simplegit.py
338 lines
| 12.8 KiB
| text/x-python
|
PythonLexer
| r903 | # -*- coding: utf-8 -*- | |||
| """ | ||||
| rhodecode.lib.middleware.simplegit | ||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
| SimpleGit middleware for handling git protocol request (push/clone etc.) | ||||
| r1203 | It's implemented with basic auth function | |||
| r903 | :created_on: Apr 28, 2010 | |||
| :author: marcink | ||||
| r1824 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |||
| r903 | :license: GPLv3, see COPYING for more details. | |||
| """ | ||||
| r1206 | # This program is free software: you can redistribute it and/or modify | |||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| r1203 | # | |||
| r620 | # This program is distributed in the hope that it will be useful, | |||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| r1203 | # | |||
| r620 | # You should have received a copy of the GNU General Public License | |||
| r1206 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
| r635 | ||||
| r903 | import os | |||
| r2052 | import re | |||
| r903 | import logging | |||
| import traceback | ||||
| r635 | ||||
| r625 | from dulwich import server as dulserver | |||
| r2578 | from dulwich.web import LimitedInputFilter, GunzipFilter | |||
| r2726 | from rhodecode.lib.exceptions import HTTPLockedRC | |||
| from rhodecode.lib.hooks import pre_pull | ||||
| r625 | ||||
| r2007 | ||||
| r625 | class SimpleGitUploadPackHandler(dulserver.UploadPackHandler): | |||
| def handle(self): | ||||
| write = lambda x: self.proto.write_sideband(1, x) | ||||
| r1275 | graph_walker = dulserver.ProtocolGraphWalker(self, | |||
| self.repo.object_store, | ||||
| self.repo.get_peeled) | ||||
| r625 | objects_iter = self.repo.fetch_objects( | |||
| graph_walker.determine_wants, graph_walker, self.progress, | ||||
| get_tagged=self.get_tagged) | ||||
| r2197 | # Did the process short-circuit (e.g. in a stateless RPC call)? Note | |||
| # that the client still expects a 0-object pack in most cases. | ||||
| if objects_iter is None: | ||||
| r625 | return | |||
| self.progress("counting objects: %d, done.\n" % len(objects_iter)) | ||||
| r1496 | dulserver.write_pack_objects(dulserver.ProtocolFile(None, write), | |||
| r2197 | objects_iter) | |||
| r625 | messages = [] | |||
| messages.append('thank you for using rhodecode') | ||||
| for msg in messages: | ||||
| self.progress(msg + "\n") | ||||
| # we are done | ||||
| self.proto.write("0000") | ||||
| r2197 | ||||
| r625 | dulserver.DEFAULT_HANDLERS = { | |||
| r2322 | #git-ls-remote, git-clone, git-fetch and git-pull | |||
| r625 | 'git-upload-pack': SimpleGitUploadPackHandler, | |||
| r2322 | #git-push | |||
| r625 | 'git-receive-pack': dulserver.ReceivePackHandler, | |||
| } | ||||
| r2402 | # not used for now until dulwich get's fixed | |||
| #from dulwich.repo import Repo | ||||
| #from dulwich.web import make_wsgi_chain | ||||
| r903 | ||||
| r620 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE | |||
| r2668 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ | |||
| HTTPBadRequest, HTTPNotAcceptable | ||||
| r903 | ||||
| r2869 | from rhodecode.lib.utils2 import safe_str, fix_PATH | |||
| r1761 | from rhodecode.lib.base import BaseVCSController | |||
| from rhodecode.lib.auth import get_container_username | ||||
| r2203 | from rhodecode.lib.utils import is_valid_repo, make_ui | |||
| r2716 | from rhodecode.lib.compat import json | |||
| r2402 | from rhodecode.model.db import User, RhodeCodeUi | |||
| r903 | ||||
| r620 | log = logging.getLogger(__name__) | |||
| r1275 | ||||
| r2061 | GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)') | |||
| r2052 | ||||
| r2058 | ||||
| r2060 | def is_git(environ): | |||
| r2061 | path_info = environ['PATH_INFO'] | |||
| isgit_path = GIT_PROTO_PAT.match(path_info) | ||||
| r2100 | log.debug('pathinfo: %s detected as GIT %s' % ( | |||
| path_info, isgit_path != None) | ||||
| ) | ||||
| r2061 | return isgit_path | |||
| r2052 | ||||
| r2058 | ||||
| r1761 | class SimpleGit(BaseVCSController): | |||
| r620 | ||||
| r1761 | def _handle_request(self, environ, start_response): | |||
| r2060 | if not is_git(environ): | |||
| r620 | return self.application(environ, start_response) | |||
| r2668 | if not self._check_ssl(environ, start_response): | |||
| return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) | ||||
| r2726 | ||||
| r2184 | ipaddr = self._get_ip_addr(environ) | |||
| r1496 | username = None | |||
| r2203 | self._git_first_op = False | |||
| r898 | # skip passing error to error controller | |||
| environ['pylons.status_code_redirect'] = True | ||||
| r665 | ||||
| r918 | #====================================================================== | |||
| r1496 | # EXTRACT REPOSITORY NAME FROM ENV | |||
| #====================================================================== | ||||
| try: | ||||
| repo_name = self.__get_repository(environ) | ||||
| log.debug('Extracted repo name is %s' % repo_name) | ||||
| except: | ||||
| return HTTPInternalServerError()(environ, start_response) | ||||
| r2122 | # quick check if that dir exists... | |||
| r2716 | if is_valid_repo(repo_name, self.basepath, 'git') is False: | |||
| r2122 | return HTTPNotFound()(environ, start_response) | |||
| r2060 | #====================================================================== | |||
| # GET ACTION PULL or PUSH | ||||
| #====================================================================== | ||||
| action = self.__get_action(environ) | ||||
| r620 | ||||
| r918 | #====================================================================== | |||
| # CHECK ANONYMOUS PERMISSION | ||||
| #====================================================================== | ||||
| r1496 | if action in ['pull', 'push']: | |||
| r918 | anonymous_user = self.__get_user('default') | |||
| r1496 | username = anonymous_user.username | |||
| r2026 | anonymous_perm = self._check_permission(action, anonymous_user, | |||
| r1761 | repo_name) | |||
| r918 | ||||
| if anonymous_perm is not True or anonymous_user.active is False: | ||||
| if anonymous_perm is not True: | ||||
| r1275 | log.debug('Not enough credentials to access this ' | |||
| 'repository as anonymous user') | ||||
| r918 | if anonymous_user.active is False: | |||
| log.debug('Anonymous access is disabled, running ' | ||||
| 'authentication') | ||||
| #============================================================== | ||||
| r1203 | # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE | |||
| r918 | # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS | |||
| #============================================================== | ||||
| r620 | ||||
Liad Shani
|
r1630 | # Attempting to retrieve username from the container | ||
| username = get_container_username(environ, self.config) | ||||
| # If not authenticated by the container, running basic auth | ||||
| if not username: | ||||
| r1401 | self.authenticate.realm = \ | |||
| safe_str(self.config['rhodecode_realm']) | ||||
| r918 | result = self.authenticate(environ) | |||
| if isinstance(result, str): | ||||
| AUTH_TYPE.update(environ, 'basic') | ||||
| REMOTE_USER.update(environ, result) | ||||
|
Liad Shani
|
r1630 | username = result | ||
| r918 | else: | |||
| return result.wsgi_application(environ, start_response) | ||||
| #============================================================== | ||||
|
Liad Shani
|
r1630 | # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME | ||
| r918 | #============================================================== | |||
| r2500 | try: | |||
| user = self.__get_user(username) | ||||
| if user is None or not user.active: | ||||
| return HTTPForbidden()(environ, start_response) | ||||
| username = user.username | ||||
| except: | ||||
| log.error(traceback.format_exc()) | ||||
| return HTTPInternalServerError()(environ, start_response) | ||||
| r918 | ||||
| r2500 | #check permissions for this repository | |||
| perm = self._check_permission(action, user, repo_name) | ||||
| if perm is not True: | ||||
| return HTTPForbidden()(environ, start_response) | ||||
| r2726 | # extras are injected into UI object and later available | |||
| # in hooks executed by rhodecode | ||||
Vincent Caron
|
r2858 | from rhodecode import CONFIG | ||
| r2203 | extras = { | |||
| 'ip': ipaddr, | ||||
| 'username': username, | ||||
| 'action': action, | ||||
| 'repository': repo_name, | ||||
| 'scm': 'git', | ||||
|
Vincent Caron
|
r2858 | 'config': CONFIG['__file__'], | ||
| r2726 | 'make_lock': None, | |||
| 'locked_by': [None, None] | ||||
| r2203 | } | |||
| r2726 | ||||
| r620 | #=================================================================== | |||
| # GIT REQUEST HANDLING | ||||
| #=================================================================== | ||||
| r2100 | repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name)) | |||
| r1496 | log.debug('Repository path is %s' % repo_path) | |||
| r2726 | # CHECK LOCKING only if it's not ANONYMOUS USER | |||
| if username != User.DEFAULT_USER: | ||||
| log.debug('Checking locking on repository') | ||||
| (make_lock, | ||||
| locked, | ||||
| locked_by) = self._check_locking_state( | ||||
| environ=environ, action=action, | ||||
| repo=repo_name, user_id=user.user_id | ||||
| ) | ||||
| # store the make_lock for later evaluation in hooks | ||||
| extras.update({'make_lock': make_lock, | ||||
| 'locked_by': locked_by}) | ||||
| # set the environ variables for this request | ||||
| os.environ['RC_SCM_DATA'] = json.dumps(extras) | ||||
| r2869 | fix_PATH() | |||
| r2726 | log.debug('HOOKS extras is %s' % extras) | |||
| r2203 | baseui = make_ui('db') | |||
| r2209 | self.__inject_extras(repo_path, baseui, extras) | |||
| r620 | try: | |||
| r2203 | # invalidate cache on push | |||
| r1496 | if action == 'push': | |||
| r1761 | self._invalidate_cache(repo_name) | |||
| r2236 | self._handle_githooks(repo_name, action, baseui, environ) | |||
| r2203 | ||||
| r2026 | log.info('%s action on GIT repo "%s"' % (action, repo_name)) | |||
| r2726 | app = self.__make_app(repo_name, repo_path, extras) | |||
| r1496 | return app(environ, start_response) | |||
| r2726 | except HTTPLockedRC, e: | |||
| log.debug('Repositry LOCKED ret code 423!') | ||||
| return e(environ, start_response) | ||||
| r1496 | except Exception: | |||
| r620 | log.error(traceback.format_exc()) | |||
| return HTTPInternalServerError()(environ, start_response) | ||||
| r2726 | def __make_app(self, repo_name, repo_path, extras): | |||
| r1496 | """ | |||
| Make an wsgi application using dulserver | ||||
| r1818 | ||||
| r1496 | :param repo_name: name of the repository | |||
| :param repo_path: full path to the repository | ||||
| """ | ||||
| r620 | ||||
| r2382 | from rhodecode.lib.middleware.pygrack import make_wsgi_app | |||
| app = make_wsgi_app( | ||||
hppj
|
r2468 | repo_root=safe_str(self.basepath), | ||
| r2382 | repo_name=repo_name, | |||
| r2726 | extras=extras, | |||
| r2382 | ) | |||
| r2578 | app = GunzipFilter(LimitedInputFilter(app)) | |||
| r2382 | return app | |||
| r620 | ||||
| r918 | def __get_repository(self, environ): | |||
| r1496 | """ | |||
| Get's repository name out of PATH_INFO header | ||||
| r1203 | ||||
| r918 | :param environ: environ where PATH_INFO is stored | |||
| """ | ||||
| try: | ||||
| r1813 | environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO']) | |||
| r2061 | repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1) | |||
| r918 | except: | |||
| log.error(traceback.format_exc()) | ||||
| raise | ||||
| r2052 | ||||
| r918 | return repo_name | |||
| r620 | def __get_user(self, username): | |||
| r1530 | return User.get_by_username(username) | |||
| r620 | ||||
| def __get_action(self, environ): | ||||
| r2090 | """ | |||
| Maps git request commands into a pull or push command. | ||||
| r1203 | ||||
| r620 | :param environ: | |||
| """ | ||||
| service = environ['QUERY_STRING'].split('=') | ||||
| r2090 | ||||
| r620 | if len(service) > 1: | |||
| service_cmd = service[1] | ||||
| r2058 | mapping = { | |||
| 'git-receive-pack': 'push', | ||||
| 'git-upload-pack': 'pull', | ||||
| } | ||||
| r2090 | op = mapping[service_cmd] | |||
| self._git_stored_op = op | ||||
| return op | ||||
| r625 | else: | |||
| r2090 | # try to fallback to stored variable as we don't know if the last | |||
| # operation is pull/push | ||||
| op = getattr(self, '_git_stored_op', 'pull') | ||||
| return op | ||||
| r2203 | ||||
| r2236 | def _handle_githooks(self, repo_name, action, baseui, environ): | |||
| r2402 | """ | |||
| r2407 | Handles pull action, push is handled by post-receive hook | |||
| r2402 | """ | |||
| from rhodecode.lib.hooks import log_pull_action | ||||
| r2203 | service = environ['QUERY_STRING'].split('=') | |||
| r2726 | ||||
| r2203 | if len(service) < 2: | |||
| return | ||||
| r2209 | from rhodecode.model.db import Repository | |||
| _repo = Repository.get_by_repo_name(repo_name) | ||||
| _repo = _repo.scm_instance | ||||
| _repo._repo.ui = baseui | ||||
| r2203 | ||||
| _hooks = dict(baseui.configitems('hooks')) or {} | ||||
| r2726 | if action == 'pull': | |||
| # stupid git, emulate pre-pull hook ! | ||||
| pre_pull(ui=baseui, repo=_repo._repo) | ||||
| r2402 | if action == 'pull' and _hooks.get(RhodeCodeUi.HOOK_PULL): | |||
| r2236 | log_pull_action(ui=baseui, repo=_repo._repo) | |||
| r2209 | ||||
| def __inject_extras(self, repo_path, baseui, extras={}): | ||||
| """ | ||||
| Injects some extra params into baseui instance | ||||
| :param baseui: baseui instance | ||||
| :param extras: dict with extra params to put into baseui | ||||
| """ | ||||
| # make our hgweb quiet so it doesn't print output | ||||
| baseui.setconfig('ui', 'quiet', 'true') | ||||
| #inject some additional parameters that will be available in ui | ||||
| #for hooks | ||||
| for k, v in extras.items(): | ||||
| baseui.setconfig('rhodecode_extras', k, v) | ||||
