# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.api

~~~~~~~~~~~~~~~~~~~~~~~~~

JSON RPC controller

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Aug 20, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import inspect

import logging

import types

import traceback

import time

import itertools

from paste.response import replace_header

from pylons.controllers import WSGIController

from webob.exc import HTTPError

from kallithea.model.db import User

from kallithea.model import meta

from kallithea.lib.compat import json

from kallithea.lib.auth import AuthUser

from kallithea.lib.base import _get_ip_addr as _get_ip, _get_access_path

from kallithea.lib.utils2 import safe_unicode, safe_str

log = logging.getLogger('JSONRPC')

class JSONRPCError(BaseException):

    def __init__(self, message):

        self.message = message

        super(JSONRPCError, self).__init__()

    def __str__(self):

        return safe_str(self.message)

def jsonrpc_error(message, retid=None, code=None):

    """

    Generate a Response object with a JSON-RPC error body

    :param code:

    :param retid:

    :param message:

    """

    from pylons.controllers.util import Response

    return Response(

        body=json.dumps(dict(id=retid, result=None, error=message)),

        status=code,

        content_type='application/json'

    )

class JSONRPCController(WSGIController):

    """

     A WSGI-speaking JSON-RPC controller class

     See the specification:

     <http://json-rpc.org/wiki/specification>`.

     Valid controller return values should be json-serializable objects.

     Sub-classes should catch their exceptions and raise JSONRPCError

     if they want to pass meaningful errors to the client.

     """

    def _get_ip_addr(self, environ):

        return _get_ip(environ)

    def _get_method_args(self):

        """

        Return `self._rpc_args` to dispatched controller method

        chosen by __call__

        """

        return self._rpc_args

    def __call__(self, environ, start_response):

        """

        Parse the request body as JSON, look up the method on the

        controller and if it exists, dispatch to it.

        """

        try:

            return self._handle_request(environ, start_response)

        finally:

            meta.Session.remove()

    def _handle_request(self, environ, start_response):

        start = time.time()

        ip_addr = self.ip_addr = self._get_ip_addr(environ)

        self._req_id = None

        if 'CONTENT_LENGTH' not in environ:

            log.debug("No Content-Length")

            return jsonrpc_error(retid=self._req_id,

                                 message="No Content-Length in request")

        else:

            length = environ['CONTENT_LENGTH'] or 0

            length = int(environ['CONTENT_LENGTH'])

            log.debug('Content-Length: %s', length)

        if length == 0:

            return jsonrpc_error(retid=self._req_id,

                                 message="Content-Length is 0")

        raw_body = environ['wsgi.input'].read(length)

        try:

            json_body = json.loads(raw_body)

        except ValueError as e:

            # catch JSON errors Here

            return jsonrpc_error(retid=self._req_id,

                                 message="JSON parse error ERR:%s RAW:%r"

                                 % (e, raw_body))

        # check AUTH based on API key

        try:

            self._req_api_key = json_body['api_key']

            self._req_id = json_body['id']

            self._req_method = json_body['method']

            self._request_params = json_body['args']

            if not isinstance(self._request_params, dict):

                self._request_params = {}

            log.debug(

                'method: %s, params: %s', self._req_method,

                                            self._request_params

            )

        except KeyError as e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Incorrect JSON query missing %s' % e)

        # check if we can find this session using api_key

        try:

            u = User.get_by_api_key(self._req_api_key)

            if u is None:

                return jsonrpc_error(retid=self._req_id,

                                     message='Invalid API key')

            auth_u = AuthUser(dbuser=u)

            if not AuthUser.check_ip_allowed(auth_u, ip_addr):

                return jsonrpc_error(retid=self._req_id,

                        message='request from IP:%s not allowed' % (ip_addr,))

            else:

                log.info('Access for IP:%s allowed', ip_addr)

        except Exception as e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Invalid API key')

        self._error = None

        try:

            self._func = self._find_method()

        except AttributeError as e:

            return jsonrpc_error(retid=self._req_id,

                                 message=str(e))

        # now that we have a method, add self._req_params to

        # self.kargs and dispatch control to WGIController

        argspec = inspect.getargspec(self._func)

        arglist = argspec[0][1:]

        defaults = map(type, argspec[3] or [])

        default_empty = types.NotImplementedType

        # kw arguments required by this method

        func_kwargs = dict(itertools.izip_longest(reversed(arglist), reversed(defaults),

                                                  fillvalue=default_empty))

        # this is little trick to inject logged in user for

        # perms decorators to work they expect the controller class to have

        # authuser attribute set

        # This attribute will need to be first param of a method that uses

        # api_key, which is translated to instance of user at that name

        USER_SESSION_ATTR = 'apiuser'

        if USER_SESSION_ATTR not in arglist:

            return jsonrpc_error(

                retid=self._req_id,

                message='This method [%s] does not support '

                         'authentication (missing %s param)' % (

                                    self._func.__name__, USER_SESSION_ATTR)

            )

        # get our arglist and check if we provided them as args

        for arg, default in func_kwargs.iteritems():

            if arg == USER_SESSION_ATTR:

                # USER_SESSION_ATTR is something translated from API key and

                # this is checked before so we don't need validate it

                continue

            # skip the required param check if it's default value is

            # NotImplementedType (default_empty)

            if default == default_empty and arg not in self._request_params:

                return jsonrpc_error(

                    retid=self._req_id,

                    message=(

                        'Missing non optional `%s` arg in JSON DATA' % arg

                    )

                )

        self._rpc_args = {USER_SESSION_ATTR: u}

        self._rpc_args.update(self._request_params)

        self._rpc_args['action'] = self._req_method

        self._rpc_args['environ'] = environ

        self._rpc_args['start_response'] = start_response

        status = []

        headers = []

        exc_info = []

        def change_content(new_status, new_headers, new_exc_info=None):

            status.append(new_status)

            headers.extend(new_headers)

            exc_info.append(new_exc_info)

        output = WSGIController.__call__(self, environ, change_content)

        output = list(output) # expand iterator - just to ensure exact timing

        replace_header(headers, 'Content-Type', 'application/json')

        start_response(status[0], headers, exc_info[0])

        log.info('IP: %s Request to %s time: %.3fs' % (

            self._get_ip_addr(environ),

            safe_unicode(_get_access_path(environ)), time.time() - start)

        )

        return output

    def _dispatch_call(self):

        """

        Implement dispatch interface specified by WSGIController

        """

        raw_response = ''

        try:

            raw_response = self._inspect_call(self._func)

            if isinstance(raw_response, HTTPError):

                self._error = str(raw_response)

        except JSONRPCError as e:

            self._error = safe_str(e)

        except Exception as e:

            log.error('Encountered unhandled exception: %s',

                      traceback.format_exc(),)

            json_exc = JSONRPCError('Internal server error')

            self._error = safe_str(json_exc)

        if self._error is not None:

            raw_response = None

        response = dict(id=self._req_id, result=raw_response, error=self._error)

        try:

            return json.dumps(response)

        except TypeError as e:

            log.error('API FAILED. Error encoding response: %s', e)

            return json.dumps(

                dict(

                    id=self._req_id,

                    result=None,

                    error="Error encoding response"

                )

            )

    def _find_method(self):

        """

        Return method named by `self._req_method` in controller if able

        """

        log.debug('Trying to find JSON-RPC method: %s', self._req_method)

        if self._req_method.startswith('_'):

            if self.user.is_default_user:

                raise _redirect_to_login(_('You need to be signed in to view this page'))

            else:

                raise HTTPForbidden()

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

class HasPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates. In order to

    fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms.get('global')):

            return True

        return False

class HasRepoPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates for specific

    repository. In order to fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        repo_name = get_repo_slug(request)

        try:

            user_perms = set([self.user_perms['repositories'][repo_name]])

        except KeyError:

            return False

        if self.required_perms.intersection(user_perms):

            return True

        return False

class HasRepoGroupPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates for specific

    repository group. In order to fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        group_name = get_repo_group_slug(request)

        try:

            user_perms = set([self.user_perms['repositories_groups'][group_name]])

        except KeyError:

            return False

        if self.required_perms.intersection(user_perms):

            return True

        return False

class HasUserGroupPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates for specific

    user group. In order to fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        group_name = get_user_group_slug(request)

        try:

            user_perms = set([self.user_perms['user_groups'][group_name]])

        except KeyError:

            return False

        if self.required_perms.intersection(user_perms):

            return True

        return False

#==============================================================================

# CHECK FUNCTIONS

#==============================================================================

class PermsFunction(object):

    """Base function for other check functions"""

    def __init__(self, *perms):

        self.required_perms = set(perms)

        self.user_perms = None

        self.repo_name = None

        self.group_name = None

    def __nonzero__(self):

        """ Defend against accidentally forgetting to call the object

            and instead evaluating it directly in a boolean context,

            which could have security implications.

        """

        raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')

    def __call__(self, check_location='unspecified location', user=None):

        cls_name = self.__class__.__name__

        check_scope = self._scope()

        log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,

                  self.required_perms, user, check_scope,

                  check_location)

        self.user_perms = user.permissions

        result = self.check_permissions()

        result_text = 'granted' if result else 'denied'

        log.debug('Permission to %s %s for user: %s @ %s',

            check_scope, result_text, user, check_location)

        return result

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

    def _scope(self):

        return '(unknown scope)'

class HasPermissionAny(PermsFunction):

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms.get('global')):

            return True

        return False

class HasRepoPermissionAny(PermsFunction):

    def __call__(self, repo_name=None, check_location='', user=None):

        self.repo_name = repo_name

        return super(HasRepoPermissionAny, self).__call__(check_location, user)

    def check_permissions(self):

        if not self.repo_name:

            self.repo_name = get_repo_slug(request)

        try:

            self._user_perms = set(

                [self.user_perms['repositories'][self.repo_name]]

            )

        except KeyError:

            return False

        if self.required_perms.intersection(self._user_perms):

            return True

        return False

    def _scope(self):

        return 'repo:%s' % self.repo_name

class HasRepoGroupPermissionAny(PermsFunction):

    def __call__(self, group_name=None, check_location='', user=None):

        self.group_name = group_name

        return super(HasRepoGroupPermissionAny, self).__call__(check_location, user)

    def check_permissions(self):

        try:

            self._user_perms = set(

                [self.user_perms['repositories_groups'][self.group_name]]

            )

        except KeyError:

            return False

        if self.required_perms.intersection(self._user_perms):

            return True

        return False

    def _scope(self):

        return 'repogroup:%s' % self.group_name

class HasUserGroupPermissionAny(PermsFunction):

    def __call__(self, user_group_name=None, check_location='', user=None):

        self.user_group_name = user_group_name

        return super(HasUserGroupPermissionAny, self).__call__(check_location, user)

    def check_permissions(self):

        try:

            self._user_perms = set(

                [self.user_perms['user_groups'][self.user_group_name]]

            )

        except KeyError:

            return False

        if self.required_perms.intersection(self._user_perms):

            return True

        return False

    def _scope(self):

        return 'usergroup:%s' % self.user_group_name

#==============================================================================

# SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH

#==============================================================================

class HasPermissionAnyMiddleware(object):

    def __init__(self, *perms):

        self.required_perms = set(perms)

    def __call__(self, user, repo_name):

        # repo_name MUST be unicode, since we handle keys in permission

        # dict by unicode

        repo_name = safe_unicode(repo_name)

        usr = AuthUser(user.user_id)

        self.user_perms = set([usr.permissions['repositories'][repo_name]])

        self.username = user.username

        self.repo_name = repo_name

        return self.check_permissions()

    def check_permissions(self):

        log.debug('checking VCS protocol '

                  'permissions %s for user:%s repository:%s', self.user_perms,

                                                self.username, self.repo_name)

        if self.required_perms.intersection(self.user_perms):

            log.debug('Permission to repo: %s granted for user: %s @ %s',

                      self.repo_name, self.username, 'PermissionMiddleware')

            return True

        log.debug('Permission to repo: %s denied for user: %s @ %s',

                  self.repo_name, self.username, 'PermissionMiddleware')

        return False

#==============================================================================

# SPECIAL VERSION TO HANDLE API AUTH

#==============================================================================

class _BaseApiPerm(object):

    def __init__(self, *perms):

        self.required_perms = set(perms)

    def __call__(self, check_location=None, user=None, repo_name=None,

                 group_name=None):

        cls_name = self.__class__.__name__

        check_scope = 'user:%s' % (user)

        if repo_name:

            check_scope += ', repo:%s' % (repo_name)

        if group_name:

            check_scope += ', repo group:%s' % (group_name)

        log.debug('checking cls:%s %s %s @ %s',

                  cls_name, self.required_perms, check_scope, check_location)

        ## process user

        if not check_location:

            check_location = 'unspecified'

        if self.check_permissions(user.permissions, repo_name, group_name):

            log.debug('Permission to %s granted for user: %s @ %s',

                      check_scope, user, check_location)

            return True

        else:

            log.debug('Permission to %s denied for user: %s @ %s',

                      check_scope, user, check_location)

            return False

    def check_permissions(self, perm_defs, repo_name=None, group_name=None):

        """

        implement in child class should return True if permissions are ok,

        False otherwise

        :param perm_defs: dict with permission definitions

        :param repo_name: repo name

        """

        raise NotImplementedError()

class HasPermissionAnyApi(_BaseApiPerm):

    def check_permissions(self, perm_defs, repo_name=None, group_name=None):

        if self.required_perms.intersection(perm_defs.get('global')):

            return True

        return False

class HasRepoPermissionAnyApi(_BaseApiPerm):

    def check_permissions(self, perm_defs, repo_name=None, group_name=None):

        try:

            _user_perms = set([perm_defs['repositories'][repo_name]])

        except KeyError:

            log.warning(traceback.format_exc())

            return False

        if self.required_perms.intersection(_user_perms):

            return True

        return False

class HasRepoGroupPermissionAnyApi(_BaseApiPerm):

    def check_permissions(self, perm_defs, repo_name=None, group_name=None):

        try:

            _user_perms = set([perm_defs['repositories_groups'][group_name]])

        except KeyError:

            log.warning(traceback.format_exc())

            return False

        if self.required_perms.intersection(_user_perms):

            return True

        return False

def check_ip_access(source_ip, allowed_ips=None):

    """

    Checks if source_ip is a subnet of any of allowed_ips.

    :param source_ip:

    :param allowed_ips: list of allowed ips together with mask

    """

    from kallithea.lib import ipaddr

    log.debug('checking if ip:%s is subnet of %s', source_ip, allowed_ips)

    if isinstance(allowed_ips, (tuple, list, set)):

        for ip in allowed_ips:

            if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):

                log.debug('IP %s is network %s',

                          ipaddr.IPAddress(source_ip), ipaddr.IPNetwork(ip))

                return True

    return False