docs/dev/modules/middleware.py.md

Generated from middleware.py on 2023-04-12 10:09:44.563425

# peeringdb_server.middleware

Custom django middleware.

# Classes
---

## CacheControlMiddleware

```
CacheControlMiddleware(django.utils.deprecation.MiddlewareMixin)
```

Sets the Cache-Control s-maxage header on responses


## CurrentRequestContext

```
CurrentRequestContext(builtins.object)
```

Middleware that sets the current request context.

This allows access to the current request from anywhere.


### Methods

#### \__call__
`def __call__(self, request)`

Call self as a function.

---
#### \__init__
`def __init__(self, get_response)`

Initialize self.  See help(type(self)) for accurate signature.

---

## HttpResponseUnauthorized

```
HttpResponseUnauthorized(django.http.response.HttpResponse)
```

An HTTP response class with a string as content.

This content can be read, appended to, or replaced.


## PDBCommonMiddleware

```
PDBCommonMiddleware(django.middleware.common.CommonMiddleware)
```

"Common" middleware for taking care of some basic operations:

    - Forbid access to User-Agents in settings.DISALLOWED_USER_AGENTS

    - URL rewriting: Based on the APPEND_SLASH and PREPEND_WWW settings,
      append missing slashes and/or prepends missing "www."s.

        - If APPEND_SLASH is set and the initial URL doesn't end with a
          slash, and it is not found in urlpatterns, form a new URL by
          appending a slash at the end. If this new URL is found in
          urlpatterns, return an HTTP redirect to this new URL; otherwise
          process the initial URL as usual.

      This behavior can be customized by subclassing CommonMiddleware and
      overriding the response_redirect_class attribute.


### Methods

#### process_request
`def process_request(self, request)`

Check for denied User-Agents and rewrite the URL based on
settings.APPEND_SLASH and settings.PREPEND_WWW

---

## PDBPermissionMiddleware

```
PDBPermissionMiddleware(django.utils.deprecation.MiddlewareMixin)
```

Middleware that checks if the current user has the correct permissions
to access the requested resource.


### Methods

#### get_username_and_password
`def get_username_and_password(self, http_auth)`

Get the username and password from the HTTP auth header.

---
#### response_unauthorized
`def response_unauthorized(self, request, status=None, message=None)`

Return a Unauthorized response.

---

## PDBSessionMiddleware

```
PDBSessionMiddleware(django.contrib.sessions.middleware.SessionMiddleware)
```

As PeeringDB gets a lot of repeated anonymous requests that do not
store and re-use session cookies this lead to substantial amount of junk
django session objects.

It was decided in #1205 that new django sessions are only to be established
On the login and registration processes.


### Methods

#### process_response
`def process_response(self, request, response)`

If request.session was modified, or if the configuration is to save the
session every time, save the changes and set a session cookie or delete
the session cookie if the session has been emptied.

---
regen docs (#1373) 2023-04-12 14:41:30 +03:00			`Generated from middleware.py on 2023-04-12 10:09:44.563425`
Docs 202109 (#1067) * module docstrings * db schema graph * dev docs first pass * dev docs pass 2 * add generated notification to top of generated docs files * linting * regen docs Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Sunshine Buchholz <sunshine@20c.com> 2021-10-15 03:25:38 -05:00
			`# peeringdb_server.middleware`

			`Custom django middleware.`

			`# Classes`
			`---`

Support 202211 (#1304) * Carrier object implementation #909 * API keys: disabling of user account by a PeeringDB admin does not disable access via a User API key. Also no disable mech, only revoke. #1140 * Ops: django needs lightweight healthcheck route that confirms database connectivity #1284 * Ops: various indexes are needed #1285 * API requests with invalid Authentication headers should notify users in some way. #1220 * Allow user to change account username #1130 * UX to remove carriers from facilities more inline the other similar UX * more UX fixes for removing carriers from facilities * Cache hints are needed for optimal CDN use #970 * fixes Commandline tool "Run command" button gone #1278 * RIR status gets deleted when changes are made to the network #1279 * Improve MTU field #658 * CSRF cookie not set error from email confirmation view #1296 * expose CSP_CONNECT_SRC * fix confirm email path checking in session middleware * Ops: Emails to OPERATIONS_EMAIL need to be rate-limited #1282 * add website field to carrier ux * website field on carrier optional with org fallback * linting * add .google-analytics.com to CSP_CONNECT_SRC poetry relock * fix issues with confirm-email reverse during session creation validation * fix tests * fix tests * pin django-peeringdb to support_202211 * linting * django ratelimit to <4 * regen docs * fix automated net stats to only include networks with status `ok` #1283 * linting * poetry lock Co-authored-by: Matt Griswold <grizz@20c.com> 2023-01-18 18:32:46 +02:00			`## CacheControlMiddleware`

			```
			`CacheControlMiddleware(django.utils.deprecation.MiddlewareMixin)`
			```

			`Sets the Cache-Control s-maxage header on responses`


Docs 202109 (#1067) * module docstrings * db schema graph * dev docs first pass * dev docs pass 2 * add generated notification to top of generated docs files * linting * regen docs Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Sunshine Buchholz <sunshine@20c.com> 2021-10-15 03:25:38 -05:00			`## CurrentRequestContext`

			```
			`CurrentRequestContext(builtins.object)`
			```

			`Middleware that sets the current request context.`

			`This allows access to the current request from anywhere.`


			`### Methods`

			`#### \__call__`
			`def __call__(self, request)`

			`Call self as a function.`

			`---`
			`#### \__init__`
			`def __init__(self, get_response)`

			`Initialize self. See help(type(self)) for accurate signature.`

			`---`
Support 202202 (#1125) * New Field "Health Check" #512 * Add status_dashboard to fields #512 * RS Peer Checkbox also visible on IX Site #727 * Add "Management" search field to Advanced Search of Exchanges #506 * wrap correctly on mobile #881 * missing delete button for user #653 * Removed cruft from IX view template #881 * To force or not to force www, that is a question #916 * add health check fields to entity creation forms (fac, ix, net) (#512) * status_dashboard should accept null values #512 * Sort usergroup names in https://peeringdb.com/cp/peeringdb_server/userpermission/xxxxx numerically #656 * fix issue with deleted entities showing up in search results #1042 * 2FA Backup Tokens language doesn't seem correct #908 * linting * poetry relock * fix user permission save trying to create a user * add status_dashboard to mock data * docs * add api doc regen to gen_docs call fix issue with run_tests if BASE_URL env var is set * fix generate_schema typo * linting Co-authored-by: David Poarch <dpoarch@20c.com> Co-authored-by: Stefan Pratter <stefan@20c.com> 2022-03-08 09:27:45 -04:00
Support 202203 (#1144) * Do not show objects in status "pending" on the UI #784 * Fix peeringdb.js bug introduced in #784 * 500 Error during login for 2FA enabled accounts with unverified email address #996 * Django-Admin: adding a network with existing asn fails with internal error #1035 * Some command-line-tool executions are not logged #1119 * Ops: API throttling of repeated requests #1126 * Ops: response header X-Auth-ID to augment logging #1120 * Allow rate-limiting of melissa enabled api functionality. #1124 * State / Province normalization #1079 * Log melissa requests #1122 * remove debug messages * bump django-handleref to 1.0.2 * Need consolidated app logs #845 * pin django peeringdb to 2.13 and relock poetry * pin django-restframework-apikey to 2.1.0 * linting * migrations * docs regenerate * docs * linting Co-authored-by: David Poarch <dpoarch@20c.com> Co-authored-by: Stefan Pratter <stefan@20c.com> 2022-04-12 16:39:19 -04:00			`## HttpResponseUnauthorized`

			```
			`HttpResponseUnauthorized(django.http.response.HttpResponse)`
			```

			`An HTTP response class with a string as content.`

			`This content can be read, appended to, or replaced.`


Support 202202 (#1125) * New Field "Health Check" #512 * Add status_dashboard to fields #512 * RS Peer Checkbox also visible on IX Site #727 * Add "Management" search field to Advanced Search of Exchanges #506 * wrap correctly on mobile #881 * missing delete button for user #653 * Removed cruft from IX view template #881 * To force or not to force www, that is a question #916 * add health check fields to entity creation forms (fac, ix, net) (#512) * status_dashboard should accept null values #512 * Sort usergroup names in https://peeringdb.com/cp/peeringdb_server/userpermission/xxxxx numerically #656 * fix issue with deleted entities showing up in search results #1042 * 2FA Backup Tokens language doesn't seem correct #908 * linting * poetry relock * fix user permission save trying to create a user * add status_dashboard to mock data * docs * add api doc regen to gen_docs call fix issue with run_tests if BASE_URL env var is set * fix generate_schema typo * linting Co-authored-by: David Poarch <dpoarch@20c.com> Co-authored-by: Stefan Pratter <stefan@20c.com> 2022-03-08 09:27:45 -04:00			`## PDBCommonMiddleware`

			```
			`PDBCommonMiddleware(django.middleware.common.CommonMiddleware)`
			```

			`"Common" middleware for taking care of some basic operations:`

			`- Forbid access to User-Agents in settings.DISALLOWED_USER_AGENTS`

			`- URL rewriting: Based on the APPEND_SLASH and PREPEND_WWW settings,`
			`append missing slashes and/or prepends missing "www."s.`

			`- If APPEND_SLASH is set and the initial URL doesn't end with a`
			`slash, and it is not found in urlpatterns, form a new URL by`
			`appending a slash at the end. If this new URL is found in`
			`urlpatterns, return an HTTP redirect to this new URL; otherwise`
			`process the initial URL as usual.`

			`This behavior can be customized by subclassing CommonMiddleware and`
			`overriding the response_redirect_class attribute.`


			`### Methods`

			`#### process_request`
			`def process_request(self, request)`

			`Check for denied User-Agents and rewrite the URL based on`
			`settings.APPEND_SLASH and settings.PREPEND_WWW`

			`---`
Support 202203 (#1144) * Do not show objects in status "pending" on the UI #784 * Fix peeringdb.js bug introduced in #784 * 500 Error during login for 2FA enabled accounts with unverified email address #996 * Django-Admin: adding a network with existing asn fails with internal error #1035 * Some command-line-tool executions are not logged #1119 * Ops: API throttling of repeated requests #1126 * Ops: response header X-Auth-ID to augment logging #1120 * Allow rate-limiting of melissa enabled api functionality. #1124 * State / Province normalization #1079 * Log melissa requests #1122 * remove debug messages * bump django-handleref to 1.0.2 * Need consolidated app logs #845 * pin django peeringdb to 2.13 and relock poetry * pin django-restframework-apikey to 2.1.0 * linting * migrations * docs regenerate * docs * linting Co-authored-by: David Poarch <dpoarch@20c.com> Co-authored-by: Stefan Pratter <stefan@20c.com> 2022-04-12 16:39:19 -04:00
			`## PDBPermissionMiddleware`

			```
			`PDBPermissionMiddleware(django.utils.deprecation.MiddlewareMixin)`
			```

			`Middleware that checks if the current user has the correct permissions`
			`to access the requested resource.`


			`### Methods`

			`#### get_username_and_password`
			`def get_username_and_password(self, http_auth)`

			`Get the username and password from the HTTP auth header.`

			`---`
			`#### response_unauthorized`
			`def response_unauthorized(self, request, status=None, message=None)`

			`Return a Unauthorized response.`

			`---`
Support 202206 (#1207) * Organization Merging Tool only offers the first 10 matches #941 * AC Change User Permission broken #1043 * change rs peer icon and move to policy column (#727) * An account with admin status can not have permissions #1157 * add rir_* fields to keep track of ASN status #473 * poetry relock for rdap 1.3.0 * Ops: Limit Django session creation for unauthenticated requests (#1205) * refactor 941 changes to honor grappelli field configuration and also fix broken end anchors * check term has a value * fix tests * poetry reloc and pin django-peeringdb to 2.14.0 * fix middleware test * linting * set more reasonable default RIR_ALLOCATION_DATA_CACHE_DAYS * better default dir for RIR_ALLOCATION_DATA_PATH * fix csv export for advanced search * fix issues with tests failing on CSRF_USE_SESSIONS when they are using RequestFactory * tox.ini for flake8 options * regen docs * regen docs Co-authored-by: David Poarch <dpoarch@20c.com> 2022-07-15 21:47:59 +03:00
			`## PDBSessionMiddleware`

			```
			`PDBSessionMiddleware(django.contrib.sessions.middleware.SessionMiddleware)`
			```

			`As PeeringDB gets a lot of repeated anonymous requests that do not`
			`store and re-use session cookies this lead to substantial amount of junk`
			`django session objects.`

			`It was decided in #1205 that new django sessions are only to be established`
			`On the login and registration processes.`


			`### Methods`

			`#### process_response`
			`def process_response(self, request, response)`

			`If request.session was modified, or if the configuration is to save the`
			`session every time, save the changes and set a session cookie or delete`
			`the session cookie if the session has been emptied.`

			`---`