Last night Kiwi and I were exploring Mercurial for our über-secret-project.
Mercurial is, like GIT, a distributed revision control system (if you want to deeply understand the differences between those two systems take a look to http://gitvsmercurial.com/)
After some tinkering with the great hg command, we discovered how to collaborate with other people using the informal sharing (thanks to hg serve).
With the informal sharing we both expose our repos in a read-only mode so we can hg clone or hg pull changes. No hg push is permitted (it is read-only!).
Note that:
Because it provides unauthenticated read access to all clients, you should only use
hg servein an environment where you either don’t care, or have complete control over, who can access your network and pull data from your repository.
hg serve hasn’t anything for access control… but we need it ’cause our project is an über-secret-project. Of course we can use Mercurial with ssh, but hg serve is so cool :D
And here is the second part aka the beauty of WSGI specification.
Mercurial is written in python, the hg serve is also a python program and the hgweb (the mercurial web-app module) exposes a very toasty class: mercurial.hgweb.hgweb_mod.hgweb [kudos to tomfmason]
An hgweb object is a WSGI application so you can use it with any middleware you like. For a basic HTTP auth I used authkit (you can find a simple example in the pylonshq wiki, if you run the example please note that the protected area is under the http://localhost:8080/private path).
After a lot of swearing^H^H^H^Hting (I never used WSGI before) this is the result:
from paste import httpserver
from mercurial.hgweb.hgweb_mod import hgweb
from authkit.authenticate import middleware
from authkit.permissions import RemoteUser
from authkit.authorize import authorize_request
PATH_TO_REPO = '/home/vrde/work/secret-project'
TITLE = 'secret project repo'
hgapp = hgweb(PATH_TO_REPO, TITLE)
def simple_app(environ, start_response):
authorize_request(environ, RemoteUser())
response = hgapp(environ,start_response)
return response
def valid(environ, username, password):
return username == 'kiwi' and password == 'antani'
app = middleware(
simple_app,
setup_method='basic',
basic_realm='Secret Project Realm',
basic_authenticate_function=valid
)
httpserver.serve(app, host='0.0.0.0', port='8000')
If you want to try the snippet you need paste and authkit frameworks.
The code wraps the Mercurial server and asks for user and password, if the auth is successful the client can clone, pull or visit the web interface of the repo.
TODO: patch the hg serve source and add a parameter for the simple HTTP auth.
