upstream/mercurial-mirror Files · mercurial/httpconnection.py

hgweb: use a capped reader for WSGI input stream...

hgweb: use a capped reader for WSGI input stream Per PEP 3333, the input stream from WSGI should respect EOF and prevent reads past the end of the request body. However, not all WSGI servers guarantee this. Notably, our BaseHTTPServer based built-in HTTP server doesn't. Instead, it exposes the raw socket and you can read() from it all you want, getting the connection in a bad state by doing so. We have a "cappedreader" utility class that proxies a file object and prevents reading past a limit. This commit converts the WSGI input stream into a capped reader when the input length is advertised via Content-Length headers. "cappedreader" only exposes a read() method. PEP 3333 states that the input stream MUST also support readline(), readlines(hint), and __iter__(). However, since our WSGI application code only calls read() and since we're not manipulating the stream exposed by the WSGI server, we're not violating the spec here. Differential Revision: https://phab.mercurial-scm.org/D2768

Augie Fackler - - Load All Authors

File last commit:

r36669:6b1eb4c6 default


                r36870:290fc4c3

default

Download file

             httpconnection.py
        
                    109 lines
            
             | 3.6 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / mercurial / httpconnection.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # httpconnection.py - urllib2 handler for new http support

      #

      # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>

      # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>

      # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>

      # Copyright 2011 Google, Inc.

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

      from __future__ import absolute_import

      import os

      from .i18n import _

      from . import (

          pycompat,

          util,

      )

      urlerr = util.urlerr

      urlreq = util.urlreq

      # moved here from url.py to avoid a cycle

      class httpsendfile(object):

          """This is a wrapper around the objects returned by python's "open".

          Its purpose is to send file-like objects via HTTP.

          It do however not define a __len__ attribute because the length

          might be more than Py_ssize_t can handle.

          """

          def __init__(self, ui, *args, **kwargs):

              self.ui = ui

              self._data = open(*args, **kwargs)

              self.seek = self._data.seek

              self.close = self._data.close

              self.write = self._data.write

              self.length = os.fstat(self._data.fileno()).st_size

              self._pos = 0

              self._total = self.length // 1024 * 2

          def read(self, *args, **kwargs):

              ret = self._data.read(*args, **kwargs)

              if not ret:

                  self.ui.progress(_('sending'), None)

                  return ret

              self._pos += len(ret)

              # We pass double the max for total because we currently have

              # to send the bundle twice in the case of a server that

              # requires authentication. Since we can't know until we try

              # once whether authentication will be required, just lie to

              # the user and maybe the push succeeds suddenly at 50%.

              self.ui.progress(_('sending'), self._pos // 1024,

                               unit=_('kb'), total=self._total)

              return ret

          def __enter__(self):

              return self

          def __exit__(self, exc_type, exc_val, exc_tb):

              self.close()

      # moved here from url.py to avoid a cycle

      def readauthforuri(ui, uri, user):

          uri = pycompat.bytesurl(uri)

          # Read configuration

          groups = {}

          for key, val in ui.configitems('auth'):

              if key in ('cookiefile',):

                  continue

              if '.' not in key:

                  ui.warn(_("ignoring invalid [auth] key '%s'\n") % key)

                  continue

              group, setting = key.rsplit('.', 1)

              gdict = groups.setdefault(group, {})

              if setting in ('username', 'cert', 'key'):

                  val = util.expandpath(val)

              gdict[setting] = val

          # Find the best match

          scheme, hostpath = uri.split('://', 1)

          bestuser = None

          bestlen = 0

          bestauth = None

          for group, auth in groups.iteritems():

              if user and user != auth.get('username', user):

                  # If a username was set in the URI, the entry username

                  # must either match it or be unset

                  continue

              prefix = auth.get('prefix')

              if not prefix:

                  continue

              p = prefix.split('://', 1)

              if len(p) > 1:

                  schemes, prefix = [p[0]], p[1]

              else:

                  schemes = (auth.get('schemes') or 'https').split()

              if (prefix == '*' or hostpath.startswith(prefix)) and \

                  (len(prefix) > bestlen or (len(prefix) == bestlen and \

                      not bestuser and 'username' in auth)) \

                   and scheme in schemes:

                  bestlen = len(prefix)

                  bestauth = group, auth

                  bestuser = auth.get('username')

                  if user and not bestuser:

                      auth['username'] = user

          return bestauth

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# httpconnection.py - urllib2 handler for new http support
				#
				# Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
				# Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
				# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
				# Copyright 2011 Google, Inc.
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.

				from __future__ import absolute_import

				import os

				from .i18n import _
				from . import (
				pycompat,
				util,
				)

				urlerr = util.urlerr
				urlreq = util.urlreq

				# moved here from url.py to avoid a cycle
				class httpsendfile(object):
				"""This is a wrapper around the objects returned by python's "open".

				Its purpose is to send file-like objects via HTTP.
				It do however not define a __len__ attribute because the length
				might be more than Py_ssize_t can handle.
				"""

				def __init__(self, ui, args, *kwargs):
				self.ui = ui
				self._data = open(args, *kwargs)
				self.seek = self._data.seek
				self.close = self._data.close
				self.write = self._data.write
				self.length = os.fstat(self._data.fileno()).st_size
				self._pos = 0
				self._total = self.length // 1024 * 2

				def read(self, args, *kwargs):
				ret = self._data.read(args, *kwargs)
				if not ret:
				self.ui.progress(_('sending'), None)
				return ret
				self._pos += len(ret)
				# We pass double the max for total because we currently have
				# to send the bundle twice in the case of a server that
				# requires authentication. Since we can't know until we try
				# once whether authentication will be required, just lie to
				# the user and maybe the push succeeds suddenly at 50%.
				self.ui.progress(_('sending'), self._pos // 1024,
				unit=_('kb'), total=self._total)
				return ret

				def __enter__(self):
				return self

				def __exit__(self, exc_type, exc_val, exc_tb):
				self.close()

				# moved here from url.py to avoid a cycle
				def readauthforuri(ui, uri, user):
				uri = pycompat.bytesurl(uri)
				# Read configuration
				groups = {}
				for key, val in ui.configitems('auth'):
				if key in ('cookiefile',):
				continue

				if '.' not in key:
				ui.warn(_("ignoring invalid [auth] key '%s'\n") % key)
				continue
				group, setting = key.rsplit('.', 1)
				gdict = groups.setdefault(group, {})
				if setting in ('username', 'cert', 'key'):
				val = util.expandpath(val)
				gdict[setting] = val

				# Find the best match
				scheme, hostpath = uri.split('://', 1)
				bestuser = None
				bestlen = 0
				bestauth = None
				for group, auth in groups.iteritems():
				if user and user != auth.get('username', user):
				# If a username was set in the URI, the entry username
				# must either match it or be unset
				continue
				prefix = auth.get('prefix')
				if not prefix:
				continue
				p = prefix.split('://', 1)
				if len(p) > 1:
				schemes, prefix = [p[0]], p[1]
				else:
				schemes = (auth.get('schemes') or 'https').split()
				if (prefix == '*' or hostpath.startswith(prefix)) and \
				(len(prefix) > bestlen or (len(prefix) == bestlen and \
				not bestuser and 'username' in auth)) \
				and scheme in schemes:
				bestlen = len(prefix)
				bestauth = group, auth
				bestuser = auth.get('username')
				if user and not bestuser:
				auth['username'] = user
				return bestauth