simplehg.py
229 lines
| 8.3 KiB
| text/x-python
|
PythonLexer
| r547 | #!/usr/bin/env python | |||
| # encoding: utf-8 | ||||
| # middleware to handle mercurial api calls | ||||
| # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> | ||||
| # | ||||
| # This program is free software; you can redistribute it and/or | ||||
| # modify it under the terms of the GNU General Public License | ||||
| # as published by the Free Software Foundation; version 2 | ||||
| # of the License or (at your opinion) any later version of the license. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program; if not, write to the Free Software | ||||
| # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | ||||
| # MA 02110-1301, USA. | ||||
| """ | ||||
| Created on 2010-04-28 | ||||
| @author: marcink | ||||
| SimpleHG middleware for handling mercurial protocol request (push/clone etc.) | ||||
| It's implemented with basic auth function | ||||
| """ | ||||
| from mercurial.error import RepoError | ||||
| from mercurial.hgweb import hgweb | ||||
| from mercurial.hgweb.request import wsgiapplication | ||||
| from paste.auth.basic import AuthBasicAuthenticator | ||||
| from paste.httpheaders import REMOTE_USER, AUTH_TYPE | ||||
| r629 | from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware | |||
| r756 | from rhodecode.lib.utils import make_ui, invalidate_cache, \ | |||
| r547 | check_repo_fast, ui_sections | |||
| r629 | from rhodecode.model.user import UserModel | |||
| r547 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError | |||
| import logging | ||||
| import os | ||||
| import traceback | ||||
| r605 | ||||
| r547 | log = logging.getLogger(__name__) | |||
| r756 | def is_mercurial(environ): | |||
| """ | ||||
| Returns True if request's target is mercurial server - header | ||||
| ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``. | ||||
| """ | ||||
| http_accept = environ.get('HTTP_ACCEPT') | ||||
| if http_accept and http_accept.startswith('application/mercurial'): | ||||
| return True | ||||
| return False | ||||
| r547 | class SimpleHg(object): | |||
| def __init__(self, application, config): | ||||
| self.application = application | ||||
| self.config = config | ||||
| r674 | #authenticate this mercurial request using authfunc | |||
| r547 | self.authenticate = AuthBasicAuthenticator('', authfunc) | |||
| r654 | self.ipaddr = '0.0.0.0' | |||
| self.repository = None | ||||
| self.username = None | ||||
| self.action = None | ||||
| r665 | ||||
| r547 | def __call__(self, environ, start_response): | |||
| if not is_mercurial(environ): | ||||
| return self.application(environ, start_response) | ||||
| r665 | ||||
| r654 | proxy_key = 'HTTP_X_REAL_IP' | |||
| def_key = 'REMOTE_ADDR' | ||||
| self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0')) | ||||
| r665 | ||||
| r547 | #=================================================================== | |||
| # AUTHENTICATE THIS MERCURIAL REQUEST | ||||
| #=================================================================== | ||||
| username = REMOTE_USER(environ) | ||||
| r665 | ||||
| r547 | if not username: | |||
| r548 | self.authenticate.realm = self.config['rhodecode_realm'] | |||
| r547 | result = self.authenticate(environ) | |||
| if isinstance(result, str): | ||||
| AUTH_TYPE.update(environ, 'basic') | ||||
| REMOTE_USER.update(environ, result) | ||||
| else: | ||||
| return result.wsgi_application(environ, start_response) | ||||
| r665 | ||||
| r654 | #======================================================================= | |||
| # GET REPOSITORY | ||||
| #======================================================================= | ||||
| r547 | try: | |||
| repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:]) | ||||
| if repo_name.endswith('/'): | ||||
| repo_name = repo_name.rstrip('/') | ||||
| r654 | self.repository = repo_name | |||
| r547 | except: | |||
| log.error(traceback.format_exc()) | ||||
| return HTTPInternalServerError()(environ, start_response) | ||||
| r605 | ||||
| r547 | #=================================================================== | |||
| # CHECK PERMISSIONS FOR THIS REQUEST | ||||
| #=================================================================== | ||||
| r654 | self.action = self.__get_action(environ) | |||
| if self.action: | ||||
| r547 | username = self.__get_environ_user(environ) | |||
| try: | ||||
| user = self.__get_user(username) | ||||
| r654 | self.username = user.username | |||
| r547 | except: | |||
| log.error(traceback.format_exc()) | ||||
| return HTTPInternalServerError()(environ, start_response) | ||||
| r607 | ||||
| r547 | #check permissions for this repository | |||
| r654 | if self.action == 'push': | |||
| r605 | if not HasPermissionAnyMiddleware('repository.write', | |||
| 'repository.admin')\ | ||||
| (user, repo_name): | ||||
| return HTTPForbidden()(environ, start_response) | ||||
| else: | ||||
| r607 | #any other action need at least read permission | |||
| r547 | if not HasPermissionAnyMiddleware('repository.read', | |||
| 'repository.write', | ||||
| 'repository.admin')\ | ||||
| (user, repo_name): | ||||
| return HTTPForbidden()(environ, start_response) | ||||
| r665 | ||||
| r654 | self.extras = {'ip':self.ipaddr, | |||
| 'username':self.username, | ||||
| 'action':self.action, | ||||
| 'repository':self.repository} | ||||
| r655 | ||||
| r547 | #=================================================================== | |||
| # MERCURIAL REQUEST HANDLING | ||||
| #=================================================================== | ||||
| environ['PATH_INFO'] = '/'#since we wrap into hgweb, reset the path | ||||
| self.baseui = make_ui('db') | ||||
| self.basepath = self.config['base_path'] | ||||
| self.repo_path = os.path.join(self.basepath, repo_name) | ||||
| #quick check if that dir exists... | ||||
| if check_repo_fast(repo_name, self.basepath): | ||||
| return HTTPNotFound()(environ, start_response) | ||||
| try: | ||||
| app = wsgiapplication(self.__make_app) | ||||
| except RepoError, e: | ||||
| if str(e).find('not found') != -1: | ||||
| return HTTPNotFound()(environ, start_response) | ||||
| except Exception: | ||||
| log.error(traceback.format_exc()) | ||||
| return HTTPInternalServerError()(environ, start_response) | ||||
| r605 | ||||
| r547 | #invalidate cache on push | |||
| r654 | if self.action == 'push': | |||
| r547 | self.__invalidate_cache(repo_name) | |||
| r756 | ||||
| r719 | return app(environ, start_response) | |||
| r547 | ||||
| def __make_app(self): | ||||
| hgserve = hgweb(str(self.repo_path), baseui=self.baseui) | ||||
| r654 | return self.__load_web_settings(hgserve, self.extras) | |||
| r605 | ||||
| r547 | def __get_environ_user(self, environ): | |||
| return environ.get('REMOTE_USER') | ||||
| r605 | ||||
| r547 | def __get_user(self, username): | |||
| r629 | return UserModel().get_by_username(username, cache=True) | |||
| r605 | ||||
| r547 | def __get_action(self, environ): | |||
| """ | ||||
| r606 | Maps mercurial request commands into a clone,pull or push command. | |||
| This should always return a valid command string | ||||
| r605 | :param environ: | |||
| r547 | """ | |||
| mapping = {'changegroup': 'pull', | ||||
| 'changegroupsubset': 'pull', | ||||
| 'stream_out': 'pull', | ||||
| r654 | 'listkeys': 'pull', | |||
| r547 | 'unbundle': 'push', | |||
| 'pushkey': 'push', } | ||||
| for qry in environ['QUERY_STRING'].split('&'): | ||||
| if qry.startswith('cmd'): | ||||
| cmd = qry.split('=')[-1] | ||||
| if mapping.has_key(cmd): | ||||
| return mapping[cmd] | ||||
| r605 | else: | |||
| return cmd | ||||
| r547 | def __invalidate_cache(self, repo_name): | |||
| """we know that some change was made to repositories and we should | ||||
| invalidate the cache to see the changes right away but only for | ||||
| push requests""" | ||||
| r665 | invalidate_cache('get_repo_cached_%s' % repo_name) | |||
| r605 | ||||
| r654 | def __load_web_settings(self, hgserve, extras={}): | |||
| r605 | #set the global ui for hgserve instance passed | |||
| r547 | hgserve.repo.ui = self.baseui | |||
| r605 | ||||
| r547 | hgrc = os.path.join(self.repo_path, '.hg', 'hgrc') | |||
| r665 | ||||
| r654 | #inject some additional parameters that will be available in ui | |||
| #for hooks | ||||
| for k, v in extras.items(): | ||||
| hgserve.repo.ui.setconfig('rhodecode_extras', k, v) | ||||
| r665 | ||||
| r547 | repoui = make_ui('file', hgrc, False) | |||
| r605 | ||||
| r547 | if repoui: | |||
| #overwrite our ui instance with the section from hgrc file | ||||
| for section in ui_sections: | ||||
| for k, v in repoui.configitems(section): | ||||
| hgserve.repo.ui.setconfig(section, k, v) | ||||
| r665 | ||||
| r547 | return hgserve | |||
| r605 | ||||
