kallithea.controllers.api

~~~~~~~~~~~~~~~~~~~~~~~~~

JSON RPC controller

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Aug 20, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import inspect

import itertools

import logging

import time

import traceback

import types

from tg import Response, TGController, request, response

from webob.exc import HTTPError, HTTPException

from kallithea.lib.auth import AuthUser

from kallithea.lib.base import _get_ip_addr as _get_ip

from kallithea.lib.compat import json

from kallithea.model.db import User

log = logging.getLogger('JSONRPC')

class JSONRPCError(BaseException):

    def __init__(self, message):

        self.message = message

        super(JSONRPCError, self).__init__()

    def __str__(self):

        return safe_str(self.message)

class JSONRPCErrorResponse(Response, HTTPException):

    """

    Generate a Response object with a JSON-RPC error body

    """

    def __init__(self, message=None, retid=None, code=None):

        HTTPException.__init__(self, message, self)

        Response.__init__(self,

            # skip the required param check if it's default value is

            # NotImplementedType (default_empty)

            if default == default_empty and arg not in self._request_params:

                raise JSONRPCErrorResponse(

                    retid=self._req_id,

                    message='Missing non optional `%s` arg in JSON DATA' % arg,

                )

        extra = set(self._request_params).difference(func_kwargs)

        if extra:

            raise JSONRPCErrorResponse(

                retid=self._req_id,

                message='Unknown %s arg in JSON DATA' %

                        ', '.join('`%s`' % arg for arg in extra),

            )

        self._rpc_args = {}

        self._rpc_args.update(self._request_params)

        self._rpc_args['action'] = self._req_method

        self._rpc_args['environ'] = environ

        log.info('IP: %s Request to %s time: %.3fs' % (

            self._get_ip_addr(environ),

        )

        state.set_action(self._rpc_call, [])

        state.set_params(self._rpc_args)

        return state

    def _rpc_call(self, action, environ, **rpc_args):

        """

        Call the specified RPC Method

        """

        raw_response = ''

        try:

            raw_response = getattr(self, action)(**rpc_args)

            if isinstance(raw_response, HTTPError):

                self._error = str(raw_response)

        except JSONRPCError as e:

            self._error = unicode(e)

        except Exception as e:

            log.error('Encountered unhandled exception: %s',

                      traceback.format_exc(),)

            json_exc = JSONRPCError('Internal server error')

            self._error = unicode(json_exc)

        if self._error is not None:

        _ips = ip.split(',')

        _first_ip = _ips[0].strip()

        log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)

        return _first_ip

    return ip

def _get_ip_addr(environ):

    proxy_key = 'HTTP_X_REAL_IP'

    proxy_key2 = 'HTTP_X_FORWARDED_FOR'

    def_key = 'REMOTE_ADDR'

    ip = environ.get(proxy_key)

    if ip:

        return _filter_proxy(ip)

    ip = environ.get(proxy_key2)

    if ip:

        return _filter_proxy(ip)

    ip = environ.get(def_key, '0.0.0.0')

    return _filter_proxy(ip)

    org_req = environ.get('tg.original_request')

    if org_req is not None:

        environ = org_req.environ

def log_in_user(user, remember, is_external_auth, ip_addr):

    """

    Log a `User` in and update session and cookies. If `remember` is True,

    the session cookie is set to expire in a year; otherwise, it expires at

    the end of the browser session.

    Returns populated `AuthUser` object.

    """

    # It should not be possible to explicitly log in as the default user.

    assert not user.is_default_user, user

    auth_user = AuthUser.make(dbuser=user, is_external_auth=is_external_auth, ip_addr=ip_addr)

    if auth_user is None:

        return None

    user.update_lastlogin()

    meta.Session().commit()

    # Start new session to prevent session fixation attacks.

    session.invalidate()

    session['authuser'] = cookie = auth_user.to_cookie()

                    session.get('authuser'),

                    ip_addr=ip_addr,

                )

                needs_csrf_check = request.method not in ['GET', 'HEAD']

            else:

                dbuser = User.get_by_api_key(api_key)

                if dbuser is None:

                    log.info('No db user found for authentication with API key ****%s from %s',

                             api_key[-4:], ip_addr)

                authuser = AuthUser.make(dbuser=dbuser, is_external_auth=True, ip_addr=ip_addr)

                needs_csrf_check = False # API key provides CSRF protection

            if authuser is None:

                log.info('No valid user found')

                raise webob.exc.HTTPForbidden()

            # set globals for auth user

            request.authuser = authuser

            request.ip_addr = ip_addr

            request.needs_csrf_check = needs_csrf_check

            log.info('IP: %s User: %s accessed %s',

                request.ip_addr, request.authuser,

            )

            return super(BaseController, self).__call__(environ, context)

        except webob.exc.HTTPException as e:

            return e

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.db_repo_scm_instance: instance of scm repository

    c.db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

    c.repository_following: weather the current user is following the current repo

    """

    def _before(self, *args, **kwargs):

        super(BaseRepoController, self)._before(*args, **kwargs)

        if c.repo_name:  # extracted from routes

            _dbr = Repository.get_by_repo_name(c.repo_name)

            if not _dbr:

                return

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.middleware.permanent_repo_url

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

middleware to handle permanent repo URLs, replacing PATH_INFO '/_123/yada' with

'/name/of/repo/yada' after looking 123 up in the database.

"""

from kallithea.lib.utils import fix_repo_id_name

class PermanentRepoUrl(object):

    def __init__(self, app, config):

        self.application = app

        self.config = config

    def __call__(self, environ, start_response):

        if path_info.startswith('/'): # it must

            path_info = '/' + safe_str(fix_repo_id_name(path_info[1:]))

            environ['PATH_INFO'] = path_info

        return self.application(environ, start_response)

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.middleware.simplegit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SimpleGit middleware for handling Git protocol requests (push/clone etc.)

It's implemented with basic auth function

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 28, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import re

from kallithea.lib.hooks import log_pull_action

from kallithea.lib.middleware.pygrack import make_wsgi_app

from kallithea.lib.utils import make_ui

from kallithea.lib.utils2 import safe_unicode

from kallithea.model.db import Repository

log = logging.getLogger(__name__)

GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)$')

cmd_mapping = {

    'git-receive-pack': 'push',

    'git-upload-pack': 'pull',

}

class SimpleGit(BaseVCSController):

    scm_alias = 'git'

    @classmethod

    def parse_request(cls, environ):

        m = GIT_PROTO_PAT.match(path_info)

        if m is None:

            return None

        class parsed_request(object):

            # See https://git-scm.com/book/en/v2/Git-Internals-Transfer-Protocols#_the_smart_protocol

            repo_name = safe_unicode(m.group(1).rstrip('/'))

            cmd = m.group(2)

            query_string = environ['QUERY_STRING']

            if cmd == 'info/refs' and query_string.startswith('service='):

                service = query_string.split('=', 1)[1]

                action = cmd_mapping.get(service)

            else:

                service = None

                action = cmd_mapping.get(cmd)

        return parsed_request

    def _make_app(self, parsed_request):

        """

        Return a pygrack wsgi application.

        """

        pygrack_app = make_wsgi_app(parsed_request.repo_name, self.basepath)

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.middleware.simplehg

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SimpleHg middleware for handling Mercurial protocol requests (push/clone etc.).

It's implemented with basic auth function

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 28, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import os

import urllib

from kallithea.lib.utils import make_ui

from kallithea.lib.utils2 import safe_str, safe_unicode

from kallithea.lib.vcs.utils.hgcompat import hgweb_mod

log = logging.getLogger(__name__)

def get_header_hgarg(environ):

    """Decode the special Mercurial encoding of big requests over multiple headers.

    >>> get_header_hgarg({})

    ''

    >>> get_header_hgarg({'HTTP_X_HGARG_0': ' ', 'HTTP_X_HGARG_1': 'a','HTTP_X_HGARG_2': '','HTTP_X_HGARG_3': 'b+c %20'})

    'ab+c %20'

    """

    chunks = []

    i = 1

    while True:

        v = environ.get('HTTP_X_HGARG_%d' % i)

        if v is None:

            break

        chunks.append(v)

        i += 1

    return ''.join(chunks)

    'known': 'pull',

    'lheads': 'pull',

    'listkeys': 'pull',

    'lookup': 'pull',

    'manifestdata': 'pull',

    'narrow_widen': 'pull',

    'protocaps': 'pull',

    'statlfile': 'pull',

    'stream_out': 'pull',

    'pushkey': 'push',

    'putlfile': 'push',

    'unbundle': 'push',

    }

class SimpleHg(BaseVCSController):

    scm_alias = 'hg'

    @classmethod

    def parse_request(cls, environ):

        http_accept = environ.get('HTTP_ACCEPT', '')

        if not http_accept.startswith('application/mercurial'):

            return None

        if not path_info.startswith('/'): # it must!

            return None

        class parsed_request(object):

            repo_name = safe_unicode(path_info[1:].rstrip('/'))

            query_string = environ['QUERY_STRING']

            action = None

            for qry in query_string.split('&'):

                parts = qry.split('=', 1)

                if len(parts) == 2 and parts[0] == 'cmd':

                    cmd = parts[1]

                    if cmd == 'batch':

                        hgarg = get_header_hgarg(environ)

                        if not hgarg.startswith('cmds='):

                            action = 'push' # paranoid and safe

                            break

                        action = 'pull'

                        for cmd_arg in hgarg[5:].split(';'):

                            cmd, _args = urllib.unquote_plus(cmd_arg).split(' ', 1)

                            op = cmd_mapping.get(cmd, 'push')

                            if op != 'pull':

                                assert op == 'push'

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.middleware.wrapper

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wrap app to measure request and response time ... all the way to the response

WSGI iterator has been closed.

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: May 23, 2013

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import time

log = logging.getLogger(__name__)

class Meter:

    def __init__(self, start_response):

        self._start_response = start_response

        self._start = time.time()

        self._size = 0

    def duration(self):

        return time.time() - self._start

    def start_response(self, status, response_headers, exc_info=None):

        write = self._start_response(status, response_headers, exc_info)

        def metered_write(s):

            self.measure(s)

            write(s)

        return metered_write

    def measure(self, chunk):

        self._size += len(chunk)

    def __iter__(self):

        return self

    def next(self):

        chunk = self._next()

        self._meter.measure(chunk)

        return chunk

    def close(self):

        self._result_close()

        log.info("%s responded after %.3fs with %s bytes", self._description, self._meter.duration(), self._meter.size())

class RequestWrapper(object):

    def __init__(self, app, config):

        self.application = app

        self.config = config

    def __call__(self, environ, start_response):

        meter = Meter(start_response)

        description = "Request from %s for %s" % (

            _get_ip_addr(environ),

        )

        try:

            result = self.application(environ, meter.start_response)

        finally:

            log.info("%s responding after %.3fs", description, meter.duration())

        return ResultIter(result, meter, description)