 file_store.storage_path = %(here)s/data/file_store
294
297
295
298
296 ####################################
299 ####################################
297 ### CELERY CONFIG ####
300 ### CELERY CONFIG ####
298 ####################################
301 ####################################
299 ## run: /path/to/celery worker \
302 ## run: /path/to/celery worker \
300 ## -E --beat --app rhodecode.lib.celerylib.loader \
303 ## -E --beat --app rhodecode.lib.celerylib.loader \
301 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
304 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
302 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
305 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
303
306
304 use_celery = false
307 use_celery = false
305
308
306 ## connection url to the message broker (default redis)
309 ## connection url to the message broker (default redis)
307 celery.broker_url = redis://localhost:6379/8
310 celery.broker_url = redis://localhost:6379/8
308
311
309 ## rabbitmq example
312 ## rabbitmq example
310 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
313 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
311
314
312 ## maximum tasks to execute before worker restart
315 ## maximum tasks to execute before worker restart
313 celery.max_tasks_per_child = 100
316 celery.max_tasks_per_child = 100
314
317
315 ## tasks will never be sent to the queue, but executed locally instead.
318 ## tasks will never be sent to the queue, but executed locally instead.
316 celery.task_always_eager = false
319 celery.task_always_eager = false
317
320
318 #####################################
321 #####################################
319 ### DOGPILE CACHE ####
322 ### DOGPILE CACHE ####
320 #####################################
323 #####################################
321 ## Default cache dir for caches. Putting this into a ramdisk
324 ## Default cache dir for caches. Putting this into a ramdisk
322 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
325 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
323 ## large amount of space
326 ## large amount of space
324 cache_dir = %(here)s/data
327 cache_dir = %(here)s/data
325
328
326 ## `cache_perms` cache settings for permission tree, auth TTL.
329 ## `cache_perms` cache settings for permission tree, auth TTL.
327 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
330 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
328 rc_cache.cache_perms.expiration_time = 300
331 rc_cache.cache_perms.expiration_time = 300
329
332
330 ## alternative `cache_perms` redis backend with distributed lock
333 ## alternative `cache_perms` redis backend with distributed lock
331 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
334 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
332 #rc_cache.cache_perms.expiration_time = 300
335 #rc_cache.cache_perms.expiration_time = 300
333 ## redis_expiration_time needs to be greater then expiration_time
336 ## redis_expiration_time needs to be greater then expiration_time
334 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
337 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
335 #rc_cache.cache_perms.arguments.socket_timeout = 30
338 #rc_cache.cache_perms.arguments.socket_timeout = 30
336 #rc_cache.cache_perms.arguments.host = localhost
339 #rc_cache.cache_perms.arguments.host = localhost
337 #rc_cache.cache_perms.arguments.port = 6379
340 #rc_cache.cache_perms.arguments.port = 6379
338 #rc_cache.cache_perms.arguments.db = 0
341 #rc_cache.cache_perms.arguments.db = 0
339 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
342 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
340 #rc_cache.cache_perms.arguments.distributed_lock = true
343 #rc_cache.cache_perms.arguments.distributed_lock = true
341
344
342 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
345 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
343 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
346 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
344 rc_cache.cache_repo.expiration_time = 2592000
347 rc_cache.cache_repo.expiration_time = 2592000
345
348
346 ## alternative `cache_repo` redis backend with distributed lock
349 ## alternative `cache_repo` redis backend with distributed lock
347 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
350 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
348 #rc_cache.cache_repo.expiration_time = 2592000
351 #rc_cache.cache_repo.expiration_time = 2592000
349 ## redis_expiration_time needs to be greater then expiration_time
352 ## redis_expiration_time needs to be greater then expiration_time
350 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
353 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
351 #rc_cache.cache_repo.arguments.socket_timeout = 30
354 #rc_cache.cache_repo.arguments.socket_timeout = 30
352 #rc_cache.cache_repo.arguments.host = localhost
355 #rc_cache.cache_repo.arguments.host = localhost
353 #rc_cache.cache_repo.arguments.port = 6379
356 #rc_cache.cache_repo.arguments.port = 6379
354 #rc_cache.cache_repo.arguments.db = 1
357 #rc_cache.cache_repo.arguments.db = 1
355 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
358 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
356 #rc_cache.cache_repo.arguments.distributed_lock = true
359 #rc_cache.cache_repo.arguments.distributed_lock = true
357
360
358 ## cache settings for SQL queries, this needs to use memory type backend
361 ## cache settings for SQL queries, this needs to use memory type backend
359 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
362 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
360 rc_cache.sql_cache_short.expiration_time = 30
363 rc_cache.sql_cache_short.expiration_time = 30
361
364
362 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
365 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
363 ## type backend as the objects kept are not pickle serializable
366 ## type backend as the objects kept are not pickle serializable
364 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
367 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
365 ## by default we use 96H, this is using invalidation on push anyway
368 ## by default we use 96H, this is using invalidation on push anyway
366 rc_cache.cache_repo_longterm.expiration_time = 345600
369 rc_cache.cache_repo_longterm.expiration_time = 345600
367 ## max items in LRU cache, reduce this number to save memory, and expire last used
370 ## max items in LRU cache, reduce this number to save memory, and expire last used
368 ## cached objects
371 ## cached objects
369 rc_cache.cache_repo_longterm.max_size = 10000
372 rc_cache.cache_repo_longterm.max_size = 10000
370
373
371
374
372 ####################################
375 ####################################
373 ### BEAKER SESSION ####
376 ### BEAKER SESSION ####
374 ####################################
377 ####################################
375
378
376 ## .session.type is type of storage options for the session, current allowed
379 ## .session.type is type of storage options for the session, current allowed
377 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
380 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
378 beaker.session.type = file
381 beaker.session.type = file
379 beaker.session.data_dir = %(here)s/data/sessions
382 beaker.session.data_dir = %(here)s/data/sessions
380
383
381 ## redis sessions
384 ## redis sessions
382 #beaker.session.type = ext:redis
385 #beaker.session.type = ext:redis
383 #beaker.session.url = redis://127.0.0.1:6379/2
386 #beaker.session.url = redis://127.0.0.1:6379/2
384
387
385 ## db based session, fast, and allows easy management over logged in users
388 ## db based session, fast, and allows easy management over logged in users
386 #beaker.session.type = ext:database
389 #beaker.session.type = ext:database
387 #beaker.session.table_name = db_session
390 #beaker.session.table_name = db_session
388 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
391 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
389 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
392 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
390 #beaker.session.sa.pool_recycle = 3600
393 #beaker.session.sa.pool_recycle = 3600
391 #beaker.session.sa.echo = false
394 #beaker.session.sa.echo = false
392
395
393 beaker.session.key = rhodecode
396 beaker.session.key = rhodecode
394 beaker.session.secret = develop-rc-uytcxaz
397 beaker.session.secret = develop-rc-uytcxaz
395 beaker.session.lock_dir = %(here)s/data/sessions/lock
398 beaker.session.lock_dir = %(here)s/data/sessions/lock
396
399
397 ## Secure encrypted cookie. Requires AES and AES python libraries
400 ## Secure encrypted cookie. Requires AES and AES python libraries
398 ## you must disable beaker.session.secret to use this
401 ## you must disable beaker.session.secret to use this
399 #beaker.session.encrypt_key = key_for_encryption
402 #beaker.session.encrypt_key = key_for_encryption
400 #beaker.session.validate_key = validation_key
403 #beaker.session.validate_key = validation_key
401
404
402 ## sets session as invalid(also logging out user) if it haven not been
405 ## sets session as invalid(also logging out user) if it haven not been
403 ## accessed for given amount of time in seconds
406 ## accessed for given amount of time in seconds
404 beaker.session.timeout = 2592000
407 beaker.session.timeout = 2592000
405 beaker.session.httponly = true
408 beaker.session.httponly = true
406 ## Path to use for the cookie. Set to prefix if you use prefix middleware
409 ## Path to use for the cookie. Set to prefix if you use prefix middleware
407 #beaker.session.cookie_path = /custom_prefix
410 #beaker.session.cookie_path = /custom_prefix
408
411
409 ## uncomment for https secure cookie
412 ## uncomment for https secure cookie
410 beaker.session.secure = false
413 beaker.session.secure = false
411
414
412 ## auto save the session to not to use .save()
415 ## auto save the session to not to use .save()
413 beaker.session.auto = false
416 beaker.session.auto = false
414
417
415 ## default cookie expiration time in seconds, set to `true` to set expire
418 ## default cookie expiration time in seconds, set to `true` to set expire
416 ## at browser close
419 ## at browser close
417 #beaker.session.cookie_expires = 3600
420 #beaker.session.cookie_expires = 3600
418
421
419 ###################################
422 ###################################
420 ## SEARCH INDEXING CONFIGURATION ##
423 ## SEARCH INDEXING CONFIGURATION ##
421 ###################################
424 ###################################
422 ## Full text search indexer is available in rhodecode-tools under
425 ## Full text search indexer is available in rhodecode-tools under
423 ## `rhodecode-tools index` command
426 ## `rhodecode-tools index` command
424
427
425 ## WHOOSH Backend, doesn't require additional services to run
428 ## WHOOSH Backend, doesn't require additional services to run
426 ## it works good with few dozen repos
429 ## it works good with few dozen repos
427 search.module = rhodecode.lib.index.whoosh
430 search.module = rhodecode.lib.index.whoosh
428 search.location = %(here)s/data/index
431 search.location = %(here)s/data/index
429
432
430 ########################################
433 ########################################
431 ### CHANNELSTREAM CONFIG ####
434 ### CHANNELSTREAM CONFIG ####
432 ########################################
435 ########################################
433 ## channelstream enables persistent connections and live notification
436 ## channelstream enables persistent connections and live notification
434 ## in the system. It's also used by the chat system
437 ## in the system. It's also used by the chat system
435
438
436 channelstream.enabled = false
439 channelstream.enabled = false
437
440
438 ## server address for channelstream server on the backend
441 ## server address for channelstream server on the backend
439 channelstream.server = 127.0.0.1:9800
442 channelstream.server = 127.0.0.1:9800
440
443
441 ## location of the channelstream server from outside world
444 ## location of the channelstream server from outside world
442 ## use ws:// for http or wss:// for https. This address needs to be handled
445 ## use ws:// for http or wss:// for https. This address needs to be handled
443 ## by external HTTP server such as Nginx or Apache
446 ## by external HTTP server such as Nginx or Apache
444 ## see Nginx/Apache configuration examples in our docs
447 ## see Nginx/Apache configuration examples in our docs
445 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
448 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
446 channelstream.secret = secret
449 channelstream.secret = secret
447 channelstream.history.location = %(here)s/channelstream_history
450 channelstream.history.location = %(here)s/channelstream_history
448
451
449 ## Internal application path that Javascript uses to connect into.
452 ## Internal application path that Javascript uses to connect into.
450 ## If you use proxy-prefix the prefix should be added before /_channelstream
453 ## If you use proxy-prefix the prefix should be added before /_channelstream
451 channelstream.proxy_path = /_channelstream
454 channelstream.proxy_path = /_channelstream
452
455
453
456
454 ###################################
457 ###################################
455 ## APPENLIGHT CONFIG ##
458 ## APPENLIGHT CONFIG ##
456 ###################################
459 ###################################
457
460
458 ## Appenlight is tailored to work with RhodeCode, see
461 ## Appenlight is tailored to work with RhodeCode, see
459 ## http://appenlight.com for details how to obtain an account
462 ## http://appenlight.com for details how to obtain an account
460
463
461 ## Appenlight integration enabled
464 ## Appenlight integration enabled
462 appenlight = false
465 appenlight = false
463
466
464 appenlight.server_url = https://api.appenlight.com
467 appenlight.server_url = https://api.appenlight.com
465 appenlight.api_key = YOUR_API_KEY
468 appenlight.api_key = YOUR_API_KEY
466 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
469 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
467
470
468 ## used for JS client
471 ## used for JS client
469 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
472 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
470
473
471 ## TWEAK AMOUNT OF INFO SENT HERE
474 ## TWEAK AMOUNT OF INFO SENT HERE
472
475
473 ## enables 404 error logging (default False)
476 ## enables 404 error logging (default False)
474 appenlight.report_404 = false
477 appenlight.report_404 = false
475
478
476 ## time in seconds after request is considered being slow (default 1)
479 ## time in seconds after request is considered being slow (default 1)
477 appenlight.slow_request_time = 1
480 appenlight.slow_request_time = 1
478
481
479 ## record slow requests in application
482 ## record slow requests in application
480 ## (needs to be enabled for slow datastore recording and time tracking)
483 ## (needs to be enabled for slow datastore recording and time tracking)
481 appenlight.slow_requests = true
484 appenlight.slow_requests = true
482
485
483 ## enable hooking to application loggers
486 ## enable hooking to application loggers
484 appenlight.logging = true
487 appenlight.logging = true
485
488
486 ## minimum log level for log capture
489 ## minimum log level for log capture
487 appenlight.logging.level = WARNING
490 appenlight.logging.level = WARNING
488
491
489 ## send logs only from erroneous/slow requests
492 ## send logs only from erroneous/slow requests
490 ## (saves API quota for intensive logging)
493 ## (saves API quota for intensive logging)
491 appenlight.logging_on_error = false
494 appenlight.logging_on_error = false
492
495
493 ## list of additional keywords that should be grabbed from environ object
496 ## list of additional keywords that should be grabbed from environ object
494 ## can be string with comma separated list of words in lowercase
497 ## can be string with comma separated list of words in lowercase
495 ## (by default client will always send following info:
498 ## (by default client will always send following info:
496 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
499 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
497 ## start with HTTP* this list be extended with additional keywords here
500 ## start with HTTP* this list be extended with additional keywords here
498 appenlight.environ_keys_whitelist =
501 appenlight.environ_keys_whitelist =
499
502
500 ## list of keywords that should be blanked from request object
503 ## list of keywords that should be blanked from request object
501 ## can be string with comma separated list of words in lowercase
504 ## can be string with comma separated list of words in lowercase
502 ## (by default client will always blank keys that contain following words
505 ## (by default client will always blank keys that contain following words
503 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
506 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
504 ## this list be extended with additional keywords set here
507 ## this list be extended with additional keywords set here
505 appenlight.request_keys_blacklist =
508 appenlight.request_keys_blacklist =
506
509
507 ## list of namespaces that should be ignores when gathering log entries
510 ## list of namespaces that should be ignores when gathering log entries
508 ## can be string with comma separated list of namespaces
511 ## can be string with comma separated list of namespaces
509 ## (by default the client ignores own entries: appenlight_client.client)
512 ## (by default the client ignores own entries: appenlight_client.client)
510 appenlight.log_namespace_blacklist =
513 appenlight.log_namespace_blacklist =
511
514
512 # enable debug style page
515 # enable debug style page
513 debug_style = true
516 debug_style = true
514
517
515 ###########################################
518 ###########################################
516 ### MAIN RHODECODE DATABASE CONFIG ###
519 ### MAIN RHODECODE DATABASE CONFIG ###
517 ###########################################
520 ###########################################
518 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
521 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
519 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
522 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
520 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
523 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
521 # pymysql is an alternative driver for MySQL, use in case of problems with default one
524 # pymysql is an alternative driver for MySQL, use in case of problems with default one
522 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
525 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
523
526
524 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
527 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
525
528
526 # see sqlalchemy docs for other advanced settings
529 # see sqlalchemy docs for other advanced settings
527
530
528 ## print the sql statements to output
531 ## print the sql statements to output
529 sqlalchemy.db1.echo = false
532 sqlalchemy.db1.echo = false
530 ## recycle the connections after this amount of seconds
533 ## recycle the connections after this amount of seconds
531 sqlalchemy.db1.pool_recycle = 3600
534 sqlalchemy.db1.pool_recycle = 3600
532
535
533 ## the number of connections to keep open inside the connection pool.
536 ## the number of connections to keep open inside the connection pool.
534 ## 0 indicates no limit
537 ## 0 indicates no limit
535 #sqlalchemy.db1.pool_size = 5
538 #sqlalchemy.db1.pool_size = 5
536
539
537 ## the number of connections to allow in connection pool "overflow", that is
540 ## the number of connections to allow in connection pool "overflow", that is
538 ## connections that can be opened above and beyond the pool_size setting,
541 ## connections that can be opened above and beyond the pool_size setting,
539 ## which defaults to five.
542 ## which defaults to five.
540 #sqlalchemy.db1.max_overflow = 10
543 #sqlalchemy.db1.max_overflow = 10
541
544
542 ## Connection check ping, used to detect broken database connections
545 ## Connection check ping, used to detect broken database connections
543 ## could be enabled to better handle cases if MySQL has gone away errors
546 ## could be enabled to better handle cases if MySQL has gone away errors
544 #sqlalchemy.db1.ping_connection = true
547 #sqlalchemy.db1.ping_connection = true
545
548
546 ##################
549 ##################
547 ### VCS CONFIG ###
550 ### VCS CONFIG ###
548 ##################
551 ##################
549 vcs.server.enable = true
552 vcs.server.enable = true
550 vcs.server = localhost:9900
553 vcs.server = localhost:9900
551
554
552 ## Web server connectivity protocol, responsible for web based VCS operations
555 ## Web server connectivity protocol, responsible for web based VCS operations
553 ## Available protocols are:
556 ## Available protocols are:
554 ## `http` - use http-rpc backend (default)
557 ## `http` - use http-rpc backend (default)
555 vcs.server.protocol = http
558 vcs.server.protocol = http
556
559
557 ## Push/Pull operations protocol, available options are:
560 ## Push/Pull operations protocol, available options are:
558 ## `http` - use http-rpc backend (default)
561 ## `http` - use http-rpc backend (default)
559 vcs.scm_app_implementation = http
562 vcs.scm_app_implementation = http
560
563
561 ## Push/Pull operations hooks protocol, available options are:
564 ## Push/Pull operations hooks protocol, available options are:
562 ## `http` - use http-rpc backend (default)
565 ## `http` - use http-rpc backend (default)
563 vcs.hooks.protocol = http
566 vcs.hooks.protocol = http
564
567
565 ## Host on which this instance is listening for hooks. If vcsserver is in other location
568 ## Host on which this instance is listening for hooks. If vcsserver is in other location
566 ## this should be adjusted.
569 ## this should be adjusted.
567 vcs.hooks.host = 127.0.0.1
570 vcs.hooks.host = 127.0.0.1
568
571
569 vcs.server.log_level = debug
572 vcs.server.log_level = debug
570 ## Start VCSServer with this instance as a subprocess, useful for development
573 ## Start VCSServer with this instance as a subprocess, useful for development
571 vcs.start_server = false
574 vcs.start_server = false
572
575
573 ## List of enabled VCS backends, available options are:
576 ## List of enabled VCS backends, available options are:
574 ## `hg` - mercurial
577 ## `hg` - mercurial
575 ## `git` - git
578 ## `git` - git
576 ## `svn` - subversion
579 ## `svn` - subversion
577 vcs.backends = hg, git, svn
580 vcs.backends = hg, git, svn
578
581
579 vcs.connection_timeout = 3600
582 vcs.connection_timeout = 3600
580 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
583 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
581 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
584 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
582 #vcs.svn.compatible_version = pre-1.8-compatible
585 #vcs.svn.compatible_version = pre-1.8-compatible
583
586
584
587
585 ############################################################
588 ############################################################
586 ### Subversion proxy support (mod_dav_svn) ###
589 ### Subversion proxy support (mod_dav_svn) ###
587 ### Maps RhodeCode repo groups into SVN paths for Apache ###
590 ### Maps RhodeCode repo groups into SVN paths for Apache ###
588 ############################################################
591 ############################################################
589 ## Enable or disable the config file generation.
592 ## Enable or disable the config file generation.
590 svn.proxy.generate_config = false
593 svn.proxy.generate_config = false
591 ## Generate config file with `SVNListParentPath` set to `On`.
594 ## Generate config file with `SVNListParentPath` set to `On`.
592 svn.proxy.list_parent_path = true
595 svn.proxy.list_parent_path = true
593 ## Set location and file name of generated config file.
596 ## Set location and file name of generated config file.
594 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
597 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
595 ## alternative mod_dav config template. This needs to be a mako template
598 ## alternative mod_dav config template. This needs to be a mako template
596 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
599 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
597 ## Used as a prefix to the `Location` block in the generated config file.
600 ## Used as a prefix to the `Location` block in the generated config file.
598 ## In most cases it should be set to `/`.
601 ## In most cases it should be set to `/`.
599 svn.proxy.location_root = /
602 svn.proxy.location_root = /
600 ## Command to reload the mod dav svn configuration on change.
603 ## Command to reload the mod dav svn configuration on change.
601 ## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
604 ## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
602 ## Make sure user who runs RhodeCode process is allowed to reload Apache
605 ## Make sure user who runs RhodeCode process is allowed to reload Apache
603 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
606 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
604 ## If the timeout expires before the reload command finishes, the command will
607 ## If the timeout expires before the reload command finishes, the command will
605 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
608 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
606 #svn.proxy.reload_timeout = 10
609 #svn.proxy.reload_timeout = 10
607
610
608 ############################################################
611 ############################################################
609 ### SSH Support Settings ###
612 ### SSH Support Settings ###
610 ############################################################
613 ############################################################
611
614
612 ## Defines if a custom authorized_keys file should be created and written on
615 ## Defines if a custom authorized_keys file should be created and written on
613 ## any change user ssh keys. Setting this to false also disables possibility
616 ## any change user ssh keys. Setting this to false also disables possibility
614 ## of adding SSH keys by users from web interface. Super admins can still
617 ## of adding SSH keys by users from web interface. Super admins can still
615 ## manage SSH Keys.
618 ## manage SSH Keys.
616 ssh.generate_authorized_keyfile = false
619 ssh.generate_authorized_keyfile = false
617
620
618 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
621 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
619 # ssh.authorized_keys_ssh_opts =
622 # ssh.authorized_keys_ssh_opts =
620
623
621 ## Path to the authorized_keys file where the generate entries are placed.
624 ## Path to the authorized_keys file where the generate entries are placed.
622 ## It is possible to have multiple key files specified in `sshd_config` e.g.
625 ## It is possible to have multiple key files specified in `sshd_config` e.g.
623 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
626 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
624 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
627 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
625
628
626 ## Command to execute the SSH wrapper. The binary is available in the
629 ## Command to execute the SSH wrapper. The binary is available in the
627 ## RhodeCode installation directory.
630 ## RhodeCode installation directory.
628 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
631 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
629 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
632 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
630
633
631 ## Allow shell when executing the ssh-wrapper command
634 ## Allow shell when executing the ssh-wrapper command
632 ssh.wrapper_cmd_allow_shell = false
635 ssh.wrapper_cmd_allow_shell = false
633
636
634 ## Enables logging, and detailed output send back to the client during SSH
637 ## Enables logging, and detailed output send back to the client during SSH
635 ## operations. Useful for debugging, shouldn't be used in production.
638 ## operations. Useful for debugging, shouldn't be used in production.
636 ssh.enable_debug_logging = true
639 ssh.enable_debug_logging = true
637
640
638 ## Paths to binary executable, by default they are the names, but we can
641 ## Paths to binary executable, by default they are the names, but we can
639 ## override them if we want to use a custom one
642 ## override them if we want to use a custom one
640 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
643 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
641 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
644 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
642 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
645 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
643
646
644 ## Enables SSH key generator web interface. Disabling this still allows users
647 ## Enables SSH key generator web interface. Disabling this still allows users
645 ## to add their own keys.
648 ## to add their own keys.
646 ssh.enable_ui_key_generator = true
649 ssh.enable_ui_key_generator = true
647
650
648
651
649 ## Dummy marker to add new entries after.
652 ## Dummy marker to add new entries after.
650 ## Add any custom entries below. Please don't remove.
653 ## Add any custom entries below. Please don't remove.
651 custom.conf = 1
654 custom.conf = 1
652
655
653
656
654 ################################
657 ################################
655 ### LOGGING CONFIGURATION ####
658 ### LOGGING CONFIGURATION ####
656 ################################
659 ################################
657 [loggers]
660 [loggers]
658 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
661 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
659
662
660 [handlers]
663 [handlers]
661 keys = console, console_sql
664 keys = console, console_sql
662
665
663 [formatters]
666 [formatters]
664 keys = generic, color_formatter, color_formatter_sql
667 keys = generic, color_formatter, color_formatter_sql
665
668
666 #############
669 #############
667 ## LOGGERS ##
670 ## LOGGERS ##
668 #############
671 #############
669 [logger_root]
672 [logger_root]
670 level = NOTSET
673 level = NOTSET
671 handlers = console
674 handlers = console
672
675
673 [logger_sqlalchemy]
676 [logger_sqlalchemy]
674 level = INFO
677 level = INFO
675 handlers = console_sql
678 handlers = console_sql
676 qualname = sqlalchemy.engine
679 qualname = sqlalchemy.engine
677 propagate = 0
680 propagate = 0
678
681
679 [logger_beaker]
682 [logger_beaker]
680 level = DEBUG
683 level = DEBUG
681 handlers =
684 handlers =
682 qualname = beaker.container
685 qualname = beaker.container
683 propagate = 1
686 propagate = 1
684
687
685 [logger_rhodecode]
688 [logger_rhodecode]
686 level = DEBUG
689 level = DEBUG
687 handlers =
690 handlers =
688 qualname = rhodecode
691 qualname = rhodecode
689 propagate = 1
692 propagate = 1
690
693
691 [logger_ssh_wrapper]
694 [logger_ssh_wrapper]
692 level = DEBUG
695 level = DEBUG
693 handlers =
696 handlers =
694 qualname = ssh_wrapper
697 qualname = ssh_wrapper
695 propagate = 1
698 propagate = 1
696
699
697 [logger_celery]
700 [logger_celery]
698 level = DEBUG
701 level = DEBUG
699 handlers =
702 handlers =
700 qualname = celery
703 qualname = celery
701
704
702
705
703 ##############
706 ##############
704 ## HANDLERS ##
707 ## HANDLERS ##
705 ##############
708 ##############
706
709
707 [handler_console]
710 [handler_console]
708 class = StreamHandler
711 class = StreamHandler
709 args = (sys.stderr, )
712 args = (sys.stderr, )
710 level = DEBUG
713 level = DEBUG
711 formatter = color_formatter
714 formatter = color_formatter
712
715
713 [handler_console_sql]
716 [handler_console_sql]
714 # "level = DEBUG" logs SQL queries and results.
717 # "level = DEBUG" logs SQL queries and results.
715 # "level = INFO" logs SQL queries.
718 # "level = INFO" logs SQL queries.
716 # "level = WARN" logs neither. (Recommended for production systems.)
719 # "level = WARN" logs neither. (Recommended for production systems.)
717 class = StreamHandler
720 class = StreamHandler
718 args = (sys.stderr, )
721 args = (sys.stderr, )
719 level = WARN
722 level = WARN
720 formatter = color_formatter_sql
723 formatter = color_formatter_sql
721
724
722 ################
725 ################
723 ## FORMATTERS ##
726 ## FORMATTERS ##
724 ################
727 ################
725
728
726 [formatter_generic]
729 [formatter_generic]
727 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
730 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
728 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
731 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
729 datefmt = %Y-%m-%d %H:%M:%S
732 datefmt = %Y-%m-%d %H:%M:%S
730
733
731 [formatter_color_formatter]
734 [formatter_color_formatter]
732 class = rhodecode.lib.logging_formatter.ColorFormatter
735 class = rhodecode.lib.logging_formatter.ColorFormatter
733 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
736 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
734 datefmt = %Y-%m-%d %H:%M:%S
737 datefmt = %Y-%m-%d %H:%M:%S
735
738
736 [formatter_color_formatter_sql]
739 [formatter_color_formatter_sql]
737 class = rhodecode.lib.logging_formatter.ColorFormatterSql
740 class = rhodecode.lib.logging_formatter.ColorFormatterSql
738 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
741 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
739 datefmt = %Y-%m-%d %H:%M:%S
742 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,712 +1,715 b''
1
1
2
2
3 ################################################################################
3 ################################################################################
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 ################################################################################
5 ################################################################################
6
6
7 [DEFAULT]
7 [DEFAULT]
8 ## Debug flag sets all loggers to debug, and enables request tracking
8 ## Debug flag sets all loggers to debug, and enables request tracking
9 debug = false
9 debug = false
10
10
11 ################################################################################
11 ################################################################################
12 ## EMAIL CONFIGURATION ##
12 ## EMAIL CONFIGURATION ##
13 ## Uncomment and replace with the email address which should receive ##
13 ## Uncomment and replace with the email address which should receive ##
14 ## any error reports after an application crash ##
14 ## any error reports after an application crash ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 ################################################################################
16 ################################################################################
17
17
18 ## prefix all emails subjects with given prefix, helps filtering out emails
18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 #email_prefix = [RhodeCode]
19 #email_prefix = [RhodeCode]
20
20
21 ## email FROM address all mails will be sent
21 ## email FROM address all mails will be sent
22 #app_email_from = rhodecode-noreply@localhost
22 #app_email_from = rhodecode-noreply@localhost
23
23
24 #smtp_server = mail.server.com
24 #smtp_server = mail.server.com
25 #smtp_username =
25 #smtp_username =
26 #smtp_password =
26 #smtp_password =
27 #smtp_port =
27 #smtp_port =
28 #smtp_use_tls = false
28 #smtp_use_tls = false
29 #smtp_use_ssl = true
29 #smtp_use_ssl = true
30
30
31 [server:main]
31 [server:main]
32 ## COMMON ##
32 ## COMMON ##
33 host = 127.0.0.1
33 host = 127.0.0.1
34 port = 5000
34 port = 5000
35
35
36 ###########################################################
36 ###########################################################
37 ## WAITRESS WSGI SERVER - Recommended for Development ####
37 ## WAITRESS WSGI SERVER - Recommended for Development ####
38 ###########################################################
38 ###########################################################
39
39
40 #use = egg:waitress#main
40 #use = egg:waitress#main
41 ## number of worker threads
41 ## number of worker threads
42 #threads = 5
42 #threads = 5
43 ## MAX BODY SIZE 100GB
43 ## MAX BODY SIZE 100GB
44 #max_request_body_size = 107374182400
44 #max_request_body_size = 107374182400
45 ## Use poll instead of select, fixes file descriptors limits problems.
45 ## Use poll instead of select, fixes file descriptors limits problems.
46 ## May not work on old windows systems.
46 ## May not work on old windows systems.
47 #asyncore_use_poll = true
47 #asyncore_use_poll = true
48
48
49
49
50 ##########################
50 ##########################
51 ## GUNICORN WSGI SERVER ##
51 ## GUNICORN WSGI SERVER ##
52 ##########################
52 ##########################
53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
54
54
55 use = egg:gunicorn#main
55 use = egg:gunicorn#main
56 ## Sets the number of process workers. More workers means more concurrent connections
56 ## Sets the number of process workers. More workers means more concurrent connections
57 ## RhodeCode can handle at the same time. Each additional worker also it increases
57 ## RhodeCode can handle at the same time. Each additional worker also it increases
58 ## memory usage as each has it's own set of caches.
58 ## memory usage as each has it's own set of caches.
59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
62 ## when using more than 1 worker.
62 ## when using more than 1 worker.
63 workers = 2
63 workers = 2
64 ## process name visible in process list
64 ## process name visible in process list
65 proc_name = rhodecode
65 proc_name = rhodecode
66 ## type of worker class, one of sync, gevent
66 ## type of worker class, one of sync, gevent
67 ## recommended for bigger setup is using of of other than sync one
67 ## recommended for bigger setup is using of of other than sync one
68 worker_class = gevent
68 worker_class = gevent
69 ## The maximum number of simultaneous clients. Valid only for Gevent
69 ## The maximum number of simultaneous clients. Valid only for Gevent
70 worker_connections = 10
70 worker_connections = 10
71 ## max number of requests that worker will handle before being gracefully
71 ## max number of requests that worker will handle before being gracefully
72 ## restarted, could prevent memory leaks
72 ## restarted, could prevent memory leaks
73 max_requests = 1000
73 max_requests = 1000
74 max_requests_jitter = 30
74 max_requests_jitter = 30
75 ## amount of time a worker can spend with handling a request before it
75 ## amount of time a worker can spend with handling a request before it
76 ## gets killed and restarted. Set to 6hrs
76 ## gets killed and restarted. Set to 6hrs
77 timeout = 21600
77 timeout = 21600
78
78
79
79
80 ## prefix middleware for RhodeCode.
80 ## prefix middleware for RhodeCode.
81 ## recommended when using proxy setup.
81 ## recommended when using proxy setup.
82 ## allows to set RhodeCode under a prefix in server.
82 ## allows to set RhodeCode under a prefix in server.
83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
84 ## And set your prefix like: `prefix = /custom_prefix`
84 ## And set your prefix like: `prefix = /custom_prefix`
85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
86 ## to make your cookies only work on prefix url
86 ## to make your cookies only work on prefix url
87 [filter:proxy-prefix]
87 [filter:proxy-prefix]
88 use = egg:PasteDeploy#prefix
88 use = egg:PasteDeploy#prefix
89 prefix = /
89 prefix = /
90
90
91 [app:main]
91 [app:main]
92 ## The %(here)s variable will be replaced with the absolute path of parent directory
92 ## The %(here)s variable will be replaced with the absolute path of parent directory
93 ## of this file
93 ## of this file
94 ## In addition ENVIRONMENT variables usage is possible, e.g
94 ## In addition ENVIRONMENT variables usage is possible, e.g
95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
96
96
97 use = egg:rhodecode-enterprise-ce
97 use = egg:rhodecode-enterprise-ce
98
98
99 ## enable proxy prefix middleware, defined above
99 ## enable proxy prefix middleware, defined above
100 #filter-with = proxy-prefix
100 #filter-with = proxy-prefix
101
101
102 ## encryption key used to encrypt social plugin tokens,
102 ## encryption key used to encrypt social plugin tokens,
103 ## remote_urls with credentials etc, if not set it defaults to
103 ## remote_urls with credentials etc, if not set it defaults to
104 ## `beaker.session.secret`
104 ## `beaker.session.secret`
105 #rhodecode.encrypted_values.secret =
105 #rhodecode.encrypted_values.secret =
106
106
107 ## decryption strict mode (enabled by default). It controls if decryption raises
107 ## decryption strict mode (enabled by default). It controls if decryption raises
108 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
108 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
109 #rhodecode.encrypted_values.strict = false
109 #rhodecode.encrypted_values.strict = false
110
110
111 ## Pick algorithm for encryption. Either fernet (more secure) or aes (default)
111 ## Pick algorithm for encryption. Either fernet (more secure) or aes (default)
112 ## fernet is safer, and we strongly recommend switching to it.
112 ## fernet is safer, and we strongly recommend switching to it.
113 ## Due to backward compatibility aes is used as default.
113 ## Due to backward compatibility aes is used as default.
114 #rhodecode.encrypted_values.algorithm = fernet
114 #rhodecode.encrypted_values.algorithm = fernet
115
115
116 ## return gzipped responses from RhodeCode (static files/application)
116 ## return gzipped responses from RhodeCode (static files/application)
117 gzip_responses = false
117 gzip_responses = false
118
118
119 ## auto-generate javascript routes file on startup
119 ## auto-generate javascript routes file on startup
120 generate_js_files = false
120 generate_js_files = false
121
121
122 ## System global default language.
122 ## System global default language.
123 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
123 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
124 lang = en
124 lang = en
125
125
126 ## Perform a full repository scan and import on each server start.
126 ## Perform a full repository scan and import on each server start.
127 ## Settings this to true could lead to very long startup time.
127 ## Settings this to true could lead to very long startup time.
128 startup.import_repos = false
128 startup.import_repos = false
129
129
130 ## Uncomment and set this path to use archive download cache.
130 ## Uncomment and set this path to use archive download cache.
131 ## Once enabled, generated archives will be cached at this location
131 ## Once enabled, generated archives will be cached at this location
132 ## and served from the cache during subsequent requests for the same archive of
132 ## and served from the cache during subsequent requests for the same archive of
133 ## the repository.
133 ## the repository.
134 #archive_cache_dir = /tmp/tarballcache
134 #archive_cache_dir = /tmp/tarballcache
135
135
136 ## URL at which the application is running. This is used for Bootstrapping
136 ## URL at which the application is running. This is used for Bootstrapping
137 ## requests in context when no web request is available. Used in ishell, or
137 ## requests in context when no web request is available. Used in ishell, or
138 ## SSH calls. Set this for events to receive proper url for SSH calls.
138 ## SSH calls. Set this for events to receive proper url for SSH calls.
139 app.base_url = http://rhodecode.local
139 app.base_url = http://rhodecode.local
140
140
141 ## Unique application ID. Should be a random unique string for security.
141 ## Unique application ID. Should be a random unique string for security.
142 app_instance_uuid = rc-production
142 app_instance_uuid = rc-production
143
143
144 ## Cut off limit for large diffs (size in bytes). If overall diff size on
144 ## Cut off limit for large diffs (size in bytes). If overall diff size on
145 ## commit, or pull request exceeds this limit this diff will be displayed
145 ## commit, or pull request exceeds this limit this diff will be displayed
146 ## partially. E.g 512000 == 512Kb
146 ## partially. E.g 512000 == 512Kb
147 cut_off_limit_diff = 512000
147 cut_off_limit_diff = 512000
148
148
149 ## Cut off limit for large files inside diffs (size in bytes). Each individual
149 ## Cut off limit for large files inside diffs (size in bytes). Each individual
150 ## file inside diff which exceeds this limit will be displayed partially.
150 ## file inside diff which exceeds this limit will be displayed partially.
151 ## E.g 128000 == 128Kb
151 ## E.g 128000 == 128Kb
152 cut_off_limit_file = 128000
152 cut_off_limit_file = 128000
153
153
154 ## use cached version of vcs repositories everywhere. Recommended to be `true`
154 ## use cached version of vcs repositories everywhere. Recommended to be `true`
155 vcs_full_cache = true
155 vcs_full_cache = true
156
156
157 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
157 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
158 ## Normally this is controlled by proper http flags sent from http server
158 ## Normally this is controlled by proper http flags sent from http server
159 force_https = false
159 force_https = false
160
160
161 ## use Strict-Transport-Security headers
161 ## use Strict-Transport-Security headers
162 use_htsts = false
162 use_htsts = false
163
163
164 # Set to true if your repos are exposed using the dumb protocol
164 # Set to true if your repos are exposed using the dumb protocol
165 git_update_server_info = false
165 git_update_server_info = false
166
166
167 ## RSS/ATOM feed options
167 ## RSS/ATOM feed options
168 rss_cut_off_limit = 256000
168 rss_cut_off_limit = 256000
169 rss_items_per_page = 10
169 rss_items_per_page = 10
170 rss_include_diff = false
170 rss_include_diff = false
171
171
172 ## gist URL alias, used to create nicer urls for gist. This should be an
172 ## gist URL alias, used to create nicer urls for gist. This should be an
173 ## url that does rewrites to _admin/gists/{gistid}.
173 ## url that does rewrites to _admin/gists/{gistid}.
174 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
174 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
175 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
175 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
176 gist_alias_url =
176 gist_alias_url =
177
177
178 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
178 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
179 ## used for access.
179 ## used for access.
180 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
180 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
181 ## came from the the logged in user who own this authentication token.
181 ## came from the the logged in user who own this authentication token.
182 ## Additionally @TOKEN syntax can be used to bound the view to specific
182 ## Additionally @TOKEN syntax can be used to bound the view to specific
183 ## authentication token. Such view would be only accessible when used together
183 ## authentication token. Such view would be only accessible when used together
184 ## with this authentication token
184 ## with this authentication token
185 ##
185 ##
186 ## list of all views can be found under `/_admin/permissions/auth_token_access`
186 ## list of all views can be found under `/_admin/permissions/auth_token_access`
187 ## The list should be "," separated and on a single line.
187 ## The list should be "," separated and on a single line.
188 ##
188 ##
189 ## Most common views to enable:
189 ## Most common views to enable:
190 # RepoCommitsView:repo_commit_download
190 # RepoCommitsView:repo_commit_download
191 # RepoCommitsView:repo_commit_patch
191 # RepoCommitsView:repo_commit_patch
192 # RepoCommitsView:repo_commit_raw
192 # RepoCommitsView:repo_commit_raw
193 # RepoCommitsView:repo_commit_raw@TOKEN
193 # RepoCommitsView:repo_commit_raw@TOKEN
194 # RepoFilesView:repo_files_diff
194 # RepoFilesView:repo_files_diff
195 # RepoFilesView:repo_archivefile
195 # RepoFilesView:repo_archivefile
196 # RepoFilesView:repo_file_raw
196 # RepoFilesView:repo_file_raw
197 # GistView:*
197 # GistView:*
198 api_access_controllers_whitelist =
198 api_access_controllers_whitelist =
199
199
200 ## Default encoding used to convert from and to unicode
200 ## Default encoding used to convert from and to unicode
201 ## can be also a comma separated list of encoding in case of mixed encodings
201 ## can be also a comma separated list of encoding in case of mixed encodings
202 default_encoding = UTF-8
202 default_encoding = UTF-8
203
203
204 ## instance-id prefix
204 ## instance-id prefix
205 ## a prefix key for this instance used for cache invalidation when running
205 ## a prefix key for this instance used for cache invalidation when running
206 ## multiple instances of RhodeCode, make sure it's globally unique for
206 ## multiple instances of RhodeCode, make sure it's globally unique for
207 ## all running RhodeCode instances. Leave empty if you don't use it
207 ## all running RhodeCode instances. Leave empty if you don't use it
208 instance_id =
208 instance_id =
209
209
210 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
210 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
211 ## of an authentication plugin also if it is disabled by it's settings.
211 ## of an authentication plugin also if it is disabled by it's settings.
212 ## This could be useful if you are unable to log in to the system due to broken
212 ## This could be useful if you are unable to log in to the system due to broken
213 ## authentication settings. Then you can enable e.g. the internal RhodeCode auth
213 ## authentication settings. Then you can enable e.g. the internal RhodeCode auth
214 ## module to log in again and fix the settings.
214 ## module to log in again and fix the settings.
215 ##
215 ##
216 ## Available builtin plugin IDs (hash is part of the ID):
216 ## Available builtin plugin IDs (hash is part of the ID):
217 ## egg:rhodecode-enterprise-ce#rhodecode
217 ## egg:rhodecode-enterprise-ce#rhodecode
218 ## egg:rhodecode-enterprise-ce#pam
218 ## egg:rhodecode-enterprise-ce#pam
219 ## egg:rhodecode-enterprise-ce#ldap
219 ## egg:rhodecode-enterprise-ce#ldap
220 ## egg:rhodecode-enterprise-ce#jasig_cas
220 ## egg:rhodecode-enterprise-ce#jasig_cas
221 ## egg:rhodecode-enterprise-ce#headers
221 ## egg:rhodecode-enterprise-ce#headers
222 ## egg:rhodecode-enterprise-ce#crowd
222 ## egg:rhodecode-enterprise-ce#crowd
223 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
223 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
224
224
225 ## alternative return HTTP header for failed authentication. Default HTTP
225 ## alternative return HTTP header for failed authentication. Default HTTP
226 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
226 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
227 ## handling that causing a series of failed authentication calls.
227 ## handling that causing a series of failed authentication calls.
228 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
228 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
229 ## This will be served instead of default 401 on bad authentication
229 ## This will be served instead of default 401 on bad authentication
230 auth_ret_code =
230 auth_ret_code =
231
231
232 ## use special detection method when serving auth_ret_code, instead of serving
232 ## use special detection method when serving auth_ret_code, instead of serving
233 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
233 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
234 ## and then serve auth_ret_code to clients
234 ## and then serve auth_ret_code to clients
235 auth_ret_code_detection = false
235 auth_ret_code_detection = false
236
236
237 ## locking return code. When repository is locked return this HTTP code. 2XX
237 ## locking return code. When repository is locked return this HTTP code. 2XX
238 ## codes don't break the transactions while 4XX codes do
238 ## codes don't break the transactions while 4XX codes do
239 lock_ret_code = 423
239 lock_ret_code = 423
240
240
241 ## allows to change the repository location in settings page
241 ## allows to change the repository location in settings page
242 allow_repo_location_change = true
242 allow_repo_location_change = true
243
243
244 ## allows to setup custom hooks in settings page
244 ## allows to setup custom hooks in settings page
245 allow_custom_hooks_settings = true
245 allow_custom_hooks_settings = true
246
246
247 ## Generated license token required for EE edition license.
247 ## Generated license token required for EE edition license.
248 ## New generated token value can be found in Admin > settings > license page.
248 ## New generated token value can be found in Admin > settings > license page.
249 license_token =
249 license_token =
250
250
251 ## This flag would hide sensitive information on the license page
252 license.hide_license_info = false
253
251 ## supervisor connection uri, for managing supervisor and logs.
254 ## supervisor connection uri, for managing supervisor and logs.
252 supervisor.uri =
255 supervisor.uri =
253 ## supervisord group name/id we only want this RC instance to handle
256 ## supervisord group name/id we only want this RC instance to handle
254 supervisor.group_id = prod
257 supervisor.group_id = prod
255
258
256 ## Display extended labs settings
259 ## Display extended labs settings
257 labs_settings_active = true
260 labs_settings_active = true
258
261
259 ## Custom exception store path, defaults to TMPDIR
262 ## Custom exception store path, defaults to TMPDIR
260 ## This is used to store exception from RhodeCode in shared directory
263 ## This is used to store exception from RhodeCode in shared directory
261 #exception_tracker.store_path =
264 #exception_tracker.store_path =
262
265
263 ## File store configuration. This is used to store and serve uploaded files
266 ## File store configuration. This is used to store and serve uploaded files
264 file_store.enabled = true
267 file_store.enabled = true
265 ## Storage backend, available options are: local
268 ## Storage backend, available options are: local
266 file_store.backend = local
269 file_store.backend = local
267 ## path to store the uploaded binaries
270 ## path to store the uploaded binaries
268 file_store.storage_path = %(here)s/data/file_store
271 file_store.storage_path = %(here)s/data/file_store
269
272
270
273
271 ####################################
274 ####################################
272 ### CELERY CONFIG ####
275 ### CELERY CONFIG ####
273 ####################################
276 ####################################
274 ## run: /path/to/celery worker \
277 ## run: /path/to/celery worker \
275 ## -E --beat --app rhodecode.lib.celerylib.loader \
278 ## -E --beat --app rhodecode.lib.celerylib.loader \
276 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
279 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
277 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
280 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
278
281
279 use_celery = false
282 use_celery = false
280
283
281 ## connection url to the message broker (default redis)
284 ## connection url to the message broker (default redis)
282 celery.broker_url = redis://localhost:6379/8
285 celery.broker_url = redis://localhost:6379/8
283
286
284 ## rabbitmq example
287 ## rabbitmq example
285 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
288 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
286
289
287 ## maximum tasks to execute before worker restart
290 ## maximum tasks to execute before worker restart
288 celery.max_tasks_per_child = 100
291 celery.max_tasks_per_child = 100
289
292
290 ## tasks will never be sent to the queue, but executed locally instead.
293 ## tasks will never be sent to the queue, but executed locally instead.
291 celery.task_always_eager = false
294 celery.task_always_eager = false
292
295
293 #####################################
296 #####################################
294 ### DOGPILE CACHE ####
297 ### DOGPILE CACHE ####
295 #####################################
298 #####################################
296 ## Default cache dir for caches. Putting this into a ramdisk
299 ## Default cache dir for caches. Putting this into a ramdisk
297 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
300 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
298 ## large amount of space
301 ## large amount of space
299 cache_dir = %(here)s/data
302 cache_dir = %(here)s/data
300
303
301 ## `cache_perms` cache settings for permission tree, auth TTL.
304 ## `cache_perms` cache settings for permission tree, auth TTL.
302 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
305 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
303 rc_cache.cache_perms.expiration_time = 300
306 rc_cache.cache_perms.expiration_time = 300
304
307
305 ## alternative `cache_perms` redis backend with distributed lock
308 ## alternative `cache_perms` redis backend with distributed lock
306 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
309 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
307 #rc_cache.cache_perms.expiration_time = 300
310 #rc_cache.cache_perms.expiration_time = 300
308 ## redis_expiration_time needs to be greater then expiration_time
311 ## redis_expiration_time needs to be greater then expiration_time
309 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
312 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
310 #rc_cache.cache_perms.arguments.socket_timeout = 30
313 #rc_cache.cache_perms.arguments.socket_timeout = 30
311 #rc_cache.cache_perms.arguments.host = localhost
314 #rc_cache.cache_perms.arguments.host = localhost
312 #rc_cache.cache_perms.arguments.port = 6379
315 #rc_cache.cache_perms.arguments.port = 6379
313 #rc_cache.cache_perms.arguments.db = 0
316 #rc_cache.cache_perms.arguments.db = 0
314 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
317 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
315 #rc_cache.cache_perms.arguments.distributed_lock = true
318 #rc_cache.cache_perms.arguments.distributed_lock = true
316
319
317 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
320 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
318 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
321 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
319 rc_cache.cache_repo.expiration_time = 2592000
322 rc_cache.cache_repo.expiration_time = 2592000
320
323
321 ## alternative `cache_repo` redis backend with distributed lock
324 ## alternative `cache_repo` redis backend with distributed lock
322 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
325 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
323 #rc_cache.cache_repo.expiration_time = 2592000
326 #rc_cache.cache_repo.expiration_time = 2592000
324 ## redis_expiration_time needs to be greater then expiration_time
327 ## redis_expiration_time needs to be greater then expiration_time
325 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
328 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
326 #rc_cache.cache_repo.arguments.socket_timeout = 30
329 #rc_cache.cache_repo.arguments.socket_timeout = 30
327 #rc_cache.cache_repo.arguments.host = localhost
330 #rc_cache.cache_repo.arguments.host = localhost
328 #rc_cache.cache_repo.arguments.port = 6379
331 #rc_cache.cache_repo.arguments.port = 6379
329 #rc_cache.cache_repo.arguments.db = 1
332 #rc_cache.cache_repo.arguments.db = 1
330 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
333 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
331 #rc_cache.cache_repo.arguments.distributed_lock = true
334 #rc_cache.cache_repo.arguments.distributed_lock = true
332
335
333 ## cache settings for SQL queries, this needs to use memory type backend
336 ## cache settings for SQL queries, this needs to use memory type backend
334 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
337 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
335 rc_cache.sql_cache_short.expiration_time = 30
338 rc_cache.sql_cache_short.expiration_time = 30
336
339
337 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
340 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
338 ## type backend as the objects kept are not pickle serializable
341 ## type backend as the objects kept are not pickle serializable
339 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
342 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
340 ## by default we use 96H, this is using invalidation on push anyway
343 ## by default we use 96H, this is using invalidation on push anyway
341 rc_cache.cache_repo_longterm.expiration_time = 345600
344 rc_cache.cache_repo_longterm.expiration_time = 345600
342 ## max items in LRU cache, reduce this number to save memory, and expire last used
345 ## max items in LRU cache, reduce this number to save memory, and expire last used
343 ## cached objects
346 ## cached objects
344 rc_cache.cache_repo_longterm.max_size = 10000
347 rc_cache.cache_repo_longterm.max_size = 10000
345
348
346
349
347 ####################################
350 ####################################
348 ### BEAKER SESSION ####
351 ### BEAKER SESSION ####
349 ####################################
352 ####################################
350
353
351 ## .session.type is type of storage options for the session, current allowed
354 ## .session.type is type of storage options for the session, current allowed
352 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
355 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
353 beaker.session.type = file
356 beaker.session.type = file
354 beaker.session.data_dir = %(here)s/data/sessions
357 beaker.session.data_dir = %(here)s/data/sessions
355
358
356 ## redis sessions
359 ## redis sessions
357 #beaker.session.type = ext:redis
360 #beaker.session.type = ext:redis
358 #beaker.session.url = redis://127.0.0.1:6379/2
361 #beaker.session.url = redis://127.0.0.1:6379/2
359
362
360 ## db based session, fast, and allows easy management over logged in users
363 ## db based session, fast, and allows easy management over logged in users
361 #beaker.session.type = ext:database
364 #beaker.session.type = ext:database
362 #beaker.session.table_name = db_session
365 #beaker.session.table_name = db_session
363 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
366 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
364 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
367 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
365 #beaker.session.sa.pool_recycle = 3600
368 #beaker.session.sa.pool_recycle = 3600
366 #beaker.session.sa.echo = false
369 #beaker.session.sa.echo = false
367
370
368 beaker.session.key = rhodecode
371 beaker.session.key = rhodecode
369 beaker.session.secret = production-rc-uytcxaz
372 beaker.session.secret = production-rc-uytcxaz
370 beaker.session.lock_dir = %(here)s/data/sessions/lock
373 beaker.session.lock_dir = %(here)s/data/sessions/lock
371
374
372 ## Secure encrypted cookie. Requires AES and AES python libraries
375 ## Secure encrypted cookie. Requires AES and AES python libraries
373 ## you must disable beaker.session.secret to use this
376 ## you must disable beaker.session.secret to use this
374 #beaker.session.encrypt_key = key_for_encryption
377 #beaker.session.encrypt_key = key_for_encryption
375 #beaker.session.validate_key = validation_key
378 #beaker.session.validate_key = validation_key
376
379
377 ## sets session as invalid(also logging out user) if it haven not been
380 ## sets session as invalid(also logging out user) if it haven not been
378 ## accessed for given amount of time in seconds
381 ## accessed for given amount of time in seconds
379 beaker.session.timeout = 2592000
382 beaker.session.timeout = 2592000
380 beaker.session.httponly = true
383 beaker.session.httponly = true
381 ## Path to use for the cookie. Set to prefix if you use prefix middleware
384 ## Path to use for the cookie. Set to prefix if you use prefix middleware
382 #beaker.session.cookie_path = /custom_prefix
385 #beaker.session.cookie_path = /custom_prefix
383
386
384 ## uncomment for https secure cookie
387 ## uncomment for https secure cookie
385 beaker.session.secure = false
388 beaker.session.secure = false
386
389
387 ## auto save the session to not to use .save()
390 ## auto save the session to not to use .save()
388 beaker.session.auto = false
391 beaker.session.auto = false
389
392
390 ## default cookie expiration time in seconds, set to `true` to set expire
393 ## default cookie expiration time in seconds, set to `true` to set expire
391 ## at browser close
394 ## at browser close
392 #beaker.session.cookie_expires = 3600
395 #beaker.session.cookie_expires = 3600
393
396
394 ###################################
397 ###################################
395 ## SEARCH INDEXING CONFIGURATION ##
398 ## SEARCH INDEXING CONFIGURATION ##
396 ###################################
399 ###################################
397 ## Full text search indexer is available in rhodecode-tools under
400 ## Full text search indexer is available in rhodecode-tools under
398 ## `rhodecode-tools index` command
401 ## `rhodecode-tools index` command
399
402
400 ## WHOOSH Backend, doesn't require additional services to run
403 ## WHOOSH Backend, doesn't require additional services to run
401 ## it works good with few dozen repos
404 ## it works good with few dozen repos
402 search.module = rhodecode.lib.index.whoosh
405 search.module = rhodecode.lib.index.whoosh
403 search.location = %(here)s/data/index
406 search.location = %(here)s/data/index
404
407
405 ########################################
408 ########################################
406 ### CHANNELSTREAM CONFIG ####
409 ### CHANNELSTREAM CONFIG ####
407 ########################################
410 ########################################
408 ## channelstream enables persistent connections and live notification
411 ## channelstream enables persistent connections and live notification
409 ## in the system. It's also used by the chat system
412 ## in the system. It's also used by the chat system
410
413
411 channelstream.enabled = false
414 channelstream.enabled = false
412
415
413 ## server address for channelstream server on the backend
416 ## server address for channelstream server on the backend
414 channelstream.server = 127.0.0.1:9800
417 channelstream.server = 127.0.0.1:9800
415
418
416 ## location of the channelstream server from outside world
419 ## location of the channelstream server from outside world
417 ## use ws:// for http or wss:// for https. This address needs to be handled
420 ## use ws:// for http or wss:// for https. This address needs to be handled
418 ## by external HTTP server such as Nginx or Apache
421 ## by external HTTP server such as Nginx or Apache
419 ## see Nginx/Apache configuration examples in our docs
422 ## see Nginx/Apache configuration examples in our docs
420 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
423 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
421 channelstream.secret = secret
424 channelstream.secret = secret
422 channelstream.history.location = %(here)s/channelstream_history
425 channelstream.history.location = %(here)s/channelstream_history
423
426
424 ## Internal application path that Javascript uses to connect into.
427 ## Internal application path that Javascript uses to connect into.
425 ## If you use proxy-prefix the prefix should be added before /_channelstream
428 ## If you use proxy-prefix the prefix should be added before /_channelstream
426 channelstream.proxy_path = /_channelstream
429 channelstream.proxy_path = /_channelstream
427
430
428
431
429 ###################################
432 ###################################
430 ## APPENLIGHT CONFIG ##
433 ## APPENLIGHT CONFIG ##
431 ###################################
434 ###################################
432
435
433 ## Appenlight is tailored to work with RhodeCode, see
436 ## Appenlight is tailored to work with RhodeCode, see
434 ## http://appenlight.com for details how to obtain an account
437 ## http://appenlight.com for details how to obtain an account
435
438
436 ## Appenlight integration enabled
439 ## Appenlight integration enabled
437 appenlight = false
440 appenlight = false
438
441
439 appenlight.server_url = https://api.appenlight.com
442 appenlight.server_url = https://api.appenlight.com
440 appenlight.api_key = YOUR_API_KEY
443 appenlight.api_key = YOUR_API_KEY
441 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
444 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
442
445
443 ## used for JS client
446 ## used for JS client
444 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
447 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
445
448
446 ## TWEAK AMOUNT OF INFO SENT HERE
449 ## TWEAK AMOUNT OF INFO SENT HERE
447
450
448 ## enables 404 error logging (default False)
451 ## enables 404 error logging (default False)
449 appenlight.report_404 = false
452 appenlight.report_404 = false
450
453
451 ## time in seconds after request is considered being slow (default 1)
454 ## time in seconds after request is considered being slow (default 1)
452 appenlight.slow_request_time = 1
455 appenlight.slow_request_time = 1
453
456
454 ## record slow requests in application
457 ## record slow requests in application
455 ## (needs to be enabled for slow datastore recording and time tracking)
458 ## (needs to be enabled for slow datastore recording and time tracking)
456 appenlight.slow_requests = true
459 appenlight.slow_requests = true
457
460
458 ## enable hooking to application loggers
461 ## enable hooking to application loggers
459 appenlight.logging = true
462 appenlight.logging = true
460
463
461 ## minimum log level for log capture
464 ## minimum log level for log capture
462 appenlight.logging.level = WARNING
465 appenlight.logging.level = WARNING
463
466
464 ## send logs only from erroneous/slow requests
467 ## send logs only from erroneous/slow requests
465 ## (saves API quota for intensive logging)
468 ## (saves API quota for intensive logging)
466 appenlight.logging_on_error = false
469 appenlight.logging_on_error = false
467
470
468 ## list of additional keywords that should be grabbed from environ object
471 ## list of additional keywords that should be grabbed from environ object
469 ## can be string with comma separated list of words in lowercase
472 ## can be string with comma separated list of words in lowercase
470 ## (by default client will always send following info:
473 ## (by default client will always send following info:
471 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
474 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
472 ## start with HTTP* this list be extended with additional keywords here
475 ## start with HTTP* this list be extended with additional keywords here
473 appenlight.environ_keys_whitelist =
476 appenlight.environ_keys_whitelist =
474
477
475 ## list of keywords that should be blanked from request object
478 ## list of keywords that should be blanked from request object
476 ## can be string with comma separated list of words in lowercase
479 ## can be string with comma separated list of words in lowercase
477 ## (by default client will always blank keys that contain following words
480 ## (by default client will always blank keys that contain following words
478 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
481 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
479 ## this list be extended with additional keywords set here
482 ## this list be extended with additional keywords set here
480 appenlight.request_keys_blacklist =
483 appenlight.request_keys_blacklist =
481
484
482 ## list of namespaces that should be ignores when gathering log entries
485 ## list of namespaces that should be ignores when gathering log entries
483 ## can be string with comma separated list of namespaces
486 ## can be string with comma separated list of namespaces
484 ## (by default the client ignores own entries: appenlight_client.client)
487 ## (by default the client ignores own entries: appenlight_client.client)
485 appenlight.log_namespace_blacklist =
488 appenlight.log_namespace_blacklist =
486
489
487
490
488 ###########################################
491 ###########################################
489 ### MAIN RHODECODE DATABASE CONFIG ###
492 ### MAIN RHODECODE DATABASE CONFIG ###
490 ###########################################
493 ###########################################
491 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
494 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
492 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
495 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
493 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
496 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
494 # pymysql is an alternative driver for MySQL, use in case of problems with default one
497 # pymysql is an alternative driver for MySQL, use in case of problems with default one
495 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
498 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
496
499
497 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
500 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
498
501
499 # see sqlalchemy docs for other advanced settings
502 # see sqlalchemy docs for other advanced settings
500
503
501 ## print the sql statements to output
504 ## print the sql statements to output
502 sqlalchemy.db1.echo = false
505 sqlalchemy.db1.echo = false
503 ## recycle the connections after this amount of seconds
506 ## recycle the connections after this amount of seconds
504 sqlalchemy.db1.pool_recycle = 3600
507 sqlalchemy.db1.pool_recycle = 3600
505
508
506 ## the number of connections to keep open inside the connection pool.
509 ## the number of connections to keep open inside the connection pool.
507 ## 0 indicates no limit
510 ## 0 indicates no limit
508 #sqlalchemy.db1.pool_size = 5
511 #sqlalchemy.db1.pool_size = 5
509
512
510 ## the number of connections to allow in connection pool "overflow", that is
513 ## the number of connections to allow in connection pool "overflow", that is
511 ## connections that can be opened above and beyond the pool_size setting,
514 ## connections that can be opened above and beyond the pool_size setting,
512 ## which defaults to five.
515 ## which defaults to five.
513 #sqlalchemy.db1.max_overflow = 10
516 #sqlalchemy.db1.max_overflow = 10
514
517
515 ## Connection check ping, used to detect broken database connections
518 ## Connection check ping, used to detect broken database connections
516 ## could be enabled to better handle cases if MySQL has gone away errors
519 ## could be enabled to better handle cases if MySQL has gone away errors
517 #sqlalchemy.db1.ping_connection = true
520 #sqlalchemy.db1.ping_connection = true
518
521
519 ##################
522 ##################
520 ### VCS CONFIG ###
523 ### VCS CONFIG ###
521 ##################
524 ##################
522 vcs.server.enable = true
525 vcs.server.enable = true
523 vcs.server = localhost:9900
526 vcs.server = localhost:9900
524
527
525 ## Web server connectivity protocol, responsible for web based VCS operations
528 ## Web server connectivity protocol, responsible for web based VCS operations
526 ## Available protocols are:
529 ## Available protocols are:
527 ## `http` - use http-rpc backend (default)
530 ## `http` - use http-rpc backend (default)
528 vcs.server.protocol = http
531 vcs.server.protocol = http
529
532
530 ## Push/Pull operations protocol, available options are:
533 ## Push/Pull operations protocol, available options are:
531 ## `http` - use http-rpc backend (default)
534 ## `http` - use http-rpc backend (default)
532 vcs.scm_app_implementation = http
535 vcs.scm_app_implementation = http
533
536
534 ## Push/Pull operations hooks protocol, available options are:
537 ## Push/Pull operations hooks protocol, available options are:
535 ## `http` - use http-rpc backend (default)
538 ## `http` - use http-rpc backend (default)
536 vcs.hooks.protocol = http
539 vcs.hooks.protocol = http
537
540
538 ## Host on which this instance is listening for hooks. If vcsserver is in other location
541 ## Host on which this instance is listening for hooks. If vcsserver is in other location
539 ## this should be adjusted.
542 ## this should be adjusted.
540 vcs.hooks.host = 127.0.0.1
543 vcs.hooks.host = 127.0.0.1
541
544
542 vcs.server.log_level = info
545 vcs.server.log_level = info
543 ## Start VCSServer with this instance as a subprocess, useful for development
546 ## Start VCSServer with this instance as a subprocess, useful for development
544 vcs.start_server = false
547 vcs.start_server = false
545
548
546 ## List of enabled VCS backends, available options are:
549 ## List of enabled VCS backends, available options are:
547 ## `hg` - mercurial
550 ## `hg` - mercurial
548 ## `git` - git
551 ## `git` - git
549 ## `svn` - subversion
552 ## `svn` - subversion
550 vcs.backends = hg, git, svn
553 vcs.backends = hg, git, svn
551
554
552 vcs.connection_timeout = 3600
555 vcs.connection_timeout = 3600
553 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
556 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
554 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
557 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
555 #vcs.svn.compatible_version = pre-1.8-compatible
558 #vcs.svn.compatible_version = pre-1.8-compatible
556
559
557
560
558 ############################################################
561 ############################################################
559 ### Subversion proxy support (mod_dav_svn) ###
562 ### Subversion proxy support (mod_dav_svn) ###
560 ### Maps RhodeCode repo groups into SVN paths for Apache ###
563 ### Maps RhodeCode repo groups into SVN paths for Apache ###
561 ############################################################
564 ############################################################
562 ## Enable or disable the config file generation.
565 ## Enable or disable the config file generation.
563 svn.proxy.generate_config = false
566 svn.proxy.generate_config = false
564 ## Generate config file with `SVNListParentPath` set to `On`.
567 ## Generate config file with `SVNListParentPath` set to `On`.
565 svn.proxy.list_parent_path = true
568 svn.proxy.list_parent_path = true
566 ## Set location and file name of generated config file.
569 ## Set location and file name of generated config file.
567 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
570 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
568 ## alternative mod_dav config template. This needs to be a mako template
571 ## alternative mod_dav config template. This needs to be a mako template
569 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
572 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
570 ## Used as a prefix to the `Location` block in the generated config file.
573 ## Used as a prefix to the `Location` block in the generated config file.
571 ## In most cases it should be set to `/`.
574 ## In most cases it should be set to `/`.
572 svn.proxy.location_root = /
575 svn.proxy.location_root = /
573 ## Command to reload the mod dav svn configuration on change.
576 ## Command to reload the mod dav svn configuration on change.
574 ## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
577 ## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
575 ## Make sure user who runs RhodeCode process is allowed to reload Apache
578 ## Make sure user who runs RhodeCode process is allowed to reload Apache
576 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
579 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
577 ## If the timeout expires before the reload command finishes, the command will
580 ## If the timeout expires before the reload command finishes, the command will
578 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
581 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
579 #svn.proxy.reload_timeout = 10
582 #svn.proxy.reload_timeout = 10
580
583
581 ############################################################
584 ############################################################
582 ### SSH Support Settings ###
585 ### SSH Support Settings ###
583 ############################################################
586 ############################################################
584
587
585 ## Defines if a custom authorized_keys file should be created and written on
588 ## Defines if a custom authorized_keys file should be created and written on
586 ## any change user ssh keys. Setting this to false also disables possibility
589 ## any change user ssh keys. Setting this to false also disables possibility
587 ## of adding SSH keys by users from web interface. Super admins can still
590 ## of adding SSH keys by users from web interface. Super admins can still
588 ## manage SSH Keys.
591 ## manage SSH Keys.
589 ssh.generate_authorized_keyfile = false
592 ssh.generate_authorized_keyfile = false
590
593
591 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
594 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
592 # ssh.authorized_keys_ssh_opts =
595 # ssh.authorized_keys_ssh_opts =
593
596
594 ## Path to the authorized_keys file where the generate entries are placed.
597 ## Path to the authorized_keys file where the generate entries are placed.
595 ## It is possible to have multiple key files specified in `sshd_config` e.g.
598 ## It is possible to have multiple key files specified in `sshd_config` e.g.
596 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
599 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
597 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
600 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
598
601
599 ## Command to execute the SSH wrapper. The binary is available in the
602 ## Command to execute the SSH wrapper. The binary is available in the
600 ## RhodeCode installation directory.
603 ## RhodeCode installation directory.
601 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
604 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
602 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
605 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
603
606
604 ## Allow shell when executing the ssh-wrapper command
607 ## Allow shell when executing the ssh-wrapper command
605 ssh.wrapper_cmd_allow_shell = false
608 ssh.wrapper_cmd_allow_shell = false
606
609
607 ## Enables logging, and detailed output send back to the client during SSH
610 ## Enables logging, and detailed output send back to the client during SSH
608 ## operations. Useful for debugging, shouldn't be used in production.
611 ## operations. Useful for debugging, shouldn't be used in production.
609 ssh.enable_debug_logging = false
612 ssh.enable_debug_logging = false
610
613
611 ## Paths to binary executable, by default they are the names, but we can
614 ## Paths to binary executable, by default they are the names, but we can
612 ## override them if we want to use a custom one
615 ## override them if we want to use a custom one
613 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
616 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
614 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
617 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
615 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
618 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
616
619
617 ## Enables SSH key generator web interface. Disabling this still allows users
620 ## Enables SSH key generator web interface. Disabling this still allows users
618 ## to add their own keys.
621 ## to add their own keys.
619 ssh.enable_ui_key_generator = true
622 ssh.enable_ui_key_generator = true
620
623
621
624
622 ## Dummy marker to add new entries after.
625 ## Dummy marker to add new entries after.
623 ## Add any custom entries below. Please don't remove.
626 ## Add any custom entries below. Please don't remove.
624 custom.conf = 1
627 custom.conf = 1
625
628
626
629
627 ################################
630 ################################
628 ### LOGGING CONFIGURATION ####
631 ### LOGGING CONFIGURATION ####
629 ################################
632 ################################
630 [loggers]
633 [loggers]
631 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
634 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
632
635
633 [handlers]
636 [handlers]
634 keys = console, console_sql
637 keys = console, console_sql
635
638
636 [formatters]
639 [formatters]
637 keys = generic, color_formatter, color_formatter_sql
640 keys = generic, color_formatter, color_formatter_sql
638
641
639 #############
642 #############
640 ## LOGGERS ##
643 ## LOGGERS ##
641 #############
644 #############
642 [logger_root]
645 [logger_root]
643 level = NOTSET
646 level = NOTSET
644 handlers = console
647 handlers = console
645
648
646 [logger_sqlalchemy]
649 [logger_sqlalchemy]
647 level = INFO
650 level = INFO
648 handlers = console_sql
651 handlers = console_sql
649 qualname = sqlalchemy.engine
652 qualname = sqlalchemy.engine
650 propagate = 0
653 propagate = 0
651
654
652 [logger_beaker]
655 [logger_beaker]
653 level = DEBUG
656 level = DEBUG
654 handlers =
657 handlers =
655 qualname = beaker.container
658 qualname = beaker.container
656 propagate = 1
659 propagate = 1
657
660
658 [logger_rhodecode]
661 [logger_rhodecode]
659 level = DEBUG
662 level = DEBUG
660 handlers =
663 handlers =
661 qualname = rhodecode
664 qualname = rhodecode
662 propagate = 1
665 propagate = 1
663
666
664 [logger_ssh_wrapper]
667 [logger_ssh_wrapper]
665 level = DEBUG
668 level = DEBUG
666 handlers =
669 handlers =
667 qualname = ssh_wrapper
670 qualname = ssh_wrapper
668 propagate = 1
671 propagate = 1
669
672
670 [logger_celery]
673 [logger_celery]
671 level = DEBUG
674 level = DEBUG
672 handlers =
675 handlers =
673 qualname = celery
676 qualname = celery
674
677
675
678
676 ##############
679 ##############
677 ## HANDLERS ##
680 ## HANDLERS ##
678 ##############
681 ##############
679
682
680 [handler_console]
683 [handler_console]
681 class = StreamHandler
684 class = StreamHandler
682 args = (sys.stderr, )
685 args = (sys.stderr, )
683 level = INFO
686 level = INFO
684 formatter = generic
687 formatter = generic
685
688
686 [handler_console_sql]
689 [handler_console_sql]
687 # "level = DEBUG" logs SQL queries and results.
690 # "level = DEBUG" logs SQL queries and results.
688 # "level = INFO" logs SQL queries.
691 # "level = INFO" logs SQL queries.
689 # "level = WARN" logs neither. (Recommended for production systems.)
692 # "level = WARN" logs neither. (Recommended for production systems.)
690 class = StreamHandler
693 class = StreamHandler
691 args = (sys.stderr, )
694 args = (sys.stderr, )
692 level = WARN
695 level = WARN
693 formatter = generic
696 formatter = generic
694
697
695 ################
698 ################
696 ## FORMATTERS ##
699 ## FORMATTERS ##
697 ################
700 ################
698
701
699 [formatter_generic]
702 [formatter_generic]
700 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
703 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
701 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
704 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
702 datefmt = %Y-%m-%d %H:%M:%S
705 datefmt = %Y-%m-%d %H:%M:%S
703
706
704 [formatter_color_formatter]
707 [formatter_color_formatter]
705 class = rhodecode.lib.logging_formatter.ColorFormatter
708 class = rhodecode.lib.logging_formatter.ColorFormatter
706 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
709 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
707 datefmt = %Y-%m-%d %H:%M:%S
710 datefmt = %Y-%m-%d %H:%M:%S
708
711
709 [formatter_color_formatter_sql]
712 [formatter_color_formatter_sql]
710 class = rhodecode.lib.logging_formatter.ColorFormatterSql
713 class = rhodecode.lib.logging_formatter.ColorFormatterSql
711 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
714 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
712 datefmt = %Y-%m-%d %H:%M:%S
715 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,597 +1,601 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2019 RhodeCode GmbH
3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 The base Controller API
22 The base Controller API
23 Provides the BaseController class for subclassing. And usage in different
23 Provides the BaseController class for subclassing. And usage in different
24 controllers
24 controllers
25 """
25 """
26
26
27 import logging
27 import logging
28 import socket
28 import socket
29
29
30 import markupsafe
30 import markupsafe
31 import ipaddress
31 import ipaddress
32
32
33 from paste.auth.basic import AuthBasicAuthenticator
33 from paste.auth.basic import AuthBasicAuthenticator
34 from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception
34 from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception
35 from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
35 from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
36
36
37 import rhodecode
37 import rhodecode
38 from rhodecode.apps._base import TemplateArgs
38 from rhodecode.apps._base import TemplateArgs
39 from rhodecode.authentication.base import VCS_TYPE
39 from rhodecode.authentication.base import VCS_TYPE
40 from rhodecode.lib import auth, utils2
40 from rhodecode.lib import auth, utils2
41 from rhodecode.lib import helpers as h
41 from rhodecode.lib import helpers as h
42 from rhodecode.lib.auth import AuthUser, CookieStoreWrapper
42 from rhodecode.lib.auth import AuthUser, CookieStoreWrapper
43 from rhodecode.lib.exceptions import UserCreationError
43 from rhodecode.lib.exceptions import UserCreationError
44 from rhodecode.lib.utils import (password_changed, get_enabled_hook_classes)
44 from rhodecode.lib.utils import (password_changed, get_enabled_hook_classes)
45 from rhodecode.lib.utils2 import (
45 from rhodecode.lib.utils2 import (
46 str2bool, safe_unicode, AttributeDict, safe_int, sha1, aslist, safe_str)
46 str2bool, safe_unicode, AttributeDict, safe_int, sha1, aslist, safe_str)
47 from rhodecode.model.db import Repository, User, ChangesetComment, UserBookmark
47 from rhodecode.model.db import Repository, User, ChangesetComment, UserBookmark
48 from rhodecode.model.notification import NotificationModel
48 from rhodecode.model.notification import NotificationModel
49 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
49 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
50
50
51 log = logging.getLogger(__name__)
51 log = logging.getLogger(__name__)
52
52
53
53
54 def _filter_proxy(ip):
54 def _filter_proxy(ip):
55 """
55 """
56 Passed in IP addresses in HEADERS can be in a special format of multiple
56 Passed in IP addresses in HEADERS can be in a special format of multiple
57 ips. Those comma separated IPs are passed from various proxies in the
57 ips. Those comma separated IPs are passed from various proxies in the
58 chain of request processing. The left-most being the original client.
58 chain of request processing. The left-most being the original client.
59 We only care about the first IP which came from the org. client.
59 We only care about the first IP which came from the org. client.
60
60
61 :param ip: ip string from headers
61 :param ip: ip string from headers
62 """
62 """
63 if ',' in ip:
63 if ',' in ip:
64 _ips = ip.split(',')
64 _ips = ip.split(',')
65 _first_ip = _ips[0].strip()
65 _first_ip = _ips[0].strip()
66 log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)
66 log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)
67 return _first_ip
67 return _first_ip
68 return ip
68 return ip
69
69
70
70
71 def _filter_port(ip):
71 def _filter_port(ip):
72 """
72 """
73 Removes a port from ip, there are 4 main cases to handle here.
73 Removes a port from ip, there are 4 main cases to handle here.
74 - ipv4 eg. 127.0.0.1
74 - ipv4 eg. 127.0.0.1
75 - ipv6 eg. ::1
75 - ipv6 eg. ::1
76 - ipv4+port eg. 127.0.0.1:8080
76 - ipv4+port eg. 127.0.0.1:8080
77 - ipv6+port eg. [::1]:8080
77 - ipv6+port eg. [::1]:8080
78
78
79 :param ip:
79 :param ip:
80 """
80 """
81 def is_ipv6(ip_addr):
81 def is_ipv6(ip_addr):
82 if hasattr(socket, 'inet_pton'):
82 if hasattr(socket, 'inet_pton'):
83 try:
83 try:
84 socket.inet_pton(socket.AF_INET6, ip_addr)
84 socket.inet_pton(socket.AF_INET6, ip_addr)
85 except socket.error:
85 except socket.error:
86 return False
86 return False
87 else:
87 else:
88 # fallback to ipaddress
88 # fallback to ipaddress
89 try:
89 try:
90 ipaddress.IPv6Address(safe_unicode(ip_addr))
90 ipaddress.IPv6Address(safe_unicode(ip_addr))
91 except Exception:
91 except Exception:
92 return False
92 return False
93 return True
93 return True
94
94
95 if ':' not in ip: # must be ipv4 pure ip
95 if ':' not in ip: # must be ipv4 pure ip
96 return ip
96 return ip
97
97
98 if '[' in ip and ']' in ip: # ipv6 with port
98 if '[' in ip and ']' in ip: # ipv6 with port
99 return ip.split(']')[0][1:].lower()
99 return ip.split(']')[0][1:].lower()
100
100
101 # must be ipv6 or ipv4 with port
101 # must be ipv6 or ipv4 with port
102 if is_ipv6(ip):
102 if is_ipv6(ip):
103 return ip
103 return ip
104 else:
104 else:
105 ip, _port = ip.split(':')[:2] # means ipv4+port
105 ip, _port = ip.split(':')[:2] # means ipv4+port
106 return ip
106 return ip
107
107
108
108
109 def get_ip_addr(environ):
109 def get_ip_addr(environ):
110 proxy_key = 'HTTP_X_REAL_IP'
110 proxy_key = 'HTTP_X_REAL_IP'
111 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
111 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
112 def_key = 'REMOTE_ADDR'
112 def_key = 'REMOTE_ADDR'
113 _filters = lambda x: _filter_port(_filter_proxy(x))
113 _filters = lambda x: _filter_port(_filter_proxy(x))
114
114
115 ip = environ.get(proxy_key)
115 ip = environ.get(proxy_key)
116 if ip:
116 if ip:
117 return _filters(ip)
117 return _filters(ip)
118
118
119 ip = environ.get(proxy_key2)
119 ip = environ.get(proxy_key2)
120 if ip:
120 if ip:
121 return _filters(ip)
121 return _filters(ip)
122
122
123 ip = environ.get(def_key, '0.0.0.0')
123 ip = environ.get(def_key, '0.0.0.0')
124 return _filters(ip)
124 return _filters(ip)
125
125
126
126
127 def get_server_ip_addr(environ, log_errors=True):
127 def get_server_ip_addr(environ, log_errors=True):
128 hostname = environ.get('SERVER_NAME')
128 hostname = environ.get('SERVER_NAME')
129 try:
129 try:
130 return socket.gethostbyname(hostname)
130 return socket.gethostbyname(hostname)
131 except Exception as e:
131 except Exception as e:
132 if log_errors:
132 if log_errors:
133 # in some cases this lookup is not possible, and we don't want to
133 # in some cases this lookup is not possible, and we don't want to
134 # make it an exception in logs
134 # make it an exception in logs
135 log.exception('Could not retrieve server ip address: %s', e)
135 log.exception('Could not retrieve server ip address: %s', e)
136 return hostname
136 return hostname
137
137
138
138
139 def get_server_port(environ):
139 def get_server_port(environ):
140 return environ.get('SERVER_PORT')
140 return environ.get('SERVER_PORT')
141
141
142
142
143 def get_access_path(environ):
143 def get_access_path(environ):
144 path = environ.get('PATH_INFO')
144 path = environ.get('PATH_INFO')
145 org_req = environ.get('pylons.original_request')
145 org_req = environ.get('pylons.original_request')
146 if org_req:
146 if org_req:
147 path = org_req.environ.get('PATH_INFO')
147 path = org_req.environ.get('PATH_INFO')
148 return path
148 return path
149
149
150
150
151 def get_user_agent(environ):
151 def get_user_agent(environ):
152 return environ.get('HTTP_USER_AGENT')
152 return environ.get('HTTP_USER_AGENT')
153
153
154
154
155 def vcs_operation_context(
155 def vcs_operation_context(
156 environ, repo_name, username, action, scm, check_locking=True,
156 environ, repo_name, username, action, scm, check_locking=True,
157 is_shadow_repo=False, check_branch_perms=False, detect_force_push=False):
157 is_shadow_repo=False, check_branch_perms=False, detect_force_push=False):
158 """
158 """
159 Generate the context for a vcs operation, e.g. push or pull.
159 Generate the context for a vcs operation, e.g. push or pull.
160
160
161 This context is passed over the layers so that hooks triggered by the
161 This context is passed over the layers so that hooks triggered by the
162 vcs operation know details like the user, the user's IP address etc.
162 vcs operation know details like the user, the user's IP address etc.
163
163
164 :param check_locking: Allows to switch of the computation of the locking
164 :param check_locking: Allows to switch of the computation of the locking
165 data. This serves mainly the need of the simplevcs middleware to be
165 data. This serves mainly the need of the simplevcs middleware to be
166 able to disable this for certain operations.
166 able to disable this for certain operations.
167
167
168 """
168 """
169 # Tri-state value: False: unlock, None: nothing, True: lock
169 # Tri-state value: False: unlock, None: nothing, True: lock
170 make_lock = None
170 make_lock = None
171 locked_by = [None, None, None]
171 locked_by = [None, None, None]
172 is_anonymous = username == User.DEFAULT_USER
172 is_anonymous = username == User.DEFAULT_USER
173 user = User.get_by_username(username)
173 user = User.get_by_username(username)
174 if not is_anonymous and check_locking:
174 if not is_anonymous and check_locking:
175 log.debug('Checking locking on repository "%s"', repo_name)
175 log.debug('Checking locking on repository "%s"', repo_name)
176 repo = Repository.get_by_repo_name(repo_name)
176 repo = Repository.get_by_repo_name(repo_name)
177 make_lock, __, locked_by = repo.get_locking_state(
177 make_lock, __, locked_by = repo.get_locking_state(
178 action, user.user_id)
178 action, user.user_id)
179 user_id = user.user_id
179 user_id = user.user_id
180 settings_model = VcsSettingsModel(repo=repo_name)
180 settings_model = VcsSettingsModel(repo=repo_name)
181 ui_settings = settings_model.get_ui_settings()
181 ui_settings = settings_model.get_ui_settings()
182
182
183 # NOTE(marcink): This should be also in sync with
183 # NOTE(marcink): This should be also in sync with
184 # rhodecode/apps/ssh_support/lib/backends/base.py:update_environment scm_data
184 # rhodecode/apps/ssh_support/lib/backends/base.py:update_environment scm_data
185 store = [x for x in ui_settings if x.key == '/']
185 store = [x for x in ui_settings if x.key == '/']
186 repo_store = ''
186 repo_store = ''
187 if store:
187 if store:
188 repo_store = store[0].value
188 repo_store = store[0].value
189
189
190 scm_data = {
190 scm_data = {
191 'ip': get_ip_addr(environ),
191 'ip': get_ip_addr(environ),
192 'username': username,
192 'username': username,
193 'user_id': user_id,
193 'user_id': user_id,
194 'action': action,
194 'action': action,
195 'repository': repo_name,
195 'repository': repo_name,
196 'scm': scm,
196 'scm': scm,
197 'config': rhodecode.CONFIG['__file__'],
197 'config': rhodecode.CONFIG['__file__'],
198 'repo_store': repo_store,
198 'repo_store': repo_store,
199 'make_lock': make_lock,
199 'make_lock': make_lock,
200 'locked_by': locked_by,
200 'locked_by': locked_by,
201 'server_url': utils2.get_server_url(environ),
201 'server_url': utils2.get_server_url(environ),
202 'user_agent': get_user_agent(environ),
202 'user_agent': get_user_agent(environ),
203 'hooks': get_enabled_hook_classes(ui_settings),
203 'hooks': get_enabled_hook_classes(ui_settings),
204 'is_shadow_repo': is_shadow_repo,
204 'is_shadow_repo': is_shadow_repo,
205 'detect_force_push': detect_force_push,
205 'detect_force_push': detect_force_push,
206 'check_branch_perms': check_branch_perms,
206 'check_branch_perms': check_branch_perms,
207 }
207 }
208 return scm_data
208 return scm_data
209
209
210
210
211 class BasicAuth(AuthBasicAuthenticator):
211 class BasicAuth(AuthBasicAuthenticator):
212
212
213 def __init__(self, realm, authfunc, registry, auth_http_code=None,
213 def __init__(self, realm, authfunc, registry, auth_http_code=None,
214 initial_call_detection=False, acl_repo_name=None):
214 initial_call_detection=False, acl_repo_name=None):
215 self.realm = realm
215 self.realm = realm
216 self.initial_call = initial_call_detection
216 self.initial_call = initial_call_detection
217 self.authfunc = authfunc
217 self.authfunc = authfunc
218 self.registry = registry
218 self.registry = registry
219 self.acl_repo_name = acl_repo_name
219 self.acl_repo_name = acl_repo_name
220 self._rc_auth_http_code = auth_http_code
220 self._rc_auth_http_code = auth_http_code
221
221
222 def _get_response_from_code(self, http_code):
222 def _get_response_from_code(self, http_code):
223 try:
223 try:
224 return get_exception(safe_int(http_code))
224 return get_exception(safe_int(http_code))
225 except Exception:
225 except Exception:
226 log.exception('Failed to fetch response for code %s', http_code)
226 log.exception('Failed to fetch response for code %s', http_code)
227 return HTTPForbidden
227 return HTTPForbidden
228
228
229 def get_rc_realm(self):
229 def get_rc_realm(self):
230 return safe_str(self.registry.rhodecode_settings.get('rhodecode_realm'))
230 return safe_str(self.registry.rhodecode_settings.get('rhodecode_realm'))
231
231
232 def build_authentication(self):
232 def build_authentication(self):
233 head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
233 head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
234 if self._rc_auth_http_code and not self.initial_call:
234 if self._rc_auth_http_code and not self.initial_call:
235 # return alternative HTTP code if alternative http return code
235 # return alternative HTTP code if alternative http return code
236 # is specified in RhodeCode config, but ONLY if it's not the
236 # is specified in RhodeCode config, but ONLY if it's not the
237 # FIRST call
237 # FIRST call
238 custom_response_klass = self._get_response_from_code(
238 custom_response_klass = self._get_response_from_code(
239 self._rc_auth_http_code)
239 self._rc_auth_http_code)
240 return custom_response_klass(headers=head)
240 return custom_response_klass(headers=head)
241 return HTTPUnauthorized(headers=head)
241 return HTTPUnauthorized(headers=head)
242
242
243 def authenticate(self, environ):
243 def authenticate(self, environ):
244 authorization = AUTHORIZATION(environ)
244 authorization = AUTHORIZATION(environ)
245 if not authorization:
245 if not authorization:
246 return self.build_authentication()
246 return self.build_authentication()
247 (authmeth, auth) = authorization.split(' ', 1)
247 (authmeth, auth) = authorization.split(' ', 1)
248 if 'basic' != authmeth.lower():
248 if 'basic' != authmeth.lower():
249 return self.build_authentication()
249 return self.build_authentication()
250 auth = auth.strip().decode('base64')
250 auth = auth.strip().decode('base64')
251 _parts = auth.split(':', 1)
251 _parts = auth.split(':', 1)
252 if len(_parts) == 2:
252 if len(_parts) == 2:
253 username, password = _parts
253 username, password = _parts
254 auth_data = self.authfunc(
254 auth_data = self.authfunc(
255 username, password, environ, VCS_TYPE,
255 username, password, environ, VCS_TYPE,
256 registry=self.registry, acl_repo_name=self.acl_repo_name)
256 registry=self.registry, acl_repo_name=self.acl_repo_name)
257 if auth_data:
257 if auth_data:
258 return {'username': username, 'auth_data': auth_data}
258 return {'username': username, 'auth_data': auth_data}
259 if username and password:
259 if username and password:
260 # we mark that we actually executed authentication once, at
260 # we mark that we actually executed authentication once, at
261 # that point we can use the alternative auth code
261 # that point we can use the alternative auth code
262 self.initial_call = False
262 self.initial_call = False
263
263
264 return self.build_authentication()
264 return self.build_authentication()
265
265
266 __call__ = authenticate
266 __call__ = authenticate
267
267
268
268
269 def calculate_version_hash(config):
269 def calculate_version_hash(config):
270 return sha1(
270 return sha1(
271 config.get('beaker.session.secret', '') +
271 config.get('beaker.session.secret', '') +
272 rhodecode.__version__)[:8]
272 rhodecode.__version__)[:8]
273
273
274
274
275 def get_current_lang(request):
275 def get_current_lang(request):
276 # NOTE(marcink): remove after pyramid move
276 # NOTE(marcink): remove after pyramid move
277 try:
277 try:
278 return translation.get_lang()[0]
278 return translation.get_lang()[0]
279 except:
279 except:
280 pass
280 pass
281
281
282 return getattr(request, '_LOCALE_', request.locale_name)
282 return getattr(request, '_LOCALE_', request.locale_name)
283
283
284
284
285 def attach_context_attributes(context, request, user_id=None):
285 def attach_context_attributes(context, request, user_id=None):
286 """
286 """
287 Attach variables into template context called `c`.
287 Attach variables into template context called `c`.
288 """
288 """
289 config = request.registry.settings
289 config = request.registry.settings
290
290
291 rc_config = SettingsModel().get_all_settings(cache=True)
291 rc_config = SettingsModel().get_all_settings(cache=True)
292 context.rc_config = rc_config
292 context.rc_config = rc_config
293 context.rhodecode_version = rhodecode.__version__
293 context.rhodecode_version = rhodecode.__version__
294 context.rhodecode_edition = config.get('rhodecode.edition')
294 context.rhodecode_edition = config.get('rhodecode.edition')
295 # unique secret + version does not leak the version but keep consistency
295 # unique secret + version does not leak the version but keep consistency
296 context.rhodecode_version_hash = calculate_version_hash(config)
296 context.rhodecode_version_hash = calculate_version_hash(config)
297
297
298 # Default language set for the incoming request
298 # Default language set for the incoming request
299 context.language = get_current_lang(request)
299 context.language = get_current_lang(request)
300
300
301 # Visual options
301 # Visual options
302 context.visual = AttributeDict({})
302 context.visual = AttributeDict({})
303
303
304 # DB stored Visual Items
304 # DB stored Visual Items
305 context.visual.show_public_icon = str2bool(
305 context.visual.show_public_icon = str2bool(
306 rc_config.get('rhodecode_show_public_icon'))
306 rc_config.get('rhodecode_show_public_icon'))
307 context.visual.show_private_icon = str2bool(
307 context.visual.show_private_icon = str2bool(
308 rc_config.get('rhodecode_show_private_icon'))
308 rc_config.get('rhodecode_show_private_icon'))
309 context.visual.stylify_metatags = str2bool(
309 context.visual.stylify_metatags = str2bool(
310 rc_config.get('rhodecode_stylify_metatags'))
310 rc_config.get('rhodecode_stylify_metatags'))
311 context.visual.dashboard_items = safe_int(
311 context.visual.dashboard_items = safe_int(
312 rc_config.get('rhodecode_dashboard_items', 100))
312 rc_config.get('rhodecode_dashboard_items', 100))
313 context.visual.admin_grid_items = safe_int(
313 context.visual.admin_grid_items = safe_int(
314 rc_config.get('rhodecode_admin_grid_items', 100))
314 rc_config.get('rhodecode_admin_grid_items', 100))
315 context.visual.show_revision_number = str2bool(
315 context.visual.show_revision_number = str2bool(
316 rc_config.get('rhodecode_show_revision_number', True))
316 rc_config.get('rhodecode_show_revision_number', True))
317 context.visual.show_sha_length = safe_int(
317 context.visual.show_sha_length = safe_int(
318 rc_config.get('rhodecode_show_sha_length', 100))
318 rc_config.get('rhodecode_show_sha_length', 100))
319 context.visual.repository_fields = str2bool(
319 context.visual.repository_fields = str2bool(
320 rc_config.get('rhodecode_repository_fields'))
320 rc_config.get('rhodecode_repository_fields'))
321 context.visual.show_version = str2bool(
321 context.visual.show_version = str2bool(
322 rc_config.get('rhodecode_show_version'))
322 rc_config.get('rhodecode_show_version'))
323 context.visual.use_gravatar = str2bool(
323 context.visual.use_gravatar = str2bool(
324 rc_config.get('rhodecode_use_gravatar'))
324 rc_config.get('rhodecode_use_gravatar'))
325 context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')
325 context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')
326 context.visual.default_renderer = rc_config.get(
326 context.visual.default_renderer = rc_config.get(
327 'rhodecode_markup_renderer', 'rst')
327 'rhodecode_markup_renderer', 'rst')
328 context.visual.comment_types = ChangesetComment.COMMENT_TYPES
328 context.visual.comment_types = ChangesetComment.COMMENT_TYPES
329 context.visual.rhodecode_support_url = \
329 context.visual.rhodecode_support_url = \
330 rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')
330 rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')
331
331
332 context.visual.affected_files_cut_off = 60
332 context.visual.affected_files_cut_off = 60
333
333
334 context.pre_code = rc_config.get('rhodecode_pre_code')
334 context.pre_code = rc_config.get('rhodecode_pre_code')
335 context.post_code = rc_config.get('rhodecode_post_code')
335 context.post_code = rc_config.get('rhodecode_post_code')
336 context.rhodecode_name = rc_config.get('rhodecode_title')
336 context.rhodecode_name = rc_config.get('rhodecode_title')
337 context.default_encodings = aslist(config.get('default_encoding'), sep=',')
337 context.default_encodings = aslist(config.get('default_encoding'), sep=',')
338 # if we have specified default_encoding in the request, it has more
338 # if we have specified default_encoding in the request, it has more
339 # priority
339 # priority
340 if request.GET.get('default_encoding'):
340 if request.GET.get('default_encoding'):
341 context.default_encodings.insert(0, request.GET.get('default_encoding'))
341 context.default_encodings.insert(0, request.GET.get('default_encoding'))
342 context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')
342 context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')
343 context.clone_uri_ssh_tmpl = rc_config.get('rhodecode_clone_uri_ssh_tmpl')
343 context.clone_uri_ssh_tmpl = rc_config.get('rhodecode_clone_uri_ssh_tmpl')
344
344
345 # INI stored
345 # INI stored
346 context.labs_active = str2bool(
346 context.labs_active = str2bool(
347 config.get('labs_settings_active', 'false'))
347 config.get('labs_settings_active', 'false'))
348 context.ssh_enabled = str2bool(
348 context.ssh_enabled = str2bool(
349 config.get('ssh.generate_authorized_keyfile', 'false'))
349 config.get('ssh.generate_authorized_keyfile', 'false'))
350 context.ssh_key_generator_enabled = str2bool(
350 context.ssh_key_generator_enabled = str2bool(
351 config.get('ssh.enable_ui_key_generator', 'true'))
351 config.get('ssh.enable_ui_key_generator', 'true'))
352
352
353 context.visual.allow_repo_location_change = str2bool(
353 context.visual.allow_repo_location_change = str2bool(
354 config.get('allow_repo_location_change', True))
354 config.get('allow_repo_location_change', True))
355 context.visual.allow_custom_hooks_settings = str2bool(
355 context.visual.allow_custom_hooks_settings = str2bool(
356 config.get('allow_custom_hooks_settings', True))
356 config.get('allow_custom_hooks_settings', True))
357 context.debug_style = str2bool(config.get('debug_style', False))
357 context.debug_style = str2bool(config.get('debug_style', False))
358
358
359 context.rhodecode_instanceid = config.get('instance_id')
359 context.rhodecode_instanceid = config.get('instance_id')
360
360
361 context.visual.cut_off_limit_diff = safe_int(
361 context.visual.cut_off_limit_diff = safe_int(
362 config.get('cut_off_limit_diff'))
362 config.get('cut_off_limit_diff'))
363 context.visual.cut_off_limit_file = safe_int(
363 context.visual.cut_off_limit_file = safe_int(
364 config.get('cut_off_limit_file'))
364 config.get('cut_off_limit_file'))
365
365
366 context.license = AttributeDict({})
367 context.license.hide_license_info = str2bool(
368 config.get('license.hide_license_info', False))
369
366 # AppEnlight
370 # AppEnlight
367 context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))
371 context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))
368 context.appenlight_api_public_key = config.get(
372 context.appenlight_api_public_key = config.get(
369 'appenlight.api_public_key', '')
373 'appenlight.api_public_key', '')
370 context.appenlight_server_url = config.get('appenlight.server_url', '')
374 context.appenlight_server_url = config.get('appenlight.server_url', '')
371
375
372 diffmode = {
376 diffmode = {
373 "unified": "unified",
377 "unified": "unified",
374 "sideside": "sideside"
378 "sideside": "sideside"
375 }.get(request.GET.get('diffmode'))
379 }.get(request.GET.get('diffmode'))
376
380
377 is_api = hasattr(request, 'rpc_user')
381 is_api = hasattr(request, 'rpc_user')
378 session_attrs = {
382 session_attrs = {
379 # defaults
383 # defaults
380 "clone_url_format": "http",
384 "clone_url_format": "http",
381 "diffmode": "sideside"
385 "diffmode": "sideside"
382 }
386 }
383
387
384 if not is_api:
388 if not is_api:
385 # don't access pyramid session for API calls
389 # don't access pyramid session for API calls
386 if diffmode and diffmode != request.session.get('rc_user_session_attr.diffmode'):
390 if diffmode and diffmode != request.session.get('rc_user_session_attr.diffmode'):
387 request.session['rc_user_session_attr.diffmode'] = diffmode
391 request.session['rc_user_session_attr.diffmode'] = diffmode
388
392
389 # session settings per user
393 # session settings per user
390
394
391 for k, v in request.session.items():
395 for k, v in request.session.items():
392 pref = 'rc_user_session_attr.'
396 pref = 'rc_user_session_attr.'
393 if k and k.startswith(pref):
397 if k and k.startswith(pref):
394 k = k[len(pref):]
398 k = k[len(pref):]
395 session_attrs[k] = v
399 session_attrs[k] = v
396
400
397 context.user_session_attrs = session_attrs
401 context.user_session_attrs = session_attrs
398
402
399 # JS template context
403 # JS template context
400 context.template_context = {
404 context.template_context = {
401 'repo_name': None,
405 'repo_name': None,
402 'repo_type': None,
406 'repo_type': None,
403 'repo_landing_commit': None,
407 'repo_landing_commit': None,
404 'rhodecode_user': {
408 'rhodecode_user': {
405 'username': None,
409 'username': None,
406 'email': None,
410 'email': None,
407 'notification_status': False
411 'notification_status': False
408 },
412 },
409 'session_attrs': session_attrs,
413 'session_attrs': session_attrs,
410 'visual': {
414 'visual': {
411 'default_renderer': None
415 'default_renderer': None
412 },
416 },
413 'commit_data': {
417 'commit_data': {
414 'commit_id': None
418 'commit_id': None
415 },
419 },
416 'pull_request_data': {'pull_request_id': None},
420 'pull_request_data': {'pull_request_id': None},
417 'timeago': {
421 'timeago': {
418 'refresh_time': 120 * 1000,
422 'refresh_time': 120 * 1000,
419 'cutoff_limit': 1000 * 60 * 60 * 24 * 7
423 'cutoff_limit': 1000 * 60 * 60 * 24 * 7
420 },
424 },
421 'pyramid_dispatch': {
425 'pyramid_dispatch': {
422
426
423 },
427 },
424 'extra': {'plugins': {}}
428 'extra': {'plugins': {}}
425 }
429 }
426 # END CONFIG VARS
430 # END CONFIG VARS
427 if is_api:
431 if is_api:
428 csrf_token = None
432 csrf_token = None
429 else:
433 else:
430 csrf_token = auth.get_csrf_token(session=request.session)
434 csrf_token = auth.get_csrf_token(session=request.session)
431
435
432 context.csrf_token = csrf_token
436 context.csrf_token = csrf_token
433 context.backends = rhodecode.BACKENDS.keys()
437 context.backends = rhodecode.BACKENDS.keys()
434 context.backends.sort()
438 context.backends.sort()
435 unread_count = 0
439 unread_count = 0
436 user_bookmark_list = []
440 user_bookmark_list = []
437 if user_id:
441 if user_id:
438 unread_count = NotificationModel().get_unread_cnt_for_user(user_id)
442 unread_count = NotificationModel().get_unread_cnt_for_user(user_id)
439 user_bookmark_list = UserBookmark.get_bookmarks_for_user(user_id)
443 user_bookmark_list = UserBookmark.get_bookmarks_for_user(user_id)
440 context.unread_notifications = unread_count
444 context.unread_notifications = unread_count
441 context.bookmark_items = user_bookmark_list
445 context.bookmark_items = user_bookmark_list
442
446
443 # web case
447 # web case
444 if hasattr(request, 'user'):
448 if hasattr(request, 'user'):
445 context.auth_user = request.user
449 context.auth_user = request.user
446 context.rhodecode_user = request.user
450 context.rhodecode_user = request.user
447
451
448 # api case
452 # api case
449 if hasattr(request, 'rpc_user'):
453 if hasattr(request, 'rpc_user'):
450 context.auth_user = request.rpc_user
454 context.auth_user = request.rpc_user
451 context.rhodecode_user = request.rpc_user
455 context.rhodecode_user = request.rpc_user
452
456
453 # attach the whole call context to the request
457 # attach the whole call context to the request
454 request.call_context = context
458 request.call_context = context
455
459
456
460
457 def get_auth_user(request):
461 def get_auth_user(request):
458 environ = request.environ
462 environ = request.environ
459 session = request.session
463 session = request.session
460
464
461 ip_addr = get_ip_addr(environ)
465 ip_addr = get_ip_addr(environ)
462
466
463 # make sure that we update permissions each time we call controller
467 # make sure that we update permissions each time we call controller
464 _auth_token = (request.GET.get('auth_token', '') or request.GET.get('api_key', ''))
468 _auth_token = (request.GET.get('auth_token', '') or request.GET.get('api_key', ''))
465 if not _auth_token:
469 if not _auth_token:
466 url_auth_token = request.matchdict.get('_auth_token')
470 url_auth_token = request.matchdict.get('_auth_token')
467 _auth_token = url_auth_token
471 _auth_token = url_auth_token
468 if _auth_token:
472 if _auth_token:
469 log.debug('Using URL extracted auth token `...%s`', _auth_token[-4:])
473 log.debug('Using URL extracted auth token `...%s`', _auth_token[-4:])
470
474
471 if _auth_token:
475 if _auth_token:
472 # when using API_KEY we assume user exists, and
476 # when using API_KEY we assume user exists, and
473 # doesn't need auth based on cookies.
477 # doesn't need auth based on cookies.
474 auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)
478 auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)
475 authenticated = False
479 authenticated = False
476 else:
480 else:
477 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
481 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
478 try:
482 try:
479 auth_user = AuthUser(user_id=cookie_store.get('user_id', None),
483 auth_user = AuthUser(user_id=cookie_store.get('user_id', None),
480 ip_addr=ip_addr)
484 ip_addr=ip_addr)
481 except UserCreationError as e:
485 except UserCreationError as e:
482 h.flash(e, 'error')
486 h.flash(e, 'error')
483 # container auth or other auth functions that create users
487 # container auth or other auth functions that create users
484 # on the fly can throw this exception signaling that there's
488 # on the fly can throw this exception signaling that there's
485 # issue with user creation, explanation should be provided
489 # issue with user creation, explanation should be provided
486 # in Exception itself. We then create a simple blank
490 # in Exception itself. We then create a simple blank
487 # AuthUser
491 # AuthUser
488 auth_user = AuthUser(ip_addr=ip_addr)
492 auth_user = AuthUser(ip_addr=ip_addr)
489
493
490 # in case someone changes a password for user it triggers session
494 # in case someone changes a password for user it triggers session
491 # flush and forces a re-login
495 # flush and forces a re-login
492 if password_changed(auth_user, session):
496 if password_changed(auth_user, session):
493 session.invalidate()
497 session.invalidate()
494 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
498 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
495 auth_user = AuthUser(ip_addr=ip_addr)
499 auth_user = AuthUser(ip_addr=ip_addr)
496
500
497 authenticated = cookie_store.get('is_authenticated')
501 authenticated = cookie_store.get('is_authenticated')
498
502
499 if not auth_user.is_authenticated and auth_user.is_user_object:
503 if not auth_user.is_authenticated and auth_user.is_user_object:
500 # user is not authenticated and not empty
504 # user is not authenticated and not empty
501 auth_user.set_authenticated(authenticated)
505 auth_user.set_authenticated(authenticated)
502
506
503 return auth_user, _auth_token
507 return auth_user, _auth_token
504
508
505
509
506 def h_filter(s):
510 def h_filter(s):
507 """
511 """
508 Custom filter for Mako templates. Mako by standard uses `markupsafe.escape`
512 Custom filter for Mako templates. Mako by standard uses `markupsafe.escape`
509 we wrap this with additional functionality that converts None to empty
513 we wrap this with additional functionality that converts None to empty
510 strings
514 strings
511 """
515 """
512 if s is None:
516 if s is None:
513 return markupsafe.Markup()
517 return markupsafe.Markup()
514 return markupsafe.escape(s)
518 return markupsafe.escape(s)
515
519
516
520
517 def add_events_routes(config):
521 def add_events_routes(config):
518 """
522 """
519 Adds routing that can be used in events. Because some events are triggered
523 Adds routing that can be used in events. Because some events are triggered
520 outside of pyramid context, we need to bootstrap request with some
524 outside of pyramid context, we need to bootstrap request with some
521 routing registered
525 routing registered
522 """
526 """
523
527
524 from rhodecode.apps._base import ADMIN_PREFIX
528 from rhodecode.apps._base import ADMIN_PREFIX
525
529
526 config.add_route(name='home', pattern='/')
530 config.add_route(name='home', pattern='/')
527
531
528 config.add_route(name='login', pattern=ADMIN_PREFIX + '/login')
532 config.add_route(name='login', pattern=ADMIN_PREFIX + '/login')
529 config.add_route(name='logout', pattern=ADMIN_PREFIX + '/logout')
533 config.add_route(name='logout', pattern=ADMIN_PREFIX + '/logout')
530 config.add_route(name='repo_summary', pattern='/{repo_name}')
534 config.add_route(name='repo_summary', pattern='/{repo_name}')
531 config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')
535 config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')
532 config.add_route(name='repo_group_home', pattern='/{repo_group_name}')
536 config.add_route(name='repo_group_home', pattern='/{repo_group_name}')
533
537
534 config.add_route(name='pullrequest_show',
538 config.add_route(name='pullrequest_show',
535 pattern='/{repo_name}/pull-request/{pull_request_id}')
539 pattern='/{repo_name}/pull-request/{pull_request_id}')
536 config.add_route(name='pull_requests_global',
540 config.add_route(name='pull_requests_global',
537 pattern='/pull-request/{pull_request_id}')
541 pattern='/pull-request/{pull_request_id}')
538 config.add_route(name='repo_commit',
542 config.add_route(name='repo_commit',
539 pattern='/{repo_name}/changeset/{commit_id}')
543 pattern='/{repo_name}/changeset/{commit_id}')
540
544
541 config.add_route(name='repo_files',
545 config.add_route(name='repo_files',
542 pattern='/{repo_name}/files/{commit_id}/{f_path}')
546 pattern='/{repo_name}/files/{commit_id}/{f_path}')
543
547
544
548
545 def bootstrap_config(request):
549 def bootstrap_config(request):
546 import pyramid.testing
550 import pyramid.testing
547 registry = pyramid.testing.Registry('RcTestRegistry')
551 registry = pyramid.testing.Registry('RcTestRegistry')
548
552
549 config = pyramid.testing.setUp(registry=registry, request=request)
553 config = pyramid.testing.setUp(registry=registry, request=request)
550
554
551 # allow pyramid lookup in testing
555 # allow pyramid lookup in testing
552 config.include('pyramid_mako')
556 config.include('pyramid_mako')
553 config.include('rhodecode.lib.rc_beaker')
557 config.include('rhodecode.lib.rc_beaker')
554 config.include('rhodecode.lib.rc_cache')
558 config.include('rhodecode.lib.rc_cache')
555
559
556 add_events_routes(config)
560 add_events_routes(config)
557
561
558 return config
562 return config
559
563
560
564
561 def bootstrap_request(**kwargs):
565 def bootstrap_request(**kwargs):
562 import pyramid.testing
566 import pyramid.testing
563
567
564 class TestRequest(pyramid.testing.DummyRequest):
568 class TestRequest(pyramid.testing.DummyRequest):
565 application_url = kwargs.pop('application_url', 'http://example.com')
569 application_url = kwargs.pop('application_url', 'http://example.com')
566 host = kwargs.pop('host', 'example.com:80')
570 host = kwargs.pop('host', 'example.com:80')
567 domain = kwargs.pop('domain', 'example.com')
571 domain = kwargs.pop('domain', 'example.com')
568
572
569 def translate(self, msg):
573 def translate(self, msg):
570 return msg
574 return msg
571
575
572 def plularize(self, singular, plural, n):
576 def plularize(self, singular, plural, n):
573 return singular
577 return singular
574
578
575 def get_partial_renderer(self, tmpl_name):
579 def get_partial_renderer(self, tmpl_name):
576
580
577 from rhodecode.lib.partial_renderer import get_partial_renderer
581 from rhodecode.lib.partial_renderer import get_partial_renderer
578 return get_partial_renderer(request=self, tmpl_name=tmpl_name)
582 return get_partial_renderer(request=self, tmpl_name=tmpl_name)
579
583
580 _call_context = TemplateArgs()
584 _call_context = TemplateArgs()
581 _call_context.visual = TemplateArgs()
585 _call_context.visual = TemplateArgs()
582 _call_context.visual.show_sha_length = 12
586 _call_context.visual.show_sha_length = 12
583 _call_context.visual.show_revision_number = True
587 _call_context.visual.show_revision_number = True
584
588
585 @property
589 @property
586 def call_context(self):
590 def call_context(self):
587 return self._call_context
591 return self._call_context
588
592
589 class TestDummySession(pyramid.testing.DummySession):
593 class TestDummySession(pyramid.testing.DummySession):
590 def save(*arg, **kw):
594 def save(*arg, **kw):
591 pass
595 pass
592
596
593 request = TestRequest(**kwargs)
597 request = TestRequest(**kwargs)
594 request.session = TestDummySession()
598 request.session = TestDummySession()
595
599
596 return request
600 return request
597
601
General Comments 0
You need to be logged in to leave comments. Login now