simplegit.py
209 lines
| 8.0 KiB
| text/x-python
|
PythonLexer
r620 | #!/usr/bin/env python | |||
# encoding: utf-8 | ||||
r625 | # middleware to handle git api calls | |||
r620 | # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> | |||
# | ||||
# This program is free software; you can redistribute it and/or | ||||
# modify it under the terms of the GNU General Public License | ||||
# as published by the Free Software Foundation; version 2 | ||||
# of the License or (at your opinion) any later version of the license. | ||||
# | ||||
# This program is distributed in the hope that it will be useful, | ||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
# | ||||
# You should have received a copy of the GNU General Public License | ||||
# along with this program; if not, write to the Free Software | ||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | ||||
# MA 02110-1301, USA. | ||||
r635 | """ | |||
Created on 2010-04-28 | ||||
@author: marcink | ||||
SimpleGit middleware for handling git protocol request (push/clone etc.) | ||||
It's implemented with basic auth function | ||||
""" | ||||
r625 | from dulwich import server as dulserver | |||
class SimpleGitUploadPackHandler(dulserver.UploadPackHandler): | ||||
def handle(self): | ||||
write = lambda x: self.proto.write_sideband(1, x) | ||||
graph_walker = dulserver.ProtocolGraphWalker(self, self.repo.object_store, | ||||
self.repo.get_peeled) | ||||
objects_iter = self.repo.fetch_objects( | ||||
graph_walker.determine_wants, graph_walker, self.progress, | ||||
get_tagged=self.get_tagged) | ||||
# Do they want any objects? | ||||
if len(objects_iter) == 0: | ||||
return | ||||
self.progress("counting objects: %d, done.\n" % len(objects_iter)) | ||||
dulserver.write_pack_data(dulserver.ProtocolFile(None, write), objects_iter, | ||||
len(objects_iter)) | ||||
messages = [] | ||||
messages.append('thank you for using rhodecode') | ||||
for msg in messages: | ||||
self.progress(msg + "\n") | ||||
# we are done | ||||
self.proto.write("0000") | ||||
dulserver.DEFAULT_HANDLERS = { | ||||
'git-upload-pack': SimpleGitUploadPackHandler, | ||||
'git-receive-pack': dulserver.ReceivePackHandler, | ||||
} | ||||
r620 | from dulwich.repo import Repo | |||
from dulwich.web import HTTPGitApplication | ||||
from paste.auth.basic import AuthBasicAuthenticator | ||||
from paste.httpheaders import REMOTE_USER, AUTH_TYPE | ||||
r635 | from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware | |||
r655 | from rhodecode.lib.utils import is_git, invalidate_cache, check_repo_fast | |||
r635 | from rhodecode.model.user import UserModel | |||
r620 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError | |||
import logging | ||||
import os | ||||
import traceback | ||||
log = logging.getLogger(__name__) | ||||
class SimpleGit(object): | ||||
def __init__(self, application, config): | ||||
self.application = application | ||||
self.config = config | ||||
r625 | #authenticate this git request using | |||
r620 | self.authenticate = AuthBasicAuthenticator('', authfunc) | |||
r655 | self.ipaddr = '0.0.0.0' | |||
self.repository = None | ||||
self.username = None | ||||
self.action = None | ||||
r665 | ||||
r620 | def __call__(self, environ, start_response): | |||
if not is_git(environ): | ||||
return self.application(environ, start_response) | ||||
r665 | ||||
r655 | proxy_key = 'HTTP_X_REAL_IP' | |||
def_key = 'REMOTE_ADDR' | ||||
self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0')) | ||||
r665 | ||||
r620 | #=================================================================== | |||
r625 | # AUTHENTICATE THIS GIT REQUEST | |||
r620 | #=================================================================== | |||
username = REMOTE_USER(environ) | ||||
if not username: | ||||
self.authenticate.realm = self.config['rhodecode_realm'] | ||||
result = self.authenticate(environ) | ||||
if isinstance(result, str): | ||||
AUTH_TYPE.update(environ, 'basic') | ||||
REMOTE_USER.update(environ, result) | ||||
else: | ||||
return result.wsgi_application(environ, start_response) | ||||
r665 | ||||
r655 | #======================================================================= | |||
# GET REPOSITORY | ||||
#======================================================================= | ||||
r620 | try: | |||
r655 | repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:]) | |||
if repo_name.endswith('/'): | ||||
repo_name = repo_name.rstrip('/') | ||||
self.repository = repo_name | ||||
r620 | except: | |||
log.error(traceback.format_exc()) | ||||
return HTTPInternalServerError()(environ, start_response) | ||||
#=================================================================== | ||||
# CHECK PERMISSIONS FOR THIS REQUEST | ||||
#=================================================================== | ||||
r655 | self.action = self.__get_action(environ) | |||
if self.action: | ||||
r620 | username = self.__get_environ_user(environ) | |||
try: | ||||
user = self.__get_user(username) | ||||
r655 | self.username = user.username | |||
r620 | except: | |||
log.error(traceback.format_exc()) | ||||
return HTTPInternalServerError()(environ, start_response) | ||||
#check permissions for this repository | ||||
r655 | if self.action == 'push': | |||
r620 | if not HasPermissionAnyMiddleware('repository.write', | |||
'repository.admin')\ | ||||
r655 | (user, repo_name): | |||
r620 | return HTTPForbidden()(environ, start_response) | |||
else: | ||||
#any other action need at least read permission | ||||
if not HasPermissionAnyMiddleware('repository.read', | ||||
'repository.write', | ||||
'repository.admin')\ | ||||
r655 | (user, repo_name): | |||
r620 | return HTTPForbidden()(environ, start_response) | |||
r655 | self.extras = {'ip':self.ipaddr, | |||
'username':self.username, | ||||
'action':self.action, | ||||
'repository':self.repository} | ||||
r620 | ||||
#=================================================================== | ||||
# GIT REQUEST HANDLING | ||||
#=================================================================== | ||||
self.basepath = self.config['base_path'] | ||||
self.repo_path = os.path.join(self.basepath, self.repo_name) | ||||
#quick check if that dir exists... | ||||
if check_repo_fast(self.repo_name, self.basepath): | ||||
return HTTPNotFound()(environ, start_response) | ||||
try: | ||||
app = self.__make_app() | ||||
r643 | except: | |||
r620 | log.error(traceback.format_exc()) | |||
return HTTPInternalServerError()(environ, start_response) | ||||
#invalidate cache on push | ||||
r655 | if self.action == 'push': | |||
r620 | self.__invalidate_cache(self.repo_name) | |||
messages = [] | ||||
messages.append('thank you for using rhodecode') | ||||
return app(environ, start_response) | ||||
else: | ||||
return app(environ, start_response) | ||||
def __make_app(self): | ||||
r625 | backend = dulserver.DictBackend({'/' + self.repo_name: Repo(self.repo_path)}) | |||
r620 | gitserve = HTTPGitApplication(backend) | |||
return gitserve | ||||
def __get_environ_user(self, environ): | ||||
return environ.get('REMOTE_USER') | ||||
def __get_user(self, username): | ||||
r635 | return UserModel().get_by_username(username, cache=True) | |||
r620 | ||||
def __get_action(self, environ): | ||||
""" | ||||
Maps git request commands into a pull or push command. | ||||
:param environ: | ||||
""" | ||||
service = environ['QUERY_STRING'].split('=') | ||||
if len(service) > 1: | ||||
service_cmd = service[1] | ||||
r625 | mapping = {'git-receive-pack': 'push', | |||
'git-upload-pack': 'pull', | ||||
r620 | } | |||
r625 | return mapping.get(service_cmd, service_cmd if service_cmd else 'other') | |||
else: | ||||
return 'other' | ||||
r620 | ||||
def __invalidate_cache(self, repo_name): | ||||
"""we know that some change was made to repositories and we should | ||||
invalidate the cache to see the changes right away but only for | ||||
push requests""" | ||||
r665 | invalidate_cache('get_repo_cached_%s' % repo_name) | |||