rhodecode-enterprise-ce Commit - r5032:f4682f64

PATH_INFO: use new method to consistently extract proper PATH_INFO data

super-admin -

r5032:f4682f64 default

parent child

rhodecode/lib/middleware/csrf.py

0 +8 -7

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import textwrap
             import routes.middleware
             import urlobject
             import webob
             import webob.exc
             import rhodecode.lib.auth
+            from rhodecode.lib.middleware.utils import get_path_info
             log = logging.getLogger(__name__)
             class CSRFDetector(object):
                 """
                 Middleware for preventing CSRF.
                 It checks that all requests are either GET or POST.
                 For POST requests, it logs the requests that do not have a CSRF token.
                 Eventually it will raise an error.
                 It special cases some endpoints as they do not really require a token.
                 Note: this middleware is only intended for testing.
                 """
                 _PUT_DELETE_MESSAGE = textwrap.dedent('''
                     Do not call in tests app.delete or app.put, use instead
                     app.post(..., params={'_method': 'delete'}.
                     The reason is twofold. The first is because that's how the browser is
                     calling rhodecode and the second is because it allow us to detect
                     potential CSRF.''').strip()
                 _PATHS_WITHOUT_TOKEN = frozenset((
                     # The password is the token.
                     '/_admin/login',
                     # Captcha may be enabled.
                     '/_admin/password_reset',
                     # Captcha may be enabled.
                     '/_admin/password_reset_confirmation',
                     # Captcha may be enabled.
                     '/_admin/register',
                     # No change in state with this controller.
                     '/error/document',
                 ))
                 _SKIP_PATTERN = frozenset((
                     '/_admin/gists/',
                 ))
                 def __init__(self, app):
                     self._app = app
                 def __call__(self, environ, start_response):
                     if environ['REQUEST_METHOD'].upper() not in ('GET', 'POST'):
                         raise Exception(self._PUT_DELETE_MESSAGE)
-                    token_expected = environ['PATH_INFO'] not in self._PATHS_WITHOUT_TOKEN
+                    path_info = get_path_info(environ)
+                    token_expected = path_info not in self._PATHS_WITHOUT_TOKEN
                     allowed = True
                     for pattern in self._SKIP_PATTERN:
-                        if environ['PATH_INFO'].startswith(pattern):
+                        if path_info.startswith(pattern):
                             allowed = False
                             break
                     if (environ['REQUEST_METHOD'] == 'POST' and
                             token_expected and allowed and
                             routes.middleware.is_form_post(environ)):
                         body = environ['wsgi.input']
                         if body.seekable():
                             pos = body.tell()
                             content = body.read()
                             body.seek(pos)
                         elif hasattr(body, 'peek'):
                             content = body.peek()
                         else:
                             raise Exception("Cannot check if the request has a CSRF token")
                         if rhodecode.lib.auth.csrf_token_key not in content:
                             raise Exception(
                                 '%s to %s does not have a csrf_token %r' %
-                                (environ['REQUEST_METHOD'], environ['PATH_INFO'], content))
+                                (environ['REQUEST_METHOD'], path_info, content))
                     return self._app(environ, start_response)
             def _get_scheme_host_port(url):
                 url = urlobject.URLObject(url)
                 if '://' not in url:
                     return None, url, None
                 scheme = url.scheme or 'http'
                 port = url.port
                 if not port:
                     if scheme == 'http':
                         port = 80
                     elif scheme == 'https':
                         port = 443
                 host = url.netloc.without_port()
                 return scheme, host, port
             def _equivalent_urls(url1, url2):
                 """Check if both urls are equivalent."""
                 return _get_scheme_host_port(url1) == _get_scheme_host_port(url2)
             class OriginChecker(object):
                 """
                 Check whether the request has a valid Origin header.
                 See https://wiki.mozilla.org/Security/Origin for details.
                 """
                 def __init__(self, app, expected_origin, skip_urls=None):
                     """
                     :param expected_origin: the value we expect to see for the Origin
                                             header.
                     :param skip_urls: list of urls for which we do not need to check the
                                       Origin header.
                     """
                     self._app = app
                     self._expected_origin = expected_origin
                     self._skip_urls = frozenset(skip_urls or [])
                 def __call__(self, environ, start_response):
                     origin_header = environ.get('HTTP_ORIGIN', '')
                     origin = origin_header.split(' ', 1)[0]
                     if origin == 'null':
                         origin = None
+                    path_info = get_path_info(environ)
-                    if (environ['PATH_INFO'] not in self._skip_urls and origin and
+                    if (path_info not in self._skip_urls and origin and
                             not _equivalent_urls(origin, self._expected_origin)):
-                        log.warn(
+                        log.warning(
                             'Invalid Origin header detected: got %s, expected %s',
                             origin_header, self._expected_origin)
                         return webob.exc.HTTPForbidden('Origin header mismatch')(
                             environ, start_response)
                     else:
                         return self._app(environ, start_response)

rhodecode/lib/middleware/request_wrapper.py

0 +3 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import time
             import logging
             import rhodecode
             from rhodecode.lib.auth import AuthUser
-            from rhodecode.lib.base import get_ip_addr, get_access_path, get_user_agent
+            from rhodecode.lib.base import get_ip_addr, get_user_agent
+            from rhodecode.lib.middleware.utils import get_path_info
             from rhodecode.lib.utils2 import safe_str, get_current_rhodecode_user
             log = logging.getLogger(__name__)
             class RequestWrapperTween(object):
                 def __init__(self, handler, registry):
                     self.handler = handler
                     self.registry = registry
                     # one-time configuration code goes here
                 def _get_user_info(self, request):
                     user = get_current_rhodecode_user(request)
                     if not user:
                         user = AuthUser.repr_user(ip=get_ip_addr(request.environ))
                     return user
                 def __call__(self, request):
                     start = time.time()
                     log.debug('Starting request time measurement')
                     response = None
                     try:
                         response = self.handler(request)
                     finally:
                         count = request.request_count()
                         _ver_ = rhodecode.__version__
-                        _path = safe_str(get_access_path(request.environ))
+                        _path = get_path_info(request.environ)
                         _auth_user = self._get_user_info(request)
                         ip = get_ip_addr(request.environ)
                         match_route = request.matched_route.name if request.matched_route else "NOT_FOUND"
                         resp_code = getattr(response, 'status_code', 'UNDEFINED')
                         total = time.time() - start
                         log.info(
                             'Req[%4s] %s %s Request to %s time: %.4fs [%s], RhodeCode %s',
                             count, _auth_user, request.environ.get('REQUEST_METHOD'),
                             _path, total, get_user_agent(request. environ), _ver_,
                             extra={"time": total, "ver": _ver_, "ip": ip,
                                    "path": _path, "view_name": match_route, "code": resp_code}
                         )
                         statsd = request.registry.statsd
                         if statsd:
                             elapsed_time_ms = round(1000.0 * total)  # use ms only
                             statsd.timing(
                                 "rhodecode_req_timing.histogram", elapsed_time_ms,
                                 tags=[
                                     "view_name:{}".format(match_route),
                                     "code:{}".format(resp_code)
                                 ],
                                 use_decimals=False
                             )
                             statsd.incr(
                                 'rhodecode_req_total', tags=[
                                     "view_name:{}".format(match_route),
                                     "code:{}".format(resp_code)
                                 ])
                     return response
             def includeme(config):
                 config.add_tween(
                     'rhodecode.lib.middleware.request_wrapper.RequestWrapperTween',
                 )

rhodecode/lib/middleware/simplegit.py

0 +6 -5

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             SimpleGit middleware for handling git protocol request (push/clone etc.)
             It's implemented with basic auth function
             """
             import os
             import re
             import logging
             import urllib.parse
             import rhodecode
             from rhodecode.lib import utils
             from rhodecode.lib import utils2
             from rhodecode.lib.middleware import simplevcs
+            from rhodecode.lib.middleware.utils import get_path_info
             log = logging.getLogger(__name__)
             GIT_PROTO_PAT = re.compile(
                 r'^/(.+)/(info/refs|info/lfs/(.+)|git-upload-pack|git-receive-pack)')
             GIT_LFS_PROTO_PAT = re.compile(r'^/(.+)/(info/lfs/(.+))')
             def default_lfs_store():
                 """
                 Default lfs store location, it's consistent with Mercurials large file
                 store which is in .cache/largefiles
                 """
                 from rhodecode.lib.vcs.backends.git import lfs_store
                 user_home = os.path.expanduser("~")
                 return lfs_store(user_home)
             class SimpleGit(simplevcs.SimpleVCS):
                 SCM = 'git'
                 def _get_repository_name(self, environ):
                     """
                     Gets repository name out of PATH_INFO header
                     :param environ: environ where PATH_INFO is stored
                     """
-                    repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)
+                    path_info = get_path_info(environ)
+                    repo_name = GIT_PROTO_PAT.match(path_info).group(1)
                     # for GIT LFS, and bare format strip .git suffix from names
                     if repo_name.endswith('.git'):
                         repo_name = repo_name[:-4]
                     return repo_name
                 def _get_lfs_action(self, path, request_method):
                     """
                     return an action based on LFS requests type.
                     Those routes are handled inside vcsserver app.
                     batch           -> POST to /info/lfs/objects/batch  => PUSH/PULL
                                     batch is based on the `operation.
                                     that could be download or upload, but those are only
                                     instructions to fetch so we return pull always
                     download        -> GET  to /info/lfs/{oid}          => PULL
                     upload          -> PUT  to /info/lfs/{oid}          => PUSH
                     verification    -> POST to /info/lfs/verify         => PULL
                     """
                     match_obj = GIT_LFS_PROTO_PAT.match(path)
                     _parts = match_obj.groups()
                     repo_name, path, operation = _parts
                     log.debug(
                         'LFS: detecting operation based on following '
                         'data: %s, req_method:%s', _parts, request_method)
                     if operation == 'verify':
                         return 'pull'
                     elif operation == 'objects/batch':
                         # batch sends back instructions for API to dl/upl we report it
                         # as pull
                         if request_method == 'POST':
                             return 'pull'
                     elif operation:
                         # probably a OID, upload  is PUT, download a GET
                         if request_method == 'GET':
                             return 'pull'
                         else:
                             return 'push'
                     # if default not found require push, as action
                     return 'push'
                 _ACTION_MAPPING = {
                     'git-receive-pack': 'push',
                     'git-upload-pack': 'pull',
                 }
                 def _get_action(self, environ):
                     """
                     Maps git request commands into a pull or push command.
                     In case of unknown/unexpected data, it returns 'pull' to be safe.
                     :param environ:
                     """
-                    path = environ['PATH_INFO']
+                    path = get_path_info(environ)
                     if path.endswith('/info/refs'):
                         query = urllib.parse.parse_qs(environ['QUERY_STRING'])
                         service_cmd = query.get('service', [''])[0]
                         return self._ACTION_MAPPING.get(service_cmd, 'pull')
-                    elif GIT_LFS_PROTO_PAT.match(environ['PATH_INFO']):
+                    elif GIT_LFS_PROTO_PAT.match(path):
-                        return self._get_lfs_action(
+                        return self._get_lfs_action(path, environ['REQUEST_METHOD'])
-                            environ['PATH_INFO'], environ['REQUEST_METHOD'])
                     elif path.endswith('/git-receive-pack'):
                         return 'push'
                     elif path.endswith('/git-upload-pack'):
                         return 'pull'
                     return 'pull'
                 def _create_wsgi_app(self, repo_path, repo_name, config):
                     return self.scm_app.create_git_wsgi_app(
                         repo_path, repo_name, config)
                 def _create_config(self, extras, repo_name, scheme='http'):
                     extras['git_update_server_info'] = utils2.str2bool(
                         rhodecode.CONFIG.get('git_update_server_info'))
                     config = utils.make_db_config(repo=repo_name)
                     custom_store = config.get('vcs_git_lfs', 'store_location')
                     extras['git_lfs_enabled'] = utils2.str2bool(
                         config.get('vcs_git_lfs', 'enabled'))
                     extras['git_lfs_store_path'] = custom_store or default_lfs_store()
                     extras['git_lfs_http_scheme'] = scheme
                     return extras

rhodecode/lib/middleware/simplehg.py

0 +2 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             SimpleHG middleware for handling mercurial protocol request
             (push/clone etc.). It's implemented with basic auth function
             """
             import logging
             import urllib.parse
             import urllib.request, urllib.parse, urllib.error
             from rhodecode.lib import utils
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.middleware import simplevcs
+            from rhodecode.lib.middleware.utils import get_path_info
             log = logging.getLogger(__name__)
             class SimpleHg(simplevcs.SimpleVCS):
                 SCM = 'hg'
                 def _get_repository_name(self, environ):
                     """
                     Gets repository name out of PATH_INFO header
                     :param environ: environ where PATH_INFO is stored
                     """
-                    repo_name = environ['PATH_INFO']
+                    repo_name = get_path_info(environ)
                     if repo_name and repo_name.startswith('/'):
                         # remove only the first leading /
                         repo_name = repo_name[1:]
                     return repo_name.rstrip('/')
                 _ACTION_MAPPING = {
                     'changegroup': 'pull',
                     'changegroupsubset': 'pull',
                     'getbundle': 'pull',
                     'stream_out': 'pull',
                     'listkeys': 'pull',
                     'between': 'pull',
                     'branchmap': 'pull',
                     'branches': 'pull',
                     'clonebundles': 'pull',
                     'capabilities': 'pull',
                     'debugwireargs': 'pull',
                     'heads': 'pull',
                     'lookup': 'pull',
                     'hello': 'pull',
                     'known': 'pull',
                     # largefiles
                     'putlfile': 'push',
                     'getlfile': 'pull',
                     'statlfile': 'pull',
                     'lheads': 'pull',
                     # evolve
                     'evoext_obshashrange_v1': 'pull',
                     'evoext_obshash': 'pull',
                     'evoext_obshash1': 'pull',
                     'unbundle': 'push',
                     'pushkey': 'push',
                 }
                 @classmethod
                 def _get_xarg_headers(cls, environ):
                     i = 1
                     chunks = []  # gather chunks stored in multiple 'hgarg_N'
                     while True:
                         head = environ.get('HTTP_X_HGARG_{}'.format(i))
                         if not head:
                             break
                         i += 1
                         chunks.append(urllib.parse.unquote_plus(head))
                     full_arg = ''.join(chunks)
                     pref = 'cmds='
                     if full_arg.startswith(pref):
                         # strip the cmds= header defining our batch commands
                         full_arg = full_arg[len(pref):]
                     cmds = full_arg.split(';')
                     return cmds
                 @classmethod
                 def _get_batch_cmd(cls, environ):
                     """
                     Handle batch command send commands. Those are ';' separated commands
                     sent by batch command that server needs to execute. We need to extract
                     those, and map them to our ACTION_MAPPING to get all push/pull commands
                     specified in the batch
                     """
                     default = 'push'
                     batch_cmds = []
                     try:
                         cmds = cls._get_xarg_headers(environ)
                         for pair in cmds:
                             parts = pair.split(' ', 1)
                             if len(parts) != 2:
                                 continue
                             # entry should be in a format `key ARGS`
                             cmd, args = parts
                             action = cls._ACTION_MAPPING.get(cmd, default)
                             batch_cmds.append(action)
                     except Exception:
                         log.exception('Failed to extract batch commands operations')
                     # in case we failed, (e.g malformed data) assume it's PUSH sub-command
                     # for safety
                     return batch_cmds or [default]
                 def _get_action(self, environ):
                     """
                     Maps mercurial request commands into a pull or push command.
                     In case of unknown/unexpected data, it returns 'push' to be safe.
                     :param environ:
                     """
                     default = 'push'
                     query = urllib.parse.parse_qs(environ['QUERY_STRING'], keep_blank_values=True)
                     if 'cmd' in query:
                         cmd = query['cmd'][0]
                         if cmd == 'batch':
                             cmds = self._get_batch_cmd(environ)
                             if 'push' in cmds:
                                 return 'push'
                             else:
                                 return 'pull'
                         return self._ACTION_MAPPING.get(cmd, default)
                     return default
                 def _create_wsgi_app(self, repo_path, repo_name, config):
                     return self.scm_app.create_hg_wsgi_app(repo_path, repo_name, config)
                 def _create_config(self, extras, repo_name, scheme='http'):
                     config = utils.make_db_config(repo=repo_name)
                     config.set('rhodecode', 'RC_SCM_DATA', json.dumps(extras))
                     return config.serialize()

rhodecode/lib/middleware/simplesvn.py

0 +4 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import base64
             import logging
             import urllib.request, urllib.parse, urllib.error
             import urllib.parse
             import requests
             from pyramid.httpexceptions import HTTPNotAcceptable
             from rhodecode.lib import rc_cache
             from rhodecode.lib.middleware import simplevcs
+            from rhodecode.lib.middleware.utils import get_path_info
             from rhodecode.lib.utils import is_valid_repo
             from rhodecode.lib.utils2 import str2bool, safe_int, safe_str
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.hooks_daemon import store_txn_id_data
             log = logging.getLogger(__name__)
             class SimpleSvnApp(object):
                 IGNORED_HEADERS = [
                     'connection', 'keep-alive', 'content-encoding',
                     'transfer-encoding', 'content-length']
                 rc_extras = {}
                 def __init__(self, config):
                     self.config = config
                 def __call__(self, environ, start_response):
                     request_headers = self._get_request_headers(environ)
                     data = environ['wsgi.input']
                     req_method = environ['REQUEST_METHOD']
                     has_content_length = 'CONTENT_LENGTH' in environ
                     path_info = self._get_url(
-                        self.config.get('subversion_http_server_url', ''), environ['PATH_INFO'])
+                        self.config.get('subversion_http_server_url', ''), get_path_info(environ))
                     transfer_encoding = environ.get('HTTP_TRANSFER_ENCODING', '')
                     log.debug('Handling: %s method via `%s`', req_method, path_info)
                     # stream control flag, based on request and content type...
                     stream = False
                     if req_method in ['MKCOL'] or has_content_length:
                         data_processed = False
                         # read chunk to check if we have txn-with-props
                         initial_data = data.read(1024)
                         if initial_data.startswith('(create-txn-with-props'):
                             data = initial_data + data.read()
                             # store on-the-fly our rc_extra using svn revision properties
                             # those can be read later on in hooks executed so we have a way
                             # to pass in the data into svn hooks
                             rc_data = base64.urlsafe_b64encode(json.dumps(self.rc_extras))
                             rc_data_len = len(rc_data)
                             # header defines data length, and serialized data
                             skel = ' rc-scm-extras {} {}'.format(rc_data_len, rc_data)
                             data = data[:-2] + skel + '))'
                             data_processed = True
                         if not data_processed:
                             # NOTE(johbo): Avoid that we end up with sending the request in chunked
                             # transfer encoding (mainly on Gunicorn). If we know the content
                             # length, then we should transfer the payload in one request.
                             data = initial_data + data.read()
                     if req_method in ['GET', 'PUT'] or transfer_encoding == 'chunked':
                         # NOTE(marcink): when getting/uploading files we want to STREAM content
                         # back to the client/proxy instead of buffering it here...
                         stream = True
                     stream = stream
                     log.debug('Calling SVN PROXY at `%s`, using method:%s. Stream: %s',
                               path_info, req_method, stream)
                     try:
                         response = requests.request(
                             req_method, path_info,
                             data=data, headers=request_headers, stream=stream)
                     except requests.ConnectionError:
                         log.exception('ConnectionError occurred for endpoint %s', path_info)
                         raise
                     if response.status_code not in [200, 401]:
                         from rhodecode.lib.utils2 import safe_str
                         text = '\n{}'.format(safe_str(response.text)) if response.text else ''
                         if response.status_code >= 500:
                             log.error('Got SVN response:%s with text:`%s`', response, text)
                         else:
                             log.debug('Got SVN response:%s with text:`%s`', response, text)
                     else:
                         log.debug('got response code: %s', response.status_code)
                     response_headers = self._get_response_headers(response.headers)
                     if response.headers.get('SVN-Txn-name'):
                         svn_tx_id = response.headers.get('SVN-Txn-name')
                         txn_id = rc_cache.utils.compute_key_from_params(
                             self.config['repository'], svn_tx_id)
                         port = safe_int(self.rc_extras['hooks_uri'].split(':')[-1])
                         store_txn_id_data(txn_id, {'port': port})
                     start_response(
                         '{} {}'.format(response.status_code, response.reason),
                         response_headers)
                     return response.iter_content(chunk_size=1024)
                 def _get_url(self, svn_http_server, path):
                     svn_http_server_url = (svn_http_server or '').rstrip('/')
                     url_path = urllib.parse.urljoin(svn_http_server_url + '/', (path or '').lstrip('/'))
                     url_path = urllib.parse.quote(url_path, safe="/:=~+!$,;'")
                     return url_path
                 def _get_request_headers(self, environ):
                     headers = {}
                     for key in environ:
                         if not key.startswith('HTTP_'):
                             continue
                         new_key = key.split('_')
                         new_key = [k.capitalize() for k in new_key[1:]]
                         new_key = '-'.join(new_key)
                         headers[new_key] = environ[key]
                     if 'CONTENT_TYPE' in environ:
                         headers['Content-Type'] = environ['CONTENT_TYPE']
                     if 'CONTENT_LENGTH' in environ:
                         headers['Content-Length'] = environ['CONTENT_LENGTH']
                     return headers
                 def _get_response_headers(self, headers):
                     headers = [
                         (h, headers[h])
                         for h in headers
                         if h.lower() not in self.IGNORED_HEADERS
                     ]
                     return headers
             class DisabledSimpleSvnApp(object):
                 def __init__(self, config):
                     self.config = config
                 def __call__(self, environ, start_response):
                     reason = 'Cannot handle SVN call because: SVN HTTP Proxy is not enabled'
                     log.warning(reason)
                     return HTTPNotAcceptable(reason)(environ, start_response)
             class SimpleSvn(simplevcs.SimpleVCS):
                 SCM = 'svn'
                 READ_ONLY_COMMANDS = ('OPTIONS', 'PROPFIND', 'GET', 'REPORT')
                 DEFAULT_HTTP_SERVER = 'http://localhost:8090'
                 def _get_repository_name(self, environ):
                     """
                     Gets repository name out of PATH_INFO header
                     :param environ: environ where PATH_INFO is stored
                     """
-                    path = environ['PATH_INFO'].split('!')
+                    path = get_path_info(environ).split('!')
                     repo_name = path[0].strip('/')
                     # SVN includes the whole path in it's requests, including
                     # subdirectories inside the repo. Therefore we have to search for
                     # the repo root directory.
                     if not is_valid_repo(
                             repo_name, self.base_path, explicit_scm=self.SCM):
                         current_path = ''
                         for component in repo_name.split('/'):
                             current_path += component
                             if is_valid_repo(
                                     current_path, self.base_path, explicit_scm=self.SCM):
                                 return current_path
                             current_path += '/'
                     return repo_name
                 def _get_action(self, environ):
                     return (
                         'pull'
                         if environ['REQUEST_METHOD'] in self.READ_ONLY_COMMANDS
                         else 'push')
                 def _should_use_callback_daemon(self, extras, environ, action):
                     # only MERGE command triggers hooks, so we don't want to start
                     # hooks server too many times. POST however starts the svn transaction
                     # so we also need to run the init of callback daemon of POST
                     if environ['REQUEST_METHOD'] in ['MERGE', 'POST']:
                         return True
                     return False
                 def _create_wsgi_app(self, repo_path, repo_name, config):
                     if self._is_svn_enabled():
                         return SimpleSvnApp(config)
                     # we don't have http proxy enabled return dummy request handler
                     return DisabledSimpleSvnApp(config)
                 def _is_svn_enabled(self):
                     conf = self.repo_vcs_config
                     return str2bool(conf.get('vcs_svn_proxy', 'http_requests_enabled'))
                 def _create_config(self, extras, repo_name, scheme='http'):
                     conf = self.repo_vcs_config
                     server_url = conf.get('vcs_svn_proxy', 'http_server_url')
                     server_url = server_url or self.DEFAULT_HTTP_SERVER
                     extras['subversion_http_server_url'] = server_url
                     return extras

rhodecode/lib/middleware/utils/scm_app_http.py

0 +2 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2014-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Implementation of the scm_app interface using raw HTTP communication.
             """
             import base64
             import logging
             import urllib.parse
             import wsgiref.util
             import msgpack
             import requests
             import webob.request
             import rhodecode
+            from rhodecode.lib.middleware.utils import get_path_info
             log = logging.getLogger(__name__)
             def create_git_wsgi_app(repo_path, repo_name, config):
                 url = _vcs_streaming_url() + 'git/'
                 return VcsHttpProxy(url, repo_path, repo_name, config)
             def create_hg_wsgi_app(repo_path, repo_name, config):
                 url = _vcs_streaming_url() + 'hg/'
                 return VcsHttpProxy(url, repo_path, repo_name, config)
             def _vcs_streaming_url():
                 template = 'http://{}/stream/'
                 return template.format(rhodecode.CONFIG['vcs.server'])
             # TODO: johbo: Avoid the global.
             session = requests.Session()
             # Requests speedup, avoid reading .netrc and similar
             session.trust_env = False
             # prevent urllib3 spawning our logs.
             logging.getLogger("requests.packages.urllib3.connectionpool").setLevel(
                 logging.WARNING)
             class VcsHttpProxy(object):
                 """
                 A WSGI application which proxies vcs requests.
                 The goal is to shuffle the data around without touching it. The only
                 exception is the extra data from the config object which we send to the
                 server as well.
                 """
                 def __init__(self, url, repo_path, repo_name, config):
                     """
                     :param str url: The URL of the VCSServer to call.
                     """
                     self._url = url
                     self._repo_name = repo_name
                     self._repo_path = repo_path
                     self._config = config
                     self.rc_extras = {}
                     log.debug(
                         "Creating VcsHttpProxy for repo %s, url %s",
                         repo_name, url)
                 def __call__(self, environ, start_response):
                     config = msgpack.packb(self._config)
                     request = webob.request.Request(environ)
                     request_headers = request.headers
                     request_headers.update({
                         # TODO: johbo: Remove this, rely on URL path only
                         'X-RC-Repo-Name': self._repo_name,
                         'X-RC-Repo-Path': self._repo_path,
                         'X-RC-Path-Info': environ['PATH_INFO'],
                         'X-RC-Repo-Store': self.rc_extras.get('repo_store'),
                         'X-RC-Server-Config-File': self.rc_extras.get('config'),
                         'X-RC-Auth-User': self.rc_extras.get('username'),
                         'X-RC-Auth-User-Id': str(self.rc_extras.get('user_id')),
                         'X-RC-Auth-User-Ip': self.rc_extras.get('ip'),
                         # TODO: johbo: Avoid encoding and put this into payload?
                         'X-RC-Repo-Config': base64.b64encode(config),
                         'X-RC-Locked-Status-Code': rhodecode.CONFIG.get('lock_ret_code'),
                     })
                     method = environ['REQUEST_METHOD']
                     # Preserve the query string
                     url = self._url
                     url = urllib.parse.urljoin(url, self._repo_name)
                     if environ.get('QUERY_STRING'):
                         url += '?' + environ['QUERY_STRING']
                     log.debug('http-app: preparing request to: %s', url)
                     response = session.request(
                         method,
                         url,
                         data=_maybe_stream_request(environ),
                         headers=request_headers,
                         stream=True)
                     log.debug('http-app: got vcsserver response: %s', response)
                     if response.status_code >= 500:
                         log.error('Exception returned by vcsserver at: %s %s, %s',
                                   url, response.status_code, response.content)
                     # Preserve the headers of the response, except hop_by_hop ones
                     response_headers = [
                         (h, v) for h, v in response.headers.items()
                         if not wsgiref.util.is_hop_by_hop(h)
                     ]
                     # Build status argument for start_response callable.
                     status = '{status_code} {reason_phrase}'.format(
                         status_code=response.status_code,
                         reason_phrase=response.reason)
                     start_response(status, response_headers)
                     return _maybe_stream_response(response)
             def read_in_chunks(stream_obj, block_size=1024, chunks=-1):
                 """
                 Read Stream in chunks, default chunk size: 1k.
                 """
                 while chunks:
                     data = stream_obj.read(block_size)
                     if not data:
                         break
                     yield data
                     chunks -= 1
             def _is_request_chunked(environ):
                 stream = environ.get('HTTP_TRANSFER_ENCODING', '') == 'chunked'
                 return stream
             def _maybe_stream_request(environ):
-                path = environ['PATH_INFO']
+                path = get_path_info(environ)
                 stream = _is_request_chunked(environ)
                 log.debug('handling request `%s` with stream support: %s', path, stream)
                 if stream:
                     # set stream by 256k
                     return read_in_chunks(environ['wsgi.input'], block_size=1024 * 256)
                 else:
                     return environ['wsgi.input'].read()
             def _maybe_stream_response(response):
                 """
                 Try to generate chunks from the response if it is chunked.
                 """
                 stream = _is_chunked(response)
                 log.debug('returning response with stream: %s', stream)
                 if stream:
                     # read in 256k Chunks
                     return response.raw.read_chunked(amt=1024 * 256)
                 else:
                     return [response.content]
             def _is_chunked(response):
                 return response.headers.get('Transfer-Encoding', '') == 'chunked'

rhodecode/lib/middleware/vcs.py

0 +15 -10

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import gzip
             import shutil
             import logging
             import tempfile
             import urllib.parse
             from webob.exc import HTTPNotFound
             import rhodecode
+            from rhodecode.lib.middleware.utils import get_path_info
             from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled
             from rhodecode.lib.middleware.simplegit import SimpleGit, GIT_PROTO_PAT
             from rhodecode.lib.middleware.simplehg import SimpleHg
             from rhodecode.lib.middleware.simplesvn import SimpleSvn
             from rhodecode.model.settings import VcsSettingsModel
             log = logging.getLogger(__name__)
             VCS_TYPE_KEY = '_rc_vcs_type'
             VCS_TYPE_SKIP = '_rc_vcs_skip'
             def is_git(environ):
                 """
                 Returns True if requests should be handled by GIT wsgi middleware
                 """
-                is_git_path = GIT_PROTO_PAT.match(environ['PATH_INFO'])
+                path_info = get_path_info(environ)
+                is_git_path = GIT_PROTO_PAT.match(path_info)
                 log.debug(
-                    'request path: `%s` detected as GIT PROTOCOL %s', environ['PATH_INFO'],
+                    'request path: `%s` detected as GIT PROTOCOL %s', path_info,
                     is_git_path is not None)
                 return is_git_path
             def is_hg(environ):
                 """
                 Returns True if requests target is mercurial server - header
                 ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.
                 """
                 is_hg_path = False
                 http_accept = environ.get('HTTP_ACCEPT')
                 if http_accept and http_accept.startswith('application/mercurial'):
                     query = urllib.parse.parse_qs(environ['QUERY_STRING'])
                     if 'cmd' in query:
                         is_hg_path = True
+                path_info = get_path_info(environ)
                 log.debug(
-                    'request path: `%s` detected as HG PROTOCOL %s', environ['PATH_INFO'],
+                    'request path: `%s` detected as HG PROTOCOL %s', path_info,
                     is_hg_path)
                 return is_hg_path
             def is_svn(environ):
                 """
                 Returns True if requests target is Subversion server
                 """
                 http_dav = environ.get('HTTP_DAV', '')
                 magic_path_segment = rhodecode.CONFIG.get(
                     'rhodecode_subversion_magic_path', '/!svn')
+                path_info = get_path_info(environ)
                 is_svn_path = (
                     'subversion' in http_dav or
-                    magic_path_segment in environ['PATH_INFO']
+                    magic_path_segment in path_info
                     or environ['REQUEST_METHOD'] in ['PROPFIND', 'PROPPATCH']
                 )
                 log.debug(
-                    'request path: `%s` detected as SVN PROTOCOL %s', environ['PATH_INFO'],
+                    'request path: `%s` detected as SVN PROTOCOL %s', path_info,
                     is_svn_path)
                 return is_svn_path
             class GunzipMiddleware(object):
                 """
                 WSGI middleware that unzips gzip-encoded requests before
                 passing on to the underlying application.
                 """
                 def __init__(self, application):
                     self.app = application
                 def __call__(self, environ, start_response):
                     accepts_encoding_header = environ.get('HTTP_CONTENT_ENCODING', b'')
                     if b'gzip' in accepts_encoding_header:
                         log.debug('gzip detected, now running gunzip wrapper')
                         wsgi_input = environ['wsgi.input']
                         if not hasattr(environ['wsgi.input'], 'seek'):
                             # The gzip implementation in the standard library of Python 2.x
                             # requires the '.seek()' and '.tell()' methods to be available
                             # on the input stream.  Read the data into a temporary file to
                             # work around this limitation.
                             wsgi_input = tempfile.SpooledTemporaryFile(64 * 1024 * 1024)
                             shutil.copyfileobj(environ['wsgi.input'], wsgi_input)
                             wsgi_input.seek(0)
                         environ['wsgi.input'] = gzip.GzipFile(fileobj=wsgi_input, mode='r')
                         # since we "Ungzipped" the content we say now it's no longer gzip
                         # content encoding
                         del environ['HTTP_CONTENT_ENCODING']
                         # content length has changes ? or i'm not sure
                         if 'CONTENT_LENGTH' in environ:
                             del environ['CONTENT_LENGTH']
                     else:
                         log.debug('content not gzipped, gzipMiddleware passing '
                                   'request further')
                     return self.app(environ, start_response)
             def is_vcs_call(environ):
                 if VCS_TYPE_KEY in environ:
                     raw_type = environ[VCS_TYPE_KEY]
                     return raw_type and raw_type != VCS_TYPE_SKIP
                 return False
             def get_path_elem(route_path):
                 if not route_path:
                     return None
                 cleaned_route_path = route_path.lstrip('/')
                 if cleaned_route_path:
                     cleaned_route_path_elems = cleaned_route_path.split('/')
                     if cleaned_route_path_elems:
                         return cleaned_route_path_elems[0]
                 return None
             def detect_vcs_request(environ, backends):
                 checks = {
                     'hg': (is_hg, SimpleHg),
                     'git': (is_git, SimpleGit),
                     'svn': (is_svn, SimpleSvn),
                 }
                 handler = None
                 # List of path views first chunk we don't do any checks
                 white_list = [
                     # e.g /_file_store/download
                     '_file_store',
                     # static files no detection
                     '_static',
                     # skip ops ping, status
                     '_admin/ops/ping',
                     '_admin/ops/status',
                     # full channelstream connect should be VCS skipped
                     '_admin/channelstream/connect',
                 ]
+                path_info = get_path_info(environ)
-                path_info = environ['PATH_INFO']
+                path_url = path_info.lstrip('/')
-                path_elem = get_path_elem(path_info)
                 if path_elem in white_list:
                     log.debug('path `%s` in whitelist, skipping...', path_info)
                     return handler
                 path_url = path_info.lstrip('/')
                 if path_url in white_list:
                     log.debug('full url path `%s` in whitelist, skipping...', path_url)
                     return handler
                 if VCS_TYPE_KEY in environ:
                     raw_type = environ[VCS_TYPE_KEY]
                     if raw_type == VCS_TYPE_SKIP:
                         log.debug('got `skip` marker for vcs detection, skipping...')
                         return handler
                     _check, handler = checks.get(raw_type) or [None, None]
                     if handler:
                         log.debug('got handler:%s from environ', handler)
                 if not handler:
                     log.debug('request start: checking if request for `%s` is of VCS type in order: %s', path_elem, backends)
                     for vcs_type in backends:
                         vcs_check, _handler = checks[vcs_type]
                         if vcs_check(environ):
                             log.debug('vcs handler found %s', _handler)
                             handler = _handler
                             break
                 return handler
             class VCSMiddleware(object):
                 def __init__(self, app, registry, config, appenlight_client):
                     self.application = app
                     self.registry = registry
                     self.config = config
                     self.appenlight_client = appenlight_client
                     self.use_gzip = True
                     # order in which we check the middlewares, based on vcs.backends config
                     self.check_middlewares = config['vcs.backends']
                 def vcs_config(self, repo_name=None):
                     """
                     returns serialized VcsSettings
                     """
                     try:
                         return VcsSettingsModel(
                             repo=repo_name).get_ui_settings_as_config_obj()
                     except Exception:
                         pass
                 def wrap_in_gzip_if_enabled(self, app, config):
                     if self.use_gzip:
                         app = GunzipMiddleware(app)
                     return app
                 def _get_handler_app(self, environ):
                     app = None
                     log.debug('VCSMiddleware: detecting vcs type.')
                     handler = detect_vcs_request(environ, self.check_middlewares)
                     if handler:
                         app = handler(self.config, self.registry)
                     return app
                 def __call__(self, environ, start_response):
                     # check if we handle one of interesting protocols, optionally extract
                     # specific vcsSettings and allow changes of how things are wrapped
                     vcs_handler = self._get_handler_app(environ)
                     if vcs_handler:
                         # translate the _REPO_ID into real repo NAME for usage
                         # in middleware
-                        environ['PATH_INFO'] = vcs_handler._get_by_id(environ['PATH_INFO'])
+                        path_info = get_path_info(environ)
+                        environ['PATH_INFO'] = vcs_handler._get_by_id(path_info)
                         # Set acl, url and vcs repo names.
                         vcs_handler.set_repo_names(environ)
                         # register repo config back to the handler
                         vcs_conf = self.vcs_config(vcs_handler.acl_repo_name)
                         # maybe damaged/non existent settings. We still want to
                         # pass that point to validate on is_valid_and_existing_repo
                         # and return proper HTTP Code back to client
                         if vcs_conf:
                             vcs_handler.repo_vcs_config = vcs_conf
                         # check for type, presence in database and on filesystem
                         if not vcs_handler.is_valid_and_existing_repo(
                                 vcs_handler.acl_repo_name,
                                 vcs_handler.base_path,
                                 vcs_handler.SCM):
                             return HTTPNotFound()(environ, start_response)
                         environ['REPO_NAME'] = vcs_handler.url_repo_name
                         # Wrap handler in middlewares if they are enabled.
                         vcs_handler = self.wrap_in_gzip_if_enabled(
                             vcs_handler, self.config)
                         vcs_handler, _ = wrap_in_appenlight_if_enabled(
                             vcs_handler, self.config, self.appenlight_client)
                         return vcs_handler(environ, start_response)
                     return self.application(environ, start_response)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages