##// END OF EJS Templates
hgweb: move call to protocol handler outside of try..except...
Gregory Szorc -
r36003:e69e65b2 default
parent child Browse files
Show More
@@ -1,493 +1,494 b''
1 1 # hgweb/hgweb_mod.py - Web interface for a repository.
2 2 #
3 3 # Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>
4 4 # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
5 5 #
6 6 # This software may be used and distributed according to the terms of the
7 7 # GNU General Public License version 2 or any later version.
8 8
9 9 from __future__ import absolute_import
10 10
11 11 import contextlib
12 12 import os
13 13
14 14 from .common import (
15 15 ErrorResponse,
16 16 HTTP_BAD_REQUEST,
17 17 HTTP_NOT_FOUND,
18 18 HTTP_NOT_MODIFIED,
19 19 HTTP_OK,
20 20 HTTP_SERVER_ERROR,
21 21 caching,
22 22 cspvalues,
23 23 permhooks,
24 24 )
25 25 from .request import wsgirequest
26 26
27 27 from .. import (
28 28 encoding,
29 29 error,
30 30 hg,
31 31 hook,
32 32 profiling,
33 33 pycompat,
34 34 repoview,
35 35 templatefilters,
36 36 templater,
37 37 ui as uimod,
38 38 util,
39 39 wireprotoserver,
40 40 )
41 41
42 42 from . import (
43 43 webcommands,
44 44 webutil,
45 45 wsgicgi,
46 46 )
47 47
48 48 perms = {
49 49 'changegroup': 'pull',
50 50 'changegroupsubset': 'pull',
51 51 'getbundle': 'pull',
52 52 'stream_out': 'pull',
53 53 'listkeys': 'pull',
54 54 'unbundle': 'push',
55 55 'pushkey': 'push',
56 56 }
57 57
58 58 archivespecs = util.sortdict((
59 59 ('zip', ('application/zip', 'zip', '.zip', None)),
60 60 ('gz', ('application/x-gzip', 'tgz', '.tar.gz', None)),
61 61 ('bz2', ('application/x-bzip2', 'tbz2', '.tar.bz2', None)),
62 62 ))
63 63
64 64 def getstyle(req, configfn, templatepath):
65 65 fromreq = req.form.get('style', [None])[0]
66 66 if fromreq is not None:
67 67 fromreq = pycompat.sysbytes(fromreq)
68 68 styles = (
69 69 fromreq,
70 70 configfn('web', 'style'),
71 71 'paper',
72 72 )
73 73 return styles, templater.stylemap(styles, templatepath)
74 74
75 75 def makebreadcrumb(url, prefix=''):
76 76 '''Return a 'URL breadcrumb' list
77 77
78 78 A 'URL breadcrumb' is a list of URL-name pairs,
79 79 corresponding to each of the path items on a URL.
80 80 This can be used to create path navigation entries.
81 81 '''
82 82 if url.endswith('/'):
83 83 url = url[:-1]
84 84 if prefix:
85 85 url = '/' + prefix + url
86 86 relpath = url
87 87 if relpath.startswith('/'):
88 88 relpath = relpath[1:]
89 89
90 90 breadcrumb = []
91 91 urlel = url
92 92 pathitems = [''] + relpath.split('/')
93 93 for pathel in reversed(pathitems):
94 94 if not pathel or not urlel:
95 95 break
96 96 breadcrumb.append({'url': urlel, 'name': pathel})
97 97 urlel = os.path.dirname(urlel)
98 98 return reversed(breadcrumb)
99 99
100 100 class requestcontext(object):
101 101 """Holds state/context for an individual request.
102 102
103 103 Servers can be multi-threaded. Holding state on the WSGI application
104 104 is prone to race conditions. Instances of this class exist to hold
105 105 mutable and race-free state for requests.
106 106 """
107 107 def __init__(self, app, repo):
108 108 self.repo = repo
109 109 self.reponame = app.reponame
110 110
111 111 self.archivespecs = archivespecs
112 112
113 113 self.maxchanges = self.configint('web', 'maxchanges')
114 114 self.stripecount = self.configint('web', 'stripes')
115 115 self.maxshortchanges = self.configint('web', 'maxshortchanges')
116 116 self.maxfiles = self.configint('web', 'maxfiles')
117 117 self.allowpull = self.configbool('web', 'allow-pull')
118 118
119 119 # we use untrusted=False to prevent a repo owner from using
120 120 # web.templates in .hg/hgrc to get access to any file readable
121 121 # by the user running the CGI script
122 122 self.templatepath = self.config('web', 'templates', untrusted=False)
123 123
124 124 # This object is more expensive to build than simple config values.
125 125 # It is shared across requests. The app will replace the object
126 126 # if it is updated. Since this is a reference and nothing should
127 127 # modify the underlying object, it should be constant for the lifetime
128 128 # of the request.
129 129 self.websubtable = app.websubtable
130 130
131 131 self.csp, self.nonce = cspvalues(self.repo.ui)
132 132
133 133 # Trust the settings from the .hg/hgrc files by default.
134 134 def config(self, section, name, default=uimod._unset, untrusted=True):
135 135 return self.repo.ui.config(section, name, default,
136 136 untrusted=untrusted)
137 137
138 138 def configbool(self, section, name, default=uimod._unset, untrusted=True):
139 139 return self.repo.ui.configbool(section, name, default,
140 140 untrusted=untrusted)
141 141
142 142 def configint(self, section, name, default=uimod._unset, untrusted=True):
143 143 return self.repo.ui.configint(section, name, default,
144 144 untrusted=untrusted)
145 145
146 146 def configlist(self, section, name, default=uimod._unset, untrusted=True):
147 147 return self.repo.ui.configlist(section, name, default,
148 148 untrusted=untrusted)
149 149
150 150 def archivelist(self, nodeid):
151 151 allowed = self.configlist('web', 'allow_archive')
152 152 for typ, spec in self.archivespecs.iteritems():
153 153 if typ in allowed or self.configbool('web', 'allow%s' % typ):
154 154 yield {'type': typ, 'extension': spec[2], 'node': nodeid}
155 155
156 156 def templater(self, req):
157 157 # determine scheme, port and server name
158 158 # this is needed to create absolute urls
159 159
160 160 proto = req.env.get('wsgi.url_scheme')
161 161 if proto == 'https':
162 162 proto = 'https'
163 163 default_port = '443'
164 164 else:
165 165 proto = 'http'
166 166 default_port = '80'
167 167
168 168 port = req.env[r'SERVER_PORT']
169 169 port = port != default_port and (r':' + port) or r''
170 170 urlbase = r'%s://%s%s' % (proto, req.env[r'SERVER_NAME'], port)
171 171 logourl = self.config('web', 'logourl')
172 172 logoimg = self.config('web', 'logoimg')
173 173 staticurl = self.config('web', 'staticurl') or req.url + 'static/'
174 174 if not staticurl.endswith('/'):
175 175 staticurl += '/'
176 176
177 177 # some functions for the templater
178 178
179 179 def motd(**map):
180 180 yield self.config('web', 'motd')
181 181
182 182 # figure out which style to use
183 183
184 184 vars = {}
185 185 styles, (style, mapfile) = getstyle(req, self.config,
186 186 self.templatepath)
187 187 if style == styles[0]:
188 188 vars['style'] = style
189 189
190 190 start = '&' if req.url[-1] == r'?' else '?'
191 191 sessionvars = webutil.sessionvars(vars, start)
192 192
193 193 if not self.reponame:
194 194 self.reponame = (self.config('web', 'name', '')
195 195 or req.env.get('REPO_NAME')
196 196 or req.url.strip('/') or self.repo.root)
197 197
198 198 def websubfilter(text):
199 199 return templatefilters.websub(text, self.websubtable)
200 200
201 201 # create the templater
202 202
203 203 defaults = {
204 204 'url': req.url,
205 205 'logourl': logourl,
206 206 'logoimg': logoimg,
207 207 'staticurl': staticurl,
208 208 'urlbase': urlbase,
209 209 'repo': self.reponame,
210 210 'encoding': encoding.encoding,
211 211 'motd': motd,
212 212 'sessionvars': sessionvars,
213 213 'pathdef': makebreadcrumb(req.url),
214 214 'style': style,
215 215 'nonce': self.nonce,
216 216 }
217 217 tmpl = templater.templater.frommapfile(mapfile,
218 218 filters={'websub': websubfilter},
219 219 defaults=defaults)
220 220 return tmpl
221 221
222 222
223 223 class hgweb(object):
224 224 """HTTP server for individual repositories.
225 225
226 226 Instances of this class serve HTTP responses for a particular
227 227 repository.
228 228
229 229 Instances are typically used as WSGI applications.
230 230
231 231 Some servers are multi-threaded. On these servers, there may
232 232 be multiple active threads inside __call__.
233 233 """
234 234 def __init__(self, repo, name=None, baseui=None):
235 235 if isinstance(repo, str):
236 236 if baseui:
237 237 u = baseui.copy()
238 238 else:
239 239 u = uimod.ui.load()
240 240 r = hg.repository(u, repo)
241 241 else:
242 242 # we trust caller to give us a private copy
243 243 r = repo
244 244
245 245 r.ui.setconfig('ui', 'report_untrusted', 'off', 'hgweb')
246 246 r.baseui.setconfig('ui', 'report_untrusted', 'off', 'hgweb')
247 247 r.ui.setconfig('ui', 'nontty', 'true', 'hgweb')
248 248 r.baseui.setconfig('ui', 'nontty', 'true', 'hgweb')
249 249 # resolve file patterns relative to repo root
250 250 r.ui.setconfig('ui', 'forcecwd', r.root, 'hgweb')
251 251 r.baseui.setconfig('ui', 'forcecwd', r.root, 'hgweb')
252 252 # displaying bundling progress bar while serving feel wrong and may
253 253 # break some wsgi implementation.
254 254 r.ui.setconfig('progress', 'disable', 'true', 'hgweb')
255 255 r.baseui.setconfig('progress', 'disable', 'true', 'hgweb')
256 256 self._repos = [hg.cachedlocalrepo(self._webifyrepo(r))]
257 257 self._lastrepo = self._repos[0]
258 258 hook.redirect(True)
259 259 self.reponame = name
260 260
261 261 def _webifyrepo(self, repo):
262 262 repo = getwebview(repo)
263 263 self.websubtable = webutil.getwebsubs(repo)
264 264 return repo
265 265
266 266 @contextlib.contextmanager
267 267 def _obtainrepo(self):
268 268 """Obtain a repo unique to the caller.
269 269
270 270 Internally we maintain a stack of cachedlocalrepo instances
271 271 to be handed out. If one is available, we pop it and return it,
272 272 ensuring it is up to date in the process. If one is not available,
273 273 we clone the most recently used repo instance and return it.
274 274
275 275 It is currently possible for the stack to grow without bounds
276 276 if the server allows infinite threads. However, servers should
277 277 have a thread limit, thus establishing our limit.
278 278 """
279 279 if self._repos:
280 280 cached = self._repos.pop()
281 281 r, created = cached.fetch()
282 282 else:
283 283 cached = self._lastrepo.copy()
284 284 r, created = cached.fetch()
285 285 if created:
286 286 r = self._webifyrepo(r)
287 287
288 288 self._lastrepo = cached
289 289 self.mtime = cached.mtime
290 290 try:
291 291 yield r
292 292 finally:
293 293 self._repos.append(cached)
294 294
295 295 def run(self):
296 296 """Start a server from CGI environment.
297 297
298 298 Modern servers should be using WSGI and should avoid this
299 299 method, if possible.
300 300 """
301 301 if not encoding.environ.get('GATEWAY_INTERFACE',
302 302 '').startswith("CGI/1."):
303 303 raise RuntimeError("This function is only intended to be "
304 304 "called while running as a CGI script.")
305 305 wsgicgi.launch(self)
306 306
307 307 def __call__(self, env, respond):
308 308 """Run the WSGI application.
309 309
310 310 This may be called by multiple threads.
311 311 """
312 312 req = wsgirequest(env, respond)
313 313 return self.run_wsgi(req)
314 314
315 315 def run_wsgi(self, req):
316 316 """Internal method to run the WSGI application.
317 317
318 318 This is typically only called by Mercurial. External consumers
319 319 should be using instances of this class as the WSGI application.
320 320 """
321 321 with self._obtainrepo() as repo:
322 322 profile = repo.ui.configbool('profiling', 'enabled')
323 323 with profiling.profile(repo.ui, enabled=profile):
324 324 for r in self._runwsgi(req, repo):
325 325 yield r
326 326
327 327 def _runwsgi(self, req, repo):
328 328 rctx = requestcontext(self, repo)
329 329
330 330 # This state is global across all threads.
331 331 encoding.encoding = rctx.config('web', 'encoding')
332 332 rctx.repo.ui.environ = req.env
333 333
334 334 if rctx.csp:
335 335 # hgwebdir may have added CSP header. Since we generate our own,
336 336 # replace it.
337 337 req.headers = [h for h in req.headers
338 338 if h[0] != 'Content-Security-Policy']
339 339 req.headers.append(('Content-Security-Policy', rctx.csp))
340 340
341 341 # work with CGI variables to create coherent structure
342 342 # use SCRIPT_NAME, PATH_INFO and QUERY_STRING as well as our REPO_NAME
343 343
344 344 req.url = req.env[r'SCRIPT_NAME']
345 345 if not req.url.endswith('/'):
346 346 req.url += '/'
347 347 if req.env.get('REPO_NAME'):
348 348 req.url += req.env[r'REPO_NAME'] + r'/'
349 349
350 350 if r'PATH_INFO' in req.env:
351 351 parts = req.env[r'PATH_INFO'].strip('/').split('/')
352 352 repo_parts = req.env.get(r'REPO_NAME', r'').split(r'/')
353 353 if parts[:len(repo_parts)] == repo_parts:
354 354 parts = parts[len(repo_parts):]
355 355 query = '/'.join(parts)
356 356 else:
357 357 query = req.env[r'QUERY_STRING'].partition(r'&')[0]
358 358 query = query.partition(r';')[0]
359 359
360 360 # Route it to a wire protocol handler if it looks like a wire protocol
361 361 # request.
362 362 protohandler = wireprotoserver.parsehttprequest(rctx.repo, req, query)
363 363
364 364 if protohandler:
365 365 cmd = protohandler['cmd']
366 366 try:
367 367 if query:
368 368 raise ErrorResponse(HTTP_NOT_FOUND)
369 369 if cmd in perms:
370 370 self.check_perm(rctx, req, perms[cmd])
371 return protohandler['dispatch']()
372 371 except ErrorResponse as inst:
373 372 # A client that sends unbundle without 100-continue will
374 373 # break if we respond early.
375 374 if (cmd == 'unbundle' and
376 375 (req.env.get('HTTP_EXPECT',
377 376 '').lower() != '100-continue') or
378 377 req.env.get('X-HgHttp2', '')):
379 378 req.drain()
380 379 else:
381 380 req.headers.append((r'Connection', r'Close'))
382 381 req.respond(inst, wireprotoserver.HGTYPE,
383 382 body='0\n%s\n' % inst)
384 383 return ''
385 384
385 return protohandler['dispatch']()
386
386 387 # translate user-visible url structure to internal structure
387 388
388 389 args = query.split('/', 2)
389 390 if r'cmd' not in req.form and args and args[0]:
390 391 cmd = args.pop(0)
391 392 style = cmd.rfind('-')
392 393 if style != -1:
393 394 req.form['style'] = [cmd[:style]]
394 395 cmd = cmd[style + 1:]
395 396
396 397 # avoid accepting e.g. style parameter as command
397 398 if util.safehasattr(webcommands, cmd):
398 399 req.form[r'cmd'] = [cmd]
399 400
400 401 if cmd == 'static':
401 402 req.form['file'] = ['/'.join(args)]
402 403 else:
403 404 if args and args[0]:
404 405 node = args.pop(0).replace('%2F', '/')
405 406 req.form['node'] = [node]
406 407 if args:
407 408 req.form['file'] = args
408 409
409 410 ua = req.env.get('HTTP_USER_AGENT', '')
410 411 if cmd == 'rev' and 'mercurial' in ua:
411 412 req.form['style'] = ['raw']
412 413
413 414 if cmd == 'archive':
414 415 fn = req.form['node'][0]
415 416 for type_, spec in rctx.archivespecs.iteritems():
416 417 ext = spec[2]
417 418 if fn.endswith(ext):
418 419 req.form['node'] = [fn[:-len(ext)]]
419 420 req.form['type'] = [type_]
420 421 else:
421 422 cmd = pycompat.sysbytes(req.form.get(r'cmd', [r''])[0])
422 423
423 424 # process the web interface request
424 425
425 426 try:
426 427 tmpl = rctx.templater(req)
427 428 ctype = tmpl('mimetype', encoding=encoding.encoding)
428 429 ctype = templater.stringify(ctype)
429 430
430 431 # check read permissions non-static content
431 432 if cmd != 'static':
432 433 self.check_perm(rctx, req, None)
433 434
434 435 if cmd == '':
435 436 req.form[r'cmd'] = [tmpl.cache['default']]
436 437 cmd = req.form[r'cmd'][0]
437 438
438 439 # Don't enable caching if using a CSP nonce because then it wouldn't
439 440 # be a nonce.
440 441 if rctx.configbool('web', 'cache') and not rctx.nonce:
441 442 caching(self, req) # sets ETag header or raises NOT_MODIFIED
442 443 if cmd not in webcommands.__all__:
443 444 msg = 'no such method: %s' % cmd
444 445 raise ErrorResponse(HTTP_BAD_REQUEST, msg)
445 446 elif cmd == 'file' and r'raw' in req.form.get(r'style', []):
446 447 rctx.ctype = ctype
447 448 content = webcommands.rawfile(rctx, req, tmpl)
448 449 else:
449 450 content = getattr(webcommands, cmd)(rctx, req, tmpl)
450 451 req.respond(HTTP_OK, ctype)
451 452
452 453 return content
453 454
454 455 except (error.LookupError, error.RepoLookupError) as err:
455 456 req.respond(HTTP_NOT_FOUND, ctype)
456 457 msg = str(err)
457 458 if (util.safehasattr(err, 'name') and
458 459 not isinstance(err, error.ManifestLookupError)):
459 460 msg = 'revision not found: %s' % err.name
460 461 return tmpl('error', error=msg)
461 462 except (error.RepoError, error.RevlogError) as inst:
462 463 req.respond(HTTP_SERVER_ERROR, ctype)
463 464 return tmpl('error', error=str(inst))
464 465 except ErrorResponse as inst:
465 466 req.respond(inst, ctype)
466 467 if inst.code == HTTP_NOT_MODIFIED:
467 468 # Not allowed to return a body on a 304
468 469 return ['']
469 470 return tmpl('error', error=str(inst))
470 471
471 472 def check_perm(self, rctx, req, op):
472 473 for permhook in permhooks:
473 474 permhook(rctx, req, op)
474 475
475 476 def getwebview(repo):
476 477 """The 'web.view' config controls changeset filter to hgweb. Possible
477 478 values are ``served``, ``visible`` and ``all``. Default is ``served``.
478 479 The ``served`` filter only shows changesets that can be pulled from the
479 480 hgweb instance. The``visible`` filter includes secret changesets but
480 481 still excludes "hidden" one.
481 482
482 483 See the repoview module for details.
483 484
484 485 The option has been around undocumented since Mercurial 2.5, but no
485 486 user ever asked about it. So we better keep it undocumented for now."""
486 487 # experimental config: web.view
487 488 viewconfig = repo.ui.config('web', 'view', untrusted=True)
488 489 if viewconfig == 'all':
489 490 return repo.unfiltered()
490 491 elif viewconfig in repoview.filtertable:
491 492 return repo.filtered(viewconfig)
492 493 else:
493 494 return repo.filtered('served')
General Comments 0
You need to be logged in to leave comments. Login now