simplehg.py
287 lines
| 11.3 KiB
| text/x-python
|
PythonLexer
r903 | # -*- coding: utf-8 -*- | |||
""" | ||||
rhodecode.lib.middleware.simplehg | ||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
r1203 | SimpleHG middleware for handling mercurial protocol request | |||
r903 | (push/clone etc.). It's implemented with basic auth function | |||
r1203 | ||||
r903 | :created_on: Apr 28, 2010 | |||
:author: marcink | ||||
r1824 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |||
r903 | :license: GPLv3, see COPYING for more details. | |||
""" | ||||
r1206 | # This program is free software: you can redistribute it and/or modify | |||
# it under the terms of the GNU General Public License as published by | ||||
# the Free Software Foundation, either version 3 of the License, or | ||||
# (at your option) any later version. | ||||
r1203 | # | |||
r547 | # This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
r1203 | # | |||
r547 | # You should have received a copy of the GNU General Public License | |||
r1206 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
r547 | ||||
r910 | import os | |||
import logging | ||||
import traceback | ||||
r547 | from mercurial.error import RepoError | |||
r1495 | from mercurial.hgweb import hgweb_mod | |||
r910 | ||||
r547 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE | |||
r2668 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ | |||
HTTPBadRequest, HTTPNotAcceptable | ||||
r910 | ||||
r2969 | from rhodecode.lib.utils2 import safe_str, fix_PATH, get_server_url | |||
r1761 | from rhodecode.lib.base import BaseVCSController | |||
from rhodecode.lib.auth import get_container_username | ||||
from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections | ||||
r2716 | from rhodecode.lib.compat import json | |||
r1497 | from rhodecode.model.db import User | |||
r2726 | from rhodecode.lib.exceptions import HTTPLockedRC | |||
r910 | ||||
r605 | ||||
r547 | log = logging.getLogger(__name__) | |||
r1275 | ||||
r756 | def is_mercurial(environ): | |||
r2100 | """ | |||
Returns True if request's target is mercurial server - header | ||||
r756 | ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``. | |||
""" | ||||
http_accept = environ.get('HTTP_ACCEPT') | ||||
r2100 | path_info = environ['PATH_INFO'] | |||
r756 | if http_accept and http_accept.startswith('application/mercurial'): | |||
r2100 | ishg_path = True | |||
else: | ||||
ishg_path = False | ||||
log.debug('pathinfo: %s detected as HG %s' % ( | ||||
path_info, ishg_path) | ||||
) | ||||
return ishg_path | ||||
r756 | ||||
r1275 | ||||
r1761 | class SimpleHg(BaseVCSController): | |||
r547 | ||||
r1761 | def _handle_request(self, environ, start_response): | |||
r547 | if not is_mercurial(environ): | |||
return self.application(environ, start_response) | ||||
r2668 | if not self._check_ssl(environ, start_response): | |||
return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) | ||||
r665 | ||||
r2184 | ipaddr = self._get_ip_addr(environ) | |||
r2673 | username = None | |||
r898 | # skip passing error to error controller | |||
environ['pylons.status_code_redirect'] = True | ||||
r1529 | ||||
r1495 | #====================================================================== | |||
# EXTRACT REPOSITORY NAME FROM ENV | ||||
#====================================================================== | ||||
try: | ||||
repo_name = environ['REPO_NAME'] = self.__get_repository(environ) | ||||
log.debug('Extracted repo name is %s' % repo_name) | ||||
except: | ||||
return HTTPInternalServerError()(environ, start_response) | ||||
r665 | ||||
r2122 | # quick check if that dir exists... | |||
r2716 | if is_valid_repo(repo_name, self.basepath, 'hg') is False: | |||
r2122 | return HTTPNotFound()(environ, start_response) | |||
r910 | #====================================================================== | |||
# GET ACTION PULL or PUSH | ||||
#====================================================================== | ||||
r1495 | action = self.__get_action(environ) | |||
r2100 | ||||
r910 | #====================================================================== | |||
# CHECK ANONYMOUS PERMISSION | ||||
#====================================================================== | ||||
r1495 | if action in ['pull', 'push']: | |||
r910 | anonymous_user = self.__get_user('default') | |||
r1495 | username = anonymous_user.username | |||
r2021 | anonymous_perm = self._check_permission(action, anonymous_user, | |||
r1761 | repo_name) | |||
r910 | ||||
if anonymous_perm is not True or anonymous_user.active is False: | ||||
if anonymous_perm is not True: | ||||
r1275 | log.debug('Not enough credentials to access this ' | |||
'repository as anonymous user') | ||||
r910 | if anonymous_user.active is False: | |||
log.debug('Anonymous access is disabled, running ' | ||||
'authentication') | ||||
r918 | #============================================================== | |||
r1203 | # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE | |||
r918 | # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS | |||
#============================================================== | ||||
r607 | ||||
Liad Shani
|
r1630 | # Attempting to retrieve username from the container | ||
username = get_container_username(environ, self.config) | ||||
# If not authenticated by the container, running basic auth | ||||
if not username: | ||||
r1401 | self.authenticate.realm = \ | |||
safe_str(self.config['rhodecode_realm']) | ||||
r910 | result = self.authenticate(environ) | |||
if isinstance(result, str): | ||||
AUTH_TYPE.update(environ, 'basic') | ||||
REMOTE_USER.update(environ, result) | ||||
Liad Shani
|
r1630 | username = result | ||
r910 | else: | |||
return result.wsgi_application(environ, start_response) | ||||
r918 | #============================================================== | |||
Liad Shani
|
r1630 | # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME | ||
r918 | #============================================================== | |||
r2500 | try: | |||
user = self.__get_user(username) | ||||
if user is None or not user.active: | ||||
return HTTPForbidden()(environ, start_response) | ||||
username = user.username | ||||
except: | ||||
log.error(traceback.format_exc()) | ||||
return HTTPInternalServerError()(environ, start_response) | ||||
r910 | ||||
r2500 | #check permissions for this repository | |||
perm = self._check_permission(action, user, repo_name) | ||||
if perm is not True: | ||||
return HTTPForbidden()(environ, start_response) | ||||
r665 | ||||
r2100 | # extras are injected into mercurial UI object and later available | |||
# in hg hooks executed by rhodecode | ||||
Vincent Caron
|
r2857 | from rhodecode import CONFIG | ||
r2969 | server_url = get_server_url(environ) | |||
r2100 | extras = { | |||
'ip': ipaddr, | ||||
'username': username, | ||||
'action': action, | ||||
r2203 | 'repository': repo_name, | |||
'scm': 'hg', | ||||
Vincent Caron
|
r2857 | 'config': CONFIG['__file__'], | ||
r2969 | 'server_url': server_url, | |||
r2726 | 'make_lock': None, | |||
'locked_by': [None, None] | ||||
r2100 | } | |||
r1275 | #====================================================================== | |||
r547 | # MERCURIAL REQUEST HANDLING | |||
r1275 | #====================================================================== | |||
r2100 | repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name)) | |||
r1495 | log.debug('Repository path is %s' % repo_path) | |||
r1529 | ||||
r2726 | # CHECK LOCKING only if it's not ANONYMOUS USER | |||
if username != User.DEFAULT_USER: | ||||
log.debug('Checking locking on repository') | ||||
(make_lock, | ||||
locked, | ||||
locked_by) = self._check_locking_state( | ||||
environ=environ, action=action, | ||||
repo=repo_name, user_id=user.user_id | ||||
) | ||||
# store the make_lock for later evaluation in hooks | ||||
extras.update({'make_lock': make_lock, | ||||
'locked_by': locked_by}) | ||||
# set the environ variables for this request | ||||
os.environ['RC_SCM_DATA'] = json.dumps(extras) | ||||
r2869 | fix_PATH() | |||
r2726 | log.debug('HOOKS extras is %s' % extras) | |||
r1495 | baseui = make_ui('db') | |||
self.__inject_extras(repo_path, baseui, extras) | ||||
r1529 | ||||
r547 | try: | |||
r1761 | # invalidate cache on push | |||
r1495 | if action == 'push': | |||
r1761 | self._invalidate_cache(repo_name) | |||
r2026 | log.info('%s action on HG repo "%s"' % (action, repo_name)) | |||
r1495 | app = self.__make_app(repo_path, baseui, extras) | |||
return app(environ, start_response) | ||||
r547 | except RepoError, e: | |||
if str(e).find('not found') != -1: | ||||
return HTTPNotFound()(environ, start_response) | ||||
r2726 | except HTTPLockedRC, e: | |||
log.debug('Repositry LOCKED ret code 423!') | ||||
return e(environ, start_response) | ||||
r547 | except Exception: | |||
log.error(traceback.format_exc()) | ||||
return HTTPInternalServerError()(environ, start_response) | ||||
r605 | ||||
r1495 | def __make_app(self, repo_name, baseui, extras): | |||
r1276 | """ | |||
Make an wsgi application using hgweb, and inject generated baseui | ||||
instance, additionally inject some extras into ui object | ||||
r910 | """ | |||
r1495 | return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui) | |||
r910 | ||||
def __get_repository(self, environ): | ||||
r1276 | """ | |||
Get's repository name out of PATH_INFO header | ||||
r1203 | ||||
r910 | :param environ: environ where PATH_INFO is stored | |||
""" | ||||
try: | ||||
r1813 | environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO']) | |||
r910 | repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:]) | |||
if repo_name.endswith('/'): | ||||
repo_name = repo_name.rstrip('/') | ||||
except: | ||||
log.error(traceback.format_exc()) | ||||
raise | ||||
return repo_name | ||||
r547 | def __get_user(self, username): | |||
r1530 | return User.get_by_username(username) | |||
r605 | ||||
r547 | def __get_action(self, environ): | |||
r1276 | """ | |||
Maps mercurial request commands into a clone,pull or push command. | ||||
r606 | This should always return a valid command string | |||
r1203 | ||||
r605 | :param environ: | |||
r547 | """ | |||
mapping = {'changegroup': 'pull', | ||||
'changegroupsubset': 'pull', | ||||
'stream_out': 'pull', | ||||
r654 | 'listkeys': 'pull', | |||
r547 | 'unbundle': 'push', | |||
'pushkey': 'push', } | ||||
for qry in environ['QUERY_STRING'].split('&'): | ||||
if qry.startswith('cmd'): | ||||
cmd = qry.split('=')[-1] | ||||
r1275 | if cmd in mapping: | |||
r547 | return mapping[cmd] | |||
r2501 | ||||
r2525 | return 'pull' | |||
raise Exception('Unable to detect pull/push action !!' | ||||
'Are you using non standard command or client ?') | ||||
r605 | ||||
r1529 | def __inject_extras(self, repo_path, baseui, extras={}): | |||
r1321 | """ | |||
Injects some extra params into baseui instance | ||||
r1818 | ||||
r1321 | also overwrites global settings with those takes from local hgrc file | |||
r1818 | ||||
r1321 | :param baseui: baseui instance | |||
:param extras: dict with extra params to put into baseui | ||||
""" | ||||
r605 | ||||
r1495 | hgrc = os.path.join(repo_path, '.hg', 'hgrc') | |||
# make our hgweb quiet so it doesn't print output | ||||
baseui.setconfig('ui', 'quiet', 'true') | ||||
r665 | ||||
r654 | #inject some additional parameters that will be available in ui | |||
#for hooks | ||||
for k, v in extras.items(): | ||||
r1276 | baseui.setconfig('rhodecode_extras', k, v) | |||
r665 | ||||
r547 | repoui = make_ui('file', hgrc, False) | |||
r605 | ||||
r547 | if repoui: | |||
#overwrite our ui instance with the section from hgrc file | ||||
for section in ui_sections: | ||||
for k, v in repoui.configitems(section): | ||||
r1321 | baseui.setconfig(section, k, v) | |||