2006-06-02 19:05:01 +04:00
|
|
|
# hgweb/common.py - Utility functions needed by hgweb_mod and hgwebdir_mod
|
2006-05-31 21:42:44 +04:00
|
|
|
#
|
|
|
|
# Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>
|
2006-08-12 23:30:02 +04:00
|
|
|
# Copyright 2005, 2006 Matt Mackall <mpm@selenic.com>
|
2006-05-31 21:42:44 +04:00
|
|
|
#
|
2009-04-26 03:08:54 +04:00
|
|
|
# This software may be used and distributed according to the terms of the
|
2010-01-20 07:20:08 +03:00
|
|
|
# GNU General Public License version 2 or any later version.
|
2006-05-31 21:42:44 +04:00
|
|
|
|
2015-10-31 16:07:40 +03:00
|
|
|
from __future__ import absolute_import
|
|
|
|
|
2015-11-01 09:07:08 +03:00
|
|
|
import BaseHTTPServer
|
2015-10-31 16:07:40 +03:00
|
|
|
import errno
|
|
|
|
import mimetypes
|
|
|
|
import os
|
2007-11-28 19:38:42 +03:00
|
|
|
|
2008-02-01 12:31:13 +03:00
|
|
|
HTTP_OK = 200
|
2010-09-08 17:23:48 +04:00
|
|
|
HTTP_NOT_MODIFIED = 304
|
2008-02-01 12:31:13 +03:00
|
|
|
HTTP_BAD_REQUEST = 400
|
2008-07-22 20:23:20 +04:00
|
|
|
HTTP_UNAUTHORIZED = 401
|
2008-09-05 19:28:37 +04:00
|
|
|
HTTP_FORBIDDEN = 403
|
2008-02-01 12:31:13 +03:00
|
|
|
HTTP_NOT_FOUND = 404
|
2008-07-22 20:23:20 +04:00
|
|
|
HTTP_METHOD_NOT_ALLOWED = 405
|
2008-02-01 12:31:13 +03:00
|
|
|
HTTP_SERVER_ERROR = 500
|
|
|
|
|
2009-11-23 13:03:55 +03:00
|
|
|
|
2013-04-16 01:57:04 +04:00
|
|
|
def ismember(ui, username, userlist):
|
|
|
|
"""Check if username is a member of userlist.
|
|
|
|
|
|
|
|
If userlist has a single '*' member, all users are considered members.
|
2013-10-23 21:49:56 +04:00
|
|
|
Can be overridden by extensions to provide more complex authorization
|
2013-04-16 01:57:04 +04:00
|
|
|
schemes.
|
|
|
|
"""
|
|
|
|
return userlist == ['*'] or username in userlist
|
|
|
|
|
2009-11-23 13:03:55 +03:00
|
|
|
def checkauthz(hgweb, req, op):
|
|
|
|
'''Check permission for operation based on request data (including
|
|
|
|
authentication info). Return if op allowed, else raise an ErrorResponse
|
|
|
|
exception.'''
|
|
|
|
|
|
|
|
user = req.env.get('REMOTE_USER')
|
|
|
|
|
|
|
|
deny_read = hgweb.configlist('web', 'deny_read')
|
2013-04-16 01:57:04 +04:00
|
|
|
if deny_read and (not user or ismember(hgweb.repo.ui, user, deny_read)):
|
2009-11-23 13:03:55 +03:00
|
|
|
raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized')
|
|
|
|
|
|
|
|
allow_read = hgweb.configlist('web', 'allow_read')
|
2013-04-16 01:57:04 +04:00
|
|
|
if allow_read and (not ismember(hgweb.repo.ui, user, allow_read)):
|
2009-11-23 13:03:55 +03:00
|
|
|
raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized')
|
|
|
|
|
|
|
|
if op == 'pull' and not hgweb.allowpull:
|
|
|
|
raise ErrorResponse(HTTP_UNAUTHORIZED, 'pull not authorized')
|
|
|
|
elif op == 'pull' or op is None: # op is None for interface requests
|
|
|
|
return
|
|
|
|
|
|
|
|
# enforce that you can only push using POST requests
|
|
|
|
if req.env['REQUEST_METHOD'] != 'POST':
|
|
|
|
msg = 'push requires POST request'
|
|
|
|
raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg)
|
|
|
|
|
|
|
|
# require ssl by default for pushing, auth info cannot be sniffed
|
|
|
|
# and replayed
|
|
|
|
scheme = req.env.get('wsgi.url_scheme')
|
|
|
|
if hgweb.configbool('web', 'push_ssl', True) and scheme != 'https':
|
2012-09-05 18:59:27 +04:00
|
|
|
raise ErrorResponse(HTTP_FORBIDDEN, 'ssl required')
|
2009-11-23 13:03:55 +03:00
|
|
|
|
|
|
|
deny = hgweb.configlist('web', 'deny_push')
|
2013-04-16 01:57:04 +04:00
|
|
|
if deny and (not user or ismember(hgweb.repo.ui, user, deny)):
|
2009-11-23 13:03:55 +03:00
|
|
|
raise ErrorResponse(HTTP_UNAUTHORIZED, 'push not authorized')
|
|
|
|
|
|
|
|
allow = hgweb.configlist('web', 'allow_push')
|
2013-04-16 01:57:04 +04:00
|
|
|
if not (allow and ismember(hgweb.repo.ui, user, allow)):
|
2009-11-23 13:03:55 +03:00
|
|
|
raise ErrorResponse(HTTP_UNAUTHORIZED, 'push not authorized')
|
|
|
|
|
2011-04-30 15:47:22 +04:00
|
|
|
# Hooks for hgweb permission checks; extensions can add hooks here.
|
|
|
|
# Each hook is invoked like this: hook(hgweb, request, operation),
|
|
|
|
# where operation is either read, pull or push. Hooks should either
|
|
|
|
# raise an ErrorResponse exception, or just return.
|
|
|
|
#
|
|
|
|
# It is possible to do both authentication and authorization through
|
|
|
|
# this.
|
|
|
|
permhooks = [checkauthz]
|
2009-11-23 13:03:55 +03:00
|
|
|
|
|
|
|
|
2007-11-28 19:38:42 +03:00
|
|
|
class ErrorResponse(Exception):
|
2009-02-09 13:31:52 +03:00
|
|
|
def __init__(self, code, message=None, headers=[]):
|
2011-02-21 02:52:26 +03:00
|
|
|
if message is None:
|
|
|
|
message = _statusmessage(code)
|
2015-09-08 21:56:29 +03:00
|
|
|
Exception.__init__(self, message)
|
2007-11-28 19:38:42 +03:00
|
|
|
self.code = code
|
2009-02-09 13:31:52 +03:00
|
|
|
self.headers = headers
|
2007-11-28 20:39:17 +03:00
|
|
|
|
2010-02-06 13:27:28 +03:00
|
|
|
class continuereader(object):
|
|
|
|
def __init__(self, f, write):
|
|
|
|
self.f = f
|
|
|
|
self._write = write
|
|
|
|
self.continued = False
|
|
|
|
|
|
|
|
def read(self, amt=-1):
|
|
|
|
if not self.continued:
|
|
|
|
self.continued = True
|
|
|
|
self._write('HTTP/1.1 100 Continue\r\n\r\n')
|
|
|
|
return self.f.read(amt)
|
|
|
|
|
|
|
|
def __getattr__(self, attr):
|
|
|
|
if attr in ('close', 'readline', 'readlines', '__iter__'):
|
|
|
|
return getattr(self.f, attr)
|
2012-05-12 18:00:58 +04:00
|
|
|
raise AttributeError
|
2010-02-06 13:27:28 +03:00
|
|
|
|
2007-11-28 20:39:17 +03:00
|
|
|
def _statusmessage(code):
|
2015-11-01 09:07:08 +03:00
|
|
|
responses = BaseHTTPServer.BaseHTTPRequestHandler.responses
|
2007-11-28 20:39:17 +03:00
|
|
|
return responses.get(code, ('Error', 'Unknown error'))[0]
|
2007-12-29 21:49:48 +03:00
|
|
|
|
2009-11-02 12:20:04 +03:00
|
|
|
def statusmessage(code, message=None):
|
|
|
|
return '%d %s' % (code, message or _statusmessage(code))
|
2006-05-31 21:42:44 +04:00
|
|
|
|
2015-07-03 20:07:51 +03:00
|
|
|
def get_stat(spath, fn):
|
|
|
|
"""stat fn if it exists, spath otherwise"""
|
2014-09-27 16:59:55 +04:00
|
|
|
cl_path = os.path.join(spath, fn)
|
2006-12-01 15:34:09 +03:00
|
|
|
if os.path.exists(cl_path):
|
2011-04-19 17:15:56 +04:00
|
|
|
return os.stat(cl_path)
|
2006-05-31 21:42:44 +04:00
|
|
|
else:
|
2011-04-19 17:15:56 +04:00
|
|
|
return os.stat(spath)
|
|
|
|
|
|
|
|
def get_mtime(spath):
|
2015-07-03 20:07:51 +03:00
|
|
|
return get_stat(spath, "00changelog.i").st_mtime
|
2006-05-31 21:42:44 +04:00
|
|
|
|
2006-06-27 20:33:12 +04:00
|
|
|
def staticfile(directory, fname, req):
|
2008-01-23 16:28:25 +03:00
|
|
|
"""return a file inside directory with guessed Content-Type header
|
2006-05-31 21:42:44 +04:00
|
|
|
|
|
|
|
fname always uses '/' as directory separator and isn't allowed to
|
|
|
|
contain unusual path components.
|
2008-01-23 16:28:25 +03:00
|
|
|
Content-Type is guessed using the mimetypes module.
|
2006-05-31 21:42:44 +04:00
|
|
|
Return an empty string if fname is illegal or file not found.
|
|
|
|
|
|
|
|
"""
|
|
|
|
parts = fname.split('/')
|
|
|
|
for part in parts:
|
|
|
|
if (part in ('', os.curdir, os.pardir) or
|
|
|
|
os.sep in part or os.altsep is not None and os.altsep in part):
|
2013-02-10 21:24:29 +04:00
|
|
|
return
|
2008-10-29 08:24:17 +03:00
|
|
|
fpath = os.path.join(*parts)
|
|
|
|
if isinstance(directory, str):
|
|
|
|
directory = [directory]
|
|
|
|
for d in directory:
|
|
|
|
path = os.path.join(d, fpath)
|
|
|
|
if os.path.exists(path):
|
|
|
|
break
|
2006-05-31 21:42:44 +04:00
|
|
|
try:
|
|
|
|
os.stat(path)
|
|
|
|
ct = mimetypes.guess_type(path)[0] or "text/plain"
|
2010-12-24 17:23:01 +03:00
|
|
|
fp = open(path, 'rb')
|
|
|
|
data = fp.read()
|
|
|
|
fp.close()
|
2013-01-15 04:07:03 +04:00
|
|
|
req.respond(HTTP_OK, ct, body=data)
|
2007-11-28 19:38:42 +03:00
|
|
|
except TypeError:
|
2009-06-09 17:25:17 +04:00
|
|
|
raise ErrorResponse(HTTP_SERVER_ERROR, 'illegal filename')
|
2015-06-24 08:20:08 +03:00
|
|
|
except OSError as err:
|
2007-11-28 19:38:42 +03:00
|
|
|
if err.errno == errno.ENOENT:
|
2008-02-01 12:31:13 +03:00
|
|
|
raise ErrorResponse(HTTP_NOT_FOUND)
|
2007-11-28 19:38:42 +03:00
|
|
|
else:
|
2008-02-01 12:31:13 +03:00
|
|
|
raise ErrorResponse(HTTP_SERVER_ERROR, err.strerror)
|
2006-10-06 20:28:50 +04:00
|
|
|
|
2007-05-29 18:42:05 +04:00
|
|
|
def paritygen(stripecount, offset=0):
|
|
|
|
"""count parity of horizontal stripes for easier reading"""
|
|
|
|
if stripecount and offset:
|
|
|
|
# account for offset, e.g. due to building the list in reverse
|
|
|
|
count = (stripecount + offset) % stripecount
|
|
|
|
parity = (stripecount + offset) / stripecount & 1
|
|
|
|
else:
|
|
|
|
count = 0
|
|
|
|
parity = 0
|
|
|
|
while True:
|
|
|
|
yield parity
|
|
|
|
count += 1
|
|
|
|
if stripecount and count >= stripecount:
|
|
|
|
parity = 1 - parity
|
|
|
|
count = 0
|
|
|
|
|
2008-01-01 19:07:15 +03:00
|
|
|
def get_contact(config):
|
|
|
|
"""Return repo contact information or empty string.
|
|
|
|
|
|
|
|
web.contact is the primary source, but if that is not set, try
|
|
|
|
ui.username or $EMAIL as a fallback to display something useful.
|
|
|
|
"""
|
|
|
|
return (config("web", "contact") or
|
|
|
|
config("ui", "username") or
|
|
|
|
os.environ.get("EMAIL") or "")
|
2010-09-08 17:23:48 +04:00
|
|
|
|
|
|
|
def caching(web, req):
|
hgweb: emit a valid, weak ETag
Previously, ETag headers from hgweb weren't correctly formed, because rfc2616
(section 14, header definitions) requires double quotes around the content of
the header. str(web.mtime) didn't do that.
Additionally, strong ETags signify that the resource representations are
byte-for-byte identical. That is, they can be reconstructed from byte ranges if
client so wishes. Considering ETags for all hgweb pages is just mtime of
00changelog.i and doesn't consider of e.g. .hg/hgrc with description, contact
and other fields, it's clearly shouldn't be strong. The W/ prefix marks it as
weak, which still allows caching the whole served file/page, but doesn't allow
byte-range requests.
2016-07-08 22:26:24 +03:00
|
|
|
tag = 'W/"%s"' % web.mtime
|
2010-09-08 17:23:48 +04:00
|
|
|
if req.env.get('HTTP_IF_NONE_MATCH') == tag:
|
|
|
|
raise ErrorResponse(HTTP_NOT_MODIFIED)
|
|
|
|
req.headers.append(('ETag', tag))
|