##// END OF EJS Templates
wireprotov2peer: stream decoded responses...
wireprotov2peer: stream decoded responses Previously, wire protocol version 2 would buffer all response data. Only once all data was received did we CBOR decode it and resolve the future associated with the command. This was obviously not desirable. In future commits that introduce large response payloads, this caused significant memory bloat and slowed down client operations due to waiting on the server. This commit refactors the response handling code so that response data can be streamed. Command response objects now contain a buffered CBOR decoder. As new data arrives, it is fed into the decoder. Decoded objects are made available to the generator as they are decoded. Because there is a separate thread processing incoming frames and feeding data into the response object, there is the potential for race conditions when mutating response objects. So a lock has been added to guard access to critical state variables. Because the generator emitting decoded objects needs to wait on those objects to become available, we've added an Event for the generator to wait on so it doesn't busy loop. This does mean there is the potential for deadlocks. And I'm pretty sure they can occur in some scenarios. We already have a handful of TODOs around this. But I've added some more. Fixing this will likely require moving the background thread receiving frames into clienthandler. We likely would have done this anyway when implementing the client bits for the SSH transport. Test output changes because the initial CBOR map holding the overall response state is now always handled internally by the response object. Differential Revision: https://phab.mercurial-scm.org/D4474

File last commit:

r39595:07b58266 default
r39597:d06834e0 default
Show More
wireprotov2server.py
522 lines | 17.7 KiB | text/x-python | PythonLexer
/ mercurial / wireprotov2server.py
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563 # Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>
# Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.
from __future__ import absolute_import
import contextlib
from .i18n import _
from . import (
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564 encoding,
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563 error,
pycompat,
Gregory Szorc
wireproto: expose repository formats via capabilities...
r37675 streamclone,
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564 util,
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563 wireprotoframing,
wireprototypes,
)
Gregory Szorc
interfaceutil: module to stub out zope.interface...
r37828 from .utils import (
interfaceutil,
)
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563
Gregory Szorc
wireprotov2: change command response protocol to include a leading map...
r37743 FRAMINGTYPE = b'application/mercurial-exp-framing-0005'
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563
Gregory Szorc
wireproto: rename HTTPV2 so it less like HTTP/2...
r37662 HTTP_WIREPROTO_V2 = wireprototypes.HTTP_WIREPROTO_V2
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563
Gregory Szorc
wireproto: move version 2 commands dict to wireprotov2server...
r37802 COMMANDS = wireprototypes.commanddict()
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563 def handlehttpv2request(rctx, req, res, checkperm, urlparts):
from .hgweb import common as hgwebcommon
# URL space looks like: <permissions>/<command>, where <permission> can
# be ``ro`` or ``rw`` to signal read-only or read-write, respectively.
# Root URL does nothing meaningful... yet.
if not urlparts:
res.status = b'200 OK'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('HTTP version 2 API handler'))
return
if len(urlparts) == 1:
res.status = b'404 Not Found'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('do not know how to process %s\n') %
req.dispatchpath)
return
permission, command = urlparts[0:2]
if permission not in (b'ro', b'rw'):
res.status = b'404 Not Found'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('unknown permission: %s') % permission)
return
if req.method != 'POST':
res.status = b'405 Method Not Allowed'
res.headers[b'Allow'] = b'POST'
res.setbodybytes(_('commands require POST requests'))
return
# At some point we'll want to use our own API instead of recycling the
# behavior of version 1 of the wire protocol...
# TODO return reasonable responses - not responses that overload the
# HTTP status line message for error reporting.
try:
checkperm(rctx, req, 'pull' if permission == b'ro' else 'push')
except hgwebcommon.ErrorResponse as e:
res.status = hgwebcommon.statusmessage(e.code, pycompat.bytestr(e))
for k, v in e.headers:
res.headers[k] = v
res.setbodybytes('permission denied')
return
# We have a special endpoint to reflect the request back at the client.
if command == b'debugreflect':
_processhttpv2reflectrequest(rctx.repo.ui, rctx.repo, req, res)
return
# Extra commands that we handle that aren't really wire protocol
# commands. Think extra hard before making this hackery available to
# extension.
extracommands = {'multirequest'}
Gregory Szorc
wireproto: move version 2 commands dict to wireprotov2server...
r37802 if command not in COMMANDS and command not in extracommands:
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563 res.status = b'404 Not Found'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('unknown wire protocol command: %s\n') % command)
return
repo = rctx.repo
ui = repo.ui
proto = httpv2protocolhandler(req, ui)
Gregory Szorc
wireproto: move version 2 commands dict to wireprotov2server...
r37802 if (not COMMANDS.commandavailable(command, proto)
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563 and command not in extracommands):
res.status = b'404 Not Found'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('invalid wire protocol command: %s') % command)
return
# TODO consider cases where proxies may add additional Accept headers.
if req.headers.get(b'Accept') != FRAMINGTYPE:
res.status = b'406 Not Acceptable'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('client MUST specify Accept header with value: %s\n')
% FRAMINGTYPE)
return
if req.headers.get(b'Content-Type') != FRAMINGTYPE:
res.status = b'415 Unsupported Media Type'
# TODO we should send a response with appropriate media type,
# since client does Accept it.
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('client MUST send Content-Type header with '
'value: %s\n') % FRAMINGTYPE)
return
_processhttpv2request(ui, repo, req, res, permission, command, proto)
def _processhttpv2reflectrequest(ui, repo, req, res):
"""Reads unified frame protocol request and dumps out state to client.
This special endpoint can be used to help debug the wire protocol.
Instead of routing the request through the normal dispatch mechanism,
we instead read all frames, decode them, and feed them into our state
tracker. We then dump the log of all that activity back out to the
client.
"""
import json
# Reflection APIs have a history of being abused, accidentally disclosing
# sensitive data, etc. So we have a config knob.
if not ui.configbool('experimental', 'web.api.debugreflect'):
res.status = b'404 Not Found'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('debugreflect service not available'))
return
# We assume we have a unified framing protocol request body.
reactor = wireprotoframing.serverreactor()
states = []
while True:
frame = wireprotoframing.readframe(req.bodyfh)
if not frame:
states.append(b'received: <no frame>')
break
states.append(b'received: %d %d %d %s' % (frame.typeid, frame.flags,
frame.requestid,
frame.payload))
action, meta = reactor.onframerecv(frame)
states.append(json.dumps((action, meta), sort_keys=True,
separators=(', ', ': ')))
action, meta = reactor.oninputeof()
meta['action'] = action
states.append(json.dumps(meta, sort_keys=True, separators=(', ',': ')))
res.status = b'200 OK'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(b'\n'.join(states))
def _processhttpv2request(ui, repo, req, res, authedperm, reqcommand, proto):
"""Post-validation handler for HTTPv2 requests.
Called when the HTTP request contains unified frame-based protocol
frames for evaluation.
"""
# TODO Some HTTP clients are full duplex and can receive data before
# the entire request is transmitted. Figure out a way to indicate support
# for that so we can opt into full duplex mode.
reactor = wireprotoframing.serverreactor(deferoutput=True)
seencommand = False
outstream = reactor.makeoutputstream()
while True:
frame = wireprotoframing.readframe(req.bodyfh)
if not frame:
break
action, meta = reactor.onframerecv(frame)
if action == 'wantframe':
# Need more data before we can do anything.
continue
elif action == 'runcommand':
sentoutput = _httpv2runcommand(ui, repo, req, res, authedperm,
reqcommand, reactor, outstream,
meta, issubsequent=seencommand)
if sentoutput:
return
seencommand = True
elif action == 'error':
# TODO define proper error mechanism.
res.status = b'200 OK'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(meta['message'] + b'\n')
return
else:
raise error.ProgrammingError(
'unhandled action from frame processor: %s' % action)
action, meta = reactor.oninputeof()
if action == 'sendframes':
# We assume we haven't started sending the response yet. If we're
# wrong, the response type will raise an exception.
res.status = b'200 OK'
res.headers[b'Content-Type'] = FRAMINGTYPE
res.setbodygen(meta['framegen'])
elif action == 'noop':
pass
else:
raise error.ProgrammingError('unhandled action from frame processor: %s'
% action)
def _httpv2runcommand(ui, repo, req, res, authedperm, reqcommand, reactor,
outstream, command, issubsequent):
"""Dispatch a wire protocol command made from HTTPv2 requests.
The authenticated permission (``authedperm``) along with the original
command from the URL (``reqcommand``) are passed in.
"""
# We already validated that the session has permissions to perform the
# actions in ``authedperm``. In the unified frame protocol, the canonical
# command to run is expressed in a frame. However, the URL also requested
# to run a specific command. We need to be careful that the command we
# run doesn't have permissions requirements greater than what was granted
# by ``authedperm``.
#
# Our rule for this is we only allow one command per HTTP request and
# that command must match the command in the URL. However, we make
# an exception for the ``multirequest`` URL. This URL is allowed to
# execute multiple commands. We double check permissions of each command
# as it is invoked to ensure there is no privilege escalation.
# TODO consider allowing multiple commands to regular command URLs
# iff each command is the same.
proto = httpv2protocolhandler(req, ui, args=command['args'])
if reqcommand == b'multirequest':
Gregory Szorc
wireproto: move version 2 commands dict to wireprotov2server...
r37802 if not COMMANDS.commandavailable(command['command'], proto):
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563 # TODO proper error mechanism
res.status = b'200 OK'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('wire protocol command not available: %s') %
command['command'])
return True
# TODO don't use assert here, since it may be elided by -O.
assert authedperm in (b'ro', b'rw')
Gregory Szorc
wireproto: move version 2 commands dict to wireprotov2server...
r37802 wirecommand = COMMANDS[command['command']]
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563 assert wirecommand.permission in ('push', 'pull')
if authedperm == b'ro' and wirecommand.permission != 'pull':
# TODO proper error mechanism
res.status = b'403 Forbidden'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('insufficient permissions to execute '
'command: %s') % command['command'])
return True
# TODO should we also call checkperm() here? Maybe not if we're going
# to overhaul that API. The granted scope from the URL check should
# be good enough.
else:
# Don't allow multiple commands outside of ``multirequest`` URL.
if issubsequent:
# TODO proper error mechanism
res.status = b'200 OK'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('multiple commands cannot be issued to this '
'URL'))
return True
if reqcommand != command['command']:
# TODO define proper error mechanism
res.status = b'200 OK'
res.headers[b'Content-Type'] = b'text/plain'
res.setbodybytes(_('command in frame must match command in URL'))
return True
res.status = b'200 OK'
res.headers[b'Content-Type'] = FRAMINGTYPE
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595 try:
objs = dispatch(repo, proto, command['command'])
action, meta = reactor.oncommandresponsereadyobjects(
outstream, command['requestid'], objs)
except Exception as e:
Gregory Szorc
wireprotov2: change behavior of error frame...
r37744 action, meta = reactor.onservererror(
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595 outstream, command['requestid'],
_('exception when invoking command: %s') % e)
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563
if action == 'sendframes':
res.setbodygen(meta['framegen'])
return True
elif action == 'noop':
return False
else:
raise error.ProgrammingError('unhandled event from reactor: %s' %
action)
Gregory Szorc
wireproto: reimplement dispatch() for version 2 server...
r37800 def getdispatchrepo(repo, proto, command):
return repo.filtered('served')
def dispatch(repo, proto, command):
repo = getdispatchrepo(repo, proto, command)
Gregory Szorc
wireproto: move version 2 commands dict to wireprotov2server...
r37802 func, spec = COMMANDS[command]
Gregory Szorc
wireproto: reimplement dispatch() for version 2 server...
r37800 args = proto.getargs(spec)
return func(repo, proto, **args)
Gregory Szorc
interfaceutil: module to stub out zope.interface...
r37828 @interfaceutil.implementer(wireprototypes.baseprotocolhandler)
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563 class httpv2protocolhandler(object):
def __init__(self, req, ui, args=None):
self._req = req
self._ui = ui
self._args = args
@property
def name(self):
Gregory Szorc
wireproto: rename HTTPV2 so it less like HTTP/2...
r37662 return HTTP_WIREPROTO_V2
Gregory Szorc
wireproto: extract HTTP version 2 code to own module...
r37563
def getargs(self, args):
data = {}
for k, typ in args.items():
if k == '*':
raise NotImplementedError('do not support * args')
elif k in self._args:
# TODO consider validating value types.
data[k] = self._args[k]
return data
def getprotocaps(self):
# Protocol capabilities are currently not implemented for HTTP V2.
return set()
def getpayload(self):
raise NotImplementedError
@contextlib.contextmanager
def mayberedirectstdio(self):
raise NotImplementedError
def client(self):
raise NotImplementedError
def addcapabilities(self, repo, caps):
return caps
def checkperm(self, perm):
raise NotImplementedError
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564
Gregory Szorc
wireproto: define and implement HTTP handshake to upgrade protocol...
r37575 def httpv2apidescriptor(req, repo):
proto = httpv2protocolhandler(req, repo.ui)
return _capabilitiesv2(repo, proto)
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564 def _capabilitiesv2(repo, proto):
"""Obtain the set of capabilities for version 2 transports.
These capabilities are distinct from the capabilities for version 1
transports.
"""
compression = []
Gregory Szorc
wireproto: move supportedcompengines out of wireproto...
r37801 for engine in wireprototypes.supportedcompengines(repo.ui, util.SERVERROLE):
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564 compression.append({
b'name': engine.wireprotosupport().name,
})
caps = {
'commands': {},
'compression': compression,
Gregory Szorc
wireproto: add media type to version 2 capabilities response...
r37671 'framingmediatypes': [FRAMINGTYPE],
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564 }
Gregory Szorc
wireproto: move version 2 commands dict to wireprotov2server...
r37802 for command, entry in COMMANDS.items():
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564 caps['commands'][command] = {
'args': entry.args,
'permissions': [entry.permission],
}
Gregory Szorc
wireproto: expose repository formats via capabilities...
r37675 if streamclone.allowservergeneration(repo):
caps['rawrepoformats'] = sorted(repo.requirements &
repo.supportedformats)
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564 return proto.addcapabilities(repo, caps)
Gregory Szorc
wireproto: make version 2 @wireprotocommand an independent function...
r37798 def wireprotocommand(name, args=None, permission='push'):
"""Decorator to declare a wire protocol command.
``name`` is the name of the wire protocol command being provided.
``args`` is a dict of argument names to example values.
``permission`` defines the permission type needed to run this command.
Can be ``push`` or ``pull``. These roughly map to read-write and read-only,
respectively. Default is to assume command requires ``push`` permissions
because otherwise commands not declaring their permissions could modify
a repository that is supposed to be read-only.
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595
Wire protocol commands are generators of objects to be serialized and
sent to the client.
If a command raises an uncaught exception, this will be translated into
a command error.
Gregory Szorc
wireproto: make version 2 @wireprotocommand an independent function...
r37798 """
transports = {k for k, v in wireprototypes.TRANSPORTS.items()
if v['version'] == 2}
if permission not in ('push', 'pull'):
raise error.ProgrammingError('invalid wire protocol permission; '
'got %s; expected "push" or "pull"' %
permission)
if args is None:
args = {}
if not isinstance(args, dict):
raise error.ProgrammingError('arguments for version 2 commands '
'must be declared as dicts')
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564 def register(func):
Gregory Szorc
wireproto: move version 2 commands dict to wireprotov2server...
r37802 if name in COMMANDS:
Gregory Szorc
wireproto: make version 2 @wireprotocommand an independent function...
r37798 raise error.ProgrammingError('%s command already registered '
'for version 2' % name)
Gregory Szorc
wireproto: move version 2 commands dict to wireprotov2server...
r37802 COMMANDS[name] = wireprototypes.commandentry(
Gregory Szorc
wireproto: make version 2 @wireprotocommand an independent function...
r37798 func, args=args, transports=transports, permission=permission)
return func
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564
return register
@wireprotocommand('branchmap', permission='pull')
def branchmapv2(repo, proto):
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595 yield {encoding.fromlocal(k): v
for k, v in repo.branchmap().iteritems()}
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564
@wireprotocommand('capabilities', permission='pull')
def capabilitiesv2(repo, proto):
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595 yield _capabilitiesv2(repo, proto)
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564
@wireprotocommand('heads',
args={
'publiconly': False,
},
permission='pull')
def headsv2(repo, proto, publiconly=False):
if publiconly:
repo = repo.filtered('immutable')
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595 yield repo.heads()
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564
@wireprotocommand('known',
args={
'nodes': [b'deadbeef'],
},
permission='pull')
def knownv2(repo, proto, nodes=None):
nodes = nodes or []
result = b''.join(b'1' if n else b'0' for n in repo.known(nodes))
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595 yield result
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564
@wireprotocommand('listkeys',
args={
'namespace': b'ns',
},
permission='pull')
def listkeysv2(repo, proto, namespace=None):
keys = repo.listkeys(encoding.tolocal(namespace))
keys = {encoding.fromlocal(k): encoding.fromlocal(v)
for k, v in keys.iteritems()}
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595 yield keys
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564
@wireprotocommand('lookup',
args={
'key': b'foo',
},
permission='pull')
def lookupv2(repo, proto, key):
key = encoding.tolocal(key)
# TODO handle exception.
node = repo.lookup(key)
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595 yield node
Gregory Szorc
wireproto: move version 2 command handlers to wireprotov2server...
r37564
@wireprotocommand('pushkey',
args={
'namespace': b'ns',
'key': b'key',
'old': b'old',
'new': b'new',
},
permission='push')
def pushkeyv2(repo, proto, namespace, key, old, new):
# TODO handle ui output redirection
Gregory Szorc
wireprotov2: implement commands as a generator of objects...
r39595 yield repo.pushkey(encoding.tolocal(namespace),
encoding.tolocal(key),
encoding.tolocal(old),
encoding.tolocal(new))