"""The base Controller API

Provides the BaseController class for subclassing.

"""

import logging

import time

import traceback

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden

from paste.httpheaders import WWW_AUTHENTICATE

from pylons import config, tmpl_context as c, request, session, url

from pylons.controllers import WSGIController

from pylons.controllers.util import redirect

from pylons.templating import render_mako as render

from rhodecode import __version__, BACKENDS

from rhodecode.lib.utils2 import str2bool, safe_unicode

from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\

    HasPermissionAnyMiddleware, CookieStoreWrapper

from rhodecode.lib.utils import get_repo_slug, invalidate_cache

from rhodecode.model import meta

from rhodecode.model.notification import NotificationModel

from rhodecode.model.scm import ScmModel

log = logging.getLogger(__name__)

def _get_ip_addr(environ):

    proxy_key = 'HTTP_X_REAL_IP'

    proxy_key2 = 'HTTP_X_FORWARDED_FOR'

    def_key = 'REMOTE_ADDR'

    ip = environ.get(proxy_key2)

    if ip:

        return ip

    ip = environ.get(proxy_key)

    if ip:

        return ip

    ip = environ.get(def_key, '0.0.0.0')

    return ip

def _get_access_path(environ):

    path = environ.get('PATH_INFO')

    org_req = environ.get('pylons.original_request')

    if org_req:

        path = org_req.environ.get('PATH_INFO')

    return path

class BasicAuth(AuthBasicAuthenticator):

    def __init__(self, realm, authfunc, auth_http_code=None):

        self.realm = realm

        self.authfunc = authfunc

        self._rc_auth_http_code = auth_http_code

    def build_authentication(self):

        head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)

        if self._rc_auth_http_code and self._rc_auth_http_code == '403':

            # return 403 if alternative http return code is specified in

            # RhodeCode config

            return HTTPForbidden(headers=head)

        return HTTPUnauthorized(headers=head)

                by_id = data[1].split('_')

                if len(by_id) == 2 and by_id[1].isdigit():

                    _repo_name = Repository.get(by_id[1]).repo_name

                    data[1] = _repo_name

        except:

            log.debug('Failed to extract repo_name from id %s' % (

                      traceback.format_exc()

                      )

            )

        return '/'.join(data)

    def _invalidate_cache(self, repo_name):

        """

        Set's cache for this repository for invalidation on next access

        :param repo_name: full repo name, also a cache key

        """

        invalidate_cache('get_repo_cached_%s' % repo_name)

    def _check_permission(self, action, user, repo_name):

        """

        Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: user instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        return True

    def _get_ip_addr(self, environ):

        return _get_ip_addr(environ)

    def __call__(self, environ, start_response):

        start = time.time()

        try:

            return self._handle_request(environ, start_response)

        finally:

            log = logging.getLogger('rhodecode.' + self.__class__.__name__)

            log.debug('Request time: %.3fs' % (time.time() - start))

            meta.Session.remove()

class BaseController(WSGIController):

    def __before__(self):

        c.rhodecode_version = __version__

        c.rhodecode_instanceid = config.get('instance_id')

        c.rhodecode_name = config.get('rhodecode_title')

        c.use_gravatar = str2bool(config.get('use_gravatar'))

        c.ga_code = config.get('rhodecode_ga_code')

        c.repo_name = get_repo_slug(request)

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel()\

                        .get_unread_cnt_for_user(c.rhodecode_user.user_id)

        self.cut_off_limit = int(config.get('cut_off_limit'))

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

        self.ip_addr = ''

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        start = time.time()

        try:

            self.ip_addr = _get_ip_addr(environ)

            # make sure that we update permissions each time we call controller

            api_key = request.GET.get('api_key')

            cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

            user_id = cookie_store.get('user_id', None)

            username = get_container_username(environ, config)

            auth_user = AuthUser(user_id, api_key, username)

            request.user = auth_user

            self.rhodecode_user = c.rhodecode_user = auth_user

            if not self.rhodecode_user.is_authenticated and \

                       self.rhodecode_user.user_id is not None:

                self.rhodecode_user.set_authenticated(

                    cookie_store.get('is_authenticated')

# -*- coding: utf-8 -*-

"""

    rhodecode.lib.middleware.https_fixup

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    middleware to handle https correctly

    :created_on: May 23, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from rhodecode.lib.utils2 import str2bool

class HttpsFixup(object):

    def __init__(self, app, config):

        self.application = app

        self.config = config

    def __call__(self, environ, start_response):

        self.__fixup(environ)

        return self.application(environ, start_response)

    def __fixup(self, environ):

        """

        Function to fixup the environ as needed. In order to use this

        middleware you should set this header inside your

        proxy ie. nginx, apache etc.

        """

        if str2bool(self.config.get('force_https')):

            proto = 'https'

import logging

import traceback

from dulwich import server as dulserver

from dulwich.web import LimitedInputFilter, GunzipFilter

class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):

    def handle(self):

        write = lambda x: self.proto.write_sideband(1, x)

        graph_walker = dulserver.ProtocolGraphWalker(self,

                                                     self.repo.object_store,

                                                     self.repo.get_peeled)

        objects_iter = self.repo.fetch_objects(

          graph_walker.determine_wants, graph_walker, self.progress,

          get_tagged=self.get_tagged)

        # Did the process short-circuit (e.g. in a stateless RPC call)? Note

        # that the client still expects a 0-object pack in most cases.

        if objects_iter is None:

            return

        self.progress("counting objects: %d, done.\n" % len(objects_iter))

        dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),

                                     objects_iter)

        messages = []

        messages.append('thank you for using rhodecode')

        for msg in messages:

            self.progress(msg + "\n")

        # we are done

        self.proto.write("0000")

dulserver.DEFAULT_HANDLERS = {

  #git-ls-remote, git-clone, git-fetch and git-pull

  'git-upload-pack': SimpleGitUploadPackHandler,

  #git-push

  'git-receive-pack': dulserver.ReceivePackHandler,

}

# not used for now until dulwich get's fixed

#from dulwich.repo import Repo

#from dulwich.web import make_wsgi_chain

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib.utils2 import safe_str

from rhodecode.lib.base import BaseVCSController

from rhodecode.lib.auth import get_container_username

from rhodecode.lib.utils import is_valid_repo, make_ui

from rhodecode.model.db import User, RhodeCodeUi

log = logging.getLogger(__name__)

GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')

def is_git(environ):

    path_info = environ['PATH_INFO']

    isgit_path = GIT_PROTO_PAT.match(path_info)

    log.debug('pathinfo: %s detected as GIT %s' % (

        path_info, isgit_path != None)

    )

    return isgit_path

class SimpleGit(BaseVCSController):

    def _handle_request(self, environ, start_response):

        if not is_git(environ):

            return self.application(environ, start_response)

        ipaddr = self._get_ip_addr(environ)

        username = None

        self._git_first_op = False

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        #======================================================================

        # EXTRACT REPOSITORY NAME FROM ENV

        #======================================================================

        try:

            repo_name = self.__get_repository(environ)

            log.debug('Extracted repo name is %s' % repo_name)

        except:

            return HTTPInternalServerError()(environ, start_response)

        # quick check if that dir exists...

        if is_valid_repo(repo_name, self.basepath) is False:

            return HTTPNotFound()(environ, start_response)

        #======================================================================

        # GET ACTION PULL or PUSH

        #======================================================================

        action = self.__get_action(environ)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            username = anonymous_user.username

            anonymous_perm = self._check_permission(action, anonymous_user,

                                                    repo_name)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # Attempting to retrieve username from the container

                username = get_container_username(environ, self.config)

# -*- coding: utf-8 -*-

"""

    rhodecode.lib.middleware.simplehg

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SimpleHG middleware for handling mercurial protocol request

    (push/clone etc.). It's implemented with basic auth function

    :created_on: Apr 28, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import logging

import traceback

import urllib

from mercurial.error import RepoError

from mercurial.hgweb import hgweb_mod

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib.utils2 import safe_str

from rhodecode.lib.base import BaseVCSController

from rhodecode.lib.auth import get_container_username

from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections

from rhodecode.model.db import User

log = logging.getLogger(__name__)

def is_mercurial(environ):

    """

    Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    path_info = environ['PATH_INFO']

    if http_accept and http_accept.startswith('application/mercurial'):

        ishg_path = True

    else:

        ishg_path = False

    log.debug('pathinfo: %s detected as HG %s' % (

        path_info, ishg_path)

    )

    return ishg_path

class SimpleHg(BaseVCSController):

    def _handle_request(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

        ipaddr = self._get_ip_addr(environ)

        username = None 

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        #======================================================================

        # EXTRACT REPOSITORY NAME FROM ENV

        #======================================================================

        try:

            repo_name = environ['REPO_NAME'] = self.__get_repository(environ)

            log.debug('Extracted repo name is %s' % repo_name)

        except:

            return HTTPInternalServerError()(environ, start_response)

        # quick check if that dir exists...

        if is_valid_repo(repo_name, self.basepath) is False:

            return HTTPNotFound()(environ, start_response)

        #======================================================================

        # GET ACTION PULL or PUSH

        #======================================================================

        action = self.__get_action(environ)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            username = anonymous_user.username

            anonymous_perm = self._check_permission(action, anonymous_user,

                                                    repo_name)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # Attempting to retrieve username from the container

                username = get_container_username(environ, self.config)

                'decode/encode', 'defaults',

                'diff', 'email',

                'extensions', 'format',

                'merge-patterns', 'merge-tools',

                'hooks', 'http_proxy',

                'smtp', 'patch',

                'paths', 'profiling',

                'server', 'trusted',

                'ui', 'web', ]

def make_ui(read_from='file', path=None, checkpaths=True):

    """

    A function that will read python rc files or database

    and make an mercurial ui object from read options

    :param path: path to mercurial config file

    :param checkpaths: check the path

    :param read_from: read from 'file' or 'db'

    """

    baseui = ui.ui()

    # clean the baseui object

    baseui._ocfg = config.config()

    baseui._ucfg = config.config()

    baseui._tcfg = config.config()

    if read_from == 'file':

        if not os.path.isfile(path):

            log.debug('hgrc file is not present at %s skipping...' % path)

            return False

        log.debug('reading hgrc from %s' % path)

        cfg = config.config()

        cfg.read(path)

        for section in ui_sections:

            for k, v in cfg.items(section):

                log.debug('settings ui from file[%s]%s:%s' % (section, k, v))

                baseui.setconfig(section, k, v)

    elif read_from == 'db':

        sa = meta.Session()

        ret = sa.query(RhodeCodeUi)\

            .options(FromCache("sql_cache_short", "get_hg_ui_settings"))\

            .all()

        hg_ui = ret

        for ui_ in hg_ui:

                log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,

                          ui_.ui_key, ui_.ui_value)

                baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)

        meta.Session.remove()

    return baseui

def set_rhodecode_config(config):

    """

    Updates pylons config with new settings from database

    :param config:

    """

    hgsettings = RhodeCodeSetting.get_app_settings()

    for k, v in hgsettings.items():

        config[k] = v

def invalidate_cache(cache_key, *args):

    """

    Puts cache invalidation task into db for

    further global cache invalidation

    """

    from rhodecode.model.scm import ScmModel

    if cache_key.startswith('get_repo_cached_'):

        name = cache_key.split('get_repo_cached_')[-1]

        ScmModel().mark_for_invalidation(name)

class EmptyChangeset(BaseChangeset):

    """

    An dummy empty changeset. It's possible to pass hash when creating

    an EmptyChangeset

    """

    def __init__(self, cs='0' * 40, repo=None, requested_revision=None,

                 alias=None):

        self._empty_cs = cs

        self.revision = -1

        self.message = ''

        self.author = ''

        self.date = ''

        self.repository = repo

        self.requested_revision = requested_revision

    @LazyProperty

    def repo_path(self):

        """

        Returns base full path for that repository means where it actually

        exists on a filesystem

        """

        q = Session().query(RhodeCodeUi).filter(RhodeCodeUi.ui_key ==

                                              Repository.url_sep())

        q = q.options(FromCache("sql_cache_short", "repository_repo_path"))

        return q.one().ui_value

    @property

    def repo_full_path(self):

        p = [self.repo_path]

        # we need to split the name by / since this is how we store the

        # names in the database, but that eventually needs to be converted

        # into a valid system path

        p += self.repo_name.split(Repository.url_sep())

        return os.path.join(*p)

    def get_new_name(self, repo_name):

        """

        returns new full repository name based on assigned group and new new

        :param group_name:

        """

        path_prefix = self.group.full_path_splitted if self.group else []

        return Repository.url_sep().join(path_prefix + [repo_name])

    @property

    def _ui(self):

        """

        Creates an db based ui object for this repository

        """

        from mercurial import ui

        from mercurial import config

        baseui = ui.ui()

        #clean the baseui object

        baseui._ocfg = config.config()

        baseui._ucfg = config.config()

        baseui._tcfg = config.config()

        ret = RhodeCodeUi.query()\

            .options(FromCache("sql_cache_short", "repository_repo_ui")).all()

        hg_ui = ret

        for ui_ in hg_ui:

                log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,

                          ui_.ui_key, ui_.ui_value)

                baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)

        return baseui

    @classmethod

    def inject_ui(cls, repo, extras={}):

        from rhodecode.lib.vcs.backends.hg import MercurialRepository

        from rhodecode.lib.vcs.backends.git import GitRepository

        required = (MercurialRepository, GitRepository)

        if not isinstance(repo, required):

            raise Exception('repo must be instance of %s' % required)

        # inject ui extra param to log this action via push logger

        for k, v in extras.items():

            repo._repo.ui.setconfig('rhodecode_extras', k, v)

    @classmethod

    def is_valid(cls, repo_name):

        """

        returns True if given repo name is a valid filesystem repository

        :param cls:

        :param repo_name:

        """

        from rhodecode.lib.utils import is_valid_repo

        return is_valid_repo(repo_name, cls.base_path())

    def get_api_data(self):

        """

        Common function for generating repo api data

        """

        repo = self

        data = dict(

            repo_id=repo.repo_id,

            repo_name=repo.repo_name,

            repo_type=repo.repo_type,

            clone_uri=repo.clone_uri,

            private=repo.private,

            created_on=repo.created_on,

            description=repo.description,

            landing_rev=repo.landing_rev,

            owner=repo.user.username,

            fork_of=repo.fork.repo_name if repo.fork else None

        )

                <div class="label">

                    <label for="rhodecode_title">${_('Application name')}:</label>

                </div>

                <div class="input">

                    ${h.text('rhodecode_title',size=30)}

                </div>

             </div>

            <div class="field">

                <div class="label">

                    <label for="rhodecode_realm">${_('Realm text')}:</label>

                </div>

                <div class="input">

                    ${h.text('rhodecode_realm',size=30)}

                </div>

            </div>

            <div class="field">

                <div class="label">

                    <label for="rhodecode_ga_code">${_('GA code')}:</label>

                </div>

                <div class="input">

                    ${h.text('rhodecode_ga_code',size=30)}

                </div>

            </div>

            <div class="buttons">

                ${h.submit('save',_('Save settings'),class_="ui-btn large")}

                ${h.reset('reset',_('Reset'),class_="ui-btn large")}

           </div>

        </div>

    </div>

    ${h.end_form()}

    <h3>${_('VCS settings')}</h3>

    ${h.form(url('admin_setting', setting_id='vcs'),method='put')}

    <div class="form">

        <!-- fields -->

        <div class="fields">

             <div class="field">

                <div class="label label-checkbox">

                    <label>${_('Web')}:</label>

                </div>

                <div class="checkboxes">

					<div class="checkbox">

						${h.checkbox('web_push_ssl','true')}

					</div>

				</div>

             </div>

             <div class="field">

                <div class="label label-checkbox">

                    <label>${_('Hooks')}:</label>

                </div>

                <div class="checkboxes">

					<div class="checkbox">

						${h.checkbox('hooks_changegroup_update','True')}

						<label for="hooks_changegroup_update">${_('Update repository after push (hg update)')}</label>

					</div>

					<div class="checkbox">

						${h.checkbox('hooks_changegroup_repo_size','True')}

						<label for="hooks_changegroup_repo_size">${_('Show repository size after push')}</label>

					</div>

                    <div class="checkbox">

                        ${h.checkbox('hooks_changegroup_push_logger','True')}

                        <label for="hooks_changegroup_push_logger">${_('Log user push commands')}</label>

                    </div>

                    <div class="checkbox">

                        ${h.checkbox('hooks_preoutgoing_pull_logger','True')}

                        <label for="hooks_preoutgoing_pull_logger">${_('Log user pull commands')}</label>

                    </div>

				</div>

                <div class="input" style="margin-top:10px">

                    ${h.link_to(_('advanced setup'),url('admin_edit_setting',setting_id='hooks'),class_="ui-btn")}

                </div>

             </div>

            <div class="field">

                <div class="label">

                    <label for="paths_root_path">${_('Repositories location')}:</label>

                </div>

                <div class="input">

                    ${h.text('paths_root_path',size=30,readonly="readonly")}

					<span id="path_unlock" class="tooltip"

						title="${h.tooltip(_('This a crucial application setting. If you are really sure you need to change this, you must restart application in order to make this setting take effect. Click this label to unlock.'))}">

		                ${_('unlock')}</span>

                </div>

            </div>

            <div class="buttons">

                ${h.submit('save',_('Save settings'),class_="ui-btn large")}

                ${h.reset('reset',_('Reset'),class_="ui-btn large")}

           </div>

        </div>

    </div>