################################################################################

################################################################################

# pylons_app - Pylons environment configuration                                #

#                                                                              # 

# The %(here)s variable will be replaced with the parent directory of this file#

################################################################################

[DEFAULT]

debug = true

############################################

## Uncomment and replace with the address ##

## which should receive any error reports ##

############################################

#email_to = admin@localhost

#smtp_server = mail.server.com

#error_email_from = paste_error@localhost

#smtp_username = 

#smtp_password = 

#error_message = 'mercurial crash !'

[server:main]

##nr of threads to spawn

threadpool_workers = 5

##max request before

threadpool_max_requests = 2

##option to use threads of process

use_threadpool = true

use = egg:Paste#http

host = 127.0.0.1

port = 5000

[app:main]

use = egg:pylons_app

full_stack = true

static_files = true

lang=en

cache_dir = %(here)s/data

####################################

###         BEAKER CACHE        ####

####################################

beaker.cache.data_dir=/%(here)s/data/cache/data

beaker.cache.lock_dir=/%(here)s/data/cache/lock

beaker.cache.long_term.type=memory

beaker.cache.long_term.expire=36000

beaker.cache.short_term.type=memory

beaker.cache.short_term.expire=60

################################################################################

## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##

## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##

## execute malicious code after an exception is raised.                       ##

################################################################################

#set debug = false

##################################

###       LOGVIEW CONFIG       ###

##################################

logview.sqlalchemy = #faa

logview.pylons.templating = #bfb

logview.pylons.util = #eee

#########################################################

### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG    ###

#########################################################

sqlalchemy.db1.url = sqlite:///%(here)s/hg_app.db

#sqlalchemy.db1.echo = False

#sqlalchemy.db1.pool_recycle = 3600

sqlalchemy.convert_unicode = true

################################

### LOGGING CONFIGURATION   ####

################################

[loggers]

keys = root, routes, pylons_app, sqlalchemy

[handlers]

keys = console

[formatters]

keys = generic,color_formatter

#############

## LOGGERS ##

#############

[logger_root]

level = NOTSET

handlers = console

[logger_routes]

level = DEBUG

handlers = console

qualname = routes.middleware

# "level = DEBUG" logs the route matched and routing variables.

################################################################################

################################################################################

# pylons_app - Pylons environment configuration                                #

#                                                                              # 

# The %(here)s variable will be replaced with the parent directory of this file#

################################################################################

[DEFAULT]

debug = true

############################################

## Uncomment and replace with the address ##

## which should receive any error reports ##

############################################

#email_to = admin@localhost

#smtp_server = mail.server.com

#error_email_from = paste_error@localhost

#smtp_username = 

#smtp_password = 

#error_message = 'mercurial crash !'

[server:main]

##nr of threads to spawn

threadpool_workers = 5

##max request before

threadpool_max_requests = 2

##option to use threads of process

use_threadpool = true

use = egg:Paste#http

host = 127.0.0.1

port = 8001

[app:main]

use = egg:pylons_app

full_stack = true

static_files = false

lang=en

cache_dir = %(here)s/data

####################################

###         BEAKER CACHE        ####

####################################

beaker.cache.data_dir=/%(here)s/data/cache/data

beaker.cache.lock_dir=/%(here)s/data/cache/lock

beaker.cache.long_term.type=memory

beaker.cache.long_term.expire=36000

beaker.cache.short_term.type=memory

beaker.cache.short_term.expire=60

################################################################################

## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##

## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##

## execute malicious code after an exception is raised.                       ##

################################################################################

set debug = false

##################################

###       LOGVIEW CONFIG       ###

##################################

logview.sqlalchemy = #faa

logview.pylons.templating = #bfb

logview.pylons.util = #eee

#########################################################

### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG    ###

#########################################################

sqlalchemy.db1.url = sqlite:///%(here)s/hg_app.db

#sqlalchemy.db1.echo = False

#sqlalchemy.db1.pool_recycle = 3600

sqlalchemy.convert_unicode = true

################################

### LOGGING CONFIGURATION   ####

################################

[loggers]

keys = root, routes, pylons_app, sqlalchemy

[handlers]

keys = console

[formatters]

keys = generic,color_formatter

#############

## LOGGERS ##

#############

[logger_root]

level = INFO

handlers = console

[logger_routes]

level = INFO

handlers = console

qualname = routes.middleware

# "level = DEBUG" logs the route matched and routing variables.

#!/usr/bin/env python

# encoding: utf-8

# authentication and permission libraries

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on April 4, 2010

@author: marcink

"""

from functools import wraps

from pylons.controllers.util import abort, redirect

from pylons_app.model import meta

from pylons_app.model.db import User, Repo2Perm, Repository, Permission

from sqlalchemy.exc import OperationalError

from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound

import crypt

import logging

log = logging.getLogger(__name__) 

def get_crypt_password(password):

    """

    Cryptographic function used for password hashing

    @param password: password to hash

    """

    return crypt.crypt(password, '6a')

def authfunc(environ, username, password):

    password_crypt = get_crypt_password(password)

    try:

    except (NoResultFound, MultipleResultsFound, OperationalError) as e:

        log.error(e)

        user = None

    if user:

        if user.active:

            if user.username == username and user.password == password_crypt:

                log.info('user %s authenticated correctly', username)

                return True

        else:

            log.error('user %s is disabled', username)

    return False

class  AuthUser(object):

    """

    A simple object that handles a mercurial username for authentication

    """

    def __init__(self):

        self.username = 'None'

        self.user_id = None

        self.is_authenticated = False

        self.is_admin = False

        self.permissions = {}

def set_available_permissions(config):

    """

    This function will propagate pylons globals with all available defined

    permission given in db. We don't wannt to check each time from db for new 

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    @param config:

    """

    log.info('getting information about all available permissions')

    sa = meta.Session

    all_perms = sa.query(Permission).all()

    config['available_permissions'] = [x.permission_name for x in all_perms]

def set_base_path(config):

    config['base_path'] = config['pylons.app_globals'].base_path

def fill_perms(user):

    sa = meta.Session

    user.permissions['repositories'] = {}

    #first fetch default permissions

    default_perms = sa.query(Repo2Perm, Repository, Permission)\

#!/usr/bin/env python

# encoding: utf-8

# middleware to handle mercurial api calls

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on 2010-04-28

@author: marcink

SimpleHG middleware for handling mercurial protocol request (push/clone etc.)

It's implemented with basic auth function

"""

from datetime import datetime

from itertools import chain

from mercurial.hgweb import hgweb

from mercurial.hgweb.request import wsgiapplication

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from pylons_app.lib.utils import is_mercurial, make_ui, invalidate_cache, \

    check_repo_fast

from pylons_app.model import meta

from pylons_app.model.db import UserLog, User

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

import logging

import os

import traceback

log = logging.getLogger(__name__)

class SimpleHg(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        #authenticate this mercurial request using 

        realm = self.config['hg_app_auth_realm']

        self.authenticate = AuthBasicAuthenticator(realm, authfunc)

    def __call__(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

            #===================================================================

            # AUTHENTICATE THIS MERCURIAL REQUEST

            #===================================================================

            username = REMOTE_USER(environ)

            if not username:

                result = self.authenticate(environ)

                if isinstance(result, str):

                    AUTH_TYPE.update(environ, 'basic')

                    REMOTE_USER.update(environ, result)

                else:

                    return result.wsgi_application(environ, start_response)

            try:

                repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            except:

                log.error(traceback.format_exc())

                return HTTPInternalServerError()(environ, start_response)

            #===================================================================

            # CHECK PERMISSIONS FOR THIS REQUEST

            #===================================================================

            action = self.__get_action(environ)

            if action:

                username = self.__get_environ_user(environ)

                try:

                except:

                    log.error(traceback.format_exc())

                    return HTTPInternalServerError()(environ, start_response)

                #check permissions for this repository

                if action == 'pull':

                    if not HasPermissionAnyMiddleware('repository.read',

                                                      'repository.write',

                                                      'repository.admin')\

                                                        (user, repo_name):

                        return HTTPForbidden()(environ, start_response)

                if action == 'push':

                    if not HasPermissionAnyMiddleware('repository.write',

                                                      'repository.admin')\

                                                        (user, repo_name):

                        return HTTPForbidden()(environ, start_response)

                #log action    

                proxy_key = 'HTTP_X_REAL_IP'

                def_key = 'REMOTE_ADDR'

                ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))

                self.__log_user_action(user, action, repo_name, ipaddr)            

            #===================================================================

            # MERCURIAL REQUEST HANDLING

            #===================================================================

            environ['PATH_INFO'] = '/'#since we wrap into hgweb, reset the path

            self.baseui = make_ui('db')

            self.basepath = self.config['base_path']

            self.repo_path = os.path.join(self.basepath, repo_name)

            #quick check if that dir exists...

            if check_repo_fast(repo_name, self.basepath):

                return HTTPNotFound()(environ, start_response)

            try:

                app = wsgiapplication(self.__make_app)

            except RepoError as e:

                if str(e).find('not found') != -1:

                    return HTTPNotFound()(environ, start_response)

            except Exception:

                log.error(traceback.format_exc())

                return HTTPInternalServerError()(environ, start_response)

            #invalidate cache on push

            if action == 'push':

                self.__invalidate_cache(repo_name)

                messages = []

                messages.append('thank you for using hg-app')

                return self.msg_wrapper(app, environ, start_response, messages)

            else:

                return app(environ, start_response)           

    def msg_wrapper(self, app, environ, start_response, messages=[]):

        """

        Wrapper for custom messages that come out of mercurial respond messages

        is a list of messages that the user will see at the end of response 

        from merurial protocol actions that involves remote answers

        @param app:

        @param environ:

        @param start_response:

        """

        def custom_messages(msg_list):

            for msg in msg_list:

                yield msg + '\n'

        org_response = app(environ, start_response)

        return chain(org_response, custom_messages(messages))

    def __make_app(self):

        hgserve = hgweb(str(self.repo_path), baseui=self.baseui)

        return  self.__load_web_settings(hgserve)

    def __get_environ_user(self, environ):

        return environ.get('REMOTE_USER')

    def __get_size(self, repo_path, content_size):

        size = int(content_size)

        for path, dirs, files in os.walk(repo_path):

            if path.find('.hg') == -1:

                for f in files:

                    size += os.path.getsize(os.path.join(path, f))

        return size

        return h.format_byte_size(size)

    def __get_action(self, environ):

        """

        Maps mercurial request commands into a pull or push command.

        @param environ:

        """

        mapping = {'changegroup': 'pull',

                   'changegroupsubset': 'pull',

                   'stream_out': 'pull',

                   'listkeys': 'pull',

                   'unbundle': 'push',

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                if mapping.has_key(cmd):

                    return mapping[cmd]

    def __log_user_action(self, user, action, repo, ipaddr):

        sa = meta.Session

        try:

            user_log = UserLog()

            user_log.user_id = user.user_id

            user_log.action = action

            user_log.repository = repo.replace('/', '')

            user_log.action_date = datetime.now()

            user_log.user_ip = ipaddr

            sa.add(user_log)

            sa.commit()

            log.info('Adding user %s, action %s on %s',

                                            user.username, action, repo)

        except Exception as e:

            sa.rollback()

            log.error('could not log user action:%s', str(e))

    def __invalidate_cache(self, repo_name):

        """we know that some change was made to repositories and we should

        invalidate the cache to see the changes right away but only for

        push requests"""

#!/usr/bin/env python

# encoding: utf-8

# Utilities for hg app

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on April 18, 2010

Utilities for hg app

@author: marcink

"""

import os

import logging

from mercurial import ui, config, hg

from mercurial.error import RepoError

from pylons_app.model.db import Repository, User, HgAppUi

log = logging.getLogger(__name__)

def get_repo_slug(request):

    return request.environ['pylons.routes_dict'].get('repo_name')

def is_mercurial(environ):

    """

    Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    if http_accept and http_accept.startswith('application/mercurial'):

        return True

    return False

def check_repo_dir(paths):

    repos_path = paths[0][1].split('/')

    if repos_path[-1] in ['*', '**']:

        repos_path = repos_path[:-1]

    if repos_path[0] != '/':

        repos_path[0] = '/'

    if not os.path.isdir(os.path.join(*repos_path)):

        raise Exception('Not a valid repository in %s' % paths[0][1])

def check_repo_fast(repo_name, base_path):

    if os.path.isdir(os.path.join(base_path, repo_name)):return False

    return True

def check_repo(repo_name, base_path, verify=True):

    repo_path = os.path.join(base_path, repo_name)

    try:

        if not check_repo_fast(repo_name, base_path):

            return False

        r = hg.repository(ui.ui(), repo_path)

        if verify:

            hg.verify(r)

        #here we hnow that repo exists it was verified

        log.info('%s repo is already created', repo_name)

        return False

    except RepoError:

        #it means that there is no valid repo there...

        log.info('%s repo is free for creation', repo_name)

        return True

def make_ui(read_from='file', path=None, checkpaths=True):        

    """

    A function that will read python rc files or database

    and make an mercurial ui object from read options

    @param path: path to mercurial config file

    @param checkpaths: check the path

    @param read_from: read from 'file' or 'db'

    """

    #propagated from mercurial documentation

    sections = ['alias', 'auth',

                'decode/encode', 'defaults',

                'diff', 'email',

                'extensions', 'format',

                'merge-patterns', 'merge-tools',

                'hooks', 'http_proxy',

                'smtp', 'patch',

                'paths', 'profiling',

                'server', 'trusted',

                'ui', 'web', ]

    baseui = ui.ui()

    if read_from == 'file':

        if not os.path.isfile(path):

            log.warning('Unable to read config file %s' % path)

            return False

        cfg = config.config()

        cfg.read(path)

        for section in sections:

            for k, v in cfg.items(section):

                baseui.setconfig(section, k, v)

        if checkpaths:check_repo_dir(cfg.items('paths'))                

    elif read_from == 'db':

        for ui_ in hg_ui:

            baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)

    return baseui

def set_hg_app_config(config):

    config['hg_app_auth_realm'] = 'realm'

    config['hg_app_name'] = 'app name'

def invalidate_cache(name, *args):

    """Invalidates given name cache"""

    from beaker.cache import region_invalidate

    log.info('INVALIDATING CACHE FOR %s', name)

    """propagate our arguments to make sure invalidation works. First

    argument has to be the name of cached func name give to cache decorator

    without that the invalidation would not work"""

    tmp = [name]

    tmp.extend(args)

    args = tuple(tmp)

    if name == 'cached_repo_list':

        from pylons_app.model.hg_model import _get_repos_cached

        region_invalidate(_get_repos_cached, None, *args)

    if name == 'full_changelog':

        from pylons_app.model.hg_model import _full_changelog_cached

        region_invalidate(_full_changelog_cached, None, *args)

from vcs.backends.base import BaseChangeset

from vcs.utils.lazy import LazyProperty

class EmptyChangeset(BaseChangeset):

    revision = -1

    message = ''

    @LazyProperty

    def raw_id(self):

        """

        Returns raw string identifing this changeset, useful for web

        representation.

        """

        return '0' * 12