-------------------------------------

Pylons based replacement for hgwebdir

-------------------------------------

Fully customizable, with authentication, permissions. Based on vcs library.

**Overview**

- has it's own middleware to handle mercurial protocol request each request can 

  be logged and authenticated + threaded performance unlikely to hgweb

- full permissions per project read/write/admin access even on mercurial request

- diffs annotations and source code all colored by pygments.

- mercurial branch graph and yui-flot powered graphs

- admin interface for performing user/permission managments as well as repository

- backup scripts can do backup of whole app and send it over scp to desired location

- setup project descriptions and info inside built in db for easy, non 

  file-system operations

- added cache with invalidation on push/repo managment for high performance and

  always upto date data.

- rss /atom feed customizable

- based on pylons 1.0 / sqlalchemy 0.6

**Incoming**

- code review based on hg-review (when it's stable)

- git support (when vcs can handle it)

- other cools stuff that i can figure out

- manage hg ui() per repo, add hooks settings, per repo, and not globally

.. note::

-------------

Installation

-------------

.. note::

   I recomend to install tip version of vcs while the app is in beta mode.

- create new virtualenv and activate it - highly recommend that you use separate

  virtual-env for whole application

- download hg app from default (not demo) branch from bitbucket and run 

  'python setup.py install' this will install all required dependencies needed

- run paster setup-app production.ini it should create all needed tables 

  and an admin account. 

- remember that the given path for mercurial repositories must be write 

  accessible for the application

- run paster serve development.ini - or you can use manage-hg_app script.

  the app should be available at the 127.0.0.1:5000

- use admin account you created to login.

- default permissions on each repository is read, and owner is admin. So remember

  to update those.

#!/usr/bin/env python

# encoding: utf-8

# database managment for hg app

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on April 10, 2010

database managment and creation for hg app

@author: marcink

"""

from os.path import dirname as dn, join as jn

import os

import sys

import uuid

ROOT = dn(dn(dn(os.path.realpath(__file__))))

sys.path.append(ROOT)

from pylons_app.lib.auth import get_crypt_password

from pylons_app.lib.utils import ask_ok

from pylons_app.model import init_model

from pylons_app.model.db import User, Permission, HgAppUi, HgAppSettings

from pylons_app.model import meta

from sqlalchemy.engine import create_engine

import logging

log = logging.getLogger(__name__)

class DbManage(object):

    def __init__(self, log_sql):

        self.dbname = 'hg_app.db'

        dburi = 'sqlite:////%s' % jn(ROOT, self.dbname)

        engine = create_engine(dburi, echo=log_sql) 

        init_model(engine)

        self.sa = meta.Session

        self.db_exists = False

    def check_for_db(self, override):

        log.info('checking for exisiting db')

        if os.path.isfile(jn(ROOT, self.dbname)):

            self.db_exists = True

            log.info('database exisist')

            if not override:

                raise Exception('database already exists')

    def create_tables(self, override=False):

        """

        Create a auth database

        """

        self.check_for_db(override)

        if override:

            log.info("database exisist and it's going to be destroyed")

            destroy = ask_ok('Are you sure to destroy old database ? [y/n]')

            if not destroy:

                sys.exit()

            if self.db_exists and destroy:

                os.remove(jn(ROOT, self.dbname))

        checkfirst = not override

        meta.Base.metadata.create_all(checkfirst=checkfirst)

        log.info('Created tables for %s', self.dbname)

    def admin_prompt(self):

        import getpass

        username = raw_input('Specify admin username:')

        password = getpass.getpass('Specify admin password:')

        self.create_user(username, password, True)

    def config_prompt(self):

        log.info('Setting up repositories config')

        path = raw_input('Specify valid full path to your repositories'

                        ' you can change this later in application settings:')

        if not os.path.isdir(path):

            log.error('You entered wrong path')

            sys.exit()

        web1 = HgAppUi()

        web1.ui_section = 'web'

        web1.ui_key = 'push_ssl'

        web1.ui_value = 'false'

        web2 = HgAppUi()

        web2.ui_section = 'web'

        web2.ui_key = 'allow_archive'

        web2.ui_value = 'gz zip bz2'

        web3 = HgAppUi()

        web3.ui_section = 'web'

        web3.ui_key = 'allow_push'

        web3.ui_value = '*'

        web4 = HgAppUi()

        web4.ui_section = 'web'

        web4.ui_key = 'baseurl'

        web4.ui_value = '/'                        

        paths = HgAppUi()

        paths.ui_section = 'paths'

        paths.ui_key = '/'

        paths.ui_value = os.path.join(path, '*')

        hgsettings1 = HgAppSettings()

        hgsettings1.app_settings_name = 'realm'

        hgsettings1.app_settings_value = 'hg-app authentication'

        hgsettings2 = HgAppSettings()

        hgsettings2.app_settings_name = 'title'

        hgsettings2.app_settings_value = 'hg-app'      

        try:

            self.sa.add(web1)

            self.sa.add(web2)

            self.sa.add(web3)

            self.sa.add(web4)

            self.sa.add(paths)

            self.sa.add(hgsettings1)

            self.sa.add(hgsettings2)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise        

        log.info('created ui config')

    def create_user(self, username, password, admin=False):

        log.info('creating default user')

        #create default user for handling default permissions.

        def_user = User()

        def_user.username = 'default'

        def_user.password = get_crypt_password(str(uuid.uuid1())[:8])

        def_user.name = 'default'

        def_user.lastname = 'default'

        def_user.email = 'default@default.com'

        def_user.admin = False

        def_user.active = False

        log.info('creating administrator user %s', username)

        new_user = User()

        new_user.username = username

        new_user.password = get_crypt_password(password)

        new_user.name = 'Hg'

        new_user.lastname = 'Admin'

        new_user.email = 'admin@localhost'

        new_user.admin = admin

        new_user.active = True

        try:

            self.sa.add(def_user)

            self.sa.add(new_user)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def create_permissions(self):

        #module.(access|create|change|delete)_[name]

        #module.(read|write|owner)

        perms = [('repository.none', 'Repository no access'),

                 ('repository.read', 'Repository read access'),

                 ('repository.write', 'Repository write access'),

                 ('repository.admin', 'Repository admin access'),

                 ('repository.create', 'Repository create'),

                 ('hg.admin', 'Hg Administrator'),

                ]

        for p in perms:

            new_perm = Permission()

            new_perm.permission_name = p[0]

            new_perm.permission_longname = p[1]

            try:

                self.sa.add(new_perm)

                self.sa.commit()

            except:

                self.sa.rollback()

                raise

#!/usr/bin/env python

# encoding: utf-8

# middleware to handle mercurial api calls

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

from datetime import datetime

from itertools import chain

from mercurial.error import RepoError

from mercurial.hgweb import hgweb

from mercurial.hgweb.request import wsgiapplication

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from pylons_app.lib.auth import authfunc, HasPermissionAnyMiddleware, \

    get_user_cached

from pylons_app.lib.utils import is_mercurial, make_ui, invalidate_cache, \

    check_repo_fast, ui_sections

from pylons_app.model import meta

from pylons_app.model.db import UserLog, User

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

import logging

import os

import pylons_app.lib.helpers as h

import traceback

log = logging.getLogger(__name__)

class SimpleHg(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        #authenticate this mercurial request using 

        self.authenticate = AuthBasicAuthenticator('', authfunc)

    def __call__(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

        #===================================================================

        # AUTHENTICATE THIS MERCURIAL REQUEST

        #===================================================================

        username = REMOTE_USER(environ)

        if not username:

            self.authenticate.realm = self.config['hg_app_realm']

            result = self.authenticate(environ)

            if isinstance(result, str):

                AUTH_TYPE.update(environ, 'basic')

                REMOTE_USER.update(environ, result)

            else:

                return result.wsgi_application(environ, start_response)

        try:

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

        except:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

        #===================================================================

        # CHECK PERMISSIONS FOR THIS REQUEST

        #===================================================================

        action = self.__get_action(environ)

        if action:

            username = self.__get_environ_user(environ)

            try:

                user = self.__get_user(username)

            except:

                log.error(traceback.format_exc())

                return HTTPInternalServerError()(environ, start_response)

            #check permissions for this repository

            if action == 'pull':

                if not HasPermissionAnyMiddleware('repository.read',

                                                  'repository.write',

                                                  'repository.admin')\

                                                    (user, repo_name):

                    return HTTPForbidden()(environ, start_response)

            if action == 'push':

                if not HasPermissionAnyMiddleware('repository.write',

                                                  'repository.admin')\

                                                    (user, repo_name):

                    return HTTPForbidden()(environ, start_response)

            #log action    

            proxy_key = 'HTTP_X_REAL_IP'

            def_key = 'REMOTE_ADDR'

            ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))

            self.__log_user_action(user, action, repo_name, ipaddr)            

        #===================================================================

        # MERCURIAL REQUEST HANDLING

        #===================================================================

        environ['PATH_INFO'] = '/'#since we wrap into hgweb, reset the path

        self.baseui = make_ui('db')

        self.basepath = self.config['base_path']

        self.repo_path = os.path.join(self.basepath, repo_name)

        #quick check if that dir exists...

        if check_repo_fast(repo_name, self.basepath):

            return HTTPNotFound()(environ, start_response)

        try:

            app = wsgiapplication(self.__make_app)

        except RepoError as e:

            if str(e).find('not found') != -1:

                return HTTPNotFound()(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

        #invalidate cache on push

        if action == 'push':

            self.__invalidate_cache(repo_name)

            messages = []

            messages.append('thank you for using hg-app')

            return self.msg_wrapper(app, environ, start_response, messages)

        else:

            return app(environ, start_response)           

    def msg_wrapper(self, app, environ, start_response, messages=[]):

        """

        Wrapper for custom messages that come out of mercurial respond messages

        is a list of messages that the user will see at the end of response 

        from merurial protocol actions that involves remote answers

        @param app:

        @param environ:

        @param start_response:

        """

        def custom_messages(msg_list):

            for msg in msg_list:

                yield msg + '\n'

        org_response = app(environ, start_response)

        return chain(org_response, custom_messages(messages))

    def __make_app(self):

        hgserve = hgweb(str(self.repo_path), baseui=self.baseui)

        return  self.__load_web_settings(hgserve)

    def __get_environ_user(self, environ):

        return environ.get('REMOTE_USER')

    def __get_user(self, username):

        return get_user_cached(username)

    def __get_action(self, environ):

        """

        Maps mercurial request commands into a pull or push command.

        @param environ:

        """

        mapping = {'changegroup': 'pull',

                   'changegroupsubset': 'pull',

                   'stream_out': 'pull',

                   'listkeys': 'pull',

                   'unbundle': 'push',

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                if mapping.has_key(cmd):

                    return mapping[cmd]

    def __log_user_action(self, user, action, repo, ipaddr):

        sa = meta.Session

        try:

            user_log = UserLog()

            user_log.user_id = user.user_id

            user_log.action = action

            user_log.repository = repo.replace('/', '')

            user_log.action_date = datetime.now()

            user_log.user_ip = ipaddr

            sa.add(user_log)

            sa.commit()

            log.info('Adding user %s, action %s on %s',

                                            user.username, action, repo)

        except Exception as e:

            sa.rollback()

            log.error('could not log user action:%s', str(e))

        finally:

            meta.Session.remove()

    def __invalidate_cache(self, repo_name):

        """we know that some change was made to repositories and we should

        invalidate the cache to see the changes right away but only for

        push requests"""

        invalidate_cache('cached_repo_list')

        invalidate_cache('full_changelog', repo_name)

    def __load_web_settings(self, hgserve):

        #set the global ui for hgserve

        hgserve.repo.ui = self.baseui

        hgrc = os.path.join(self.repo_path, '.hg', 'hgrc')

        repoui = make_ui('file', hgrc, False)

        if repoui:

            #overwrite our ui instance with the section from hgrc file

            for section in ui_sections:

                for k, v in repoui.configitems(section):

                    hgserve.repo.ui.setconfig(section, k, v)

        return hgserve

#!/usr/bin/env python

# encoding: utf-8

# Utilities for hg app

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on April 18, 2010

Utilities for hg app

@author: marcink

"""

from beaker.cache import cache_region

from mercurial import ui, config, hg

from mercurial.error import RepoError

from pylons_app.model import meta

from pylons_app.model.db import Repository, User, HgAppUi, HgAppSettings

from vcs.backends.base import BaseChangeset

from vcs.utils.lazy import LazyProperty

import logging

import os

log = logging.getLogger(__name__)

def get_repo_slug(request):

    return request.environ['pylons.routes_dict'].get('repo_name')

def is_mercurial(environ):

    """

    Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    if http_accept and http_accept.startswith('application/mercurial'):

        return True

    return False

def check_repo_dir(paths):

    repos_path = paths[0][1].split('/')

    if repos_path[-1] in ['*', '**']:

        repos_path = repos_path[:-1]

    if repos_path[0] != '/':

        repos_path[0] = '/'

    if not os.path.isdir(os.path.join(*repos_path)):

        raise Exception('Not a valid repository in %s' % paths[0][1])

def check_repo_fast(repo_name, base_path):

    if os.path.isdir(os.path.join(base_path, repo_name)):return False

    return True

def check_repo(repo_name, base_path, verify=True):

    repo_path = os.path.join(base_path, repo_name)

    try:

        if not check_repo_fast(repo_name, base_path):

            return False

        r = hg.repository(ui.ui(), repo_path)

        if verify:

            hg.verify(r)

        #here we hnow that repo exists it was verified

        log.info('%s repo is already created', repo_name)

        return False

    except RepoError:

        #it means that there is no valid repo there...

        log.info('%s repo is free for creation', repo_name)

        return True

def ask_ok(prompt, retries=4, complaint='Yes or no, please!'):

    while True:

        ok = raw_input(prompt)

        if ok in ('y', 'ye', 'yes'): return True

        if ok in ('n', 'no', 'nop', 'nope'): return False

        retries = retries - 1

        if retries < 0: raise IOError

        print complaint

@cache_region('super_short_term', 'cached_hg_ui')

def get_hg_ui_cached():

    try:

        sa = meta.Session

        ret = sa.query(HgAppUi).all()

    finally:

        meta.Session.remove()

    return ret

def get_hg_settings():

    try:

        sa = meta.Session

        ret = sa.query(HgAppSettings).all()

    finally:

        meta.Session.remove()

    if not ret:

        raise Exception('Could not get application settings !')

    settings = {}

    for each in ret:

        settings['hg_app_' + each.app_settings_name] = each.app_settings_value    

    return settings

def get_hg_ui_settings():

    try:

        sa = meta.Session

        ret = sa.query(HgAppUi).all()

    finally:

        meta.Session.remove()

    if not ret:

        raise Exception('Could not get application ui settings !')

    settings = {}

    for each in ret:

        k = each.ui_key if each.ui_key != '/' else 'root_path'

        settings[each.ui_section + '_' + k] = each.ui_value    

    return settings

#propagated from mercurial documentation

ui_sections = ['alias', 'auth',

                'decode/encode', 'defaults',

                'diff', 'email',

                'extensions', 'format',

                'merge-patterns', 'merge-tools',

                'hooks', 'http_proxy',

                'smtp', 'patch',

                'paths', 'profiling',

                'server', 'trusted',

                'ui', 'web', ]

def make_ui(read_from='file', path=None, checkpaths=True):        

    """

    A function that will read python rc files or database

    and make an mercurial ui object from read options

    @param path: path to mercurial config file

    @param checkpaths: check the path

    @param read_from: read from 'file' or 'db'

    """

    baseui = ui.ui()

    if read_from == 'file':

        if not os.path.isfile(path):

            log.warning('Unable to read config file %s' % path)

            return False

        log.debug('reading hgrc from %s', path)

        cfg = config.config()

        cfg.read(path)

        for section in ui_sections:

            for k, v in cfg.items(section):

                baseui.setconfig(section, k, v)

                log.debug('settings ui from file[%s]%s:%s', section, k, v)

        if checkpaths:check_repo_dir(cfg.items('paths'))                

    elif read_from == 'db':

        hg_ui = get_hg_ui_cached()

        for ui_ in hg_ui:

            log.debug('settings ui from db[%s]%s:%s', ui_.ui_section, ui_.ui_key, ui_.ui_value)

            baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)

    return baseui

def set_hg_app_config(config):

    hgsettings = get_hg_settings()

    for k, v in hgsettings.items():

        config[k] = v

def invalidate_cache(name, *args):

    """Invalidates given name cache"""

    from beaker.cache import region_invalidate

    log.info('INVALIDATING CACHE FOR %s', name)

    """propagate our arguments to make sure invalidation works. First

    argument has to be the name of cached func name give to cache decorator

    without that the invalidation would not work"""

    tmp = [name]

    tmp.extend(args)

    args = tuple(tmp)

    if name == 'cached_repo_list':

        from pylons_app.model.hg_model import _get_repos_cached

        region_invalidate(_get_repos_cached, None, *args)

    if name == 'full_changelog':

        from pylons_app.model.hg_model import _full_changelog_cached

        region_invalidate(_full_changelog_cached, None, *args)

class EmptyChangeset(BaseChangeset):

    revision = -1

    message = ''

    @LazyProperty

    def raw_id(self):

        """

        Returns raw string identifing this changeset, useful for web

        representation.

        """

        return '0' * 12

def repo2db_mapper(initial_repo_list, remove_obsolete=False):

    """

    maps all found repositories into db

    """

    from pylons_app.model.repo_model import RepoModel

    sa = meta.Session

    user = sa.query(User).filter(User.admin == True).first()

    rm = RepoModel()

    for name, repo in initial_repo_list.items():

        if not sa.query(Repository).filter(Repository.repo_name == name).scalar():

            log.info('repository %s not found creating default', name)

            form_data = {

                         'repo_name':name,

                         'description':repo.description if repo.description != 'unknown' else \

                                        'auto description for %s' % name,

                         'private':False

                         }

            rm.create(form_data, user, just_db=True)

    if remove_obsolete:

        #remove from database those repositories that are not in the filesystem

        for repo in sa.query(Repository).all():

            if repo.repo_name not in initial_repo_list.keys():

                sa.delete(repo)

                sa.commit()

    meta.Session.remove()

from UserDict import DictMixin

class OrderedDict(dict, DictMixin):

    def __init__(self, *args, **kwds):

        if len(args) > 1:

            raise TypeError('expected at most 1 arguments, got %d' % len(args))

        try:

            self.__end

        except AttributeError:

            self.clear()

        self.update(*args, **kwds)