##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
license: added a flag to allow hidding license info.
marcink -
r4006:1e9547aa default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,739 +1,742 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 5 ################################################################################
6 6
7 7 [DEFAULT]
8 8 ## Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = true
10 10
11 11 ################################################################################
12 12 ## EMAIL CONFIGURATION ##
13 13 ## Uncomment and replace with the email address which should receive ##
14 14 ## any error reports after an application crash ##
15 15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 16 ################################################################################
17 17
18 18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 19 #email_prefix = [RhodeCode]
20 20
21 21 ## email FROM address all mails will be sent
22 22 #app_email_from = rhodecode-noreply@localhost
23 23
24 24 #smtp_server = mail.server.com
25 25 #smtp_username =
26 26 #smtp_password =
27 27 #smtp_port =
28 28 #smtp_use_tls = false
29 29 #smtp_use_ssl = true
30 30
31 31 [server:main]
32 32 ## COMMON ##
33 33 host = 127.0.0.1
34 34 port = 5000
35 35
36 36 ###########################################################
37 37 ## WAITRESS WSGI SERVER - Recommended for Development ####
38 38 ###########################################################
39 39
40 40 use = egg:waitress#main
41 41 ## number of worker threads
42 42 threads = 5
43 43 ## MAX BODY SIZE 100GB
44 44 max_request_body_size = 107374182400
45 45 ## Use poll instead of select, fixes file descriptors limits problems.
46 46 ## May not work on old windows systems.
47 47 asyncore_use_poll = true
48 48
49 49
50 50 ##########################
51 51 ## GUNICORN WSGI SERVER ##
52 52 ##########################
53 53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
54 54
55 55 #use = egg:gunicorn#main
56 56 ## Sets the number of process workers. More workers means more concurrent connections
57 57 ## RhodeCode can handle at the same time. Each additional worker also it increases
58 58 ## memory usage as each has it's own set of caches.
59 59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
60 60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
61 61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
62 62 ## when using more than 1 worker.
63 63 #workers = 2
64 64 ## process name visible in process list
65 65 #proc_name = rhodecode
66 66 ## type of worker class, one of sync, gevent
67 67 ## recommended for bigger setup is using of of other than sync one
68 68 #worker_class = gevent
69 69 ## The maximum number of simultaneous clients. Valid only for Gevent
70 70 #worker_connections = 10
71 71 ## max number of requests that worker will handle before being gracefully
72 72 ## restarted, could prevent memory leaks
73 73 #max_requests = 1000
74 74 #max_requests_jitter = 30
75 75 ## amount of time a worker can spend with handling a request before it
76 76 ## gets killed and restarted. Set to 6hrs
77 77 #timeout = 21600
78 78
79 79
80 80 ## prefix middleware for RhodeCode.
81 81 ## recommended when using proxy setup.
82 82 ## allows to set RhodeCode under a prefix in server.
83 83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
84 84 ## And set your prefix like: `prefix = /custom_prefix`
85 85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
86 86 ## to make your cookies only work on prefix url
87 87 [filter:proxy-prefix]
88 88 use = egg:PasteDeploy#prefix
89 89 prefix = /
90 90
91 91 [app:main]
92 92 ## The %(here)s variable will be replaced with the absolute path of parent directory
93 93 ## of this file
94 94 ## In addition ENVIRONMENT variables usage is possible, e.g
95 95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
96 96
97 97 use = egg:rhodecode-enterprise-ce
98 98
99 99 ## enable proxy prefix middleware, defined above
100 100 #filter-with = proxy-prefix
101 101
102 102 # During development the we want to have the debug toolbar enabled
103 103 pyramid.includes =
104 104 pyramid_debugtoolbar
105 105 rhodecode.lib.middleware.request_wrapper
106 106
107 107 pyramid.reload_templates = true
108 108
109 109 debugtoolbar.hosts = 0.0.0.0/0
110 110 debugtoolbar.exclude_prefixes =
111 111 /css
112 112 /fonts
113 113 /images
114 114 /js
115 115
116 116 ## RHODECODE PLUGINS ##
117 117 rhodecode.includes =
118 118 rhodecode.api
119 119
120 120
121 121 # api prefix url
122 122 rhodecode.api.url = /_admin/api
123 123
124 124
125 125 ## END RHODECODE PLUGINS ##
126 126
127 127 ## encryption key used to encrypt social plugin tokens,
128 128 ## remote_urls with credentials etc, if not set it defaults to
129 129 ## `beaker.session.secret`
130 130 #rhodecode.encrypted_values.secret =
131 131
132 132 ## decryption strict mode (enabled by default). It controls if decryption raises
133 133 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
134 134 #rhodecode.encrypted_values.strict = false
135 135
136 136 ## Pick algorithm for encryption. Either fernet (more secure) or aes (default)
137 137 ## fernet is safer, and we strongly recommend switching to it.
138 138 ## Due to backward compatibility aes is used as default.
139 139 #rhodecode.encrypted_values.algorithm = fernet
140 140
141 141 ## return gzipped responses from RhodeCode (static files/application)
142 142 gzip_responses = false
143 143
144 144 ## auto-generate javascript routes file on startup
145 145 generate_js_files = false
146 146
147 147 ## System global default language.
148 148 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
149 149 lang = en
150 150
151 151 ## Perform a full repository scan and import on each server start.
152 152 ## Settings this to true could lead to very long startup time.
153 153 startup.import_repos = false
154 154
155 155 ## Uncomment and set this path to use archive download cache.
156 156 ## Once enabled, generated archives will be cached at this location
157 157 ## and served from the cache during subsequent requests for the same archive of
158 158 ## the repository.
159 159 #archive_cache_dir = /tmp/tarballcache
160 160
161 161 ## URL at which the application is running. This is used for Bootstrapping
162 162 ## requests in context when no web request is available. Used in ishell, or
163 163 ## SSH calls. Set this for events to receive proper url for SSH calls.
164 164 app.base_url = http://rhodecode.local
165 165
166 166 ## Unique application ID. Should be a random unique string for security.
167 167 app_instance_uuid = rc-production
168 168
169 169 ## Cut off limit for large diffs (size in bytes). If overall diff size on
170 170 ## commit, or pull request exceeds this limit this diff will be displayed
171 171 ## partially. E.g 512000 == 512Kb
172 172 cut_off_limit_diff = 512000
173 173
174 174 ## Cut off limit for large files inside diffs (size in bytes). Each individual
175 175 ## file inside diff which exceeds this limit will be displayed partially.
176 176 ## E.g 128000 == 128Kb
177 177 cut_off_limit_file = 128000
178 178
179 179 ## use cached version of vcs repositories everywhere. Recommended to be `true`
180 180 vcs_full_cache = true
181 181
182 182 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
183 183 ## Normally this is controlled by proper http flags sent from http server
184 184 force_https = false
185 185
186 186 ## use Strict-Transport-Security headers
187 187 use_htsts = false
188 188
189 189 # Set to true if your repos are exposed using the dumb protocol
190 190 git_update_server_info = false
191 191
192 192 ## RSS/ATOM feed options
193 193 rss_cut_off_limit = 256000
194 194 rss_items_per_page = 10
195 195 rss_include_diff = false
196 196
197 197 ## gist URL alias, used to create nicer urls for gist. This should be an
198 198 ## url that does rewrites to _admin/gists/{gistid}.
199 199 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
200 200 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
201 201 gist_alias_url =
202 202
203 203 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
204 204 ## used for access.
205 205 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
206 206 ## came from the the logged in user who own this authentication token.
207 207 ## Additionally @TOKEN syntax can be used to bound the view to specific
208 208 ## authentication token. Such view would be only accessible when used together
209 209 ## with this authentication token
210 210 ##
211 211 ## list of all views can be found under `/_admin/permissions/auth_token_access`
212 212 ## The list should be "," separated and on a single line.
213 213 ##
214 214 ## Most common views to enable:
215 215 # RepoCommitsView:repo_commit_download
216 216 # RepoCommitsView:repo_commit_patch
217 217 # RepoCommitsView:repo_commit_raw
218 218 # RepoCommitsView:repo_commit_raw@TOKEN
219 219 # RepoFilesView:repo_files_diff
220 220 # RepoFilesView:repo_archivefile
221 221 # RepoFilesView:repo_file_raw
222 222 # GistView:*
223 223 api_access_controllers_whitelist =
224 224
225 225 ## Default encoding used to convert from and to unicode
226 226 ## can be also a comma separated list of encoding in case of mixed encodings
227 227 default_encoding = UTF-8
228 228
229 229 ## instance-id prefix
230 230 ## a prefix key for this instance used for cache invalidation when running
231 231 ## multiple instances of RhodeCode, make sure it's globally unique for
232 232 ## all running RhodeCode instances. Leave empty if you don't use it
233 233 instance_id =
234 234
235 235 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
236 236 ## of an authentication plugin also if it is disabled by it's settings.
237 237 ## This could be useful if you are unable to log in to the system due to broken
238 238 ## authentication settings. Then you can enable e.g. the internal RhodeCode auth
239 239 ## module to log in again and fix the settings.
240 240 ##
241 241 ## Available builtin plugin IDs (hash is part of the ID):
242 242 ## egg:rhodecode-enterprise-ce#rhodecode
243 243 ## egg:rhodecode-enterprise-ce#pam
244 244 ## egg:rhodecode-enterprise-ce#ldap
245 245 ## egg:rhodecode-enterprise-ce#jasig_cas
246 246 ## egg:rhodecode-enterprise-ce#headers
247 247 ## egg:rhodecode-enterprise-ce#crowd
248 248 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
249 249
250 250 ## alternative return HTTP header for failed authentication. Default HTTP
251 251 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
252 252 ## handling that causing a series of failed authentication calls.
253 253 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
254 254 ## This will be served instead of default 401 on bad authentication
255 255 auth_ret_code =
256 256
257 257 ## use special detection method when serving auth_ret_code, instead of serving
258 258 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
259 259 ## and then serve auth_ret_code to clients
260 260 auth_ret_code_detection = false
261 261
262 262 ## locking return code. When repository is locked return this HTTP code. 2XX
263 263 ## codes don't break the transactions while 4XX codes do
264 264 lock_ret_code = 423
265 265
266 266 ## allows to change the repository location in settings page
267 267 allow_repo_location_change = true
268 268
269 269 ## allows to setup custom hooks in settings page
270 270 allow_custom_hooks_settings = true
271 271
272 272 ## Generated license token required for EE edition license.
273 273 ## New generated token value can be found in Admin > settings > license page.
274 274 license_token =
275 275
276 ## This flag would hide sensitive information on the license page
277 license.hide_license_info = false
278
276 279 ## supervisor connection uri, for managing supervisor and logs.
277 280 supervisor.uri =
278 281 ## supervisord group name/id we only want this RC instance to handle
279 282 supervisor.group_id = dev
280 283
281 284 ## Display extended labs settings
282 285 labs_settings_active = true
283 286
284 287 ## Custom exception store path, defaults to TMPDIR
285 288 ## This is used to store exception from RhodeCode in shared directory
286 289 #exception_tracker.store_path =
287 290
288 291 ## File store configuration. This is used to store and serve uploaded files
289 292 file_store.enabled = true
290 293 ## Storage backend, available options are: local
291 294 file_store.backend = local
292 295 ## path to store the uploaded binaries
293 296 file_store.storage_path = %(here)s/data/file_store
294 297
295 298
296 299 ####################################
297 300 ### CELERY CONFIG ####
298 301 ####################################
299 302 ## run: /path/to/celery worker \
300 303 ## -E --beat --app rhodecode.lib.celerylib.loader \
301 304 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
302 305 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
303 306
304 307 use_celery = false
305 308
306 309 ## connection url to the message broker (default redis)
307 310 celery.broker_url = redis://localhost:6379/8
308 311
309 312 ## rabbitmq example
310 313 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
311 314
312 315 ## maximum tasks to execute before worker restart
313 316 celery.max_tasks_per_child = 100
314 317
315 318 ## tasks will never be sent to the queue, but executed locally instead.
316 319 celery.task_always_eager = false
317 320
318 321 #####################################
319 322 ### DOGPILE CACHE ####
320 323 #####################################
321 324 ## Default cache dir for caches. Putting this into a ramdisk
322 325 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
323 326 ## large amount of space
324 327 cache_dir = %(here)s/data
325 328
326 329 ## `cache_perms` cache settings for permission tree, auth TTL.
327 330 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
328 331 rc_cache.cache_perms.expiration_time = 300
329 332
330 333 ## alternative `cache_perms` redis backend with distributed lock
331 334 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
332 335 #rc_cache.cache_perms.expiration_time = 300
333 336 ## redis_expiration_time needs to be greater then expiration_time
334 337 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
335 338 #rc_cache.cache_perms.arguments.socket_timeout = 30
336 339 #rc_cache.cache_perms.arguments.host = localhost
337 340 #rc_cache.cache_perms.arguments.port = 6379
338 341 #rc_cache.cache_perms.arguments.db = 0
339 342 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
340 343 #rc_cache.cache_perms.arguments.distributed_lock = true
341 344
342 345 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
343 346 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
344 347 rc_cache.cache_repo.expiration_time = 2592000
345 348
346 349 ## alternative `cache_repo` redis backend with distributed lock
347 350 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
348 351 #rc_cache.cache_repo.expiration_time = 2592000
349 352 ## redis_expiration_time needs to be greater then expiration_time
350 353 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
351 354 #rc_cache.cache_repo.arguments.socket_timeout = 30
352 355 #rc_cache.cache_repo.arguments.host = localhost
353 356 #rc_cache.cache_repo.arguments.port = 6379
354 357 #rc_cache.cache_repo.arguments.db = 1
355 358 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
356 359 #rc_cache.cache_repo.arguments.distributed_lock = true
357 360
358 361 ## cache settings for SQL queries, this needs to use memory type backend
359 362 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
360 363 rc_cache.sql_cache_short.expiration_time = 30
361 364
362 365 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
363 366 ## type backend as the objects kept are not pickle serializable
364 367 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
365 368 ## by default we use 96H, this is using invalidation on push anyway
366 369 rc_cache.cache_repo_longterm.expiration_time = 345600
367 370 ## max items in LRU cache, reduce this number to save memory, and expire last used
368 371 ## cached objects
369 372 rc_cache.cache_repo_longterm.max_size = 10000
370 373
371 374
372 375 ####################################
373 376 ### BEAKER SESSION ####
374 377 ####################################
375 378
376 379 ## .session.type is type of storage options for the session, current allowed
377 380 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
378 381 beaker.session.type = file
379 382 beaker.session.data_dir = %(here)s/data/sessions
380 383
381 384 ## redis sessions
382 385 #beaker.session.type = ext:redis
383 386 #beaker.session.url = redis://127.0.0.1:6379/2
384 387
385 388 ## db based session, fast, and allows easy management over logged in users
386 389 #beaker.session.type = ext:database
387 390 #beaker.session.table_name = db_session
388 391 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
389 392 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
390 393 #beaker.session.sa.pool_recycle = 3600
391 394 #beaker.session.sa.echo = false
392 395
393 396 beaker.session.key = rhodecode
394 397 beaker.session.secret = develop-rc-uytcxaz
395 398 beaker.session.lock_dir = %(here)s/data/sessions/lock
396 399
397 400 ## Secure encrypted cookie. Requires AES and AES python libraries
398 401 ## you must disable beaker.session.secret to use this
399 402 #beaker.session.encrypt_key = key_for_encryption
400 403 #beaker.session.validate_key = validation_key
401 404
402 405 ## sets session as invalid(also logging out user) if it haven not been
403 406 ## accessed for given amount of time in seconds
404 407 beaker.session.timeout = 2592000
405 408 beaker.session.httponly = true
406 409 ## Path to use for the cookie. Set to prefix if you use prefix middleware
407 410 #beaker.session.cookie_path = /custom_prefix
408 411
409 412 ## uncomment for https secure cookie
410 413 beaker.session.secure = false
411 414
412 415 ## auto save the session to not to use .save()
413 416 beaker.session.auto = false
414 417
415 418 ## default cookie expiration time in seconds, set to `true` to set expire
416 419 ## at browser close
417 420 #beaker.session.cookie_expires = 3600
418 421
419 422 ###################################
420 423 ## SEARCH INDEXING CONFIGURATION ##
421 424 ###################################
422 425 ## Full text search indexer is available in rhodecode-tools under
423 426 ## `rhodecode-tools index` command
424 427
425 428 ## WHOOSH Backend, doesn't require additional services to run
426 429 ## it works good with few dozen repos
427 430 search.module = rhodecode.lib.index.whoosh
428 431 search.location = %(here)s/data/index
429 432
430 433 ########################################
431 434 ### CHANNELSTREAM CONFIG ####
432 435 ########################################
433 436 ## channelstream enables persistent connections and live notification
434 437 ## in the system. It's also used by the chat system
435 438
436 439 channelstream.enabled = false
437 440
438 441 ## server address for channelstream server on the backend
439 442 channelstream.server = 127.0.0.1:9800
440 443
441 444 ## location of the channelstream server from outside world
442 445 ## use ws:// for http or wss:// for https. This address needs to be handled
443 446 ## by external HTTP server such as Nginx or Apache
444 447 ## see Nginx/Apache configuration examples in our docs
445 448 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
446 449 channelstream.secret = secret
447 450 channelstream.history.location = %(here)s/channelstream_history
448 451
449 452 ## Internal application path that Javascript uses to connect into.
450 453 ## If you use proxy-prefix the prefix should be added before /_channelstream
451 454 channelstream.proxy_path = /_channelstream
452 455
453 456
454 457 ###################################
455 458 ## APPENLIGHT CONFIG ##
456 459 ###################################
457 460
458 461 ## Appenlight is tailored to work with RhodeCode, see
459 462 ## http://appenlight.com for details how to obtain an account
460 463
461 464 ## Appenlight integration enabled
462 465 appenlight = false
463 466
464 467 appenlight.server_url = https://api.appenlight.com
465 468 appenlight.api_key = YOUR_API_KEY
466 469 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
467 470
468 471 ## used for JS client
469 472 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
470 473
471 474 ## TWEAK AMOUNT OF INFO SENT HERE
472 475
473 476 ## enables 404 error logging (default False)
474 477 appenlight.report_404 = false
475 478
476 479 ## time in seconds after request is considered being slow (default 1)
477 480 appenlight.slow_request_time = 1
478 481
479 482 ## record slow requests in application
480 483 ## (needs to be enabled for slow datastore recording and time tracking)
481 484 appenlight.slow_requests = true
482 485
483 486 ## enable hooking to application loggers
484 487 appenlight.logging = true
485 488
486 489 ## minimum log level for log capture
487 490 appenlight.logging.level = WARNING
488 491
489 492 ## send logs only from erroneous/slow requests
490 493 ## (saves API quota for intensive logging)
491 494 appenlight.logging_on_error = false
492 495
493 496 ## list of additional keywords that should be grabbed from environ object
494 497 ## can be string with comma separated list of words in lowercase
495 498 ## (by default client will always send following info:
496 499 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
497 500 ## start with HTTP* this list be extended with additional keywords here
498 501 appenlight.environ_keys_whitelist =
499 502
500 503 ## list of keywords that should be blanked from request object
501 504 ## can be string with comma separated list of words in lowercase
502 505 ## (by default client will always blank keys that contain following words
503 506 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
504 507 ## this list be extended with additional keywords set here
505 508 appenlight.request_keys_blacklist =
506 509
507 510 ## list of namespaces that should be ignores when gathering log entries
508 511 ## can be string with comma separated list of namespaces
509 512 ## (by default the client ignores own entries: appenlight_client.client)
510 513 appenlight.log_namespace_blacklist =
511 514
512 515 # enable debug style page
513 516 debug_style = true
514 517
515 518 ###########################################
516 519 ### MAIN RHODECODE DATABASE CONFIG ###
517 520 ###########################################
518 521 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
519 522 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
520 523 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
521 524 # pymysql is an alternative driver for MySQL, use in case of problems with default one
522 525 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
523 526
524 527 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
525 528
526 529 # see sqlalchemy docs for other advanced settings
527 530
528 531 ## print the sql statements to output
529 532 sqlalchemy.db1.echo = false
530 533 ## recycle the connections after this amount of seconds
531 534 sqlalchemy.db1.pool_recycle = 3600
532 535
533 536 ## the number of connections to keep open inside the connection pool.
534 537 ## 0 indicates no limit
535 538 #sqlalchemy.db1.pool_size = 5
536 539
537 540 ## the number of connections to allow in connection pool "overflow", that is
538 541 ## connections that can be opened above and beyond the pool_size setting,
539 542 ## which defaults to five.
540 543 #sqlalchemy.db1.max_overflow = 10
541 544
542 545 ## Connection check ping, used to detect broken database connections
543 546 ## could be enabled to better handle cases if MySQL has gone away errors
544 547 #sqlalchemy.db1.ping_connection = true
545 548
546 549 ##################
547 550 ### VCS CONFIG ###
548 551 ##################
549 552 vcs.server.enable = true
550 553 vcs.server = localhost:9900
551 554
552 555 ## Web server connectivity protocol, responsible for web based VCS operations
553 556 ## Available protocols are:
554 557 ## `http` - use http-rpc backend (default)
555 558 vcs.server.protocol = http
556 559
557 560 ## Push/Pull operations protocol, available options are:
558 561 ## `http` - use http-rpc backend (default)
559 562 vcs.scm_app_implementation = http
560 563
561 564 ## Push/Pull operations hooks protocol, available options are:
562 565 ## `http` - use http-rpc backend (default)
563 566 vcs.hooks.protocol = http
564 567
565 568 ## Host on which this instance is listening for hooks. If vcsserver is in other location
566 569 ## this should be adjusted.
567 570 vcs.hooks.host = 127.0.0.1
568 571
569 572 vcs.server.log_level = debug
570 573 ## Start VCSServer with this instance as a subprocess, useful for development
571 574 vcs.start_server = false
572 575
573 576 ## List of enabled VCS backends, available options are:
574 577 ## `hg` - mercurial
575 578 ## `git` - git
576 579 ## `svn` - subversion
577 580 vcs.backends = hg, git, svn
578 581
579 582 vcs.connection_timeout = 3600
580 583 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
581 584 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
582 585 #vcs.svn.compatible_version = pre-1.8-compatible
583 586
584 587
585 588 ############################################################
586 589 ### Subversion proxy support (mod_dav_svn) ###
587 590 ### Maps RhodeCode repo groups into SVN paths for Apache ###
588 591 ############################################################
589 592 ## Enable or disable the config file generation.
590 593 svn.proxy.generate_config = false
591 594 ## Generate config file with `SVNListParentPath` set to `On`.
592 595 svn.proxy.list_parent_path = true
593 596 ## Set location and file name of generated config file.
594 597 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
595 598 ## alternative mod_dav config template. This needs to be a mako template
596 599 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
597 600 ## Used as a prefix to the `Location` block in the generated config file.
598 601 ## In most cases it should be set to `/`.
599 602 svn.proxy.location_root = /
600 603 ## Command to reload the mod dav svn configuration on change.
601 604 ## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
602 605 ## Make sure user who runs RhodeCode process is allowed to reload Apache
603 606 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
604 607 ## If the timeout expires before the reload command finishes, the command will
605 608 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
606 609 #svn.proxy.reload_timeout = 10
607 610
608 611 ############################################################
609 612 ### SSH Support Settings ###
610 613 ############################################################
611 614
612 615 ## Defines if a custom authorized_keys file should be created and written on
613 616 ## any change user ssh keys. Setting this to false also disables possibility
614 617 ## of adding SSH keys by users from web interface. Super admins can still
615 618 ## manage SSH Keys.
616 619 ssh.generate_authorized_keyfile = false
617 620
618 621 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
619 622 # ssh.authorized_keys_ssh_opts =
620 623
621 624 ## Path to the authorized_keys file where the generate entries are placed.
622 625 ## It is possible to have multiple key files specified in `sshd_config` e.g.
623 626 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
624 627 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
625 628
626 629 ## Command to execute the SSH wrapper. The binary is available in the
627 630 ## RhodeCode installation directory.
628 631 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
629 632 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
630 633
631 634 ## Allow shell when executing the ssh-wrapper command
632 635 ssh.wrapper_cmd_allow_shell = false
633 636
634 637 ## Enables logging, and detailed output send back to the client during SSH
635 638 ## operations. Useful for debugging, shouldn't be used in production.
636 639 ssh.enable_debug_logging = true
637 640
638 641 ## Paths to binary executable, by default they are the names, but we can
639 642 ## override them if we want to use a custom one
640 643 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
641 644 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
642 645 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
643 646
644 647 ## Enables SSH key generator web interface. Disabling this still allows users
645 648 ## to add their own keys.
646 649 ssh.enable_ui_key_generator = true
647 650
648 651
649 652 ## Dummy marker to add new entries after.
650 653 ## Add any custom entries below. Please don't remove.
651 654 custom.conf = 1
652 655
653 656
654 657 ################################
655 658 ### LOGGING CONFIGURATION ####
656 659 ################################
657 660 [loggers]
658 661 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
659 662
660 663 [handlers]
661 664 keys = console, console_sql
662 665
663 666 [formatters]
664 667 keys = generic, color_formatter, color_formatter_sql
665 668
666 669 #############
667 670 ## LOGGERS ##
668 671 #############
669 672 [logger_root]
670 673 level = NOTSET
671 674 handlers = console
672 675
673 676 [logger_sqlalchemy]
674 677 level = INFO
675 678 handlers = console_sql
676 679 qualname = sqlalchemy.engine
677 680 propagate = 0
678 681
679 682 [logger_beaker]
680 683 level = DEBUG
681 684 handlers =
682 685 qualname = beaker.container
683 686 propagate = 1
684 687
685 688 [logger_rhodecode]
686 689 level = DEBUG
687 690 handlers =
688 691 qualname = rhodecode
689 692 propagate = 1
690 693
691 694 [logger_ssh_wrapper]
692 695 level = DEBUG
693 696 handlers =
694 697 qualname = ssh_wrapper
695 698 propagate = 1
696 699
697 700 [logger_celery]
698 701 level = DEBUG
699 702 handlers =
700 703 qualname = celery
701 704
702 705
703 706 ##############
704 707 ## HANDLERS ##
705 708 ##############
706 709
707 710 [handler_console]
708 711 class = StreamHandler
709 712 args = (sys.stderr, )
710 713 level = DEBUG
711 714 formatter = color_formatter
712 715
713 716 [handler_console_sql]
714 717 # "level = DEBUG" logs SQL queries and results.
715 718 # "level = INFO" logs SQL queries.
716 719 # "level = WARN" logs neither. (Recommended for production systems.)
717 720 class = StreamHandler
718 721 args = (sys.stderr, )
719 722 level = WARN
720 723 formatter = color_formatter_sql
721 724
722 725 ################
723 726 ## FORMATTERS ##
724 727 ################
725 728
726 729 [formatter_generic]
727 730 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
728 731 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
729 732 datefmt = %Y-%m-%d %H:%M:%S
730 733
731 734 [formatter_color_formatter]
732 735 class = rhodecode.lib.logging_formatter.ColorFormatter
733 736 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
734 737 datefmt = %Y-%m-%d %H:%M:%S
735 738
736 739 [formatter_color_formatter_sql]
737 740 class = rhodecode.lib.logging_formatter.ColorFormatterSql
738 741 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
739 742 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,712 +1,715 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 5 ################################################################################
6 6
7 7 [DEFAULT]
8 8 ## Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = false
10 10
11 11 ################################################################################
12 12 ## EMAIL CONFIGURATION ##
13 13 ## Uncomment and replace with the email address which should receive ##
14 14 ## any error reports after an application crash ##
15 15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 16 ################################################################################
17 17
18 18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 19 #email_prefix = [RhodeCode]
20 20
21 21 ## email FROM address all mails will be sent
22 22 #app_email_from = rhodecode-noreply@localhost
23 23
24 24 #smtp_server = mail.server.com
25 25 #smtp_username =
26 26 #smtp_password =
27 27 #smtp_port =
28 28 #smtp_use_tls = false
29 29 #smtp_use_ssl = true
30 30
31 31 [server:main]
32 32 ## COMMON ##
33 33 host = 127.0.0.1
34 34 port = 5000
35 35
36 36 ###########################################################
37 37 ## WAITRESS WSGI SERVER - Recommended for Development ####
38 38 ###########################################################
39 39
40 40 #use = egg:waitress#main
41 41 ## number of worker threads
42 42 #threads = 5
43 43 ## MAX BODY SIZE 100GB
44 44 #max_request_body_size = 107374182400
45 45 ## Use poll instead of select, fixes file descriptors limits problems.
46 46 ## May not work on old windows systems.
47 47 #asyncore_use_poll = true
48 48
49 49
50 50 ##########################
51 51 ## GUNICORN WSGI SERVER ##
52 52 ##########################
53 53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
54 54
55 55 use = egg:gunicorn#main
56 56 ## Sets the number of process workers. More workers means more concurrent connections
57 57 ## RhodeCode can handle at the same time. Each additional worker also it increases
58 58 ## memory usage as each has it's own set of caches.
59 59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
60 60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
61 61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
62 62 ## when using more than 1 worker.
63 63 workers = 2
64 64 ## process name visible in process list
65 65 proc_name = rhodecode
66 66 ## type of worker class, one of sync, gevent
67 67 ## recommended for bigger setup is using of of other than sync one
68 68 worker_class = gevent
69 69 ## The maximum number of simultaneous clients. Valid only for Gevent
70 70 worker_connections = 10
71 71 ## max number of requests that worker will handle before being gracefully
72 72 ## restarted, could prevent memory leaks
73 73 max_requests = 1000
74 74 max_requests_jitter = 30
75 75 ## amount of time a worker can spend with handling a request before it
76 76 ## gets killed and restarted. Set to 6hrs
77 77 timeout = 21600
78 78
79 79
80 80 ## prefix middleware for RhodeCode.
81 81 ## recommended when using proxy setup.
82 82 ## allows to set RhodeCode under a prefix in server.
83 83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
84 84 ## And set your prefix like: `prefix = /custom_prefix`
85 85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
86 86 ## to make your cookies only work on prefix url
87 87 [filter:proxy-prefix]
88 88 use = egg:PasteDeploy#prefix
89 89 prefix = /
90 90
91 91 [app:main]
92 92 ## The %(here)s variable will be replaced with the absolute path of parent directory
93 93 ## of this file
94 94 ## In addition ENVIRONMENT variables usage is possible, e.g
95 95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
96 96
97 97 use = egg:rhodecode-enterprise-ce
98 98
99 99 ## enable proxy prefix middleware, defined above
100 100 #filter-with = proxy-prefix
101 101
102 102 ## encryption key used to encrypt social plugin tokens,
103 103 ## remote_urls with credentials etc, if not set it defaults to
104 104 ## `beaker.session.secret`
105 105 #rhodecode.encrypted_values.secret =
106 106
107 107 ## decryption strict mode (enabled by default). It controls if decryption raises
108 108 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
109 109 #rhodecode.encrypted_values.strict = false
110 110
111 111 ## Pick algorithm for encryption. Either fernet (more secure) or aes (default)
112 112 ## fernet is safer, and we strongly recommend switching to it.
113 113 ## Due to backward compatibility aes is used as default.
114 114 #rhodecode.encrypted_values.algorithm = fernet
115 115
116 116 ## return gzipped responses from RhodeCode (static files/application)
117 117 gzip_responses = false
118 118
119 119 ## auto-generate javascript routes file on startup
120 120 generate_js_files = false
121 121
122 122 ## System global default language.
123 123 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
124 124 lang = en
125 125
126 126 ## Perform a full repository scan and import on each server start.
127 127 ## Settings this to true could lead to very long startup time.
128 128 startup.import_repos = false
129 129
130 130 ## Uncomment and set this path to use archive download cache.
131 131 ## Once enabled, generated archives will be cached at this location
132 132 ## and served from the cache during subsequent requests for the same archive of
133 133 ## the repository.
134 134 #archive_cache_dir = /tmp/tarballcache
135 135
136 136 ## URL at which the application is running. This is used for Bootstrapping
137 137 ## requests in context when no web request is available. Used in ishell, or
138 138 ## SSH calls. Set this for events to receive proper url for SSH calls.
139 139 app.base_url = http://rhodecode.local
140 140
141 141 ## Unique application ID. Should be a random unique string for security.
142 142 app_instance_uuid = rc-production
143 143
144 144 ## Cut off limit for large diffs (size in bytes). If overall diff size on
145 145 ## commit, or pull request exceeds this limit this diff will be displayed
146 146 ## partially. E.g 512000 == 512Kb
147 147 cut_off_limit_diff = 512000
148 148
149 149 ## Cut off limit for large files inside diffs (size in bytes). Each individual
150 150 ## file inside diff which exceeds this limit will be displayed partially.
151 151 ## E.g 128000 == 128Kb
152 152 cut_off_limit_file = 128000
153 153
154 154 ## use cached version of vcs repositories everywhere. Recommended to be `true`
155 155 vcs_full_cache = true
156 156
157 157 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
158 158 ## Normally this is controlled by proper http flags sent from http server
159 159 force_https = false
160 160
161 161 ## use Strict-Transport-Security headers
162 162 use_htsts = false
163 163
164 164 # Set to true if your repos are exposed using the dumb protocol
165 165 git_update_server_info = false
166 166
167 167 ## RSS/ATOM feed options
168 168 rss_cut_off_limit = 256000
169 169 rss_items_per_page = 10
170 170 rss_include_diff = false
171 171
172 172 ## gist URL alias, used to create nicer urls for gist. This should be an
173 173 ## url that does rewrites to _admin/gists/{gistid}.
174 174 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
175 175 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
176 176 gist_alias_url =
177 177
178 178 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
179 179 ## used for access.
180 180 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
181 181 ## came from the the logged in user who own this authentication token.
182 182 ## Additionally @TOKEN syntax can be used to bound the view to specific
183 183 ## authentication token. Such view would be only accessible when used together
184 184 ## with this authentication token
185 185 ##
186 186 ## list of all views can be found under `/_admin/permissions/auth_token_access`
187 187 ## The list should be "," separated and on a single line.
188 188 ##
189 189 ## Most common views to enable:
190 190 # RepoCommitsView:repo_commit_download
191 191 # RepoCommitsView:repo_commit_patch
192 192 # RepoCommitsView:repo_commit_raw
193 193 # RepoCommitsView:repo_commit_raw@TOKEN
194 194 # RepoFilesView:repo_files_diff
195 195 # RepoFilesView:repo_archivefile
196 196 # RepoFilesView:repo_file_raw
197 197 # GistView:*
198 198 api_access_controllers_whitelist =
199 199
200 200 ## Default encoding used to convert from and to unicode
201 201 ## can be also a comma separated list of encoding in case of mixed encodings
202 202 default_encoding = UTF-8
203 203
204 204 ## instance-id prefix
205 205 ## a prefix key for this instance used for cache invalidation when running
206 206 ## multiple instances of RhodeCode, make sure it's globally unique for
207 207 ## all running RhodeCode instances. Leave empty if you don't use it
208 208 instance_id =
209 209
210 210 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
211 211 ## of an authentication plugin also if it is disabled by it's settings.
212 212 ## This could be useful if you are unable to log in to the system due to broken
213 213 ## authentication settings. Then you can enable e.g. the internal RhodeCode auth
214 214 ## module to log in again and fix the settings.
215 215 ##
216 216 ## Available builtin plugin IDs (hash is part of the ID):
217 217 ## egg:rhodecode-enterprise-ce#rhodecode
218 218 ## egg:rhodecode-enterprise-ce#pam
219 219 ## egg:rhodecode-enterprise-ce#ldap
220 220 ## egg:rhodecode-enterprise-ce#jasig_cas
221 221 ## egg:rhodecode-enterprise-ce#headers
222 222 ## egg:rhodecode-enterprise-ce#crowd
223 223 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
224 224
225 225 ## alternative return HTTP header for failed authentication. Default HTTP
226 226 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
227 227 ## handling that causing a series of failed authentication calls.
228 228 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
229 229 ## This will be served instead of default 401 on bad authentication
230 230 auth_ret_code =
231 231
232 232 ## use special detection method when serving auth_ret_code, instead of serving
233 233 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
234 234 ## and then serve auth_ret_code to clients
235 235 auth_ret_code_detection = false
236 236
237 237 ## locking return code. When repository is locked return this HTTP code. 2XX
238 238 ## codes don't break the transactions while 4XX codes do
239 239 lock_ret_code = 423
240 240
241 241 ## allows to change the repository location in settings page
242 242 allow_repo_location_change = true
243 243
244 244 ## allows to setup custom hooks in settings page
245 245 allow_custom_hooks_settings = true
246 246
247 247 ## Generated license token required for EE edition license.
248 248 ## New generated token value can be found in Admin > settings > license page.
249 249 license_token =
250 250
251 ## This flag would hide sensitive information on the license page
252 license.hide_license_info = false
253
251 254 ## supervisor connection uri, for managing supervisor and logs.
252 255 supervisor.uri =
253 256 ## supervisord group name/id we only want this RC instance to handle
254 257 supervisor.group_id = prod
255 258
256 259 ## Display extended labs settings
257 260 labs_settings_active = true
258 261
259 262 ## Custom exception store path, defaults to TMPDIR
260 263 ## This is used to store exception from RhodeCode in shared directory
261 264 #exception_tracker.store_path =
262 265
263 266 ## File store configuration. This is used to store and serve uploaded files
264 267 file_store.enabled = true
265 268 ## Storage backend, available options are: local
266 269 file_store.backend = local
267 270 ## path to store the uploaded binaries
268 271 file_store.storage_path = %(here)s/data/file_store
269 272
270 273
271 274 ####################################
272 275 ### CELERY CONFIG ####
273 276 ####################################
274 277 ## run: /path/to/celery worker \
275 278 ## -E --beat --app rhodecode.lib.celerylib.loader \
276 279 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
277 280 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
278 281
279 282 use_celery = false
280 283
281 284 ## connection url to the message broker (default redis)
282 285 celery.broker_url = redis://localhost:6379/8
283 286
284 287 ## rabbitmq example
285 288 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
286 289
287 290 ## maximum tasks to execute before worker restart
288 291 celery.max_tasks_per_child = 100
289 292
290 293 ## tasks will never be sent to the queue, but executed locally instead.
291 294 celery.task_always_eager = false
292 295
293 296 #####################################
294 297 ### DOGPILE CACHE ####
295 298 #####################################
296 299 ## Default cache dir for caches. Putting this into a ramdisk
297 300 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
298 301 ## large amount of space
299 302 cache_dir = %(here)s/data
300 303
301 304 ## `cache_perms` cache settings for permission tree, auth TTL.
302 305 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
303 306 rc_cache.cache_perms.expiration_time = 300
304 307
305 308 ## alternative `cache_perms` redis backend with distributed lock
306 309 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
307 310 #rc_cache.cache_perms.expiration_time = 300
308 311 ## redis_expiration_time needs to be greater then expiration_time
309 312 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
310 313 #rc_cache.cache_perms.arguments.socket_timeout = 30
311 314 #rc_cache.cache_perms.arguments.host = localhost
312 315 #rc_cache.cache_perms.arguments.port = 6379
313 316 #rc_cache.cache_perms.arguments.db = 0
314 317 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
315 318 #rc_cache.cache_perms.arguments.distributed_lock = true
316 319
317 320 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
318 321 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
319 322 rc_cache.cache_repo.expiration_time = 2592000
320 323
321 324 ## alternative `cache_repo` redis backend with distributed lock
322 325 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
323 326 #rc_cache.cache_repo.expiration_time = 2592000
324 327 ## redis_expiration_time needs to be greater then expiration_time
325 328 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
326 329 #rc_cache.cache_repo.arguments.socket_timeout = 30
327 330 #rc_cache.cache_repo.arguments.host = localhost
328 331 #rc_cache.cache_repo.arguments.port = 6379
329 332 #rc_cache.cache_repo.arguments.db = 1
330 333 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
331 334 #rc_cache.cache_repo.arguments.distributed_lock = true
332 335
333 336 ## cache settings for SQL queries, this needs to use memory type backend
334 337 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
335 338 rc_cache.sql_cache_short.expiration_time = 30
336 339
337 340 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
338 341 ## type backend as the objects kept are not pickle serializable
339 342 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
340 343 ## by default we use 96H, this is using invalidation on push anyway
341 344 rc_cache.cache_repo_longterm.expiration_time = 345600
342 345 ## max items in LRU cache, reduce this number to save memory, and expire last used
343 346 ## cached objects
344 347 rc_cache.cache_repo_longterm.max_size = 10000
345 348
346 349
347 350 ####################################
348 351 ### BEAKER SESSION ####
349 352 ####################################
350 353
351 354 ## .session.type is type of storage options for the session, current allowed
352 355 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
353 356 beaker.session.type = file
354 357 beaker.session.data_dir = %(here)s/data/sessions
355 358
356 359 ## redis sessions
357 360 #beaker.session.type = ext:redis
358 361 #beaker.session.url = redis://127.0.0.1:6379/2
359 362
360 363 ## db based session, fast, and allows easy management over logged in users
361 364 #beaker.session.type = ext:database
362 365 #beaker.session.table_name = db_session
363 366 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
364 367 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
365 368 #beaker.session.sa.pool_recycle = 3600
366 369 #beaker.session.sa.echo = false
367 370
368 371 beaker.session.key = rhodecode
369 372 beaker.session.secret = production-rc-uytcxaz
370 373 beaker.session.lock_dir = %(here)s/data/sessions/lock
371 374
372 375 ## Secure encrypted cookie. Requires AES and AES python libraries
373 376 ## you must disable beaker.session.secret to use this
374 377 #beaker.session.encrypt_key = key_for_encryption
375 378 #beaker.session.validate_key = validation_key
376 379
377 380 ## sets session as invalid(also logging out user) if it haven not been
378 381 ## accessed for given amount of time in seconds
379 382 beaker.session.timeout = 2592000
380 383 beaker.session.httponly = true
381 384 ## Path to use for the cookie. Set to prefix if you use prefix middleware
382 385 #beaker.session.cookie_path = /custom_prefix
383 386
384 387 ## uncomment for https secure cookie
385 388 beaker.session.secure = false
386 389
387 390 ## auto save the session to not to use .save()
388 391 beaker.session.auto = false
389 392
390 393 ## default cookie expiration time in seconds, set to `true` to set expire
391 394 ## at browser close
392 395 #beaker.session.cookie_expires = 3600
393 396
394 397 ###################################
395 398 ## SEARCH INDEXING CONFIGURATION ##
396 399 ###################################
397 400 ## Full text search indexer is available in rhodecode-tools under
398 401 ## `rhodecode-tools index` command
399 402
400 403 ## WHOOSH Backend, doesn't require additional services to run
401 404 ## it works good with few dozen repos
402 405 search.module = rhodecode.lib.index.whoosh
403 406 search.location = %(here)s/data/index
404 407
405 408 ########################################
406 409 ### CHANNELSTREAM CONFIG ####
407 410 ########################################
408 411 ## channelstream enables persistent connections and live notification
409 412 ## in the system. It's also used by the chat system
410 413
411 414 channelstream.enabled = false
412 415
413 416 ## server address for channelstream server on the backend
414 417 channelstream.server = 127.0.0.1:9800
415 418
416 419 ## location of the channelstream server from outside world
417 420 ## use ws:// for http or wss:// for https. This address needs to be handled
418 421 ## by external HTTP server such as Nginx or Apache
419 422 ## see Nginx/Apache configuration examples in our docs
420 423 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
421 424 channelstream.secret = secret
422 425 channelstream.history.location = %(here)s/channelstream_history
423 426
424 427 ## Internal application path that Javascript uses to connect into.
425 428 ## If you use proxy-prefix the prefix should be added before /_channelstream
426 429 channelstream.proxy_path = /_channelstream
427 430
428 431
429 432 ###################################
430 433 ## APPENLIGHT CONFIG ##
431 434 ###################################
432 435
433 436 ## Appenlight is tailored to work with RhodeCode, see
434 437 ## http://appenlight.com for details how to obtain an account
435 438
436 439 ## Appenlight integration enabled
437 440 appenlight = false
438 441
439 442 appenlight.server_url = https://api.appenlight.com
440 443 appenlight.api_key = YOUR_API_KEY
441 444 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
442 445
443 446 ## used for JS client
444 447 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
445 448
446 449 ## TWEAK AMOUNT OF INFO SENT HERE
447 450
448 451 ## enables 404 error logging (default False)
449 452 appenlight.report_404 = false
450 453
451 454 ## time in seconds after request is considered being slow (default 1)
452 455 appenlight.slow_request_time = 1
453 456
454 457 ## record slow requests in application
455 458 ## (needs to be enabled for slow datastore recording and time tracking)
456 459 appenlight.slow_requests = true
457 460
458 461 ## enable hooking to application loggers
459 462 appenlight.logging = true
460 463
461 464 ## minimum log level for log capture
462 465 appenlight.logging.level = WARNING
463 466
464 467 ## send logs only from erroneous/slow requests
465 468 ## (saves API quota for intensive logging)
466 469 appenlight.logging_on_error = false
467 470
468 471 ## list of additional keywords that should be grabbed from environ object
469 472 ## can be string with comma separated list of words in lowercase
470 473 ## (by default client will always send following info:
471 474 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
472 475 ## start with HTTP* this list be extended with additional keywords here
473 476 appenlight.environ_keys_whitelist =
474 477
475 478 ## list of keywords that should be blanked from request object
476 479 ## can be string with comma separated list of words in lowercase
477 480 ## (by default client will always blank keys that contain following words
478 481 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
479 482 ## this list be extended with additional keywords set here
480 483 appenlight.request_keys_blacklist =
481 484
482 485 ## list of namespaces that should be ignores when gathering log entries
483 486 ## can be string with comma separated list of namespaces
484 487 ## (by default the client ignores own entries: appenlight_client.client)
485 488 appenlight.log_namespace_blacklist =
486 489
487 490
488 491 ###########################################
489 492 ### MAIN RHODECODE DATABASE CONFIG ###
490 493 ###########################################
491 494 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
492 495 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
493 496 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
494 497 # pymysql is an alternative driver for MySQL, use in case of problems with default one
495 498 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
496 499
497 500 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
498 501
499 502 # see sqlalchemy docs for other advanced settings
500 503
501 504 ## print the sql statements to output
502 505 sqlalchemy.db1.echo = false
503 506 ## recycle the connections after this amount of seconds
504 507 sqlalchemy.db1.pool_recycle = 3600
505 508
506 509 ## the number of connections to keep open inside the connection pool.
507 510 ## 0 indicates no limit
508 511 #sqlalchemy.db1.pool_size = 5
509 512
510 513 ## the number of connections to allow in connection pool "overflow", that is
511 514 ## connections that can be opened above and beyond the pool_size setting,
512 515 ## which defaults to five.
513 516 #sqlalchemy.db1.max_overflow = 10
514 517
515 518 ## Connection check ping, used to detect broken database connections
516 519 ## could be enabled to better handle cases if MySQL has gone away errors
517 520 #sqlalchemy.db1.ping_connection = true
518 521
519 522 ##################
520 523 ### VCS CONFIG ###
521 524 ##################
522 525 vcs.server.enable = true
523 526 vcs.server = localhost:9900
524 527
525 528 ## Web server connectivity protocol, responsible for web based VCS operations
526 529 ## Available protocols are:
527 530 ## `http` - use http-rpc backend (default)
528 531 vcs.server.protocol = http
529 532
530 533 ## Push/Pull operations protocol, available options are:
531 534 ## `http` - use http-rpc backend (default)
532 535 vcs.scm_app_implementation = http
533 536
534 537 ## Push/Pull operations hooks protocol, available options are:
535 538 ## `http` - use http-rpc backend (default)
536 539 vcs.hooks.protocol = http
537 540
538 541 ## Host on which this instance is listening for hooks. If vcsserver is in other location
539 542 ## this should be adjusted.
540 543 vcs.hooks.host = 127.0.0.1
541 544
542 545 vcs.server.log_level = info
543 546 ## Start VCSServer with this instance as a subprocess, useful for development
544 547 vcs.start_server = false
545 548
546 549 ## List of enabled VCS backends, available options are:
547 550 ## `hg` - mercurial
548 551 ## `git` - git
549 552 ## `svn` - subversion
550 553 vcs.backends = hg, git, svn
551 554
552 555 vcs.connection_timeout = 3600
553 556 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
554 557 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
555 558 #vcs.svn.compatible_version = pre-1.8-compatible
556 559
557 560
558 561 ############################################################
559 562 ### Subversion proxy support (mod_dav_svn) ###
560 563 ### Maps RhodeCode repo groups into SVN paths for Apache ###
561 564 ############################################################
562 565 ## Enable or disable the config file generation.
563 566 svn.proxy.generate_config = false
564 567 ## Generate config file with `SVNListParentPath` set to `On`.
565 568 svn.proxy.list_parent_path = true
566 569 ## Set location and file name of generated config file.
567 570 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
568 571 ## alternative mod_dav config template. This needs to be a mako template
569 572 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
570 573 ## Used as a prefix to the `Location` block in the generated config file.
571 574 ## In most cases it should be set to `/`.
572 575 svn.proxy.location_root = /
573 576 ## Command to reload the mod dav svn configuration on change.
574 577 ## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
575 578 ## Make sure user who runs RhodeCode process is allowed to reload Apache
576 579 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
577 580 ## If the timeout expires before the reload command finishes, the command will
578 581 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
579 582 #svn.proxy.reload_timeout = 10
580 583
581 584 ############################################################
582 585 ### SSH Support Settings ###
583 586 ############################################################
584 587
585 588 ## Defines if a custom authorized_keys file should be created and written on
586 589 ## any change user ssh keys. Setting this to false also disables possibility
587 590 ## of adding SSH keys by users from web interface. Super admins can still
588 591 ## manage SSH Keys.
589 592 ssh.generate_authorized_keyfile = false
590 593
591 594 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
592 595 # ssh.authorized_keys_ssh_opts =
593 596
594 597 ## Path to the authorized_keys file where the generate entries are placed.
595 598 ## It is possible to have multiple key files specified in `sshd_config` e.g.
596 599 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
597 600 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
598 601
599 602 ## Command to execute the SSH wrapper. The binary is available in the
600 603 ## RhodeCode installation directory.
601 604 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
602 605 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
603 606
604 607 ## Allow shell when executing the ssh-wrapper command
605 608 ssh.wrapper_cmd_allow_shell = false
606 609
607 610 ## Enables logging, and detailed output send back to the client during SSH
608 611 ## operations. Useful for debugging, shouldn't be used in production.
609 612 ssh.enable_debug_logging = false
610 613
611 614 ## Paths to binary executable, by default they are the names, but we can
612 615 ## override them if we want to use a custom one
613 616 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
614 617 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
615 618 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
616 619
617 620 ## Enables SSH key generator web interface. Disabling this still allows users
618 621 ## to add their own keys.
619 622 ssh.enable_ui_key_generator = true
620 623
621 624
622 625 ## Dummy marker to add new entries after.
623 626 ## Add any custom entries below. Please don't remove.
624 627 custom.conf = 1
625 628
626 629
627 630 ################################
628 631 ### LOGGING CONFIGURATION ####
629 632 ################################
630 633 [loggers]
631 634 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
632 635
633 636 [handlers]
634 637 keys = console, console_sql
635 638
636 639 [formatters]
637 640 keys = generic, color_formatter, color_formatter_sql
638 641
639 642 #############
640 643 ## LOGGERS ##
641 644 #############
642 645 [logger_root]
643 646 level = NOTSET
644 647 handlers = console
645 648
646 649 [logger_sqlalchemy]
647 650 level = INFO
648 651 handlers = console_sql
649 652 qualname = sqlalchemy.engine
650 653 propagate = 0
651 654
652 655 [logger_beaker]
653 656 level = DEBUG
654 657 handlers =
655 658 qualname = beaker.container
656 659 propagate = 1
657 660
658 661 [logger_rhodecode]
659 662 level = DEBUG
660 663 handlers =
661 664 qualname = rhodecode
662 665 propagate = 1
663 666
664 667 [logger_ssh_wrapper]
665 668 level = DEBUG
666 669 handlers =
667 670 qualname = ssh_wrapper
668 671 propagate = 1
669 672
670 673 [logger_celery]
671 674 level = DEBUG
672 675 handlers =
673 676 qualname = celery
674 677
675 678
676 679 ##############
677 680 ## HANDLERS ##
678 681 ##############
679 682
680 683 [handler_console]
681 684 class = StreamHandler
682 685 args = (sys.stderr, )
683 686 level = INFO
684 687 formatter = generic
685 688
686 689 [handler_console_sql]
687 690 # "level = DEBUG" logs SQL queries and results.
688 691 # "level = INFO" logs SQL queries.
689 692 # "level = WARN" logs neither. (Recommended for production systems.)
690 693 class = StreamHandler
691 694 args = (sys.stderr, )
692 695 level = WARN
693 696 formatter = generic
694 697
695 698 ################
696 699 ## FORMATTERS ##
697 700 ################
698 701
699 702 [formatter_generic]
700 703 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
701 704 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
702 705 datefmt = %Y-%m-%d %H:%M:%S
703 706
704 707 [formatter_color_formatter]
705 708 class = rhodecode.lib.logging_formatter.ColorFormatter
706 709 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
707 710 datefmt = %Y-%m-%d %H:%M:%S
708 711
709 712 [formatter_color_formatter_sql]
710 713 class = rhodecode.lib.logging_formatter.ColorFormatterSql
711 714 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
712 715 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,597 +1,601 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 The base Controller API
23 23 Provides the BaseController class for subclassing. And usage in different
24 24 controllers
25 25 """
26 26
27 27 import logging
28 28 import socket
29 29
30 30 import markupsafe
31 31 import ipaddress
32 32
33 33 from paste.auth.basic import AuthBasicAuthenticator
34 34 from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception
35 35 from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
36 36
37 37 import rhodecode
38 38 from rhodecode.apps._base import TemplateArgs
39 39 from rhodecode.authentication.base import VCS_TYPE
40 40 from rhodecode.lib import auth, utils2
41 41 from rhodecode.lib import helpers as h
42 42 from rhodecode.lib.auth import AuthUser, CookieStoreWrapper
43 43 from rhodecode.lib.exceptions import UserCreationError
44 44 from rhodecode.lib.utils import (password_changed, get_enabled_hook_classes)
45 45 from rhodecode.lib.utils2 import (
46 46 str2bool, safe_unicode, AttributeDict, safe_int, sha1, aslist, safe_str)
47 47 from rhodecode.model.db import Repository, User, ChangesetComment, UserBookmark
48 48 from rhodecode.model.notification import NotificationModel
49 49 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
50 50
51 51 log = logging.getLogger(__name__)
52 52
53 53
54 54 def _filter_proxy(ip):
55 55 """
56 56 Passed in IP addresses in HEADERS can be in a special format of multiple
57 57 ips. Those comma separated IPs are passed from various proxies in the
58 58 chain of request processing. The left-most being the original client.
59 59 We only care about the first IP which came from the org. client.
60 60
61 61 :param ip: ip string from headers
62 62 """
63 63 if ',' in ip:
64 64 _ips = ip.split(',')
65 65 _first_ip = _ips[0].strip()
66 66 log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)
67 67 return _first_ip
68 68 return ip
69 69
70 70
71 71 def _filter_port(ip):
72 72 """
73 73 Removes a port from ip, there are 4 main cases to handle here.
74 74 - ipv4 eg. 127.0.0.1
75 75 - ipv6 eg. ::1
76 76 - ipv4+port eg. 127.0.0.1:8080
77 77 - ipv6+port eg. [::1]:8080
78 78
79 79 :param ip:
80 80 """
81 81 def is_ipv6(ip_addr):
82 82 if hasattr(socket, 'inet_pton'):
83 83 try:
84 84 socket.inet_pton(socket.AF_INET6, ip_addr)
85 85 except socket.error:
86 86 return False
87 87 else:
88 88 # fallback to ipaddress
89 89 try:
90 90 ipaddress.IPv6Address(safe_unicode(ip_addr))
91 91 except Exception:
92 92 return False
93 93 return True
94 94
95 95 if ':' not in ip: # must be ipv4 pure ip
96 96 return ip
97 97
98 98 if '[' in ip and ']' in ip: # ipv6 with port
99 99 return ip.split(']')[0][1:].lower()
100 100
101 101 # must be ipv6 or ipv4 with port
102 102 if is_ipv6(ip):
103 103 return ip
104 104 else:
105 105 ip, _port = ip.split(':')[:2] # means ipv4+port
106 106 return ip
107 107
108 108
109 109 def get_ip_addr(environ):
110 110 proxy_key = 'HTTP_X_REAL_IP'
111 111 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
112 112 def_key = 'REMOTE_ADDR'
113 113 _filters = lambda x: _filter_port(_filter_proxy(x))
114 114
115 115 ip = environ.get(proxy_key)
116 116 if ip:
117 117 return _filters(ip)
118 118
119 119 ip = environ.get(proxy_key2)
120 120 if ip:
121 121 return _filters(ip)
122 122
123 123 ip = environ.get(def_key, '0.0.0.0')
124 124 return _filters(ip)
125 125
126 126
127 127 def get_server_ip_addr(environ, log_errors=True):
128 128 hostname = environ.get('SERVER_NAME')
129 129 try:
130 130 return socket.gethostbyname(hostname)
131 131 except Exception as e:
132 132 if log_errors:
133 133 # in some cases this lookup is not possible, and we don't want to
134 134 # make it an exception in logs
135 135 log.exception('Could not retrieve server ip address: %s', e)
136 136 return hostname
137 137
138 138
139 139 def get_server_port(environ):
140 140 return environ.get('SERVER_PORT')
141 141
142 142
143 143 def get_access_path(environ):
144 144 path = environ.get('PATH_INFO')
145 145 org_req = environ.get('pylons.original_request')
146 146 if org_req:
147 147 path = org_req.environ.get('PATH_INFO')
148 148 return path
149 149
150 150
151 151 def get_user_agent(environ):
152 152 return environ.get('HTTP_USER_AGENT')
153 153
154 154
155 155 def vcs_operation_context(
156 156 environ, repo_name, username, action, scm, check_locking=True,
157 157 is_shadow_repo=False, check_branch_perms=False, detect_force_push=False):
158 158 """
159 159 Generate the context for a vcs operation, e.g. push or pull.
160 160
161 161 This context is passed over the layers so that hooks triggered by the
162 162 vcs operation know details like the user, the user's IP address etc.
163 163
164 164 :param check_locking: Allows to switch of the computation of the locking
165 165 data. This serves mainly the need of the simplevcs middleware to be
166 166 able to disable this for certain operations.
167 167
168 168 """
169 169 # Tri-state value: False: unlock, None: nothing, True: lock
170 170 make_lock = None
171 171 locked_by = [None, None, None]
172 172 is_anonymous = username == User.DEFAULT_USER
173 173 user = User.get_by_username(username)
174 174 if not is_anonymous and check_locking:
175 175 log.debug('Checking locking on repository "%s"', repo_name)
176 176 repo = Repository.get_by_repo_name(repo_name)
177 177 make_lock, __, locked_by = repo.get_locking_state(
178 178 action, user.user_id)
179 179 user_id = user.user_id
180 180 settings_model = VcsSettingsModel(repo=repo_name)
181 181 ui_settings = settings_model.get_ui_settings()
182 182
183 183 # NOTE(marcink): This should be also in sync with
184 184 # rhodecode/apps/ssh_support/lib/backends/base.py:update_environment scm_data
185 185 store = [x for x in ui_settings if x.key == '/']
186 186 repo_store = ''
187 187 if store:
188 188 repo_store = store[0].value
189 189
190 190 scm_data = {
191 191 'ip': get_ip_addr(environ),
192 192 'username': username,
193 193 'user_id': user_id,
194 194 'action': action,
195 195 'repository': repo_name,
196 196 'scm': scm,
197 197 'config': rhodecode.CONFIG['__file__'],
198 198 'repo_store': repo_store,
199 199 'make_lock': make_lock,
200 200 'locked_by': locked_by,
201 201 'server_url': utils2.get_server_url(environ),
202 202 'user_agent': get_user_agent(environ),
203 203 'hooks': get_enabled_hook_classes(ui_settings),
204 204 'is_shadow_repo': is_shadow_repo,
205 205 'detect_force_push': detect_force_push,
206 206 'check_branch_perms': check_branch_perms,
207 207 }
208 208 return scm_data
209 209
210 210
211 211 class BasicAuth(AuthBasicAuthenticator):
212 212
213 213 def __init__(self, realm, authfunc, registry, auth_http_code=None,
214 214 initial_call_detection=False, acl_repo_name=None):
215 215 self.realm = realm
216 216 self.initial_call = initial_call_detection
217 217 self.authfunc = authfunc
218 218 self.registry = registry
219 219 self.acl_repo_name = acl_repo_name
220 220 self._rc_auth_http_code = auth_http_code
221 221
222 222 def _get_response_from_code(self, http_code):
223 223 try:
224 224 return get_exception(safe_int(http_code))
225 225 except Exception:
226 226 log.exception('Failed to fetch response for code %s', http_code)
227 227 return HTTPForbidden
228 228
229 229 def get_rc_realm(self):
230 230 return safe_str(self.registry.rhodecode_settings.get('rhodecode_realm'))
231 231
232 232 def build_authentication(self):
233 233 head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
234 234 if self._rc_auth_http_code and not self.initial_call:
235 235 # return alternative HTTP code if alternative http return code
236 236 # is specified in RhodeCode config, but ONLY if it's not the
237 237 # FIRST call
238 238 custom_response_klass = self._get_response_from_code(
239 239 self._rc_auth_http_code)
240 240 return custom_response_klass(headers=head)
241 241 return HTTPUnauthorized(headers=head)
242 242
243 243 def authenticate(self, environ):
244 244 authorization = AUTHORIZATION(environ)
245 245 if not authorization:
246 246 return self.build_authentication()
247 247 (authmeth, auth) = authorization.split(' ', 1)
248 248 if 'basic' != authmeth.lower():
249 249 return self.build_authentication()
250 250 auth = auth.strip().decode('base64')
251 251 _parts = auth.split(':', 1)
252 252 if len(_parts) == 2:
253 253 username, password = _parts
254 254 auth_data = self.authfunc(
255 255 username, password, environ, VCS_TYPE,
256 256 registry=self.registry, acl_repo_name=self.acl_repo_name)
257 257 if auth_data:
258 258 return {'username': username, 'auth_data': auth_data}
259 259 if username and password:
260 260 # we mark that we actually executed authentication once, at
261 261 # that point we can use the alternative auth code
262 262 self.initial_call = False
263 263
264 264 return self.build_authentication()
265 265
266 266 __call__ = authenticate
267 267
268 268
269 269 def calculate_version_hash(config):
270 270 return sha1(
271 271 config.get('beaker.session.secret', '') +
272 272 rhodecode.__version__)[:8]
273 273
274 274
275 275 def get_current_lang(request):
276 276 # NOTE(marcink): remove after pyramid move
277 277 try:
278 278 return translation.get_lang()[0]
279 279 except:
280 280 pass
281 281
282 282 return getattr(request, '_LOCALE_', request.locale_name)
283 283
284 284
285 285 def attach_context_attributes(context, request, user_id=None):
286 286 """
287 287 Attach variables into template context called `c`.
288 288 """
289 289 config = request.registry.settings
290 290
291 291 rc_config = SettingsModel().get_all_settings(cache=True)
292 292 context.rc_config = rc_config
293 293 context.rhodecode_version = rhodecode.__version__
294 294 context.rhodecode_edition = config.get('rhodecode.edition')
295 295 # unique secret + version does not leak the version but keep consistency
296 296 context.rhodecode_version_hash = calculate_version_hash(config)
297 297
298 298 # Default language set for the incoming request
299 299 context.language = get_current_lang(request)
300 300
301 301 # Visual options
302 302 context.visual = AttributeDict({})
303 303
304 304 # DB stored Visual Items
305 305 context.visual.show_public_icon = str2bool(
306 306 rc_config.get('rhodecode_show_public_icon'))
307 307 context.visual.show_private_icon = str2bool(
308 308 rc_config.get('rhodecode_show_private_icon'))
309 309 context.visual.stylify_metatags = str2bool(
310 310 rc_config.get('rhodecode_stylify_metatags'))
311 311 context.visual.dashboard_items = safe_int(
312 312 rc_config.get('rhodecode_dashboard_items', 100))
313 313 context.visual.admin_grid_items = safe_int(
314 314 rc_config.get('rhodecode_admin_grid_items', 100))
315 315 context.visual.show_revision_number = str2bool(
316 316 rc_config.get('rhodecode_show_revision_number', True))
317 317 context.visual.show_sha_length = safe_int(
318 318 rc_config.get('rhodecode_show_sha_length', 100))
319 319 context.visual.repository_fields = str2bool(
320 320 rc_config.get('rhodecode_repository_fields'))
321 321 context.visual.show_version = str2bool(
322 322 rc_config.get('rhodecode_show_version'))
323 323 context.visual.use_gravatar = str2bool(
324 324 rc_config.get('rhodecode_use_gravatar'))
325 325 context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')
326 326 context.visual.default_renderer = rc_config.get(
327 327 'rhodecode_markup_renderer', 'rst')
328 328 context.visual.comment_types = ChangesetComment.COMMENT_TYPES
329 329 context.visual.rhodecode_support_url = \
330 330 rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')
331 331
332 332 context.visual.affected_files_cut_off = 60
333 333
334 334 context.pre_code = rc_config.get('rhodecode_pre_code')
335 335 context.post_code = rc_config.get('rhodecode_post_code')
336 336 context.rhodecode_name = rc_config.get('rhodecode_title')
337 337 context.default_encodings = aslist(config.get('default_encoding'), sep=',')
338 338 # if we have specified default_encoding in the request, it has more
339 339 # priority
340 340 if request.GET.get('default_encoding'):
341 341 context.default_encodings.insert(0, request.GET.get('default_encoding'))
342 342 context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')
343 343 context.clone_uri_ssh_tmpl = rc_config.get('rhodecode_clone_uri_ssh_tmpl')
344 344
345 345 # INI stored
346 346 context.labs_active = str2bool(
347 347 config.get('labs_settings_active', 'false'))
348 348 context.ssh_enabled = str2bool(
349 349 config.get('ssh.generate_authorized_keyfile', 'false'))
350 350 context.ssh_key_generator_enabled = str2bool(
351 351 config.get('ssh.enable_ui_key_generator', 'true'))
352 352
353 353 context.visual.allow_repo_location_change = str2bool(
354 354 config.get('allow_repo_location_change', True))
355 355 context.visual.allow_custom_hooks_settings = str2bool(
356 356 config.get('allow_custom_hooks_settings', True))
357 357 context.debug_style = str2bool(config.get('debug_style', False))
358 358
359 359 context.rhodecode_instanceid = config.get('instance_id')
360 360
361 361 context.visual.cut_off_limit_diff = safe_int(
362 362 config.get('cut_off_limit_diff'))
363 363 context.visual.cut_off_limit_file = safe_int(
364 364 config.get('cut_off_limit_file'))
365 365
366 context.license = AttributeDict({})
367 context.license.hide_license_info = str2bool(
368 config.get('license.hide_license_info', False))
369
366 370 # AppEnlight
367 371 context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))
368 372 context.appenlight_api_public_key = config.get(
369 373 'appenlight.api_public_key', '')
370 374 context.appenlight_server_url = config.get('appenlight.server_url', '')
371 375
372 376 diffmode = {
373 377 "unified": "unified",
374 378 "sideside": "sideside"
375 379 }.get(request.GET.get('diffmode'))
376 380
377 381 is_api = hasattr(request, 'rpc_user')
378 382 session_attrs = {
379 383 # defaults
380 384 "clone_url_format": "http",
381 385 "diffmode": "sideside"
382 386 }
383 387
384 388 if not is_api:
385 389 # don't access pyramid session for API calls
386 390 if diffmode and diffmode != request.session.get('rc_user_session_attr.diffmode'):
387 391 request.session['rc_user_session_attr.diffmode'] = diffmode
388 392
389 393 # session settings per user
390 394
391 395 for k, v in request.session.items():
392 396 pref = 'rc_user_session_attr.'
393 397 if k and k.startswith(pref):
394 398 k = k[len(pref):]
395 399 session_attrs[k] = v
396 400
397 401 context.user_session_attrs = session_attrs
398 402
399 403 # JS template context
400 404 context.template_context = {
401 405 'repo_name': None,
402 406 'repo_type': None,
403 407 'repo_landing_commit': None,
404 408 'rhodecode_user': {
405 409 'username': None,
406 410 'email': None,
407 411 'notification_status': False
408 412 },
409 413 'session_attrs': session_attrs,
410 414 'visual': {
411 415 'default_renderer': None
412 416 },
413 417 'commit_data': {
414 418 'commit_id': None
415 419 },
416 420 'pull_request_data': {'pull_request_id': None},
417 421 'timeago': {
418 422 'refresh_time': 120 * 1000,
419 423 'cutoff_limit': 1000 * 60 * 60 * 24 * 7
420 424 },
421 425 'pyramid_dispatch': {
422 426
423 427 },
424 428 'extra': {'plugins': {}}
425 429 }
426 430 # END CONFIG VARS
427 431 if is_api:
428 432 csrf_token = None
429 433 else:
430 434 csrf_token = auth.get_csrf_token(session=request.session)
431 435
432 436 context.csrf_token = csrf_token
433 437 context.backends = rhodecode.BACKENDS.keys()
434 438 context.backends.sort()
435 439 unread_count = 0
436 440 user_bookmark_list = []
437 441 if user_id:
438 442 unread_count = NotificationModel().get_unread_cnt_for_user(user_id)
439 443 user_bookmark_list = UserBookmark.get_bookmarks_for_user(user_id)
440 444 context.unread_notifications = unread_count
441 445 context.bookmark_items = user_bookmark_list
442 446
443 447 # web case
444 448 if hasattr(request, 'user'):
445 449 context.auth_user = request.user
446 450 context.rhodecode_user = request.user
447 451
448 452 # api case
449 453 if hasattr(request, 'rpc_user'):
450 454 context.auth_user = request.rpc_user
451 455 context.rhodecode_user = request.rpc_user
452 456
453 457 # attach the whole call context to the request
454 458 request.call_context = context
455 459
456 460
457 461 def get_auth_user(request):
458 462 environ = request.environ
459 463 session = request.session
460 464
461 465 ip_addr = get_ip_addr(environ)
462 466
463 467 # make sure that we update permissions each time we call controller
464 468 _auth_token = (request.GET.get('auth_token', '') or request.GET.get('api_key', ''))
465 469 if not _auth_token:
466 470 url_auth_token = request.matchdict.get('_auth_token')
467 471 _auth_token = url_auth_token
468 472 if _auth_token:
469 473 log.debug('Using URL extracted auth token `...%s`', _auth_token[-4:])
470 474
471 475 if _auth_token:
472 476 # when using API_KEY we assume user exists, and
473 477 # doesn't need auth based on cookies.
474 478 auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)
475 479 authenticated = False
476 480 else:
477 481 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
478 482 try:
479 483 auth_user = AuthUser(user_id=cookie_store.get('user_id', None),
480 484 ip_addr=ip_addr)
481 485 except UserCreationError as e:
482 486 h.flash(e, 'error')
483 487 # container auth or other auth functions that create users
484 488 # on the fly can throw this exception signaling that there's
485 489 # issue with user creation, explanation should be provided
486 490 # in Exception itself. We then create a simple blank
487 491 # AuthUser
488 492 auth_user = AuthUser(ip_addr=ip_addr)
489 493
490 494 # in case someone changes a password for user it triggers session
491 495 # flush and forces a re-login
492 496 if password_changed(auth_user, session):
493 497 session.invalidate()
494 498 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
495 499 auth_user = AuthUser(ip_addr=ip_addr)
496 500
497 501 authenticated = cookie_store.get('is_authenticated')
498 502
499 503 if not auth_user.is_authenticated and auth_user.is_user_object:
500 504 # user is not authenticated and not empty
501 505 auth_user.set_authenticated(authenticated)
502 506
503 507 return auth_user, _auth_token
504 508
505 509
506 510 def h_filter(s):
507 511 """
508 512 Custom filter for Mako templates. Mako by standard uses `markupsafe.escape`
509 513 we wrap this with additional functionality that converts None to empty
510 514 strings
511 515 """
512 516 if s is None:
513 517 return markupsafe.Markup()
514 518 return markupsafe.escape(s)
515 519
516 520
517 521 def add_events_routes(config):
518 522 """
519 523 Adds routing that can be used in events. Because some events are triggered
520 524 outside of pyramid context, we need to bootstrap request with some
521 525 routing registered
522 526 """
523 527
524 528 from rhodecode.apps._base import ADMIN_PREFIX
525 529
526 530 config.add_route(name='home', pattern='/')
527 531
528 532 config.add_route(name='login', pattern=ADMIN_PREFIX + '/login')
529 533 config.add_route(name='logout', pattern=ADMIN_PREFIX + '/logout')
530 534 config.add_route(name='repo_summary', pattern='/{repo_name}')
531 535 config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')
532 536 config.add_route(name='repo_group_home', pattern='/{repo_group_name}')
533 537
534 538 config.add_route(name='pullrequest_show',
535 539 pattern='/{repo_name}/pull-request/{pull_request_id}')
536 540 config.add_route(name='pull_requests_global',
537 541 pattern='/pull-request/{pull_request_id}')
538 542 config.add_route(name='repo_commit',
539 543 pattern='/{repo_name}/changeset/{commit_id}')
540 544
541 545 config.add_route(name='repo_files',
542 546 pattern='/{repo_name}/files/{commit_id}/{f_path}')
543 547
544 548
545 549 def bootstrap_config(request):
546 550 import pyramid.testing
547 551 registry = pyramid.testing.Registry('RcTestRegistry')
548 552
549 553 config = pyramid.testing.setUp(registry=registry, request=request)
550 554
551 555 # allow pyramid lookup in testing
552 556 config.include('pyramid_mako')
553 557 config.include('rhodecode.lib.rc_beaker')
554 558 config.include('rhodecode.lib.rc_cache')
555 559
556 560 add_events_routes(config)
557 561
558 562 return config
559 563
560 564
561 565 def bootstrap_request(**kwargs):
562 566 import pyramid.testing
563 567
564 568 class TestRequest(pyramid.testing.DummyRequest):
565 569 application_url = kwargs.pop('application_url', 'http://example.com')
566 570 host = kwargs.pop('host', 'example.com:80')
567 571 domain = kwargs.pop('domain', 'example.com')
568 572
569 573 def translate(self, msg):
570 574 return msg
571 575
572 576 def plularize(self, singular, plural, n):
573 577 return singular
574 578
575 579 def get_partial_renderer(self, tmpl_name):
576 580
577 581 from rhodecode.lib.partial_renderer import get_partial_renderer
578 582 return get_partial_renderer(request=self, tmpl_name=tmpl_name)
579 583
580 584 _call_context = TemplateArgs()
581 585 _call_context.visual = TemplateArgs()
582 586 _call_context.visual.show_sha_length = 12
583 587 _call_context.visual.show_revision_number = True
584 588
585 589 @property
586 590 def call_context(self):
587 591 return self._call_context
588 592
589 593 class TestDummySession(pyramid.testing.DummySession):
590 594 def save(*arg, **kw):
591 595 pass
592 596
593 597 request = TestRequest(**kwargs)
594 598 request.session = TestDummySession()
595 599
596 600 return request
597 601
General Comments 0
You need to be logged in to leave comments. Login now