diff options
author | Drew DeVault <sir@cmpwn.com> | 2018-12-31 11:55:01 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2018-12-31 11:55:01 -0500 |
commit | 0e5d4a5ef61a6f16b6c6f9fe1d5fc2477808120c (patch) | |
tree | b1cd5d0d866be5f3fdf656f8fbe47fd423abe1eb | |
parent | 53bceed4ec308f339bb0e0c1aef94f1c385962f8 (diff) |
Use core.sr.ht-managed alembic; fix script names
-rw-r--r-- | alembic.ini.example | 58 | ||||
-rw-r--r-- | config.example.ini (renamed from config.ini.example) | 3 | ||||
l---------[-rwxr-xr-x] | man-srht-keys | 33 | ||||
l---------[-rwxr-xr-x] | man-srht-shell | 77 | ||||
-rwxr-xr-x | mansrht-keys | 32 | ||||
-rwxr-xr-x | mansrht-migrate | 5 | ||||
-rwxr-xr-x | mansrht-shell | 76 | ||||
-rw-r--r-- | mansrht/alembic/env.py | 81 | ||||
-rwxr-xr-x | setup.py | 5 |
9 files changed, 125 insertions, 245 deletions
diff --git a/alembic.ini.example b/alembic.ini.example deleted file mode 100644 index 22b5bb4..0000000 --- a/alembic.ini.example +++ /dev/null @@ -1,58 +0,0 @@ -# A generic, single database configuration. - -[alembic] -# path to migration scripts -script_location = mansrht/alembic - -# template used to generate migration files -# file_template = %%(rev)s_%%(slug)s - -# max length of characters to apply to the -# "slug" field -#truncate_slug_length = 40 - -# set to 'true' to run the environment during -# the 'revision' command, regardless of autogenerate -# revision_environment = false - -# set to 'true' to allow .pyc and .pyo files without -# a source .py file to be detected as revisions in the -# versions/ directory -# sourceless = false - -sqlalchemy.url = postgres://postgres@localhost/man.sr.ht - -# Logging configuration -[loggers] -keys = root,sqlalchemy,alembic - -[handlers] -keys = console - -[formatters] -keys = generic - -[logger_root] -level = WARN -handlers = console -qualname = - -[logger_sqlalchemy] -level = WARN -handlers = -qualname = sqlalchemy.engine - -[logger_alembic] -level = INFO -handlers = -qualname = alembic - -[handler_console] -class = StreamHandler -args = (sys.stderr,) -level = NOTSET -formatter = generic - -[formatter_generic] -format = %(levelname)-5.5s [%(name)s] %(message)s -datefmt = %H:%M:%S diff --git a/config.ini.example b/config.example.ini index cb32547..b280cab 100644 --- a/config.ini.example +++ b/config.example.ini @@ -40,6 +40,9 @@ oauth-client-id=CHANGEME oauth-client-secret=CHANGEME connection-string=postgresql://postgres@localhost/man.sr.ht +# +# Set to "yes" to automatically run migrations on package upgrade. +migrate-on-upgrade=yes # Address and port to bind the debug server to. debug-host=0.0.0.0 diff --git a/man-srht-keys b/man-srht-keys index 50bf316..437d97d 100755..120000 --- a/man-srht-keys +++ b/man-srht-keys @@ -1,32 +1 @@ -#!/usr/bin/env python3 -import os -import sys -import requests -from srht.config import cfg -from srht.database import DbSession -db = DbSession(cfg("man.sr.ht", "connection-string")) -from mansrht.types import User -db.init() - -sys.stderr.write(str(sys.argv) + "\n") -key_type = sys.argv[3] -b64key = sys.argv[4] - -r = requests.get("{}/api/ssh-key/{}".format( - cfg("meta.sr.ht", "origin"), b64key)) -if r.status_code != 200: - sys.stderr.write("meta.sr.ht returned 404 for this key\n") - sys.exit(0) -j = r.json() -username = j["owner"]["name"] -u = User.query.filter(User.username == username).first() -if not u: - sys.stderr.write("Unknown user {}\n", username) - sys.exit(1) -shell = os.path.join(os.path.dirname(sys.argv[0]), "man-srht-shell") -keys = "command=\"{} '{}' '{}'\",".format(shell, u.id, b64key) + \ - "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " + \ - "{} {} {}".format(key_type, b64key, username) + "\n" -print(keys) -sys.stderr.write(keys) -sys.exit(0) +mansrht-keys
\ No newline at end of file diff --git a/man-srht-shell b/man-srht-shell index ec264cf..6b8d489 100755..120000 --- a/man-srht-shell +++ b/man-srht-shell @@ -1,76 +1 @@ -#!/usr/bin/env python3 -import sys -import os -try: - f = open("/var/log/man-srht-shell", "a") - os.close(sys.stderr.fileno()) - os.dup2(f.fileno(), sys.stderr.fileno()) -except Exception as ex: - sys.stderr.write("Unable to open log for writing\n") - sys.stderr.write(str(ex) + "\n") -import requests -import shlex -from datetime import datetime -from srht.config import cfg -from srht.validation import Validation -from srht.database import DbSession -db = DbSession(cfg("man.sr.ht", "connection-string")) -from mansrht.access import has_access, UserAccess -from mansrht.types import User, Wiki -db.init() - -def log(s, *args): - sys.stderr.write("{} {}\n".format(datetime.now().isoformat(), - s.format(*args) if isinstance(s, str) else str(s))) - sys.stderr.flush() - -root = cfg("man.sr.ht", "origin") -repos = cfg("man.sr.ht", "repo-path") - -_cmd = os.environ.get("SSH_ORIGINAL_COMMAND") -if not _cmd: - _cmd = "" -if len(sys.argv) < 2: - log("Error: expected 2 arguments from SSH") - sys.exit(1) -user_id = sys.argv[1] -ssh_key = sys.argv[2] - -user = User.query.filter(User.id == user_id).first() -if not user: - log("Unknown user ID {}", user_id) - sys.exit(1) -log("User: {}", user.username) - -cmd = shlex.split(_cmd) -valid_commands = ["git-receive-pack", "git-upload-pack", "git-upload-archive"] -if len(cmd) < 1 or not cmd[0] in valid_commands: - log("Not permitting unacceptable command") - print("Hi {}! You've successfully authenticated, ".format(user.username) + - "but I do not provide an interactive shell. Bye!") - sys.exit(128) -os.chdir(repos) -path = os.path.abspath(cmd[-1]) -if not path.startswith(repos): - log("Access denied") - sys.exit(128) -cmd[-1] = path - -if path == os.path.join(repos, "root"): - if cmd[0] == "git-receive-pack" and not user.admin: - sys.exit(128) -else: - wiki = Wiki.query.filter(Wiki.path == path).first() - if not wiki: - sys.exit(128) - - if cmd[0] == "git-receive-pack": - if not has_access(wiki, UserAccess.write, user): - sys.exit(128) - else: - if not has_access(wiki, UserAccess.read, user): - sys.exit(128) - -log("Executing {}", " ".join(cmd)) -sys.stderr.close() -os.execvp(cmd[0], cmd) +mansrht-shell
\ No newline at end of file diff --git a/mansrht-keys b/mansrht-keys new file mode 100755 index 0000000..50bf316 --- /dev/null +++ b/mansrht-keys @@ -0,0 +1,32 @@ +#!/usr/bin/env python3 +import os +import sys +import requests +from srht.config import cfg +from srht.database import DbSession +db = DbSession(cfg("man.sr.ht", "connection-string")) +from mansrht.types import User +db.init() + +sys.stderr.write(str(sys.argv) + "\n") +key_type = sys.argv[3] +b64key = sys.argv[4] + +r = requests.get("{}/api/ssh-key/{}".format( + cfg("meta.sr.ht", "origin"), b64key)) +if r.status_code != 200: + sys.stderr.write("meta.sr.ht returned 404 for this key\n") + sys.exit(0) +j = r.json() +username = j["owner"]["name"] +u = User.query.filter(User.username == username).first() +if not u: + sys.stderr.write("Unknown user {}\n", username) + sys.exit(1) +shell = os.path.join(os.path.dirname(sys.argv[0]), "man-srht-shell") +keys = "command=\"{} '{}' '{}'\",".format(shell, u.id, b64key) + \ + "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " + \ + "{} {} {}".format(key_type, b64key, username) + "\n" +print(keys) +sys.stderr.write(keys) +sys.exit(0) diff --git a/mansrht-migrate b/mansrht-migrate new file mode 100755 index 0000000..dfbbe30 --- /dev/null +++ b/mansrht-migrate @@ -0,0 +1,5 @@ +#!/usr/bin/env python3 +import mansrht.alembic +from srht.config import cfg +from srht.database import alembic +alembic("man.sr.ht", mansrht.alembic) diff --git a/mansrht-shell b/mansrht-shell new file mode 100755 index 0000000..ec264cf --- /dev/null +++ b/mansrht-shell @@ -0,0 +1,76 @@ +#!/usr/bin/env python3 +import sys +import os +try: + f = open("/var/log/man-srht-shell", "a") + os.close(sys.stderr.fileno()) + os.dup2(f.fileno(), sys.stderr.fileno()) +except Exception as ex: + sys.stderr.write("Unable to open log for writing\n") + sys.stderr.write(str(ex) + "\n") +import requests +import shlex +from datetime import datetime +from srht.config import cfg +from srht.validation import Validation +from srht.database import DbSession +db = DbSession(cfg("man.sr.ht", "connection-string")) +from mansrht.access import has_access, UserAccess +from mansrht.types import User, Wiki +db.init() + +def log(s, *args): + sys.stderr.write("{} {}\n".format(datetime.now().isoformat(), + s.format(*args) if isinstance(s, str) else str(s))) + sys.stderr.flush() + +root = cfg("man.sr.ht", "origin") +repos = cfg("man.sr.ht", "repo-path") + +_cmd = os.environ.get("SSH_ORIGINAL_COMMAND") +if not _cmd: + _cmd = "" +if len(sys.argv) < 2: + log("Error: expected 2 arguments from SSH") + sys.exit(1) +user_id = sys.argv[1] +ssh_key = sys.argv[2] + +user = User.query.filter(User.id == user_id).first() +if not user: + log("Unknown user ID {}", user_id) + sys.exit(1) +log("User: {}", user.username) + +cmd = shlex.split(_cmd) +valid_commands = ["git-receive-pack", "git-upload-pack", "git-upload-archive"] +if len(cmd) < 1 or not cmd[0] in valid_commands: + log("Not permitting unacceptable command") + print("Hi {}! You've successfully authenticated, ".format(user.username) + + "but I do not provide an interactive shell. Bye!") + sys.exit(128) +os.chdir(repos) +path = os.path.abspath(cmd[-1]) +if not path.startswith(repos): + log("Access denied") + sys.exit(128) +cmd[-1] = path + +if path == os.path.join(repos, "root"): + if cmd[0] == "git-receive-pack" and not user.admin: + sys.exit(128) +else: + wiki = Wiki.query.filter(Wiki.path == path).first() + if not wiki: + sys.exit(128) + + if cmd[0] == "git-receive-pack": + if not has_access(wiki, UserAccess.write, user): + sys.exit(128) + else: + if not has_access(wiki, UserAccess.read, user): + sys.exit(128) + +log("Executing {}", " ".join(cmd)) +sys.stderr.close() +os.execvp(cmd[0], cmd) diff --git a/mansrht/alembic/env.py b/mansrht/alembic/env.py index c079e04..071af51 100644 --- a/mansrht/alembic/env.py +++ b/mansrht/alembic/env.py @@ -1,78 +1,3 @@ -from __future__ import with_statement -import os, sys -sys.path.append(os.getcwd()) -from alembic import context -from sqlalchemy import engine_from_config, pool -from logging.config import fileConfig - -# this is the Alembic Config object, which provides -# access to the values within the .ini file in use. -config = context.config - -# Interpret the config file for Python logging. -# This line sets up loggers basically. -fileConfig(config.config_file_name) - -# add your model's MetaData object here -# for 'autogenerate' support -from mansrht.app import app, db -from srht.database import Base -target_metadata = Base.metadata - -# other values from the config, defined by the needs of env.py, -# can be acquired: -# my_important_option = config.get_main_option("my_important_option") -# ... etc. - -def run_migrations_offline(): - """Run migrations in 'offline' mode. - - This configures the context with just a URL - and not an Engine, though an Engine is acceptable - here as well. By skipping the Engine creation - we don't even need a DBAPI to be available. - - Calls to context.execute() here emit the given string to the - script output. - - """ - url = config.get_main_option("sqlalchemy.url") - context.configure( - url=url, - target_metadata=target_metadata, - include_schemas=True - ) - - with context.begin_transaction(): - context.run_migrations() - -def run_migrations_online(): - """Run migrations in 'online' mode. - - In this scenario we need to create an Engine - and associate a connection with the context. - - """ - engine = engine_from_config( - config.get_section(config.config_ini_section), - prefix='sqlalchemy.', - poolclass=pool.NullPool) - - connection = engine.connect() - context.configure( - connection=connection, - target_metadata=target_metadata, - include_schemas=True - ) - - try: - with context.begin_transaction(): - context.run_migrations() - finally: - connection.close() - -if context.is_offline_mode(): - run_migrations_offline() -else: - run_migrations_online() - +import mansrht.types +from srht.database import alembic_env +alembic_env() @@ -41,8 +41,8 @@ setup( 'mansrht', 'mansrht.alembic', 'mansrht.alembic.versions', - 'mansrht.types', 'mansrht.blueprints' + 'mansrht.types', ], version = ver, description = 'man.sr.ht website', @@ -60,6 +60,9 @@ setup( }, scripts = [ 'man-srht-keys', + 'mansrht-keys', 'man-srht-shell', + 'mansrht-shell', + 'mansrht-migrate', ] ) |