# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Helper functions

Consists of functions to typically be used within templates, but also

available to Controllers. This module is available to both as 'h'.

"""

import hashlib

import logging

import re

import textwrap

import urllib.parse

from beaker.cache import cache_region

from pygments import highlight as code_highlight

from pygments.formatters.html import HtmlFormatter

from tg import tmpl_context as c

from tg.i18n import ugettext as _

import kallithea

from kallithea.lib.annotate import annotate_highlight

#==============================================================================

# PERMS

#==============================================================================

from kallithea.lib.auth import HasPermissionAny, HasRepoGroupPermissionLevel, HasRepoPermissionLevel

from kallithea.lib.diffs import BIN_FILENODE, CHMOD_FILENODE, DEL_FILENODE, MOD_FILENODE, NEW_FILENODE, RENAMED_FILENODE

from kallithea.lib.pygmentsutils import get_custom_lexer

from kallithea.lib.utils2 import (AttributeDict, age, asbool, credentials_filter, fmt_date, link_to_ref, safe_bytes, safe_int, safe_str, shorter,

                                  time_to_datetime)

from kallithea.lib.vcs.backends.base import BaseChangeset, EmptyChangeset

from kallithea.lib.vcs.exceptions import ChangesetDoesNotExistError

#==============================================================================

# SCM FILTERS available via h.

#==============================================================================

from kallithea.lib.vcs.utils import author_email, author_name

from kallithea.lib.webutils import (HTML, MENTIONS_REGEX, Option, canonical_url, checkbox, chop_at, end_form, escape, form, format_byte_size, hidden,

                                    html_escape, js, jshtml, link_to, literal, password, pop_flash_messages, radio, reset, safeid, select,

from kallithea.model import db

from kallithea.model.changeset_status import ChangesetStatusModel

# mute pyflakes "imported but unused"

# from webutils

assert HTML

assert Option

assert canonical_url

assert checkbox

assert chop_at

assert end_form

assert form

assert format_byte_size

assert hidden

assert js

assert jshtml

assert password

assert pop_flash_messages

assert radio

assert reset

assert safeid

assert select

assert session_csrf_secret_name

assert session_csrf_secret_token

assert submit

assert text

assert textarea

assert wrap_paragraphs

# from kallithea.lib.auth

assert HasPermissionAny

assert HasRepoGroupPermissionLevel

assert HasRepoPermissionLevel

# from utils2

assert age

assert fmt_date

assert link_to_ref

assert shorter

assert time_to_datetime

# from vcs

assert EmptyChangeset

log = logging.getLogger(__name__)

def FID(raw_id, path):

    """

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.markup_renderer

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Renderer for markup languages with ability to parse using rst or markdown

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Oct 27, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import hashlib

import logging

import re

import traceback

import bleach

import markdown as markdown_mod

from docutils.core import publish_parts

from docutils.parsers.rst import directives

from kallithea.lib import webutils

log = logging.getLogger(__name__)

class MarkupRenderer(object):

    RESTRUCTUREDTEXT_DISALLOWED_DIRECTIVES = ['include', 'meta', 'raw']

    MARKDOWN_PAT = re.compile(r'md|mkdn?|mdown|markdown', re.IGNORECASE)

    RST_PAT = re.compile(r're?st', re.IGNORECASE)

    PLAIN_PAT = re.compile(r'readme', re.IGNORECASE)

    @classmethod

    def _detect_renderer(cls, source, filename):

        """

        runs detection of what renderer should be used for generating html

        from a markup language

        filename can be also explicitly a renderer name

        """

        if cls.MARKDOWN_PAT.findall(filename):

            return cls.markdown

        elif cls.RST_PAT.findall(filename):

            return cls.rst

        elif cls.PLAIN_PAT.findall(filename):

            return cls.rst

        return cls.plain

    @classmethod

    def _flavored_markdown(cls, text):

        """

        Github style flavored markdown

        :param text:

        """

        # Extract pre blocks.

        extractions = {}

        def pre_extraction_callback(matchobj):

            digest = hashlib.sha1(matchobj.group(0)).hexdigest()

            extractions[digest] = matchobj.group(0)

            return "{gfm-extraction-%s}" % digest

        pattern = re.compile(r'<pre>.*?</pre>', re.MULTILINE | re.DOTALL)

        text = re.sub(pattern, pre_extraction_callback, text)

        # Prevent foo_bar_baz from ending up with an italic word in the middle.

        def italic_callback(matchobj):

            s = matchobj.group(0)

            if list(s).count('_') >= 2:

                return s.replace('_', r'\_')

            return s

        """

        Renders a given filename using detected renderer

        it detects renderers based on file extension or mimetype.

        At last it will just do a simple html replacing new lines with <br/>

        >>> MarkupRenderer.render('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''', '.md')

        '<p><img id="a" src="http://example.com/test.jpg" style="color: red;"></p>'

        >>> MarkupRenderer.render('''<img class="c d" src="file://localhost/test.jpg">''', 'b.mkd')

        '<p><img class="c d"></p>'

        >>> MarkupRenderer.render('''<a href="foo">foo</a>''', 'c.mkdn')

        '<p><a href="foo">foo</a></p>'

        >>> MarkupRenderer.render('''<script>alert(1)</script>''', 'd.mdown')

        '<script>alert(1)</script>'

        >>> MarkupRenderer.render('''<div onclick="alert(2)">yo</div>''', 'markdown')

        '<div>yo</div>'

        >>> MarkupRenderer.render('''<a href="javascript:alert(3)">yo</a>''', 'md')

        '<p><a>yo</a></p>'

        """

        renderer = cls._detect_renderer(source, filename)

        readme_data = renderer(source)

        # Allow most HTML, while preventing XSS issues:

        # no <script> tags, no onclick attributes, no javascript

        # "protocol", and also limit styling to prevent defacing.

        return bleach.clean(readme_data,

            tags=['a', 'abbr', 'b', 'blockquote', 'br', 'code', 'dd',

                  'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5',

                  'h6', 'hr', 'i', 'img', 'li', 'ol', 'p', 'pre', 'span',

                  'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'th',

                  'thead', 'tr', 'ul'],

            attributes=['class', 'id', 'style', 'label', 'title', 'alt', 'href', 'src'],

            styles=['color'],

            protocols=['http', 'https', 'mailto'],

            )

    @classmethod

    def plain(cls, source, universal_newline=True):

        """

        >>> MarkupRenderer.plain('https://example.com/')

        '<br /><a href="https://example.com/">https://example.com/</a>'

        """

        if universal_newline:

            newline = '\n'

            source = newline.join(source.splitlines())

        def url_func(match_obj):

            url_full = match_obj.group(0)

            return '<a href="%(url)s">%(url)s</a>' % ({'url': url_full})

        return '<br />' + source.replace("\n", '<br />')

    @classmethod

    def markdown(cls, source, safe=True, flavored=False):

        """

        Convert Markdown (possibly GitHub Flavored) to INSECURE HTML, possibly

        with "safe" fall-back to plaintext. Output from this method should be sanitized before use.

        >>> MarkupRenderer.markdown('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''')

        '<p><img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg"></p>'

        >>> MarkupRenderer.markdown('''<img class="c d" src="file://localhost/test.jpg">''')

        '<p><img class="c d" src="file://localhost/test.jpg"></p>'

        >>> MarkupRenderer.markdown('''<a href="foo">foo</a>''')

        '<p><a href="foo">foo</a></p>'

        >>> MarkupRenderer.markdown('''<script>alert(1)</script>''')

        '<script>alert(1)</script>'

        >>> MarkupRenderer.markdown('''<div onclick="alert(2)">yo</div>''')

        '<div onclick="alert(2)">yo</div>'

        >>> MarkupRenderer.markdown('''<a href="javascript:alert(3)">yo</a>''')

        '<p><a href="javascript:alert(3)">yo</a></p>'

        >>> MarkupRenderer.markdown('''## Foo''')

        '<h2>Foo</h2>'

        >>> print(MarkupRenderer.markdown('''

        ...     #!/bin/bash

        ...     echo "hello"

        ... '''))

        <table class="code-highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1

        2</pre></div></td><td class="code"><div class="code-highlight"><pre><span></span><span class="ch">#!/bin/bash</span>

        <span class="nb">echo</span> <span class="s2">&quot;hello&quot;</span>

        </pre></div>

        </td></tr></table>

        """

        try:

            if flavored:

                source = cls._flavored_markdown(source)

            return markdown_mod.markdown(

                source,

                extensions=['markdown.extensions.codehilite', 'markdown.extensions.extra'],

                extension_configs={'markdown.extensions.codehilite': {'css_class': 'code-highlight'}})

        except Exception:

            log.error(traceback.format_exc())

            if safe:

                log.debug('Falling back to render in plain mode')

                return cls.plain(source)

            else:

                raise

    @classmethod

# Generic-ish formatting and markup

#

def js(value):

    """Convert Python value to the corresponding JavaScript representation.

    This is necessary to safely insert arbitrary values into HTML <script>

    sections e.g. using Mako template expression substitution.

    Note: Rather than using this function, it's preferable to avoid the

    insertion of values into HTML <script> sections altogether. Instead,

    data should (to the extent possible) be passed to JavaScript using

    data attributes or AJAX calls, eliminating the need for JS specific

    escaping.

    Note: This is not safe for use in attributes (e.g. onclick), because

    quotes are not escaped.

    Because the rules for parsing <script> varies between XHTML (where

    normal rules apply for any special characters) and HTML (where

    entities are not interpreted, but the literal string "</script>"

    is forbidden), the function ensures that the result never contains

    '&', '<' and '>', thus making it safe in both those contexts (but

    not in attributes).

    """

    return literal(

        ('(' + json.dumps(value) + ')')

        # In JSON, the following can only appear in string literals.

        .replace('&', r'\x26')

        .replace('<', r'\x3c')

        .replace('>', r'\x3e')

    )

def jshtml(val):

    """HTML escapes a string value, then converts the resulting string

    to its corresponding JavaScript representation (see `js`).

    This is used when a plain-text string (possibly containing special

    HTML characters) will be used by a script in an HTML context (e.g.

    element.innerHTML or jQuery's 'html' method).

    If in doubt, err on the side of using `jshtml` over `js`, since it's

    better to escape too much than too little.

    """

    return js(escape(val))

# Must match regexp in kallithea/public/js/base.js MentionsAutoComplete()

# Check char before @ - it must not look like we are in an email addresses.

# Matching is greedy so we don't have to look beyond the end.

MENTIONS_REGEX = re.compile(r'(?:^|(?<=[^a-zA-Z0-9]))@([a-zA-Z0-9][-_.a-zA-Z0-9]*[a-zA-Z0-9])')

def extract_mentioned_usernames(text):

    r"""

    Returns list of (possible) usernames @mentioned in given text.

    >>> extract_mentioned_usernames('@1-2.a_X,@1234 not@not @ddd@not @n @ee @ff @gg, @gg;@hh @n\n@zz,')

    ['1-2.a_X', '1234', 'ddd', 'ee', 'ff', 'gg', 'gg', 'hh', 'zz']

    """

    return MENTIONS_REGEX.findall(text)