[roundup.git] / roundup-server

#!/usr/bin/python
#
# Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/)
# This module is free software, and you may redistribute it and/or modify
# under the same terms as Python, so long as this copyright message and
# disclaimer are retained in their original form.
#
# IN NO EVENT SHALL THE BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR
# DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
# OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
# BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE.  THE CODE PROVIDED HEREUNDER IS ON AN "AS IS"
# BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
# SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
# 
""" HTTP Server that serves roundup.

Based on CGIHTTPServer in the Python library.

$Id: roundup-server,v 1.10 2001-08-07 00:15:51 richard Exp $

"""
import sys
if int(sys.version[0]) < 2:
    print "Content-Type: text/plain\n"
    print "Roundup requires Python 2.0 or newer."
    sys.exit(0)

import os, urllib, StringIO, traceback, cgi, binascii, string, getopt, imp
import BaseHTTPServer
import SimpleHTTPServer

# Roundup modules of use here
from roundup import cgitb, cgi_client
import roundup.instance

#
##  Configuration
#

# This indicates where the Roundup instance lives
ROUNDUP_INSTANCE_HOMES = {
    'bar': '/tmp/bar',
}

# Where to log debugging information to. Use an instance of DevNull if you
# don't want to log anywhere.
# TODO: actually use this stuff
#class DevNull:
#    def write(self, info):
#        pass
#LOG = open('/var/log/roundup.cgi.log', 'a')
#LOG = DevNull()

#
##  end configuration
#


class RoundupRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
    ROUNDUP_INSTANCE_HOMES = ROUNDUP_INSTANCE_HOMES
    def send_head(self):
        """Version of send_head that support CGI scripts"""
        # TODO: actually do the HEAD ...
        return self.run_cgi()

    def run_cgi(self):
        """ Execute the CGI command. Wrap an innner call in an error
            handler so all errors can be caught.
        """
        save_stdin = sys.stdin
        sys.stdin = self.rfile
        try:
            self.inner_run_cgi()
        except cgi_client.Unauthorised:
            self.wfile.write('Content-Type: text/html\n')
            self.wfile.write('Status: 403\n')
            self.wfile.write('Unauthorised')
        except:
            try:
                reload(cgitb)
                self.wfile.write("Content-Type: text/html\n\n")
                self.wfile.write(cgitb.breaker())
                self.wfile.write(cgitb.html())
            except:
                self.wfile.write("Content-Type: text/html\n\n")
                self.wfile.write("<pre>")
                s = StringIO.StringIO()
                traceback.print_exc(None, s)
                self.wfile.write(cgi.escape(s.getvalue()))
                self.wfile.write("</pre>\n")
        sys.stdin = save_stdin

    def inner_run_cgi(self):
        ''' This is the inner part of the CGI handling
        '''

        rest = self.path
        i = rest.rfind('?')
        if i >= 0:
            rest, query = rest[:i], rest[i+1:]
        else:
            query = ''

        # figure the instance
        if rest == '/':
            raise ValueError, 'No instance specified'
        l_path = string.split(rest, '/')
        instance = urllib.unquote(l_path[1])
        if self.ROUNDUP_INSTANCE_HOMES.has_key(instance):
            instance_home = self.ROUNDUP_INSTANCE_HOMES[instance]
            instance = roundup.instance.open(instance_home)
        else:
            raise ValueError, 'No such instance "%s"'%instance

        # figure out what the rest of the path is
        if len(l_path) > 2:
            rest = '/'.join(l_path[2:])
        else:
            rest = '/'

        # Set up the CGI environment
        env = {}
        env['REQUEST_METHOD'] = self.command
        env['PATH_INFO'] = urllib.unquote(rest)
        if query:
            env['QUERY_STRING'] = query
        host = self.address_string()
        if self.headers.typeheader is None:
            env['CONTENT_TYPE'] = self.headers.type
        else:
            env['CONTENT_TYPE'] = self.headers.typeheader
        length = self.headers.getheader('content-length')
        if length:
            env['CONTENT_LENGTH'] = length
        co = filter(None, self.headers.getheaders('cookie'))
        if co:
            env['HTTP_COOKIE'] = ', '.join(co)
        env['SCRIPT_NAME'] = ''
        env['SERVER_NAME'] = self.server.server_name
        env['SERVER_PORT'] = str(self.server.server_port)

        decoded_query = query.replace('+', ' ')

        # if root, setuid to nobody
        # TODO why isn't this done much earlier? - say, in main()?
        if not os.getuid():
            nobody = nobody_uid()
            os.setuid(nobody)

        # reload all modules
        # TODO check for file timestamp changes and dependencies
        #reload(date)
        #reload(hyperdb)
        #reload(roundupdb)
        #reload(htmltemplate)
        #reload(cgi_client)
        #sys.path.insert(0, module_path)
        #try:
        #    reload(instance)
        #finally:
        #    del sys.path[0]

        # initialise the roundupdb, check for auth
        db = instance.open('admin')
        message = 'Unauthorised'
        auth = self.headers.getheader('authorization')
        if auth:
            l = binascii.a2b_base64(auth.split(' ')[1]).split(':')
            user = l[0]
            password = None
            if len(l) > 1:
                password = l[1]
            try:
                uid = db.user.lookup(user)
            except KeyError:
                auth = None
                message = 'Username not recognised'
            else:
                if password != db.user.get(uid, 'password'):
                    message = 'Incorrect password'
                    auth = None
        db.close()
        del db
        if not auth:
            self.send_response(401)
            self.send_header('Content-Type', 'text/html')
            self.send_header('WWW-Authenticate', 'basic realm="Roundup"')
            self.end_headers()
            self.wfile.write(message)
            return

        self.send_response(200, "Script output follows")

        # do the roundup thang
        db = instance.open(user)
        client = instance.Client(self.wfile, db, env, user)
        client.main()
    do_POST = run_cgi

nobody = None

def nobody_uid():
    """Internal routine to get nobody's uid"""
    global nobody
    if nobody:
        return nobody
    try:
        import pwd
    except ImportError:
        return -1
    try:
        nobody = pwd.getpwnam('nobody')[2]
    except KeyError:
        nobody = 1 + max(map(lambda x: x[2], pwd.getpwall()))
    return nobody

def usage(message=''):
    if message: message = 'Error: %s\n'%message
    print '''%sUsage:
roundup-server [-n hostname] [-p port] [name=instance home]*

 -n: sets the host name
 -p: sets the port to listen on

 name=instance home
   Sets the instance home(s) to use. The name is how the instance is
   identified in the URL (it's the first part of the URL path). The
   instance home is the directory that was identified when you did
   "roundup-admin init". You may specify any number of these name=home
   pairs on the command-line. For convenience, you may edit the
   ROUNDUP_INSTANCE_HOMES variable in the roundup-server file instead.
'''%message
    sys.exit(0)

def main():
    hostname = ''
    port = 8080
    try:
        # handle the command-line args
        optlist, args = getopt.getopt(sys.argv[1:], 'n:p:')
        for (opt, arg) in optlist:
            if opt == '-n': hostname = arg
            elif opt == '-p': port = int(arg)
            elif opt == '-h': usage()

        # handle instance specs
        if args:
            d = {}
            for arg in args:
                name, home = string.split(arg, '=')
                d[name] = home
            RoundupRequestHandler.ROUNDUP_INSTANCE_HOMES = d
    except:
        type, value = sys.exc_info()[:2]
        usage('%s: %s'%(type, value))

    # we don't want the cgi module interpreting the command-line args ;)
    sys.argv = sys.argv[:1]
    address = (hostname, port)
    httpd = BaseHTTPServer.HTTPServer(address, RoundupRequestHandler)
    print 'Roundup server started on', address
    httpd.serve_forever()

if __name__ == '__main__':
    main()

#
# $Log: not supported by cvs2svn $
# Revision 1.9  2001/08/05 07:44:36  richard
# Instances are now opened by a special function that generates a unique
# module name for the instances on import time.
#
# Revision 1.8  2001/08/03 01:28:33  richard
# Used the much nicer load_package, pointed out by Steve Majewski.
#
# Revision 1.7  2001/08/03 00:59:34  richard
# Instance import now imports the instance using imp.load_module so that
# we can have instance homes of "roundup" or other existing python package
# names.
#
# Revision 1.6  2001/07/29 07:01:39  richard
# Added vim command to all source so that we don't get no steenkin' tabs :)
#
# Revision 1.5  2001/07/24 01:07:59  richard
# Added command-line arg handling to roundup-server so it's more useful
# out-of-the-box.
#
# Revision 1.4  2001/07/23 10:31:45  richard
# disabled the reloading until it can be done properly
#
# Revision 1.3  2001/07/23 08:53:44  richard
# Fixed the ROUNDUPS decl in roundup-server
# Move the installation notes to INSTALL
#
# Revision 1.2  2001/07/23 04:05:05  anthonybaxter
# actually quit if python version wrong
#
# Revision 1.1  2001/07/23 03:46:48  richard
# moving the bin files to facilitate out-of-the-boxness
#
# Revision 1.1  2001/07/22 11:15:45  richard
# More Grande Splite stuff
#
#
# vim: set filetype=python ts=4 sw=4 et si