# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

This file was forked by the Kallithea project in July 2014 and later moved.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Aug 17, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import sys

import click

import kallithea

import kallithea.bin.kallithea_cli_base as cli_base

from kallithea.lib.indexers.daemon import WhooshIndexingDaemon

from kallithea.lib.pidlock import DaemonLock, LockHeld

from kallithea.model.repo import RepoModel

@cli_base.register_command(config_file_initialize_app=True)

@click.option('--repo-location', help='Base path of repositories to index. Default: all')

@click.option('--index-only', help='Comma-separated list of repositories to build index on. Default: all')

@click.option('--update-only', help='Comma-separated list of repositories to re-build index on. Default: all')

@click.option('-f', '--full/--no-full', 'full_index', help='Recreate the index from scratch')

def index_create(repo_location, index_only, update_only, full_index):

    """Create or update full text search index"""

    index_location = kallithea.CONFIG['index_dir']

    if not repo_location:

        repo_location = RepoModel().repos_path

    repo_list = [x.strip() for x in index_only.split(',')] \

        if index_only else None

    repo_update_list = [x.strip() for x in update_only.split(',')] \

        if update_only else None

    try:

        l = DaemonLock(os.path.join(index_location, 'make_index.lock'))

        WhooshIndexingDaemon(index_location=index_location,

                             repo_location=repo_location,

                             repo_list=repo_list,

                             repo_update_list=repo_update_list) \

            .run(full_index=full_index)

        l.release()

    except LockHeld:

        sys.exit(1)

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Global configuration file for TurboGears2 specific settings in Kallithea.

This file complements the .ini file.

"""

import logging

import os

import platform

import sys

import alembic.config

import mercurial

import tg

from alembic.migration import MigrationContext

from alembic.script.base import ScriptDirectory

from sqlalchemy import create_engine

from tg import FullStackApplicationConfigurator

import kallithea.lib.locale

import kallithea.model.base

import kallithea.model.meta

from kallithea.lib import celerypylons

from kallithea.lib.utils2 import asbool

from kallithea.model import db

log = logging.getLogger(__name__)

base_config = FullStackApplicationConfigurator()

base_config.update_blueprint({

    'package': kallithea,

    # Rendering Engines Configuration

    'renderers': [

        'json',

        'mako',

    ],

    'default_renderer': 'mako',

    'use_dotted_templatenames': False,

    # Configure Sessions, store data as JSON to avoid pickle security issues

    'session.enabled': True,

    'session.data_serializer': 'json',

    # Configure the base SQLALchemy Setup

    'use_sqlalchemy': True,

    'model': kallithea.model.base,

    'DBSession': kallithea.model.meta.Session,

    # Configure App without an authentication backend.

    'auth_backend': None,

    # Use custom error page for these errors. By default, Turbogears2 does not add

    # 400 in this list.

    # Explicitly listing all is considered more robust than appending to defaults,

    # in light of possible future framework changes.

    'errorpage.status_codes': [400, 401, 403, 404],

    # Disable transaction manager -- currently Kallithea takes care of transactions itself

    'tm.enabled': False,

    # Set the default i18n source language so TG doesn't search beyond 'en' in Accept-Language.

    'i18n.lang': 'en',

})

# DebugBar, a debug toolbar for TurboGears2.

# (https://github.com/TurboGears/tgext.debugbar)

# To enable it, install 'tgext.debugbar' and 'kajiki', and run Kallithea with

# 'debug = true' (not in production!)

# See the Kallithea documentation for more information.

try:

    import kajiki  # only to check its existence

    from tgext.debugbar import enable_debugbar

    assert kajiki

except ImportError:

    pass

else:

    base_config.get_blueprint_value('renderers').append('kajiki')

    enable_debugbar(base_config)

def setup_configuration(app):

    config = app.config

    if not kallithea.lib.locale.current_locale_is_valid():

        log.error("Terminating ...")

        sys.exit(1)

    # Mercurial sets encoding at module import time, so we have to monkey patch it

    hgencoding = config.get('hgencoding')

    if hgencoding:

        mercurial.encoding.encoding = hgencoding

    if config.get('ignore_alembic_revision', False):

        log.warning('database alembic revision checking is disabled')

    else:

        dbconf = config['sqlalchemy.url']

        alembic_cfg = alembic.config.Config()

        alembic_cfg.set_main_option('script_location', 'kallithea:alembic')

        alembic_cfg.set_main_option('sqlalchemy.url', dbconf)

        script_dir = ScriptDirectory.from_config(alembic_cfg)

        available_heads = sorted(script_dir.get_heads())

        engine = create_engine(dbconf)

        with engine.connect() as conn:

            context = MigrationContext.configure(conn)

            current_heads = sorted(str(s) for s in context.get_current_heads())

        if current_heads != available_heads:

            log.error('Failed to run Kallithea:\n\n'

                      'The database version does not match the Kallithea version.\n'

                      'Please read the documentation on how to upgrade or downgrade the database.\n'

                      'Current database version id(s): %s\n'

                      'Expected database version id(s): %s\n'

                      'If you are a developer and you know what you are doing, you can add `ignore_alembic_revision = True` '

                      'to your .ini file to skip the check.\n' % (' '.join(current_heads), ' '.join(available_heads)))

            sys.exit(1)

    # store some globals into kallithea

    kallithea.DEFAULT_USER_ID = db.User.get_default_user().user_id

    if asbool(config.get('use_celery')):

        kallithea.CELERY_APP = celerypylons.make_app()

    kallithea.CONFIG = config

    set_app_settings(config)

    instance_id = kallithea.CONFIG.get('instance_id', '*')

    if instance_id == '*':

        instance_id = '%s-%s' % (platform.uname()[1], os.getpid())

        kallithea.CONFIG['instance_id'] = instance_id

    # update kallithea.CONFIG with the meanwhile changed 'config'

    kallithea.CONFIG.update(config)

    # configure vcs and indexer libraries (they are supposed to be independent

    # as much as possible and thus avoid importing tg.config or

    # kallithea.CONFIG).

    set_vcs_config(kallithea.CONFIG)

    set_indexer_config(kallithea.CONFIG)

    check_git_version()

    kallithea.model.meta.Session.remove()

tg.hooks.register('configure_new_app', setup_configuration)

    if getattr(repo, 'repo_id', None):

        repo_obj = Repository.get(repo.repo_id)

        repo_name = repo_obj.repo_name

    elif isinstance(repo, str):

        repo_name = repo.lstrip('/')

        repo_obj = Repository.get_by_repo_name(repo_name)

    else:

        repo_obj = None

        repo_name = ''

    user_log = UserLog()

    user_log.user_id = user_obj.user_id

    user_log.username = user_obj.username

    user_log.action = action

    user_log.repository = repo_obj

    user_log.repository_name = repo_name

    user_log.action_date = datetime.datetime.now()

    user_log.user_ip = ipaddr

    meta.Session().add(user_log)

    log.info('Logging action:%s on %s by user:%s ip:%s',

             action, repo, user_obj, ipaddr)

    if commit:

        meta.Session().commit()

def get_filesystem_repos(path):

    """

    Scans given path for repos and return (name,(type,path)) tuple

    :param path: path to scan for repositories

    :param recursive: recursive search and return names with subdirs in front

    """

    # remove ending slash for better results

    path = path.rstrip(os.sep)

    log.debug('now scanning in %s', path)

    def isdir(*n):

        return os.path.isdir(os.path.join(*n))

    for root, dirs, _files in os.walk(path):

        recurse_dirs = []

        for subdir in dirs:

            # skip removed repos

            if REMOVED_REPO_PAT.match(subdir):

                continue

            # skip .<something> dirs TODO: rly? then we should prevent creating them ...

            if subdir.startswith('.'):

                continue

            cur_path = os.path.join(root, subdir)

            if isdir(cur_path, '.git'):

                log.warning('ignoring non-bare Git repo: %s', cur_path)

                continue

            if (isdir(cur_path, '.hg') or

                isdir(cur_path, '.svn') or

                isdir(cur_path, 'objects') and (isdir(cur_path, 'refs') or

                                                os.path.isfile(os.path.join(cur_path, 'packed-refs')))):

                if not os.access(cur_path, os.R_OK) or not os.access(cur_path, os.X_OK):

                    log.warning('ignoring repo path without access: %s', cur_path)

                    continue

                if not os.access(cur_path, os.W_OK):

                    log.warning('repo path without write access: %s', cur_path)

                try:

                    scm_info = get_scm(cur_path)

                    assert cur_path.startswith(path)

                    repo_path = cur_path[len(path) + 1:]

                    yield repo_path, scm_info

                    continue # no recursion

                except VCSError:

                    # We should perhaps ignore such broken repos, but especially

                    # the bare git detection is unreliable so we dive into it

                    pass

            recurse_dirs.append(subdir)

        dirs[:] = recurse_dirs

def is_valid_repo_uri(repo_type, url, ui):

    """Check if the url seems like a valid remote repo location

    Raise InvalidCloneUriException if any problems"""

    if repo_type == 'hg':

        if url.startswith('http') or url.startswith('ssh'):

            # initially check if it's at least the proper URL

            # or does it pass basic auth

            try:

                MercurialRepository._check_url(url, ui)

            except urllib.error.URLError as e:

                raise InvalidCloneUriException('URI %s URLError: %s' % (url, e))

            except mercurial.error.RepoError as e:

                raise InvalidCloneUriException('Mercurial %s: %s' % (type(e).__name__, safe_str(bytes(e))))

        elif url.startswith('svn+http'):

            try:

                from hgsubversion.svnrepo import svnremoterepo

            except ImportError:

                raise InvalidCloneUriException('URI type %s not supported - hgsubversion is not available' % (url,))

            svnremoterepo(ui, url).svn.uuid

        elif url.startswith('git+http'):

            raise InvalidCloneUriException('URI type %s not implemented' % (url,))

        else:

            raise InvalidCloneUriException('URI %s not allowed' % (url,))

    elif repo_type == 'git':

        if url.startswith('http') or url.startswith('git'):

            # initially check if it's at least the proper URL

            # or does it pass basic auth

            try:

                GitRepository._check_url(url)

            except urllib.error.URLError as e:

                raise InvalidCloneUriException('URI %s URLError: %s' % (url, e))

        elif url.startswith('svn+http'):

            raise InvalidCloneUriException('URI type %s not implemented' % (url,))

        elif url.startswith('hg+http'):

            raise InvalidCloneUriException('URI type %s not implemented' % (url,))

        else:

            raise InvalidCloneUriException('URI %s not allowed' % (url))

def is_valid_repo(repo_name, base_path, scm=None):

    """

    Returns True if given path is a valid repository False otherwise.

    If scm param is given also compare if given scm is the same as expected

    from scm parameter

    :param repo_name:

    :param base_path:

    :param scm:

    :return True: if given path is a valid repository

    """

    # TODO: paranoid security checks?

    full_path = os.path.join(base_path, repo_name)

    try:

        scm_ = get_scm(full_path)

        if scm:

            return scm_[0] == scm

        return True

    except VCSError:

        return False

def is_valid_repo_group(repo_group_name, base_path, skip_path_check=False):

    """

    Returns True if given path is a repository group False otherwise

    :param repo_name:

    :param base_path:

    """

    full_path = os.path.join(base_path, repo_group_name)

    # check if it's not a repo

    if is_valid_repo(repo_group_name, base_path):

        return False

    try:

        # we need to check bare git repos at higher level

        # since we might match branches/hooks/info/objects or possible

        # other things inside bare git repo

        get_scm(os.path.dirname(full_path))

        return False

    except VCSError:

        pass

    # check if it's a valid path

    if skip_path_check or os.path.isdir(full_path):

        return True

    return False

def make_ui(repo_path=None):

    """

    Create an Mercurial 'ui' object based on database Ui settings, possibly

    augmenting with content from a hgrc file.

    """

    baseui = mercurial.ui.ui()

    # clean the baseui object

    baseui._ocfg = mercurial.config.config()

    baseui._ucfg = mercurial.config.config()

    baseui._tcfg = mercurial.config.config()

    sa = meta.Session()

    for ui_ in sa.query(Ui).order_by(Ui.ui_section, Ui.ui_key):

        if ui_.ui_active:

            log.debug('config from db: [%s] %s=%r', ui_.ui_section,

                      ui_.ui_key, ui_.ui_value)

            baseui.setconfig(ascii_bytes(ui_.ui_section), ascii_bytes(ui_.ui_key),

                             b'' if ui_.ui_value is None else safe_bytes(ui_.ui_value))

    # force set push_ssl requirement to False, Kallithea handles that

    baseui.setconfig(b'web', b'push_ssl', False)

    baseui.setconfig(b'web', b'allow_push', b'*')

    # prevent interactive questions for ssh password / passphrase

    ssh = baseui.config(b'ui', b'ssh', default=b'ssh')

    baseui.setconfig(b'ui', b'ssh', b'%s -oBatchMode=yes -oIdentitiesOnly=yes' % ssh)

    # push / pull hooks

    baseui.setconfig(b'hooks', b'changegroup.kallithea_log_push_action', b'python:kallithea.lib.hooks.log_push_action')

    baseui.setconfig(b'hooks', b'outgoing.kallithea_log_pull_action', b'python:kallithea.lib.hooks.log_pull_action')

    if repo_path is not None:

        # Note: MercurialRepository / mercurial.localrepo.instance will do this too, so it will always be possible to override db settings or what is hardcoded above

        baseui.readconfig(repo_path)

    assert baseui.plain()  # set by hgcompat.monkey_do (invoked from import of vcs.backends.hg) to minimize potential impact of loading config files

    return baseui

def set_app_settings(config):

    """

    Updates app config with new settings from database

    :param config:

    """

    hgsettings = Setting.get_app_settings()

    for k, v in hgsettings.items():

        config[k] = v

    config['base_path'] = Ui.get_repos_location()

def set_vcs_config(config):

    """

    Patch VCS config with some Kallithea specific stuff

    :param config: kallithea.CONFIG

    """

    settings.BACKENDS = {

        'hg': 'kallithea.lib.vcs.backends.hg.MercurialRepository',

        'git': 'kallithea.lib.vcs.backends.git.GitRepository',

    }

    settings.GIT_EXECUTABLE_PATH = config.get('git_path', 'git')

    settings.GIT_REV_FILTER = config.get('git_rev_filter', '--all').strip()

    settings.DEFAULT_ENCODINGS = aslist(config.get('default_encoding',

                                                        'utf-8'), sep=',')

def set_indexer_config(config):

    """

    Update Whoosh index mapping

    :param config: kallithea.CONFIG

    """

    log.debug('adding extra into INDEX_EXTENSIONS')

    kallithea.config.conf.INDEX_EXTENSIONS.extend(re.split(r'\s+', config.get('index.extensions', '')))

    log.debug('adding extra into INDEX_FILENAMES')

    kallithea.config.conf.INDEX_FILENAMES.extend(re.split(r'\s+', config.get('index.filenames', '')))

def map_groups(path):

    """

    Given a full path to a repository, create all nested groups that this

    repo is inside. This function creates parent-child relationships between

    groups and creates default perms for all new groups.

    :param paths: full path to repository

    """

    from kallithea.model.repo_group import RepoGroupModel

    sa = meta.Session()

    groups = path.split(db.URL_SEP)

    parent = None

    group = None

    # last element is repo in nested groups structure

    groups = groups[:-1]

    rgm = RepoGroupModel()

    owner = User.get_first_admin()

    for lvl, group_name in enumerate(groups):

        group_name = '/'.join(groups[:lvl] + [group_name])

        group = RepoGroup.get_by_group_name(group_name)

        desc = '%s group' % group_name

        # skip folders that are now removed repos

        if REMOVED_REPO_PAT.match(group_name):

            break

        if group is None:

            log.debug('creating group level: %s group_name: %s',

                      lvl, group_name)

            group = RepoGroup(group_name, parent)

            group.group_description = desc

            group.owner = owner

            sa.add(group)

            rgm._create_default_perms(group)

            sa.flush()

        parent = group

    return group

def repo2db_mapper(initial_repo_dict, remove_obsolete=False,

                   install_git_hooks=False, user=None, overwrite_git_hooks=False):

    """

    maps all repos given in initial_repo_dict, non existing repositories

    are created, if remove_obsolete is True it also check for db entries

    that are not in initial_repo_dict and removes them.

    :param initial_repo_dict: mapping with repositories found by scanning methods

    :param remove_obsolete: check for obsolete entries in database

    :param install_git_hooks: if this is True, also check and install git hook

        for a repo if missing

    :param overwrite_git_hooks: if this is True, overwrite any existing git hooks

        that may be encountered (even if user-deployed)

    """

    from kallithea.model.repo import RepoModel

    from kallithea.model.scm import ScmModel

    sa = meta.Session()

    repo_model = RepoModel()

    if user is None:

        user = User.get_first_admin()

    added = []

    # creation defaults

    defs = Setting.get_default_repo_settings(strip_prefix=True)

    enable_statistics = defs.get('repo_enable_statistics')

    enable_downloads = defs.get('repo_enable_downloads')

    private = defs.get('repo_private')

    for name, repo in sorted(initial_repo_dict.items()):

        group = map_groups(name)

        db_repo = repo_model.get_by_repo_name(name)

        # found repo that is on filesystem not in Kallithea database

        if not db_repo:

            log.info('repository %s not found, creating now', name)

            added.append(name)

            desc = (repo.description

                    if repo.description != 'unknown'

                    else '%s repository' % name)

            new_repo = repo_model._create_repo(

                repo_name=name,

                repo_type=repo.alias,

                description=desc,

                repo_group=getattr(group, 'group_id', None),

                owner=user,

                enable_downloads=enable_downloads,

                enable_statistics=enable_statistics,

                private=private,

                state=Repository.STATE_CREATED

            )

            sa.commit()

            # we added that repo just now, and make sure it has githook

            # installed, and updated server info

            if new_repo.repo_type == 'git':

                git_repo = new_repo.scm_instance

                ScmModel().install_git_hooks(git_repo)

                # update repository server-info

                log.debug('Running update server info')

                git_repo._update_server_info()

            new_repo.update_changeset_cache()

        elif install_git_hooks:

            if db_repo.repo_type == 'git':

                ScmModel().install_git_hooks(db_repo.scm_instance, force=overwrite_git_hooks)

    removed = []

    # remove from database those repositories that are not in the filesystem

    for repo in sa.query(Repository).all():

        if repo.repo_name not in initial_repo_dict:

            if remove_obsolete:

                log.debug("Removing non-existing repository found in db `%s`",

                          repo.repo_name)

                try:

                    RepoModel().delete(repo, forks='detach', fs_remove=False)

                    sa.commit()

                except Exception:

                    #don't hold further removals on error

                    log.error(traceback.format_exc())

                    sa.rollback()

            removed.append(repo.repo_name)

    return added, removed

    path = os.path.join(root_path, 'rcextensions', '__init__.py')

    if os.path.isfile(path):

        # Additional mappings that are not present in the pygments lexers

        # OVERRIDE OUR EXTENSIONS FROM RC-EXTENSIONS (if present)

            log.debug('settings custom INDEX_EXTENSIONS')

        # ADDITIONAL MAPPINGS

        log.debug('adding extra into INDEX_EXTENSIONS')

#==============================================================================

# MISC

#==============================================================================

git_req_ver = StrictVersion('1.7.4')

def check_git_version():

    """

    Checks what version of git is installed on the system, and raise a system exit

    if it's too old for Kallithea to work properly.

    """

    if 'git' not in kallithea.BACKENDS:

        return None

    if not settings.GIT_EXECUTABLE_PATH:

        log.warning('No git executable configured - check "git_path" in the ini file.')

        return None

    try:

        stdout, stderr = GitRepository._run_git_command(['--version'])

    except RepositoryError as e:

        # message will already have been logged as error

        log.warning('No working git executable found - check "git_path" in the ini file.')

        return None

    if stderr:

        log.warning('Error/stderr from "%s --version":\n%s', settings.GIT_EXECUTABLE_PATH, safe_str(stderr))

    if not stdout:

        log.warning('No working git executable found - check "git_path" in the ini file.')

        return None

    output = safe_str(stdout).strip()

    m = re.search(r"\d+.\d+.\d+", output)

    if m:

        ver = StrictVersion(m.group(0))

        log.debug('Git executable: "%s", version %s (parsed from: "%s")',

                  settings.GIT_EXECUTABLE_PATH, ver, output)

        if ver < git_req_ver:

            log.error('Kallithea detected %s version %s, which is too old '

                      'for the system to function properly. '

                      'Please upgrade to version %s or later. '

                      'If you strictly need Mercurial repositories, you can '

                      'clear the "git_path" setting in the ini file.',

                      settings.GIT_EXECUTABLE_PATH, ver, git_req_ver)

            log.error("Terminating ...")

            sys.exit(1)

    else:

        ver = StrictVersion('0.0.0')

        log.warning('Error finding version number in "%s --version" stdout:\n%s',

                    settings.GIT_EXECUTABLE_PATH, output)

    return ver