##// END OF EJS Templates
PATH_INFO: use new method to consistently extract proper PATH_INFO data
super-admin -
r5032:f4682f64 default
parent child Browse files
Show More
@@ -27,7 +27,7 b' import webob'
27 import webob.exc
27 import webob.exc
28
28
29 import rhodecode.lib.auth
29 import rhodecode.lib.auth
30
30 from rhodecode.lib.middleware.utils import get_path_info
31
31
32 log = logging.getLogger(__name__)
32 log = logging.getLogger(__name__)
33
33
@@ -77,10 +77,11 b' class CSRFDetector(object):'
77 def __call__(self, environ, start_response):
77 def __call__(self, environ, start_response):
78 if environ['REQUEST_METHOD'].upper() not in ('GET', 'POST'):
78 if environ['REQUEST_METHOD'].upper() not in ('GET', 'POST'):
79 raise Exception(self._PUT_DELETE_MESSAGE)
79 raise Exception(self._PUT_DELETE_MESSAGE)
80 token_expected = environ['PATH_INFO'] not in self._PATHS_WITHOUT_TOKEN
80 path_info = get_path_info(environ)
81 token_expected = path_info not in self._PATHS_WITHOUT_TOKEN
81 allowed = True
82 allowed = True
82 for pattern in self._SKIP_PATTERN:
83 for pattern in self._SKIP_PATTERN:
83 if environ['PATH_INFO'].startswith(pattern):
84 if path_info.startswith(pattern):
84 allowed = False
85 allowed = False
85 break
86 break
86
87
@@ -99,7 +100,7 b' class CSRFDetector(object):'
99 if rhodecode.lib.auth.csrf_token_key not in content:
100 if rhodecode.lib.auth.csrf_token_key not in content:
100 raise Exception(
101 raise Exception(
101 '%s to %s does not have a csrf_token %r' %
102 '%s to %s does not have a csrf_token %r' %
102 (environ['REQUEST_METHOD'], environ['PATH_INFO'], content))
103 (environ['REQUEST_METHOD'], path_info, content))
103
104
104 return self._app(environ, start_response)
105 return self._app(environ, start_response)
105
106
@@ -149,10 +150,10 b' class OriginChecker(object):'
149 origin = origin_header.split(' ', 1)[0]
150 origin = origin_header.split(' ', 1)[0]
150 if origin == 'null':
151 if origin == 'null':
151 origin = None
152 origin = None
152
153 path_info = get_path_info(environ)
153 if (environ['PATH_INFO'] not in self._skip_urls and origin and
154 if (path_info not in self._skip_urls and origin and
154 not _equivalent_urls(origin, self._expected_origin)):
155 not _equivalent_urls(origin, self._expected_origin)):
155 log.warn(
156 log.warning(
156 'Invalid Origin header detected: got %s, expected %s',
157 'Invalid Origin header detected: got %s, expected %s',
157 origin_header, self._expected_origin)
158 origin_header, self._expected_origin)
158 return webob.exc.HTTPForbidden('Origin header mismatch')(
159 return webob.exc.HTTPForbidden('Origin header mismatch')(
@@ -23,7 +23,8 b' import logging'
23
23
24 import rhodecode
24 import rhodecode
25 from rhodecode.lib.auth import AuthUser
25 from rhodecode.lib.auth import AuthUser
26 from rhodecode.lib.base import get_ip_addr, get_access_path, get_user_agent
26 from rhodecode.lib.base import get_ip_addr, get_user_agent
27 from rhodecode.lib.middleware.utils import get_path_info
27 from rhodecode.lib.utils2 import safe_str, get_current_rhodecode_user
28 from rhodecode.lib.utils2 import safe_str, get_current_rhodecode_user
28
29
29
30
@@ -52,7 +53,7 b' class RequestWrapperTween(object):'
52 finally:
53 finally:
53 count = request.request_count()
54 count = request.request_count()
54 _ver_ = rhodecode.__version__
55 _ver_ = rhodecode.__version__
55 _path = safe_str(get_access_path(request.environ))
56 _path = get_path_info(request.environ)
56 _auth_user = self._get_user_info(request)
57 _auth_user = self._get_user_info(request)
57 ip = get_ip_addr(request.environ)
58 ip = get_ip_addr(request.environ)
58 match_route = request.matched_route.name if request.matched_route else "NOT_FOUND"
59 match_route = request.matched_route.name if request.matched_route else "NOT_FOUND"
@@ -31,6 +31,7 b' import rhodecode'
31 from rhodecode.lib import utils
31 from rhodecode.lib import utils
32 from rhodecode.lib import utils2
32 from rhodecode.lib import utils2
33 from rhodecode.lib.middleware import simplevcs
33 from rhodecode.lib.middleware import simplevcs
34 from rhodecode.lib.middleware.utils import get_path_info
34
35
35 log = logging.getLogger(__name__)
36 log = logging.getLogger(__name__)
36
37
@@ -60,7 +61,8 b' class SimpleGit(simplevcs.SimpleVCS):'
60
61
61 :param environ: environ where PATH_INFO is stored
62 :param environ: environ where PATH_INFO is stored
62 """
63 """
63 repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)
64 path_info = get_path_info(environ)
65 repo_name = GIT_PROTO_PAT.match(path_info).group(1)
64 # for GIT LFS, and bare format strip .git suffix from names
66 # for GIT LFS, and bare format strip .git suffix from names
65 if repo_name.endswith('.git'):
67 if repo_name.endswith('.git'):
66 repo_name = repo_name[:-4]
68 repo_name = repo_name[:-4]
@@ -120,16 +122,15 b' class SimpleGit(simplevcs.SimpleVCS):'
120
122
121 :param environ:
123 :param environ:
122 """
124 """
123 path = environ['PATH_INFO']
125 path = get_path_info(environ)
124
126
125 if path.endswith('/info/refs'):
127 if path.endswith('/info/refs'):
126 query = urllib.parse.parse_qs(environ['QUERY_STRING'])
128 query = urllib.parse.parse_qs(environ['QUERY_STRING'])
127 service_cmd = query.get('service', [''])[0]
129 service_cmd = query.get('service', [''])[0]
128 return self._ACTION_MAPPING.get(service_cmd, 'pull')
130 return self._ACTION_MAPPING.get(service_cmd, 'pull')
129
131
130 elif GIT_LFS_PROTO_PAT.match(environ['PATH_INFO']):
132 elif GIT_LFS_PROTO_PAT.match(path):
131 return self._get_lfs_action(
133 return self._get_lfs_action(path, environ['REQUEST_METHOD'])
132 environ['PATH_INFO'], environ['REQUEST_METHOD'])
133
134
134 elif path.endswith('/git-receive-pack'):
135 elif path.endswith('/git-receive-pack'):
135 return 'push'
136 return 'push'
@@ -30,6 +30,7 b' import urllib.request, urllib.parse, url'
30 from rhodecode.lib import utils
30 from rhodecode.lib import utils
31 from rhodecode.lib.ext_json import json
31 from rhodecode.lib.ext_json import json
32 from rhodecode.lib.middleware import simplevcs
32 from rhodecode.lib.middleware import simplevcs
33 from rhodecode.lib.middleware.utils import get_path_info
33
34
34 log = logging.getLogger(__name__)
35 log = logging.getLogger(__name__)
35
36
@@ -44,7 +45,7 b' class SimpleHg(simplevcs.SimpleVCS):'
44
45
45 :param environ: environ where PATH_INFO is stored
46 :param environ: environ where PATH_INFO is stored
46 """
47 """
47 repo_name = environ['PATH_INFO']
48 repo_name = get_path_info(environ)
48 if repo_name and repo_name.startswith('/'):
49 if repo_name and repo_name.startswith('/'):
49 # remove only the first leading /
50 # remove only the first leading /
50 repo_name = repo_name[1:]
51 repo_name = repo_name[1:]
@@ -28,6 +28,7 b' from pyramid.httpexceptions import HTTPN'
28
28
29 from rhodecode.lib import rc_cache
29 from rhodecode.lib import rc_cache
30 from rhodecode.lib.middleware import simplevcs
30 from rhodecode.lib.middleware import simplevcs
31 from rhodecode.lib.middleware.utils import get_path_info
31 from rhodecode.lib.utils import is_valid_repo
32 from rhodecode.lib.utils import is_valid_repo
32 from rhodecode.lib.utils2 import str2bool, safe_int, safe_str
33 from rhodecode.lib.utils2 import str2bool, safe_int, safe_str
33 from rhodecode.lib.ext_json import json
34 from rhodecode.lib.ext_json import json
@@ -51,8 +52,9 b' class SimpleSvnApp(object):'
51 data = environ['wsgi.input']
52 data = environ['wsgi.input']
52 req_method = environ['REQUEST_METHOD']
53 req_method = environ['REQUEST_METHOD']
53 has_content_length = 'CONTENT_LENGTH' in environ
54 has_content_length = 'CONTENT_LENGTH' in environ
55
54 path_info = self._get_url(
56 path_info = self._get_url(
55 self.config.get('subversion_http_server_url', ''), environ['PATH_INFO'])
57 self.config.get('subversion_http_server_url', ''), get_path_info(environ))
56 transfer_encoding = environ.get('HTTP_TRANSFER_ENCODING', '')
58 transfer_encoding = environ.get('HTTP_TRANSFER_ENCODING', '')
57 log.debug('Handling: %s method via `%s`', req_method, path_info)
59 log.debug('Handling: %s method via `%s`', req_method, path_info)
58
60
@@ -178,7 +180,7 b' class SimpleSvn(simplevcs.SimpleVCS):'
178
180
179 :param environ: environ where PATH_INFO is stored
181 :param environ: environ where PATH_INFO is stored
180 """
182 """
181 path = environ['PATH_INFO'].split('!')
183 path = get_path_info(environ).split('!')
182 repo_name = path[0].strip('/')
184 repo_name = path[0].strip('/')
183
185
184 # SVN includes the whole path in it's requests, including
186 # SVN includes the whole path in it's requests, including
@@ -32,7 +32,7 b' import requests'
32 import webob.request
32 import webob.request
33
33
34 import rhodecode
34 import rhodecode
35
35 from rhodecode.lib.middleware.utils import get_path_info
36
36
37 log = logging.getLogger(__name__)
37 log = logging.getLogger(__name__)
38
38
@@ -161,7 +161,7 b' def _is_request_chunked(environ):'
161
161
162
162
163 def _maybe_stream_request(environ):
163 def _maybe_stream_request(environ):
164 path = environ['PATH_INFO']
164 path = get_path_info(environ)
165 stream = _is_request_chunked(environ)
165 stream = _is_request_chunked(environ)
166 log.debug('handling request `%s` with stream support: %s', path, stream)
166 log.debug('handling request `%s` with stream support: %s', path, stream)
167
167
@@ -27,12 +27,14 b' import urllib.parse'
27 from webob.exc import HTTPNotFound
27 from webob.exc import HTTPNotFound
28
28
29 import rhodecode
29 import rhodecode
30 from rhodecode.lib.middleware.utils import get_path_info
30 from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled
31 from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled
31 from rhodecode.lib.middleware.simplegit import SimpleGit, GIT_PROTO_PAT
32 from rhodecode.lib.middleware.simplegit import SimpleGit, GIT_PROTO_PAT
32 from rhodecode.lib.middleware.simplehg import SimpleHg
33 from rhodecode.lib.middleware.simplehg import SimpleHg
33 from rhodecode.lib.middleware.simplesvn import SimpleSvn
34 from rhodecode.lib.middleware.simplesvn import SimpleSvn
34 from rhodecode.model.settings import VcsSettingsModel
35 from rhodecode.model.settings import VcsSettingsModel
35
36
37
36 log = logging.getLogger(__name__)
38 log = logging.getLogger(__name__)
37
39
38 VCS_TYPE_KEY = '_rc_vcs_type'
40 VCS_TYPE_KEY = '_rc_vcs_type'
@@ -43,9 +45,10 b' def is_git(environ):'
43 """
45 """
44 Returns True if requests should be handled by GIT wsgi middleware
46 Returns True if requests should be handled by GIT wsgi middleware
45 """
47 """
46 is_git_path = GIT_PROTO_PAT.match(environ['PATH_INFO'])
48 path_info = get_path_info(environ)
49 is_git_path = GIT_PROTO_PAT.match(path_info)
47 log.debug(
50 log.debug(
48 'request path: `%s` detected as GIT PROTOCOL %s', environ['PATH_INFO'],
51 'request path: `%s` detected as GIT PROTOCOL %s', path_info,
49 is_git_path is not None)
52 is_git_path is not None)
50
53
51 return is_git_path
54 return is_git_path
@@ -65,8 +68,9 b' def is_hg(environ):'
65 if 'cmd' in query:
68 if 'cmd' in query:
66 is_hg_path = True
69 is_hg_path = True
67
70
71 path_info = get_path_info(environ)
68 log.debug(
72 log.debug(
69 'request path: `%s` detected as HG PROTOCOL %s', environ['PATH_INFO'],
73 'request path: `%s` detected as HG PROTOCOL %s', path_info,
70 is_hg_path)
74 is_hg_path)
71
75
72 return is_hg_path
76 return is_hg_path
@@ -80,13 +84,14 b' def is_svn(environ):'
80 http_dav = environ.get('HTTP_DAV', '')
84 http_dav = environ.get('HTTP_DAV', '')
81 magic_path_segment = rhodecode.CONFIG.get(
85 magic_path_segment = rhodecode.CONFIG.get(
82 'rhodecode_subversion_magic_path', '/!svn')
86 'rhodecode_subversion_magic_path', '/!svn')
87 path_info = get_path_info(environ)
83 is_svn_path = (
88 is_svn_path = (
84 'subversion' in http_dav or
89 'subversion' in http_dav or
85 magic_path_segment in environ['PATH_INFO']
90 magic_path_segment in path_info
86 or environ['REQUEST_METHOD'] in ['PROPFIND', 'PROPPATCH']
91 or environ['REQUEST_METHOD'] in ['PROPFIND', 'PROPPATCH']
87 )
92 )
88 log.debug(
93 log.debug(
89 'request path: `%s` detected as SVN PROTOCOL %s', environ['PATH_INFO'],
94 'request path: `%s` detected as SVN PROTOCOL %s', path_info,
90 is_svn_path)
95 is_svn_path)
91
96
92 return is_svn_path
97 return is_svn_path
@@ -173,10 +178,8 b' def detect_vcs_request(environ, backends'
173 # full channelstream connect should be VCS skipped
178 # full channelstream connect should be VCS skipped
174 '_admin/channelstream/connect',
179 '_admin/channelstream/connect',
175 ]
180 ]
176
181 path_info = get_path_info(environ)
177 path_info = environ['PATH_INFO']
182 path_url = path_info.lstrip('/')
178
179 path_elem = get_path_elem(path_info)
180
183
181 if path_elem in white_list:
184 if path_elem in white_list:
182 log.debug('path `%s` in whitelist, skipping...', path_info)
185 log.debug('path `%s` in whitelist, skipping...', path_info)
@@ -251,7 +254,9 b' class VCSMiddleware(object):'
251 if vcs_handler:
254 if vcs_handler:
252 # translate the _REPO_ID into real repo NAME for usage
255 # translate the _REPO_ID into real repo NAME for usage
253 # in middleware
256 # in middleware
254 environ['PATH_INFO'] = vcs_handler._get_by_id(environ['PATH_INFO'])
257
258 path_info = get_path_info(environ)
259 environ['PATH_INFO'] = vcs_handler._get_by_id(path_info)
255
260
256 # Set acl, url and vcs repo names.
261 # Set acl, url and vcs repo names.
257 vcs_handler.set_repo_names(environ)
262 vcs_handler.set_repo_names(environ)
General Comments 0
You need to be logged in to leave comments. Login now