mercurial/hgweb/wsgicgi.py
author Julien Cristau <jcristau@debian.org>
Sat, 09 Apr 2022 14:23:52 +0200
changeset 49115 50bd2910d162
parent 49004 f254fc73d956
child 50777 04bfcb416745
child 50952 18c8c18993f0
permissions -rw-r--r--
sslutil: be less strict about which ciphers are allowed when using --insecure Python 3.10 restricted which ciphers are enabled by default, leading to no available ciphers for TLS < 1.2. When using the --insecure flag we allow old TLS, so also adjust the cipher list to give connections a chance to work. On the server side, also loosen the cipher selection in tests (when using the devel.serverexactprotocol option). Differential Revision: https://phab.mercurial-scm.org/D12489

# hgweb/wsgicgi.py - CGI->WSGI translator
#
# Copyright 2006 Eric Hopper <hopper@omnifarious.org>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.
#
# This was originally copied from the public domain code at
# http://www.python.org/dev/peps/pep-0333/#the-server-gateway-side


import os

from ..pycompat import getattr
from .. import pycompat

from ..utils import procutil

from . import common


def launch(application):
    procutil.setbinary(procutil.stdin)
    procutil.setbinary(procutil.stdout)

    environ = dict(os.environ.items())  # re-exports
    environ.setdefault('PATH_INFO', '')
    if environ.get('SERVER_SOFTWARE', '').startswith('Microsoft-IIS'):
        # IIS includes script_name in PATH_INFO
        scriptname = environ['SCRIPT_NAME']
        if environ['PATH_INFO'].startswith(scriptname):
            environ['PATH_INFO'] = environ['PATH_INFO'][len(scriptname) :]

    stdin = procutil.stdin
    if environ.get('HTTP_EXPECT', '').lower() == '100-continue':
        stdin = common.continuereader(stdin, procutil.stdout.write)

    environ['wsgi.input'] = stdin
    environ['wsgi.errors'] = procutil.stderr
    environ['wsgi.version'] = (1, 0)
    environ['wsgi.multithread'] = False
    environ['wsgi.multiprocess'] = True
    environ['wsgi.run_once'] = True

    if environ.get('HTTPS', 'off').lower() in ('on', '1', 'yes'):
        environ['wsgi.url_scheme'] = 'https'
    else:
        environ['wsgi.url_scheme'] = 'http'

    headers_set = []
    headers_sent = []
    out = procutil.stdout

    def write(data):
        if not headers_set:
            raise AssertionError(b"write() before start_response()")

        elif not headers_sent:
            # Before the first output, send the stored headers
            status, response_headers = headers_sent[:] = headers_set
            out.write(b'Status: %s\r\n' % pycompat.bytesurl(status))
            for hk, hv in response_headers:
                out.write(
                    b'%s: %s\r\n'
                    % (pycompat.bytesurl(hk), pycompat.bytesurl(hv))
                )
            out.write(b'\r\n')

        out.write(data)
        out.flush()

    def start_response(status, response_headers, exc_info=None):
        if exc_info:
            try:
                if headers_sent:
                    # Re-raise original exception if headers sent
                    raise exc_info[0](exc_info[1], exc_info[2])
            finally:
                del exc_info  # avoid dangling circular ref
        elif headers_set:
            raise AssertionError(b"Headers already set!")

        headers_set[:] = [status, response_headers]
        return write

    content = application(environ, start_response)
    try:
        for chunk in content:
            write(chunk)
        if not headers_sent:
            write(b'')  # send headers now if body was empty
    finally:
        getattr(content, 'close', lambda: None)()