diff options
| author | Andrew Godwin | 2022-12-11 00:25:48 -0700 |
|---|---|---|
| committer | Andrew Godwin | 2022-12-12 11:56:49 -0700 |
| commit | 3e062aed360ca54c26733b175d00d0d4671f3591 (patch) | |
| tree | 6109169ac8886a4e38cf0e9816e56e74417a5ade /api/middleware.py | |
| parent | 1017c71ba1d80a1690e357a938ad46f246a456ae (diff) | |
| download | takahe-3e062aed360ca54c26733b175d00d0d4671f3591.tar.gz takahe-3e062aed360ca54c26733b175d00d0d4671f3591.tar.bz2 takahe-3e062aed360ca54c26733b175d00d0d4671f3591.zip | |
Timelines working
Diffstat (limited to 'api/middleware.py')
| -rw-r--r-- | api/middleware.py | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/api/middleware.py b/api/middleware.py new file mode 100644 index 0000000..84eddca --- /dev/null +++ b/api/middleware.py @@ -0,0 +1,27 @@ +from django.http import HttpResponse + +from api.models import Token + + +class ApiTokenMiddleware: + """ + Adds request.user and request.identity if an API token appears. + Also nukes request.session so it can't be used accidentally. + """ + + def __init__(self, get_response): + self.get_response = get_response + + def __call__(self, request): + auth_header = request.headers.get("authorization", None) + if auth_header and auth_header.startswith("Bearer "): + token_value = auth_header[7:] + try: + token = Token.objects.get(token=token_value) + except Token.DoesNotExist: + return HttpResponse("Invalid Bearer token", status=400) + request.user = token.user + request.identity = token.identity + request.session = None + response = self.get_response(request) + return response |