wireprotolfsserver.py
370 lines
| 11.7 KiB
| text/x-python
|
PythonLexer
Matt Harbison
|
r37165 | # wireprotolfsserver.py - lfs protocol server side implementation | ||
| # | ||||
| # Copyright 2018 Matt Harbison <matt_harbison@yahoo.com> | ||||
| # | ||||
| # This software may be used and distributed according to the terms of the | ||||
| # GNU General Public License version 2 or any later version. | ||||
| from __future__ import absolute_import | ||||
|
Matt Harbison
|
r37166 | import datetime | ||
| import errno | ||||
| import json | ||||
|
Matt Harbison
|
r37708 | import traceback | ||
|
Matt Harbison
|
r37166 | |||
Augie Fackler
|
r43346 | from mercurial.hgweb import common as hgwebcommon | ||
|
Matt Harbison
|
r37165 | |||
| from mercurial import ( | ||||
|
Matt Harbison
|
r41078 | exthelper, | ||
|
Matt Harbison
|
r37165 | pycompat, | ||
|
Matt Harbison
|
r38199 | util, | ||
|
Matt Harbison
|
r41078 | wireprotoserver, | ||
|
Matt Harbison
|
r37165 | ) | ||
|
Matt Harbison
|
r37710 | from . import blobstore | ||
|
Matt Harbison
|
r37166 | HTTP_OK = hgwebcommon.HTTP_OK | ||
|
Matt Harbison
|
r37167 | HTTP_CREATED = hgwebcommon.HTTP_CREATED | ||
|
Matt Harbison
|
r37166 | HTTP_BAD_REQUEST = hgwebcommon.HTTP_BAD_REQUEST | ||
|
Matt Harbison
|
r37267 | HTTP_NOT_FOUND = hgwebcommon.HTTP_NOT_FOUND | ||
|
Matt Harbison
|
r37711 | HTTP_METHOD_NOT_ALLOWED = hgwebcommon.HTTP_METHOD_NOT_ALLOWED | ||
| HTTP_NOT_ACCEPTABLE = hgwebcommon.HTTP_NOT_ACCEPTABLE | ||||
| HTTP_UNSUPPORTED_MEDIA_TYPE = hgwebcommon.HTTP_UNSUPPORTED_MEDIA_TYPE | ||||
|
Matt Harbison
|
r37166 | |||
|
Matt Harbison
|
r41078 | eh = exthelper.exthelper() | ||
|
Augie Fackler
|
r43346 | |||
|
Augie Fackler
|
r43347 | @eh.wrapfunction(wireprotoserver, b'handlewsgirequest') | ||
|
Matt Harbison
|
r37165 | def handlewsgirequest(orig, rctx, req, res, checkperm): | ||
| """Wrap wireprotoserver.handlewsgirequest() to possibly process an LFS | ||||
| request if it is left unprocessed by the wrapped method. | ||||
| """ | ||||
| if orig(rctx, req, res, checkperm): | ||||
| return True | ||||
|
Matt Harbison
|
r41469 | if not rctx.repo.ui.configbool(b'experimental', b'lfs.serve'): | ||
|
Matt Harbison
|
r37265 | return False | ||
Martin von Zweigbergk
|
r43385 | if not util.safehasattr(rctx.repo.svfs, 'lfslocalblobstore'): | ||
|
Matt Harbison
|
r38199 | return False | ||
|
Matt Harbison
|
r37165 | if not req.dispatchpath: | ||
| return False | ||||
| try: | ||||
| if req.dispatchpath == b'.git/info/lfs/objects/batch': | ||||
|
Matt Harbison
|
r41469 | checkperm(rctx, req, b'pull') | ||
|
Matt Harbison
|
r37165 | return _processbatchrequest(rctx.repo, req, res) | ||
| # TODO: reserve and use a path in the proposed http wireprotocol /api/ | ||||
| # namespace? | ||||
| elif req.dispatchpath.startswith(b'.hg/lfs/objects'): | ||||
|
Augie Fackler
|
r43346 | return _processbasictransfer( | ||
| rctx.repo, req, res, lambda perm: checkperm(rctx, req, perm) | ||||
| ) | ||||
|
Matt Harbison
|
r37165 | return False | ||
| except hgwebcommon.ErrorResponse as e: | ||||
| # XXX: copied from the handler surrounding wireprotoserver._callhttp() | ||||
| # in the wrapped function. Should this be moved back to hgweb to | ||||
| # be a common handler? | ||||
| for k, v in e.headers: | ||||
| res.headers[k] = v | ||||
| res.status = hgwebcommon.statusmessage(e.code, pycompat.bytestr(e)) | ||||
| res.setbodybytes(b'0\n%s\n' % pycompat.bytestr(e)) | ||||
| return True | ||||
|
Augie Fackler
|
r43346 | |||
|
Matt Harbison
|
r37166 | def _sethttperror(res, code, message=None): | ||
| res.status = hgwebcommon.statusmessage(code, message=message) | ||||
| res.headers[b'Content-Type'] = b'text/plain; charset=utf-8' | ||||
| res.setbodybytes(b'') | ||||
|
Augie Fackler
|
r43346 | |||
|
Matt Harbison
|
r37708 | def _logexception(req): | ||
| """Write information about the current exception to wsgi.errors.""" | ||||
| tb = pycompat.sysbytes(traceback.format_exc()) | ||||
|
Matt Harbison
|
r41469 | errorlog = req.rawenv[b'wsgi.errors'] | ||
|
Matt Harbison
|
r37708 | |||
| uri = b'' | ||||
| if req.apppath: | ||||
| uri += req.apppath | ||||
| uri += b'/' + req.dispatchpath | ||||
|
Augie Fackler
|
r43346 | errorlog.write( | ||
| b"Exception happened while processing request '%s':\n%s" % (uri, tb) | ||||
| ) | ||||
|
Matt Harbison
|
r37708 | |||
|
Matt Harbison
|
r37165 | def _processbatchrequest(repo, req, res): | ||
| """Handle a request for the Batch API, which is the gateway to granting file | ||||
| access. | ||||
| https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md | ||||
| """ | ||||
|
Matt Harbison
|
r37166 | |||
| # Mercurial client request: | ||||
| # | ||||
| # HOST: localhost:$HGPORT | ||||
| # ACCEPT: application/vnd.git-lfs+json | ||||
| # ACCEPT-ENCODING: identity | ||||
| # USER-AGENT: git-lfs/2.3.4 (Mercurial 4.5.2+1114-f48b9754f04c+20180316) | ||||
| # Content-Length: 125 | ||||
| # Content-Type: application/vnd.git-lfs+json | ||||
| # | ||||
| # { | ||||
| # "objects": [ | ||||
| # { | ||||
| # "oid": "31cf...8e5b" | ||||
| # "size": 12 | ||||
| # } | ||||
| # ] | ||||
| # "operation": "upload" | ||||
| # } | ||||
|
Matt Harbison
|
r37711 | if req.method != b'POST': | ||
| _sethttperror(res, HTTP_METHOD_NOT_ALLOWED) | ||||
| return True | ||||
| if req.headers[b'Content-Type'] != b'application/vnd.git-lfs+json': | ||||
| _sethttperror(res, HTTP_UNSUPPORTED_MEDIA_TYPE) | ||||
| return True | ||||
| if req.headers[b'Accept'] != b'application/vnd.git-lfs+json': | ||||
| _sethttperror(res, HTTP_NOT_ACCEPTABLE) | ||||
|
Matt Harbison
|
r37166 | return True | ||
| # XXX: specify an encoding? | ||||
Gregory Szorc
|
r43697 | lfsreq = pycompat.json_loads(req.bodyfh.read()) | ||
|
Matt Harbison
|
r37166 | |||
| # If no transfer handlers are explicitly requested, 'basic' is assumed. | ||||
|
Augie Fackler
|
r43906 | if 'basic' not in lfsreq.get('transfers', ['basic']): | ||
|
Augie Fackler
|
r43346 | _sethttperror( | ||
| res, | ||||
| HTTP_BAD_REQUEST, | ||||
| b'Only the basic LFS transfer handler is supported', | ||||
| ) | ||||
|
Matt Harbison
|
r37166 | return True | ||
|
Augie Fackler
|
r43906 | operation = lfsreq.get('operation') | ||
|
Matt Harbison
|
r41470 | operation = pycompat.bytestr(operation) | ||
| if operation not in (b'upload', b'download'): | ||||
|
Augie Fackler
|
r43346 | _sethttperror( | ||
| res, | ||||
| HTTP_BAD_REQUEST, | ||||
| b'Unsupported LFS transfer operation: %s' % operation, | ||||
| ) | ||||
|
Matt Harbison
|
r37166 | return True | ||
| localstore = repo.svfs.lfslocalblobstore | ||||
|
Augie Fackler
|
r43346 | objects = [ | ||
| p | ||||
| for p in _batchresponseobjects( | ||||
|
Augie Fackler
|
r43906 | req, lfsreq.get('objects', []), operation, localstore | ||
|
Augie Fackler
|
r43346 | ) | ||
| ] | ||||
|
Matt Harbison
|
r37166 | |||
| rsp = { | ||||
|
Augie Fackler
|
r43906 | 'transfer': 'basic', | ||
| 'objects': objects, | ||||
|
Matt Harbison
|
r37166 | } | ||
| res.status = hgwebcommon.statusmessage(HTTP_OK) | ||||
| res.headers[b'Content-Type'] = b'application/vnd.git-lfs+json' | ||||
| res.setbodybytes(pycompat.bytestr(json.dumps(rsp))) | ||||
| return True | ||||
|
Augie Fackler
|
r43346 | |||
|
Matt Harbison
|
r37166 | def _batchresponseobjects(req, objects, action, store): | ||
| """Yield one dictionary of attributes for the Batch API response for each | ||||
| object in the list. | ||||
| req: The parsedrequest for the Batch API request | ||||
| objects: The list of objects in the Batch API object request list | ||||
| action: 'upload' or 'download' | ||||
| store: The local blob store for servicing requests""" | ||||
| # Successful lfs-test-server response to solict an upload: | ||||
| # { | ||||
| # u'objects': [{ | ||||
| # u'size': 12, | ||||
| # u'oid': u'31cf...8e5b', | ||||
| # u'actions': { | ||||
| # u'upload': { | ||||
| # u'href': u'http://localhost:$HGPORT/objects/31cf...8e5b', | ||||
| # u'expires_at': u'0001-01-01T00:00:00Z', | ||||
| # u'header': { | ||||
| # u'Accept': u'application/vnd.git-lfs' | ||||
| # } | ||||
| # } | ||||
| # } | ||||
| # }] | ||||
| # } | ||||
| # TODO: Sort out the expires_at/expires_in/authenticated keys. | ||||
| for obj in objects: | ||||
| # Convert unicode to ASCII to create a filesystem path | ||||
|
Augie Fackler
|
r43906 | soid = obj.get('oid') | ||
| oid = soid.encode('ascii') | ||||
|
Matt Harbison
|
r37166 | rsp = { | ||
|
Augie Fackler
|
r43906 | 'oid': soid, | ||
| 'size': obj.get('size'), # XXX: should this check the local size? | ||||
| # 'authenticated': True, | ||||
|
Matt Harbison
|
r37166 | } | ||
| exists = True | ||||
| verifies = False | ||||
| # Verify an existing file on the upload request, so that the client is | ||||
| # solicited to re-upload if it corrupt locally. Download requests are | ||||
| # also verified, so the error can be flagged in the Batch API response. | ||||
| # (Maybe we can use this to short circuit the download for `hg verify`, | ||||
| # IFF the client can assert that the remote end is an hg server.) | ||||
| # Otherwise, it's potentially overkill on download, since it is also | ||||
| # verified as the file is streamed to the caller. | ||||
| try: | ||||
| verifies = store.verify(oid) | ||||
|
Matt Harbison
|
r41469 | if verifies and action == b'upload': | ||
|
Matt Harbison
|
r39491 | # The client will skip this upload, but make sure it remains | ||
| # available locally. | ||||
| store.linkfromusercache(oid) | ||||
|
Matt Harbison
|
r37166 | except IOError as inst: | ||
| if inst.errno != errno.ENOENT: | ||||
|
Matt Harbison
|
r37708 | _logexception(req) | ||
|
Augie Fackler
|
r43906 | rsp['error'] = { | ||
| 'code': 500, | ||||
| 'message': inst.strerror or 'Internal Server Server', | ||||
|
Matt Harbison
|
r37166 | } | ||
| yield rsp | ||||
| continue | ||||
| exists = False | ||||
| # Items are always listed for downloads. They are dropped for uploads | ||||
| # IFF they already exist locally. | ||||
|
Matt Harbison
|
r41469 | if action == b'download': | ||
|
Matt Harbison
|
r37166 | if not exists: | ||
|
Augie Fackler
|
r43906 | rsp['error'] = { | ||
| 'code': 404, | ||||
| 'message': "The object does not exist", | ||||
|
Matt Harbison
|
r37166 | } | ||
| yield rsp | ||||
| continue | ||||
| elif not verifies: | ||||
|
Augie Fackler
|
r43906 | rsp['error'] = { | ||
| 'code': 422, # XXX: is this the right code? | ||||
| 'message': "The object is corrupt", | ||||
|
Matt Harbison
|
r37166 | } | ||
| yield rsp | ||||
| continue | ||||
| elif verifies: | ||||
| yield rsp # Skip 'actions': already uploaded | ||||
| continue | ||||
| expiresat = datetime.datetime.now() + datetime.timedelta(minutes=10) | ||||
|
Matt Harbison
|
r37784 | def _buildheader(): | ||
| # The spec doesn't mention the Accept header here, but avoid | ||||
| # a gratuitous deviation from lfs-test-server in the test | ||||
| # output. | ||||
|
Augie Fackler
|
r43906 | hdr = {'Accept': 'application/vnd.git-lfs'} | ||
|
Matt Harbison
|
r37784 | |||
|
Matt Harbison
|
r41469 | auth = req.headers.get(b'Authorization', b'') | ||
| if auth.startswith(b'Basic '): | ||||
|
Augie Fackler
|
r43906 | hdr['Authorization'] = pycompat.strurl(auth) | ||
|
Matt Harbison
|
r37784 | |||
| return hdr | ||||
|
Augie Fackler
|
r43906 | rsp['actions'] = { | ||
| '%s' | ||||
|
Augie Fackler
|
r43346 | % pycompat.strurl(action): { | ||
|
Augie Fackler
|
r43906 | 'href': pycompat.strurl( | ||
|
Augie Fackler
|
r43346 | b'%s%s/.hg/lfs/objects/%s' % (req.baseurl, req.apppath, oid) | ||
| ), | ||||
|
Matt Harbison
|
r37166 | # datetime.isoformat() doesn't include the 'Z' suffix | ||
|
Augie Fackler
|
r43906 | "expires_at": expiresat.strftime('%Y-%m-%dT%H:%M:%SZ'), | ||
| 'header': _buildheader(), | ||||
|
Matt Harbison
|
r37166 | } | ||
| } | ||||
| yield rsp | ||||
|
Matt Harbison
|
r37165 | |||
|
Augie Fackler
|
r43346 | |||
|
Matt Harbison
|
r37165 | def _processbasictransfer(repo, req, res, checkperm): | ||
| """Handle a single file upload (PUT) or download (GET) action for the Basic | ||||
| Transfer Adapter. | ||||
| After determining if the request is for an upload or download, the access | ||||
| must be checked by calling ``checkperm()`` with either 'pull' or 'upload' | ||||
| before accessing the files. | ||||
| https://github.com/git-lfs/git-lfs/blob/master/docs/api/basic-transfers.md | ||||
| """ | ||||
| method = req.method | ||||
|
Matt Harbison
|
r37266 | oid = req.dispatchparts[-1] | ||
|
Matt Harbison
|
r37167 | localstore = repo.svfs.lfslocalblobstore | ||
|
Matt Harbison
|
r37165 | |||
|
Matt Harbison
|
r37267 | if len(req.dispatchparts) != 4: | ||
| _sethttperror(res, HTTP_NOT_FOUND) | ||||
| return True | ||||
|
Matt Harbison
|
r37165 | if method == b'PUT': | ||
|
Matt Harbison
|
r41469 | checkperm(b'upload') | ||
|
Matt Harbison
|
r37167 | |||
| # TODO: verify Content-Type? | ||||
| existed = localstore.has(oid) | ||||
| # TODO: how to handle timeouts? The body proxy handles limiting to | ||||
| # Content-Length, but what happens if a client sends less than it | ||||
| # says it will? | ||||
|
Matt Harbison
|
r37710 | statusmessage = hgwebcommon.statusmessage | ||
| try: | ||||
| localstore.download(oid, req.bodyfh) | ||||
| res.status = statusmessage(HTTP_OK if existed else HTTP_CREATED) | ||||
| except blobstore.LfsCorruptionError: | ||||
| _logexception(req) | ||||
|
Matt Harbison
|
r37167 | |||
|
Matt Harbison
|
r37710 | # XXX: Is this the right code? | ||
| res.status = statusmessage(422, b'corrupt blob') | ||||
|
Matt Harbison
|
r37167 | |||
| # There's no payload here, but this is the header that lfs-test-server | ||||
| # sends back. This eliminates some gratuitous test output conditionals. | ||||
| res.headers[b'Content-Type'] = b'text/plain; charset=utf-8' | ||||
| res.setbodybytes(b'') | ||||
| return True | ||||
|
Matt Harbison
|
r37165 | elif method == b'GET': | ||
|
Matt Harbison
|
r41469 | checkperm(b'pull') | ||
|
Matt Harbison
|
r37165 | |||
|
Matt Harbison
|
r37167 | res.status = hgwebcommon.statusmessage(HTTP_OK) | ||
| res.headers[b'Content-Type'] = b'application/octet-stream' | ||||
|
Matt Harbison
|
r37710 | try: | ||
| # TODO: figure out how to send back the file in chunks, instead of | ||||
| # reading the whole thing. (Also figure out how to send back | ||||
| # an error status if an IOError occurs after a partial write | ||||
| # in that case. Here, everything is read before starting.) | ||||
| res.setbodybytes(localstore.read(oid)) | ||||
| except blobstore.LfsCorruptionError: | ||||
| _logexception(req) | ||||
| # XXX: Is this the right code? | ||||
| res.status = hgwebcommon.statusmessage(422, b'corrupt blob') | ||||
| res.setbodybytes(b'') | ||||
|
Matt Harbison
|
r37167 | |||
| return True | ||||
| else: | ||||
|
Augie Fackler
|
r43346 | _sethttperror( | ||
| res, | ||||
| HTTP_METHOD_NOT_ALLOWED, | ||||
| message=b'Unsupported LFS transfer method: %s' % method, | ||||
| ) | ||||
|
Matt Harbison
|
r37167 | return True | ||