I want to write a custom wsgi middleware, which is called on every incoming request. It checks the url, and if the user is authenticated and allows the request to proceed or rejects it.
我想编写一个自定义的wsgi中间件,它对每个传入的请求都进行调用。它检查url,如果用户通过了身份验证,并允许请求继续或拒绝它。
What is the best way to add wsgi middleware in django ?
在django中添加wsgi中间件的最佳方式是什么?
2 个解决方案
#1
1
Why do you want to do this as a WSGI middleware, specifically? Django doesn't operate particularly well with those - there was some work a few years ago to try and harmonize Django middleware with WSGI middleware, but it didn't really get anywhere.
为什么要将其作为WSGI中间件进行呢?Django的操作并不特别好——几年前还有些工作要尝试用WSGI中间件来协调Django中间件,但它并没有真正实现。
Django has its own version of middleware, which is very well documented, and your request could be done in about three lines.
Django有自己的中间件版本,该版本有很好的文档记录,您的请求可以在大约三行中完成。
#2
1
You do not need a wsgi middleware here and can easily use django middleware.
这里不需要一个wsgi中间件,可以轻松地使用django中间件。
some_app/middleware.py
some_app / middleware.py
from django.http import HttpResponseForbidden
class AuthenticateMiddleware(object):
def process_request(self, request):
#do something with request.path
if request.user.is_authenticated():
#can do something or just pass
#but do not return a response from here
else:
#return a response from here so that view doesn't get called
return HttpResponseForbidden()
process_request() of any middleware is called before the view is processed. If you return an instance of HttpResponse from this method then the view will not be called. Since HttpResponseForbidden is a subclass of HttpResponse, so the view will not be called if the user is not authenticated.
在处理视图之前调用任何中间件的process_request()。如果您从这个方法返回一个HttpResponse实例,那么将不会调用这个视图。因为HttpResponseForbidden是HttpResponse的一个子类,所以如果用户没有经过身份验证,视图就不会被调用。
You need to add this custom middleware to MIDDLEWARE_CLASSES.
您需要将此自定义中间件添加到MIDDLEWARE_CLASSES。
settings.py
settings.py
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'some_app.middleware.AuthenticationMiddleware',
)
#1
1
Why do you want to do this as a WSGI middleware, specifically? Django doesn't operate particularly well with those - there was some work a few years ago to try and harmonize Django middleware with WSGI middleware, but it didn't really get anywhere.
为什么要将其作为WSGI中间件进行呢?Django的操作并不特别好——几年前还有些工作要尝试用WSGI中间件来协调Django中间件,但它并没有真正实现。
Django has its own version of middleware, which is very well documented, and your request could be done in about three lines.
Django有自己的中间件版本,该版本有很好的文档记录,您的请求可以在大约三行中完成。
#2
1
You do not need a wsgi middleware here and can easily use django middleware.
这里不需要一个wsgi中间件,可以轻松地使用django中间件。
some_app/middleware.py
some_app / middleware.py
from django.http import HttpResponseForbidden
class AuthenticateMiddleware(object):
def process_request(self, request):
#do something with request.path
if request.user.is_authenticated():
#can do something or just pass
#but do not return a response from here
else:
#return a response from here so that view doesn't get called
return HttpResponseForbidden()
process_request() of any middleware is called before the view is processed. If you return an instance of HttpResponse from this method then the view will not be called. Since HttpResponseForbidden is a subclass of HttpResponse, so the view will not be called if the user is not authenticated.
在处理视图之前调用任何中间件的process_request()。如果您从这个方法返回一个HttpResponse实例,那么将不会调用这个视图。因为HttpResponseForbidden是HttpResponse的一个子类,所以如果用户没有经过身份验证,视图就不会被调用。
You need to add this custom middleware to MIDDLEWARE_CLASSES.
您需要将此自定义中间件添加到MIDDLEWARE_CLASSES。
settings.py
settings.py
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'some_app.middleware.AuthenticationMiddleware',
)