diff options
Diffstat (limited to 'webapp/django/middleware')
| -rw-r--r-- | webapp/django/middleware/__init__.py | 0 | ||||
| -rw-r--r-- | webapp/django/middleware/cache.py | 155 | ||||
| -rw-r--r-- | webapp/django/middleware/common.py | 134 | ||||
| -rw-r--r-- | webapp/django/middleware/doc.py | 18 | ||||
| -rw-r--r-- | webapp/django/middleware/gzip.py | 39 | ||||
| -rw-r--r-- | webapp/django/middleware/http.py | 55 | ||||
| -rw-r--r-- | webapp/django/middleware/locale.py | 25 | ||||
| -rw-r--r-- | webapp/django/middleware/transaction.py | 27 |
8 files changed, 453 insertions, 0 deletions
diff --git a/webapp/django/middleware/__init__.py b/webapp/django/middleware/__init__.py new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/webapp/django/middleware/__init__.py diff --git a/webapp/django/middleware/cache.py b/webapp/django/middleware/cache.py new file mode 100644 index 0000000000..28e878400a --- /dev/null +++ b/webapp/django/middleware/cache.py @@ -0,0 +1,155 @@ +""" +Cache middleware. If enabled, each Django-powered page will be cached based on +URL. The canonical way to enable cache middleware is to set +``UpdateCacheMiddleware`` as your first piece of middleware, and +``FetchFromCacheMiddleware`` as the last:: + + MIDDLEWARE_CLASSES = [ + 'django.middleware.cache.UpdateCacheMiddleware', + ... + 'django.middleware.cache.FetchFromCacheMiddleware' + ] + +This is counter-intuitive, but correct: ``UpdateCacheMiddleware`` needs to run +last during the response phase, which processes middleware bottom-up; +``FetchFromCacheMiddleware`` needs to run last during the request phase, which +processes middleware top-down. + +The single-class ``CacheMiddleware`` can be used for some simple sites. +However, if any other piece of middleware needs to affect the cache key, you'll +need to use the two-part ``UpdateCacheMiddleware`` and +``FetchFromCacheMiddleware``. This'll most often happen when you're using +Django's ``LocaleMiddleware``. + +More details about how the caching works: + +* Only parameter-less GET or HEAD-requests with status code 200 are cached. + +* The number of seconds each page is stored for is set by the "max-age" section + of the response's "Cache-Control" header, falling back to the + CACHE_MIDDLEWARE_SECONDS setting if the section was not found. + +* If CACHE_MIDDLEWARE_ANONYMOUS_ONLY is set to True, only anonymous requests + (i.e., those not made by a logged-in user) will be cached. This is a simple + and effective way of avoiding the caching of the Django admin (and any other + user-specific content). + +* This middleware expects that a HEAD request is answered with a response + exactly like the corresponding GET request. + +* When a hit occurs, a shallow copy of the original response object is returned + from process_request. + +* Pages will be cached based on the contents of the request headers listed in + the response's "Vary" header. + +* This middleware also sets ETag, Last-Modified, Expires and Cache-Control + headers on the response object. + +""" + +from django.conf import settings +from django.core.cache import cache +from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age + +class UpdateCacheMiddleware(object): + """ + Response-phase cache middleware that updates the cache if the response is + cacheable. + + Must be used as part of the two-part update/fetch cache middleware. + UpdateCacheMiddleware must be the first piece of middleware in + MIDDLEWARE_CLASSES so that it'll get called last during the response phase. + """ + def __init__(self): + self.cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS + self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX + self.cache_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False) + + def process_response(self, request, response): + """Sets the cache, if needed.""" + if not hasattr(request, '_cache_update_cache') or not request._cache_update_cache: + # We don't need to update the cache, just return. + return response + if request.method != 'GET': + # This is a stronger requirement than above. It is needed + # because of interactions between this middleware and the + # HTTPMiddleware, which throws the body of a HEAD-request + # away before this middleware gets a chance to cache it. + return response + if not response.status_code == 200: + return response + # Try to get the timeout from the "max-age" section of the "Cache- + # Control" header before reverting to using the default cache_timeout + # length. + timeout = get_max_age(response) + if timeout == None: + timeout = self.cache_timeout + elif timeout == 0: + # max-age was set to 0, don't bother caching. + return response + patch_response_headers(response, timeout) + cache_key = learn_cache_key(request, response, timeout, self.key_prefix) + cache.set(cache_key, response, timeout) + return response + +class FetchFromCacheMiddleware(object): + """ + Request-phase cache middleware that fetches a page from the cache. + + Must be used as part of the two-part update/fetch cache middleware. + FetchFromCacheMiddleware must be the last piece of middleware in + MIDDLEWARE_CLASSES so that it'll get called last during the request phase. + """ + def __init__(self): + self.cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS + self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX + self.cache_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False) + + def process_request(self, request): + """ + Checks whether the page is already cached and returns the cached + version if available. + """ + if self.cache_anonymous_only: + assert hasattr(request, 'user'), "The Django cache middleware with CACHE_MIDDLEWARE_ANONYMOUS_ONLY=True requires authentication middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' before the CacheMiddleware." + + if not request.method in ('GET', 'HEAD') or request.GET: + request._cache_update_cache = False + return None # Don't bother checking the cache. + + if self.cache_anonymous_only and request.user.is_authenticated(): + request._cache_update_cache = False + return None # Don't cache requests from authenticated users. + + cache_key = get_cache_key(request, self.key_prefix) + if cache_key is None: + request._cache_update_cache = True + return None # No cache information available, need to rebuild. + + response = cache.get(cache_key, None) + if response is None: + request._cache_update_cache = True + return None # No cache information available, need to rebuild. + + request._cache_update_cache = False + return response + +class CacheMiddleware(UpdateCacheMiddleware, FetchFromCacheMiddleware): + """ + Cache middleware that provides basic behavior for many simple sites. + + Also used as the hook point for the cache decorator, which is generated + using the decorator-from-middleware utility. + """ + def __init__(self, cache_timeout=None, key_prefix=None, cache_anonymous_only=None): + self.cache_timeout = cache_timeout + if cache_timeout is None: + self.cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS + self.key_prefix = key_prefix + if key_prefix is None: + self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX + if cache_anonymous_only is None: + self.cache_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False) + else: + self.cache_anonymous_only = cache_anonymous_only diff --git a/webapp/django/middleware/common.py b/webapp/django/middleware/common.py new file mode 100644 index 0000000000..270ab995bb --- /dev/null +++ b/webapp/django/middleware/common.py @@ -0,0 +1,134 @@ +import re + +from django.conf import settings +from django import http +from django.core.mail import mail_managers +from django.utils.http import urlquote +from django.core import urlresolvers +from django.utils.hashcompat import md5_constructor + +class CommonMiddleware(object): + """ + "Common" middleware for taking care of some basic operations: + + - Forbids access to User-Agents in settings.DISALLOWED_USER_AGENTS + + - URL rewriting: Based on the APPEND_SLASH and PREPEND_WWW settings, + this middleware appends missing slashes and/or prepends missing + "www."s. + + - If APPEND_SLASH is set and the initial URL doesn't end with a + slash, and it is not found in urlpatterns, a new URL is formed by + appending a slash at the end. If this new URL is found in + urlpatterns, then an HTTP-redirect is returned to this new URL; + otherwise the initial URL is processed as usual. + + - ETags: If the USE_ETAGS setting is set, ETags will be calculated from + the entire page content and Not Modified responses will be returned + appropriately. + """ + + def process_request(self, request): + """ + Check for denied User-Agents and rewrite the URL based on + settings.APPEND_SLASH and settings.PREPEND_WWW + """ + + # Check for denied User-Agents + if 'HTTP_USER_AGENT' in request.META: + for user_agent_regex in settings.DISALLOWED_USER_AGENTS: + if user_agent_regex.search(request.META['HTTP_USER_AGENT']): + return http.HttpResponseForbidden('<h1>Forbidden</h1>') + + # Check for a redirect based on settings.APPEND_SLASH + # and settings.PREPEND_WWW + host = request.get_host() + old_url = [host, request.path] + new_url = old_url[:] + + if (settings.PREPEND_WWW and old_url[0] and + not old_url[0].startswith('www.')): + new_url[0] = 'www.' + old_url[0] + + # Append a slash if APPEND_SLASH is set and the URL doesn't have a + # trailing slash and there is no pattern for the current path + if settings.APPEND_SLASH and (not old_url[1].endswith('/')): + try: + urlresolvers.resolve(request.path_info) + except urlresolvers.Resolver404: + new_url[1] = new_url[1] + '/' + if settings.DEBUG and request.method == 'POST': + raise RuntimeError, ("" + "You called this URL via POST, but the URL doesn't end " + "in a slash and you have APPEND_SLASH set. Django can't " + "redirect to the slash URL while maintaining POST data. " + "Change your form to point to %s%s (note the trailing " + "slash), or set APPEND_SLASH=False in your Django " + "settings.") % (new_url[0], new_url[1]) + + if new_url != old_url: + # Redirect if the target url exists + try: + urlresolvers.resolve("%s/" % request.path_info) + except urlresolvers.Resolver404: + pass + else: + if new_url[0]: + newurl = "%s://%s%s" % ( + request.is_secure() and 'https' or 'http', + new_url[0], urlquote(new_url[1])) + else: + newurl = urlquote(new_url[1]) + if request.GET: + newurl += '?' + request.GET.urlencode() + return http.HttpResponsePermanentRedirect(newurl) + + return None + + def process_response(self, request, response): + "Check for a flat page (for 404s) and calculate the Etag, if needed." + if response.status_code == 404: + if settings.SEND_BROKEN_LINK_EMAILS: + # If the referrer was from an internal link or a non-search-engine site, + # send a note to the managers. + domain = request.get_host() + referer = request.META.get('HTTP_REFERER', None) + is_internal = _is_internal_request(domain, referer) + path = request.get_full_path() + if referer and not _is_ignorable_404(path) and (is_internal or '?' not in referer): + ua = request.META.get('HTTP_USER_AGENT', '<none>') + ip = request.META.get('REMOTE_ADDR', '<none>') + mail_managers("Broken %slink on %s" % ((is_internal and 'INTERNAL ' or ''), domain), + "Referrer: %s\nRequested URL: %s\nUser agent: %s\nIP address: %s\n" \ + % (referer, request.get_full_path(), ua, ip)) + return response + + # Use ETags, if requested. + if settings.USE_ETAGS: + if response.has_header('ETag'): + etag = response['ETag'] + else: + etag = '"%s"' % md5_constructor(response.content).hexdigest() + if response.status_code >= 200 and response.status_code < 300 and request.META.get('HTTP_IF_NONE_MATCH') == etag: + cookies = response.cookies + response = http.HttpResponseNotModified() + response.cookies = cookies + else: + response['ETag'] = etag + + return response + +def _is_ignorable_404(uri): + "Returns True if a 404 at the given URL *shouldn't* notify the site managers" + for start in settings.IGNORABLE_404_STARTS: + if uri.startswith(start): + return True + for end in settings.IGNORABLE_404_ENDS: + if uri.endswith(end): + return True + return False + +def _is_internal_request(domain, referer): + "Return true if the referring URL is the same domain as the current request" + # Different subdomains are treated as different domains. + return referer is not None and re.match("^https?://%s/" % re.escape(domain), referer) diff --git a/webapp/django/middleware/doc.py b/webapp/django/middleware/doc.py new file mode 100644 index 0000000000..48c155c392 --- /dev/null +++ b/webapp/django/middleware/doc.py @@ -0,0 +1,18 @@ +from django.conf import settings +from django import http + +class XViewMiddleware(object): + """ + Adds an X-View header to internal HEAD requests -- used by the documentation system. + """ + def process_view(self, request, view_func, view_args, view_kwargs): + """ + If the request method is HEAD and either the IP is internal or the + user is a logged-in staff member, quickly return with an x-header + indicating the view function. This is used by the documentation module + to lookup the view function for an arbitrary page. + """ + if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff)): + response = http.HttpResponse() + response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__) + return response diff --git a/webapp/django/middleware/gzip.py b/webapp/django/middleware/gzip.py new file mode 100644 index 0000000000..3b849801da --- /dev/null +++ b/webapp/django/middleware/gzip.py @@ -0,0 +1,39 @@ +import re + +from django.utils.text import compress_string +from django.utils.cache import patch_vary_headers + +re_accepts_gzip = re.compile(r'\bgzip\b') + +class GZipMiddleware(object): + """ + This middleware compresses content if the browser allows gzip compression. + It sets the Vary header accordingly, so that caches will base their storage + on the Accept-Encoding header. + """ + def process_response(self, request, response): + # It's not worth compressing non-OK or really short responses. + if response.status_code != 200 or len(response.content) < 200: + return response + + patch_vary_headers(response, ('Accept-Encoding',)) + + # Avoid gzipping if we've already got a content-encoding. + if response.has_header('Content-Encoding'): + return response + + # Older versions of IE have issues with gzipped pages containing either + # Javascript and PDF. + if "msie" in request.META.get('HTTP_USER_AGENT', '').lower(): + ctype = response.get('Content-Type', '').lower() + if "javascript" in ctype or ctype == "application/pdf": + return response + + ae = request.META.get('HTTP_ACCEPT_ENCODING', '') + if not re_accepts_gzip.search(ae): + return response + + response.content = compress_string(response.content) + response['Content-Encoding'] = 'gzip' + response['Content-Length'] = str(len(response.content)) + return response diff --git a/webapp/django/middleware/http.py b/webapp/django/middleware/http.py new file mode 100644 index 0000000000..53b65c1034 --- /dev/null +++ b/webapp/django/middleware/http.py @@ -0,0 +1,55 @@ +from django.utils.http import http_date + +class ConditionalGetMiddleware(object): + """ + Handles conditional GET operations. If the response has a ETag or + Last-Modified header, and the request has If-None-Match or + If-Modified-Since, the response is replaced by an HttpNotModified. + + Also sets the Date and Content-Length response-headers. + """ + def process_response(self, request, response): + response['Date'] = http_date() + if not response.has_header('Content-Length'): + response['Content-Length'] = str(len(response.content)) + + if response.has_header('ETag'): + if_none_match = request.META.get('HTTP_IF_NONE_MATCH', None) + if if_none_match == response['ETag']: + # Setting the status is enough here. The response handling path + # automatically removes content for this status code (in + # http.conditional_content_removal()). + response.status_code = 304 + + if response.has_header('Last-Modified'): + if_modified_since = request.META.get('HTTP_IF_MODIFIED_SINCE', None) + if if_modified_since == response['Last-Modified']: + # Setting the status code is enough here (same reasons as + # above). + response.status_code = 304 + + return response + +class SetRemoteAddrFromForwardedFor(object): + """ + Middleware that sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, if the + latter is set. This is useful if you're sitting behind a reverse proxy that + causes each request's REMOTE_ADDR to be set to 127.0.0.1. + + Note that this does NOT validate HTTP_X_FORWARDED_FOR. If you're not behind + a reverse proxy that sets HTTP_X_FORWARDED_FOR automatically, do not use + this middleware. Anybody can spoof the value of HTTP_X_FORWARDED_FOR, and + because this sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, that means + anybody can "fake" their IP address. Only use this when you can absolutely + trust the value of HTTP_X_FORWARDED_FOR. + """ + def process_request(self, request): + try: + real_ip = request.META['HTTP_X_FORWARDED_FOR'] + except KeyError: + return None + else: + # HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs. The + # client's IP will be the first one. + real_ip = real_ip.split(",")[0].strip() + request.META['REMOTE_ADDR'] = real_ip diff --git a/webapp/django/middleware/locale.py b/webapp/django/middleware/locale.py new file mode 100644 index 0000000000..b5e4949378 --- /dev/null +++ b/webapp/django/middleware/locale.py @@ -0,0 +1,25 @@ +"this is the locale selecting middleware that will look at accept headers" + +from django.utils.cache import patch_vary_headers +from django.utils import translation + +class LocaleMiddleware(object): + """ + This is a very simple middleware that parses a request + and decides what translation object to install in the current + thread context. This allows pages to be dynamically + translated to the language the user desires (if the language + is available, of course). + """ + + def process_request(self, request): + language = translation.get_language_from_request(request) + translation.activate(language) + request.LANGUAGE_CODE = translation.get_language() + + def process_response(self, request, response): + patch_vary_headers(response, ('Accept-Language',)) + if 'Content-Language' not in response: + response['Content-Language'] = translation.get_language() + translation.deactivate() + return response diff --git a/webapp/django/middleware/transaction.py b/webapp/django/middleware/transaction.py new file mode 100644 index 0000000000..96b1538d9d --- /dev/null +++ b/webapp/django/middleware/transaction.py @@ -0,0 +1,27 @@ +from django.db import transaction + +class TransactionMiddleware(object): + """ + Transaction middleware. If this is enabled, each view function will be run + with commit_on_response activated - that way a save() doesn't do a direct + commit, the commit is done when a successful response is created. If an + exception happens, the database is rolled back. + """ + def process_request(self, request): + """Enters transaction management""" + transaction.enter_transaction_management() + transaction.managed(True) + + def process_exception(self, request, exception): + """Rolls back the database and leaves transaction management""" + if transaction.is_dirty(): + transaction.rollback() + transaction.leave_transaction_management() + + def process_response(self, request, response): + """Commits and leaves transaction management.""" + if transaction.is_managed(): + if transaction.is_dirty(): + transaction.commit() + transaction.leave_transaction_management() + return response |