Shuffle things around - preparing for next change, and arguably slightly better
Better logging of invalid requests.
This commit is contained in:
Mads Kiilerich
Родитель
ca9403962a
Коммит
3d5673e997
|
|
@ -129,17 +129,9 @@ class proxyserver(object):
|
||||||
return self.run_wsgi(req)
|
return self.run_wsgi(req)
|
||||||
|
|
||||||
def run_wsgi(self, req):
|
def run_wsgi(self, req):
|
||||||
proto = protocol.webproto(req, self.ui)
|
path = req.env['PATH_INFO'].replace('\\', '/').strip('/')
|
||||||
|
|
||||||
u = util.url(self.serverurl)
|
u = util.url(self.serverurl)
|
||||||
|
|
||||||
# Simple path validation - probably only sufficient on Linux
|
|
||||||
path = req.env['PATH_INFO'].replace('\\', '/').strip('/')
|
|
||||||
if ':' in path or path.startswith('.') or '/.' in path:
|
|
||||||
self.ui.warn(_('bad request path %r\n') % path)
|
|
||||||
req.respond(common.HTTP_BAD_REQUEST, protocol.HGTYPE)
|
|
||||||
return []
|
|
||||||
|
|
||||||
# Forward HTTP basic authorization headers through the layers
|
# Forward HTTP basic authorization headers through the layers
|
||||||
authheader = req.env.get('HTTP_AUTHORIZATION')
|
authheader = req.env.get('HTTP_AUTHORIZATION')
|
||||||
if authheader and authheader.lower().startswith('basic '):
|
if authheader and authheader.lower().startswith('basic '):
|
||||||
|
|
@ -147,18 +139,12 @@ class proxyserver(object):
|
||||||
if ':' in userpasswd:
|
if ':' in userpasswd:
|
||||||
u.user, u.passwd = userpasswd.split(':', 1)
|
u.user, u.passwd = userpasswd.split(':', 1)
|
||||||
|
|
||||||
# Bounce early on missing credentials
|
proto = protocol.webproto(req, self.ui)
|
||||||
if not (self.anonymous or u.user and u.passwd):
|
|
||||||
er = common.ErrorResponse(common.HTTP_UNAUTHORIZED,
|
|
||||||
'Authentication is mandatory',
|
|
||||||
self.authheaders)
|
|
||||||
req.respond(er, protocol.HGTYPE)
|
|
||||||
return ['HTTP authentication required']
|
|
||||||
|
|
||||||
# MIME and HTTP allows multiple headers by the same name - we only
|
# MIME and HTTP allows multiple headers by the same name - we only
|
||||||
# use and care about one
|
# use and care about one
|
||||||
args = dict((k, v[0]) for k, v in proto._args().items())
|
args = dict((k, v[0]) for k, v in proto._args().items())
|
||||||
cmd = args.pop('cmd', None)
|
cmd = args.pop('cmd', None)
|
||||||
|
|
||||||
self.ui.write("%s@%s cmd: %s args: %s\n" %
|
self.ui.write("%s@%s cmd: %s args: %s\n" %
|
||||||
(u.user, path or '/', cmd, ' '.join('%s=%s' % (k, v)
|
(u.user, path or '/', cmd, ' '.join('%s=%s' % (k, v)
|
||||||
for k, v in sorted(args.items()))))
|
for k, v in sorted(args.items()))))
|
||||||
|
|
@ -168,6 +154,20 @@ class proxyserver(object):
|
||||||
req.respond(common.HTTP_BAD_REQUEST, protocol.HGTYPE)
|
req.respond(common.HTTP_BAD_REQUEST, protocol.HGTYPE)
|
||||||
return []
|
return []
|
||||||
|
|
||||||
|
# Simple path validation - probably only sufficient on Linux
|
||||||
|
if ':' in path or path.startswith('.') or '/.' in path:
|
||||||
|
self.ui.warn(_('bad request path %r\n') % path)
|
||||||
|
req.respond(common.HTTP_BAD_REQUEST, protocol.HGTYPE)
|
||||||
|
return []
|
||||||
|
|
||||||
|
# Bounce early on missing credentials
|
||||||
|
if not (self.anonymous or u.user and u.passwd):
|
||||||
|
er = common.ErrorResponse(common.HTTP_UNAUTHORIZED,
|
||||||
|
'Authentication is mandatory',
|
||||||
|
self.authheaders)
|
||||||
|
req.respond(er, protocol.HGTYPE)
|
||||||
|
return ['HTTP authentication required']
|
||||||
|
|
||||||
u.path = posixpath.join(u.path or '', req.env['PATH_INFO']).strip('/')
|
u.path = posixpath.join(u.path or '', req.env['PATH_INFO']).strip('/')
|
||||||
url = str(u)
|
url = str(u)
|
||||||
|
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче