def to_python(self, value, state):
repo_type = value.get('repo_type')
url = value.get('clone_uri')
e_dict = {'clone_uri': _('invalid clone url')}
if not url:
pass
elif url.startswith('https'):
try:
url_handler(repo_type, url, 'https', make_ui('db'))
except Exception:
log.error(traceback.format_exc())
raise formencode.Invalid('', value, state, error_dict=e_dict)
elif url.startswith('http'):
try:
url_handler(repo_type, url, 'http', make_ui('db'))
except Exception:
log.error(traceback.format_exc())
raise formencode.Invalid('', value, state, error_dict=e_dict)
else:
e_dict = {'clone_uri': _('Invalid clone url, provide a '
'valid clone http\s url')}
raise formencode.Invalid('', value, state, error_dict=e_dict)
return value
def url_handler(repo_type, url, proto, ui=None):
if repo_type == 'hg':
from mercurial.httprepo import httprepository, httpsrepository
if proto == 'https':
httpsrepository(make_ui('db'), url).capabilities
elif proto == 'http':
httprepository(make_ui('db'), url).capabilities
elif repo_type == 'git':
#TODO: write a git url validator
pass
def __inject_extras(self, repo_path, baseui, extras={}):
"""
Injects some extra params into baseui instance
also overwrites global settings with those takes from local hgrc file
:param baseui: baseui instance
:param extras: dict with extra params to put into baseui
"""
hgrc = os.path.join(repo_path, '.hg', 'hgrc')
# make our hgweb quiet so it doesn't print output
baseui.setconfig('ui', 'quiet', 'true')
#inject some additional parameters that will be available in ui
#for hooks
for k, v in extras.items():
baseui.setconfig('rhodecode_extras', k, v)
repoui = make_ui('file', hgrc, False)
if repoui:
#overwrite our ui instance with the section from hgrc file
for section in ui_sections:
for k, v in repoui.configitems(section):
baseui.setconfig(section, k, v)
def __inject_extras(self, repo_path, baseui, extras={}):
"""
Injects some extra params into baseui instance
also overwrites global settings with those takes from local hgrc file
:param baseui: baseui instance
:param extras: dict with extra params to put into baseui
"""
hgrc = os.path.join(repo_path, '.hg', 'hgrc')
# make our hgweb quiet so it doesn't print output
baseui.setconfig('ui', 'quiet', 'true')
#inject some additional parameters that will be available in ui
#for hooks
for k, v in extras.items():
baseui.setconfig('rhodecode_extras', k, v)
repoui = make_ui('file', hgrc, False)
if repoui:
#overwrite our ui instance with the section from hgrc file
for section in ui_sections:
for k, v in repoui.configitems(section):
baseui.setconfig(section, k, v)
def load_environment(global_conf, app_conf, initial=False):
"""Configure the Pylons environment via the ``pylons.config``
object
"""
config = PylonsConfig()
# Pylons paths
root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
paths = dict(root=root,
controllers=os.path.join(root, 'controllers'),
static_files=os.path.join(root, 'public'),
templates=[os.path.join(root, 'templates')])
# Initialize config with the basic options
config.init_app(global_conf, app_conf, package='rhodecode', paths=paths)
config['routes.map'] = make_map(config)
config['pylons.app_globals'] = app_globals.Globals(config)
config['pylons.h'] = rhodecode.lib.helpers
# Setup cache object as early as possible
import pylons
pylons.cache._push_object(config['pylons.app_globals'].cache)
# Create the Mako TemplateLookup, with the default auto-escaping
config['pylons.app_globals'].mako_lookup = TemplateLookup(
directories=paths['templates'],
error_handler=handle_mako_error,
module_directory=os.path.join(app_conf['cache_dir'], 'templates'),
input_encoding='utf-8', default_filters=['escape'],
imports=['from webhelpers.html import escape'])
#sets the c attribute access when don't existing attribute are accessed
config['pylons.strict_tmpl_context'] = True
test = os.path.split(config['__file__'])[-1] == 'test.ini'
if test:
from rhodecode.lib.utils import create_test_env, create_test_index
from rhodecode.tests import TESTS_TMP_PATH
create_test_env(TESTS_TMP_PATH, config)
create_test_index(TESTS_TMP_PATH, config, True)
#MULTIPLE DB configs
# Setup the SQLAlchemy database engine
sa_engine_db1 = engine_from_config(config, 'sqlalchemy.db1.')
init_model(sa_engine_db1)
repos_path = make_ui('db').configitems('paths')[0][1]
repo2db_mapper(ScmModel().repo_scan(repos_path))
set_available_permissions(config)
config['base_path'] = repos_path
set_rhodecode_config(config)
# CONFIGURATION OPTIONS HERE (note: all config options will override
# any Pylons config options)
return config
def to_python(self, value, state):
if not value:
pass
elif value.startswith('https'):
try:
httpsrepository(make_ui('db'), value).capabilities
except Exception, e:
log.error(traceback.format_exc())
raise formencode.Invalid(_('invalid clone url'), value,
state)
def validate_python(self, value, state):
repo_type = value.get("repo_type")
url = value.get("clone_uri")
if not url:
pass
else:
try:
url_handler(repo_type, url, make_ui("db", clear_session=False))
except Exception:
log.exception("Url validation failed")
msg = M(self, "clone_uri")
raise formencode.Invalid(msg, value, state, error_dict=dict(clone_uri=msg))
def validate_python(self, value, state):
repo_type = value.get('repo_type')
url = value.get('clone_uri')
if not url:
pass
else:
try:
url_handler(repo_type, url, make_ui('db', clear_session=False))
except Exception:
log.exception('Url validation failed')
msg = M(self, 'clone_uri')
raise formencode.Invalid(msg, value, state,
error_dict=dict(clone_uri=msg)
)
def repo_scan(self, repos_path=None):
"""
Listing of repositories in given path. This path should not be a
repository itself. Return a dictionary of repository objects
:param repos_path: path to directory containing repositories
"""
if repos_path is None:
repos_path = self.repos_path
log.info('scanning for repositories in %s' % repos_path)
baseui = make_ui('db')
repos = {}
for name, path in get_filesystem_repos(repos_path, recursive=True):
# skip removed repos
if REMOVED_REPO_PAT.match(name):
continue
# name need to be decomposed and put back together using the /
# since this is internal storage separator for rhodecode
name = Repository.url_sep().join(name.split(os.sep))
try:
if name in repos:
raise RepositoryError('Duplicate repository name %s '
'found in %s' % (name, path))
else:
klass = get_backend(path[0])
if path[0] == 'hg' and path[0] in BACKENDS.keys():
repos[name] = klass(safe_str(path[1]), baseui=baseui)
if path[0] == 'git' and path[0] in BACKENDS.keys():
repos[name] = klass(path[1])
except OSError:
continue
return repos
def repo_scan(self, repos_path=None):
"""
Listing of repositories in given path. This path should not be a
repository itself. Return a dictionary of repository objects
:param repos_path: path to directory containing repositories
"""
if repos_path is None:
repos_path = self.repos_path
log.info('scanning for repositories in %s' % repos_path)
baseui = make_ui('db')
repos = {}
for name, path in get_filesystem_repos(repos_path, recursive=True):
# skip removed repos
if REMOVED_REPO_PAT.match(name):
continue
# name need to be decomposed and put back together using the /
# since this is internal storage separator for rhodecode
name = Repository.url_sep().join(name.split(os.sep))
try:
if name in repos:
raise RepositoryError('Duplicate repository name %s '
'found in %s' % (name, path))
else:
klass = get_backend(path[0])
if path[0] == 'hg' and path[0] in BACKENDS.keys():
repos[name] = klass(safe_str(path[1]), baseui=baseui)
if path[0] == 'git' and path[0] in BACKENDS.keys():
repos[name] = klass(path[1])
except OSError:
continue
return repos
def __inject_extras(self, repo_path, baseui, extras={}):
"""
Injects some extra params into baseui instance
also overwrites global settings with those takes from local hgrc file
:param baseui: baseui instance
:param extras: dict with extra params to put into baseui
"""
hgrc = os.path.join(repo_path, ".hg", "hgrc")
# make our hgweb quiet so it doesn't print output
baseui.setconfig("ui", "quiet", "true")
repoui = make_ui("file", hgrc, False)
if repoui:
# overwrite our ui instance with the section from hgrc file
for section in ui_sections:
for k, v in repoui.configitems(section):
baseui.setconfig(section, k, v)
_set_extras(extras)
def repo_scan(self, repos_path=None):
"""Listing of repositories in given path. This path should not be a
repository itself. Return a dictionary of repository objects
:param repos_path: path to directory containing repositories
"""
log.info('scanning for repositories in %s', repos_path)
if repos_path is None:
repos_path = self.repos_path
baseui = make_ui('db')
repos_list = {}
for name, path in get_filesystem_repos(repos_path, recursive=True):
try:
if name in repos_list:
raise RepositoryError('Duplicate repository name %s '
'found in %s' % (name, path))
else:
klass = get_backend(path[0])
if path[0] == 'hg' and path[0] in BACKENDS.keys():
# for mercurial we need to have an str path
repos_list[name] = klass(safe_str(path[1]),
baseui=baseui)
if path[0] == 'git' and path[0] in BACKENDS.keys():
repos_list[name] = klass(path[1])
except OSError:
continue
return repos_list
def handle_git_receive(repo_path, revs, env, hook_type='post'):
"""
A really hacky method that is runned by git post-receive hook and logs
an push action together with pushed revisions. It's executed by subprocess
thus needs all info to be able to create a on the fly pylons enviroment,
connect to database and run the logging code. Hacky as sh*t but works.
:param repo_path:
:param revs:
:param env:
"""
from paste.deploy import appconfig
from sqlalchemy import engine_from_config
from rhodecode.config.environment import load_environment
from rhodecode.model import init_model
from rhodecode.model.db import RhodeCodeUi
from rhodecode.lib.utils import make_ui
extras = _extract_extras(env)
path, ini_name = os.path.split(extras['config'])
conf = appconfig('config:%s' % ini_name, relative_to=path)
load_environment(conf.global_conf, conf.local_conf)
engine = engine_from_config(conf, 'sqlalchemy.db1.')
init_model(engine)
baseui = make_ui('db')
# fix if it's not a bare repo
if repo_path.endswith(os.sep + '.git'):
repo_path = repo_path[:-5]
repo = Repository.get_by_full_path(repo_path)
if not repo:
raise OSError('Repository %s not found in database' %
(safe_str(repo_path)))
_hooks = dict(baseui.configitems('hooks')) or {}
if hook_type == 'pre':
repo = repo.scm_instance
else:
#post push shouldn't use the cached instance never
repo = repo.scm_instance_no_cache()
if hook_type == 'pre':
pre_push(baseui, repo)
# if push hook is enabled via web interface
elif hook_type == 'post' and _hooks.get(RhodeCodeUi.HOOK_PUSH):
rev_data = []
for l in revs:
old_rev, new_rev, ref = l.split(' ')
_ref_data = ref.split('/')
if _ref_data[1] in ['tags', 'heads']:
rev_data.append({
'old_rev': old_rev,
'new_rev': new_rev,
'ref': ref,
'type': _ref_data[1],
'name': _ref_data[2].strip()
})
git_revs = []
for push_ref in rev_data:
_type = push_ref['type']
if _type == 'heads':
if push_ref['old_rev'] == EmptyChangeset().raw_id:
cmd = "for-each-ref --format='%(refname)' 'refs/heads/*'"
heads = repo.run_git_command(cmd)[0]
heads = heads.replace(push_ref['ref'], '')
heads = ' '.join(
map(lambda c: c.strip('\n').strip(),
heads.splitlines()))
cmd = (('log %(new_rev)s' % push_ref) +
' --reverse --pretty=format:"%H" --not ' + heads)
git_revs += repo.run_git_command(cmd)[0].splitlines()
elif push_ref['new_rev'] == EmptyChangeset().raw_id:
#delete branch case
git_revs += ['delete_branch=>%s' % push_ref['name']]
else:
cmd = (('log %(old_rev)s..%(new_rev)s' % push_ref) +
' --reverse --pretty=format:"%H"')
git_revs += repo.run_git_command(cmd)[0].splitlines()
elif _type == 'tags':
git_revs += ['tag=>%s' % push_ref['name']]
log_push_action(baseui, repo, _git_revs=git_revs)
def _handle_request(self, environ, start_response):
if not is_mercurial(environ):
return self.application(environ, start_response)
proxy_key = 'HTTP_X_REAL_IP'
def_key = 'REMOTE_ADDR'
ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
# skip passing error to error controller
environ['pylons.status_code_redirect'] = True
#======================================================================
# EXTRACT REPOSITORY NAME FROM ENV
#======================================================================
try:
repo_name = environ['REPO_NAME'] = self.__get_repository(environ)
log.debug('Extracted repo name is %s' % repo_name)
except:
return HTTPInternalServerError()(environ, start_response)
#======================================================================
# GET ACTION PULL or PUSH
#======================================================================
action = self.__get_action(environ)
#======================================================================
# CHECK ANONYMOUS PERMISSION
#======================================================================
if action in ['pull', 'push']:
anonymous_user = self.__get_user('default')
username = anonymous_user.username
anonymous_perm = self.__check_permission(action,
anonymous_user,
repo_name)
if anonymous_perm is not True or anonymous_user.active is False:
if anonymous_perm is not True:
log.debug('Not enough credentials to access this '
'repository as anonymous user')
if anonymous_user.active is False:
log.debug('Anonymous access is disabled, running '
'authentication')
#==============================================================
# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
#==============================================================
if not REMOTE_USER(environ):
self.authenticate.realm = \
safe_str(self.config['rhodecode_realm'])
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
else:
return result.wsgi_application(environ, start_response)
#==============================================================
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
# BASIC AUTH
#==============================================================
if action in ['pull', 'push']:
username = REMOTE_USER(environ)
try:
user = self.__get_user(username)
if user is None:
return HTTPForbidden()(environ, start_response)
username = user.username
except:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ,
start_response)
#check permissions for this repository
perm = self.__check_permission(action, user,
repo_name)
if perm is not True:
return HTTPForbidden()(environ, start_response)
extras = {'ip': ipaddr,
'username': username,
'action': action,
'repository': repo_name}
#======================================================================
# MERCURIAL REQUEST HANDLING
#======================================================================
repo_path = safe_str(os.path.join(self.basepath, repo_name))
log.debug('Repository path is %s' % repo_path)
baseui = make_ui('db')
self.__inject_extras(repo_path, baseui, extras)
# quick check if that dir exists...
if is_valid_repo(repo_name, self.basepath) is False:
return HTTPNotFound()(environ, start_response)
try:
#invalidate cache on push
if action == 'push':
self.__invalidate_cache(repo_name)
app = self.__make_app(repo_path, baseui, extras)
return app(environ, start_response)
except RepoError, e:
if str(e).find('not found') != -1:
return HTTPNotFound()(environ, start_response)
def _handle_request(self, environ, start_response):
if not is_mercurial(environ):
return self.application(environ, start_response)
if not self._check_ssl(environ, start_response):
return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
ip_addr = self._get_ip_addr(environ)
username = None
# skip passing error to error controller
environ['pylons.status_code_redirect'] = True
#======================================================================
# EXTRACT REPOSITORY NAME FROM ENV
#======================================================================
try:
repo_name = environ['REPO_NAME'] = self.__get_repository(environ)
log.debug('Extracted repo name is %s' % repo_name)
except Exception:
return HTTPInternalServerError()(environ, start_response)
# quick check if that dir exists...
if not is_valid_repo(repo_name, self.basepath, 'hg'):
return HTTPNotFound()(environ, start_response)
#======================================================================
# GET ACTION PULL or PUSH
#======================================================================
action = self.__get_action(environ)
#======================================================================
# CHECK ANONYMOUS PERMISSION
#======================================================================
if action in ['pull', 'push']:
anonymous_user = self.__get_user('default')
username = anonymous_user.username
anonymous_perm = self._check_permission(action, anonymous_user,
repo_name, ip_addr)
if not anonymous_perm or not anonymous_user.active:
if not anonymous_perm:
log.debug('Not enough credentials to access this '
'repository as anonymous user')
if not anonymous_user.active:
log.debug('Anonymous access is disabled, running '
'authentication')
#==============================================================
# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
#==============================================================
# Attempting to retrieve username from the container
username = get_container_username(environ, self.config)
# If not authenticated by the container, running basic auth
if not username:
self.authenticate.realm = \
safe_str(self.config['rhodecode_realm'])
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
username = result
else:
return result.wsgi_application(environ, start_response)
#==============================================================
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
#==============================================================
try:
user = self.__get_user(username)
if user is None or not user.active:
return HTTPForbidden()(environ, start_response)
username = user.username
except Exception:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
#check permissions for this repository
perm = self._check_permission(action, user, repo_name, ip_addr)
if not perm:
return HTTPForbidden()(environ, start_response)
# extras are injected into mercurial UI object and later available
# in hg hooks executed by rhodecode
from rhodecode import CONFIG
server_url = get_server_url(environ)
extras = {
'ip': ip_addr,
'username': username,
'action': action,
'repository': repo_name,
'scm': 'hg',
'config': CONFIG['__file__'],
'server_url': server_url,
'make_lock': None,
'locked_by': [None, None]
}
#======================================================================
# MERCURIAL REQUEST HANDLING
#======================================================================
str_repo_name = safe_str(repo_name)
repo_path = os.path.join(safe_str(self.basepath), str_repo_name)
log.debug('Repository path is %s' % repo_path)
# CHECK LOCKING only if it's not ANONYMOUS USER
if username != User.DEFAULT_USER:
log.debug('Checking locking on repository')
(make_lock, locked,
locked_by) = self._check_locking_state(environ=environ,
action=action,
repo=repo_name,
user_id=user.user_id)
# store the make_lock for later evaluation in hooks
extras.update({'make_lock': make_lock, 'locked_by': locked_by})
fix_PATH()
log.debug('HOOKS extras is %s' % extras)
baseui = make_ui('db')
self.__inject_extras(repo_path, baseui, extras)
try:
log.info('%s action on HG repo "%s" by "%s" from %s' %
(action, str_repo_name, safe_str(username), ip_addr))
app = self.__make_app(repo_path, baseui, extras)
return app(environ, start_response)
except RepoError, e:
if str(e).find('not found') != -1:
return HTTPNotFound()(environ, start_response)
def load_environment(global_conf, app_conf, initial=False):
"""
Configure the Pylons environment via the ``pylons.config``
object
"""
config = PylonsConfig()
# Pylons paths
root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
paths = dict(root=root,
controllers=os.path.join(root, 'controllers'),
static_files=os.path.join(root, 'public'),
templates=[os.path.join(root, 'templates')])
# Initialize config with the basic options
config.init_app(global_conf, app_conf, package='rhodecode', paths=paths)
# store some globals into rhodecode
rhodecode.CELERY_ON = str2bool(config['app_conf'].get('use_celery'))
rhodecode.CELERY_EAGER = str2bool(
config['app_conf'].get('celery.always.eager'))
config['routes.map'] = make_map(config)
config['pylons.app_globals'] = app_globals.Globals(config)
config['pylons.h'] = helpers
rhodecode.CONFIG = config
load_rcextensions(root_path=config['here'])
# Setup cache object as early as possible
import pylons
pylons.cache._push_object(config['pylons.app_globals'].cache)
# Create the Mako TemplateLookup, with the default auto-escaping
config['pylons.app_globals'].mako_lookup = TemplateLookup(
directories=paths['templates'],
error_handler=handle_mako_error,
module_directory=os.path.join(app_conf['cache_dir'], 'templates'),
input_encoding='utf-8',
default_filters=['escape'],
imports=['from webhelpers.html import escape'])
# sets the c attribute access when don't existing attribute are accessed
config['pylons.strict_tmpl_context'] = True
test = os.path.split(config['__file__'])[-1] == 'test.ini'
if test:
from rhodecode.lib.utils import create_test_env, create_test_index
from rhodecode.tests import TESTS_TMP_PATH
create_test_env(TESTS_TMP_PATH, config)
create_test_index(TESTS_TMP_PATH, config, True)
# MULTIPLE DB configs
# Setup the SQLAlchemy database engine
sa_engine_db1 = engine_from_config(config, 'sqlalchemy.db1.')
init_model(sa_engine_db1)
repos_path = make_ui('db').configitems('paths')[0][1]
repo2db_mapper(ScmModel().repo_scan(repos_path))
set_available_permissions(config)
config['base_path'] = repos_path
set_rhodecode_config(config)
# CONFIGURATION OPTIONS HERE (note: all config options will override
# any Pylons config options)
# store config reference into our module to skip import magic of
# pylons
rhodecode.CONFIG.update(config)
return config
def _handle_request(self, environ, start_response):
if not is_mercurial(environ):
return self.application(environ, start_response)
if not self._check_ssl(environ, start_response):
return HTTPNotAcceptable("SSL REQUIRED !")(environ, start_response)
ip_addr = self._get_ip_addr(environ)
username = None
# skip passing error to error controller
environ["pylons.status_code_redirect"] = True
# ======================================================================
# EXTRACT REPOSITORY NAME FROM ENV
# ======================================================================
try:
repo_name = environ["REPO_NAME"] = self.__get_repository(environ)
log.debug("Extracted repo name is %s" % repo_name)
except Exception:
return HTTPInternalServerError()(environ, start_response)
# quick check if that dir exists...
if not is_valid_repo(repo_name, self.basepath, "hg"):
return HTTPNotFound()(environ, start_response)
# ======================================================================
# GET ACTION PULL or PUSH
# ======================================================================
action = self.__get_action(environ)
# ======================================================================
# CHECK ANONYMOUS PERMISSION
# ======================================================================
if action in ["pull", "push"]:
anonymous_user = self.__get_user("default")
username = anonymous_user.username
anonymous_perm = self._check_permission(action, anonymous_user, repo_name, ip_addr)
if not anonymous_perm or not anonymous_user.active:
if not anonymous_perm:
log.debug("Not enough credentials to access this " "repository as anonymous user")
if not anonymous_user.active:
log.debug("Anonymous access is disabled, running " "authentication")
# ==============================================================
# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
# ==============================================================
# Attempting to retrieve username from the container
username = get_container_username(environ, self.config)
# If not authenticated by the container, running basic auth
if not username:
self.authenticate.realm = safe_str(self.config["rhodecode_realm"])
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, "basic")
REMOTE_USER.update(environ, result)
username = result
else:
return result.wsgi_application(environ, start_response)
# ==============================================================
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
# ==============================================================
try:
user = self.__get_user(username)
if user is None or not user.active:
return HTTPForbidden()(environ, start_response)
username = user.username
except Exception:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
# check permissions for this repository
perm = self._check_permission(action, user, repo_name, ip_addr)
if not perm:
return HTTPForbidden()(environ, start_response)
# extras are injected into mercurial UI object and later available
# in hg hooks executed by rhodecode
from rhodecode import CONFIG
server_url = get_server_url(environ)
extras = {
"ip": ip_addr,
"username": username,
"action": action,
"repository": repo_name,
"scm": "hg",
"config": CONFIG["__file__"],
"server_url": server_url,
"make_lock": None,
"locked_by": [None, None],
}
# ======================================================================
# MERCURIAL REQUEST HANDLING
# ======================================================================
str_repo_name = safe_str(repo_name)
repo_path = os.path.join(safe_str(self.basepath), str_repo_name)
log.debug("Repository path is %s" % repo_path)
# CHECK LOCKING only if it's not ANONYMOUS USER
if username != User.DEFAULT_USER:
log.debug("Checking locking on repository")
(make_lock, locked, locked_by) = self._check_locking_state(
environ=environ, action=action, repo=repo_name, user_id=user.user_id
)
# store the make_lock for later evaluation in hooks
extras.update({"make_lock": make_lock, "locked_by": locked_by})
# set the environ variables for this request
os.environ["RC_SCM_DATA"] = json.dumps(extras)
fix_PATH()
log.debug("HOOKS extras is %s" % extras)
baseui = make_ui("db")
self.__inject_extras(repo_path, baseui, extras)
try:
log.info('%s action on HG repo "%s" by "%s" from %s' % (action, str_repo_name, safe_str(username), ip_addr))
app = self.__make_app(repo_path, baseui, extras)
return app(environ, start_response)
except RepoError, e:
if str(e).find("not found") != -1:
return HTTPNotFound()(environ, start_response)
def handle_git_receive(repo_path, revs, env, hook_type='post'):
"""
A really hacky method that is runned by git post-receive hook and logs
an push action together with pushed revisions. It's executed by subprocess
thus needs all info to be able to create a on the fly pylons enviroment,
connect to database and run the logging code. Hacky as sh*t but works.
:param repo_path:
:param revs:
:param env:
"""
from paste.deploy import appconfig
from sqlalchemy import engine_from_config
from rhodecode.config.environment import load_environment
from rhodecode.model import init_model
from rhodecode.model.db import RhodeCodeUi
from rhodecode.lib.utils import make_ui
extras = _extract_extras(env)
path, ini_name = os.path.split(extras['config'])
conf = appconfig('config:%s' % ini_name, relative_to=path)
load_environment(conf.global_conf, conf.local_conf)
engine = engine_from_config(conf, 'sqlalchemy.db1.')
init_model(engine)
baseui = make_ui('db')
# fix if it's not a bare repo
if repo_path.endswith(os.sep + '.git'):
repo_path = repo_path[:-5]
repo = Repository.get_by_full_path(repo_path)
if not repo:
raise OSError('Repository %s not found in database'
% (safe_str(repo_path)))
_hooks = dict(baseui.configitems('hooks')) or {}
if hook_type == 'pre':
repo = repo.scm_instance
else:
#post push shouldn't use the cached instance never
repo = repo.scm_instance_no_cache()
if hook_type == 'pre':
pre_push(baseui, repo)
# if push hook is enabled via web interface
elif hook_type == 'post' and _hooks.get(RhodeCodeUi.HOOK_PUSH):
rev_data = []
for l in revs:
old_rev, new_rev, ref = l.split(' ')
_ref_data = ref.split('/')
if _ref_data[1] in ['tags', 'heads']:
rev_data.append({'old_rev': old_rev,
'new_rev': new_rev,
'ref': ref,
'type': _ref_data[1],
'name': _ref_data[2].strip()})
git_revs = []
for push_ref in rev_data:
_type = push_ref['type']
if _type == 'heads':
if push_ref['old_rev'] == EmptyChangeset().raw_id:
cmd = "for-each-ref --format='%(refname)' 'refs/heads/*'"
heads = repo.run_git_command(cmd)[0]
heads = heads.replace(push_ref['ref'], '')
heads = ' '.join(map(lambda c: c.strip('\n').strip(),
heads.splitlines()))
cmd = (('log %(new_rev)s' % push_ref) +
' --reverse --pretty=format:"%H" --not ' + heads)
git_revs += repo.run_git_command(cmd)[0].splitlines()
elif push_ref['new_rev'] == EmptyChangeset().raw_id:
#delete branch case
git_revs += ['delete_branch=>%s' % push_ref['name']]
else:
cmd = (('log %(old_rev)s..%(new_rev)s' % push_ref) +
' --reverse --pretty=format:"%H"')
git_revs += repo.run_git_command(cmd)[0].splitlines()
elif _type == 'tags':
git_revs += ['tag=>%s' % push_ref['name']]
log_push_action(baseui, repo, _git_revs=git_revs)
def differ(org_repo, org_ref, other_repo, other_ref, discovery_data=None,
remote_compare=False, context=3, ignore_whitespace=False):
"""
General differ between branches, bookmarks, revisions of two remote or
local but related repositories
:param org_repo:
:param org_ref:
:param other_repo:
:type other_repo:
:type other_ref:
"""
org_repo_scm = org_repo.scm_instance
other_repo_scm = other_repo.scm_instance
org_repo = org_repo_scm._repo
other_repo = other_repo_scm._repo
org_ref = org_ref[1]
other_ref = other_ref[1]
if org_repo_scm == other_repo_scm:
log.debug('running diff between %s@%s and %s@%s'
% (org_repo.path, org_ref, other_repo.path, other_ref))
_diff = org_repo_scm.get_diff(rev1=org_ref, rev2=other_ref,
ignore_whitespace=ignore_whitespace, context=context)
return _diff
elif remote_compare:
opts = diffopts(git=True, ignorews=ignore_whitespace, context=context)
common, incoming, rheads = discovery_data
org_repo_peer = localrepo.locallegacypeer(org_repo.local())
# create a bundle (uncompressed if other repo is not local)
if org_repo_peer.capable('getbundle'):
# disable repo hooks here since it's just bundle !
# patch and reset hooks section of UI config to not run any
# hooks on fetching archives with subrepos
for k, _ in org_repo.ui.configitems('hooks'):
org_repo.ui.setconfig('hooks', k, None)
unbundle = org_repo.getbundle('incoming', common=None,
heads=None)
buf = BytesIO()
while True:
chunk = unbundle._stream.read(1024 * 4)
if not chunk:
break
buf.write(chunk)
buf.seek(0)
# replace chunked _stream with data that can do tell() and seek()
unbundle._stream = buf
ui = make_ui('db')
bundlerepo = InMemoryBundleRepo(ui, path=org_repo.root,
bundlestream=unbundle)
return ''.join(patch.diff(bundlerepo,
node1=other_repo[other_ref].node(),
node2=org_repo[org_ref].node(),
opts=opts))
return ''
def load_environment(global_conf, app_conf, initial=False):
"""
Configure the Pylons environment via the ``pylons.config``
object
"""
config = PylonsConfig()
# Pylons paths
root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
paths = dict(
root=root,
controllers=os.path.join(root, "controllers"),
static_files=os.path.join(root, "public"),
templates=[os.path.join(root, "templates")],
)
# Initialize config with the basic options
config.init_app(global_conf, app_conf, package="rhodecode", paths=paths)
# store some globals into rhodecode
rhodecode.CELERY_ON = str2bool(config["app_conf"].get("use_celery"))
rhodecode.CELERY_EAGER = str2bool(config["app_conf"].get("celery.always.eager"))
config["routes.map"] = make_map(config)
config["pylons.app_globals"] = app_globals.Globals(config)
config["pylons.h"] = helpers
rhodecode.CONFIG = config
load_rcextensions(root_path=config["here"])
# Setup cache object as early as possible
import pylons
pylons.cache._push_object(config["pylons.app_globals"].cache)
# Create the Mako TemplateLookup, with the default auto-escaping
config["pylons.app_globals"].mako_lookup = TemplateLookup(
directories=paths["templates"],
error_handler=handle_mako_error,
module_directory=os.path.join(app_conf["cache_dir"], "templates"),
input_encoding="utf-8",
default_filters=["escape"],
imports=["from webhelpers.html import escape"],
)
# sets the c attribute access when don't existing attribute are accessed
config["pylons.strict_tmpl_context"] = True
test = os.path.split(config["__file__"])[-1] == "test.ini"
if test:
from rhodecode.lib.utils import create_test_env, create_test_index
from rhodecode.tests import TESTS_TMP_PATH
create_test_env(TESTS_TMP_PATH, config)
create_test_index(TESTS_TMP_PATH, config, True)
# MULTIPLE DB configs
# Setup the SQLAlchemy database engine
sa_engine_db1 = engine_from_config(config, "sqlalchemy.db1.")
init_model(sa_engine_db1)
repos_path = make_ui("db").configitems("paths")[0][1]
repo2db_mapper(ScmModel().repo_scan(repos_path))
set_available_permissions(config)
config["base_path"] = repos_path
set_rhodecode_config(config)
# CONFIGURATION OPTIONS HERE (note: all config options will override
# any Pylons config options)
# store config reference into our module to skip import magic of
# pylons
rhodecode.CONFIG.update(config)
return config
def _handle_request(self, environ, start_response):
if not is_git(environ):
return self.application(environ, start_response)
if not self._check_ssl(environ, start_response):
return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
ipaddr = self._get_ip_addr(environ)
username = None
self._git_first_op = False
# skip passing error to error controller
environ['pylons.status_code_redirect'] = True
#======================================================================
# EXTRACT REPOSITORY NAME FROM ENV
#======================================================================
try:
repo_name = self.__get_repository(environ)
log.debug('Extracted repo name is %s' % repo_name)
except:
return HTTPInternalServerError()(environ, start_response)
# quick check if that dir exists...
if is_valid_repo(repo_name, self.basepath, 'git') is False:
return HTTPNotFound()(environ, start_response)
#======================================================================
# GET ACTION PULL or PUSH
#======================================================================
action = self.__get_action(environ)
#======================================================================
# CHECK ANONYMOUS PERMISSION
#======================================================================
if action in ['pull', 'push']:
anonymous_user = self.__get_user('default')
username = anonymous_user.username
anonymous_perm = self._check_permission(action, anonymous_user,
repo_name)
if anonymous_perm is not True or anonymous_user.active is False:
if anonymous_perm is not True:
log.debug('Not enough credentials to access this '
'repository as anonymous user')
if anonymous_user.active is False:
log.debug('Anonymous access is disabled, running '
'authentication')
#==============================================================
# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
#==============================================================
# Attempting to retrieve username from the container
username = get_container_username(environ, self.config)
# If not authenticated by the container, running basic auth
if not username:
self.authenticate.realm = \
safe_str(self.config['rhodecode_realm'])
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
username = result
else:
return result.wsgi_application(environ, start_response)
#==============================================================
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
#==============================================================
try:
user = self.__get_user(username)
if user is None or not user.active:
return HTTPForbidden()(environ, start_response)
username = user.username
except:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
#check permissions for this repository
perm = self._check_permission(action, user, repo_name)
if perm is not True:
return HTTPForbidden()(environ, start_response)
# extras are injected into UI object and later available
# in hooks executed by rhodecode
from rhodecode import CONFIG
extras = {
'ip': ipaddr,
'username': username,
'action': action,
'repository': repo_name,
'scm': 'git',
'config': CONFIG['__file__'],
'make_lock': None,
'locked_by': [None, None]
}
#===================================================================
# GIT REQUEST HANDLING
#===================================================================
repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
log.debug('Repository path is %s' % repo_path)
# CHECK LOCKING only if it's not ANONYMOUS USER
if username != User.DEFAULT_USER:
log.debug('Checking locking on repository')
(make_lock,
locked,
locked_by) = self._check_locking_state(
environ=environ, action=action,
repo=repo_name, user_id=user.user_id
)
# store the make_lock for later evaluation in hooks
extras.update({'make_lock': make_lock,
'locked_by': locked_by})
# set the environ variables for this request
os.environ['RC_SCM_DATA'] = json.dumps(extras)
fix_PATH()
log.debug('HOOKS extras is %s' % extras)
baseui = make_ui('db')
self.__inject_extras(repo_path, baseui, extras)
try:
# invalidate cache on push
if action == 'push':
self._invalidate_cache(repo_name)
self._handle_githooks(repo_name, action, baseui, environ)
log.info('%s action on GIT repo "%s"' % (action, repo_name))
app = self.__make_app(repo_name, repo_path, extras)
return app(environ, start_response)
except HTTPLockedRC, e:
log.debug('Repositry LOCKED ret code 423!')
return e(environ, start_response)
def _handle_request(self, environ, start_response):
if not is_mercurial(environ):
return self.application(environ, start_response)
ipaddr = self._get_ip_addr(environ)
# skip passing error to error controller
environ['pylons.status_code_redirect'] = True
#======================================================================
# EXTRACT REPOSITORY NAME FROM ENV
#======================================================================
try:
repo_name = environ['REPO_NAME'] = self.__get_repository(environ)
log.debug('Extracted repo name is %s' % repo_name)
except:
return HTTPInternalServerError()(environ, start_response)
# quick check if that dir exists...
if is_valid_repo(repo_name, self.basepath) is False:
return HTTPNotFound()(environ, start_response)
#======================================================================
# GET ACTION PULL or PUSH
#======================================================================
action = self.__get_action(environ)
#======================================================================
# CHECK ANONYMOUS PERMISSION
#======================================================================
if action in ['pull', 'push']:
anonymous_user = self.__get_user('default')
username = anonymous_user.username
anonymous_perm = self._check_permission(action, anonymous_user,
repo_name)
if anonymous_perm is not True or anonymous_user.active is False:
if anonymous_perm is not True:
log.debug('Not enough credentials to access this '
'repository as anonymous user')
if anonymous_user.active is False:
log.debug('Anonymous access is disabled, running '
'authentication')
#==============================================================
# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
#==============================================================
# Attempting to retrieve username from the container
username = get_container_username(environ, self.config)
# If not authenticated by the container, running basic auth
if not username:
self.authenticate.realm = \
safe_str(self.config['rhodecode_realm'])
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
username = result
else:
return result.wsgi_application(environ, start_response)
#==============================================================
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
#==============================================================
if action in ['pull', 'push']:
try:
user = self.__get_user(username)
if user is None or not user.active:
return HTTPForbidden()(environ, start_response)
username = user.username
except:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ,
start_response)
#check permissions for this repository
perm = self._check_permission(action, user, repo_name)
if perm is not True:
return HTTPForbidden()(environ, start_response)
# extras are injected into mercurial UI object and later available
# in hg hooks executed by rhodecode
extras = {
'ip': ipaddr,
'username': username,
'action': action,
'repository': repo_name,
'scm': 'hg',
}
#======================================================================
# MERCURIAL REQUEST HANDLING
#======================================================================
repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
log.debug('Repository path is %s' % repo_path)
baseui = make_ui('db')
self.__inject_extras(repo_path, baseui, extras)
try:
# invalidate cache on push
if action == 'push':
self._invalidate_cache(repo_name)
log.info('%s action on HG repo "%s"' % (action, repo_name))
app = self.__make_app(repo_path, baseui, extras)
return app(environ, start_response)
except RepoError, e:
if str(e).find('not found') != -1:
return HTTPNotFound()(environ, start_response)
def __call__(self, environ, start_response):
if not is_mercurial(environ):
return self.application(environ, start_response)
proxy_key = "HTTP_X_REAL_IP"
def_key = "REMOTE_ADDR"
ipaddr = environ.get(proxy_key, environ.get(def_key, "0.0.0.0"))
# skip passing error to error controller
environ["pylons.status_code_redirect"] = True
# ======================================================================
# EXTRACT REPOSITORY NAME FROM ENV
# ======================================================================
try:
repo_name = environ["REPO_NAME"] = self.__get_repository(environ)
log.debug("Extracted repo name is %s" % repo_name)
except:
return HTTPInternalServerError()(environ, start_response)
# ======================================================================
# GET ACTION PULL or PUSH
# ======================================================================
action = self.__get_action(environ)
# ======================================================================
# CHECK ANONYMOUS PERMISSION
# ======================================================================
if action in ["pull", "push"]:
anonymous_user = self.__get_user("default")
username = anonymous_user.username
anonymous_perm = self.__check_permission(action, anonymous_user, repo_name)
if anonymous_perm is not True or anonymous_user.active is False:
if anonymous_perm is not True:
log.debug("Not enough credentials to access this " "repository as anonymous user")
if anonymous_user.active is False:
log.debug("Anonymous access is disabled, running " "authentication")
# ==============================================================
# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
# ==============================================================
if not REMOTE_USER(environ):
self.authenticate.realm = safe_str(self.config["rhodecode_realm"])
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, "basic")
REMOTE_USER.update(environ, result)
else:
return result.wsgi_application(environ, start_response)
# ==============================================================
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
# BASIC AUTH
# ==============================================================
if action in ["pull", "push"]:
username = REMOTE_USER(environ)
try:
user = self.__get_user(username)
username = user.username
except:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
# check permissions for this repository
perm = self.__check_permission(action, user, repo_name)
if perm is not True:
return HTTPForbidden()(environ, start_response)
extras = {"ip": ipaddr, "username": username, "action": action, "repository": repo_name}
# ======================================================================
# MERCURIAL REQUEST HANDLING
# ======================================================================
repo_path = safe_str(os.path.join(self.basepath, repo_name))
log.debug("Repository path is %s" % repo_path)
baseui = make_ui("db")
self.__inject_extras(repo_path, baseui, extras)
# quick check if that dir exists...
if is_valid_repo(repo_name, self.basepath) is False:
return HTTPNotFound()(environ, start_response)
try:
# invalidate cache on push
if action == "push":
self.__invalidate_cache(repo_name)
app = self.__make_app(repo_path, baseui, extras)
return app(environ, start_response)
except RepoError, e:
if str(e).find("not found") != -1:
return HTTPNotFound()(environ, start_response)
def load_environment(global_conf, app_conf, initial=False):
"""
Configure the Pylons environment via the ``pylons.config``
object
"""
config = PylonsConfig()
# Pylons paths
root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
paths = dict(root=root,
controllers=os.path.join(root, 'controllers'),
static_files=os.path.join(root, 'public'),
templates=[os.path.join(root, 'templates')])
# Initialize config with the basic options
config.init_app(global_conf, app_conf, package='rhodecode', paths=paths)
# store some globals into rhodecode
rhodecode.CELERY_ON = str2bool(config['app_conf'].get('use_celery'))
rhodecode.CELERY_EAGER = str2bool(
config['app_conf'].get('celery.always.eager'))
config['routes.map'] = make_map(config)
config['pylons.app_globals'] = app_globals.Globals(config)
config['pylons.h'] = helpers
rhodecode.CONFIG = config
load_rcextensions(root_path=config['here'])
# Setup cache object as early as possible
import pylons
pylons.cache._push_object(config['pylons.app_globals'].cache)
# Create the Mako TemplateLookup, with the default auto-escaping
config['pylons.app_globals'].mako_lookup = TemplateLookup(
directories=paths['templates'],
error_handler=handle_mako_error,
module_directory=os.path.join(app_conf['cache_dir'], 'templates'),
input_encoding='utf-8',
default_filters=['escape'],
imports=['from webhelpers.html import escape'])
# sets the c attribute access when don't existing attribute are accessed
config['pylons.strict_tmpl_context'] = True
test = os.path.split(config['__file__'])[-1] == 'test.ini'
if test:
if os.environ.get('TEST_DB'):
# swap config if we pass enviroment variable
config['sqlalchemy.db1.url'] = os.environ.get('TEST_DB')
from rhodecode.lib.utils import create_test_env, create_test_index
from rhodecode.tests import TESTS_TMP_PATH
# set RC_NO_TMP_PATH=1 to disable re-creating the database and
# test repos
if not int(os.environ.get('RC_NO_TMP_PATH', 0)):
create_test_env(TESTS_TMP_PATH, config)
# set RC_WHOOSH_TEST_DISABLE=1 to disable whoosh index during tests
if not int(os.environ.get('RC_WHOOSH_TEST_DISABLE', 0)):
create_test_index(TESTS_TMP_PATH, config, True)
DbManage.check_waitress()
# MULTIPLE DB configs
# Setup the SQLAlchemy database engine
sa_engine_db1 = engine_from_config(config, 'sqlalchemy.db1.')
init_model(sa_engine_db1)
set_available_permissions(config)
repos_path = make_ui('db').configitems('paths')[0][1]
config['base_path'] = repos_path
set_rhodecode_config(config)
instance_id = rhodecode.CONFIG.get('instance_id')
if instance_id == '*':
instance_id = '%s-%s' % (os.uname()[1], os.getpid())
rhodecode.CONFIG['instance_id'] = instance_id
# CONFIGURATION OPTIONS HERE (note: all config options will override
# any Pylons config options)
# store config reference into our module to skip import magic of
# pylons
rhodecode.CONFIG.update(config)
set_vcs_config(rhodecode.CONFIG)
#check git version
check_git_version()
if str2bool(config.get('initial_repo_scan', True)):
repo2db_mapper(ScmModel().repo_scan(repos_path),
remove_obsolete=False,
install_git_hook=False)
return config
def load_environment(global_conf, app_conf, initial=False):
"""
Configure the Pylons environment via the ``pylons.config``
object
"""
config = PylonsConfig()
# Pylons paths
root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
paths = dict(
root=root,
controllers=os.path.join(root, 'controllers'),
static_files=os.path.join(root, 'public'),
templates=[os.path.join(root, 'templates')]
)
# Initialize config with the basic options
config.init_app(global_conf, app_conf, package='rhodecode', paths=paths)
# store some globals into rhodecode
rhodecode.CELERY_ON = str2bool(config['app_conf'].get('use_celery'))
rhodecode.CELERY_EAGER = str2bool(config['app_conf'].get('celery.always.eager'))
config['routes.map'] = make_map(config)
config['pylons.app_globals'] = app_globals.Globals(config)
config['pylons.h'] = helpers
rhodecode.CONFIG = config
load_rcextensions(root_path=config['here'])
# Setup cache object as early as possible
import pylons
pylons.cache._push_object(config['pylons.app_globals'].cache)
# Create the Mako TemplateLookup, with the default auto-escaping
config['pylons.app_globals'].mako_lookup = TemplateLookup(
directories=paths['templates'],
error_handler=handle_mako_error,
module_directory=os.path.join(app_conf['cache_dir'], 'templates'),
input_encoding='utf-8', default_filters=['escape'],
imports=['from webhelpers.html import escape'])
# sets the c attribute access when don't existing attribute are accessed
config['pylons.strict_tmpl_context'] = True
test = os.path.split(config['__file__'])[-1] == 'test.ini'
if test:
if os.environ.get('TEST_DB'):
# swap config if we pass enviroment variable
config['sqlalchemy.db1.url'] = os.environ.get('TEST_DB')
from rhodecode.lib.utils import create_test_env, create_test_index
from rhodecode.tests import TESTS_TMP_PATH
# set RC_NO_TMP_PATH=1 to disable re-creating the database and
# test repos
if not int(os.environ.get('RC_NO_TMP_PATH', 0)):
create_test_env(TESTS_TMP_PATH, config)
# set RC_WHOOSH_TEST_DISABLE=1 to disable whoosh index during tests
if not int(os.environ.get('RC_WHOOSH_TEST_DISABLE', 0)):
create_test_index(TESTS_TMP_PATH, config, True)
#check git version
check_git_version()
DbManage.check_waitress()
# MULTIPLE DB configs
# Setup the SQLAlchemy database engine
sa_engine_db1 = engine_from_config(config, 'sqlalchemy.db1.')
init_model(sa_engine_db1)
repos_path = make_ui('db').configitems('paths')[0][1]
repo2db_mapper(ScmModel().repo_scan(repos_path),
remove_obsolete=False, install_git_hook=False)
set_available_permissions(config)
config['base_path'] = repos_path
set_rhodecode_config(config)
instance_id = rhodecode.CONFIG.get('instance_id')
if instance_id == '*':
instance_id = '%s-%s' % (os.uname()[1], os.getpid())
rhodecode.CONFIG['instance_id'] = instance_id
# CONFIGURATION OPTIONS HERE (note: all config options will override
# any Pylons config options)
# store config reference into our module to skip import magic of
# pylons
rhodecode.CONFIG.update(config)
return config
def _handle_request(self, environ, start_response):
if not is_git(environ):
return self.application(environ, start_response)
ipaddr = self._get_ip_addr(environ)
username = None
self._git_first_op = False
# skip passing error to error controller
environ['pylons.status_code_redirect'] = True
#======================================================================
# EXTRACT REPOSITORY NAME FROM ENV
#======================================================================
try:
repo_name = self.__get_repository(environ)
log.debug('Extracted repo name is %s' % repo_name)
except:
return HTTPInternalServerError()(environ, start_response)
# quick check if that dir exists...
if is_valid_repo(repo_name, self.basepath) is False:
return HTTPNotFound()(environ, start_response)
#======================================================================
# GET ACTION PULL or PUSH
#======================================================================
action = self.__get_action(environ)
#======================================================================
# CHECK ANONYMOUS PERMISSION
#======================================================================
if action in ['pull', 'push']:
anonymous_user = self.__get_user('default')
username = anonymous_user.username
anonymous_perm = self._check_permission(action, anonymous_user,
repo_name)
if anonymous_perm is not True or anonymous_user.active is False:
if anonymous_perm is not True:
log.debug('Not enough credentials to access this '
'repository as anonymous user')
if anonymous_user.active is False:
log.debug('Anonymous access is disabled, running '
'authentication')
#==============================================================
# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
#==============================================================
# Attempting to retrieve username from the container
username = get_container_username(environ, self.config)
# If not authenticated by the container, running basic auth
if not username:
self.authenticate.realm = \
safe_str(self.config['rhodecode_realm'])
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
username = result
else:
return result.wsgi_application(environ, start_response)
#==============================================================
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
#==============================================================
if action in ['pull', 'push']:
try:
user = self.__get_user(username)
if user is None or not user.active:
return HTTPForbidden()(environ, start_response)
username = user.username
except:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ,
start_response)
#check permissions for this repository
perm = self._check_permission(action, user, repo_name)
if perm is not True:
return HTTPForbidden()(environ, start_response)
extras = {
'ip': ipaddr,
'username': username,
'action': action,
'repository': repo_name,
'scm': 'git',
}
#===================================================================
# GIT REQUEST HANDLING
#===================================================================
repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
log.debug('Repository path is %s' % repo_path)
baseui = make_ui('db')
self.__inject_extras(repo_path, baseui, extras)
try:
# invalidate cache on push
if action == 'push':
self._invalidate_cache(repo_name)
self._handle_githooks(repo_name, action, baseui, environ)
log.info('%s action on GIT repo "%s"' % (action, repo_name))
app = self.__make_app(repo_name, repo_path)
return app(environ, start_response)
except Exception:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
