o ]Lb#@sddlmZddlZddlZddlZddlZddlZddlmZm Z ddl m Z mZm Z m Z e jZdZdZdZd Zd Zd Zd Zd ZdZdZdZddZddZegZGdddeZGdddeZ ddZ!d+ddZ"ddZ#dd Z$d!d"Z%d#d$Z&d,d%d&Z'd'd(Z(d)d*Z)dS)-)absolute_importN)getattropen)encodingpycompat templaterutili0iiiiiiiicCs|dgkp||vS)zCheck if username is a member of userlist. If userlist has a single '*' member, all users are considered members. Can be overridden by extensions to provide more complex authorization schemes. *)uiusernameuserlistr r 8/usr/lib/python3/dist-packages/mercurial/hgweb/common.pyismember+src Cs@|j}|dd}|r|rt|jj||rttd|dd}|r/t|jj||s/ttd|dkr;|js;ttd|dksC|durEdS|dkrV|jd krUd }tt |n |jd krbd }tt || dd rr|j dkrrtt d|dd}|r|rt|jj||rttd|dd}|rt|jj||sttddS)zCheck permission for operation based on request data (including authentication info). Return if op allowed, else raise an ErrorResponse exception.webs deny_readsread not authorizeds allow_readspullspull not authorizedNsuploadsPUTsupload requires PUT requestsPOSTspush requires POST requestspush_sslshttpss ssl requireds deny_pushspush not authorizeds allow-push) remoteuser configlistrrepor ErrorResponseHTTP_UNAUTHORIZED allowpullmethodHTTP_METHOD_NOT_ALLOWED configbool urlschemeHTTP_FORBIDDEN) hgwebreqopuser deny_read allow_readmsgdenyallowr r r checkauthz5s8              r(c@seZdZdddZdS)rNcCsD|durt|}t|t|||_|durg}||_||_dSN)_statusmessage Exception__init__rsysstrcodeheadersmessage)selfr.r0r/r r rr,ls zErrorResponse.__init__)NN)__name__ __module__ __qualname__r,r r r rrksrc@s*eZdZdZddZd ddZddZd S) continuereadera.File object wrapper to handle HTTP 100-continue. This is used by servers so they automatically handle Expect: 100-continue request headers. On first read of the request body, the 100 Continue response is sent. This should trigger the client into actually sending the request body. cCs||_||_d|_dS)NF)f_write continued)r1r6writer r rr,s zcontinuereader.__init__cCs"|js d|_|d|j|S)NTsHTTP/1.1 100 Continue )r8r7r6read)r1amtr r rr;s  zcontinuereader.readcCs|dvr t|j|St)N)sclosesreadlines readliness__iter__)rr6AttributeError)r1attrr r r __getattr__s zcontinuereader.__getattr__N)r:)r2r3r4__doc__r,r;r?r r r rr5ws   r5cCstjj}t||ddS)N)Errorz Unknown errorr) httpserverbasehttprequesthandler responsesrbytesurlget)r.rDr r rr*sr*cCsd||pt|fS)Ns%d %s)r*)r.r0r r r statusmessagesrGcCs.tj||}tj|rt|St|S)z%stat fn if it exists, spath otherwise)ospathjoinexistsstat)spathfncl_pathr r rget_stats   rPcCst|dtjS)Ns 00changelog.i)rPrLST_MTIME)rMr r r get_mtimesrRcCsN|d}|D]}|dtjtjfvs!tj|vs!tjdur$tj|vr$dSqdS)z9Determine if a path is safe to use for filesystem access./NFT)splitroscurdirospardirosseposaltsep)rIpartspartr r r ispathsafes    r\c Cst|sdS|s|p t}|durtj|d}tjj|d}tt t |dp/d}tj||}z t |t |d }|} Wdn1sRwYWn*tydttdty} z| jtjkruttttt| jd} ~ ww||jd<|| |S) a+return a file inside directory with guessed Content-Type header fname always uses '/' as directory separator and isn't allowed to contain unusual path components. Content-Type is guessed using the mimetypes module. Return an empty string if fname is illegal or file not found. NsstaticrSrz text/plainsrbsillegal filenames Content-Type)r\r templatedirrHrIrJrUrsysbytes mimetypes guess_typefsdecoderLrr; TypeErrorrHTTP_SERVER_ERROROSErrorerrnoENOENTHTTP_NOT_FOUNDr strtolocalstrerrorr/ setbodybytes) templatepath directoryfnamerestpfpathctrIfhdataerrr r r staticfiles<           ruccsZ|r|r|||}|||d@}nd}d} |V|d7}|r,||kr,d|}d}q)z5count parity of horizontal stripes for easier readingrr ) stripecountoffsetcountparityr r r paritygens  r{cCs$|ddp|ddptjdpdS)zReturn repo contact information or empty string. web.contact is the primary source, but if that is not set, try ui.username or $EMAIL as a fallback to display something useful. rscontactsuisusernamesEMAILrT)renvironrF)configr r r get_contacts  r~cCsRddl}|jdddd}d}|r%d|vr%t|jd}|d|}||fS) aObtain the Content-Security-Policy header and nonce value. Returns a 2-tuple of the CSP header value and the nonce value. First value is ``None`` if CSP isn't enabled. Second value is ``None`` if CSP isn't enabled or if the CSP header doesn't need a nonce. rNrscspF) untrusteds%nonce%=)uuidr}base64urlsafe_b64encodeuuid4bytesrstripreplace)rrcspnoncer r r cspvaluess  rr))r)* __future__rrrer_rHrLrrrrrr rBHTTP_OK HTTP_CREATEDHTTP_NOT_MODIFIEDHTTP_BAD_REQUESTrrrgrHTTP_NOT_ACCEPTABLEHTTP_UNSUPPORTED_MEDIA_TYPErcrr( permhooksr+robjectr5r*rGrPrRr\rur{r~rr r r rsD  3    )