mirror of
https://github.com/netbox-community/netbox.git
synced 2024-05-10 07:54:54 +00:00
101 lines
3.5 KiB
Python
101 lines
3.5 KiB
Python
from urllib import parse
|
|
|
|
from django.conf import settings
|
|
from django.contrib.auth.middleware import RemoteUserMiddleware as RemoteUserMiddleware_
|
|
from django.db import ProgrammingError
|
|
from django.http import Http404, HttpResponseRedirect
|
|
from django.urls import reverse
|
|
|
|
from .api import is_api_request
|
|
from .views import server_error
|
|
|
|
|
|
class LoginRequiredMiddleware(object):
|
|
"""
|
|
If LOGIN_REQUIRED is True, redirect all non-authenticated users to the login page.
|
|
"""
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
|
|
# Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API
|
|
# performs its own authentication. Also metrics can be read without login.
|
|
api_path = reverse('api-root')
|
|
if not request.path_info.startswith((api_path, '/metrics')) and request.path_info != settings.LOGIN_URL:
|
|
return HttpResponseRedirect(
|
|
'{}?next={}'.format(
|
|
settings.LOGIN_URL,
|
|
parse.quote(request.get_full_path_info())
|
|
)
|
|
)
|
|
return self.get_response(request)
|
|
|
|
|
|
class RemoteUserMiddleware(RemoteUserMiddleware_):
|
|
"""
|
|
Custom implementation of Django's RemoteUserMiddleware which allows for a user-configurable HTTP header name.
|
|
"""
|
|
force_logout_if_no_header = False
|
|
|
|
@property
|
|
def header(self):
|
|
return settings.REMOTE_AUTH_HEADER
|
|
|
|
def process_request(self, request):
|
|
|
|
# Bypass middleware if remote authentication is not enabled
|
|
if not settings.REMOTE_AUTH_ENABLED:
|
|
return
|
|
|
|
return super().process_request(request)
|
|
|
|
|
|
class APIVersionMiddleware(object):
|
|
"""
|
|
If the request is for an API endpoint, include the API version as a response header.
|
|
"""
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
response = self.get_response(request)
|
|
if is_api_request(request):
|
|
response['API-Version'] = settings.REST_FRAMEWORK_VERSION
|
|
return response
|
|
|
|
|
|
class ExceptionHandlingMiddleware(object):
|
|
"""
|
|
Intercept certain exceptions which are likely indicative of installation issues and provide helpful instructions
|
|
to the user.
|
|
"""
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
return self.get_response(request)
|
|
|
|
def process_exception(self, request, exception):
|
|
|
|
# Don't catch exceptions when in debug mode
|
|
if settings.DEBUG:
|
|
return
|
|
|
|
# Ignore Http404s (defer to Django's built-in 404 handling)
|
|
if isinstance(exception, Http404):
|
|
return
|
|
|
|
# Determine the type of exception. If it's a common issue, return a custom error page with instructions.
|
|
custom_template = None
|
|
if isinstance(exception, ProgrammingError):
|
|
custom_template = 'exceptions/programming_error.html'
|
|
elif isinstance(exception, ImportError):
|
|
custom_template = 'exceptions/import_error.html'
|
|
elif isinstance(exception, PermissionError):
|
|
custom_template = 'exceptions/permission_error.html'
|
|
|
|
# Return a custom error message, or fall back to Django's default 500 error handling
|
|
if custom_template:
|
|
return server_error(request, template_name=custom_template)
|