#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from rhodecode.lib import str2bool

class HttpsFixup(object):

    def __init__(self, app, config):

        self.application = app

        self.config = config

    def __call__(self, environ, start_response):

        self.__fixup(environ)

        return self.application(environ, start_response)

    def __fixup(self, environ):

        middleware you should set this header inside your

        proxy ie. nginx, apache etc.

        """

        proto = environ.get('HTTP_X_URL_SCHEME')

        if str2bool(self.config.get('force_https')):

import os

import logging

import traceback

from dulwich import server as dulserver

class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):

    def handle(self):

        write = lambda x: self.proto.write_sideband(1, x)

        objects_iter = self.repo.fetch_objects(

          graph_walker.determine_wants, graph_walker, self.progress,

          get_tagged=self.get_tagged)

        # Do they want any objects?

        if len(objects_iter) == 0:

            return

        self.progress("counting objects: %d, done.\n" % len(objects_iter))

        messages = []

        messages.append('thank you for using rhodecode')

        for msg in messages:

            self.progress(msg + "\n")

        # we are done

from rhodecode.model.user import UserModel

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

log = logging.getLogger(__name__)

def is_git(environ):

    """Returns True if request's target is git server.

    ``HTTP_USER_AGENT`` would then have git client version given.

    :param environ:

    """

    http_user_agent = environ.get('HTTP_USER_AGENT')

    if http_user_agent and http_user_agent.startswith('git'):

        return True

    return False

class SimpleGit(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        #authenticate this git request using

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if self.action in ['pull', 'push'] or self.action:

            anonymous_user = self.__get_user('default')

            self.username = anonymous_user.username

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                if not REMOTE_USER(environ):

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM

                # BASIC AUTH

                #==============================================================

                if self.action in ['pull', 'push']  or self.action:

                    username = REMOTE_USER(environ)

                    try:

                        user = self.__get_user(username)

                        self.username = user.username

                    except:

                        log.error(traceback.format_exc())

                    #check permissions for this repository

                    if perm is not True:

                        print 'not allowed'

                        return HTTPForbidden()(environ, start_response)

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

        self.basepath = self.config['base_path']

        self.repo_path = os.path.join(self.basepath, self.repo_name)

            messages = []

            messages.append('thank you for using rhodecode')

            return app(environ, start_response)

        else:

            return app(environ, start_response)

    def __make_app(self):

        gitserve = HTTPGitApplication(backend)

        return gitserve

    def __check_permission(self, action, user, repo_name):

        """Checks permissions using action (push/pull) user and repository

        :param action: push or pull action

        :param user: user instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                return False

        return True

    def __get_repository(self, environ):

        """Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

        except:

            log.error(traceback.format_exc())

            raise

        repo_name = repo_name.split('/')[0]

        return repo_name

    def __get_user(self, username):

        return UserModel().get_by_username(username, cache=True)

    def __get_action(self, environ):

        """Maps git request commands into a pull or push command.

        if len(service) > 1:

            service_cmd = service[1]

            mapping = {'git-receive-pack': 'push',

                       'git-upload-pack': 'pull',

                       }

        else:

            return 'other'

    def __invalidate_cache(self, repo_name):

        """we know that some change was made to repositories and we should

        invalidate the cache to see the changes right away but only for

from rhodecode.model.user import UserModel

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

log = logging.getLogger(__name__)

def is_mercurial(environ):

    """Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    if http_accept and http_accept.startswith('application/mercurial'):

        return True

    return False

class SimpleHg(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        #authenticate this mercurial request using authfunc

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if self.action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            self.username = anonymous_user.username

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                if not REMOTE_USER(environ):

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM

                # BASIC AUTH

                #==============================================================

                if self.action in ['pull', 'push']:

                    username = REMOTE_USER(environ)

                    try:

                        user = self.__get_user(username)

                        self.username = user.username

                    except:

                        log.error(traceback.format_exc())

                    #check permissions for this repository

                    if perm is not True:

                        return HTTPForbidden()(environ, start_response)

        # MERCURIAL REQUEST HANDLING

        self.baseui = make_ui('db')

        self.basepath = self.config['base_path']

        self.repo_path = os.path.join(self.basepath, self.repo_name)

        #quick check if that dir exists...

        if check_repo_fast(self.repo_name, self.basepath):

        #invalidate cache on push

        if self.action == 'push':

            self.__invalidate_cache(self.repo_name)

        return app(environ, start_response)

    def __make_app(self):

        """Make an wsgi application using hgweb, and my generated baseui

        instance

        """

        hgserve = hgweb(str(self.repo_path), baseui=self.baseui)

        return  self.__load_web_settings(hgserve, self.extras)

    def __check_permission(self, action, user, repo_name):

        """Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: user instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                return False

        return True

    def __get_repository(self, environ):

        """Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

                   'listkeys': 'pull',

                   'unbundle': 'push',

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                    return mapping[cmd]

                else:

                    return 'pull'

    def __invalidate_cache(self, repo_name):

        """we know that some change was made to repositories and we should

        invalidate the cache to see the changes right away but only for

        push requests"""

        invalidate_cache('get_repo_cached_%s' % repo_name)

    def __load_web_settings(self, hgserve, extras={}):

        #set the global ui for hgserve instance passed

        hgserve.repo.ui = self.baseui

        hgrc = os.path.join(self.repo_path, '.hg', 'hgrc')