@@ -74,192 +74,194 @@ from rhodecode.lib.auth import authfunc,
from rhodecode.lib.utils import invalidate_cache, is_valid_repo
from rhodecode.model.db import User
from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
log = logging.getLogger(__name__)
def is_git(environ):
"""Returns True if request's target is git server.
``HTTP_USER_AGENT`` would then have git client version given.
:param environ:
"""
http_user_agent = environ.get('HTTP_USER_AGENT')
if http_user_agent and http_user_agent.startswith('git'):
return True
return False
class SimpleGit(object):
def __init__(self, application, config):
self.application = application
self.config = config
# base path of repo locations
self.basepath = self.config['base_path']
#authenticate this mercurial request using authfunc
self.authenticate = AuthBasicAuthenticator('', authfunc)
def __call__(self, environ, start_response):
if not is_git(environ):
return self.application(environ, start_response)
proxy_key = 'HTTP_X_REAL_IP'
def_key = 'REMOTE_ADDR'
ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
username = None
# skip passing error to error controller
environ['pylons.status_code_redirect'] = True
#======================================================================
# EXTRACT REPOSITORY NAME FROM ENV
try:
repo_name = self.__get_repository(environ)
log.debug('Extracted repo name is %s' % repo_name)
except:
return HTTPInternalServerError()(environ, start_response)
# GET ACTION PULL or PUSH
action = self.__get_action(environ)
# CHECK ANONYMOUS PERMISSION
if action in ['pull', 'push']:
anonymous_user = self.__get_user('default')
username = anonymous_user.username
anonymous_perm = self.__check_permission(action,
anonymous_user,
repo_name)
if anonymous_perm is not True or anonymous_user.active is False:
if anonymous_perm is not True:
log.debug('Not enough credentials to access this '
'repository as anonymous user')
if anonymous_user.active is False:
log.debug('Anonymous access is disabled, running '
'authentication')
#==============================================================
# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
if not REMOTE_USER(environ):
self.authenticate.realm = \
safe_str(self.config['rhodecode_realm'])
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
else:
return result.wsgi_application(environ, start_response)
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
# BASIC AUTH
username = REMOTE_USER(environ)
user = self.__get_user(username)
if user is None:
return HTTPForbidden()(environ, start_response)
username = user.username
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ,
start_response)
#check permissions for this repository
perm = self.__check_permission(action, user,
if perm is not True:
extras = {'ip': ipaddr,
'username': username,
'action': action,
'repository': repo_name}
#===================================================================
# GIT REQUEST HANDLING
repo_path = safe_str(os.path.join(self.basepath, repo_name))
log.debug('Repository path is %s' % repo_path)
# quick check if that dir exists...
if is_valid_repo(repo_name, self.basepath) is False:
return HTTPNotFound()(environ, start_response)
#invalidate cache on push
if action == 'push':
self.__invalidate_cache(repo_name)
app = self.__make_app(repo_name, repo_path)
return app(environ, start_response)
except Exception:
def __make_app(self, repo_name, repo_path):
Make an wsgi application using dulserver
:param repo_name: name of the repository
:param repo_path: full path to the repository
_d = {'/' + repo_name: Repo(repo_path)}
backend = dulserver.DictBackend(_d)
gitserve = HTTPGitApplication(backend)
return gitserve
def __check_permission(self, action, user, repo_name):
Checks permissions using action (push/pull) user and repository
name
:param action: push or pull action
:param user: user instance
:param repo_name: repository name
if not HasPermissionAnyMiddleware('repository.write',
'repository.admin')(user,
repo_name):
#any other action need at least read permission
if not HasPermissionAnyMiddleware('repository.read',
'repository.write',
def __get_repository(self, environ):
Get's repository name out of PATH_INFO header
:param environ: environ where PATH_INFO is stored
repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
if repo_name.endswith('/'):
repo_name = repo_name.rstrip('/')
raise
repo_name = repo_name.split('/')[0]
return repo_name
def __get_user(self, username):
return User.get_by_username(username)
@@ -40,192 +40,194 @@ from rhodecode.lib.utils import make_ui,
is_valid_repo, ui_sections
def is_mercurial(environ):
"""Returns True if request's target is mercurial server - header
``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.
http_accept = environ.get('HTTP_ACCEPT')
if http_accept and http_accept.startswith('application/mercurial'):
class SimpleHg(object):
self.ipaddr = '0.0.0.0'
if not is_mercurial(environ):
repo_name = environ['REPO_NAME'] = self.__get_repository(environ)
# MERCURIAL REQUEST HANDLING
baseui = make_ui('db')
self.__inject_extras(repo_path, baseui, extras)
app = self.__make_app(repo_path, baseui, extras)
except RepoError, e:
if str(e).find('not found') != -1:
def __make_app(self, repo_name, baseui, extras):
Make an wsgi application using hgweb, and inject generated baseui
instance, additionally inject some extras into ui object
return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)
Status change: