##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

hgweb: don't use raw string for session vars...
Gregory Szorc -
r41349:46781c1b default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,540 +1,540 b''
1 1 # hgweb/hgwebdir_mod.py - Web interface for a directory of repositories.
2 2 #
3 3 # Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>
4 4 # Copyright 2005, 2006 Matt Mackall <mpm@selenic.com>
5 5 #
6 6 # This software may be used and distributed according to the terms of the
7 7 # GNU General Public License version 2 or any later version.
8 8
9 9 from __future__ import absolute_import
10 10
11 11 import gc
12 12 import os
13 13 import time
14 14
15 15 from ..i18n import _
16 16
17 17 from .common import (
18 18 ErrorResponse,
19 19 HTTP_SERVER_ERROR,
20 20 cspvalues,
21 21 get_contact,
22 22 get_mtime,
23 23 ismember,
24 24 paritygen,
25 25 staticfile,
26 26 statusmessage,
27 27 )
28 28
29 29 from .. import (
30 30 configitems,
31 31 encoding,
32 32 error,
33 33 extensions,
34 34 hg,
35 35 profiling,
36 36 pycompat,
37 37 registrar,
38 38 scmutil,
39 39 templater,
40 40 templateutil,
41 41 ui as uimod,
42 42 util,
43 43 )
44 44
45 45 from . import (
46 46 hgweb_mod,
47 47 request as requestmod,
48 48 webutil,
49 49 wsgicgi,
50 50 )
51 51 from ..utils import dateutil
52 52
53 53 def cleannames(items):
54 54 return [(util.pconvert(name).strip('/'), path) for name, path in items]
55 55
56 56 def findrepos(paths):
57 57 repos = []
58 58 for prefix, root in cleannames(paths):
59 59 roothead, roottail = os.path.split(root)
60 60 # "foo = /bar/*" or "foo = /bar/**" lets every repo /bar/N in or below
61 61 # /bar/ be served as as foo/N .
62 62 # '*' will not search inside dirs with .hg (except .hg/patches),
63 63 # '**' will search inside dirs with .hg (and thus also find subrepos).
64 64 try:
65 65 recurse = {'*': False, '**': True}[roottail]
66 66 except KeyError:
67 67 repos.append((prefix, root))
68 68 continue
69 69 roothead = os.path.normpath(os.path.abspath(roothead))
70 70 paths = scmutil.walkrepos(roothead, followsym=True, recurse=recurse)
71 71 repos.extend(urlrepos(prefix, roothead, paths))
72 72 return repos
73 73
74 74 def urlrepos(prefix, roothead, paths):
75 75 """yield url paths and filesystem paths from a list of repo paths
76 76
77 77 >>> conv = lambda seq: [(v, util.pconvert(p)) for v,p in seq]
78 78 >>> conv(urlrepos(b'hg', b'/opt', [b'/opt/r', b'/opt/r/r', b'/opt']))
79 79 [('hg/r', '/opt/r'), ('hg/r/r', '/opt/r/r'), ('hg', '/opt')]
80 80 >>> conv(urlrepos(b'', b'/opt', [b'/opt/r', b'/opt/r/r', b'/opt']))
81 81 [('r', '/opt/r'), ('r/r', '/opt/r/r'), ('', '/opt')]
82 82 """
83 83 for path in paths:
84 84 path = os.path.normpath(path)
85 85 yield (prefix + '/' +
86 86 util.pconvert(path[len(roothead):]).lstrip('/')).strip('/'), path
87 87
88 88 def readallowed(ui, req):
89 89 """Check allow_read and deny_read config options of a repo's ui object
90 90 to determine user permissions. By default, with neither option set (or
91 91 both empty), allow all users to read the repo. There are two ways a
92 92 user can be denied read access: (1) deny_read is not empty, and the
93 93 user is unauthenticated or deny_read contains user (or *), and (2)
94 94 allow_read is not empty and the user is not in allow_read. Return True
95 95 if user is allowed to read the repo, else return False."""
96 96
97 97 user = req.remoteuser
98 98
99 99 deny_read = ui.configlist('web', 'deny_read', untrusted=True)
100 100 if deny_read and (not user or ismember(ui, user, deny_read)):
101 101 return False
102 102
103 103 allow_read = ui.configlist('web', 'allow_read', untrusted=True)
104 104 # by default, allow reading if no allow_read option has been set
105 105 if not allow_read or ismember(ui, user, allow_read):
106 106 return True
107 107
108 108 return False
109 109
110 110 def rawindexentries(ui, repos, req, subdir=''):
111 111 descend = ui.configbool('web', 'descend')
112 112 collapse = ui.configbool('web', 'collapse')
113 113 seenrepos = set()
114 114 seendirs = set()
115 115 for name, path in repos:
116 116
117 117 if not name.startswith(subdir):
118 118 continue
119 119 name = name[len(subdir):]
120 120 directory = False
121 121
122 122 if '/' in name:
123 123 if not descend:
124 124 continue
125 125
126 126 nameparts = name.split('/')
127 127 rootname = nameparts[0]
128 128
129 129 if not collapse:
130 130 pass
131 131 elif rootname in seendirs:
132 132 continue
133 133 elif rootname in seenrepos:
134 134 pass
135 135 else:
136 136 directory = True
137 137 name = rootname
138 138
139 139 # redefine the path to refer to the directory
140 140 discarded = '/'.join(nameparts[1:])
141 141
142 142 # remove name parts plus accompanying slash
143 143 path = path[:-len(discarded) - 1]
144 144
145 145 try:
146 146 r = hg.repository(ui, path)
147 147 directory = False
148 148 except (IOError, error.RepoError):
149 149 pass
150 150
151 151 parts = [
152 152 req.apppath.strip('/'),
153 153 subdir.strip('/'),
154 154 name.strip('/'),
155 155 ]
156 156 url = '/' + '/'.join(p for p in parts if p) + '/'
157 157
158 158 # show either a directory entry or a repository
159 159 if directory:
160 160 # get the directory's time information
161 161 try:
162 162 d = (get_mtime(path), dateutil.makedate()[1])
163 163 except OSError:
164 164 continue
165 165
166 166 # add '/' to the name to make it obvious that
167 167 # the entry is a directory, not a regular repository
168 168 row = {'contact': "",
169 169 'contact_sort': "",
170 170 'name': name + '/',
171 171 'name_sort': name,
172 172 'url': url,
173 173 'description': "",
174 174 'description_sort': "",
175 175 'lastchange': d,
176 176 'lastchange_sort': d[1] - d[0],
177 177 'archives': templateutil.mappinglist([]),
178 178 'isdirectory': True,
179 179 'labels': templateutil.hybridlist([], name='label'),
180 180 }
181 181
182 182 seendirs.add(name)
183 183 yield row
184 184 continue
185 185
186 186 u = ui.copy()
187 187 try:
188 188 u.readconfig(os.path.join(path, '.hg', 'hgrc'))
189 189 except Exception as e:
190 190 u.warn(_('error reading %s/.hg/hgrc: %s\n') % (path, e))
191 191 continue
192 192
193 193 def get(section, name, default=uimod._unset):
194 194 return u.config(section, name, default, untrusted=True)
195 195
196 196 if u.configbool("web", "hidden", untrusted=True):
197 197 continue
198 198
199 199 if not readallowed(u, req):
200 200 continue
201 201
202 202 # update time with local timezone
203 203 try:
204 204 r = hg.repository(ui, path)
205 205 except IOError:
206 206 u.warn(_('error accessing repository at %s\n') % path)
207 207 continue
208 208 except error.RepoError:
209 209 u.warn(_('error accessing repository at %s\n') % path)
210 210 continue
211 211 try:
212 212 d = (get_mtime(r.spath), dateutil.makedate()[1])
213 213 except OSError:
214 214 continue
215 215
216 216 contact = get_contact(get)
217 217 description = get("web", "description")
218 218 seenrepos.add(name)
219 219 name = get("web", "name", name)
220 220 labels = u.configlist('web', 'labels', untrusted=True)
221 221 row = {'contact': contact or "unknown",
222 222 'contact_sort': contact.upper() or "unknown",
223 223 'name': name,
224 224 'name_sort': name,
225 225 'url': url,
226 226 'description': description or "unknown",
227 227 'description_sort': description.upper() or "unknown",
228 228 'lastchange': d,
229 229 'lastchange_sort': d[1] - d[0],
230 230 'archives': webutil.archivelist(u, "tip", url),
231 231 'isdirectory': None,
232 232 'labels': templateutil.hybridlist(labels, name='label'),
233 233 }
234 234
235 235 yield row
236 236
237 237 def _indexentriesgen(context, ui, repos, req, stripecount, sortcolumn,
238 238 descending, subdir):
239 239 rows = rawindexentries(ui, repos, req, subdir=subdir)
240 240
241 241 sortdefault = None, False
242 242
243 243 if sortcolumn and sortdefault != (sortcolumn, descending):
244 244 sortkey = '%s_sort' % sortcolumn
245 245 rows = sorted(rows, key=lambda x: x[sortkey],
246 246 reverse=descending)
247 247
248 248 for row, parity in zip(rows, paritygen(stripecount)):
249 249 row['parity'] = parity
250 250 yield row
251 251
252 252 def indexentries(ui, repos, req, stripecount, sortcolumn='',
253 253 descending=False, subdir=''):
254 254 args = (ui, repos, req, stripecount, sortcolumn, descending, subdir)
255 255 return templateutil.mappinggenerator(_indexentriesgen, args=args)
256 256
257 257 class hgwebdir(object):
258 258 """HTTP server for multiple repositories.
259 259
260 260 Given a configuration, different repositories will be served depending
261 261 on the request path.
262 262
263 263 Instances are typically used as WSGI applications.
264 264 """
265 265 def __init__(self, conf, baseui=None):
266 266 self.conf = conf
267 267 self.baseui = baseui
268 268 self.ui = None
269 269 self.lastrefresh = 0
270 270 self.motd = None
271 271 self.refresh()
272 272 if not baseui:
273 273 # set up environment for new ui
274 274 extensions.loadall(self.ui)
275 275 extensions.populateui(self.ui)
276 276
277 277 def refresh(self):
278 278 if self.ui:
279 279 refreshinterval = self.ui.configint('web', 'refreshinterval')
280 280 else:
281 281 item = configitems.coreitems['web']['refreshinterval']
282 282 refreshinterval = item.default
283 283
284 284 # refreshinterval <= 0 means to always refresh.
285 285 if (refreshinterval > 0 and
286 286 self.lastrefresh + refreshinterval > time.time()):
287 287 return
288 288
289 289 if self.baseui:
290 290 u = self.baseui.copy()
291 291 else:
292 292 u = uimod.ui.load()
293 293 u.setconfig('ui', 'report_untrusted', 'off', 'hgwebdir')
294 294 u.setconfig('ui', 'nontty', 'true', 'hgwebdir')
295 295 # displaying bundling progress bar while serving feels wrong and may
296 296 # break some wsgi implementations.
297 297 u.setconfig('progress', 'disable', 'true', 'hgweb')
298 298
299 299 if not isinstance(self.conf, (dict, list, tuple)):
300 300 map = {'paths': 'hgweb-paths'}
301 301 if not os.path.exists(self.conf):
302 302 raise error.Abort(_('config file %s not found!') % self.conf)
303 303 u.readconfig(self.conf, remap=map, trust=True)
304 304 paths = []
305 305 for name, ignored in u.configitems('hgweb-paths'):
306 306 for path in u.configlist('hgweb-paths', name):
307 307 paths.append((name, path))
308 308 elif isinstance(self.conf, (list, tuple)):
309 309 paths = self.conf
310 310 elif isinstance(self.conf, dict):
311 311 paths = self.conf.items()
312 312 extensions.populateui(u)
313 313
314 314 repos = findrepos(paths)
315 315 for prefix, root in u.configitems('collections'):
316 316 prefix = util.pconvert(prefix)
317 317 for path in scmutil.walkrepos(root, followsym=True):
318 318 repo = os.path.normpath(path)
319 319 name = util.pconvert(repo)
320 320 if name.startswith(prefix):
321 321 name = name[len(prefix):]
322 322 repos.append((name.lstrip('/'), repo))
323 323
324 324 self.repos = repos
325 325 self.ui = u
326 326 encoding.encoding = self.ui.config('web', 'encoding')
327 327 self.style = self.ui.config('web', 'style')
328 328 self.templatepath = self.ui.config('web', 'templates', untrusted=False)
329 329 self.stripecount = self.ui.config('web', 'stripes')
330 330 if self.stripecount:
331 331 self.stripecount = int(self.stripecount)
332 332 prefix = self.ui.config('web', 'prefix')
333 333 if prefix.startswith('/'):
334 334 prefix = prefix[1:]
335 335 if prefix.endswith('/'):
336 336 prefix = prefix[:-1]
337 337 self.prefix = prefix
338 338 self.lastrefresh = time.time()
339 339
340 340 def run(self):
341 341 if not encoding.environ.get('GATEWAY_INTERFACE',
342 342 '').startswith("CGI/1."):
343 343 raise RuntimeError("This function is only intended to be "
344 344 "called while running as a CGI script.")
345 345 wsgicgi.launch(self)
346 346
347 347 def __call__(self, env, respond):
348 348 baseurl = self.ui.config('web', 'baseurl')
349 349 req = requestmod.parserequestfromenv(env, altbaseurl=baseurl)
350 350 res = requestmod.wsgiresponse(req, respond)
351 351
352 352 return self.run_wsgi(req, res)
353 353
354 354 def run_wsgi(self, req, res):
355 355 profile = self.ui.configbool('profiling', 'enabled')
356 356 with profiling.profile(self.ui, enabled=profile):
357 357 try:
358 358 for r in self._runwsgi(req, res):
359 359 yield r
360 360 finally:
361 361 # There are known cycles in localrepository that prevent
362 362 # those objects (and tons of held references) from being
363 363 # collected through normal refcounting. We mitigate those
364 364 # leaks by performing an explicit GC on every request.
365 365 # TODO remove this once leaks are fixed.
366 366 # TODO only run this on requests that create localrepository
367 367 # instances instead of every request.
368 368 gc.collect()
369 369
370 370 def _runwsgi(self, req, res):
371 371 try:
372 372 self.refresh()
373 373
374 374 csp, nonce = cspvalues(self.ui)
375 375 if csp:
376 376 res.headers['Content-Security-Policy'] = csp
377 377
378 378 virtual = req.dispatchpath.strip('/')
379 379 tmpl = self.templater(req, nonce)
380 380 ctype = tmpl.render('mimetype', {'encoding': encoding.encoding})
381 381
382 382 # Global defaults. These can be overridden by any handler.
383 383 res.status = '200 Script output follows'
384 384 res.headers['Content-Type'] = ctype
385 385
386 386 # a static file
387 387 if virtual.startswith('static/') or 'static' in req.qsparams:
388 388 if virtual.startswith('static/'):
389 389 fname = virtual[7:]
390 390 else:
391 391 fname = req.qsparams['static']
392 392 static = self.ui.config("web", "static", untrusted=False)
393 393 if not static:
394 394 tp = self.templatepath or templater.templatepaths()
395 395 if isinstance(tp, str):
396 396 tp = [tp]
397 397 static = [os.path.join(p, 'static') for p in tp]
398 398
399 399 staticfile(static, fname, res)
400 400 return res.sendresponse()
401 401
402 402 # top-level index
403 403
404 404 repos = dict(self.repos)
405 405
406 406 if (not virtual or virtual == 'index') and virtual not in repos:
407 407 return self.makeindex(req, res, tmpl)
408 408
409 409 # nested indexes and hgwebs
410 410
411 411 if virtual.endswith('/index') and virtual not in repos:
412 412 subdir = virtual[:-len('index')]
413 413 if any(r.startswith(subdir) for r in repos):
414 414 return self.makeindex(req, res, tmpl, subdir)
415 415
416 416 def _virtualdirs():
417 417 # Check the full virtual path, each parent, and the root ('')
418 418 if virtual != '':
419 419 yield virtual
420 420
421 421 for p in util.finddirs(virtual):
422 422 yield p
423 423
424 424 yield ''
425 425
426 426 for virtualrepo in _virtualdirs():
427 427 real = repos.get(virtualrepo)
428 428 if real:
429 429 # Re-parse the WSGI environment to take into account our
430 430 # repository path component.
431 431 uenv = req.rawenv
432 432 if pycompat.ispy3:
433 433 uenv = {k.decode('latin1'): v for k, v in
434 434 uenv.iteritems()}
435 435 req = requestmod.parserequestfromenv(
436 436 uenv, reponame=virtualrepo,
437 437 altbaseurl=self.ui.config('web', 'baseurl'),
438 438 # Reuse wrapped body file object otherwise state
439 439 # tracking can get confused.
440 440 bodyfh=req.bodyfh)
441 441 try:
442 442 # ensure caller gets private copy of ui
443 443 repo = hg.repository(self.ui.copy(), real)
444 444 return hgweb_mod.hgweb(repo).run_wsgi(req, res)
445 445 except IOError as inst:
446 446 msg = encoding.strtolocal(inst.strerror)
447 447 raise ErrorResponse(HTTP_SERVER_ERROR, msg)
448 448 except error.RepoError as inst:
449 449 raise ErrorResponse(HTTP_SERVER_ERROR, bytes(inst))
450 450
451 451 # browse subdirectories
452 452 subdir = virtual + '/'
453 453 if [r for r in repos if r.startswith(subdir)]:
454 454 return self.makeindex(req, res, tmpl, subdir)
455 455
456 456 # prefixes not found
457 457 res.status = '404 Not Found'
458 458 res.setbodygen(tmpl.generate('notfound', {'repo': virtual}))
459 459 return res.sendresponse()
460 460
461 461 except ErrorResponse as e:
462 462 res.status = statusmessage(e.code, pycompat.bytestr(e))
463 463 res.setbodygen(tmpl.generate('error', {'error': e.message or ''}))
464 464 return res.sendresponse()
465 465 finally:
466 466 tmpl = None
467 467
468 468 def makeindex(self, req, res, tmpl, subdir=""):
469 469 self.refresh()
470 470 sortable = ["name", "description", "contact", "lastchange"]
471 471 sortcolumn, descending = None, False
472 472 if 'sort' in req.qsparams:
473 473 sortcolumn = req.qsparams['sort']
474 474 descending = sortcolumn.startswith('-')
475 475 if descending:
476 476 sortcolumn = sortcolumn[1:]
477 477 if sortcolumn not in sortable:
478 478 sortcolumn = ""
479 479
480 480 sort = [("sort_%s" % column,
481 481 "%s%s" % ((not descending and column == sortcolumn)
482 482 and "-" or "", column))
483 483 for column in sortable]
484 484
485 485 self.refresh()
486 486
487 487 entries = indexentries(self.ui, self.repos, req,
488 488 self.stripecount, sortcolumn=sortcolumn,
489 489 descending=descending, subdir=subdir)
490 490
491 491 mapping = {
492 492 'entries': entries,
493 493 'subdir': subdir,
494 494 'pathdef': hgweb_mod.makebreadcrumb('/' + subdir, self.prefix),
495 495 'sortcolumn': sortcolumn,
496 496 'descending': descending,
497 497 }
498 498 mapping.update(sort)
499 499 res.setbodygen(tmpl.generate('index', mapping))
500 500 return res.sendresponse()
501 501
502 502 def templater(self, req, nonce):
503 503
504 504 def config(section, name, default=uimod._unset, untrusted=True):
505 505 return self.ui.config(section, name, default, untrusted)
506 506
507 507 vars = {}
508 508 styles, (style, mapfile) = hgweb_mod.getstyle(req, config,
509 509 self.templatepath)
510 510 if style == styles[0]:
511 511 vars['style'] = style
512 512
513 sessionvars = webutil.sessionvars(vars, r'?')
513 sessionvars = webutil.sessionvars(vars, '?')
514 514 logourl = config('web', 'logourl')
515 515 logoimg = config('web', 'logoimg')
516 516 staticurl = (config('web', 'staticurl')
517 517 or req.apppath.rstrip('/') + '/static/')
518 518 if not staticurl.endswith('/'):
519 519 staticurl += '/'
520 520
521 521 defaults = {
522 522 "encoding": encoding.encoding,
523 523 "url": req.apppath + '/',
524 524 "logourl": logourl,
525 525 "logoimg": logoimg,
526 526 "staticurl": staticurl,
527 527 "sessionvars": sessionvars,
528 528 "style": style,
529 529 "nonce": nonce,
530 530 }
531 531 templatekeyword = registrar.templatekeyword(defaults)
532 532 @templatekeyword('motd', requires=())
533 533 def motd(context, mapping):
534 534 if self.motd is not None:
535 535 yield self.motd
536 536 else:
537 537 yield config('web', 'motd')
538 538
539 539 tmpl = templater.templater.frommapfile(mapfile, defaults=defaults)
540 540 return tmpl
General Comments 0
You need to be logged in to leave comments. Login now