"""The base Controller API

Provides the BaseController class for subclassing.

"""

import logging

import time

import traceback

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden

from paste.httpheaders import WWW_AUTHENTICATE

from pylons import config, tmpl_context as c, request, session, url

from pylons.controllers import WSGIController

from pylons.controllers.util import redirect

from pylons.templating import render_mako as render

from rhodecode import __version__, BACKENDS

from rhodecode.lib.utils2 import str2bool, safe_unicode

from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\

    HasPermissionAnyMiddleware, CookieStoreWrapper

from rhodecode.lib.utils import get_repo_slug, invalidate_cache

from rhodecode.model import meta

from rhodecode.model.db import Repository

from rhodecode.model.notification import NotificationModel

from rhodecode.model.scm import ScmModel

log = logging.getLogger(__name__)

class BasicAuth(AuthBasicAuthenticator):

    def __init__(self, realm, authfunc, auth_http_code=None):

        self.realm = realm

        self.authfunc = authfunc

        self._rc_auth_http_code = auth_http_code

    def build_authentication(self):

        head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)

        if self._rc_auth_http_code and self._rc_auth_http_code == '403':

            # return 403 if alternative http return code is specified in

            # RhodeCode config

            return HTTPForbidden(headers=head)

        return HTTPUnauthorized(headers=head)

class BaseVCSController(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        # base path of repo locations

        self.basepath = self.config['base_path']

        #authenticate this mercurial request using authfunc

        self.authenticate = BasicAuth('', authfunc,

                                      config.get('auth_ret_code'))

        self.ipaddr = '0.0.0.0'

    def _handle_request(self, environ, start_response):

        raise NotImplementedError()

    def _get_by_id(self, repo_name):

        """

        Get's a special pattern _<ID> from clone url and tries to replace it

        with a repository_name for support of _<ID> non changable urls

        :param repo_name:

        """

        try:

            data = repo_name.split('/')

            if len(data) >= 2:

                by_id = data[1].split('_')

                if len(by_id) == 2 and by_id[1].isdigit():

                    _repo_name = Repository.get(by_id[1]).repo_name

                    data[1] = _repo_name

        except:

            log.debug('Failed to extract repo_name from id %s' % (

                      traceback.format_exc()

                      )

            )

        return '/'.join(data)

    def _invalidate_cache(self, repo_name):

        """

        Set's cache for this repository for invalidation on next access

        :param repo_name: full repo name, also a cache key

        """

        invalidate_cache('get_repo_cached_%s' % repo_name)

    def _check_permission(self, action, user, repo_name):

        """

        Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: user instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        return True

    def __call__(self, environ, start_response):

        start = time.time()

        try:

            return self._handle_request(environ, start_response)

        finally:

            log = logging.getLogger('rhodecode.' + self.__class__.__name__)

            log.debug('Request time: %.3fs' % (time.time() - start))

            meta.Session.remove()

class BaseController(WSGIController):

    def __before__(self):

        c.rhodecode_version = __version__

        c.rhodecode_instanceid = config.get('instance_id')

        c.rhodecode_name = config.get('rhodecode_title')

        c.use_gravatar = str2bool(config.get('use_gravatar'))

        c.ga_code = config.get('rhodecode_ga_code')

        c.repo_name = get_repo_slug(request)

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel()\

                        .get_unread_cnt_for_user(c.rhodecode_user.user_id)

        self.cut_off_limit = int(config.get('cut_off_limit'))

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        start = time.time()

        try:

            # make sure that we update permissions each time we call controller

            api_key = request.GET.get('api_key')

            cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

            user_id = cookie_store.get('user_id', None)

            username = get_container_username(environ, config)

            auth_user = AuthUser(user_id, api_key, username)

            request.user = auth_user

            self.rhodecode_user = c.rhodecode_user = auth_user

            if not self.rhodecode_user.is_authenticated and \

                       self.rhodecode_user.user_id is not None:

                self.rhodecode_user.set_authenticated(

                    cookie_store.get('is_authenticated')

                )

            log.info('User: %s accessed %s' % (

                auth_user, safe_unicode(environ.get('PATH_INFO')))

            )

            return WSGIController.__call__(self, environ, start_response)

        finally:

            log.info('Request to %s time: %.3fs' % (

                safe_unicode(environ.get('PATH_INFO')), time.time() - start)

            )

            meta.Session.remove()

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.rhodecode_repo: instance of scm repository

    c.rhodecode_db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

    """

    def __before__(self):

        super(BaseRepoController, self).__before__()

        if c.repo_name:

            c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)

            c.rhodecode_repo = c.rhodecode_db_repo.scm_instance

            if c.rhodecode_repo is None:

                log.error('%s this repository is present in database but it '

                          'cannot be created as an scm instance', c.repo_name)

                redirect(url('home'))

            c.repository_followers = self.scm_model.get_followers(c.repo_name)

            c.repository_forks = self.scm_model.get_forks(c.repo_name)

# -*- coding: utf-8 -*-

"""

    rhodecode.lib.middleware.simplegit

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SimpleGit middleware for handling git protocol request (push/clone etc.)

    It's implemented with basic auth function

    :created_on: Apr 28, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import re

import logging

import traceback

from dulwich import server as dulserver

class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):

    def handle(self):

        write = lambda x: self.proto.write_sideband(1, x)

        graph_walker = dulserver.ProtocolGraphWalker(self,

                                                     self.repo.object_store,

                                                     self.repo.get_peeled)

        objects_iter = self.repo.fetch_objects(

          graph_walker.determine_wants, graph_walker, self.progress,

          get_tagged=self.get_tagged)

        # Do they want any objects?

        if objects_iter is None or len(objects_iter) == 0:

            return

        self.progress("counting objects: %d, done.\n" % len(objects_iter))

        dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),

                                  objects_iter, len(objects_iter))

        messages = []

        messages.append('thank you for using rhodecode')

        for msg in messages:

            self.progress(msg + "\n")

        # we are done

        self.proto.write("0000")

dulserver.DEFAULT_HANDLERS = {

  'git-upload-pack': SimpleGitUploadPackHandler,

  'git-receive-pack': dulserver.ReceivePackHandler,

}

from dulwich.repo import Repo

from dulwich.web import make_wsgi_chain

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib.utils2 import safe_str

from rhodecode.lib.base import BaseVCSController

from rhodecode.lib.auth import get_container_username

from rhodecode.lib.utils import is_valid_repo

from rhodecode.model.db import User

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

log = logging.getLogger(__name__)

GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')

def is_git(environ):

    path_info = environ['PATH_INFO']

    isgit_path = GIT_PROTO_PAT.match(path_info)

    log.debug('pathinfo: %s detected as GIT %s' % (

        path_info, isgit_path != None)

    )

    return isgit_path

class SimpleGit(BaseVCSController):

    def _handle_request(self, environ, start_response):

        if not is_git(environ):

            return self.application(environ, start_response)

        username = None

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        #======================================================================

        # EXTRACT REPOSITORY NAME FROM ENV

        #======================================================================

        try:

            repo_name = self.__get_repository(environ)

            log.debug('Extracted repo name is %s' % repo_name)

        except:

            return HTTPInternalServerError()(environ, start_response)

        # quick check if that dir exists...

        if is_valid_repo(repo_name, self.basepath) is False:

            return HTTPNotFound()(environ, start_response)

        #======================================================================

        # GET ACTION PULL or PUSH

        #======================================================================

        action = self.__get_action(environ)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            username = anonymous_user.username

            anonymous_perm = self._check_permission(action, anonymous_user,

                                                    repo_name)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # Attempting to retrieve username from the container

                username = get_container_username(environ, self.config)

                # If not authenticated by the container, running basic auth

                if not username:

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                        username = result

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

                #==============================================================

                if action in ['pull', 'push']:

                    try:

                        user = self.__get_user(username)

                        if user is None or not user.active:

                            return HTTPForbidden()(environ, start_response)

                        username = user.username

                    except:

                        log.error(traceback.format_exc())

                        return HTTPInternalServerError()(environ,

                                                         start_response)

                    #check permissions for this repository

                    perm = self._check_permission(action, user, repo_name)

                    if perm is not True:

                        return HTTPForbidden()(environ, start_response)

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

        repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))

        log.debug('Repository path is %s' % repo_path)

        try:

            #invalidate cache on push

            if action == 'push':

                self._invalidate_cache(repo_name)

            log.info('%s action on GIT repo "%s"' % (action, repo_name))

            app = self.__make_app(repo_name, repo_path)

            return app(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, repo_path):

        """

        Make an wsgi application using dulserver

        :param repo_name: name of the repository

        :param repo_path: full path to the repository

        """

        _d = {'/' + repo_name: Repo(repo_path)}

        backend = dulserver.DictBackend(_d)

        gitserve = make_wsgi_chain(backend)

        return gitserve

    def __get_repository(self, environ):

        """

        Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

            repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)

        except:

            log.error(traceback.format_exc())

            raise

        return repo_name

    def __get_user(self, username):

        return User.get_by_username(username)

    def __get_action(self, environ):

        """

        Maps git request commands into a pull or push command.

        :param environ:

        """

        service = environ['QUERY_STRING'].split('=')

        if len(service) > 1:

            service_cmd = service[1]

            mapping = {

                'git-receive-pack': 'push',

                'git-upload-pack': 'pull',

            }

            op = mapping[service_cmd]

            self._git_stored_op = op

            return op

        else:

            # try to fallback to stored variable as we don't know if the last

            # operation is pull/push

            op = getattr(self, '_git_stored_op', 'pull')

        return op

# -*- coding: utf-8 -*-

"""

    rhodecode.lib.middleware.simplehg

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SimpleHG middleware for handling mercurial protocol request

    (push/clone etc.). It's implemented with basic auth function

    :created_on: Apr 28, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import logging

import traceback

import urllib

from mercurial.error import RepoError

from mercurial.hgweb import hgweb_mod

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib.utils2 import safe_str

from rhodecode.lib.base import BaseVCSController

from rhodecode.lib.auth import get_container_username

from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections

from rhodecode.model.db import User

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

log = logging.getLogger(__name__)

def is_mercurial(environ):

    """

    Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    path_info = environ['PATH_INFO']

    if http_accept and http_accept.startswith('application/mercurial'):

        ishg_path = True

    else:

        ishg_path = False

    log.debug('pathinfo: %s detected as HG %s' % (

        path_info, ishg_path)

    )

    return ishg_path

class SimpleHg(BaseVCSController):

    def _handle_request(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        #======================================================================

        # EXTRACT REPOSITORY NAME FROM ENV

        #======================================================================

        try:

            repo_name = environ['REPO_NAME'] = self.__get_repository(environ)

            log.debug('Extracted repo name is %s' % repo_name)

        except:

            return HTTPInternalServerError()(environ, start_response)

        # quick check if that dir exists...

        if is_valid_repo(repo_name, self.basepath) is False:

            return HTTPNotFound()(environ, start_response)

        #======================================================================

        # GET ACTION PULL or PUSH

        #======================================================================

        action = self.__get_action(environ)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            username = anonymous_user.username

            anonymous_perm = self._check_permission(action, anonymous_user,

                                                    repo_name)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # Attempting to retrieve username from the container

                username = get_container_username(environ, self.config)

                # If not authenticated by the container, running basic auth

                if not username:

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                        username = result

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

                #==============================================================

                if action in ['pull', 'push']:

                    try:

                        user = self.__get_user(username)

                        if user is None or not user.active:

                            return HTTPForbidden()(environ, start_response)

                        username = user.username

                    except:

                        log.error(traceback.format_exc())

                        return HTTPInternalServerError()(environ,

                                                         start_response)

                    #check permissions for this repository

                    perm = self._check_permission(action, user, repo_name)

                    if perm is not True:

                        return HTTPForbidden()(environ, start_response)

        # extras are injected into mercurial UI object and later available

        # in hg hooks executed by rhodecode

        extras = {

            'ip': ipaddr,

            'username': username,

            'action': action,

            'repository': repo_name

        }

        #======================================================================

        # MERCURIAL REQUEST HANDLING

        #======================================================================

        repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))

        log.debug('Repository path is %s' % repo_path)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        try:

            # invalidate cache on push

            if action == 'push':

                self._invalidate_cache(repo_name)

            log.info('%s action on HG repo "%s"' % (action, repo_name))

            app = self.__make_app(repo_path, baseui, extras)

            return app(environ, start_response)

        except RepoError, e:

            if str(e).find('not found') != -1:

                return HTTPNotFound()(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, baseui, extras):

        """

        Make an wsgi application using hgweb, and inject generated baseui

        instance, additionally inject some extras into ui object

        """

        return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)

    def __get_repository(self, environ):

        """

        Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

        except:

            log.error(traceback.format_exc())

            raise

        return repo_name

    def __get_user(self, username):

        return User.get_by_username(username)

    def __get_action(self, environ):

        """

        Maps mercurial request commands into a clone,pull or push command.

        This should always return a valid command string

        :param environ:

        """

        mapping = {'changegroup': 'pull',

                   'changegroupsubset': 'pull',

                   'stream_out': 'pull',

                   'listkeys': 'pull',

                   'unbundle': 'push',

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                if cmd in mapping:

                    return mapping[cmd]

                else:

                    return 'pull'

    def __inject_extras(self, repo_path, baseui, extras={}):

        """

        Injects some extra params into baseui instance

        also overwrites global settings with those takes from local hgrc file

        :param baseui: baseui instance

        :param extras: dict with extra params to put into baseui

        """

        hgrc = os.path.join(repo_path, '.hg', 'hgrc')

        # make our hgweb quiet so it doesn't print output

        baseui.setconfig('ui', 'quiet', 'true')

        #inject some additional parameters that will be available in ui

        #for hooks

        for k, v in extras.items():

            baseui.setconfig('rhodecode_extras', k, v)

        repoui = make_ui('file', hgrc, False)

        if repoui:

            #overwrite our ui instance with the section from hgrc file

            for section in ui_sections:

                for k, v in repoui.configitems(section):

                    baseui.setconfig(section, k, v)