Mercurial > kallithea
changeset 7723:d14328af601e
middleware: minor cleanup and alignment between VCSs to clarify how things work
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Mon, 07 Jan 2019 02:08:38 +0100 |
parents | 0441afb55a96 |
children | b88150a90804 |
files | kallithea/lib/base.py kallithea/lib/middleware/simplegit.py kallithea/lib/middleware/simplehg.py kallithea/lib/utils.py |
diffstat | 4 files changed, 22 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/base.py Wed Jan 23 03:47:46 2019 +0100 +++ b/kallithea/lib/base.py Mon Jan 07 02:08:38 2019 +0100 @@ -58,7 +58,7 @@ from kallithea.lib.vcs.exceptions import RepositoryError, EmptyRepositoryError, ChangesetDoesNotExistError from kallithea.model import meta -from kallithea.model.db import PullRequest, Repository, Ui, User, Setting +from kallithea.model.db import PullRequest, Repository, User, Setting from kallithea.model.scm import ScmModel log = logging.getLogger(__name__) @@ -102,11 +102,11 @@ def _get_access_path(environ): - path = environ.get('PATH_INFO') + """Return PATH_INFO from environ ... using tg.original_request if available.""" org_req = environ.get('tg.original_request') - if org_req: - path = org_req.environ.get('PATH_INFO') - return path + if org_req is not None: + environ = org_req.environ + return environ.get('PATH_INFO') def log_in_user(user, remember, is_external_auth, ip_addr): @@ -210,7 +210,7 @@ """ raise NotImplementedError() - def _authorize(self, environ, start_response, action, repo_name, ip_addr): + def _authorize(self, environ, action, repo_name, ip_addr): """Authenticate and authorize user. Since we're dealing with a VCS client and not a browser, we only
--- a/kallithea/lib/middleware/simplegit.py Wed Jan 23 03:47:46 2019 +0100 +++ b/kallithea/lib/middleware/simplegit.py Mon Jan 07 02:08:38 2019 +0100 @@ -28,13 +28,11 @@ """ -import os import re import logging import traceback -from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ - HTTPNotAcceptable, HTTPBadRequest +from webob.exc import HTTPNotFound, HTTPInternalServerError, HTTPBadRequest from kallithea.model.db import Ui, Repository from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ @@ -83,7 +81,6 @@ return parsed_request def _handle_request(self, parsed_request, environ, start_response): - ip_addr = self._get_ip_addr(environ) # skip passing error to error controller environ['pylons.status_code_redirect'] = True @@ -98,14 +95,14 @@ #====================================================================== # CHECK PERMISSIONS #====================================================================== - user, response_app = self._authorize(environ, start_response, parsed_request.action, parsed_request.repo_name, ip_addr) + ip_addr = self._get_ip_addr(environ) + user, response_app = self._authorize(environ, parsed_request.action, parsed_request.repo_name, ip_addr) if response_app is not None: return response_app(environ, start_response) # extras are injected into Mercurial UI object and later available # in hooks executed by Kallithea from kallithea import CONFIG - server_url = get_server_url(environ) extras = { 'ip': ip_addr, 'username': user.username, @@ -113,14 +110,14 @@ 'repository': parsed_request.repo_name, 'scm': self.scm_alias, 'config': CONFIG['__file__'], - 'server_url': server_url, + 'server_url': get_server_url(environ), } - #=================================================================== - # GIT REQUEST HANDLING - #=================================================================== + #====================================================================== + # REQUEST HANDLING + #====================================================================== log.debug('HOOKS extras is %s', extras) - _set_extras(extras or {}) + _set_extras(extras) try: log.info('%s action on %s repo "%s" by "%s" from %s',
--- a/kallithea/lib/middleware/simplehg.py Wed Jan 23 03:47:46 2019 +0100 +++ b/kallithea/lib/middleware/simplehg.py Mon Jan 07 02:08:38 2019 +0100 @@ -33,8 +33,7 @@ import traceback import urllib -from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ - HTTPNotAcceptable, HTTPBadRequest +from webob.exc import HTTPNotFound, HTTPInternalServerError, HTTPBadRequest from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ _set_extras @@ -137,7 +136,6 @@ return parsed_request def _handle_request(self, parsed_request, environ, start_response): - ip_addr = self._get_ip_addr(environ) # skip passing error to error controller environ['pylons.status_code_redirect'] = True @@ -152,14 +150,14 @@ #====================================================================== # CHECK PERMISSIONS #====================================================================== - user, response_app = self._authorize(environ, start_response, parsed_request.action, parsed_request.repo_name, ip_addr) + ip_addr = self._get_ip_addr(environ) + user, response_app = self._authorize(environ, parsed_request.action, parsed_request.repo_name, ip_addr) if response_app is not None: return response_app(environ, start_response) # extras are injected into Mercurial UI object and later available # in hooks executed by Kallithea from kallithea import CONFIG - server_url = get_server_url(environ) extras = { 'ip': ip_addr, 'username': user.username, @@ -167,13 +165,14 @@ 'repository': parsed_request.repo_name, 'scm': self.scm_alias, 'config': CONFIG['__file__'], - 'server_url': server_url, + 'server_url': get_server_url(environ), } + #====================================================================== - # MERCURIAL REQUEST HANDLING + # REQUEST HANDLING #====================================================================== log.debug('HOOKS extras is %s', extras) - _set_extras(extras or {}) + _set_extras(extras) try: log.info('%s action on %s repo "%s" by "%s" from %s',
--- a/kallithea/lib/utils.py Wed Jan 23 03:47:46 2019 +0100 +++ b/kallithea/lib/utils.py Mon Jan 07 02:08:38 2019 +0100 @@ -268,6 +268,7 @@ :return True: if given path is a valid repository """ + # TODO: paranoid security checks? full_path = os.path.join(safe_str(base_path), safe_str(repo_name)) try: