upstream/kallithea Commit - r2184:79e4d6b9

Added HTTP_X_FORWARDED_FOR as another method of extracting IP for pull/push logs....

marcink -

r2184:79e4d6b9 beta

parent child

rhodecode/lib/base.py

0 +11 0

             """The base Controller API
             Provides the BaseController class for subclassing.
             """
             import logging
             import time
             import traceback
             from paste.auth.basic import AuthBasicAuthenticator
             from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden
             from paste.httpheaders import WWW_AUTHENTICATE
             from pylons import config, tmpl_context as c, request, session, url
             from pylons.controllers import WSGIController
             from pylons.controllers.util import redirect
             from pylons.templating import render_mako as render
             from rhodecode import __version__, BACKENDS
             from rhodecode.lib.utils2 import str2bool, safe_unicode
             from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\
                 HasPermissionAnyMiddleware, CookieStoreWrapper
             from rhodecode.lib.utils import get_repo_slug, invalidate_cache
             from rhodecode.model import meta
             from rhodecode.model.db import Repository
             from rhodecode.model.notification import NotificationModel
             from rhodecode.model.scm import ScmModel
             log = logging.getLogger(__name__)
             class BasicAuth(AuthBasicAuthenticator):
                 def __init__(self, realm, authfunc, auth_http_code=None):
                     self.realm = realm
                     self.authfunc = authfunc
                     self._rc_auth_http_code = auth_http_code
                 def build_authentication(self):
                     head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
                     if self._rc_auth_http_code and self._rc_auth_http_code == '403':
                         # return 403 if alternative http return code is specified in
                         # RhodeCode config
                         return HTTPForbidden(headers=head)
                     return HTTPUnauthorized(headers=head)
             class BaseVCSController(object):
                 def __init__(self, application, config):
                     self.application = application
                     self.config = config
                     # base path of repo locations
                     self.basepath = self.config['base_path']
                     #authenticate this mercurial request using authfunc
                     self.authenticate = BasicAuth('', authfunc,
                                                   config.get('auth_ret_code'))
                     self.ipaddr = '0.0.0.0'
                 def _handle_request(self, environ, start_response):
                     raise NotImplementedError()
                 def _get_by_id(self, repo_name):
                     """
                     Get's a special pattern _<ID> from clone url and tries to replace it
                     with a repository_name for support of _<ID> non changable urls
                     :param repo_name:
                     """
                     try:
                         data = repo_name.split('/')
                         if len(data) >= 2:
                             by_id = data[1].split('_')
                             if len(by_id) == 2 and by_id[1].isdigit():
                                 _repo_name = Repository.get(by_id[1]).repo_name
                                 data[1] = _repo_name
                     except:
                         log.debug('Failed to extract repo_name from id %s' % (
                                   traceback.format_exc()
                                   )
                         )
                     return '/'.join(data)
                 def _invalidate_cache(self, repo_name):
                     """
                     Set's cache for this repository for invalidation on next access
                     :param repo_name: full repo name, also a cache key
                     """
                     invalidate_cache('get_repo_cached_%s' % repo_name)
                 def _check_permission(self, action, user, repo_name):
                     """
                     Checks permissions using action (push/pull) user and repository
                     name
                     :param action: push or pull action
                     :param user: user instance
                     :param repo_name: repository name
                     """
                     if action == 'push':
                         if not HasPermissionAnyMiddleware('repository.write',
                                                           'repository.admin')(user,
                                                                               repo_name):
                             return False
                     else:
                         #any other action need at least read permission
                         if not HasPermissionAnyMiddleware('repository.read',
                                                           'repository.write',
                                                           'repository.admin')(user,
                                                                               repo_name):
                             return False
                     return True
+                def _get_ip_addr(self, environ):
+                    proxy_key = 'HTTP_X_REAL_IP'
+                    proxy_key2 = 'HTTP_X_FORWARDED_FOR'
+                    def_key = 'REMOTE_ADDR'
+                    return environ.get(proxy_key2,
+                                       environ.get(proxy_key,
+                                                   environ.get(def_key, '0.0.0.0')
+                                        )
+                                    )
                 def __call__(self, environ, start_response):
                     start = time.time()
                     try:
                         return self._handle_request(environ, start_response)
                     finally:
                         log = logging.getLogger('rhodecode.' + self.__class__.__name__)
                         log.debug('Request time: %.3fs' % (time.time() - start))
                         meta.Session.remove()
             class BaseController(WSGIController):
                 def __before__(self):
                     c.rhodecode_version = __version__
                     c.rhodecode_instanceid = config.get('instance_id')
                     c.rhodecode_name = config.get('rhodecode_title')
                     c.use_gravatar = str2bool(config.get('use_gravatar'))
                     c.ga_code = config.get('rhodecode_ga_code')
                     c.repo_name = get_repo_slug(request)
                     c.backends = BACKENDS.keys()
                     c.unread_notifications = NotificationModel()\
                                     .get_unread_cnt_for_user(c.rhodecode_user.user_id)
                     self.cut_off_limit = int(config.get('cut_off_limit'))
                     self.sa = meta.Session
                     self.scm_model = ScmModel(self.sa)
                 def __call__(self, environ, start_response):
                     """Invoke the Controller"""
                     # WSGIController.__call__ dispatches to the Controller method
                     # the request is routed to. This routing information is
                     # available in environ['pylons.routes_dict']
                     start = time.time()
                     try:
                         # make sure that we update permissions each time we call controller
                         api_key = request.GET.get('api_key')
                         cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
                         user_id = cookie_store.get('user_id', None)
                         username = get_container_username(environ, config)
                         auth_user = AuthUser(user_id, api_key, username)
                         request.user = auth_user
                         self.rhodecode_user = c.rhodecode_user = auth_user
                         if not self.rhodecode_user.is_authenticated and \
                                    self.rhodecode_user.user_id is not None:
                             self.rhodecode_user.set_authenticated(
                                 cookie_store.get('is_authenticated')
                             )
                         log.info('User: %s accessed %s' % (
                             auth_user, safe_unicode(environ.get('PATH_INFO')))
                         )
                         return WSGIController.__call__(self, environ, start_response)
                     finally:
                         log.info('Request to %s time: %.3fs' % (
                             safe_unicode(environ.get('PATH_INFO')), time.time() - start)
                         )
                         meta.Session.remove()
             class BaseRepoController(BaseController):
                 """
                 Base class for controllers responsible for loading all needed data for
                 repository loaded items are
                 c.rhodecode_repo: instance of scm repository
                 c.rhodecode_db_repo: instance of db
                 c.repository_followers: number of followers
                 c.repository_forks: number of forks
                 """
                 def __before__(self):
                     super(BaseRepoController, self).__before__()
                     if c.repo_name:
                         c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)
                         c.rhodecode_repo = c.rhodecode_db_repo.scm_instance
                         if c.rhodecode_repo is None:
                             log.error('%s this repository is present in database but it '
                                       'cannot be created as an scm instance', c.repo_name)
                             redirect(url('home'))
                         c.repository_followers = self.scm_model.get_followers(c.repo_name)
                         c.repository_forks = self.scm_model.get_forks(c.repo_name)

rhodecode/lib/middleware/simplegit.py

0 +1 -3

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.middleware.simplegit
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 SimpleGit middleware for handling git protocol request (push/clone etc.)
                 It's implemented with basic auth function
                 :created_on: Apr 28, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import re
             import logging
             import traceback
             from dulwich import server as dulserver
             class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):
                 def handle(self):
                     write = lambda x: self.proto.write_sideband(1, x)
                     graph_walker = dulserver.ProtocolGraphWalker(self,
                                                                  self.repo.object_store,
                                                                  self.repo.get_peeled)
                     objects_iter = self.repo.fetch_objects(
                       graph_walker.determine_wants, graph_walker, self.progress,
                       get_tagged=self.get_tagged)
                     # Do they want any objects?
                     if objects_iter is None or len(objects_iter) == 0:
                         return
                     self.progress("counting objects: %d, done.\n" % len(objects_iter))
                     dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),
                                               objects_iter, len(objects_iter))
                     messages = []
                     messages.append('thank you for using rhodecode')
                     for msg in messages:
                         self.progress(msg + "\n")
                     # we are done
                     self.proto.write("0000")
             dulserver.DEFAULT_HANDLERS = {
               'git-upload-pack': SimpleGitUploadPackHandler,
               'git-receive-pack': dulserver.ReceivePackHandler,
             }
             from dulwich.repo import Repo
             from dulwich.web import make_wsgi_chain
             from paste.httpheaders import REMOTE_USER, AUTH_TYPE
             from rhodecode.lib.utils2 import safe_str
             from rhodecode.lib.base import BaseVCSController
             from rhodecode.lib.auth import get_container_username
             from rhodecode.lib.utils import is_valid_repo
             from rhodecode.model.db import User
             from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
             log = logging.getLogger(__name__)
             GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')
             def is_git(environ):
                 path_info = environ['PATH_INFO']
                 isgit_path = GIT_PROTO_PAT.match(path_info)
                 log.debug('pathinfo: %s detected as GIT %s' % (
                     path_info, isgit_path != None)
                 )
                 return isgit_path
             class SimpleGit(BaseVCSController):
                 def _handle_request(self, environ, start_response):
                     if not is_git(environ):
                         return self.application(environ, start_response)
-                    proxy_key = 'HTTP_X_REAL_IP'
+                    ipaddr = self._get_ip_addr(environ)
-                    def_key = 'REMOTE_ADDR'
-                    ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
                     username = None
                     # skip passing error to error controller
                     environ['pylons.status_code_redirect'] = True
                     #======================================================================
                     # EXTRACT REPOSITORY NAME FROM ENV
                     #======================================================================
                     try:
                         repo_name = self.__get_repository(environ)
                         log.debug('Extracted repo name is %s' % repo_name)
                     except:
                         return HTTPInternalServerError()(environ, start_response)
                     # quick check if that dir exists...
                     if is_valid_repo(repo_name, self.basepath) is False:
                         return HTTPNotFound()(environ, start_response)
                     #======================================================================
                     # GET ACTION PULL or PUSH
                     #======================================================================
                     action = self.__get_action(environ)
                     #======================================================================
                     # CHECK ANONYMOUS PERMISSION
                     #======================================================================
                     if action in ['pull', 'push']:
                         anonymous_user = self.__get_user('default')
                         username = anonymous_user.username
                         anonymous_perm = self._check_permission(action, anonymous_user,
                                                                 repo_name)
                         if anonymous_perm is not True or anonymous_user.active is False:
                             if anonymous_perm is not True:
                                 log.debug('Not enough credentials to access this '
                                           'repository as anonymous user')
                             if anonymous_user.active is False:
                                 log.debug('Anonymous access is disabled, running '
                                           'authentication')
                             #==============================================================
                             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                             # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                             #==============================================================
                             # Attempting to retrieve username from the container
                             username = get_container_username(environ, self.config)
                             # If not authenticated by the container, running basic auth
                             if not username:
                                 self.authenticate.realm = \
                                     safe_str(self.config['rhodecode_realm'])
                                 result = self.authenticate(environ)
                                 if isinstance(result, str):
                                     AUTH_TYPE.update(environ, 'basic')
                                     REMOTE_USER.update(environ, result)
                                     username = result
                                 else:
                                     return result.wsgi_application(environ, start_response)
                             #==============================================================
                             # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                             #==============================================================
                             if action in ['pull', 'push']:
                                 try:
                                     user = self.__get_user(username)
                                     if user is None or not user.active:
                                         return HTTPForbidden()(environ, start_response)
                                     username = user.username
                                 except:
                                     log.error(traceback.format_exc())
                                     return HTTPInternalServerError()(environ,
                                                                      start_response)
                                 #check permissions for this repository
                                 perm = self._check_permission(action, user, repo_name)
                                 if perm is not True:
                                     return HTTPForbidden()(environ, start_response)
                     #===================================================================
                     # GIT REQUEST HANDLING
                     #===================================================================
                     repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
                     log.debug('Repository path is %s' % repo_path)
                     try:
                         #invalidate cache on push
                         if action == 'push':
                             self._invalidate_cache(repo_name)
                         log.info('%s action on GIT repo "%s"' % (action, repo_name))
                         app = self.__make_app(repo_name, repo_path)
                         return app(environ, start_response)
                     except Exception:
                         log.error(traceback.format_exc())
                         return HTTPInternalServerError()(environ, start_response)
                 def __make_app(self, repo_name, repo_path):
                     """
                     Make an wsgi application using dulserver
                     :param repo_name: name of the repository
                     :param repo_path: full path to the repository
                     """
                     _d = {'/' + repo_name: Repo(repo_path)}
                     backend = dulserver.DictBackend(_d)
                     gitserve = make_wsgi_chain(backend)
                     return gitserve
                 def __get_repository(self, environ):
                     """
                     Get's repository name out of PATH_INFO header
                     :param environ: environ where PATH_INFO is stored
                     """
                     try:
                         environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])
                         repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)
                     except:
                         log.error(traceback.format_exc())
                         raise
                     return repo_name
                 def __get_user(self, username):
                     return User.get_by_username(username)
                 def __get_action(self, environ):
                     """
                     Maps git request commands into a pull or push command.
                     :param environ:
                     """
                     service = environ['QUERY_STRING'].split('=')
                     if len(service) > 1:
                         service_cmd = service[1]
                         mapping = {
                             'git-receive-pack': 'push',
                             'git-upload-pack': 'pull',
                         }
                         op = mapping[service_cmd]
                         self._git_stored_op = op
                         return op
                     else:
                         # try to fallback to stored variable as we don't know if the last
                         # operation is pull/push
                         op = getattr(self, '_git_stored_op', 'pull')
                     return op

rhodecode/lib/middleware/simplehg.py

0 +1 -3

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.middleware.simplehg
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 SimpleHG middleware for handling mercurial protocol request
                 (push/clone etc.). It's implemented with basic auth function
                 :created_on: Apr 28, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import logging
             import traceback
             import urllib
             from mercurial.error import RepoError
             from mercurial.hgweb import hgweb_mod
             from paste.httpheaders import REMOTE_USER, AUTH_TYPE
             from rhodecode.lib.utils2 import safe_str
             from rhodecode.lib.base import BaseVCSController
             from rhodecode.lib.auth import get_container_username
             from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections
             from rhodecode.model.db import User
             from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
             log = logging.getLogger(__name__)
             def is_mercurial(environ):
                 """
                 Returns True if request's target is mercurial server - header
                 ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.
                 """
                 http_accept = environ.get('HTTP_ACCEPT')
                 path_info = environ['PATH_INFO']
                 if http_accept and http_accept.startswith('application/mercurial'):
                     ishg_path = True
                 else:
                     ishg_path = False
                 log.debug('pathinfo: %s detected as HG %s' % (
                     path_info, ishg_path)
                 )
                 return ishg_path
             class SimpleHg(BaseVCSController):
                 def _handle_request(self, environ, start_response):
                     if not is_mercurial(environ):
                         return self.application(environ, start_response)
-                    proxy_key = 'HTTP_X_REAL_IP'
+                    ipaddr = self._get_ip_addr(environ)
-                    def_key = 'REMOTE_ADDR'
-                    ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
                     # skip passing error to error controller
                     environ['pylons.status_code_redirect'] = True
                     #======================================================================
                     # EXTRACT REPOSITORY NAME FROM ENV
                     #======================================================================
                     try:
                         repo_name = environ['REPO_NAME'] = self.__get_repository(environ)
                         log.debug('Extracted repo name is %s' % repo_name)
                     except:
                         return HTTPInternalServerError()(environ, start_response)
                     # quick check if that dir exists...
                     if is_valid_repo(repo_name, self.basepath) is False:
                         return HTTPNotFound()(environ, start_response)
                     #======================================================================
                     # GET ACTION PULL or PUSH
                     #======================================================================
                     action = self.__get_action(environ)
                     #======================================================================
                     # CHECK ANONYMOUS PERMISSION
                     #======================================================================
                     if action in ['pull', 'push']:
                         anonymous_user = self.__get_user('default')
                         username = anonymous_user.username
                         anonymous_perm = self._check_permission(action, anonymous_user,
                                                                 repo_name)
                         if anonymous_perm is not True or anonymous_user.active is False:
                             if anonymous_perm is not True:
                                 log.debug('Not enough credentials to access this '
                                           'repository as anonymous user')
                             if anonymous_user.active is False:
                                 log.debug('Anonymous access is disabled, running '
                                           'authentication')
                             #==============================================================
                             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                             # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                             #==============================================================
                             # Attempting to retrieve username from the container
                             username = get_container_username(environ, self.config)
                             # If not authenticated by the container, running basic auth
                             if not username:
                                 self.authenticate.realm = \
                                     safe_str(self.config['rhodecode_realm'])
                                 result = self.authenticate(environ)
                                 if isinstance(result, str):
                                     AUTH_TYPE.update(environ, 'basic')
                                     REMOTE_USER.update(environ, result)
                                     username = result
                                 else:
                                     return result.wsgi_application(environ, start_response)
                             #==============================================================
                             # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                             #==============================================================
                             if action in ['pull', 'push']:
                                 try:
                                     user = self.__get_user(username)
                                     if user is None or not user.active:
                                         return HTTPForbidden()(environ, start_response)
                                     username = user.username
                                 except:
                                     log.error(traceback.format_exc())
                                     return HTTPInternalServerError()(environ,
                                                                      start_response)
                                 #check permissions for this repository
                                 perm = self._check_permission(action, user, repo_name)
                                 if perm is not True:
                                     return HTTPForbidden()(environ, start_response)
                     # extras are injected into mercurial UI object and later available
                     # in hg hooks executed by rhodecode
                     extras = {
                         'ip': ipaddr,
                         'username': username,
                         'action': action,
                         'repository': repo_name
                     }
                     #======================================================================
                     # MERCURIAL REQUEST HANDLING
                     #======================================================================
                     repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
                     log.debug('Repository path is %s' % repo_path)
                     baseui = make_ui('db')
                     self.__inject_extras(repo_path, baseui, extras)
                     try:
                         # invalidate cache on push
                         if action == 'push':
                             self._invalidate_cache(repo_name)
                         log.info('%s action on HG repo "%s"' % (action, repo_name))
                         app = self.__make_app(repo_path, baseui, extras)
                         return app(environ, start_response)
                     except RepoError, e:
                         if str(e).find('not found') != -1:
                             return HTTPNotFound()(environ, start_response)
                     except Exception:
                         log.error(traceback.format_exc())
                         return HTTPInternalServerError()(environ, start_response)
                 def __make_app(self, repo_name, baseui, extras):
                     """
                     Make an wsgi application using hgweb, and inject generated baseui
                     instance, additionally inject some extras into ui object
                     """
                     return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)
                 def __get_repository(self, environ):
                     """
                     Get's repository name out of PATH_INFO header
                     :param environ: environ where PATH_INFO is stored
                     """
                     try:
                         environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])
                         repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
                         if repo_name.endswith('/'):
                             repo_name = repo_name.rstrip('/')
                     except:
                         log.error(traceback.format_exc())
                         raise
                     return repo_name
                 def __get_user(self, username):
                     return User.get_by_username(username)
                 def __get_action(self, environ):
                     """
                     Maps mercurial request commands into a clone,pull or push command.
                     This should always return a valid command string
                     :param environ:
                     """
                     mapping = {'changegroup': 'pull',
                                'changegroupsubset': 'pull',
                                'stream_out': 'pull',
                                'listkeys': 'pull',
                                'unbundle': 'push',
                                'pushkey': 'push', }
                     for qry in environ['QUERY_STRING'].split('&'):
                         if qry.startswith('cmd'):
                             cmd = qry.split('=')[-1]
                             if cmd in mapping:
                                 return mapping[cmd]
                             else:
                                 return 'pull'
                 def __inject_extras(self, repo_path, baseui, extras={}):
                     """
                     Injects some extra params into baseui instance
                     also overwrites global settings with those takes from local hgrc file
                     :param baseui: baseui instance
                     :param extras: dict with extra params to put into baseui
                     """
                     hgrc = os.path.join(repo_path, '.hg', 'hgrc')
                     # make our hgweb quiet so it doesn't print output
                     baseui.setconfig('ui', 'quiet', 'true')
                     #inject some additional parameters that will be available in ui
                     #for hooks
                     for k, v in extras.items():
                         baseui.setconfig('rhodecode_extras', k, v)
                     repoui = make_ui('file', hgrc, False)
                     if repoui:
                         #overwrite our ui instance with the section from hgrc file
                         for section in ui_sections:
                             for k, v in repoui.configitems(section):
                                 baseui.setconfig(section, k, v)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages