##// END OF EJS Templates
fixes for issue #149
fixes for issue #149

File last commit:

r1217:a3b2b4b4 default
r1217:a3b2b4b4 default
Show More
simplehg.py
229 lines | 8.4 KiB | text/x-python | PythonLexer
renamed project to rhodecode
r547 #!/usr/bin/env python
# encoding: utf-8
# middleware to handle mercurial api calls
# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
#
fixes for issue #149
r1217 # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
renamed project to rhodecode
r547 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
fixes for issue #149
r1217 #
renamed project to rhodecode
r547 # You should have received a copy of the GNU General Public License
fixes for issue #149
r1217 # along with this program. If not, see <http://www.gnu.org/licenses/>.
renamed project to rhodecode
r547 """
Created on 2010-04-28
@author: marcink
SimpleHG middleware for handling mercurial protocol request (push/clone etc.)
It's implemented with basic auth function
"""
from mercurial.error import RepoError
from mercurial.hgweb import hgweb
from mercurial.hgweb.request import wsgiapplication
from paste.auth.basic import AuthBasicAuthenticator
from paste.httpheaders import REMOTE_USER, AUTH_TYPE
Code refactoring,models renames...
r629 from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware
project refactoring, cleaned up lib.utils from rarly used functions, and place them...
r756 from rhodecode.lib.utils import make_ui, invalidate_cache, \
renamed project to rhodecode
r547 check_repo_fast, ui_sections
Code refactoring,models renames...
r629 from rhodecode.model.user import UserModel
renamed project to rhodecode
r547 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
import logging
import os
import traceback
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 log = logging.getLogger(__name__)
project refactoring, cleaned up lib.utils from rarly used functions, and place them...
r756 def is_mercurial(environ):
"""
Returns True if request's target is mercurial server - header
``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.
"""
http_accept = environ.get('HTTP_ACCEPT')
if http_accept and http_accept.startswith('application/mercurial'):
return True
return False
renamed project to rhodecode
r547 class SimpleHg(object):
def __init__(self, application, config):
self.application = application
self.config = config
#49 Enabled anonymous access push and pull commands
r674 #authenticate this mercurial request using authfunc
renamed project to rhodecode
r547 self.authenticate = AuthBasicAuthenticator('', authfunc)
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 self.ipaddr = '0.0.0.0'
self.repository = None
self.username = None
self.action = None
Moved out reposcan into hg Model....
r665
renamed project to rhodecode
r547 def __call__(self, environ, start_response):
if not is_mercurial(environ):
return self.application(environ, start_response)
Moved out reposcan into hg Model....
r665
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 proxy_key = 'HTTP_X_REAL_IP'
def_key = 'REMOTE_ADDR'
self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
merged found bugs and fixed for stable release:...
r921 # skip passing error to error controller
environ['pylons.status_code_redirect'] = True
Moved out reposcan into hg Model....
r665
renamed project to rhodecode
r547 #===================================================================
# AUTHENTICATE THIS MERCURIAL REQUEST
#===================================================================
username = REMOTE_USER(environ)
Moved out reposcan into hg Model....
r665
renamed project to rhodecode
r547 if not username:
merged found bugs and fixed for stable release:...
r921 self.authenticate.realm = str(self.config['rhodecode_realm'])
renamed project to rhodecode
r547 result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
else:
return result.wsgi_application(environ, start_response)
Moved out reposcan into hg Model....
r665
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 #=======================================================================
# GET REPOSITORY
#=======================================================================
renamed project to rhodecode
r547 try:
repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
if repo_name.endswith('/'):
repo_name = repo_name.rstrip('/')
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 self.repository = repo_name
renamed project to rhodecode
r547 except:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 #===================================================================
# CHECK PERMISSIONS FOR THIS REQUEST
#===================================================================
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 self.action = self.__get_action(environ)
if self.action:
renamed project to rhodecode
r547 username = self.__get_environ_user(environ)
try:
user = self.__get_user(username)
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 self.username = user.username
renamed project to rhodecode
r547 except:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
fixed chrome repo switcher issue
r607
renamed project to rhodecode
r547 #check permissions for this repository
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 if self.action == 'push':
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605 if not HasPermissionAnyMiddleware('repository.write',
'repository.admin')\
(user, repo_name):
return HTTPForbidden()(environ, start_response)
else:
fixed chrome repo switcher issue
r607 #any other action need at least read permission
renamed project to rhodecode
r547 if not HasPermissionAnyMiddleware('repository.read',
'repository.write',
'repository.admin')\
(user, repo_name):
return HTTPForbidden()(environ, start_response)
Moved out reposcan into hg Model....
r665
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 self.extras = {'ip':self.ipaddr,
'username':self.username,
'action':self.action,
'repository':self.repository}
propagate changes for #48 into simplegit....
r655
renamed project to rhodecode
r547 #===================================================================
# MERCURIAL REQUEST HANDLING
#===================================================================
environ['PATH_INFO'] = '/'#since we wrap into hgweb, reset the path
self.baseui = make_ui('db')
self.basepath = self.config['base_path']
self.repo_path = os.path.join(self.basepath, repo_name)
#quick check if that dir exists...
if check_repo_fast(repo_name, self.basepath):
return HTTPNotFound()(environ, start_response)
try:
app = wsgiapplication(self.__make_app)
except RepoError, e:
if str(e).find('not found') != -1:
return HTTPNotFound()(environ, start_response)
except Exception:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 #invalidate cache on push
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 if self.action == 'push':
renamed project to rhodecode
r547 self.__invalidate_cache(repo_name)
project refactoring, cleaned up lib.utils from rarly used functions, and place them...
r756
removed 'thank you..' message from simpleHG, it should be used in hooks.
r719 return app(environ, start_response)
renamed project to rhodecode
r547
def __make_app(self):
hgserve = hgweb(str(self.repo_path), baseui=self.baseui)
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 return self.__load_web_settings(hgserve, self.extras)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 def __get_environ_user(self, environ):
return environ.get('REMOTE_USER')
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 def __get_user(self, username):
Code refactoring,models renames...
r629 return UserModel().get_by_username(username, cache=True)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 def __get_action(self, environ):
"""
Fixed journal action loggin doubled messages.
r606 Maps mercurial request commands into a clone,pull or push command.
This should always return a valid command string
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605 :param environ:
renamed project to rhodecode
r547 """
mapping = {'changegroup': 'pull',
'changegroupsubset': 'pull',
'stream_out': 'pull',
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 'listkeys': 'pull',
renamed project to rhodecode
r547 'unbundle': 'push',
'pushkey': 'push', }
for qry in environ['QUERY_STRING'].split('&'):
if qry.startswith('cmd'):
cmd = qry.split('=')[-1]
if mapping.has_key(cmd):
return mapping[cmd]
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605 else:
return cmd
renamed project to rhodecode
r547 def __invalidate_cache(self, repo_name):
"""we know that some change was made to repositories and we should
invalidate the cache to see the changes right away but only for
push requests"""
Moved out reposcan into hg Model....
r665 invalidate_cache('get_repo_cached_%s' % repo_name)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 def __load_web_settings(self, hgserve, extras={}):
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605 #set the global ui for hgserve instance passed
renamed project to rhodecode
r547 hgserve.repo.ui = self.baseui
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 hgrc = os.path.join(self.repo_path, '.hg', 'hgrc')
Moved out reposcan into hg Model....
r665
#48 rewrite action loggers into hooks with all changesets that are inside a push
r654 #inject some additional parameters that will be available in ui
#for hooks
for k, v in extras.items():
hgserve.repo.ui.setconfig('rhodecode_extras', k, v)
Moved out reposcan into hg Model....
r665
renamed project to rhodecode
r547 repoui = make_ui('file', hgrc, False)
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605
renamed project to rhodecode
r547 if repoui:
#overwrite our ui instance with the section from hgrc file
for section in ui_sections:
for k, v in repoui.configitems(section):
hgserve.repo.ui.setconfig(section, k, v)
Moved out reposcan into hg Model....
r665
renamed project to rhodecode
r547 return hgserve
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
r605