"""The base Controller API
Provides the BaseController class for subclassing.
"""
import logging
import time
from paste.auth.basic import AuthBasicAuthenticator
from pylons import config, tmpl_context as c, request, session, url
from pylons.controllers import WSGIController
from pylons.controllers.util import redirect
from pylons.templating import render_mako as render
from rhodecode import __version__, BACKENDS
from rhodecode.lib import str2bool
from rhodecode.lib.auth import AuthUser, get_container_username
from rhodecode.lib.utils import get_repo_slug
from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\
HasPermissionAnyMiddleware
from rhodecode.lib.utils import get_repo_slug, invalidate_cache
from rhodecode.model import meta
from rhodecode.model.db import Repository
from rhodecode.model.notification import NotificationModel
from rhodecode.model.scm import ScmModel
log = logging.getLogger(__name__)
class BaseVCSController(object):
def __init__(self, application, config):
self.application = application
self.config = config
# base path of repo locations
self.basepath = self.config['base_path']
#authenticate this mercurial request using authfunc
self.authenticate = AuthBasicAuthenticator('', authfunc)
self.ipaddr = '0.0.0.0'
def _invalidate_cache(self, repo_name):
Set's cache for this repository for invalidation on next access
:param repo_name: full repo name, also a cache key
invalidate_cache('get_repo_cached_%s' % repo_name)
def _check_permission(self, action, user, repo_name):
Checks permissions using action (push/pull) user and repository
name
:param action: push or pull action
:param user: user instance
:param repo_name: repository name
if action == 'push':
if not HasPermissionAnyMiddleware('repository.write',
'repository.admin')(user,
repo_name):
return False
else:
#any other action need at least read permission
if not HasPermissionAnyMiddleware('repository.read',
'repository.write',
return True
def __call__(self, environ, start_response):
start = time.time()
try:
return self._handle_request(environ, start_response)
finally:
log = logging.getLogger(self.__class__.__name__)
log.debug('Request time: %.3fs' % (time.time() - start))
meta.Session.remove()
class BaseController(WSGIController):
def __before__(self):
c.rhodecode_version = __version__
c.rhodecode_name = config.get('rhodecode_title')
c.use_gravatar = str2bool(config.get('use_gravatar'))
@@ -27,13 +27,12 @@
import os
import traceback
from dulwich import server as dulserver
class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):
def handle(self):
write = lambda x: self.proto.write_sideband(1, x)
graph_walker = dulserver.ProtocolGraphWalker(self,
@@ -63,18 +62,18 @@ dulserver.DEFAULT_HANDLERS = {
'git-receive-pack': dulserver.ReceivePackHandler,
}
from dulwich.repo import Repo
from dulwich.web import HTTPGitApplication
from paste.httpheaders import REMOTE_USER, AUTH_TYPE
from rhodecode.lib import safe_str
from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware, get_container_username
from rhodecode.lib.utils import invalidate_cache, is_valid_repo
from rhodecode.lib.base import BaseVCSController
from rhodecode.lib.auth import get_container_username
from rhodecode.lib.utils import is_valid_repo
from rhodecode.model.db import User
from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
@@ -88,23 +87,15 @@ def is_git(environ):
http_user_agent = environ.get('HTTP_USER_AGENT')
if http_user_agent and http_user_agent.startswith('git'):
class SimpleGit(object):
class SimpleGit(BaseVCSController):
def _handle_request(self, environ, start_response):
if not is_git(environ):
return self.application(environ, start_response)
proxy_key = 'HTTP_X_REAL_IP'
def_key = 'REMOTE_ADDR'
ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
@@ -129,15 +120,14 @@ class SimpleGit(object):
#======================================================================
# CHECK ANONYMOUS PERMISSION
if action in ['pull', 'push']:
anonymous_user = self.__get_user('default')
username = anonymous_user.username
anonymous_perm = self.__check_permission(action,
anonymous_user,
repo_name)
anonymous_perm = self._check_permission(action,anonymous_user,
if anonymous_perm is not True or anonymous_user.active is False:
if anonymous_perm is not True:
log.debug('Not enough credentials to access this '
'repository as anonymous user')
if anonymous_user.active is False:
@@ -176,22 +166,17 @@ class SimpleGit(object):
except:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ,
start_response)
#check permissions for this repository
perm = self.__check_permission(action, user,
perm = self._check_permission(action, user,
if perm is not True:
return HTTPForbidden()(environ, start_response)
extras = {'ip': ipaddr,
'username': username,
'action': action,
'repository': repo_name}
#===================================================================
# GIT REQUEST HANDLING
repo_path = safe_str(os.path.join(self.basepath, repo_name))
log.debug('Repository path is %s' % repo_path)
@@ -200,13 +185,13 @@ class SimpleGit(object):
if is_valid_repo(repo_name, self.basepath) is False:
return HTTPNotFound()(environ, start_response)
#invalidate cache on push
self.__invalidate_cache(repo_name)
self._invalidate_cache(repo_name)
app = self.__make_app(repo_name, repo_path)
return app(environ, start_response)
except Exception:
return HTTPInternalServerError()(environ, start_response)
@@ -222,37 +207,12 @@ class SimpleGit(object):
_d = {'/' + repo_name: Repo(repo_path)}
backend = dulserver.DictBackend(_d)
gitserve = HTTPGitApplication(backend)
return gitserve
def __check_permission(self, action, user, repo_name):
def __get_repository(self, environ):
Get's repository name out of PATH_INFO header
:param environ: environ where PATH_INFO is stored
@@ -282,13 +242,6 @@ class SimpleGit(object):
return mapping.get(service_cmd,
service_cmd if service_cmd else 'other')
return 'other'
def __invalidate_cache(self, repo_name):
"""we know that some change was made to repositories and we should
invalidate the cache to see the changes right away but only for
push requests"""
@@ -28,19 +28,18 @@ import os
from mercurial.error import RepoError
from mercurial.hgweb import hgweb_mod
from rhodecode.lib.utils import make_ui, invalidate_cache, \
is_valid_repo, ui_sections
from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections
@@ -52,24 +51,15 @@ def is_mercurial(environ):
http_accept = environ.get('HTTP_ACCEPT')
if http_accept and http_accept.startswith('application/mercurial'):
class SimpleHg(object):
class SimpleHg(BaseVCSController):
if not is_mercurial(environ):
@@ -95,15 +85,14 @@ class SimpleHg(object):
@@ -142,13 +131,13 @@ class SimpleHg(object):
@@ -168,15 +157,15 @@ class SimpleHg(object):
# quick check if that dir exists...
# invalidate cache on push
app = self.__make_app(repo_path, baseui, extras)
except RepoError, e:
if str(e).find('not found') != -1:
@@ -189,37 +178,12 @@ class SimpleHg(object):
Make an wsgi application using hgweb, and inject generated baseui
instance, additionally inject some extras into ui object
return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)
@@ -254,17 +218,12 @@ class SimpleHg(object):
cmd = qry.split('=')[-1]
if cmd in mapping:
return mapping[cmd]
return 'pull'
def __inject_extras(self, repo_path, baseui, extras={}):
Injects some extra params into baseui instance
also overwrites global settings with those takes from local hgrc file
Status change: