# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.api

~~~~~~~~~~~~~~~~~~~~~~~~~

JSON RPC controller

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Aug 20, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import inspect

import itertools

import logging

import time

import traceback

import types

from tg import Response, TGController, request, response

from webob.exc import HTTPError, HTTPException

from kallithea.lib.auth import AuthUser

from kallithea.lib.base import _get_ip_addr as _get_ip

from kallithea.lib.compat import json

from kallithea.model.db import User

log = logging.getLogger('JSONRPC')

class JSONRPCError(BaseException):

    def __init__(self, message):

        self.message = message

        super(JSONRPCError, self).__init__()

    def __str__(self):

        return safe_str(self.message)

class JSONRPCErrorResponse(Response, HTTPException):

    """

    Generate a Response object with a JSON-RPC error body

    """

    def __init__(self, message=None, retid=None, code=None):

        HTTPException.__init__(self, message, self)

        Response.__init__(self,

                          json_body=dict(id=retid, result=None, error=message),

                          status=code,

                          content_type='application/json')

class JSONRPCController(TGController):

    """

     A WSGI-speaking JSON-RPC controller class

     See the specification:

     <http://json-rpc.org/wiki/specification>`.

     Valid controller return values should be json-serializable objects.

     Sub-classes should catch their exceptions and raise JSONRPCError

     if they want to pass meaningful errors to the client.

     """

    def _get_ip_addr(self, environ):

        return _get_ip(environ)

    def _get_method_args(self):

        """

            raise JSONRPCErrorResponse(retid=self._req_id,

                                       message=str(e))

        # now that we have a method, add self._req_params to

        # self.kargs and dispatch control to WGIController

        argspec = inspect.getargspec(self._func)

        arglist = argspec[0][1:]

        defaults = [type(arg) for arg in argspec[3] or []]

        default_empty = type(NotImplemented)

        # kw arguments required by this method

        func_kwargs = dict(itertools.izip_longest(reversed(arglist), reversed(defaults),

                                                  fillvalue=default_empty))

        # This attribute will need to be first param of a method that uses

        # api_key, which is translated to instance of user at that name

        USER_SESSION_ATTR = 'apiuser'

        # get our arglist and check if we provided them as args

        for arg, default in func_kwargs.iteritems():

            if arg == USER_SESSION_ATTR:

                # USER_SESSION_ATTR is something translated from API key and

                # this is checked before so we don't need validate it

                continue

            # skip the required param check if it's default value is

            # NotImplementedType (default_empty)

            if default == default_empty and arg not in self._request_params:

                raise JSONRPCErrorResponse(

                    retid=self._req_id,

                    message='Missing non optional `%s` arg in JSON DATA' % arg,

                )

        extra = set(self._request_params).difference(func_kwargs)

        if extra:

            raise JSONRPCErrorResponse(

                retid=self._req_id,

                message='Unknown %s arg in JSON DATA' %

                        ', '.join('`%s`' % arg for arg in extra),

            )

        self._rpc_args = {}

        self._rpc_args.update(self._request_params)

        self._rpc_args['action'] = self._req_method

        self._rpc_args['environ'] = environ

        log.info('IP: %s Request to %s time: %.3fs' % (

            self._get_ip_addr(environ),

        )

        state.set_action(self._rpc_call, [])

        state.set_params(self._rpc_args)

        return state

    def _rpc_call(self, action, environ, **rpc_args):

        """

        Call the specified RPC Method

        """

        raw_response = ''

        try:

            raw_response = getattr(self, action)(**rpc_args)

            if isinstance(raw_response, HTTPError):

                self._error = str(raw_response)

        except JSONRPCError as e:

            self._error = unicode(e)

        except Exception as e:

            log.error('Encountered unhandled exception: %s',

                      traceback.format_exc(),)

            json_exc = JSONRPCError('Internal server error')

            self._error = unicode(json_exc)

        if self._error is not None:

            raw_response = None

        response = dict(id=self._req_id, result=raw_response, error=self._error)

        try:

            return json.dumps(response)

        except TypeError as e:

            log.error('API FAILED. Error encoding response: %s', e)

            return json.dumps(

                dict(

                    id=self._req_id,

                    result=None,

                    error="Error encoding response"

                )

            )

    def _find_method(self):

        """

        Return method named by `self._req_method` in controller if able

        """

        log.debug('Trying to find JSON-RPC method: %s', self._req_method)

        if self._req_method.startswith('_'):

            raise AttributeError("Method not allowed")

        try:

from kallithea.lib.utils import get_repo_slug, is_valid_repo

from kallithea.lib.utils2 import AttributeDict, safe_int, safe_str, safe_unicode, set_hook_environment, str2bool

from kallithea.lib.vcs.exceptions import ChangesetDoesNotExistError, EmptyRepositoryError, RepositoryError

from kallithea.model import meta

from kallithea.model.db import PullRequest, Repository, Setting, User

from kallithea.model.scm import ScmModel

log = logging.getLogger(__name__)

def render(template_path):

    return render_template({'url': url}, 'mako', template_path)

def _filter_proxy(ip):

    """

    HEADERS can have multiple ips inside the left-most being the original

    client, and each successive proxy that passed the request adding the IP

    address where it received the request from.

    :param ip:

    """

    if ',' in ip:

        _ips = ip.split(',')

        _first_ip = _ips[0].strip()

        log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)

        return _first_ip

    return ip

def _get_ip_addr(environ):

    proxy_key = 'HTTP_X_REAL_IP'

    proxy_key2 = 'HTTP_X_FORWARDED_FOR'

    def_key = 'REMOTE_ADDR'

    ip = environ.get(proxy_key)

    if ip:

        return _filter_proxy(ip)

    ip = environ.get(proxy_key2)

    if ip:

        return _filter_proxy(ip)

    ip = environ.get(def_key, '0.0.0.0')

    return _filter_proxy(ip)

    org_req = environ.get('tg.original_request')

    if org_req is not None:

        environ = org_req.environ

def log_in_user(user, remember, is_external_auth, ip_addr):

    """

    Log a `User` in and update session and cookies. If `remember` is True,

    the session cookie is set to expire in a year; otherwise, it expires at

    the end of the browser session.

    Returns populated `AuthUser` object.

    """

    # It should not be possible to explicitly log in as the default user.

    assert not user.is_default_user, user

    auth_user = AuthUser.make(dbuser=user, is_external_auth=is_external_auth, ip_addr=ip_addr)

    if auth_user is None:

        return None

    user.update_lastlogin()

    meta.Session().commit()

    # Start new session to prevent session fixation attacks.

    session.invalidate()

    session['authuser'] = cookie = auth_user.to_cookie()

    # If they want to be remembered, update the cookie.

    # NOTE: Assumes that beaker defaults to browser session cookie.

    if remember:

        t = datetime.datetime.now() + datetime.timedelta(days=365)

        session._set_cookie_expires(t)

    session.save()

    log.info('user %s is now authenticated and stored in '

             'session, session attrs %s', user.username, cookie)

    # dumps session attrs back to cookie

    session._update_cookie_out()

    return auth_user

class BasicAuth(paste.auth.basic.AuthBasicAuthenticator):

    def __init__(self, realm, authfunc, auth_http_code=None):

        self.realm = realm

        self.authfunc = authfunc

        self._rc_auth_http_code = auth_http_code

        # WebOb already ignores request payload parameters for anything other

        # than POST/PUT, but double-check since other Kallithea code relies on

        # this assumption.

        if request.method not in ['POST', 'PUT'] and request.POST:

            log.error('%r request with payload parameters; WebOb should have stopped this', request.method)

            raise webob.exc.HTTPBadRequest()

    def __call__(self, environ, context):

        try:

            ip_addr = _get_ip_addr(environ)

            self._basic_security_checks()

            api_key = request.GET.get('api_key')

            try:

                # Request.authorization may raise ValueError on invalid input

                type, params = request.authorization

            except (ValueError, TypeError):

                pass

            else:

                if type.lower() == 'bearer':

                    api_key = params # bearer token is an api key too

            if api_key is None:

                authuser = self._determine_auth_user(

                    session.get('authuser'),

                    ip_addr=ip_addr,

                )

                needs_csrf_check = request.method not in ['GET', 'HEAD']

            else:

                dbuser = User.get_by_api_key(api_key)

                if dbuser is None:

                    log.info('No db user found for authentication with API key ****%s from %s',

                             api_key[-4:], ip_addr)

                authuser = AuthUser.make(dbuser=dbuser, is_external_auth=True, ip_addr=ip_addr)

                needs_csrf_check = False # API key provides CSRF protection

            if authuser is None:

                log.info('No valid user found')

                raise webob.exc.HTTPForbidden()

            # set globals for auth user

            request.authuser = authuser

            request.ip_addr = ip_addr

            request.needs_csrf_check = needs_csrf_check

            log.info('IP: %s User: %s accessed %s',

                request.ip_addr, request.authuser,

            )

            return super(BaseController, self).__call__(environ, context)

        except webob.exc.HTTPException as e:

            return e

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.db_repo_scm_instance: instance of scm repository

    c.db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

    c.repository_following: weather the current user is following the current repo

    """

    def _before(self, *args, **kwargs):

        super(BaseRepoController, self)._before(*args, **kwargs)

        if c.repo_name:  # extracted from routes

            _dbr = Repository.get_by_repo_name(c.repo_name)

            if not _dbr:

                return

            log.debug('Found repository in database %s with state `%s`',

                      safe_unicode(_dbr), safe_unicode(_dbr.repo_state))

            route = getattr(request.environ.get('routes.route'), 'name', '')

            # allow to delete repos that are somehow damages in filesystem

            if route in ['delete_repo']:

                return

            if _dbr.repo_state in [Repository.STATE_PENDING]:

                if route in ['repo_creating_home']:

                    return

                check_url = url('repo_creating_home', repo_name=c.repo_name)

                raise webob.exc.HTTPFound(location=check_url)

            dbr = c.db_repo = _dbr

            c.db_repo_scm_instance = c.db_repo.scm_instance

            if c.db_repo_scm_instance is None:

                log.error('%s this repository is present in database but it '

                          'cannot be created as an scm instance', c.repo_name)

                from kallithea.lib import helpers as h

                h.flash(_('Repository not found in the filesystem'),

                        category='error')

                raise webob.exc.HTTPNotFound()

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.middleware.permanent_repo_url

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

middleware to handle permanent repo URLs, replacing PATH_INFO '/_123/yada' with

'/name/of/repo/yada' after looking 123 up in the database.

"""

from kallithea.lib.utils import fix_repo_id_name

class PermanentRepoUrl(object):

    def __init__(self, app, config):

        self.application = app

        self.config = config

    def __call__(self, environ, start_response):

        if path_info.startswith('/'): # it must

            path_info = '/' + safe_str(fix_repo_id_name(path_info[1:]))

            environ['PATH_INFO'] = path_info

        return self.application(environ, start_response)

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.middleware.simplegit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SimpleGit middleware for handling Git protocol requests (push/clone etc.)

It's implemented with basic auth function

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 28, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import re

from kallithea.lib.hooks import log_pull_action

from kallithea.lib.middleware.pygrack import make_wsgi_app

from kallithea.lib.utils import make_ui

from kallithea.lib.utils2 import safe_unicode

from kallithea.model.db import Repository

log = logging.getLogger(__name__)

GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)$')

cmd_mapping = {

    'git-receive-pack': 'push',

    'git-upload-pack': 'pull',

}

class SimpleGit(BaseVCSController):

    scm_alias = 'git'

    @classmethod

    def parse_request(cls, environ):

        m = GIT_PROTO_PAT.match(path_info)

        if m is None:

            return None

        class parsed_request(object):

            # See https://git-scm.com/book/en/v2/Git-Internals-Transfer-Protocols#_the_smart_protocol

            repo_name = safe_unicode(m.group(1).rstrip('/'))

            cmd = m.group(2)

            query_string = environ['QUERY_STRING']

            if cmd == 'info/refs' and query_string.startswith('service='):

                service = query_string.split('=', 1)[1]

                action = cmd_mapping.get(service)

            else:

                service = None

                action = cmd_mapping.get(cmd)

        return parsed_request

    def _make_app(self, parsed_request):

        """

        Return a pygrack wsgi application.

        """

        pygrack_app = make_wsgi_app(parsed_request.repo_name, self.basepath)

        def wrapper_app(environ, start_response):

            if (parsed_request.cmd == 'info/refs' and

                parsed_request.service == 'git-upload-pack'

            ):

                baseui = make_ui()

                repo = Repository.get_by_repo_name(parsed_request.repo_name)

                scm_repo = repo.scm_instance

                # Run hooks, like Mercurial outgoing.pull_logger does

                log_pull_action(ui=baseui, repo=scm_repo._repo)

            # Note: push hooks are handled by post-receive hook

            return pygrack_app(environ, start_response)

        return wrapper_app

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.middleware.simplehg

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SimpleHg middleware for handling Mercurial protocol requests (push/clone etc.).

It's implemented with basic auth function

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 28, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import os

import urllib

from kallithea.lib.utils import make_ui

from kallithea.lib.utils2 import safe_str, safe_unicode

from kallithea.lib.vcs.utils.hgcompat import hgweb_mod

log = logging.getLogger(__name__)

def get_header_hgarg(environ):

    """Decode the special Mercurial encoding of big requests over multiple headers.

    >>> get_header_hgarg({})

    ''

    >>> get_header_hgarg({'HTTP_X_HGARG_0': ' ', 'HTTP_X_HGARG_1': 'a','HTTP_X_HGARG_2': '','HTTP_X_HGARG_3': 'b+c %20'})

    'ab+c %20'

    """

    chunks = []

    i = 1

    while True:

        v = environ.get('HTTP_X_HGARG_%d' % i)

        if v is None:

            break

        chunks.append(v)

        i += 1

    return ''.join(chunks)

cmd_mapping = {

    # 'batch' is not in this list - it is handled explicitly

    'between': 'pull',

    'branches': 'pull',

    'branchmap': 'pull',

    'capabilities': 'pull',

    'changegroup': 'pull',

    'changegroupsubset': 'pull',

    'changesetdata': 'pull',

    'clonebundles': 'pull',

    'debugwireargs': 'pull',

    'filedata': 'pull',

    'getbundle': 'pull',

    'getlfile': 'pull',

    'heads': 'pull',

    'hello': 'pull',

    'known': 'pull',

    'lheads': 'pull',

    'listkeys': 'pull',

    'lookup': 'pull',

    'manifestdata': 'pull',

    'narrow_widen': 'pull',

    'protocaps': 'pull',

    'statlfile': 'pull',

    'stream_out': 'pull',

    'pushkey': 'push',

    'putlfile': 'push',

    'unbundle': 'push',

    }

class SimpleHg(BaseVCSController):

    scm_alias = 'hg'

    @classmethod

    def parse_request(cls, environ):

        http_accept = environ.get('HTTP_ACCEPT', '')

        if not http_accept.startswith('application/mercurial'):

            return None

        if not path_info.startswith('/'): # it must!

            return None

        class parsed_request(object):

            repo_name = safe_unicode(path_info[1:].rstrip('/'))

            query_string = environ['QUERY_STRING']

            action = None

            for qry in query_string.split('&'):

                parts = qry.split('=', 1)

                if len(parts) == 2 and parts[0] == 'cmd':

                    cmd = parts[1]

                    if cmd == 'batch':

                        hgarg = get_header_hgarg(environ)

                        if not hgarg.startswith('cmds='):

                            action = 'push' # paranoid and safe

                            break

                        action = 'pull'

                        for cmd_arg in hgarg[5:].split(';'):

                            cmd, _args = urllib.unquote_plus(cmd_arg).split(' ', 1)

                            op = cmd_mapping.get(cmd, 'push')

                            if op != 'pull':

                                assert op == 'push'

                                action = 'push'

                                break

                    else:

                        action = cmd_mapping.get(cmd, 'push')

                    break # only process one cmd

        return parsed_request

    def _make_app(self, parsed_request):

        """

        Make an hgweb wsgi application.

        """

        str_repo_name = safe_str(parsed_request.repo_name)

        repo_path = os.path.join(safe_str(self.basepath), str_repo_name)

        baseui = make_ui(repo_path=repo_path)

        hgweb_app = hgweb_mod.hgweb(repo_path, name=str_repo_name, baseui=baseui)

        def wrapper_app(environ, start_response):

            environ['REPO_NAME'] = str_repo_name # used by hgweb_mod.hgweb

            return hgweb_app(environ, start_response)

        return wrapper_app

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.middleware.wrapper

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wrap app to measure request and response time ... all the way to the response

WSGI iterator has been closed.

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: May 23, 2013

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import time

log = logging.getLogger(__name__)

class Meter:

    def __init__(self, start_response):

        self._start_response = start_response

        self._start = time.time()

        self._size = 0

    def duration(self):

        return time.time() - self._start

    def start_response(self, status, response_headers, exc_info=None):

        write = self._start_response(status, response_headers, exc_info)

        def metered_write(s):

            self.measure(s)

            write(s)

        return metered_write

    def measure(self, chunk):

        self._size += len(chunk)

    def size(self):

        return self._size

class ResultIter:

    def __init__(self, result, meter, description):

        self._result_close = getattr(result, 'close', None) or (lambda: None)

        self._next = iter(result).next

        self._meter = meter

        self._description = description

    def __iter__(self):

        return self

    def next(self):

        chunk = self._next()

        self._meter.measure(chunk)

        return chunk

    def close(self):

        self._result_close()

        log.info("%s responded after %.3fs with %s bytes", self._description, self._meter.duration(), self._meter.size())

class RequestWrapper(object):

    def __init__(self, app, config):

        self.application = app

        self.config = config

    def __call__(self, environ, start_response):

        meter = Meter(start_response)

        description = "Request from %s for %s" % (

            _get_ip_addr(environ),

        )

        try:

            result = self.application(environ, meter.start_response)

        finally:

            log.info("%s responding after %.3fs", description, meter.duration())

        return ResultIter(result, meter, description)