Mercurial > hg
view tests/test-chg.t @ 37048:fc5e261915b9
wireproto: require POST for all HTTPv2 requests
Wire protocol version 1 transfers argument data via request
headers by default. This has historically caused problems because
servers institute limits on the length of individual HTTP headers
as well as the total size of all request headers. Mercurial servers
can advertise the maximum length of an individual header. But
there's no guarantee any intermediate HTTP agents will accept
headers up to that length.
In the existing wire protocol, server operators typically also
key off the HTTP request method to implement authentication.
For example, GET requests translate to read-only requests and
can be allowed. But read-write commands must use POST and require
authentication. This has typically worked because the only wire
protocol commands that use POST modify the repo (e.g. the
"unbundle" command).
There is an experimental feature to enable clients to transmit
argument data via POST request bodies. This is technically a
better and more robust solution. But we can't enable it by default
because of servers assuming POST means write access.
In version 2 of the wire protocol, the permissions of a request
are encoded in the URL. And with it being a new protocol in a new
URL space, we're not constrained by backwards compatibility
requirements.
This commit adopts the technically superior mechanism of using
HTTP request bodies to send argument data by requiring POST for
all commands. Strictly speaking, it may be possible to send
request bodies on GET requests. But my experience is that not all
HTTP stacks support this. POST pretty much always works. Using POST
for read-only operations does sacrifice some RESTful design
purity. But this API cares about practicality, not about being
in Roy T. Fielding's REST ivory tower.
There's a chance we may relax this restriction in the future. But
for now, I want to see how far we can get with a POST only API.
Differential Revision: https://phab.mercurial-scm.org/D2837
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Tue, 13 Mar 2018 11:57:43 -0700 |
parents | b94db1780365 |
children | 5abc47d4ca6b |
line wrap: on
line source
#require chg $ cp $HGRCPATH $HGRCPATH.orig init repo $ chg init foo $ cd foo ill-formed config $ chg status $ echo '=brokenconfig' >> $HGRCPATH $ chg status hg: parse error at * (glob) [255] $ cp $HGRCPATH.orig $HGRCPATH long socket path $ sockpath=$TESTTMP/this/path/should/be/longer/than/one-hundred-and-seven/characters/where/107/is/the/typical/size/limit/of/unix-domain-socket $ mkdir -p $sockpath $ bakchgsockname=$CHGSOCKNAME $ CHGSOCKNAME=$sockpath/server $ export CHGSOCKNAME $ chg root $TESTTMP/foo $ rm -rf $sockpath $ CHGSOCKNAME=$bakchgsockname $ export CHGSOCKNAME $ cd .. editor ------ $ cat >> pushbuffer.py <<EOF > def reposetup(ui, repo): > repo.ui.pushbuffer(subproc=True) > EOF $ chg init editor $ cd editor by default, system() should be redirected to the client: $ touch foo $ CHGDEBUG= HGEDITOR=cat chg ci -Am channeled --edit 2>&1 \ > | egrep "HG:|run 'cat" chg: debug: * run 'cat "*"' at '$TESTTMP/editor' (glob) HG: Enter commit message. Lines beginning with 'HG:' are removed. HG: Leave message empty to abort commit. HG: -- HG: user: test HG: branch 'default' HG: added foo but no redirection should be made if output is captured: $ touch bar $ CHGDEBUG= HGEDITOR=cat chg ci -Am bufferred --edit \ > --config extensions.pushbuffer="$TESTTMP/pushbuffer.py" 2>&1 \ > | egrep "HG:|run 'cat" [1] check that commit commands succeeded: $ hg log -T '{rev}:{desc}\n' 1:bufferred 0:channeled $ cd .. pager ----- $ cat >> fakepager.py <<EOF > import sys > for line in sys.stdin: > sys.stdout.write('paged! %r\n' % line) > EOF enable pager extension globally, but spawns the master server with no tty: $ chg init pager $ cd pager $ cat >> $HGRCPATH <<EOF > [extensions] > pager = > [pager] > pager = $PYTHON $TESTTMP/fakepager.py > EOF $ chg version > /dev/null $ touch foo $ chg ci -qAm foo pager should be enabled if the attached client has a tty: $ chg log -l1 -q --config ui.formatted=True paged! '0:1f7b0de80e11\n' $ chg log -l1 -q --config ui.formatted=False 0:1f7b0de80e11 chg waits for pager if runcommand raises $ cat > $TESTTMP/crash.py <<EOF > from mercurial import registrar > cmdtable = {} > command = registrar.command(cmdtable) > @command(b'crash') > def pagercrash(ui, repo, *pats, **opts): > ui.write('going to crash\n') > raise Exception('.') > EOF $ cat > $TESTTMP/fakepager.py <<EOF > from __future__ import absolute_import > import sys > import time > for line in iter(sys.stdin.readline, ''): > if 'crash' in line: # only interested in lines containing 'crash' > # if chg exits when pager is sleeping (incorrectly), the output > # will be captured by the next test case > time.sleep(1) > sys.stdout.write('crash-pager: %s' % line) > EOF $ cat >> .hg/hgrc <<EOF > [extensions] > crash = $TESTTMP/crash.py > EOF $ chg crash --pager=on --config ui.formatted=True 2>/dev/null crash-pager: going to crash [255] $ cd .. server lifecycle ---------------- chg server should be restarted on code change, and old server will shut down automatically. In this test, we use the following time parameters: - "sleep 1" to make mtime different - "sleep 2" to notice mtime change (polling interval is 1 sec) set up repository with an extension: $ chg init extreload $ cd extreload $ touch dummyext.py $ cat <<EOF >> .hg/hgrc > [extensions] > dummyext = dummyext.py > EOF isolate socket directory for stable result: $ OLDCHGSOCKNAME=$CHGSOCKNAME $ mkdir chgsock $ CHGSOCKNAME=`pwd`/chgsock/server warm up server: $ CHGDEBUG= chg log 2>&1 | egrep 'instruction|start' chg: debug: * start cmdserver at $TESTTMP/extreload/chgsock/server.* (glob) new server should be started if extension modified: $ sleep 1 $ touch dummyext.py $ CHGDEBUG= chg log 2>&1 | egrep 'instruction|start' chg: debug: * instruction: unlink $TESTTMP/extreload/chgsock/server-* (glob) chg: debug: * instruction: reconnect (glob) chg: debug: * start cmdserver at $TESTTMP/extreload/chgsock/server.* (glob) old server will shut down, while new server should still be reachable: $ sleep 2 $ CHGDEBUG= chg log 2>&1 | (egrep 'instruction|start' || true) socket file should never be unlinked by old server: (simulates unowned socket by updating mtime, which makes sure server exits at polling cycle) $ ls chgsock/server-* chgsock/server-* (glob) $ touch chgsock/server-* $ sleep 2 $ ls chgsock/server-* chgsock/server-* (glob) since no server is reachable from socket file, new server should be started: (this test makes sure that old server shut down automatically) $ CHGDEBUG= chg log 2>&1 | egrep 'instruction|start' chg: debug: * start cmdserver at $TESTTMP/extreload/chgsock/server.* (glob) shut down servers and restore environment: $ rm -R chgsock $ CHGSOCKNAME=$OLDCHGSOCKNAME $ cd ..