'git-receive-pack': dulserver.ReceivePackHandler,

}

from dulwich.repo import Repo

from dulwich.web import HTTPGitApplication

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware

from rhodecode.lib.utils import invalidate_cache, check_repo_fast

from rhodecode.model.user import UserModel

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

import logging

import os

import traceback

log = logging.getLogger(__name__)

def is_git(environ):

    """

    Returns True if request's target is git server. ``HTTP_USER_AGENT`` would

    then have git client version given.

    :param environ:

    """

    http_user_agent = environ.get('HTTP_USER_AGENT')

    if http_user_agent and http_user_agent.startswith('git'):

        return True

    return False

class SimpleGit(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        #authenticate this git request using 

        self.authenticate = AuthBasicAuthenticator('', authfunc)

        self.ipaddr = '0.0.0.0'

        self.repository = None

        self.username = None

        self.action = None

    def __call__(self, environ, start_response):

        if not is_git(environ):

            return self.application(environ, start_response)

        proxy_key = 'HTTP_X_REAL_IP'

        def_key = 'REMOTE_ADDR'

        self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))

        #===================================================================

        # AUTHENTICATE THIS GIT REQUEST

        #===================================================================

        username = REMOTE_USER(environ)

        if not username:

            self.authenticate.realm = self.config['rhodecode_realm']

            result = self.authenticate(environ)

            if isinstance(result, str):

                AUTH_TYPE.update(environ, 'basic')

                REMOTE_USER.update(environ, result)

            else:

                return result.wsgi_application(environ, start_response)

        #=======================================================================

        # GET REPOSITORY

        #=======================================================================

        try:

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

            self.repository = repo_name

        except:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

        #===================================================================

        # CHECK PERMISSIONS FOR THIS REQUEST

        #===================================================================

        self.action = self.__get_action(environ)

        if self.action:

            username = self.__get_environ_user(environ)

            try:

                user = self.__get_user(username)

                self.username = user.username

            except:

                log.error(traceback.format_exc())

                return HTTPInternalServerError()(environ, start_response)

            #check permissions for this repository

            if self.action == 'push':

                if not HasPermissionAnyMiddleware('repository.write',

                                                  'repository.admin')\

                                                    (user, repo_name):

                    return HTTPForbidden()(environ, start_response)

            else:

                #any other action need at least read permission

                if not HasPermissionAnyMiddleware('repository.read',

SimpleHG middleware for handling mercurial protocol request (push/clone etc.)

It's implemented with basic auth function

"""

from mercurial.error import RepoError

from mercurial.hgweb import hgweb

from mercurial.hgweb.request import wsgiapplication

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware

from rhodecode.lib.utils import make_ui, invalidate_cache, \

    check_repo_fast, ui_sections

from rhodecode.model.user import UserModel

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

import logging

import os

import traceback

log = logging.getLogger(__name__)

def is_mercurial(environ):

    """

    Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    if http_accept and http_accept.startswith('application/mercurial'):

        return True

    return False

class SimpleHg(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        #authenticate this mercurial request using authfunc

        self.authenticate = AuthBasicAuthenticator('', authfunc)

        self.ipaddr = '0.0.0.0'

        self.repository = None

        self.username = None

        self.action = None

    def __call__(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

        proxy_key = 'HTTP_X_REAL_IP'

        def_key = 'REMOTE_ADDR'

        self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))

        #===================================================================

        # AUTHENTICATE THIS MERCURIAL REQUEST

        #===================================================================

        username = REMOTE_USER(environ)

        if not username:

            self.authenticate.realm = self.config['rhodecode_realm']

            result = self.authenticate(environ)

            if isinstance(result, str):

                AUTH_TYPE.update(environ, 'basic')

                REMOTE_USER.update(environ, result)

            else:

                return result.wsgi_application(environ, start_response)

        #=======================================================================

        # GET REPOSITORY

        #=======================================================================

        try:

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

            self.repository = repo_name

        except:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

        #===================================================================

        # CHECK PERMISSIONS FOR THIS REQUEST

        #===================================================================

        self.action = self.__get_action(environ)

        if self.action:

            username = self.__get_environ_user(environ)

            try:

                user = self.__get_user(username)

                self.username = user.username

            except:

                log.error(traceback.format_exc())

                return HTTPInternalServerError()(environ, start_response)

            #check permissions for this repository

            if self.action == 'push':

                if not HasPermissionAnyMiddleware('repository.write',

                                                  'repository.admin')\

                                                    (user, repo_name):

                    return HTTPForbidden()(environ, start_response)

            else:

                #any other action need at least read permission