Mercurial > hg

view hgext/lfs/wireprotolfsserver.py @ 39772:ae531f5e583c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
testing: add interface unit tests for file storage Our strategy for supporting alternate storage backends is to define interfaces for everything then "code to the interface." We already have interfaces for various primitives, including file and manifest storage. What we don't have is generic unit tests for those interfaces. Up to this point we've been relying on high-level integration tests (mainly in the form of existing .t tests) to test alternate storage backends. And my experience with developing the "simple store" test extension is that such testing is very tedious: it takes several minutes to run all tests and when you find a failure, it is often non-trivial to debug. This commit starts to change that. This commit introduces the mercurial.testing.storage module. It contains testing code for storage. Currently, it defines some unittest.TestCase classes for testing the file storage interfaces. It also defines some factory functions that allow a caller to easily spawn a custom TestCase "bound" to a specific file storage backend implementation. A new .py test has been added. It simply defines a callable to produce filelog and transaction instances on demand and then "registers" the various test classes so the filelog class can be tested with the storage interface unit tests. As part of writing the tests, I identified a couple of apparent bugs in revlog.py and filelog.py! These are tracked with inline TODO comments. Writing the tests makes it more obvious where the storage interface is lacking. For example, we raise either IndexError or error.LookupError for missing revisions depending on whether we use an integer revision or a node. Also, we raise error.RevlogError in various places when we should be raising a storage-agnostic error type. The storage interfaces are currently far from perfect and there is much work to be done to improve them. But at least with this commit we finally have the start of unit tests that can be used to "qualify" the behavior of a storage backend. And when implementing and debugging new storage backends, we now have an obvious place to define new tests and have obvious places to insert breakpoints to facilitate debugging. This should be invaluable when implementing new storage backends. I added the mercurial.testing package because these interface conformance tests are generic and need to be usable by all storage backends. Having the code live in tests/ would make it difficult for storage backends implemented in extensions to test their interface conformance. First, it would require obtaining a copy of Mercurial's storage test code in order to test. Second, it would make testing against multiple Mercurial versions difficult, as you would need to import N copies of the storage testing code in order to achieve test coverage. By making the test code part of the Mercurial distribution itself, extensions can `import mercurial.testing.*` to access and run the test code. The test will run against whatever Mercurial version is active. FWIW I've always wanted to move parts of run-tests.py into the mercurial.* package to make the testing story simpler (e.g. imagine an `hg debugruntests` command that could invoke the test harness). While I have no plans to do that in the near future, establishing the mercurial.testing package does provide a natural home for that code should someone do this in the future. Differential Revision: https://phab.mercurial-scm.org/D4650
author Gregory Szorc <gregory.szorc@gmail.com>
date Tue, 18 Sep 2018 16:52:11 -0700
parents a913d2892e17
children 84d61fdcefa5
line wrap: on
line source

# wireprotolfsserver.py - lfs protocol server side implementation
#
# Copyright 2018 Matt Harbison <matt_harbison@yahoo.com>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.

from __future__ import absolute_import

import datetime
import errno
import json
import traceback

from mercurial.hgweb import (
    common as hgwebcommon,
)

from mercurial import (
    pycompat,
    util,
)

from . import blobstore

HTTP_OK = hgwebcommon.HTTP_OK
HTTP_CREATED = hgwebcommon.HTTP_CREATED
HTTP_BAD_REQUEST = hgwebcommon.HTTP_BAD_REQUEST
HTTP_NOT_FOUND = hgwebcommon.HTTP_NOT_FOUND
HTTP_METHOD_NOT_ALLOWED = hgwebcommon.HTTP_METHOD_NOT_ALLOWED
HTTP_NOT_ACCEPTABLE = hgwebcommon.HTTP_NOT_ACCEPTABLE
HTTP_UNSUPPORTED_MEDIA_TYPE = hgwebcommon.HTTP_UNSUPPORTED_MEDIA_TYPE

def handlewsgirequest(orig, rctx, req, res, checkperm):
    """Wrap wireprotoserver.handlewsgirequest() to possibly process an LFS
    request if it is left unprocessed by the wrapped method.
    """
    if orig(rctx, req, res, checkperm):
        return True

    if not rctx.repo.ui.configbool('experimental', 'lfs.serve'):
        return False

    if not util.safehasattr(rctx.repo.svfs, 'lfslocalblobstore'):
        return False

    if not req.dispatchpath:
        return False

    try:
        if req.dispatchpath == b'.git/info/lfs/objects/batch':
            checkperm(rctx, req, 'pull')
            return _processbatchrequest(rctx.repo, req, res)
        # TODO: reserve and use a path in the proposed http wireprotocol /api/
        #       namespace?
        elif req.dispatchpath.startswith(b'.hg/lfs/objects'):
            return _processbasictransfer(rctx.repo, req, res,
                                         lambda perm:
                                                checkperm(rctx, req, perm))
        return False
    except hgwebcommon.ErrorResponse as e:
        # XXX: copied from the handler surrounding wireprotoserver._callhttp()
        #      in the wrapped function.  Should this be moved back to hgweb to
        #      be a common handler?
        for k, v in e.headers:
            res.headers[k] = v
        res.status = hgwebcommon.statusmessage(e.code, pycompat.bytestr(e))
        res.setbodybytes(b'0\n%s\n' % pycompat.bytestr(e))
        return True

def _sethttperror(res, code, message=None):
    res.status = hgwebcommon.statusmessage(code, message=message)
    res.headers[b'Content-Type'] = b'text/plain; charset=utf-8'
    res.setbodybytes(b'')

def _logexception(req):
    """Write information about the current exception to wsgi.errors."""
    tb = pycompat.sysbytes(traceback.format_exc())
    errorlog = req.rawenv[r'wsgi.errors']

    uri = b''
    if req.apppath:
        uri += req.apppath
    uri += b'/' + req.dispatchpath

    errorlog.write(b"Exception happened while processing request '%s':\n%s" %
                   (uri, tb))

def _processbatchrequest(repo, req, res):
    """Handle a request for the Batch API, which is the gateway to granting file
    access.

    https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md
    """

    # Mercurial client request:
    #
    #   HOST: localhost:$HGPORT
    #   ACCEPT: application/vnd.git-lfs+json
    #   ACCEPT-ENCODING: identity
    #   USER-AGENT: git-lfs/2.3.4 (Mercurial 4.5.2+1114-f48b9754f04c+20180316)
    #   Content-Length: 125
    #   Content-Type: application/vnd.git-lfs+json
    #
    #   {
    #     "objects": [
    #       {
    #         "oid": "31cf...8e5b"
    #         "size": 12
    #       }
    #     ]
    #     "operation": "upload"
    #  }

    if req.method != b'POST':
        _sethttperror(res, HTTP_METHOD_NOT_ALLOWED)
        return True

    if req.headers[b'Content-Type'] != b'application/vnd.git-lfs+json':
        _sethttperror(res, HTTP_UNSUPPORTED_MEDIA_TYPE)
        return True

    if req.headers[b'Accept'] != b'application/vnd.git-lfs+json':
        _sethttperror(res, HTTP_NOT_ACCEPTABLE)
        return True

    # XXX: specify an encoding?
    lfsreq = json.loads(req.bodyfh.read())

    # If no transfer handlers are explicitly requested, 'basic' is assumed.
    if 'basic' not in lfsreq.get('transfers', ['basic']):
        _sethttperror(res, HTTP_BAD_REQUEST,
                      b'Only the basic LFS transfer handler is supported')
        return True

    operation = lfsreq.get('operation')
    if operation not in ('upload', 'download'):
        _sethttperror(res, HTTP_BAD_REQUEST,
                      b'Unsupported LFS transfer operation: %s' % operation)
        return True

    localstore = repo.svfs.lfslocalblobstore

    objects = [p for p in _batchresponseobjects(req, lfsreq.get('objects', []),
                                                operation, localstore)]

    rsp = {
        'transfer': 'basic',
        'objects': objects,
    }

    res.status = hgwebcommon.statusmessage(HTTP_OK)
    res.headers[b'Content-Type'] = b'application/vnd.git-lfs+json'
    res.setbodybytes(pycompat.bytestr(json.dumps(rsp)))

    return True

def _batchresponseobjects(req, objects, action, store):
    """Yield one dictionary of attributes for the Batch API response for each
    object in the list.

    req: The parsedrequest for the Batch API request
    objects: The list of objects in the Batch API object request list
    action: 'upload' or 'download'
    store: The local blob store for servicing requests"""

    # Successful lfs-test-server response to solict an upload:
    # {
    #    u'objects': [{
    #       u'size': 12,
    #       u'oid': u'31cf...8e5b',
    #       u'actions': {
    #           u'upload': {
    #               u'href': u'http://localhost:$HGPORT/objects/31cf...8e5b',
    #               u'expires_at': u'0001-01-01T00:00:00Z',
    #               u'header': {
    #                   u'Accept': u'application/vnd.git-lfs'
    #               }
    #           }
    #       }
    #    }]
    # }

    # TODO: Sort out the expires_at/expires_in/authenticated keys.

    for obj in objects:
        # Convert unicode to ASCII to create a filesystem path
        oid = obj.get('oid').encode('ascii')
        rsp = {
            'oid': oid,
            'size': obj.get('size'),  # XXX: should this check the local size?
            #'authenticated': True,
        }

        exists = True
        verifies = False

        # Verify an existing file on the upload request, so that the client is
        # solicited to re-upload if it corrupt locally.  Download requests are
        # also verified, so the error can be flagged in the Batch API response.
        # (Maybe we can use this to short circuit the download for `hg verify`,
        # IFF the client can assert that the remote end is an hg server.)
        # Otherwise, it's potentially overkill on download, since it is also
        # verified as the file is streamed to the caller.
        try:
            verifies = store.verify(oid)
            if verifies and action == 'upload':
                # The client will skip this upload, but make sure it remains
                # available locally.
                store.linkfromusercache(oid)
        except IOError as inst:
            if inst.errno != errno.ENOENT:
                _logexception(req)

                rsp['error'] = {
                    'code': 500,
                    'message': inst.strerror or 'Internal Server Server'
                }
                yield rsp
                continue

            exists = False

        # Items are always listed for downloads.  They are dropped for uploads
        # IFF they already exist locally.
        if action == 'download':
            if not exists:
                rsp['error'] = {
                    'code': 404,
                    'message': "The object does not exist"
                }
                yield rsp
                continue

            elif not verifies:
                rsp['error'] = {
                    'code': 422,   # XXX: is this the right code?
                    'message': "The object is corrupt"
                }
                yield rsp
                continue

        elif verifies:
            yield rsp  # Skip 'actions': already uploaded
            continue

        expiresat = datetime.datetime.now() + datetime.timedelta(minutes=10)

        def _buildheader():
            # The spec doesn't mention the Accept header here, but avoid
            # a gratuitous deviation from lfs-test-server in the test
            # output.
            hdr = {
                'Accept': 'application/vnd.git-lfs'
            }

            auth = req.headers.get('Authorization', '')
            if auth.startswith('Basic '):
                hdr['Authorization'] = auth

            return hdr

        rsp['actions'] = {
            '%s' % action: {
                'href': '%s%s/.hg/lfs/objects/%s'
                    % (req.baseurl, req.apppath, oid),
                # datetime.isoformat() doesn't include the 'Z' suffix
                "expires_at": expiresat.strftime('%Y-%m-%dT%H:%M:%SZ'),
                'header': _buildheader(),
            }
        }

        yield rsp

def _processbasictransfer(repo, req, res, checkperm):
    """Handle a single file upload (PUT) or download (GET) action for the Basic
    Transfer Adapter.

    After determining if the request is for an upload or download, the access
    must be checked by calling ``checkperm()`` with either 'pull' or 'upload'
    before accessing the files.

    https://github.com/git-lfs/git-lfs/blob/master/docs/api/basic-transfers.md
    """

    method = req.method
    oid = req.dispatchparts[-1]
    localstore = repo.svfs.lfslocalblobstore

    if len(req.dispatchparts) != 4:
        _sethttperror(res, HTTP_NOT_FOUND)
        return True

    if method == b'PUT':
        checkperm('upload')

        # TODO: verify Content-Type?

        existed = localstore.has(oid)

        # TODO: how to handle timeouts?  The body proxy handles limiting to
        #       Content-Length, but what happens if a client sends less than it
        #       says it will?

        statusmessage = hgwebcommon.statusmessage
        try:
            localstore.download(oid, req.bodyfh)
            res.status = statusmessage(HTTP_OK if existed else HTTP_CREATED)
        except blobstore.LfsCorruptionError:
            _logexception(req)

            # XXX: Is this the right code?
            res.status = statusmessage(422, b'corrupt blob')

        # There's no payload here, but this is the header that lfs-test-server
        # sends back.  This eliminates some gratuitous test output conditionals.
        res.headers[b'Content-Type'] = b'text/plain; charset=utf-8'
        res.setbodybytes(b'')

        return True
    elif method == b'GET':
        checkperm('pull')

        res.status = hgwebcommon.statusmessage(HTTP_OK)
        res.headers[b'Content-Type'] = b'application/octet-stream'

        try:
            # TODO: figure out how to send back the file in chunks, instead of
            #       reading the whole thing.  (Also figure out how to send back
            #       an error status if an IOError occurs after a partial write
            #       in that case.  Here, everything is read before starting.)
            res.setbodybytes(localstore.read(oid))
        except blobstore.LfsCorruptionError:
            _logexception(req)

            # XXX: Is this the right code?
            res.status = hgwebcommon.statusmessage(422, b'corrupt blob')
            res.setbodybytes(b'')

        return True
    else:
        _sethttperror(res, HTTP_METHOD_NOT_ALLOWED,
                      message=b'Unsupported LFS transfer method: %s' % method)
        return True