# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from rhodecode.lib import str2bool

class HttpsFixup(object):

    def __init__(self, app, config):

        self.application = app

        self.config = config

    def __call__(self, environ, start_response):

        self.__fixup(environ)

        return self.application(environ, start_response)

    def __fixup(self, environ):

        middleware you should set this header inside your

        proxy ie. nginx, apache etc.

        """

        proto = environ.get('HTTP_X_URL_SCHEME')

        if str2bool(self.config.get('force_https')):

            proto = 'https'

        if proto == 'https':

            environ['wsgi.url_scheme'] = proto

        else:

            environ['wsgi.url_scheme'] = 'http'

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import logging

import traceback

from dulwich import server as dulserver

class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):

    def handle(self):

        write = lambda x: self.proto.write_sideband(1, x)

            self.repo.get_peeled)

        objects_iter = self.repo.fetch_objects(

          graph_walker.determine_wants, graph_walker, self.progress,

          get_tagged=self.get_tagged)

        # Do they want any objects?

        if len(objects_iter) == 0:

            return

        self.progress("counting objects: %d, done.\n" % len(objects_iter))

        messages = []

        messages.append('thank you for using rhodecode')

        for msg in messages:

            self.progress(msg + "\n")

        # we are done

        self.proto.write("0000")

dulserver.DEFAULT_HANDLERS = {

  'git-upload-pack': SimpleGitUploadPackHandler,

  'git-receive-pack': dulserver.ReceivePackHandler,

}

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware

from rhodecode.lib.utils import invalidate_cache, check_repo_fast

from rhodecode.model.user import UserModel

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

log = logging.getLogger(__name__)

def is_git(environ):

    """Returns True if request's target is git server.

    ``HTTP_USER_AGENT`` would then have git client version given.

    :param environ:

    """

    http_user_agent = environ.get('HTTP_USER_AGENT')

    if http_user_agent and http_user_agent.startswith('git'):

        return True

    return False

class SimpleGit(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        #authenticate this git request using

        self.authenticate = AuthBasicAuthenticator('', authfunc)

        self.ipaddr = '0.0.0.0'

        self.repository = None

        self.username = None

        self.action = None

            # GET REPOSITORY NAME

            #==================================================================

            self.repo_name = self.__get_repository(environ)

        except:

            return HTTPInternalServerError()(environ, start_response)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if self.action in ['pull', 'push'] or self.action:

            anonymous_user = self.__get_user('default')

            self.username = anonymous_user.username

                                           self.repo_name)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                if not REMOTE_USER(environ):

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM

                # BASIC AUTH

                #==============================================================

                if self.action in ['pull', 'push']  or self.action:

                    username = REMOTE_USER(environ)

                    try:

                        user = self.__get_user(username)

                        self.username = user.username

                    except:

                        log.error(traceback.format_exc())

                    #check permissions for this repository

                    if perm is not True:

                        print 'not allowed'

                        return HTTPForbidden()(environ, start_response)

        self.extras = {'ip':self.ipaddr,

                       'username':self.username,

                       'action':self.action,

                       'repository':self.repo_name}

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

        #invalidate cache on push

        if self.action == 'push':

            self.__invalidate_cache(self.repo_name)

            messages = []

            messages.append('thank you for using rhodecode')

            return app(environ, start_response)

        else:

            return app(environ, start_response)

    def __make_app(self):

        gitserve = HTTPGitApplication(backend)

        return gitserve

    def __check_permission(self, action, user, repo_name):

        """Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: user instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                return False

        return True

    def __get_repository(self, environ):

        """Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

        except:

            log.error(traceback.format_exc())

            raise

        repo_name = repo_name.split('/')[0]

        return repo_name

    def __get_user(self, username):

        return UserModel().get_by_username(username, cache=True)

    def __get_action(self, environ):

        """Maps git request commands into a pull or push command.

        :param environ:

        """

        service = environ['QUERY_STRING'].split('=')

        if len(service) > 1:

            service_cmd = service[1]

            mapping = {'git-receive-pack': 'push',

                       'git-upload-pack': 'pull',

                       }

        else:

            return 'other'

    def __invalidate_cache(self, repo_name):

        """we know that some change was made to repositories and we should

        invalidate the cache to see the changes right away but only for

        push requests"""

        invalidate_cache('get_repo_cached_%s' % repo_name)

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware

from rhodecode.lib.utils import make_ui, invalidate_cache, \

    check_repo_fast, ui_sections

from rhodecode.model.user import UserModel

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

log = logging.getLogger(__name__)

def is_mercurial(environ):

    """Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    if http_accept and http_accept.startswith('application/mercurial'):

        return True

    return False

class SimpleHg(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        #authenticate this mercurial request using authfunc

        self.authenticate = AuthBasicAuthenticator('', authfunc)

        self.ipaddr = '0.0.0.0'

        self.repo_name = None

        self.username = None

        self.action = None

            # GET REPOSITORY NAME

            #==================================================================

            self.repo_name = self.__get_repository(environ)

        except:

            return HTTPInternalServerError()(environ, start_response)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if self.action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            self.username = anonymous_user.username

                                           self.repo_name)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                if not REMOTE_USER(environ):

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM

                # BASIC AUTH

                #==============================================================

                if self.action in ['pull', 'push']:

                    username = REMOTE_USER(environ)

                    try:

                        user = self.__get_user(username)

                        self.username = user.username

                    except:

                        log.error(traceback.format_exc())

                    #check permissions for this repository

                    if perm is not True:

                        return HTTPForbidden()(environ, start_response)

        self.extras = {'ip':self.ipaddr,

                       'username':self.username,

                       'action':self.action,

                       'repository':self.repo_name}

        # MERCURIAL REQUEST HANDLING

        environ['PATH_INFO'] = '/'#since we wrap into hgweb, reset the path

        self.baseui = make_ui('db')

        self.basepath = self.config['base_path']

        self.repo_path = os.path.join(self.basepath, self.repo_name)

        #quick check if that dir exists...

        if check_repo_fast(self.repo_name, self.basepath):

            return HTTPNotFound()(environ, start_response)

        try:

            app = wsgiapplication(self.__make_app)

        except RepoError, e:

            if str(e).find('not found') != -1:

                return HTTPNotFound()(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

        #invalidate cache on push

        if self.action == 'push':

            self.__invalidate_cache(self.repo_name)

        return app(environ, start_response)

    def __make_app(self):

        """Make an wsgi application using hgweb, and my generated baseui

        instance

        """

        hgserve = hgweb(str(self.repo_path), baseui=self.baseui)

        return  self.__load_web_settings(hgserve, self.extras)

    def __check_permission(self, action, user, repo_name):

        """Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: user instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                return False

        return True

    def __get_repository(self, environ):

        """Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

        except:

            log.error(traceback.format_exc())

            raise

        :param environ:

        """

        mapping = {'changegroup': 'pull',

                   'changegroupsubset': 'pull',

                   'stream_out': 'pull',

                   'listkeys': 'pull',

                   'unbundle': 'push',

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                    return mapping[cmd]

                else:

                    return 'pull'

    def __invalidate_cache(self, repo_name):

        """we know that some change was made to repositories and we should

        invalidate the cache to see the changes right away but only for

        push requests"""

        invalidate_cache('get_repo_cached_%s' % repo_name)

    def __load_web_settings(self, hgserve, extras={}):

        #set the global ui for hgserve instance passed

        hgserve.repo.ui = self.baseui

        hgrc = os.path.join(self.repo_path, '.hg', 'hgrc')

        #inject some additional parameters that will be available in ui

        #for hooks

        for k, v in extras.items():

            hgserve.repo.ui.setconfig('rhodecode_extras', k, v)

        repoui = make_ui('file', hgrc, False)