@@ -42,163 +42,169 @@ class SimpleGitUploadPackHandler(dulserv
if len(objects_iter) == 0:
return
self.progress("counting objects: %d, done.\n" % len(objects_iter))
dulserver.write_pack_data(dulserver.ProtocolFile(None, write), objects_iter,
len(objects_iter))
messages = []
messages.append('thank you for using rhodecode')
for msg in messages:
self.progress(msg + "\n")
# we are done
self.proto.write("0000")
dulserver.DEFAULT_HANDLERS = {
'git-upload-pack': SimpleGitUploadPackHandler,
'git-receive-pack': dulserver.ReceivePackHandler,
}
from dulwich.repo import Repo
from dulwich.web import HTTPGitApplication
from paste.auth.basic import AuthBasicAuthenticator
from paste.httpheaders import REMOTE_USER, AUTH_TYPE
from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware
from rhodecode.lib.utils import action_logger, is_git, invalidate_cache, \
check_repo_fast
from rhodecode.lib.utils import is_git, invalidate_cache, check_repo_fast
from rhodecode.model.user import UserModel
from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
import logging
import os
import traceback
log = logging.getLogger(__name__)
class SimpleGit(object):
def __init__(self, application, config):
self.application = application
self.config = config
#authenticate this git request using
self.authenticate = AuthBasicAuthenticator('', authfunc)
self.ipaddr = '0.0.0.0'
self.repository = None
self.username = None
self.action = None
def __call__(self, environ, start_response):
if not is_git(environ):
return self.application(environ, start_response)
proxy_key = 'HTTP_X_REAL_IP'
def_key = 'REMOTE_ADDR'
self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
#===================================================================
# AUTHENTICATE THIS GIT REQUEST
username = REMOTE_USER(environ)
if not username:
self.authenticate.realm = self.config['rhodecode_realm']
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
else:
return result.wsgi_application(environ, start_response)
#=======================================================================
# GET REPOSITORY
try:
self.repo_name = environ['PATH_INFO'].split('/')[1]
if self.repo_name.endswith('/'):
self.repo_name = self.repo_name.rstrip('/')
repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
if repo_name.endswith('/'):
repo_name = repo_name.rstrip('/')
self.repository = repo_name
except:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
# CHECK PERMISSIONS FOR THIS REQUEST
action = self.__get_action(environ)
if action:
self.action = self.__get_action(environ)
if self.action:
username = self.__get_environ_user(environ)
user = self.__get_user(username)
self.username = user.username
#check permissions for this repository
if action == 'push':
if self.action == 'push':
if not HasPermissionAnyMiddleware('repository.write',
'repository.admin')\
(user, self.repo_name):
(user, repo_name):
return HTTPForbidden()(environ, start_response)
#any other action need at least read permission
if not HasPermissionAnyMiddleware('repository.read',
'repository.write',
#log action
if action in ('push', 'pull', 'clone'):
ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
self.__log_user_action(user, action, self.repo_name, ipaddr)
self.extras = {'ip':self.ipaddr,
'username':self.username,
'action':self.action,
'repository':self.repository}
# GIT REQUEST HANDLING
self.basepath = self.config['base_path']
self.repo_path = os.path.join(self.basepath, self.repo_name)
#quick check if that dir exists...
if check_repo_fast(self.repo_name, self.basepath):
return HTTPNotFound()(environ, start_response)
app = self.__make_app()
#invalidate cache on push
self.__invalidate_cache(self.repo_name)
return app(environ, start_response)
def __make_app(self):
backend = dulserver.DictBackend({'/' + self.repo_name: Repo(self.repo_path)})
gitserve = HTTPGitApplication(backend)
return gitserve
def __get_environ_user(self, environ):
return environ.get('REMOTE_USER')
def __get_user(self, username):
return UserModel().get_by_username(username, cache=True)
def __get_action(self, environ):
"""
Maps git request commands into a pull or push command.
:param environ:
service = environ['QUERY_STRING'].split('=')
if len(service) > 1:
service_cmd = service[1]
mapping = {'git-receive-pack': 'push',
'git-upload-pack': 'pull',
return mapping.get(service_cmd, service_cmd if service_cmd else 'other')
return 'other'
def __log_user_action(self, user, action, repo, ipaddr):
action_logger(user, action, repo, ipaddr)
def __invalidate_cache(self, repo_name):
"""we know that some change was made to repositories and we should
invalidate the cache to see the changes right away but only for
push requests"""
invalidate_cache('cached_repo_list')
invalidate_cache('full_changelog', repo_name)
@@ -14,49 +14,48 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
Created on 2010-04-28
@author: marcink
SimpleHG middleware for handling mercurial protocol request (push/clone etc.)
It's implemented with basic auth function
from itertools import chain
from mercurial.error import RepoError
from mercurial.hgweb import hgweb
from mercurial.hgweb.request import wsgiapplication
from rhodecode.lib.utils import is_mercurial, make_ui, invalidate_cache, \
check_repo_fast, ui_sections
from rhodecode.lib.utils import action_logger
class SimpleHg(object):
#authenticate this mercurial request using
if not is_mercurial(environ):
@@ -99,49 +98,49 @@ class SimpleHg(object):
print self.extras
# MERCURIAL REQUEST HANDLING
environ['PATH_INFO'] = '/'#since we wrap into hgweb, reset the path
self.baseui = make_ui('db')
self.repo_path = os.path.join(self.basepath, repo_name)
if check_repo_fast(repo_name, self.basepath):
app = wsgiapplication(self.__make_app)
except RepoError, e:
if str(e).find('not found') != -1:
except Exception:
self.__invalidate_cache(repo_name)
Status change: