netbox-community-netbox/netbox/utilities/middleware.py

from django.conf import settings
from django.db import ProgrammingError
from django.http import Http404, HttpResponseRedirect
from django.urls import reverse

from .views import server_error

BASE_PATH = getattr(settings, 'BASE_PATH', False)
LOGIN_REQUIRED = getattr(settings, 'LOGIN_REQUIRED', False)


class LoginRequiredMiddleware(object):
    """
    If LOGIN_REQUIRED is True, redirect all non-authenticated users to the login page.
    """
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        if LOGIN_REQUIRED and not request.user.is_authenticated:
            # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API
            # performs its own authentication. Also metrics can be read without login.
            api_path = reverse('api-root')
            if not request.path_info.startswith(api_path, '/metrics') and request.path_info != settings.LOGIN_URL:
                return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info))
        return self.get_response(request)


class APIVersionMiddleware(object):
    """
    If the request is for an API endpoint, include the API version as a response header.
    """
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        api_path = reverse('api-root')
        response = self.get_response(request)
        if request.path_info.startswith(api_path):
            response['API-Version'] = settings.REST_FRAMEWORK_VERSION
        return response


class ExceptionHandlingMiddleware(object):
    """
    Intercept certain exceptions which are likely indicative of installation issues and provide helpful instructions
    to the user.
    """
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        return self.get_response(request)

    def process_exception(self, request, exception):

        # Don't catch exceptions when in debug mode
        if settings.DEBUG:
            return

        # Ignore Http404s (defer to Django's built-in 404 handling)
        if isinstance(exception, Http404):
            return

        # Determine the type of exception. If it's a common issue, return a custom error page with instructions.
        custom_template = None
        if isinstance(exception, ProgrammingError):
            custom_template = 'exceptions/programming_error.html'
        elif isinstance(exception, ImportError):
            custom_template = 'exceptions/import_error.html'
        elif isinstance(exception, PermissionError):
            custom_template = 'exceptions/permission_error.html'

        # Return a custom error message, or fall back to Django's default 500 error handling
        if custom_template:
            return server_error(request, template_name=custom_template)
Initial push to public repo 2016-03-01 11:23:03 -05:00			`from django.conf import settings`
Closes #1683: Replaced default 500 handler with custom middleware to provide preliminary troubleshooting assistance 2017-11-03 13:24:31 -04:00			`from django.db import ProgrammingError`
Fixes #1767: Use proper template for 404 responses 2017-12-13 11:49:36 -05:00			`from django.http import Http404, HttpResponseRedirect`
Resolved RemovedInDjango20Warning deprecation warnings 2017-04-05 14:40:25 -04:00			`from django.urls import reverse`
Initial push to public repo 2016-03-01 11:23:03 -05:00
ExceptionHandlingMiddleware: Use server_error view for custom templates 2018-07-23 23:12:41 -04:00			`from .views import server_error`

#724: Exempt API views from LoginRequiredMiddleware to enable basic HTTP authentication when LOGIN_REQUIRED is true 2016-12-07 15:14:22 -05:00			`BASE_PATH = getattr(settings, 'BASE_PATH', False)`
Initial push to public repo 2016-03-01 11:23:03 -05:00			`LOGIN_REQUIRED = getattr(settings, 'LOGIN_REQUIRED', False)`


Updated middleware for Django 1.10 2016-12-26 10:48:15 -05:00			`class LoginRequiredMiddleware(object):`
Initial push to public repo 2016-03-01 11:23:03 -05:00			`"""`
			`If LOGIN_REQUIRED is True, redirect all non-authenticated users to the login page.`
			`"""`
Updated middleware for Django 1.10 2016-12-26 10:48:15 -05:00			`def __init__(self, get_response):`
			`self.get_response = get_response`

			`def __call__(self, request):`
Closes #1842: Implement support for Django 2.0 2018-03-30 10:39:22 -04:00			`if LOGIN_REQUIRED and not request.user.is_authenticated:`
#724: Exempt API views from LoginRequiredMiddleware to enable basic HTTP authentication when LOGIN_REQUIRED is true 2016-12-07 15:14:22 -05:00			`# Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API`
Exclude /metrics from LOGIN_REQUIRED 2019-04-30 16:09:10 +02:00			`# performs its own authentication. Also metrics can be read without login.`
Include the API version in responses 2017-03-21 13:23:56 -04:00			`api_path = reverse('api-root')`
More elegant path checking 2019-04-30 16:54:23 +02:00			`if not request.path_info.startswith(api_path, '/metrics') and request.path_info != settings.LOGIN_URL:`
Redirect user to previous page after logging in 2016-10-13 16:12:27 -04:00			`return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info))`
Updated middleware for Django 1.10 2016-12-26 10:48:15 -05:00			`return self.get_response(request)`
Include the API version in responses 2017-03-21 13:23:56 -04:00

			`class APIVersionMiddleware(object):`
			`"""`
			`If the request is for an API endpoint, include the API version as a response header.`
			`"""`
			`def __init__(self, get_response):`
			`self.get_response = get_response`

			`def __call__(self, request):`
			`api_path = reverse('api-root')`
			`response = self.get_response(request)`
			`if request.path_info.startswith(api_path):`
			`response['API-Version'] = settings.REST_FRAMEWORK_VERSION`
			`return response`
Closes #1683: Replaced default 500 handler with custom middleware to provide preliminary troubleshooting assistance 2017-11-03 13:24:31 -04:00

			`class ExceptionHandlingMiddleware(object):`
			`"""`
			`Intercept certain exceptions which are likely indicative of installation issues and provide helpful instructions`
			`to the user.`
			`"""`
			`def __init__(self, get_response):`
			`self.get_response = get_response`

			`def __call__(self, request):`
			`return self.get_response(request)`

			`def process_exception(self, request, exception):`

Tweaked exception-handling middleware to preserve tracebacks 2017-11-06 17:48:13 -05:00			`# Don't catch exceptions when in debug mode`
Closes #1683: Replaced default 500 handler with custom middleware to provide preliminary troubleshooting assistance 2017-11-03 13:24:31 -04:00			`if settings.DEBUG:`
Tweaked exception-handling middleware to preserve tracebacks 2017-11-06 17:48:13 -05:00			`return`
Closes #1683: Replaced default 500 handler with custom middleware to provide preliminary troubleshooting assistance 2017-11-03 13:24:31 -04:00
Fixes #1767: Use proper template for 404 responses 2017-12-13 11:49:36 -05:00			`# Ignore Http404s (defer to Django's built-in 404 handling)`
			`if isinstance(exception, Http404):`
			`return`

Fixes #2266: Permit additional logging of exceptions beyond custom middleware 2018-07-23 23:00:09 -04:00			`# Determine the type of exception. If it's a common issue, return a custom error page with instructions.`
			`custom_template = None`
Closes #1683: Replaced default 500 handler with custom middleware to provide preliminary troubleshooting assistance 2017-11-03 13:24:31 -04:00			`if isinstance(exception, ProgrammingError):`
Fixes #2266: Permit additional logging of exceptions beyond custom middleware 2018-07-23 23:00:09 -04:00			`custom_template = 'exceptions/programming_error.html'`
Closes #1683: Replaced default 500 handler with custom middleware to provide preliminary troubleshooting assistance 2017-11-03 13:24:31 -04:00			`elif isinstance(exception, ImportError):`
Fixes #2266: Permit additional logging of exceptions beyond custom middleware 2018-07-23 23:00:09 -04:00			`custom_template = 'exceptions/import_error.html'`
Closes #2000: Remove support for Python 2 2018-08-14 11:47:54 -04:00			`elif isinstance(exception, PermissionError):`
Fixes #2266: Permit additional logging of exceptions beyond custom middleware 2018-07-23 23:00:09 -04:00			`custom_template = 'exceptions/permission_error.html'`

ExceptionHandlingMiddleware: Use server_error view for custom templates 2018-07-23 23:12:41 -04:00			`# Return a custom error message, or fall back to Django's default 500 error handling`
Fixes #2266: Permit additional logging of exceptions beyond custom middleware 2018-07-23 23:00:09 -04:00			`if custom_template:`
ExceptionHandlingMiddleware: Use server_error view for custom templates 2018-07-23 23:12:41 -04:00			`return server_error(request, template_name=custom_template)`