def run(self, user_id, port=None, branch_directory=None,
codehosting_endpoint_url=None, inet=False, protocol=None):
from lp.codehosting.bzrutils import install_oops_handler
from lp.codehosting.vfs import get_lp_server, hooks
install_oops_handler(user_id)
four_gig = int(4e9)
resource.setrlimit(resource.RLIMIT_AS, (four_gig, four_gig))
seen_new_branch = hooks.SetProcTitleHook()
if protocol is None:
protocol = transport_server_registry.get()
lp_server = get_lp_server(
int(user_id), codehosting_endpoint_url, branch_directory,
seen_new_branch.seen)
lp_server.start_server()
try:
old_lockdir_timeout = lockdir._DEFAULT_TIMEOUT_SECONDS
lp_transport = get_transport(lp_server.get_url())
host, port = self.get_host_and_port(port)
lockdir._DEFAULT_TIMEOUT_SECONDS = 0
try:
protocol(lp_transport, host, port, inet)
finally:
lockdir._DEFAULT_TIMEOUT_SECONDS = old_lockdir_timeout
finally:
lp_server.stop_server()
def getLPServerForUser(self, user):
"""Construct a LaunchpadServer that serves branches as seen by `user`.
Given 'db_branch', a database branch object 'db_branch', and
'lp_server', the server returned by this method,
'Branch.open(lp_server.get_url() + db_branch.unique_name)' will open
the branch as 'user' sees it as a client of the code hosting service,
i.e. it will be opened from the hosting area if the branch type HOSTED
and the user has launchpad.Edit on the branch and opened from the
mirrored area otherwise.
"""
# We use the configured directories because these tests run the puller
# in a subprocess which would have no way of knowing which directories
# to look in if we used freshly created temporary directories.
lp_server = get_lp_server(user.id)
lp_server.start_server()
self.addCleanup(lp_server.stop_server)
return lp_server
def getLPServerForUser(self, user):
"""Construct a LaunchpadServer that serves branches as seen by `user`.
Given 'db_branch', a database branch object 'db_branch', and
'lp_server', the server returned by this method,
'Branch.open(lp_server.get_url() + db_branch.unique_name)' will open
the branch as 'user' sees it as a client of the code hosting service,
i.e. it will be opened from the hosting area if the branch type HOSTED
and the user has launchpad.Edit on the branch and opened from the
mirrored area otherwise.
"""
# We use the configured directories because these tests run the puller
# in a subprocess which would have no way of knowing which directories
# to look in if we used freshly created temporary directories.
lp_server = get_lp_server(user.id)
lp_server.start_server()
self.addCleanup(lp_server.stop_server)
return lp_server
def run(self, user_id, port=None, branch_directory=None, codehosting_endpoint_url=None, inet=False, protocol=None):
from lp.codehosting.bzrutils import install_oops_handler
from lp.codehosting.vfs import get_lp_server, hooks
install_oops_handler(user_id)
four_gig = int(4e9)
resource.setrlimit(resource.RLIMIT_AS, (four_gig, four_gig))
seen_new_branch = hooks.SetProcTitleHook()
if protocol is None:
protocol = transport_server_registry.get()
lp_server = get_lp_server(int(user_id), codehosting_endpoint_url, branch_directory, seen_new_branch.seen)
lp_server.start_server()
try:
old_lockdir_timeout = lockdir._DEFAULT_TIMEOUT_SECONDS
lp_transport = get_transport(lp_server.get_url())
host, port = self.get_host_and_port(port)
lockdir._DEFAULT_TIMEOUT_SECONDS = 0
try:
protocol(lp_transport, host, port, inet)
finally:
lockdir._DEFAULT_TIMEOUT_SECONDS = old_lockdir_timeout
finally:
lp_server.stop_server()
def __call__(self, environ, start_response):
environ['loggerhead.static.url'] = environ['SCRIPT_NAME']
if environ['PATH_INFO'].startswith('/static/'):
path_info_pop(environ)
return static_app(environ, start_response)
elif environ['PATH_INFO'] == '/favicon.ico':
return favicon_app(environ, start_response)
elif environ['PATH_INFO'] == '/robots.txt':
return robots_app(environ, start_response)
elif environ['PATH_INFO'].startswith('/+login'):
return self._complete_login(environ, start_response)
elif environ['PATH_INFO'].startswith('/+logout'):
return self._logout(environ, start_response)
path = environ['PATH_INFO']
trailingSlashCount = len(path) - len(path.rstrip('/'))
user = environ[self.session_var].get('user', LAUNCHPAD_ANONYMOUS)
lp_server = get_lp_server(user, branch_transport=self.get_transport())
lp_server.start_server()
try:
try:
transport_type, info, trail = self.branchfs.translatePath(
user, urlutils.escape(path))
except xmlrpclib.Fault as f:
if check_fault(f, faults.PathTranslationError):
raise HTTPNotFound()
elif check_fault(f, faults.PermissionDenied):
# If we're not allowed to see the branch...
if environ['wsgi.url_scheme'] != 'https':
# ... the request shouldn't have come in over http, as
# requests for private branches over http should be
# redirected to https by the dynamic rewrite script we
# use (which runs before this code is reached), but
# just in case...
env_copy = environ.copy()
env_copy['wsgi.url_scheme'] = 'https'
raise HTTPMovedPermanently(construct_url(env_copy))
elif user != LAUNCHPAD_ANONYMOUS:
# ... if the user is already logged in and still can't
# see the branch, they lose.
exc = HTTPUnauthorized()
exc.explanation = "You are logged in as %s." % user
raise exc
else:
# ... otherwise, lets give them a chance to log in
# with OpenID.
return self._begin_login(environ, start_response)
else:
raise
if transport_type != BRANCH_TRANSPORT:
raise HTTPNotFound()
trail = urlutils.unescape(trail).encode('utf-8')
trail += trailingSlashCount * '/'
amount_consumed = len(path) - len(trail)
consumed = path[:amount_consumed]
branch_name = consumed.strip('/')
self.log.info('Using branch: %s', branch_name)
if trail and not trail.startswith('/'):
trail = '/' + trail
environ['PATH_INFO'] = trail
environ['SCRIPT_NAME'] += consumed.rstrip('/')
branch_url = lp_server.get_url() + branch_name
branch_link = urlparse.urljoin(
config.codebrowse.launchpad_root, branch_name)
cachepath = os.path.join(
config.codebrowse.cachepath, branch_name[1:])
if not os.path.isdir(cachepath):
os.makedirs(cachepath)
self.log.info('branch_url: %s', branch_url)
base_api_url = allvhosts.configs['api'].rooturl
branch_api_url = '%s/%s/%s' % (
base_api_url,
'devel',
branch_name,
)
self.log.info('branch_api_url: %s', branch_api_url)
req = urllib2.Request(branch_api_url)
private = False
try:
# We need to determine if the branch is private
response = urllib2.urlopen(req)
except urllib2.HTTPError as response:
code = response.getcode()
if code in (400, 401, 403, 404):
# There are several error codes that imply private data.
# 400 (bad request) is a default error code from the API
# 401 (unauthorized) should never be returned as the
# requests are always from anon. If it is returned
# however, the data is certainly private.
# 403 (forbidden) is obviously private.
# 404 (not found) implies privacy from a private team or
# similar situation, which we hide as not existing rather
# than mark as forbidden.
self.log.info("Branch is private")
private = True
self.log.info(
"Branch state not determined; api error, return code: %s",
code)
response.close()
else:
self.log.info("Branch is public")
response.close()
try:
bzr_branch = safe_open(
lp_server.get_url().strip(':/'), branch_url)
except errors.NotBranchError as err:
self.log.warning('Not a branch: %s', err)
raise HTTPNotFound()
bzr_branch.lock_read()
try:
view = BranchWSGIApp(
bzr_branch, branch_name, {'cachepath': cachepath},
self.graph_cache, branch_link=branch_link,
served_url=None, private=private)
return view.app(environ, start_response)
finally:
bzr_branch.repository.revisions.clear_cache()
bzr_branch.repository.signatures.clear_cache()
bzr_branch.repository.inventories.clear_cache()
if bzr_branch.repository.chk_bytes is not None:
bzr_branch.repository.chk_bytes.clear_cache()
bzr_branch.repository.texts.clear_cache()
bzr_branch.unlock()
finally:
lp_server.stop_server()
def __call__(self, environ, start_response):
request_is_private = (environ['SERVER_PORT'] == str(
config.codebrowse.private_port))
environ['loggerhead.static.url'] = environ['SCRIPT_NAME']
if environ['PATH_INFO'].startswith('/static/'):
path_info_pop(environ)
return static_app(environ, start_response)
elif environ['PATH_INFO'] == '/favicon.ico':
return favicon_app(environ, start_response)
elif environ['PATH_INFO'] == '/robots.txt':
return robots_app(environ, start_response)
elif not request_is_private:
if environ['PATH_INFO'].startswith('/+login'):
return self._complete_login(environ, start_response)
elif environ['PATH_INFO'].startswith('/+logout'):
return self._logout(environ, start_response)
path = environ['PATH_INFO']
trailingSlashCount = len(path) - len(path.rstrip('/'))
if request_is_private:
# Requests on the private port are internal API requests from
# something that has already performed security checks. As
# such, they get read-only access to everything.
identity_url = LAUNCHPAD_SERVICES
user = LAUNCHPAD_SERVICES
else:
identity_url = environ[self.session_var].get(
'identity_url', LAUNCHPAD_ANONYMOUS)
user = environ[self.session_var].get('user', LAUNCHPAD_ANONYMOUS)
lp_server = get_lp_server(identity_url,
branch_transport=self.get_transport())
lp_server.start_server()
try:
try:
branchfs = self.get_branchfs()
transport_type, info, trail = branchfs.translatePath(
identity_url, urlutils.escape(path))
except xmlrpclib.Fault as f:
if check_fault(f, faults.PathTranslationError):
raise HTTPNotFound()
elif check_fault(f, faults.PermissionDenied):
# If we're not allowed to see the branch...
if environ['wsgi.url_scheme'] != 'https':
# ... the request shouldn't have come in over http, as
# requests for private branches over http should be
# redirected to https by the dynamic rewrite script we
# use (which runs before this code is reached), but
# just in case...
env_copy = environ.copy()
env_copy['wsgi.url_scheme'] = 'https'
raise HTTPMovedPermanently(construct_url(env_copy))
elif user != LAUNCHPAD_ANONYMOUS:
# ... if the user is already logged in and still can't
# see the branch, they lose.
exc = HTTPUnauthorized()
exc.explanation = "You are logged in as %s." % user
raise exc
else:
# ... otherwise, lets give them a chance to log in
# with OpenID.
return self._begin_login(environ, start_response)
else:
raise
if transport_type != BRANCH_TRANSPORT:
raise HTTPNotFound()
trail = urlutils.unescape(trail).encode('utf-8')
trail += trailingSlashCount * '/'
amount_consumed = len(path) - len(trail)
consumed = path[:amount_consumed]
branch_name = consumed.strip('/')
self.log.info('Using branch: %s', branch_name)
if trail and not trail.startswith('/'):
trail = '/' + trail
environ['PATH_INFO'] = trail
environ['SCRIPT_NAME'] += consumed.rstrip('/')
branch_url = lp_server.get_url() + branch_name
branch_link = urlparse.urljoin(config.codebrowse.launchpad_root,
branch_name)
cachepath = os.path.join(config.codebrowse.cachepath,
branch_name[1:])
if not os.path.isdir(cachepath):
os.makedirs(cachepath)
self.log.info('branch_url: %s', branch_url)
private = info['private']
if private:
self.log.info("Branch is private")
else:
self.log.info("Branch is public")
try:
bzr_branch = safe_open(lp_server.get_url().strip(':/'),
branch_url)
except errors.NotBranchError as err:
self.log.warning('Not a branch: %s', err)
raise HTTPNotFound()
bzr_branch.lock_read()
try:
view = BranchWSGIApp(bzr_branch,
branch_name, {'cachepath': cachepath},
self.graph_cache,
branch_link=branch_link,
served_url=None,
private=private)
return view.app(environ, start_response)
finally:
bzr_branch.repository.revisions.clear_cache()
bzr_branch.repository.signatures.clear_cache()
bzr_branch.repository.inventories.clear_cache()
if bzr_branch.repository.chk_bytes is not None:
bzr_branch.repository.chk_bytes.clear_cache()
bzr_branch.repository.texts.clear_cache()
bzr_branch.unlock()
finally:
lp_server.stop_server()