full_stack = true

static_files = true

## Internationalization (see setup documentation for details)

## By default, the languages requested by the browser are used if available, with English as default.

## Set i18n.enabled=false to disable automatic language choice.

#i18n.enabled = true

## To Force a language, set i18n.enabled=false and specify the language in i18n.lang.

## Valid values are the names of subdirectories in kallithea/i18n with a LC_MESSAGES/kallithea.mo

#i18n.lang = en

cache_dir = %(here)s/data

index_dir = %(here)s/data/index

## uncomment and set this path to use archive download cache

archive_cache_dir = %(here)s/data/tarballcache

## change this to unique ID for security

#app_instance_uuid = VERY-SECRET

app_instance_uuid = development-not-secret

## cut off limit for large diffs (size in bytes)

cut_off_limit = 256000

## always pretend the client connected using HTTPS (default false)

#force_https = true

## use Strict-Transport-Security headers (default false)

#use_htsts = true

## number of commits stats will parse on each iteration

commit_parse_limit = 25

## Path to Python executable to be used for git hooks.

## This value will be written inside the git hook scripts as the text

## after '#!' (shebang). When empty or not defined, the value of

## 'sys.executable' at the time of installation of the git hooks is

## used, which is correct in many cases but for example not when using uwsgi.

## If you change this setting, you should reinstall the Git hooks via

## Admin > Settings > Remap and Rescan.

#git_hook_interpreter = /srv/kallithea/venv/bin/python3

## path to git executable

git_path = git

## git rev filter option, --all is the default filter, if you need to

## hide all refs in changelog switch this to --branches --tags

#git_rev_filter = --branches --tags

for more info.

.. note::

   Make sure you run this command from the same virtualenv, and with the same

   user that Kallithea runs.

Proxy setups

------------

When Kallithea is processing HTTP requests from a user, it will see and use

some of the basic properties of the connection, both at the TCP/IP level and at

the HTTP level. The WSGI server will provide this information to Kallithea in

the "environment".

In some setups, a proxy server will take requests from users and forward

them to the actual Kallithea server. The proxy server will thus be the

immediate client of the Kallithea WSGI server, and Kallithea will basically see

it as such. To make sure Kallithea sees the request as it arrived from the

client to the proxy server, the proxy server must be configured to

somehow pass the original information on to Kallithea, and Kallithea must be

configured to pick that information up and trust it.

Kallithea will by default rely on its WSGI server to provide the IP of the

Kallithea will by default rely on finding the protocol (``http`` or ``https``)

in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts

the protocol of the client request in the ``X-Url-Scheme``,

``X-Forwarded-Scheme``, or ``X-Forwarded-Proto`` HTTP header,

Kallithea can be configured to trust these headers by setting::

    https_fixup = true

HTTPS support

-------------

Kallithea will by default generate URLs based on the WSGI environment.

Alternatively, you can use some special configuration settings to control

directly which scheme/protocol Kallithea will use when generating URLs:

- With ``https_fixup = true``, the scheme will be taken from the

  ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header

  (default ``http``).

- With ``force_https = true``, the scheme will be seen as ``https``.

- With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.

def render(template_path):

    return render_template({'url': url}, 'mako', template_path)

def _filter_proxy(ip):

    """

    HTTP_X_FORWARDED_FOR headers can have multiple IP addresses, with the

    leftmost being the original client. Each proxy that is forwarding the

    request will usually add the IP address it sees the request coming from.

    The client might have provided a fake leftmost value before hitting the

    first proxy, so if we have a proxy that is adding one IP address, we can

    only trust the rightmost address.

    """

    if ',' in ip:

        _ips = ip.split(',')

        _first_ip = _ips[-1].strip()

        log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)

        return _first_ip

    return ip

def get_ip_addr(environ):

def get_path_info(environ):

    """Return PATH_INFO from environ ... using tg.original_request if available.

    In Python 3 WSGI, PATH_INFO is a unicode str, but kind of contains encoded

    bytes. The code points are guaranteed to only use the lower 8 bit bits, and

    encoding the string with the 1:1 encoding latin1 will give the

    corresponding byte string ... which then can be decoded to proper unicode.

    """

    org_req = environ.get('tg.original_request')

    if org_req is not None:

        environ = org_req.environ

    return safe_str(environ['PATH_INFO'].encode('latin1'))

def log_in_user(user, remember, is_external_auth, ip_addr):

    """

    Log a `User` in and update session and cookies. If `remember` is True,

    the session cookie is set to expire in a year; otherwise, it expires at

    the end of the browser session.

    Returns populated `AuthUser` object.

    """

full_stack = true

static_files = true

<%text>##</%text> Internationalization (see setup documentation for details)

<%text>##</%text> By default, the languages requested by the browser are used if available, with English as default.

<%text>##</%text> Set i18n.enabled=false to disable automatic language choice.

#i18n.enabled = true

<%text>##</%text> To Force a language, set i18n.enabled=false and specify the language in i18n.lang.

<%text>##</%text> Valid values are the names of subdirectories in kallithea/i18n with a LC_MESSAGES/kallithea.mo

#i18n.lang = en

cache_dir = %(here)s/data

index_dir = %(here)s/data/index

<%text>##</%text> uncomment and set this path to use archive download cache

archive_cache_dir = %(here)s/data/tarballcache

<%text>##</%text> change this to unique ID for security

app_instance_uuid = ${uuid()}

<%text>##</%text> cut off limit for large diffs (size in bytes)

cut_off_limit = 256000

<%text>##</%text> always pretend the client connected using HTTPS (default false)

#force_https = true

<%text>##</%text> use Strict-Transport-Security headers (default false)

#use_htsts = true

<%text>##</%text> number of commits stats will parse on each iteration

commit_parse_limit = 25

<%text>##</%text> Path to Python executable to be used for git hooks.

<%text>##</%text> This value will be written inside the git hook scripts as the text

<%text>##</%text> after '#!' (shebang). When empty or not defined, the value of

<%text>##</%text> 'sys.executable' at the time of installation of the git hooks is

<%text>##</%text> used, which is correct in many cases but for example not when using uwsgi.

<%text>##</%text> If you change this setting, you should reinstall the Git hooks via

<%text>##</%text> Admin > Settings > Remap and Rescan.

#git_hook_interpreter = /srv/kallithea/venv/bin/python3

%if git_hook_interpreter:

git_hook_interpreter = ${git_hook_interpreter}

%endif

<%text>##</%text> path to git executable

git_path = git