mirror/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2026-03-26 02:01:35 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
b5da5c141e717c360cfedb4e313e5df05ce729de
AdventureLog/backend/server/adventures/middleware.py
Sean Morley 1dcf99be7d feat: add API key management to settings page 
- Implemented API key creation, deletion, and display functionality.
- Updated the settings page to fetch and show existing API keys.
- Added UI elements for creating new API keys and copying them to clipboard.
- Enhanced request handling to ensure proper trailing slashes for API endpoints.
2026-03-16 15:14:32 -04:00

58 lines
2.2 KiB
Python
Raw Blame History

from django.conf import settings
from django.utils.deprecation import MiddlewareMixin
import os
class OverrideHostMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
public_url = os.getenv('PUBLIC_URL', None)
if public_url:
# Extract host and scheme
scheme, host = public_url.split("://")
request.META['HTTP_HOST'] = host
request.META['wsgi.url_scheme'] = scheme
# Set X-Forwarded-Proto for Django
request.META['HTTP_X_FORWARDED_PROTO'] = scheme
response = self.get_response(request)
return response
class XSessionTokenMiddleware(MiddlewareMixin):
def process_request(self, request):
session_token = request.headers.get('X-Session-Token')
if session_token:
request.COOKIES[settings.SESSION_COOKIE_NAME] = session_token
class DisableCSRFForSessionTokenMiddleware(MiddlewareMixin):
def process_request(self, request):
if 'X-Session-Token' in request.headers:
setattr(request, '_dont_enforce_csrf_checks', True)
class DisableCSRFForMobileLoginSignup(MiddlewareMixin):
def process_request(self, request):
is_mobile = request.headers.get('X-Is-Mobile', '').lower() == 'true'
is_login_or_signup = request.path in ['/auth/browser/v1/auth/login', '/auth/browser/v1/auth/signup']
if is_mobile and is_login_or_signup:
setattr(request, '_dont_enforce_csrf_checks', True)
class DisableCSRFForAPIKeyMiddleware(MiddlewareMixin):
"""Exempt requests carrying an AdventureLog API key from CSRF enforcement.
DRF's own SessionAuthentication is the only built-in class that enforces
CSRF, so this middleware is mainly a safety net for non-DRF views and to
ensure the Django CSRF middleware itself doesn't reject API-key requests
before they reach DRF.
"""
def process_request(self, request):
if request.headers.get('X-API-Key'):
setattr(request, '_dont_enforce_csrf_checks', True)
return
auth_header = request.headers.get('Authorization', '')
if auth_header.lower().startswith('api-key '):
setattr(request, '_dont_enforce_csrf_checks', True)
Reference in New Issue View Git Blame Copy Permalink