# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.hooks

~~~~~~~~~~~~~~~~~~~

Hooks run by Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Aug 6, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import sys

import time

import binascii

from kallithea.lib.vcs.utils.hgcompat import nullrev, revrange

from kallithea.lib import helpers as h

from kallithea.lib.utils import action_logger

from kallithea.lib.vcs.backends.base import EmptyChangeset

from kallithea.lib.exceptions import HTTPLockedRC, UserCreationError

from kallithea.lib.utils2 import safe_str, _extract_extras

from kallithea.model.db import Repository, User

def _get_scm_size(alias, root_path):

    if not alias.startswith('.'):

        alias += '.'

    size_scm, size_root = 0, 0

    for path, dirs, files in os.walk(safe_str(root_path)):

        if path.find(alias) != -1:

            for f in files:

                try:

                    size_scm += os.path.getsize(os.path.join(path, f))

                except OSError:

                    pass

        else:

            for f in files:

                try:

                    size_root += os.path.getsize(os.path.join(path, f))

                except OSError:

                    pass

    size_scm_f = h.format_byte_size(size_scm)

    size_root_f = h.format_byte_size(size_root)

    size_total_f = h.format_byte_size(size_root + size_scm)

    return size_scm_f, size_root_f, size_total_f

def repo_size(ui, repo, hooktype=None, **kwargs):

    """

    Presents size of repository after push

    :param ui:

    :param repo:

    :param hooktype:

    """

    size_hg_f, size_root_f, size_total_f = _get_scm_size('.hg', repo.root)

    last_cs = repo[len(repo) - 1]

    msg = ('Repository size .hg:%s repo:%s total:%s\n'

           'Last revision is now r%s:%s\n') % (

        size_hg_f, size_root_f, size_total_f, last_cs.rev(), last_cs.hex()[:12]

    )

    ui.status(msg)

def pre_push(ui, repo, **kwargs):

    # pre push function, currently used to ban pushing when

    # repository is locked

    ex = _extract_extras()

    usr = User.get_by_username(ex.username)

    if ex.locked_by[0] and usr.user_id != int(ex.locked_by[0]):

        locked_by = User.get(ex.locked_by[0]).username

        # this exception is interpreted in git/hg middlewares and based

        # on that proper return code is server to client

        _http_ret = HTTPLockedRC(ex.repository, locked_by)

        if str(_http_ret.code).startswith('2'):

            #2xx Codes don't raise exceptions

            ui.status(_http_ret.title)

        else:

            raise _http_ret

def pre_pull(ui, repo, **kwargs):

    ex = _extract_extras()

    if ex.locked_by[0]:

        locked_by = User.get(ex.locked_by[0]).username

        # this exception is interpreted in git/hg middlewares and based

        # on that proper return code is server to client

        _http_ret = HTTPLockedRC(ex.repository, locked_by)

        if str(_http_ret.code).startswith('2'):

            #2xx Codes don't raise exceptions

            ui.status(_http_ret.title)

        else:

            raise _http_ret

def log_pull_action(ui, repo, **kwargs):

    """

    Logs user last pull action

    :param ui:

    :param repo:

    """

    ex = _extract_extras()

    user = User.get_by_username(ex.username)

    action = 'pull'

    action_logger(user, action, ex.repository, ex.ip, commit=True)

    # extension hook call

    from kallithea import EXTENSIONS

    callback = getattr(EXTENSIONS, 'PULL_HOOK', None)

    if callable(callback):

        kw = {}

        kw.update(ex)

        callback(**kw)

    if ex.make_lock is not None and ex.make_lock:

        Repository.lock(Repository.get_by_repo_name(ex.repository), user.user_id)

        #msg = 'Made lock on repo `%s`' % repository

        #ui.status(msg)

    if ex.locked_by[0]:

        locked_by = User.get(ex.locked_by[0]).username

        _http_ret = HTTPLockedRC(ex.repository, locked_by)

        if str(_http_ret.code).startswith('2'):

            #2xx Codes don't raise exceptions

            ui.status(_http_ret.title)

    return 0

def log_push_action(ui, repo, **kwargs):

    """

    Register that changes have been pushed.

    Mercurial invokes this directly as a hook, git uses handle_git_receive.

    """

    ex = _extract_extras()

    action_tmpl = ex.action + ':%s'

    revs = []

    if ex.scm == 'hg':

        node = kwargs['node']

        def get_revs(repo, rev_opt):

            if rev_opt:

                revs = revrange(repo, rev_opt)

                if len(revs) == 0:

                    return (nullrev, nullrev)

                return max(revs), min(revs)

            else:

                return len(repo) - 1, 0

        stop, start = get_revs(repo, [node + ':'])

        _h = binascii.hexlify

        revs = [_h(repo[r].node()) for r in xrange(start, stop + 1)]

    elif ex.scm == 'git':

        revs = kwargs.get('_git_revs', [])

        if '_git_revs' in kwargs:

            kwargs.pop('_git_revs')

    action = action_tmpl % ','.join(revs)

    action_logger(ex.username, action, ex.repository, ex.ip, commit=True)

    # extension hook call

    from kallithea import EXTENSIONS

    callback = getattr(EXTENSIONS, 'PUSH_HOOK', None)

    if callable(callback):

        kw = {'pushed_revs': revs}

        kw.update(ex)

        callback(**kw)

    if ex.make_lock is not None and not ex.make_lock:

        Repository.unlock(Repository.get_by_repo_name(ex.repository))

        msg = 'Released lock on repo `%s`\n' % ex.repository

        ui.status(msg)

    if ex.locked_by[0]:

        locked_by = User.get(ex.locked_by[0]).username

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                username = None

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # try to auth based on environ, container auth methods

                log.debug('Running PRE-AUTH for container based authentication')

                pre_auth = auth_modules.authenticate('', '', environ)

                if pre_auth is not None and pre_auth.get('username'):

                    username = pre_auth['username']

                log.debug('PRE-AUTH got %s as username', username)

                # If not authenticated by the container, running basic auth

                if not username:

                    self.authenticate.realm = \

                        safe_str(self.config['realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                        username = result

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

                #==============================================================

                try:

                    user = User.get_by_username_or_email(username)

                    if user is None or not user.active:

                        return HTTPForbidden()(environ, start_response)

                    username = user.username

                except Exception:

                    log.error(traceback.format_exc())

                    return HTTPInternalServerError()(environ, start_response)

                #check permissions for this repository

                perm = self._check_permission(action, user, repo_name, ip_addr)

                if not perm:

                    return HTTPForbidden()(environ, start_response)

        # extras are injected into UI object and later available

        # in hooks executed by kallithea

        from kallithea import CONFIG

        server_url = get_server_url(environ)

        extras = {

            'ip': ip_addr,

            'username': username,

            'action': action,

            'repository': repo_name,

            'scm': 'git',

            'config': CONFIG['__file__'],

            'server_url': server_url,

            'make_lock': None,

            'locked_by': [None, None]

        }

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

        repo_path = os.path.join(safe_str(self.basepath),str_repo_name)

        log.debug('Repository path is %s', repo_path)

        # CHECK LOCKING only if it's not ANONYMOUS USER

        if username != User.DEFAULT_USER:

            log.debug('Checking locking on repository')

            (make_lock,

             locked,

             locked_by) = self._check_locking_state(

                            environ=environ, action=action,

                            repo=repo_name, user_id=user.user_id

                       )

            # store the make_lock for later evaluation in hooks

            extras.update({'make_lock': make_lock,

                           'locked_by': locked_by})

        fix_PATH()

        log.debug('HOOKS extras is %s', extras)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        try:

            self._handle_githooks(repo_name, action, baseui, environ)

            log.info('%s action on Git repo "%s" by "%s" from %s',

                     action, str_repo_name, safe_str(username), ip_addr)

            app = self.__make_app(repo_name, repo_path, extras)

            result = app(environ, start_response)

            if action == 'push':

                result = WSGIResultCloseCallback(result,

                    lambda: self._invalidate_cache(repo_name))

            return result

        except HTTPLockedRC as e:

            return e(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, repo_path, extras):

        """

        Make an wsgi application using dulserver

        :param repo_name: name of the repository

        :param repo_path: full path to the repository

        """

        from kallithea.lib.middleware.pygrack import make_wsgi_app

        app = make_wsgi_app(

            repo_root=safe_str(self.basepath),

            repo_name=repo_name,

            extras=extras,

        )

        return app

    def __get_repository(self, environ):

        """

        Gets repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

            repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)

        except Exception:

            log.error(traceback.format_exc())

            raise

        return repo_name

    def __get_action(self, environ):

        """

        Maps git request commands into a pull or push command.

        :param environ:

        """

        service = environ['QUERY_STRING'].split('=')

        if len(service) > 1:

            service_cmd = service[1]

            mapping = {

                'git-receive-pack': 'push',

                'git-upload-pack': 'pull',

            }

            op = mapping[service_cmd]

            self._git_stored_op = op

            return op

        else:

            # try to fallback to stored variable as we don't know if the last

            # operation is pull/push

            op = getattr(self, '_git_stored_op', 'pull')

        return op

    def _handle_githooks(self, repo_name, action, baseui, environ):

        """

        Handles pull action, push is handled by post-receive hook

        """

        from kallithea.lib.hooks import log_pull_action

        service = environ['QUERY_STRING'].split('=')

        if len(service) < 2:

            return

        from kallithea.model.db import Repository

        _repo = Repository.get_by_repo_name(repo_name)

        _repo = _repo.scm_instance

        _hooks = dict(baseui.configitems('hooks')) or {}

        if action == 'pull':

            # stupid git, emulate pre-pull hook !

            pre_pull(ui=baseui, repo=_repo._repo)

        if action == 'pull' and _hooks.get(Ui.HOOK_PULL):

            log_pull_action(ui=baseui, repo=_repo._repo)

    def __inject_extras(self, repo_path, baseui, extras=None):

        """

        Injects some extra params into baseui instance

        :param baseui: baseui instance

        :param extras: dict with extra params to put into baseui

        """

        _set_extras(extras or {})

                              'repository as anonymous user')

                username = None

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # try to auth based on environ, container auth methods

                log.debug('Running PRE-AUTH for container based authentication')

                pre_auth = auth_modules.authenticate('', '', environ)

                if pre_auth is not None and pre_auth.get('username'):

                    username = pre_auth['username']

                log.debug('PRE-AUTH got %s as username', username)

                # If not authenticated by the container, running basic auth

                if not username:

                    self.authenticate.realm = \

                        safe_str(self.config['realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                        username = result

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

                #==============================================================

                try:

                    user = User.get_by_username_or_email(username)

                    if user is None or not user.active:

                        return HTTPForbidden()(environ, start_response)

                    username = user.username

                except Exception:

                    log.error(traceback.format_exc())

                    return HTTPInternalServerError()(environ, start_response)

                #check permissions for this repository

                perm = self._check_permission(action, user, repo_name, ip_addr)

                if not perm:

                    return HTTPForbidden()(environ, start_response)

        # extras are injected into mercurial UI object and later available

        # in hg hooks executed by kallithea

        from kallithea import CONFIG

        server_url = get_server_url(environ)

        extras = {

            'ip': ip_addr,

            'username': username,

            'action': action,

            'repository': repo_name,

            'scm': 'hg',

            'config': CONFIG['__file__'],

            'server_url': server_url,

            'make_lock': None,

            'locked_by': [None, None]

        }

        #======================================================================

        # MERCURIAL REQUEST HANDLING

        #======================================================================

        repo_path = os.path.join(safe_str(self.basepath), str_repo_name)

        log.debug('Repository path is %s', repo_path)

        # CHECK LOCKING only if it's not ANONYMOUS USER

        if username != User.DEFAULT_USER:

            log.debug('Checking locking on repository')

            (make_lock,

             locked,

             locked_by) = self._check_locking_state(

                            environ=environ, action=action,

                            repo=repo_name, user_id=user.user_id

                       )

            # store the make_lock for later evaluation in hooks

            extras.update({'make_lock': make_lock,

                           'locked_by': locked_by})

        fix_PATH()

        log.debug('HOOKS extras is %s', extras)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        try:

            log.info('%s action on Mercurial repo "%s" by "%s" from %s',

                     action, str_repo_name, safe_str(username), ip_addr)

            app = self.__make_app(repo_path, baseui, extras)

            result = app(environ, start_response)

            if action == 'push':

                result = WSGIResultCloseCallback(result,

                    lambda: self._invalidate_cache(repo_name))

            return result

        except RepoError as e:

            if str(e).find('not found') != -1:

                return HTTPNotFound()(environ, start_response)

        except HTTPLockedRC as e:

            return e(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, baseui, extras):

        """

        Make an wsgi application using hgweb, and inject generated baseui

        instance, additionally inject some extras into ui object

        """

        return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)

    def __get_repository(self, environ):

        """

        Gets repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

        except Exception:

            log.error(traceback.format_exc())

            raise

        return repo_name

    def __get_action(self, environ):

        """

        Maps mercurial request commands into a clone,pull or push command.

        This should always return a valid command string

        :param environ:

        """

        mapping = {'changegroup': 'pull',

                   'changegroupsubset': 'pull',

                   'stream_out': 'pull',

                   'listkeys': 'pull',

                   'unbundle': 'push',

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                if cmd in mapping:

                    return mapping[cmd]

                return 'pull'

        raise Exception('Unable to detect pull/push action !!'

                        'Are you using non standard command or client ?')

    def __inject_extras(self, repo_path, baseui, extras=None):

        """

        Injects some extra params into baseui instance

        also overwrites global settings with those takes from local hgrc file

        :param baseui: baseui instance

        :param extras: dict with extra params to put into baseui

        """

        hgrc = os.path.join(repo_path, '.hg', 'hgrc')

        repoui = make_ui('file', hgrc, False)

        if repoui:

            #overwrite our ui instance with the section from hgrc file

            for section in ui_sections:

                for k, v in repoui.configitems(section):

                    baseui.setconfig(section, k, v)

        _set_extras(extras or {})