##// END OF EJS Templates
caches: use individual namespaces per user to prevent beaker caching problems....
caches: use individual namespaces per user to prevent beaker caching problems. - especially for mysql in case large number of data in caches there could be critical errors storing cache, and thus preventing users from authentication. This is caused by the fact that we used single namespace for ALL users. It means it grew as number of users grew reaching mysql single column limit. This changes the behaviour and now we use namespace per-user it means that each user-id will have it's own cache namespace fragmenting maximum column data to a single user cache. Which we should never reach.

File last commit:

r2487:fcee5614 default
r2591:36829a17 stable
Show More
base.py
150 lines | 5.0 KiB | text/x-python | PythonLexer
ssh-support: enabled full handling of all backends via SSH....
r2187 # -*- coding: utf-8 -*-
release: update copyright year to 2018
r2487 # Copyright (C) 2016-2018 RhodeCode GmbH
ssh-support: enabled full handling of all backends via SSH....
r2187 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import os
import sys
import json
import logging
from rhodecode.lib.hooks_daemon import prepare_callback_daemon
ssh: use proper way of extracting the HOOK_PROTOCOL out of vcssettings....
r2212 from rhodecode.lib.vcs.conf import settings as vcs_settings
ssh-support: enabled full handling of all backends via SSH....
r2187 from rhodecode.model.scm import ScmModel
log = logging.getLogger(__name__)
class VcsServer(object):
_path = None # set executable path for hg/git/svn binary
backend = None # set in child classes
tunnel = None # subprocess handling tunnel
write_perms = ['repository.admin', 'repository.write']
read_perms = ['repository.read', 'repository.admin', 'repository.write']
def __init__(self, user, user_permissions, config, env):
self.user = user
self.user_permissions = user_permissions
self.config = config
self.env = env
self.stdin = sys.stdin
self.repo_name = None
self.repo_mode = None
self.store = ''
self.ini_path = ''
def _invalidate_cache(self, repo_name):
"""
Set's cache for this repository for invalidation on next access
:param repo_name: full repo name, also a cache key
"""
ScmModel().mark_for_invalidation(repo_name)
def has_write_perm(self):
permission = self.user_permissions.get(self.repo_name)
if permission in ['repository.write', 'repository.admin']:
return True
return False
def _check_permissions(self, action):
permission = self.user_permissions.get(self.repo_name)
log.debug(
'permission for %s on %s are: %s',
self.user, self.repo_name, permission)
if action == 'pull':
if permission in self.read_perms:
log.info(
'READ Permissions for User "%s" detected to repo "%s"!',
self.user, self.repo_name)
return 0
else:
if permission in self.write_perms:
log.info(
'WRITE+ Permissions for User "%s" detected to repo "%s"!',
self.user, self.repo_name)
return 0
ssh: prevent exceptions when user associated to stored old key is not found.
r2206 log.error('Cannot properly fetch or allow user %s permissions. '
'Return value is: %s, req action: %s',
self.user, permission, action)
ssh-support: enabled full handling of all backends via SSH....
r2187 return -2
def update_environment(self, action, extras=None):
scm_data = {
'ip': os.environ['SSH_CLIENT'].split()[0],
'username': self.user.username,
vcs-ops: store user_id inside the extras for vcs context operations....
r2411 'user_id': self.user.user_id,
ssh-support: enabled full handling of all backends via SSH....
r2187 'action': action,
'repository': self.repo_name,
'scm': self.backend,
'config': self.ini_path,
'make_lock': None,
'locked_by': [None, None],
'server_url': None,
'is_shadow_repo': False,
'hooks_module': 'rhodecode.lib.hooks_daemon',
'hooks': ['push', 'pull'],
'SSH': True,
'SSH_PERMISSIONS': self.user_permissions.get(self.repo_name)
}
if extras:
scm_data.update(extras)
os.putenv("RC_SCM_DATA", json.dumps(scm_data))
def get_root_store(self):
root_store = self.store
if not root_store.endswith('/'):
# always append trailing slash
root_store = root_store + '/'
return root_store
def _handle_tunnel(self, extras):
# pre-auth
action = 'pull'
exit_code = self._check_permissions(action)
if exit_code:
return exit_code, False
req = self.env['request']
server_url = req.host_url + req.script_name
extras['server_url'] = server_url
log.debug('Using %s binaries from path %s', self.backend, self._path)
exit_code = self.tunnel.run(extras)
return exit_code, action == "push"
def run(self):
extras = {}
callback_daemon, extras = prepare_callback_daemon(
ssh: use proper way of extracting the HOOK_PROTOCOL out of vcssettings....
r2212 extras, protocol=vcs_settings.HOOKS_PROTOCOL,
ssh-support: enabled full handling of all backends via SSH....
r2187 use_direct_calls=False)
with callback_daemon:
try:
return self._handle_tunnel(extras)
finally:
log.debug('Running cleanup with cache invalidation')
if self.repo_name:
self._invalidate_cache(self.repo_name)