HEX
Server: Apache
System: Linux pdx1-shared-a1-38 6.6.104-grsec-jammy+ #3 SMP Tue Sep 16 00:28:11 UTC 2025 x86_64
User: mmickelson (3396398)
PHP: 8.1.31
Disabled: NONE
Upload Files
File: //lib/python3/dist-packages/mercurial/hgweb/__pycache__/common.cpython-310.pyc
o

�]Lb�#�@sddlmZddlZddlZddlZddlZddlZddlmZm	Z	ddl
mZmZmZm
Z
e
jZdZdZdZd	Zd
ZdZdZd
ZdZdZdZdd�Zdd�ZegZGdd�de�ZGdd�de�Z dd�Z!d+dd�Z"dd�Z#dd �Z$d!d"�Z%d#d$�Z&d,d%d&�Z'd'd(�Z(d)d*�Z)dS)-�)�absolute_importN�)�getattr�open)�encoding�pycompat�	templater�util����i0i�i�i�i�i�i�i�i�cCs|dgkp||vS)z�Check if username is a member of userlist.

    If userlist has a single '*' member, all users are considered members.
    Can be overridden by extensions to provide more complex authorization
    schemes.
    �*�)�ui�username�userlistr
r
�8/usr/lib/python3/dist-packages/mercurial/hgweb/common.py�ismember+src	Cs@|j}|�dd�}|r|rt|jj||�rttd��|�dd�}|r/t|jj||�s/ttd��|dkr;|js;ttd��|dksC|durEdS|dkrV|jd	krUd
}tt	|��n|jdkrbd}tt	|��|�
dd
�rr|jdkrrttd��|�dd�}|r�|r�t|jj||�r�ttd��|�dd�}|r�t|jj||�s�ttd��dS)z�Check permission for operation based on request data (including
    authentication info). Return if op allowed, else raise an ErrorResponse
    exception.�webs	deny_readsread not authorizeds
allow_readspullspull not authorizedNsuploadsPUTsupload requires PUT requestsPOSTspush requires POST requestspush_sslshttpssssl requireds	deny_pushspush not authorizeds
allow-push)
�
remoteuser�
configlistr�repor�
ErrorResponse�HTTP_UNAUTHORIZED�	allowpull�method�HTTP_METHOD_NOT_ALLOWED�
configbool�	urlscheme�HTTP_FORBIDDEN)	�hgweb�req�op�user�	deny_read�
allow_read�msg�deny�allowr
r
r�
checkauthz5s8




�




�r(c@seZdZddd�ZdS)rNcCsD|durt|�}t�|t�|��||_|durg}||_||_dS�N)�_statusmessage�	Exception�__init__r�sysstr�code�headers�message)�selfr.r0r/r
r
rr,ls
zErrorResponse.__init__)NN)�__name__�
__module__�__qualname__r,r
r
r
rrksrc@s*eZdZdZdd�Zd
dd�Zdd�Zd	S)�continuereadera.File object wrapper to handle HTTP 100-continue.

    This is used by servers so they automatically handle Expect: 100-continue
    request headers. On first read of the request body, the 100 Continue
    response is sent. This should trigger the client into actually sending
    the request body.
    cCs||_||_d|_dS)NF)�f�_write�	continued)r1r6�writer
r
rr,�s
zcontinuereader.__init__���cCs"|jsd|_|�d�|j�|�S)NTsHTTP/1.1 100 Continue

)r8r7r6�read)r1�amtr
r
rr;�s
zcontinuereader.readcCs|dvr
t|j|�St�)N)sclosesreadlines	readliness__iter__)rr6�AttributeError)r1�attrr
r
r�__getattr__�szcontinuereader.__getattr__N)r:)r2r3r4�__doc__r,r;r?r
r
r
rr5ws

r5cCstjj}t�|�|d�d�S)N)�Errorz
Unknown errorr)�
httpserver�basehttprequesthandler�	responsesr�bytesurl�get)r.rDr
r
rr*�sr*cCsd||pt|�fS)Ns%d %s)r*)r.r0r
r
r�
statusmessage�srGcCs.tj�||�}tj�|�rt�|�St�|�S)z%stat fn if it exists, spath otherwise)�os�path�join�exists�stat)�spath�fn�cl_pathr
r
r�get_stat�s

rPcCst|d�tjS)Ns
00changelog.i)rPrL�ST_MTIME)rMr
r
r�	get_mtime�srRcCsN|�d�}|D]}|dtjtjfvs!tj|vs!tjdur$tj|vr$dSqdS)z9Determine if a path is safe to use for filesystem access.�/�NFT)�splitr�oscurdir�ospardir�ossep�osaltsep)rI�parts�partr
r
r�
ispathsafe�s



�r\c
Cst|�sdS|s|p
t��}|durtj�|d�}tjj|�d��}t�t	�
t�|��dp/d�}tj�||�}z t�|�t
|d��}|��}	Wd�n1sRwYWn*tydttd��ty�}
z|
jtjkrutt��ttt�|
j���d}
~
ww||jd<|�|	�|S)	a+return a file inside directory with guessed Content-Type header

    fname always uses '/' as directory separator and isn't allowed to
    contain unusual path components.
    Content-Type is guessed using the mimetypes module.
    Return an empty string if fname is illegal or file not found.

    NsstaticrSrz
text/plainsrbsillegal filenamesContent-Type)r\r�templatedirrHrIrJrUr�sysbytes�	mimetypes�
guess_type�fsdecoderLrr;�	TypeErrorr�HTTP_SERVER_ERROR�OSError�errno�ENOENT�HTTP_NOT_FOUNDr�
strtolocal�strerrorr/�setbodybytes)�templatepath�	directory�fname�res�tp�fpath�ctrI�fh�data�errr
r
r�
staticfile�s<	�

��
���

ruccsZ�|r|r|||}|||d@}nd}d}	|V|d7}|r,||kr,d|}d}q)z5count parity of horizontal stripes for easier reading�rr
)�stripecount�offset�count�parityr
r
r�	paritygen�s��r{cCs$|dd�p|dd�ptj�d�pdS)z�Return repo contact information or empty string.

    web.contact is the primary source, but if that is not set, try
    ui.username or $EMAIL as a fallback to display something useful.
    rscontactsuisusernamesEMAILrT)r�environrF)�configr
r
r�get_contact�s
�
��r~cCsRddl}|jdddd�}d}|r%d|vr%t�|��j��d�}|�d|�}||fS)	aObtain the Content-Security-Policy header and nonce value.

    Returns a 2-tuple of the CSP header value and the nonce value.

    First value is ``None`` if CSP isn't enabled. Second value is ``None``
    if CSP isn't enabled or if the CSP header doesn't need a nonce.
    rNrscspF)�	untrusteds%nonce%�=)�uuidr}�base64�urlsafe_b64encode�uuid4�bytes�rstrip�replace)rr��csp�noncer
r
r�	cspvalues�sr�r))r)*�
__future__rr�rer_rHrLrrr�rrr	rB�HTTP_OK�HTTP_CREATED�HTTP_NOT_MODIFIED�HTTP_BAD_REQUESTrrrgr�HTTP_NOT_ACCEPTABLE�HTTP_UNSUPPORTED_MEDIA_TYPErcrr(�	permhooksr+r�objectr5r*rGrPrRr\rur{r~r�r
r
r
r�<module>sD
3
	
)