# -*- coding: utf-8 -*-

"""

    rhodecode.lib.hooks

    ~~~~~~~~~~~~~~~~~~~

    Hooks runned by rhodecode

    :created_on: Aug 6, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import sys

import binascii

from inspect import isfunction

from mercurial.scmutil import revrange

from mercurial.node import nullrev

from rhodecode.lib import helpers as h

from rhodecode.lib.utils import action_logger

from rhodecode.lib.vcs.backends.base import EmptyChangeset

def _get_scm_size(alias, root_path):

    if not alias.startswith('.'):

        alias += '.'

    size_scm, size_root = 0, 0

    for path, dirs, files in os.walk(root_path):

        if path.find(alias) != -1:

            for f in files:

                try:

                    size_scm += os.path.getsize(os.path.join(path, f))

                except OSError:

                    pass

        else:

            for f in files:

                try:

                    size_root += os.path.getsize(os.path.join(path, f))

                except OSError:

                    pass

    size_scm_f = h.format_byte_size(size_scm)

    size_root_f = h.format_byte_size(size_root)

    size_total_f = h.format_byte_size(size_root + size_scm)

    return size_scm_f, size_root_f, size_total_f

def repo_size(ui, repo, hooktype=None, **kwargs):

    """

    Presents size of repository after push

    :param ui:

    :param repo:

    :param hooktype:

    """

    size_hg_f, size_root_f, size_total_f = _get_scm_size('.hg', repo.root)

    last_cs = repo[len(repo) - 1]

    msg = ('Repository size .hg:%s repo:%s total:%s\n'

           'Last revision is now r%s:%s\n') % (

        size_hg_f, size_root_f, size_total_f, last_cs.rev(), last_cs.hex()[:12]

    )

    sys.stdout.write(msg)

def log_pull_action(ui, repo, **kwargs):

    """

    Logs user last pull action

    :param ui:

    :param repo:

    """

    extras = dict(repo.ui.configitems('rhodecode_extras'))

    username = extras['username']

    repository = extras['repository']

    scm = extras['scm']

    action = 'pull'

    action_logger(username, action, repository, extras['ip'], commit=True)

    # extension hook call

    from rhodecode import EXTENSIONS

    callback = getattr(EXTENSIONS, 'PULL_HOOK', None)

    if isfunction(callback):

        kw = {}

        kw.update(extras)

        callback(**kw)

    return 0

def log_push_action(ui, repo, **kwargs):

    """

    Maps user last push action to new changeset id, from mercurial

    :param ui:

    :param repo: repo object containing the `ui` object

    """

    extras = dict(repo.ui.configitems('rhodecode_extras'))

    username = extras['username']

    repository = extras['repository']

    scm = extras['scm']

    if scm == 'hg':

        node = kwargs['node']

        def get_revs(repo, rev_opt):

            if rev_opt:

                revs = revrange(repo, rev_opt)

                if len(revs) == 0:

                    return (nullrev, nullrev)

                return (max(revs), min(revs))

            else:

                return (len(repo) - 1, 0)

        stop, start = get_revs(repo, [node + ':'])

        h = binascii.hexlify

        revs = [h(repo[r].node()) for r in xrange(start, stop + 1)]

    elif scm == 'git':

        revs = kwargs.get('_git_revs', [])

        if '_git_revs' in kwargs:

            kwargs.pop('_git_revs')

    action = action % ','.join(revs)

    action_logger(username, action, repository, extras['ip'], commit=True)

    # extension hook call

    from rhodecode import EXTENSIONS

    callback = getattr(EXTENSIONS, 'PUSH_HOOK', None)

    if isfunction(callback):

        kw = {'pushed_revs': revs}

        kw.update(extras)

        callback(**kw)

    return 0

def log_create_repository(repository_dict, created_by, **kwargs):

    """

    Post create repository Hook. This is a dummy function for admins to re-use

    if needed. It's taken from rhodecode-extensions module and executed

    if present

    :param repository: dict dump of repository object

    :param created_by: username who created repository

    :param created_date: date of creation

    available keys of repository_dict:

     'repo_type',

     'description',

     'private',

     'created_on',

     'enable_downloads',

     'repo_id',

     'user_id',

     'enable_statistics',

     'clone_uri',

     'fork_id',

     'group_id',

     'repo_name'

    """

    from rhodecode import EXTENSIONS

    callback = getattr(EXTENSIONS, 'CREATE_REPO_HOOK', None)

    if isfunction(callback):

        kw = {}

        kw.update(repository_dict)

        kw.update({'created_by': created_by})

        kw.update(kwargs)

        return callback(**kw)

    return 0

def handle_git_post_receive(repo_path, revs, env):

    """

    A really hacky method that is runned by git post-receive hook and logs

    an push action together with pushed revisions. It's executed by subprocess

    thus needs all info to be able to create a on the fly pylons enviroment,

    connect to database and run the logging code. Hacky as sh*t but works.

    :param repo_path:

    :type repo_path:

    :param revs:

    :type revs:

    :param env:

    :type env:

    """

    from paste.deploy import appconfig

    from sqlalchemy import engine_from_config

    from rhodecode.config.environment import load_environment

    from rhodecode.model import init_model

    from rhodecode.model.db import RhodeCodeUi

    from rhodecode.lib.utils import make_ui

    from rhodecode.model.db import Repository

# -*- coding: utf-8 -*-

"""

    rhodecode.lib.middleware.simplegit

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SimpleGit middleware for handling git protocol request (push/clone etc.)

    It's implemented with basic auth function

    :created_on: Apr 28, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import re

import logging

import traceback

from dulwich import server as dulserver

from dulwich.web import LimitedInputFilter, GunzipFilter

class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):

    def handle(self):

        write = lambda x: self.proto.write_sideband(1, x)

        graph_walker = dulserver.ProtocolGraphWalker(self,

                                                     self.repo.object_store,

                                                     self.repo.get_peeled)

        objects_iter = self.repo.fetch_objects(

          graph_walker.determine_wants, graph_walker, self.progress,

          get_tagged=self.get_tagged)

        # Did the process short-circuit (e.g. in a stateless RPC call)? Note

        # that the client still expects a 0-object pack in most cases.

        if objects_iter is None:

            return

        self.progress("counting objects: %d, done.\n" % len(objects_iter))

        dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),

                                     objects_iter)

        messages = []

        messages.append('thank you for using rhodecode')

        for msg in messages:

            self.progress(msg + "\n")

        # we are done

        self.proto.write("0000")

dulserver.DEFAULT_HANDLERS = {

  #git-ls-remote, git-clone, git-fetch and git-pull

  'git-upload-pack': SimpleGitUploadPackHandler,

  #git-push

  'git-receive-pack': dulserver.ReceivePackHandler,

}

# not used for now until dulwich get's fixed

#from dulwich.repo import Repo

#from dulwich.web import make_wsgi_chain

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \

    HTTPBadRequest, HTTPNotAcceptable

from rhodecode.lib.utils2 import safe_str

from rhodecode.lib.base import BaseVCSController

from rhodecode.lib.auth import get_container_username

from rhodecode.lib.utils import is_valid_repo, make_ui

from rhodecode.model.db import User, RhodeCodeUi

log = logging.getLogger(__name__)

GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')

def is_git(environ):

    path_info = environ['PATH_INFO']

    isgit_path = GIT_PROTO_PAT.match(path_info)

    log.debug('pathinfo: %s detected as GIT %s' % (

        path_info, isgit_path != None)

    )

    return isgit_path

class SimpleGit(BaseVCSController):

    def _handle_request(self, environ, start_response):

        if not is_git(environ):

            return self.application(environ, start_response)

        if not self._check_ssl(environ, start_response):

            return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)

        ipaddr = self._get_ip_addr(environ)

        username = None

        self._git_first_op = False

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        #======================================================================

        # EXTRACT REPOSITORY NAME FROM ENV

        #======================================================================

        try:

            repo_name = self.__get_repository(environ)

            log.debug('Extracted repo name is %s' % repo_name)

        except:

            return HTTPInternalServerError()(environ, start_response)

        # quick check if that dir exists...

            return HTTPNotFound()(environ, start_response)

        #======================================================================

        # GET ACTION PULL or PUSH

        #======================================================================

        action = self.__get_action(environ)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            username = anonymous_user.username

            anonymous_perm = self._check_permission(action, anonymous_user,

                                                    repo_name)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # Attempting to retrieve username from the container

                username = get_container_username(environ, self.config)

                # If not authenticated by the container, running basic auth

                if not username:

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                        username = result

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

                #==============================================================

                try:

                    user = self.__get_user(username)

                    if user is None or not user.active:

                        return HTTPForbidden()(environ, start_response)

                    username = user.username

                except:

                    log.error(traceback.format_exc())

                    return HTTPInternalServerError()(environ, start_response)

                #check permissions for this repository

                perm = self._check_permission(action, user, repo_name)

                if perm is not True:

                    return HTTPForbidden()(environ, start_response)

        extras = {

            'ip': ipaddr,

            'username': username,

            'action': action,

            'repository': repo_name,

            'scm': 'git',

        }

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

        repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))

        log.debug('Repository path is %s' % repo_path)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        try:

            # invalidate cache on push

            if action == 'push':

                self._invalidate_cache(repo_name)

            self._handle_githooks(repo_name, action, baseui, environ)

            log.info('%s action on GIT repo "%s"' % (action, repo_name))

            app = self.__make_app(repo_name, repo_path, username)

            return app(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, repo_path, username):

        """

        Make an wsgi application using dulserver

        :param repo_name: name of the repository

        :param repo_path: full path to the repository

        """

        from rhodecode.lib.middleware.pygrack import make_wsgi_app

        app = make_wsgi_app(

            repo_root=safe_str(self.basepath),

            repo_name=repo_name,

            username=username,

        )

        app = GunzipFilter(LimitedInputFilter(app))

        return app

    def __get_repository(self, environ):

        """

        Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

            repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)

        except:

            log.error(traceback.format_exc())

            raise

        return repo_name

    def __get_user(self, username):

        return User.get_by_username(username)

    def __get_action(self, environ):

        """

        Maps git request commands into a pull or push command.

        :param environ:

        """

        service = environ['QUERY_STRING'].split('=')

        if len(service) > 1:

            service_cmd = service[1]

            mapping = {

                'git-receive-pack': 'push',

                'git-upload-pack': 'pull',

            }

            op = mapping[service_cmd]

            self._git_stored_op = op

            return op

        else:

            # try to fallback to stored variable as we don't know if the last

            # operation is pull/push

            op = getattr(self, '_git_stored_op', 'pull')

        return op

    def _handle_githooks(self, repo_name, action, baseui, environ):

        """

        Handles pull action, push is handled by post-receive hook

        """

        from rhodecode.lib.hooks import log_pull_action

        service = environ['QUERY_STRING'].split('=')

        if len(service) < 2:

            return

        from rhodecode.model.db import Repository

        _repo = Repository.get_by_repo_name(repo_name)

        _repo = _repo.scm_instance

        _repo._repo.ui = baseui

        _hooks = dict(baseui.configitems('hooks')) or {}

        if action == 'pull' and _hooks.get(RhodeCodeUi.HOOK_PULL):

# -*- coding: utf-8 -*-

"""

    rhodecode.lib.middleware.simplehg

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SimpleHG middleware for handling mercurial protocol request

    (push/clone etc.). It's implemented with basic auth function

    :created_on: Apr 28, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import logging

import traceback

import urllib

from mercurial.error import RepoError

from mercurial.hgweb import hgweb_mod

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \

    HTTPBadRequest, HTTPNotAcceptable

from rhodecode.lib.utils2 import safe_str

from rhodecode.lib.base import BaseVCSController

from rhodecode.lib.auth import get_container_username

from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections

from rhodecode.model.db import User

log = logging.getLogger(__name__)

def is_mercurial(environ):

    """

    Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    path_info = environ['PATH_INFO']

    if http_accept and http_accept.startswith('application/mercurial'):

        ishg_path = True

    else:

        ishg_path = False

    log.debug('pathinfo: %s detected as HG %s' % (

        path_info, ishg_path)

    )

    return ishg_path

class SimpleHg(BaseVCSController):

    def _handle_request(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

        if not self._check_ssl(environ, start_response):

            return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)

        ipaddr = self._get_ip_addr(environ)

        username = None

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        #======================================================================

        # EXTRACT REPOSITORY NAME FROM ENV

        #======================================================================

        try:

            repo_name = environ['REPO_NAME'] = self.__get_repository(environ)

            log.debug('Extracted repo name is %s' % repo_name)

        except:

            return HTTPInternalServerError()(environ, start_response)

        # quick check if that dir exists...

            return HTTPNotFound()(environ, start_response)

        #======================================================================

        # GET ACTION PULL or PUSH

        #======================================================================

        action = self.__get_action(environ)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            username = anonymous_user.username

            anonymous_perm = self._check_permission(action, anonymous_user,

                                                    repo_name)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # Attempting to retrieve username from the container

                username = get_container_username(environ, self.config)

                # If not authenticated by the container, running basic auth

                if not username:

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                        username = result

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

                #==============================================================

                try:

                    user = self.__get_user(username)

                    if user is None or not user.active:

                        return HTTPForbidden()(environ, start_response)

                    username = user.username

                except:

                    log.error(traceback.format_exc())

                    return HTTPInternalServerError()(environ, start_response)

                #check permissions for this repository

                perm = self._check_permission(action, user, repo_name)

                if perm is not True:

                    return HTTPForbidden()(environ, start_response)

        # extras are injected into mercurial UI object and later available

        # in hg hooks executed by rhodecode

        extras = {

            'ip': ipaddr,

            'username': username,

            'action': action,

            'repository': repo_name,

            'scm': 'hg',

        }

        #======================================================================

        # MERCURIAL REQUEST HANDLING

        #======================================================================

        repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))

        log.debug('Repository path is %s' % repo_path)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        try:

            # invalidate cache on push

            if action == 'push':

                self._invalidate_cache(repo_name)

            log.info('%s action on HG repo "%s"' % (action, repo_name))

            app = self.__make_app(repo_path, baseui, extras)

            return app(environ, start_response)

        except RepoError, e:

            if str(e).find('not found') != -1:

                return HTTPNotFound()(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, baseui, extras):

        """

        Make an wsgi application using hgweb, and inject generated baseui

        instance, additionally inject some extras into ui object

        """

        return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)

    def __get_repository(self, environ):

        """

        Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

        except:

            log.error(traceback.format_exc())

            raise

        return repo_name

    def __get_user(self, username):

        return User.get_by_username(username)

    def __get_action(self, environ):

        """

        Maps mercurial request commands into a clone,pull or push command.

        This should always return a valid command string

        :param environ:

        """

        mapping = {'changegroup': 'pull',

                   'changegroupsubset': 'pull',

                   'stream_out': 'pull',

                   'listkeys': 'pull',

                   'unbundle': 'push',

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                if cmd in mapping:

                    return mapping[cmd]

                return 'pull'

        raise Exception('Unable to detect pull/push action !!'

                        'Are you using non standard command or client ?')

    def __inject_extras(self, repo_path, baseui, extras={}):

        """

        Injects some extra params into baseui instance

        also overwrites global settings with those takes from local hgrc file

        :param baseui: baseui instance

        :param extras: dict with extra params to put into baseui

        """

        hgrc = os.path.join(repo_path, '.hg', 'hgrc')

        # make our hgweb quiet so it doesn't print output

        baseui.setconfig('ui', 'quiet', 'true')

        #inject some additional parameters that will be available in ui

        #for hooks

        for k, v in extras.items():

            baseui.setconfig('rhodecode_extras', k, v)

        repoui = make_ui('file', hgrc, False)

    if _group:

        _group = _group.rstrip('/')

    return _group

def action_logger(user, action, repo, ipaddr='', sa=None, commit=False):

    """

    Action logger for various actions made by users

    :param user: user that made this action, can be a unique username string or

        object containing user_id attribute

    :param action: action to log, should be on of predefined unique actions for

        easy translations

    :param repo: string name of repository or object containing repo_id,

        that action was made on

    :param ipaddr: optional ip address from what the action was made

    :param sa: optional sqlalchemy session

    """

    if not sa:

        sa = meta.Session()

    try:

        if hasattr(user, 'user_id'):

            user_obj = user

        elif isinstance(user, basestring):

            user_obj = User.get_by_username(user)

        else:

            raise Exception('You have to provide user object or username')

        if hasattr(repo, 'repo_id'):

            repo_obj = Repository.get(repo.repo_id)

            repo_name = repo_obj.repo_name

        elif  isinstance(repo, basestring):

            repo_name = repo.lstrip('/')

            repo_obj = Repository.get_by_repo_name(repo_name)

        else:

            repo_obj = None

            repo_name = ''

        user_log = UserLog()

        user_log.user_id = user_obj.user_id

        user_log.action = safe_unicode(action)

        user_log.repository = repo_obj

        user_log.repository_name = repo_name

        user_log.action_date = datetime.datetime.now()

        user_log.user_ip = ipaddr

        sa.add(user_log)

        log.info(

            'Adding user %s, action %s on %s' % (user_obj, action,

                                                 safe_unicode(repo))

        )

        if commit:

            sa.commit()

    except:

        log.error(traceback.format_exc())

        raise

def get_repos(path, recursive=False):

    """

    Scans given path for repos and return (name,(type,path)) tuple