Files
@ 32440c07a085
Branch filter:
Location: kallithea/docs/usage/locking.rst - annotation
32440c07a085
1.1 KiB
text/prs.fallenstein.rst
auth: consume request body before responding 401 or 403 during authentication
In order to work correctly with reverse proxies like Apache, the application
needs to consume the whole body before returning and closing the connection.
Otherwise the reverse proxy may complain about a broken pipe.
For example, if the client sends a lot of data and kallithea doesn't read all
that data before sending 401, the connection will be closed before the reverse
proxy has sent all the data. In this case an apache reverse proxy will fail
with a broken pipe error.
This is not necessary for all wsgi servers. Waitress automatically buffers (and
therefore reads) all the data and uwsgi has a 'post-buffering' option to do the
same. But AFAIK there is no way to push to a password protected hg repository
when using gunicorn without this changeset.
In order to work correctly with reverse proxies like Apache, the application
needs to consume the whole body before returning and closing the connection.
Otherwise the reverse proxy may complain about a broken pipe.
For example, if the client sends a lot of data and kallithea doesn't read all
that data before sending 401, the connection will be closed before the reverse
proxy has sent all the data. In this case an apache reverse proxy will fail
with a broken pipe error.
This is not necessary for all wsgi servers. Waitress automatically buffers (and
therefore reads) all the data and uwsgi has a 'post-buffering' option to do the
same. But AFAIK there is no way to push to a password protected hg repository
when using gunicorn without this changeset.
aa17c7a1b8a5 aa17c7a1b8a5 8d065db04909 8d065db04909 8d065db04909 aa17c7a1b8a5 5ae8e644aa88 8d065db04909 03bbd33bc084 03bbd33bc084 5ae8e644aa88 5ae8e644aa88 8d065db04909 aa17c7a1b8a5 5ae8e644aa88 8d065db04909 aa17c7a1b8a5 8d065db04909 5ae8e644aa88 8d065db04909 aa17c7a1b8a5 8d065db04909 8d065db04909 5ae8e644aa88 8d065db04909 aa17c7a1b8a5 8d065db04909 8d065db04909 | .. _locking:
==================
Repository locking
==================
Kallithea has a *repository locking* feature, disabled by default. When
enabled, every initial clone and every pull gives users (with write permission)
the exclusive right to do a push.
When repository locking is enabled, repositories get a ``locked`` flag.
The hg/git commands ``hg/git clone``, ``hg/git pull``,
and ``hg/git push`` influence this state:
- A ``clone`` or ``pull`` action locks the target repository
if the user has write/admin permissions on this repository.
- Kallithea will remember the user who locked the repository so only this
specific user can unlock the repo by performing a ``push``
command.
- Every other command on a locked repository from this user and every command
from any other user will result in an HTTP return code 423 (Locked).
Additionally, the HTTP error will mention the user that locked the repository
(e.g., “repository <repo> locked by user <user>”).
Each repository can be manually unlocked by an administrator from the
repository settings menu.
|