"""

Routes configuration

The more specific and detailed routes should be defined first so they

may take precedent over the more generic routes. For more information

refer to the routes manual at http://routes.groovie.org/docs/

"""

from __future__ import with_statement

from routes import Mapper

# prefix for non repository related links needs to be prefixed with `/`

ADMIN_PREFIX = '/_admin'

def make_map(config):

    """Create, configure and return the routes Mapper"""

    rmap = Mapper(directory=config['pylons.paths']['controllers'],

                 always_scan=config['debug'])

    rmap.minimization = False

    rmap.explicit = False

    def check_repo(environ, match_dict):

        """

        check for valid repository for proper 404 handling

        :param environ:

        :param match_dict:

        """

        repo_name = match_dict.get('repo_name')

    def check_group(environ, match_dict):

        """

        check for valid repositories group for proper 404 handling

        :param environ:

        :param match_dict:

        """

        repos_group_name = match_dict.get('group_name')

    def check_int(environ, match_dict):

        return match_dict.get('id').isdigit()

    # The ErrorController route (handles 404/500 error pages); it should

    # likely stay at the top, ensuring it can always be resolved

    rmap.connect('/error/{action}', controller='error')

    rmap.connect('/error/{action}/{id}', controller='error')

    #==========================================================================

    # CUSTOM ROUTES HERE

    #==========================================================================

    #MAIN PAGE

    rmap.connect('home', '/', controller='home', action='index')

    rmap.connect('repo_switcher', '/repos', controller='home',

                 action='repo_switcher')

    rmap.connect('bugtracker',

                 "http://bitbucket.org/marcinkuzminski/rhodecode/issues",

                 _static=True)

    rmap.connect('rhodecode_official', "http://rhodecode.org", _static=True)

    #ADMIN REPOSITORY REST ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/repos') as m:

        m.connect("repos", "/repos",

             action="create", conditions=dict(method=["POST"]))

        m.connect("repos", "/repos",

             action="index", conditions=dict(method=["GET"]))

        m.connect("formatted_repos", "/repos.{format}",

             action="index",

            conditions=dict(method=["GET"]))

        m.connect("new_repo", "/repos/new",

             action="new", conditions=dict(method=["GET"]))

        m.connect("formatted_new_repo", "/repos/new.{format}",

             action="new", conditions=dict(method=["GET"]))

        m.connect("/repos/{repo_name:.*}",

             action="update", conditions=dict(method=["PUT"],

                                              function=check_repo))

        m.connect("/repos/{repo_name:.*}",

             action="delete", conditions=dict(method=["DELETE"],

                                              function=check_repo))

        m.connect("edit_repo", "/repos/{repo_name:.*}/edit",

             action="edit", conditions=dict(method=["GET"],

                                            function=check_repo))

        m.connect("formatted_edit_repo", "/repos/{repo_name:.*}.{format}/edit",

             action="edit", conditions=dict(method=["GET"],

import os

import logging

import traceback

from dulwich import server as dulserver

class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):

    def handle(self):

        write = lambda x: self.proto.write_sideband(1, x)

        graph_walker = dulserver.ProtocolGraphWalker(self,

                                                     self.repo.object_store,

                                                     self.repo.get_peeled)

        objects_iter = self.repo.fetch_objects(

          graph_walker.determine_wants, graph_walker, self.progress,

          get_tagged=self.get_tagged)

        # Do they want any objects?

        if objects_iter is None or len(objects_iter) == 0:

            return

        self.progress("counting objects: %d, done.\n" % len(objects_iter))

        dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),

                                  objects_iter, len(objects_iter))

        messages = []

        messages.append('thank you for using rhodecode')

        for msg in messages:

            self.progress(msg + "\n")

        # we are done

        self.proto.write("0000")

dulserver.DEFAULT_HANDLERS = {

  'git-upload-pack': SimpleGitUploadPackHandler,

  'git-receive-pack': dulserver.ReceivePackHandler,

}

from dulwich.repo import Repo

from dulwich.web import HTTPGitApplication

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib import safe_str

from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware

from rhodecode.model.db import User

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

log = logging.getLogger(__name__)

def is_git(environ):

    """Returns True if request's target is git server.

    ``HTTP_USER_AGENT`` would then have git client version given.

    :param environ:

    """

    http_user_agent = environ.get('HTTP_USER_AGENT')

    if http_user_agent and http_user_agent.startswith('git'):

        return True

    return False

class SimpleGit(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        # base path of repo locations

        self.basepath = self.config['base_path']

        #authenticate this mercurial request using authfunc

        self.authenticate = AuthBasicAuthenticator('', authfunc)

    def __call__(self, environ, start_response):

        if not is_git(environ):

            return self.application(environ, start_response)

        proxy_key = 'HTTP_X_REAL_IP'

        def_key = 'REMOTE_ADDR'

        ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))

        username = None

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        #======================================================================

        # EXTRACT REPOSITORY NAME FROM ENV

        #======================================================================

        try:

            repo_name = self.__get_repository(environ)

            log.debug('Extracted repo name is %s' % repo_name)

        except:

            return HTTPInternalServerError()(environ, start_response)

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                if not REMOTE_USER(environ):

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM

                # BASIC AUTH

                #==============================================================

                if action in ['pull', 'push']:

                    username = REMOTE_USER(environ)

                    try:

                        user = self.__get_user(username)

                        username = user.username

                    except:

                        log.error(traceback.format_exc())

                        return HTTPInternalServerError()(environ,

                                                         start_response)

                    #check permissions for this repository

                    perm = self.__check_permission(action, user,

                                                   repo_name)

                    if perm is not True:

                        return HTTPForbidden()(environ, start_response)

        extras = {'ip': ipaddr,

                  'username': username,

                  'action': action,

                  'repository': repo_name}

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

        repo_path = safe_str(os.path.join(self.basepath, repo_name))

        log.debug('Repository path is %s' % repo_path)

        # quick check if that dir exists...

            return HTTPNotFound()(environ, start_response)

        try:

            #invalidate cache on push

            if action == 'push':

                self.__invalidate_cache(repo_name)

            app = self.__make_app(repo_name, repo_path)

            return app(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, repo_path):

        """

        Make an wsgi application using dulserver

        :param repo_name: name of the repository

        :param repo_path: full path to the repository

        """

        _d = {'/' + repo_name: Repo(repo_path)}

        backend = dulserver.DictBackend(_d)

        gitserve = HTTPGitApplication(backend)

        return gitserve

    def __check_permission(self, action, user, repo_name):

        """

        Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: user instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

# -*- coding: utf-8 -*-

"""

    rhodecode.lib.middleware.simplehg

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SimpleHG middleware for handling mercurial protocol request

    (push/clone etc.). It's implemented with basic auth function

    :created_on: Apr 28, 2010

    :author: marcink

    :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import logging

import traceback

from mercurial.error import RepoError

from mercurial.hgweb import hgweb_mod

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib import safe_str

from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware

from rhodecode.lib.utils import make_ui, invalidate_cache, \

from rhodecode.model.db import User

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

log = logging.getLogger(__name__)

def is_mercurial(environ):

    """Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    if http_accept and http_accept.startswith('application/mercurial'):

        return True

    return False

class SimpleHg(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        # base path of repo locations

        self.basepath = self.config['base_path']

        #authenticate this mercurial request using authfunc

        self.authenticate = AuthBasicAuthenticator('', authfunc)

        self.ipaddr = '0.0.0.0'

    def __call__(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

        proxy_key = 'HTTP_X_REAL_IP'

        def_key = 'REMOTE_ADDR'

        ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        #======================================================================

        # EXTRACT REPOSITORY NAME FROM ENV

        #======================================================================

        try:

            repo_name = environ['REPO_NAME'] = self.__get_repository(environ)

            log.debug('Extracted repo name is %s' % repo_name)

        except:

            return HTTPInternalServerError()(environ, start_response)

                if not REMOTE_USER(environ):

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM

                # BASIC AUTH

                #==============================================================

                if action in ['pull', 'push']:

                    username = REMOTE_USER(environ)

                    try:

                        user = self.__get_user(username)

                        username = user.username

                    except:

                        log.error(traceback.format_exc())

                        return HTTPInternalServerError()(environ,

                                                         start_response)

                    #check permissions for this repository

                    perm = self.__check_permission(action, user,

                                                   repo_name)

                    if perm is not True:

                        return HTTPForbidden()(environ, start_response)

        extras = {'ip': ipaddr,

                  'username': username,

                  'action': action,

                  'repository': repo_name}

        #======================================================================

        # MERCURIAL REQUEST HANDLING

        #======================================================================

        repo_path = safe_str(os.path.join(self.basepath, repo_name))

        log.debug('Repository path is %s' % repo_path)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        # quick check if that dir exists...

            return HTTPNotFound()(environ, start_response)

        try:

            #invalidate cache on push

            if action == 'push':

                self.__invalidate_cache(repo_name)

            app = self.__make_app(repo_path, baseui, extras)

            return app(environ, start_response)

        except RepoError, e:

            if str(e).find('not found') != -1:

                return HTTPNotFound()(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, baseui, extras):

        """

        Make an wsgi application using hgweb, and inject generated baseui

        instance, additionally inject some extras into ui object

        """

        return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)

    def __check_permission(self, action, user, repo_name):

        """

        Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: user instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        return True

        user_log.action_date = datetime.datetime.now()

        user_log.user_ip = ipaddr

        sa.add(user_log)

        sa.commit()

        log.info('Adding user %s, action %s on %s', user_obj, action, repo)

    except:

        log.error(traceback.format_exc())

        sa.rollback()

def get_repos(path, recursive=False):

    """

    Scans given path for repos and return (name,(type,path)) tuple

    :param path: path to scann for repositories

    :param recursive: recursive search and return names with subdirs in front

    """

    from vcs.utils.helpers import get_scm

    from vcs.exceptions import VCSError

    if path.endswith(os.sep):

        #remove ending slash for better results

        path = path[:-1]

    def _get_repos(p):

        if not os.access(p, os.W_OK):

            return

        for dirpath in os.listdir(p):

            if os.path.isfile(os.path.join(p, dirpath)):

                continue

            cur_path = os.path.join(p, dirpath)

            try:

                scm_info = get_scm(cur_path)

                yield scm_info[1].split(path)[-1].lstrip(os.sep), scm_info

            except VCSError:

                if not recursive:

                    continue

                #check if this dir containts other repos for recursive scan

                rec_path = os.path.join(p, dirpath)

                if os.path.isdir(rec_path):

                    for inner_scm in _get_repos(rec_path):

                        yield inner_scm

    return _get_repos(path)

    """

    Returns True if given path is a valid repository False otherwise

    :param repo_name:

    :param base_path:

    :return True: if given path is a valid repository

    """

    full_path = os.path.join(base_path, repo_name)

    try:

        get_scm(full_path)

        return True

    except VCSError:

        return False

    """

    Returns True if given path is a repos group False otherwise

    :param repo_name:

    :param base_path:

    """

    full_path = os.path.join(base_path, repos_group_name)

    # check if it's not a repo

        return False

    # check if it's a valid path

    if os.path.isdir(full_path):

        return True

    return False

def ask_ok(prompt, retries=4, complaint='Yes or no, please!'):

    while True:

        ok = raw_input(prompt)

        if ok in ('y', 'ye', 'yes'):

            return True

        if ok in ('n', 'no', 'nop', 'nope'):

            return False

        retries = retries - 1

        if retries < 0:

            raise IOError

        print complaint

#propagated from mercurial documentation

ui_sections = ['alias', 'auth',

                'decode/encode', 'defaults',

                'diff', 'email',

                'extensions', 'format',

                'merge-patterns', 'merge-tools',

                'hooks', 'http_proxy',

                'smtp', 'patch',

                'paths', 'profiling',

                'server', 'trusted',

                'ui', 'web', ]

def make_ui(read_from='file', path=None, checkpaths=True):

    """A function that will read python rc files or database

    and make an mercurial ui object from read options

    :param path: path to mercurial config file

    :param checkpaths: check the path

    :param read_from: read from 'file' or 'db'

    """

    baseui = ui.ui()

    #clean the baseui object

    baseui._ocfg = config.config()

    baseui._ucfg = config.config()

    baseui._tcfg = config.config()

    def delete_perm_user(self, form_data, repo_name):

        try:

            self.sa.query(RepoToPerm)\

                .filter(RepoToPerm.repository \

                        == self.get_by_repo_name(repo_name))\

                .filter(RepoToPerm.user_id == form_data['user_id']).delete()

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def delete_perm_users_group(self, form_data, repo_name):

        try:

            self.sa.query(UsersGroupRepoToPerm)\

                .filter(UsersGroupRepoToPerm.repository \

                        == self.get_by_repo_name(repo_name))\

                .filter(UsersGroupRepoToPerm.users_group_id \

                        == form_data['users_group_id']).delete()

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def delete_stats(self, repo_name):

        try:

            self.sa.query(Statistics)\

                .filter(Statistics.repository == \

                        self.get_by_repo_name(repo_name)).delete()

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def __create_repo(self, repo_name, alias, new_parent_id, clone_uri=False):

        """

        makes repository on filesystem. It's group aware means it'll create

        a repository within a group, and alter the paths accordingly of

        group location

        :param repo_name:

        :param alias:

        :param parent_id:

        :param clone_uri:

        """

        if new_parent_id:

            paths = Group.get(new_parent_id).full_path.split(Group.url_sep())

            new_parent_path = os.sep.join(paths)

        else:

            new_parent_path = ''

        repo_path = os.path.join(*map(lambda x:safe_str(x),

                                [self.repos_path, new_parent_path, repo_name]))

            log.info('creating repo %s in %s @ %s', repo_name, repo_path,

                     clone_uri)

            backend = get_backend(alias)

            backend(repo_path, create=True, src_url=clone_uri)

    def __rename_repo(self, old, new):

        """

        renames repository on filesystem

        :param old: old name

        :param new: new name

        """

        log.info('renaming repo from %s to %s', old, new)

        old_path = os.path.join(self.repos_path, old)

        new_path = os.path.join(self.repos_path, new)

        if os.path.isdir(new_path):

            raise Exception('Was trying to rename to already existing dir %s' \

            		     % new_path)

        shutil.move(old_path, new_path)

    def __delete_repo(self, repo):

        """

        removes repo from filesystem, the removal is acctually made by

        added rm__ prefix into dir, and rename internat .hg/.git dirs so this

        repository is no longer valid for rhodecode, can be undeleted later on

        by reverting the renames on this repository

        :param repo: repo object

        """

        rm_path = os.path.join(self.repos_path, repo.repo_name)

        log.info("Removing %s", rm_path)

        #disable hg/git

        alias = repo.repo_type

        shutil.move(os.path.join(rm_path, '.%s' % alias),

                    os.path.join(rm_path, 'rm__.%s' % alias))

        #disable repo

        shutil.move(rm_path, os.path.join(self.repos_path, 'rm__%s__%s' \

                                          % (datetime.today()\

                                             .strftime('%Y%m%d_%H%M%S_%f'),

                                            repo.repo_name)))