hgweb_mod.py
441 lines
| 16.5 KiB
| text/x-python
|
PythonLexer
Eric Hopper
|
r2391 | # hgweb/hgweb_mod.py - Web interface for a repository. | ||
Eric Hopper
|
r2356 | # | ||
# Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net> | ||||
Thomas Arendsen Hein
|
r4635 | # Copyright 2005-2007 Matt Mackall <mpm@selenic.com> | ||
Eric Hopper
|
r2356 | # | ||
Martin Geisler
|
r8225 | # This software may be used and distributed according to the terms of the | ||
Matt Mackall
|
r10263 | # GNU General Public License version 2 or any later version. | ||
Eric Hopper
|
r2356 | |||
Gregory Szorc
|
r26220 | import contextlib | ||
Gregory Szorc
|
r26162 | import os | ||
Pierre-Yves David
|
r18522 | from mercurial import ui, hg, hook, error, encoding, templater, util, repoview | ||
Angel Ezquerra
|
r18627 | from mercurial.templatefilters import websub | ||
Matt Mackall
|
r26226 | from common import ErrorResponse, permhooks, caching | ||
Augie Fackler
|
r12739 | from common import HTTP_OK, HTTP_NOT_MODIFIED, HTTP_BAD_REQUEST | ||
from common import HTTP_NOT_FOUND, HTTP_SERVER_ERROR | ||||
Dirkjan Ochtman
|
r5566 | from request import wsgirequest | ||
Augie Fackler
|
r20034 | import webcommands, protocol, webutil | ||
Eric Hopper
|
r2356 | |||
Dirkjan Ochtman
|
r6779 | perms = { | ||
'changegroup': 'pull', | ||||
'changegroupsubset': 'pull', | ||||
Peter Arrenbrecht
|
r13741 | 'getbundle': 'pull', | ||
Matt Mackall
|
r11370 | 'stream_out': 'pull', | ||
'listkeys': 'pull', | ||||
Dirkjan Ochtman
|
r6779 | 'unbundle': 'push', | ||
Matt Mackall
|
r11370 | 'pushkey': 'push', | ||
Dirkjan Ochtman
|
r6779 | } | ||
Angel Ezquerra
|
r18515 | def makebreadcrumb(url, prefix=''): | ||
Angel Ezquerra <angel.ezquerra at gmail.com>
|
r18258 | '''Return a 'URL breadcrumb' list | ||
A 'URL breadcrumb' is a list of URL-name pairs, | ||||
corresponding to each of the path items on a URL. | ||||
This can be used to create path navigation entries. | ||||
''' | ||||
if url.endswith('/'): | ||||
url = url[:-1] | ||||
Angel Ezquerra
|
r18515 | if prefix: | ||
url = '/' + prefix + url | ||||
Angel Ezquerra <angel.ezquerra at gmail.com>
|
r18258 | relpath = url | ||
if relpath.startswith('/'): | ||||
relpath = relpath[1:] | ||||
breadcrumb = [] | ||||
urlel = url | ||||
pathitems = [''] + relpath.split('/') | ||||
for pathel in reversed(pathitems): | ||||
if not pathel or not urlel: | ||||
break | ||||
breadcrumb.append({'url': urlel, 'name': pathel}) | ||||
urlel = os.path.dirname(urlel) | ||||
return reversed(breadcrumb) | ||||
Gregory Szorc
|
r26134 | class requestcontext(object): | ||
"""Holds state/context for an individual request. | ||||
Servers can be multi-threaded. Holding state on the WSGI application | ||||
is prone to race conditions. Instances of this class exist to hold | ||||
mutable and race-free state for requests. | ||||
""" | ||||
Gregory Szorc
|
r26219 | def __init__(self, app, repo): | ||
self.repo = repo | ||||
Gregory Szorc
|
r26217 | self.reponame = app.reponame | ||
Gregory Szorc
|
r26134 | |||
Gregory Szorc
|
r26217 | self.archives = ('zip', 'gz', 'bz2') | ||
Gregory Szorc
|
r26136 | |||
Gregory Szorc
|
r26217 | self.maxchanges = self.configint('web', 'maxchanges', 10) | ||
self.stripecount = self.configint('web', 'stripes', 1) | ||||
self.maxshortchanges = self.configint('web', 'maxshortchanges', 60) | ||||
self.maxfiles = self.configint('web', 'maxfiles', 10) | ||||
self.allowpull = self.configbool('web', 'allowpull', True) | ||||
Gregory Szorc
|
r26135 | |||
Gregory Szorc
|
r26163 | # we use untrusted=False to prevent a repo owner from using | ||
# web.templates in .hg/hgrc to get access to any file readable | ||||
# by the user running the CGI script | ||||
Gregory Szorc
|
r26217 | self.templatepath = self.config('web', 'templates', untrusted=False) | ||
Gregory Szorc
|
r26163 | |||
Gregory Szorc
|
r26164 | # This object is more expensive to build than simple config values. | ||
# It is shared across requests. The app will replace the object | ||||
# if it is updated. Since this is a reference and nothing should | ||||
# modify the underlying object, it should be constant for the lifetime | ||||
# of the request. | ||||
Gregory Szorc
|
r26217 | self.websubtable = app.websubtable | ||
Gregory Szorc
|
r26164 | |||
Gregory Szorc
|
r26135 | # Trust the settings from the .hg/hgrc files by default. | ||
def config(self, section, name, default=None, untrusted=True): | ||||
return self.repo.ui.config(section, name, default, | ||||
untrusted=untrusted) | ||||
def configbool(self, section, name, default=False, untrusted=True): | ||||
return self.repo.ui.configbool(section, name, default, | ||||
untrusted=untrusted) | ||||
def configint(self, section, name, default=None, untrusted=True): | ||||
return self.repo.ui.configint(section, name, default, | ||||
untrusted=untrusted) | ||||
def configlist(self, section, name, default=None, untrusted=True): | ||||
return self.repo.ui.configlist(section, name, default, | ||||
untrusted=untrusted) | ||||
Gregory Szorc
|
r26136 | archivespecs = { | ||
'bz2': ('application/x-bzip2', 'tbz2', '.tar.bz2', None), | ||||
'gz': ('application/x-gzip', 'tgz', '.tar.gz', None), | ||||
'zip': ('application/zip', 'zip', '.zip', None), | ||||
} | ||||
def archivelist(self, nodeid): | ||||
allowed = self.configlist('web', 'allow_archive') | ||||
for typ, spec in self.archivespecs.iteritems(): | ||||
if typ in allowed or self.configbool('web', 'allow%s' % typ): | ||||
yield {'type': typ, 'extension': spec[2], 'node': nodeid} | ||||
Angel Ezquerra <angel.ezquerra at gmail.com>
|
r18258 | |||
Gregory Szorc
|
r26183 | def templater(self, req): | ||
# determine scheme, port and server name | ||||
# this is needed to create absolute urls | ||||
proto = req.env.get('wsgi.url_scheme') | ||||
if proto == 'https': | ||||
proto = 'https' | ||||
default_port = '443' | ||||
else: | ||||
proto = 'http' | ||||
default_port = '80' | ||||
port = req.env['SERVER_PORT'] | ||||
port = port != default_port and (':' + port) or '' | ||||
urlbase = '%s://%s%s' % (proto, req.env['SERVER_NAME'], port) | ||||
logourl = self.config('web', 'logourl', 'http://mercurial.selenic.com/') | ||||
logoimg = self.config('web', 'logoimg', 'hglogo.png') | ||||
staticurl = self.config('web', 'staticurl') or req.url + 'static/' | ||||
if not staticurl.endswith('/'): | ||||
staticurl += '/' | ||||
# some functions for the templater | ||||
def motd(**map): | ||||
yield self.config('web', 'motd', '') | ||||
# figure out which style to use | ||||
vars = {} | ||||
styles = ( | ||||
req.form.get('style', [None])[0], | ||||
self.config('web', 'style'), | ||||
'paper', | ||||
) | ||||
style, mapfile = templater.stylemap(styles, self.templatepath) | ||||
if style == styles[0]: | ||||
vars['style'] = style | ||||
start = req.url[-1] == '?' and '&' or '?' | ||||
sessionvars = webutil.sessionvars(vars, start) | ||||
if not self.reponame: | ||||
Gregory Szorc
|
r26217 | self.reponame = (self.config('web', 'name') | ||
or req.env.get('REPO_NAME') | ||||
or req.url.strip('/') or self.repo.root) | ||||
Gregory Szorc
|
r26183 | |||
def websubfilter(text): | ||||
return websub(text, self.websubtable) | ||||
# create the templater | ||||
tmpl = templater.templater(mapfile, | ||||
filters={'websub': websubfilter}, | ||||
defaults={'url': req.url, | ||||
'logourl': logourl, | ||||
'logoimg': logoimg, | ||||
'staticurl': staticurl, | ||||
'urlbase': urlbase, | ||||
'repo': self.reponame, | ||||
'encoding': encoding.encoding, | ||||
'motd': motd, | ||||
'sessionvars': sessionvars, | ||||
'pathdef': makebreadcrumb(req.url), | ||||
'style': style, | ||||
}) | ||||
return tmpl | ||||
Eric Hopper
|
r2356 | class hgweb(object): | ||
Gregory Szorc
|
r26132 | """HTTP server for individual repositories. | ||
Instances of this class serve HTTP responses for a particular | ||||
repository. | ||||
Instances are typically used as WSGI applications. | ||||
Some servers are multi-threaded. On these servers, there may | ||||
be multiple active threads inside __call__. | ||||
""" | ||||
Matt Mackall
|
r10994 | def __init__(self, repo, name=None, baseui=None): | ||
Christian Ebert
|
r4874 | if isinstance(repo, str): | ||
Matt Mackall
|
r10994 | if baseui: | ||
u = baseui.copy() | ||||
else: | ||||
Matt Mackall
|
r12696 | u = ui.ui() | ||
Matt Mackall
|
r20168 | r = hg.repository(u, repo) | ||
Eric Hopper
|
r2356 | else: | ||
Matt Mackall
|
r22087 | # we trust caller to give us a private copy | ||
Matt Mackall
|
r20168 | r = repo | ||
Eric Hopper
|
r2356 | |||
Mads Kiilerich
|
r20790 | r.ui.setconfig('ui', 'report_untrusted', 'off', 'hgweb') | ||
r.baseui.setconfig('ui', 'report_untrusted', 'off', 'hgweb') | ||||
r.ui.setconfig('ui', 'nontty', 'true', 'hgweb') | ||||
r.baseui.setconfig('ui', 'nontty', 'true', 'hgweb') | ||||
Yuya Nishihara
|
r26294 | # resolve file patterns relative to repo root | ||
r.ui.setconfig('ui', 'forcecwd', r.root, 'hgweb') | ||||
r.baseui.setconfig('ui', 'forcecwd', r.root, 'hgweb') | ||||
Pierre-Yves David
|
r25488 | # displaying bundling progress bar while serving feel wrong and may | ||
# break some wsgi implementation. | ||||
r.ui.setconfig('progress', 'disable', 'true', 'hgweb') | ||||
r.baseui.setconfig('progress', 'disable', 'true', 'hgweb') | ||||
Gregory Szorc
|
r26220 | self._repos = [hg.cachedlocalrepo(self._webifyrepo(r))] | ||
self._lastrepo = self._repos[0] | ||||
Matt Mackall
|
r5833 | hook.redirect(True) | ||
Eric Hopper
|
r2356 | self.reponame = name | ||
Alexis S. L. Carvalho
|
r3555 | |||
Gregory Szorc
|
r26218 | def _webifyrepo(self, repo): | ||
repo = getwebview(repo) | ||||
self.websubtable = webutil.getwebsubs(repo) | ||||
return repo | ||||
Gregory Szorc
|
r26220 | @contextlib.contextmanager | ||
def _obtainrepo(self): | ||||
"""Obtain a repo unique to the caller. | ||||
Internally we maintain a stack of cachedlocalrepo instances | ||||
to be handed out. If one is available, we pop it and return it, | ||||
ensuring it is up to date in the process. If one is not available, | ||||
we clone the most recently used repo instance and return it. | ||||
Gregory Szorc
|
r26219 | |||
Gregory Szorc
|
r26220 | It is currently possible for the stack to grow without bounds | ||
if the server allows infinite threads. However, servers should | ||||
have a thread limit, thus establishing our limit. | ||||
""" | ||||
if self._repos: | ||||
cached = self._repos.pop() | ||||
r, created = cached.fetch() | ||||
else: | ||||
cached = self._lastrepo.copy() | ||||
r, created = cached.fetch() | ||||
Gregory Szorc
|
r26240 | if created: | ||
r = self._webifyrepo(r) | ||||
Gregory Szorc
|
r26220 | |||
self._lastrepo = cached | ||||
self.mtime = cached.mtime | ||||
try: | ||||
yield r | ||||
finally: | ||||
self._repos.append(cached) | ||||
Eric Hopper
|
r2356 | |||
Dirkjan Ochtman
|
r5591 | def run(self): | ||
Gregory Szorc
|
r26132 | """Start a server from CGI environment. | ||
Modern servers should be using WSGI and should avoid this | ||||
method, if possible. | ||||
""" | ||||
Dirkjan Ochtman
|
r5591 | if not os.environ.get('GATEWAY_INTERFACE', '').startswith("CGI/1."): | ||
Martin Geisler
|
r8663 | raise RuntimeError("This function is only intended to be " | ||
"called while running as a CGI script.") | ||||
Dirkjan Ochtman
|
r5591 | import mercurial.hgweb.wsgicgi as wsgicgi | ||
wsgicgi.launch(self) | ||||
def __call__(self, env, respond): | ||||
Gregory Szorc
|
r26132 | """Run the WSGI application. | ||
This may be called by multiple threads. | ||||
""" | ||||
Dirkjan Ochtman
|
r5591 | req = wsgirequest(env, respond) | ||
Dirkjan Ochtman
|
r6784 | return self.run_wsgi(req) | ||
Dirkjan Ochtman
|
r5591 | |||
def run_wsgi(self, req): | ||||
Gregory Szorc
|
r26132 | """Internal method to run the WSGI application. | ||
Dirkjan Ochtman
|
r5591 | |||
Gregory Szorc
|
r26132 | This is typically only called by Mercurial. External consumers | ||
should be using instances of this class as the WSGI application. | ||||
""" | ||||
Gregory Szorc
|
r26220 | with self._obtainrepo() as repo: | ||
Gregory Szorc
|
r26247 | for r in self._runwsgi(req, repo): | ||
yield r | ||||
Gregory Szorc
|
r26220 | |||
def _runwsgi(self, req, repo): | ||||
Gregory Szorc
|
r26219 | rctx = requestcontext(self, repo) | ||
Dirkjan Ochtman
|
r5591 | |||
Gregory Szorc
|
r26160 | # This state is global across all threads. | ||
encoding.encoding = rctx.config('web', 'encoding', encoding.encoding) | ||||
rctx.repo.ui.environ = req.env | ||||
Dirkjan Ochtman
|
r5591 | |||
Dirkjan Ochtman
|
r5596 | # work with CGI variables to create coherent structure | ||
# use SCRIPT_NAME, PATH_INFO and QUERY_STRING as well as our REPO_NAME | ||||
Dirkjan Ochtman
|
r5591 | |||
Dirkjan Ochtman
|
r5596 | req.url = req.env['SCRIPT_NAME'] | ||
if not req.url.endswith('/'): | ||||
req.url += '/' | ||||
Christian Ebert
|
r5915 | if 'REPO_NAME' in req.env: | ||
Dirkjan Ochtman
|
r5596 | req.url += req.env['REPO_NAME'] + '/' | ||
Dirkjan Ochtman
|
r5591 | |||
Dirkjan Ochtman
|
r6459 | if 'PATH_INFO' in req.env: | ||
parts = req.env['PATH_INFO'].strip('/').split('/') | ||||
Dirkjan Ochtman
|
r5596 | repo_parts = req.env.get('REPO_NAME', '').split('/') | ||
if parts[:len(repo_parts)] == repo_parts: | ||||
parts = parts[len(repo_parts):] | ||||
query = '/'.join(parts) | ||||
else: | ||||
query = req.env['QUERY_STRING'].split('&', 1)[0] | ||||
query = query.split(';', 1)[0] | ||||
Dirkjan Ochtman
|
r5591 | |||
Benoit Boissinot
|
r8860 | # process this if it's a protocol request | ||
# protocol bits don't need to create any URLs | ||||
# and the clients always use the old URL structure | ||||
cmd = req.form.get('cmd', [''])[0] | ||||
Matt Mackall
|
r11595 | if protocol.iscmd(cmd): | ||
Mads Kiilerich
|
r13445 | try: | ||
if query: | ||||
raise ErrorResponse(HTTP_NOT_FOUND) | ||||
if cmd in perms: | ||||
Gregory Szorc
|
r26134 | self.check_perm(rctx, req, perms[cmd]) | ||
Gregory Szorc
|
r26209 | return protocol.call(rctx.repo, req, cmd) | ||
Gregory Szorc
|
r25660 | except ErrorResponse as inst: | ||
Augie Fackler
|
r13571 | # A client that sends unbundle without 100-continue will | ||
# break if we respond early. | ||||
if (cmd == 'unbundle' and | ||||
Augie Fackler
|
r14991 | (req.env.get('HTTP_EXPECT', | ||
'').lower() != '100-continue') or | ||||
req.env.get('X-HgHttp2', '')): | ||||
Mads Kiilerich
|
r13445 | req.drain() | ||
Augie Fackler
|
r19488 | else: | ||
req.headers.append(('Connection', 'Close')) | ||||
Mads Kiilerich
|
r18352 | req.respond(inst, protocol.HGTYPE, | ||
timeless@mozdev.org
|
r26200 | body='0\n%s\n' % inst) | ||
Mads Kiilerich
|
r18352 | return '' | ||
Benoit Boissinot
|
r8860 | |||
Dirkjan Ochtman
|
r5596 | # translate user-visible url structure to internal structure | ||
args = query.split('/', 2) | ||||
if 'cmd' not in req.form and args and args[0]: | ||||
Dirkjan Ochtman
|
r5591 | |||
cmd = args.pop(0) | ||||
style = cmd.rfind('-') | ||||
if style != -1: | ||||
req.form['style'] = [cmd[:style]] | ||||
Matt Mackall
|
r10282 | cmd = cmd[style + 1:] | ||
Dirkjan Ochtman
|
r5596 | |||
Dirkjan Ochtman
|
r5591 | # avoid accepting e.g. style parameter as command | ||
Augie Fackler
|
r14953 | if util.safehasattr(webcommands, cmd): | ||
Dirkjan Ochtman
|
r5591 | req.form['cmd'] = [cmd] | ||
Brendan Cully
|
r7287 | if cmd == 'static': | ||
req.form['file'] = ['/'.join(args)] | ||||
else: | ||||
if args and args[0]: | ||||
r25777 | node = args.pop(0).replace('%2F', '/') | |||
Brendan Cully
|
r7287 | req.form['node'] = [node] | ||
if args: | ||||
req.form['file'] = args | ||||
Dirkjan Ochtman
|
r5591 | |||
Dirkjan Ochtman
|
r9731 | ua = req.env.get('HTTP_USER_AGENT', '') | ||
if cmd == 'rev' and 'mercurial' in ua: | ||||
req.form['style'] = ['raw'] | ||||
Brendan Cully
|
r7287 | if cmd == 'archive': | ||
Dirkjan Ochtman
|
r5591 | fn = req.form['node'][0] | ||
Gregory Szorc
|
r26136 | for type_, spec in rctx.archivespecs.iteritems(): | ||
Dirkjan Ochtman
|
r5591 | ext = spec[2] | ||
if fn.endswith(ext): | ||||
req.form['node'] = [fn[:-len(ext)]] | ||||
req.form['type'] = [type_] | ||||
Dirkjan Ochtman
|
r6149 | # process the web interface request | ||
Dirkjan Ochtman
|
r5599 | |||
try: | ||||
Gregory Szorc
|
r26183 | tmpl = rctx.templater(req) | ||
Matt Mackall
|
r8859 | ctype = tmpl('mimetype', encoding=encoding.encoding) | ||
Dirkjan Ochtman
|
r6391 | ctype = templater.stringify(ctype) | ||
Dirkjan Ochtman
|
r6149 | |||
Mark Edgington
|
r7562 | # check read permissions non-static content | ||
if cmd != 'static': | ||||
Gregory Szorc
|
r26134 | self.check_perm(rctx, req, None) | ||
Mark Edgington
|
r7336 | |||
Dirkjan Ochtman
|
r6149 | if cmd == '': | ||
req.form['cmd'] = [tmpl.cache['default']] | ||||
cmd = req.form['cmd'][0] | ||||
Dirkjan Ochtman
|
r5890 | |||
Gregory Szorc
|
r26161 | if rctx.configbool('web', 'cache', True): | ||
Steven Stallion
|
r13966 | caching(self, req) # sets ETag header or raises NOT_MODIFIED | ||
Dirkjan Ochtman
|
r6149 | if cmd not in webcommands.__all__: | ||
Dirkjan Ochtman
|
r6368 | msg = 'no such method: %s' % cmd | ||
Dirkjan Ochtman
|
r6149 | raise ErrorResponse(HTTP_BAD_REQUEST, msg) | ||
elif cmd == 'file' and 'raw' in req.form.get('style', []): | ||||
Gregory Szorc
|
r26217 | rctx.ctype = ctype | ||
Gregory Szorc
|
r26134 | content = webcommands.rawfile(rctx, req, tmpl) | ||
Dirkjan Ochtman
|
r6149 | else: | ||
Gregory Szorc
|
r26134 | content = getattr(webcommands, cmd)(rctx, req, tmpl) | ||
Dirkjan Ochtman
|
r6149 | req.respond(HTTP_OK, ctype) | ||
Dirkjan Ochtman
|
r5890 | |||
Brendan Cully
|
r7396 | return content | ||
Dirkjan Ochtman
|
r5600 | |||
Gregory Szorc
|
r25660 | except (error.LookupError, error.RepoLookupError) as err: | ||
Dirkjan Ochtman
|
r5993 | req.respond(HTTP_NOT_FOUND, ctype) | ||
Dirkjan Ochtman
|
r6374 | msg = str(err) | ||
Takumi IINO
|
r18855 | if (util.safehasattr(err, 'name') and | ||
not isinstance(err, error.ManifestLookupError)): | ||||
Dirkjan Ochtman
|
r6368 | msg = 'revision not found: %s' % err.name | ||
Brendan Cully
|
r7396 | return tmpl('error', error=msg) | ||
Gregory Szorc
|
r25660 | except (error.RepoError, error.RevlogError) as inst: | ||
Dirkjan Ochtman
|
r5993 | req.respond(HTTP_SERVER_ERROR, ctype) | ||
Brendan Cully
|
r7396 | return tmpl('error', error=str(inst)) | ||
Gregory Szorc
|
r25660 | except ErrorResponse as inst: | ||
Dirkjan Ochtman
|
r7740 | req.respond(inst, ctype) | ||
Augie Fackler
|
r12739 | if inst.code == HTTP_NOT_MODIFIED: | ||
# Not allowed to return a body on a 304 | ||||
return [''] | ||||
timeless@mozdev.org
|
r26200 | return tmpl('error', error=str(inst)) | ||
Dirkjan Ochtman
|
r5599 | |||
Gregory Szorc
|
r26134 | def check_perm(self, rctx, req, op): | ||
Mads Kiilerich
|
r22200 | for permhook in permhooks: | ||
Gregory Szorc
|
r26134 | permhook(rctx, req, op) | ||
Gregory Szorc
|
r26208 | |||
def getwebview(repo): | ||||
"""The 'web.view' config controls changeset filter to hgweb. Possible | ||||
values are ``served``, ``visible`` and ``all``. Default is ``served``. | ||||
The ``served`` filter only shows changesets that can be pulled from the | ||||
hgweb instance. The``visible`` filter includes secret changesets but | ||||
still excludes "hidden" one. | ||||
See the repoview module for details. | ||||
The option has been around undocumented since Mercurial 2.5, but no | ||||
user ever asked about it. So we better keep it undocumented for now.""" | ||||
viewconfig = repo.ui.config('web', 'view', 'served', | ||||
untrusted=True) | ||||
if viewconfig == 'all': | ||||
return repo.unfiltered() | ||||
elif viewconfig in repoview.filtertable: | ||||
return repo.filtered(viewconfig) | ||||
else: | ||||
return repo.filtered('served') | ||||