From 3e062aed360ca54c26733b175d00d0d4671f3591 Mon Sep 17 00:00:00 2001
From: Andrew Godwin
Date: Sun, 11 Dec 2022 00:25:48 -0700
Subject: Timelines working

---
 api/middleware.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 api/middleware.py

(limited to 'api/middleware.py')

diff --git a/api/middleware.py b/api/middleware.py
new file mode 100644
index 0000000..84eddca
--- /dev/null
+++ b/api/middleware.py
@@ -0,0 +1,27 @@
+from django.http import HttpResponse
+
+from api.models import Token
+
+
+class ApiTokenMiddleware:
+    """
+    Adds request.user and request.identity if an API token appears.
+    Also nukes request.session so it can't be used accidentally.
+    """
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        auth_header = request.headers.get("authorization", None)
+        if auth_header and auth_header.startswith("Bearer "):
+            token_value = auth_header[7:]
+            try:
+                token = Token.objects.get(token=token_value)
+            except Token.DoesNotExist:
+                return HttpResponse("Invalid Bearer token", status=400)
+            request.user = token.user
+            request.identity = token.identity
+            request.session = None
+        response = self.get_response(request)
+        return response
-- 
cgit v1.2.3