upstream/kallithea Commit - r3353:e351161b

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

"""

2

"""

3

rhodecode.lib.middleware.simplegit

3

rhodecode.lib.middleware.simplegit

4

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5

6

SimpleGit middleware for handling git protocol request (push/clone etc.)

6

SimpleGit middleware for handling git protocol request (push/clone etc.)

7

It's implemented with basic auth function

7

It's implemented with basic auth function

8

9

:created_on: Apr 28, 2010

9

:created_on: Apr 28, 2010

10

:author: marcink

10

:author: marcink

11

12

:license: GPLv3, see COPYING for more details.

12

:license: GPLv3, see COPYING for more details.

13

"""

13

"""

14

# This program is free software: you can redistribute it and/or modify

14

# This program is free software: you can redistribute it and/or modify

15

# it under the terms of the GNU General Public License as published by

15

# it under the terms of the GNU General Public License as published by

16

# the Free Software Foundation, either version 3 of the License, or

16

# the Free Software Foundation, either version 3 of the License, or

17

# (at your option) any later version.

17

# (at your option) any later version.

18

#

18

#

19

# This program is distributed in the hope that it will be useful,

19

# This program is distributed in the hope that it will be useful,

20

# but WITHOUT ANY WARRANTY; without even the implied warranty of

20

# but WITHOUT ANY WARRANTY; without even the implied warranty of

21

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

21

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

22

# GNU General Public License for more details.

22

# GNU General Public License for more details.

23

#

23

#

24

# You should have received a copy of the GNU General Public License

24

# You should have received a copy of the GNU General Public License

25

# along with this program. If not, see <http://www.gnu.org/licenses/>.

25

# along with this program. If not, see <http://www.gnu.org/licenses/>.

26

27

import os

27

import os

28

import re

28

import re

29

import logging

29

import logging

30

import traceback

30

import traceback

31

32

from dulwich import server as dulserver

32

from dulwich import server as dulserver

33

from dulwich.web import LimitedInputFilter, GunzipFilter

33

from dulwich.web import LimitedInputFilter, GunzipFilter

34

from rhodecode.lib.exceptions import HTTPLockedRC

34

from rhodecode.lib.exceptions import HTTPLockedRC

35

from rhodecode.lib.hooks import pre_pull

35

from rhodecode.lib.hooks import pre_pull

36

37

38

class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):

38

class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):

39

40

def handle(self):

40

def handle(self):

41

write = lambda x: self.proto.write_sideband(1, x)

41

write = lambda x: self.proto.write_sideband(1, x)

42

43

graph_walker = dulserver.ProtocolGraphWalker(self,

43

graph_walker = dulserver.ProtocolGraphWalker(self,

44

self.repo.object_store,

44

self.repo.object_store,

45

self.repo.get_peeled)

45

self.repo.get_peeled)

46

objects_iter = self.repo.fetch_objects(

46

objects_iter = self.repo.fetch_objects(

47

graph_walker.determine_wants, graph_walker, self.progress,

47

graph_walker.determine_wants, graph_walker, self.progress,

48

get_tagged=self.get_tagged)

48

get_tagged=self.get_tagged)

49

50

# Did the process short-circuit (e.g. in a stateless RPC call)? Note

50

# Did the process short-circuit (e.g. in a stateless RPC call)? Note

51

# that the client still expects a 0-object pack in most cases.

51

# that the client still expects a 0-object pack in most cases.

52

if objects_iter is None:

52

if objects_iter is None:

53

return

53

return

54

55

self.progress("counting objects: %d, done.\n" % len(objects_iter))

55

self.progress("counting objects: %d, done.\n" % len(objects_iter))

56

dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),

56

dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),

57

objects_iter)

57

objects_iter)

58

messages = []

58

messages = []

59

messages.append('thank you for using rhodecode')

59

messages.append('thank you for using rhodecode')

60

61

for msg in messages:

61

for msg in messages:

62

self.progress(msg + "\n")

62

self.progress(msg + "\n")

63

# we are done

63

# we are done

64

self.proto.write("0000")

64

self.proto.write("0000")

65

66

67

dulserver.DEFAULT_HANDLERS = {

67

dulserver.DEFAULT_HANDLERS = {

68

#git-ls-remote, git-clone, git-fetch and git-pull

68

#git-ls-remote, git-clone, git-fetch and git-pull

69

'git-upload-pack': SimpleGitUploadPackHandler,

69

'git-upload-pack': SimpleGitUploadPackHandler,

70

#git-push

70

#git-push

71

'git-receive-pack': dulserver.ReceivePackHandler,

71

'git-receive-pack': dulserver.ReceivePackHandler,

72

}

72

}

73

74

# not used for now until dulwich get's fixed

74

# not used for now until dulwich get's fixed

75

#from dulwich.repo import Repo

75

#from dulwich.repo import Repo

76

#from dulwich.web import make_wsgi_chain

76

#from dulwich.web import make_wsgi_chain

77

78

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

78

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

79

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \

79

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \

80

HTTPBadRequest, HTTPNotAcceptable

80

HTTPBadRequest, HTTPNotAcceptable

81

82

from rhodecode.lib.utils2 import safe_str, fix_PATH, get_server_url

82

from rhodecode.lib.utils2 import safe_str, fix_PATH, get_server_url

83

from rhodecode.lib.base import BaseVCSController

83

from rhodecode.lib.base import BaseVCSController

84

from rhodecode.lib.auth import get_container_username

84

from rhodecode.lib.auth import get_container_username

85

from rhodecode.lib.utils import is_valid_repo, make_ui

85

from rhodecode.lib.utils import is_valid_repo, make_ui

86

from rhodecode.lib.compat import json

86

from rhodecode.lib.compat import json

87

from rhodecode.model.db import User, RhodeCodeUi

87

from rhodecode.model.db import User, RhodeCodeUi

88

89

log = logging.getLogger(__name__)

89

log = logging.getLogger(__name__)

90

91

92

GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')

92

GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')

93

94

95

def is_git(environ):

95

def is_git(environ):

96

path_info = environ['PATH_INFO']

96

path_info = environ['PATH_INFO']

97

isgit_path = GIT_PROTO_PAT.match(path_info)

97

isgit_path = GIT_PROTO_PAT.match(path_info)

98

log.debug('pathinfo: %s detected as GIT %s' % (

98

log.debug('pathinfo: %s detected as GIT %s' % (

99

path_info, isgit_path != None)

99

path_info, isgit_path != None)

100

)

100

)

101

return isgit_path

101

return isgit_path

102

103

104

class SimpleGit(BaseVCSController):

104

class SimpleGit(BaseVCSController):

105

106

def _handle_request(self, environ, start_response):

106

def _handle_request(self, environ, start_response):

107

if not is_git(environ):

107

if not is_git(environ):

108

return self.application(environ, start_response)

108

return self.application(environ, start_response)

109

if not self._check_ssl(environ, start_response):

109

if not self._check_ssl(environ, start_response):

110

return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)

110

return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)

111

112

ip_addr = self._get_ip_addr(environ)

112

ip_addr = self._get_ip_addr(environ)

113

username = None

113

username = None

114

self._git_first_op = False

114

self._git_first_op = False

115

# skip passing error to error controller

115

# skip passing error to error controller

116

environ['pylons.status_code_redirect'] = True

116

environ['pylons.status_code_redirect'] = True

117

118

#======================================================================

118

#======================================================================

119

# EXTRACT REPOSITORY NAME FROM ENV

119

# EXTRACT REPOSITORY NAME FROM ENV

120

#======================================================================

120

#======================================================================

121

try:

121

try:

122

repo_name = self.__get_repository(environ)

122

repo_name = self.__get_repository(environ)

123

log.debug('Extracted repo name is %s' % repo_name)

123

log.debug('Extracted repo name is %s' % repo_name)

124

except:

124

except:

125

return HTTPInternalServerError()(environ, start_response)

125

return HTTPInternalServerError()(environ, start_response)

126

127

# quick check if that dir exists...

127

# quick check if that dir exists...

128

if is_valid_repo(repo_name, self.basepath, 'git') is False:

128

if is_valid_repo(repo_name, self.basepath, 'git') is False:

129

return HTTPNotFound()(environ, start_response)

129

return HTTPNotFound()(environ, start_response)

130

131

#======================================================================

131

#======================================================================

132

# GET ACTION PULL or PUSH

132

# GET ACTION PULL or PUSH

133

#======================================================================

133

#======================================================================

134

action = self.__get_action(environ)

134

action = self.__get_action(environ)

135

136

#======================================================================

136

#======================================================================

137

# CHECK ANONYMOUS PERMISSION

137

# CHECK ANONYMOUS PERMISSION

138

#======================================================================

138

#======================================================================

139

if action in ['pull', 'push']:

139

if action in ['pull', 'push']:

140

anonymous_user = self.__get_user('default')

140

anonymous_user = self.__get_user('default')

141

username = anonymous_user.username

141

username = anonymous_user.username

142

anonymous_perm = self._check_permission(action, anonymous_user,

142

anonymous_perm = self._check_permission(action, anonymous_user,

143

repo_name, ip_addr)

143

repo_name, ip_addr)

144

145

if anonymous_perm is not True or anonymous_user.active is False:

145

if anonymous_perm is not True or anonymous_user.active is False:

146

if anonymous_perm is not True:

146

if anonymous_perm is not True:

147

log.debug('Not enough credentials to access this '

147

log.debug('Not enough credentials to access this '

148

'repository as anonymous user')

148

'repository as anonymous user')

149

if anonymous_user.active is False:

149

if anonymous_user.active is False:

150

log.debug('Anonymous access is disabled, running '

150

log.debug('Anonymous access is disabled, running '

151

'authentication')

151

'authentication')

152

#==============================================================

152

#==============================================================

153

# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

153

# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

154

# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

154

# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

155

#==============================================================

155

#==============================================================

156

157

# Attempting to retrieve username from the container

157

# Attempting to retrieve username from the container

158

username = get_container_username(environ, self.config)

158

username = get_container_username(environ, self.config)

159

160

# If not authenticated by the container, running basic auth

160

# If not authenticated by the container, running basic auth

161

if not username:

161

if not username:

162

self.authenticate.realm = \

162

self.authenticate.realm = \

163

safe_str(self.config['rhodecode_realm'])

163

safe_str(self.config['rhodecode_realm'])

164

result = self.authenticate(environ)

164

result = self.authenticate(environ)

165

if isinstance(result, str):

165

if isinstance(result, str):

166

AUTH_TYPE.update(environ, 'basic')

166

AUTH_TYPE.update(environ, 'basic')

167

REMOTE_USER.update(environ, result)

167

REMOTE_USER.update(environ, result)

168

username = result

168

username = result

169

else:

169

else:

170

return result.wsgi_application(environ, start_response)

170

return result.wsgi_application(environ, start_response)

171

172

#==============================================================

172

#==============================================================

173

# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

173

# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

174

#==============================================================

174

#==============================================================

175

try:

175

try:

176

user = self.__get_user(username)

176

user = self.__get_user(username)

177

if user is None or not user.active:

177

if user is None or not user.active:

178

return HTTPForbidden()(environ, start_response)

178

return HTTPForbidden()(environ, start_response)

179

username = user.username

179

username = user.username

180

except:

180

except:

181

log.error(traceback.format_exc())

181

log.error(traceback.format_exc())

182

return HTTPInternalServerError()(environ, start_response)

182

return HTTPInternalServerError()(environ, start_response)

183

184

#check permissions for this repository

184

#check permissions for this repository

185

perm = self._check_permission(action, user, repo_name, ip_addr)

185

perm = self._check_permission(action, user, repo_name, ip_addr)

186

if perm is not True:

186

if perm is not True:

187

return HTTPForbidden()(environ, start_response)

187

return HTTPForbidden()(environ, start_response)

188

189

# extras are injected into UI object and later available

189

# extras are injected into UI object and later available

190

# in hooks executed by rhodecode

190

# in hooks executed by rhodecode

191

from rhodecode import CONFIG

191

from rhodecode import CONFIG

192

server_url = get_server_url(environ)

192

server_url = get_server_url(environ)

193

extras = {

193

extras = {

194

'ip': ip_addr,

194

'ip': ip_addr,

195

'username': username,

195

'username': username,

196

'action': action,

196

'action': action,

197

'repository': repo_name,

197

'repository': repo_name,

198

'scm': 'git',

198

'scm': 'git',

199

'config': CONFIG['__file__'],

199

'config': CONFIG['__file__'],

200

'server_url': server_url,

200

'server_url': server_url,

201

'make_lock': None,

201

'make_lock': None,

202

'locked_by': [None, None]

202

'locked_by': [None, None]

203

}

203

}

204

205

#===================================================================

205

#===================================================================

206

# GIT REQUEST HANDLING

206

# GIT REQUEST HANDLING

207

#===================================================================

207

#===================================================================

208

repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))

208

repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))

209

log.debug('Repository path is %s' % repo_path)

209

log.debug('Repository path is %s' % repo_path)

210

211

# CHECK LOCKING only if it's not ANONYMOUS USER

211

# CHECK LOCKING only if it's not ANONYMOUS USER

212

if username != User.DEFAULT_USER:

212

if username != User.DEFAULT_USER:

213

log.debug('Checking locking on repository')

213

log.debug('Checking locking on repository')

214

(make_lock,

214

(make_lock,

215

locked,

215

locked,

216

locked_by) = self._check_locking_state(

216

locked_by) = self._check_locking_state(

217

environ=environ, action=action,

217

environ=environ, action=action,

218

repo=repo_name, user_id=user.user_id

218

repo=repo_name, user_id=user.user_id

219

)

219

)

220

# store the make_lock for later evaluation in hooks

220

# store the make_lock for later evaluation in hooks

221

extras.update({'make_lock': make_lock,

221

extras.update({'make_lock': make_lock,

222

'locked_by': locked_by})

222

'locked_by': locked_by})

223

# set the environ variables for this request

223

# set the environ variables for this request

224

os.environ['RC_SCM_DATA'] = json.dumps(extras)

224

os.environ['RC_SCM_DATA'] = json.dumps(extras)

225

fix_PATH()

225

fix_PATH()

226

log.debug('HOOKS extras is %s' % extras)

226

log.debug('HOOKS extras is %s' % extras)

227

baseui = make_ui('db')

227

baseui = make_ui('db')

228

self.__inject_extras(repo_path, baseui, extras)

228

self.__inject_extras(repo_path, baseui, extras)

229

230

try:

230

try:

231

self._handle_githooks(repo_name, action, baseui, environ)

231

# invalidate cache on push

232

# invalidate cache on push

232

if action == 'push':

233

if action == 'push':

233

self._invalidate_cache(repo_name)

234

self._invalidate_cache(repo_name)

234

self._handle_githooks(repo_name, action, baseui, environ)

235

236

log.info('%s action on GIT repo "%s" by "%s" from %s' %

235

log.info('%s action on GIT repo "%s" by "%s" from %s' %

237

(action, repo_name, username, ip_addr))

236

(action, repo_name, username, ip_addr))

238

app = self.__make_app(repo_name, repo_path, extras)

237

app = self.__make_app(repo_name, repo_path, extras)

239

return app(environ, start_response)

238

return app(environ, start_response)

240

except HTTPLockedRC, e:

239

except HTTPLockedRC, e:

241

log.debug('Repository LOCKED ret code 423!')

240

log.debug('Repository LOCKED ret code 423!')

242

return e(environ, start_response)

241

return e(environ, start_response)

243

except Exception:

242

except Exception:

244

log.error(traceback.format_exc())

243

log.error(traceback.format_exc())

245

return HTTPInternalServerError()(environ, start_response)

244

return HTTPInternalServerError()(environ, start_response)

246

245

247

def __make_app(self, repo_name, repo_path, extras):

246

def __make_app(self, repo_name, repo_path, extras):

248

"""

247

"""

249

Make an wsgi application using dulserver

248

Make an wsgi application using dulserver

250

249

251

:param repo_name: name of the repository

250

:param repo_name: name of the repository

252

:param repo_path: full path to the repository

251

:param repo_path: full path to the repository

253

"""

252

"""

254

253

255

from rhodecode.lib.middleware.pygrack import make_wsgi_app

254

from rhodecode.lib.middleware.pygrack import make_wsgi_app

256

app = make_wsgi_app(

255

app = make_wsgi_app(

257

repo_root=safe_str(self.basepath),

256

repo_root=safe_str(self.basepath),

258

repo_name=repo_name,

257

repo_name=repo_name,

259

extras=extras,

258

extras=extras,

260

)

259

)

261

app = GunzipFilter(LimitedInputFilter(app))

260

app = GunzipFilter(LimitedInputFilter(app))

262

return app

261

return app

263

262

264

def __get_repository(self, environ):

263

def __get_repository(self, environ):

265

"""

264

"""

266

Get's repository name out of PATH_INFO header

265

Get's repository name out of PATH_INFO header

267

266

268

:param environ: environ where PATH_INFO is stored

267

:param environ: environ where PATH_INFO is stored

269

"""

268

"""

270

try:

269

try:

271

environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

270

environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

272

repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)

271

repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)

273

except:

272

except:

274

log.error(traceback.format_exc())

273

log.error(traceback.format_exc())

275

raise

274

raise

276

275

277

return repo_name

276

return repo_name

278

277

279

def __get_user(self, username):

278

def __get_user(self, username):

280

return User.get_by_username(username)

279

return User.get_by_username(username)

281

280

282

def __get_action(self, environ):

281

def __get_action(self, environ):

283

"""

282

"""

284

Maps git request commands into a pull or push command.

283

Maps git request commands into a pull or push command.

285

284

286

:param environ:

285

:param environ:

287

"""

286

"""

288

service = environ['QUERY_STRING'].split('=')

287

service = environ['QUERY_STRING'].split('=')

289

288

290

if len(service) > 1:

289

if len(service) > 1:

291

service_cmd = service[1]

290

service_cmd = service[1]

292

mapping = {

291

mapping = {

293

'git-receive-pack': 'push',

292

'git-receive-pack': 'push',

294

'git-upload-pack': 'pull',

293

'git-upload-pack': 'pull',

295

}

294

}

296

op = mapping[service_cmd]

295

op = mapping[service_cmd]

297

self._git_stored_op = op

296

self._git_stored_op = op

298

return op

297

return op

299

else:

298

else:

300

# try to fallback to stored variable as we don't know if the last

299

# try to fallback to stored variable as we don't know if the last

301

# operation is pull/push

300

# operation is pull/push

302

op = getattr(self, '_git_stored_op', 'pull')

301

op = getattr(self, '_git_stored_op', 'pull')

303

return op

302

return op

304

303

305

def _handle_githooks(self, repo_name, action, baseui, environ):

304

def _handle_githooks(self, repo_name, action, baseui, environ):

306

"""

305

"""

307

Handles pull action, push is handled by post-receive hook

306

Handles pull action, push is handled by post-receive hook

308

"""

307

"""

309

from rhodecode.lib.hooks import log_pull_action

308

from rhodecode.lib.hooks import log_pull_action

310

service = environ['QUERY_STRING'].split('=')

309

service = environ['QUERY_STRING'].split('=')

311

310

312

if len(service) < 2:

311

if len(service) < 2:

313

return

312

return

314

313

315

from rhodecode.model.db import Repository

314

from rhodecode.model.db import Repository

316

_repo = Repository.get_by_repo_name(repo_name)

315

_repo = Repository.get_by_repo_name(repo_name)

317

_repo = _repo.scm_instance

316

_repo = _repo.scm_instance

318

_repo._repo.ui = baseui

317

_repo._repo.ui = baseui

319

318

320

_hooks = dict(baseui.configitems('hooks')) or {}

319

_hooks = dict(baseui.configitems('hooks')) or {}

321

if action == 'pull':

320

if action == 'pull':

322

# stupid git, emulate pre-pull hook !

321

# stupid git, emulate pre-pull hook !

323

pre_pull(ui=baseui, repo=_repo._repo)

322

pre_pull(ui=baseui, repo=_repo._repo)

324

if action == 'pull' and _hooks.get(RhodeCodeUi.HOOK_PULL):

323

if action == 'pull' and _hooks.get(RhodeCodeUi.HOOK_PULL):

325

log_pull_action(ui=baseui, repo=_repo._repo)

324

log_pull_action(ui=baseui, repo=_repo._repo)

326

325

327

def __inject_extras(self, repo_path, baseui, extras={}):

326

def __inject_extras(self, repo_path, baseui, extras={}):

328

"""

327

"""

329

Injects some extra params into baseui instance

328

Injects some extra params into baseui instance

330

329

331

:param baseui: baseui instance

330

:param baseui: baseui instance

332

:param extras: dict with extra params to put into baseui

331

:param extras: dict with extra params to put into baseui

333

"""

332

"""

334

333

335

# make our hgweb quiet so it doesn't print output

334

# make our hgweb quiet so it doesn't print output

336

baseui.setconfig('ui', 'quiet', 'true')

335

baseui.setconfig('ui', 'quiet', 'true')

337

336

338

#inject some additional parameters that will be available in ui

337

#inject some additional parameters that will be available in ui

339

#for hooks

338

#for hooks

340

for k, v in extras.items():

339

for k, v in extras.items():

341

baseui.setconfig('rhodecode_extras', k, v)

340

baseui.setconfig('rhodecode_extras', k, v)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.middleware.simplegit
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 SimpleGit middleware for handling git protocol request (push/clone etc.)
                 It's implemented with basic auth function
                 :created_on: Apr 28, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import re
             import logging
             import traceback
             from dulwich import server as dulserver
             from dulwich.web import LimitedInputFilter, GunzipFilter
             from rhodecode.lib.exceptions import HTTPLockedRC
             from rhodecode.lib.hooks import pre_pull
             class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):
                 def handle(self):
                     write = lambda x: self.proto.write_sideband(1, x)
                     graph_walker = dulserver.ProtocolGraphWalker(self,
                                                                  self.repo.object_store,
                                                                  self.repo.get_peeled)
                     objects_iter = self.repo.fetch_objects(
                       graph_walker.determine_wants, graph_walker, self.progress,
                       get_tagged=self.get_tagged)
                     # Did the process short-circuit (e.g. in a stateless RPC call)? Note
                     # that the client still expects a 0-object pack in most cases.
                     if objects_iter is None:
                         return
                     self.progress("counting objects: %d, done.\n" % len(objects_iter))
                     dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),
                                                  objects_iter)
                     messages = []
                     messages.append('thank you for using rhodecode')
                     for msg in messages:
                         self.progress(msg + "\n")
                     # we are done
                     self.proto.write("0000")
             dulserver.DEFAULT_HANDLERS = {
               #git-ls-remote, git-clone, git-fetch and git-pull
               'git-upload-pack': SimpleGitUploadPackHandler,
               #git-push
               'git-receive-pack': dulserver.ReceivePackHandler,
             }
             # not used for now until dulwich get's fixed
             #from dulwich.repo import Repo
             #from dulwich.web import make_wsgi_chain
             from paste.httpheaders import REMOTE_USER, AUTH_TYPE
             from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
                 HTTPBadRequest, HTTPNotAcceptable
             from rhodecode.lib.utils2 import safe_str, fix_PATH, get_server_url
             from rhodecode.lib.base import BaseVCSController
             from rhodecode.lib.auth import get_container_username
             from rhodecode.lib.utils import is_valid_repo, make_ui
             from rhodecode.lib.compat import json
             from rhodecode.model.db import User, RhodeCodeUi
             log = logging.getLogger(__name__)
             GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')
             def is_git(environ):
                 path_info = environ['PATH_INFO']
                 isgit_path = GIT_PROTO_PAT.match(path_info)
                 log.debug('pathinfo: %s detected as GIT %s' % (
                     path_info, isgit_path != None)
                 )
                 return isgit_path
             class SimpleGit(BaseVCSController):
                 def _handle_request(self, environ, start_response):
                     if not is_git(environ):
                         return self.application(environ, start_response)
                     if not self._check_ssl(environ, start_response):
                         return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
                     ip_addr = self._get_ip_addr(environ)
                     username = None
                     self._git_first_op = False
                     # skip passing error to error controller
                     environ['pylons.status_code_redirect'] = True
                     #======================================================================
                     # EXTRACT REPOSITORY NAME FROM ENV
                     #======================================================================
                     try:
                         repo_name = self.__get_repository(environ)
                         log.debug('Extracted repo name is %s' % repo_name)
                     except:
                         return HTTPInternalServerError()(environ, start_response)
                     # quick check if that dir exists...
                     if is_valid_repo(repo_name, self.basepath, 'git') is False:
                         return HTTPNotFound()(environ, start_response)
                     #======================================================================
                     # GET ACTION PULL or PUSH
                     #======================================================================
                     action = self.__get_action(environ)
                     #======================================================================
                     # CHECK ANONYMOUS PERMISSION
                     #======================================================================
                     if action in ['pull', 'push']:
                         anonymous_user = self.__get_user('default')
                         username = anonymous_user.username
                         anonymous_perm = self._check_permission(action, anonymous_user,
                                                                 repo_name, ip_addr)
                         if anonymous_perm is not True or anonymous_user.active is False:
                             if anonymous_perm is not True:
                                 log.debug('Not enough credentials to access this '
                                           'repository as anonymous user')
                             if anonymous_user.active is False:
                                 log.debug('Anonymous access is disabled, running '
                                           'authentication')
                             #==============================================================
                             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                             # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                             #==============================================================
                             # Attempting to retrieve username from the container
                             username = get_container_username(environ, self.config)
                             # If not authenticated by the container, running basic auth
                             if not username:
                                 self.authenticate.realm = \
                                     safe_str(self.config['rhodecode_realm'])
                                 result = self.authenticate(environ)
                                 if isinstance(result, str):
                                     AUTH_TYPE.update(environ, 'basic')
                                     REMOTE_USER.update(environ, result)
                                     username = result
                                 else:
                                     return result.wsgi_application(environ, start_response)
                             #==============================================================
                             # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                             #==============================================================
                             try:
                                 user = self.__get_user(username)
                                 if user is None or not user.active:
                                     return HTTPForbidden()(environ, start_response)
                                 username = user.username
                             except:
                                 log.error(traceback.format_exc())
                                 return HTTPInternalServerError()(environ, start_response)
                             #check permissions for this repository
                             perm = self._check_permission(action, user, repo_name, ip_addr)
                             if perm is not True:
                                 return HTTPForbidden()(environ, start_response)
                     # extras are injected into UI object and later available
                     # in hooks executed by rhodecode
                     from rhodecode import CONFIG
                     server_url = get_server_url(environ)
                     extras = {
                         'ip': ip_addr,
                         'username': username,
                         'action': action,
                         'repository': repo_name,
                         'scm': 'git',
                         'config': CONFIG['__file__'],
                         'server_url': server_url,
                         'make_lock': None,
                         'locked_by': [None, None]
                     }
                     #===================================================================
                     # GIT REQUEST HANDLING
                     #===================================================================
                     repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
                     log.debug('Repository path is %s' % repo_path)
                     # CHECK LOCKING only if it's not ANONYMOUS USER
                     if username != User.DEFAULT_USER:
                         log.debug('Checking locking on repository')
                         (make_lock,
                          locked,
                          locked_by) = self._check_locking_state(
                                         environ=environ, action=action,
                                         repo=repo_name, user_id=user.user_id
                                    )
                         # store the make_lock for later evaluation in hooks
                         extras.update({'make_lock': make_lock,
                                        'locked_by': locked_by})
                     # set the environ variables for this request
                     os.environ['RC_SCM_DATA'] = json.dumps(extras)
                     fix_PATH()
                     log.debug('HOOKS extras is %s' % extras)
                     baseui = make_ui('db')
                     self.__inject_extras(repo_path, baseui, extras)
                     try:
+                        self._handle_githooks(repo_name, action, baseui, environ)
                         # invalidate cache on push
                         if action == 'push':
                             self._invalidate_cache(repo_name)
-                        self._handle_githooks(repo_name, action, baseui, environ)
                         log.info('%s action on GIT repo "%s" by "%s" from %s' %
                                  (action, repo_name, username, ip_addr))
                         app = self.__make_app(repo_name, repo_path, extras)
                         return app(environ, start_response)
                     except HTTPLockedRC, e:
                         log.debug('Repository LOCKED ret code 423!')
                         return e(environ, start_response)
                     except Exception:
                         log.error(traceback.format_exc())
                         return HTTPInternalServerError()(environ, start_response)
                 def __make_app(self, repo_name, repo_path, extras):
                     """
                     Make an wsgi application using dulserver
                     :param repo_name: name of the repository
                     :param repo_path: full path to the repository
                     """
                     from rhodecode.lib.middleware.pygrack import make_wsgi_app
                     app = make_wsgi_app(
                         repo_root=safe_str(self.basepath),
                         repo_name=repo_name,
                         extras=extras,
                     )
                     app = GunzipFilter(LimitedInputFilter(app))
                     return app
                 def __get_repository(self, environ):
                     """
                     Get's repository name out of PATH_INFO header
                     :param environ: environ where PATH_INFO is stored
                     """
                     try:
                         environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])
                         repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)
                     except:
                         log.error(traceback.format_exc())
                         raise
                     return repo_name
                 def __get_user(self, username):
                     return User.get_by_username(username)
                 def __get_action(self, environ):
                     """
                     Maps git request commands into a pull or push command.
                     :param environ:
                     """
                     service = environ['QUERY_STRING'].split('=')
                     if len(service) > 1:
                         service_cmd = service[1]
                         mapping = {
                             'git-receive-pack': 'push',
                             'git-upload-pack': 'pull',
                         }
                         op = mapping[service_cmd]
                         self._git_stored_op = op
                         return op
                     else:
                         # try to fallback to stored variable as we don't know if the last
                         # operation is pull/push
                         op = getattr(self, '_git_stored_op', 'pull')
                     return op
                 def _handle_githooks(self, repo_name, action, baseui, environ):
                     """
                     Handles pull action, push is handled by post-receive hook
                     """
                     from rhodecode.lib.hooks import log_pull_action
                     service = environ['QUERY_STRING'].split('=')
                     if len(service) < 2:
                         return
                     from rhodecode.model.db import Repository
                     _repo = Repository.get_by_repo_name(repo_name)
                     _repo = _repo.scm_instance
                     _repo._repo.ui = baseui
                     _hooks = dict(baseui.configitems('hooks')) or {}
                     if action == 'pull':
                         # stupid git, emulate pre-pull hook !
                         pre_pull(ui=baseui, repo=_repo._repo)
                     if action == 'pull' and _hooks.get(RhodeCodeUi.HOOK_PULL):
                         log_pull_action(ui=baseui, repo=_repo._repo)
                 def __inject_extras(self, repo_path, baseui, extras={}):
                     """
                     Injects some extra params into baseui instance
                     :param baseui: baseui instance
                     :param extras: dict with extra params to put into baseui
                     """
                     # make our hgweb quiet so it doesn't print output
                     baseui.setconfig('ui', 'quiet', 'true')
                     #inject some additional parameters that will be available in ui
                     #for hooks
                     for k, v in extras.items():
                         baseui.setconfig('rhodecode_extras', k, v)