HG 对账户的读写控制

2019独角兽企业重金招聘Python工程师标准>>>

HG 可以根据 allow_push 和allow_read对账户进行控制, 但是用户认证, 我们往往在nginx 的auth basic来做.

这个时候, proxy 到hgweb 无法识别账户.  但是我们可以用fcgi的方式进行设置.

以fcgi方式运行hg 需要额外 flup支持, 并且只有fcgi模式可选. 脚本如下:

#!/usr/bin/python
#
# An example FastCGI script for use with flup, edit as necessary

# Path to repo or hgweb config to serve (see 'hg help hgweb')
config = "/var/hg/config/hgweb.config"

# Uncomment and adjust if Mercurial is not installed system-wide
# (consult "installed modules" path from 'hg debuginstall'):
#import sys; sys.path.insert(0, "/path/to/python/lib")

# Uncomment to send python tracebacks to the browser if an error occurs:
#import cgitb; cgitb.enable()

from mercurial import demandimport; demandimport.enable()
from mercurial.hgweb import hgweb
from flup.server.fcgi import WSGIServer
application = hgweb(config)
WSGIServer(application,bindAddress=('/var/hg/fcgi.sock')).run()
#WSGIServer(application).run()

对应 nginx 配置:

    location / {
#auth_basic     "Restricted";
#auth_basic_user_file /etc/nginx/protected.pass;


#Use flup to support Fastcgi
        fastcgi_pass unix:/var/hg/fcgi.sock;
        include        /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_NAME /;
        fastcgi_param REMOTE_USER $remote_user;
    }

则可以通过nginx 来做authenciation, 而hg 根据访问列表来做authorization 控制.

需要特别注意红色部分, 否则hg 的链接会计算错误.

转载于:https://my.oschina.net/anthonychen/blog/92450