django-auditlog/auditlog/middleware.py

import threading
import time
from functools import partial

from django.apps import apps
from django.conf import settings
from django.db.models.signals import pre_save
from django.utils.deprecation import MiddlewareMixin

from auditlog.models import LogEntry

threadlocal = threading.local()


class AuditlogMiddleware(MiddlewareMixin):
    """
    Middleware to couple the request's user to log items. This is accomplished by currying the signal receiver with the
    user from the request (or None if the user is not authenticated).
    """

    def process_request(self, request):
        """
        Gets the current user from the request and prepares and connects a signal receiver with the user already
        attached to it.
        """
        # Initialize thread local storage
        threadlocal.auditlog = {
            "signal_duid": (self.__class__, time.time()),
            "remote_addr": request.META.get("REMOTE_ADDR"),
        }

        # In case of proxy, set 'original' address
        if request.META.get("HTTP_X_FORWARDED_FOR"):
            threadlocal.auditlog["remote_addr"] = request.META.get(
                "HTTP_X_FORWARDED_FOR"
            ).split(",")[0]

        # Connect signal for automatic logging
        if hasattr(request, "user") and getattr(
            request.user, "is_authenticated", False
        ):
            set_actor = partial(
                self.set_actor,
                user=request.user,
                signal_duid=threadlocal.auditlog["signal_duid"],
            )
            pre_save.connect(
                set_actor,
                sender=LogEntry,
                dispatch_uid=threadlocal.auditlog["signal_duid"],
                weak=False,
            )

    def process_response(self, request, response):
        """
        Disconnects the signal receiver to prevent it from staying active.
        """
        if hasattr(threadlocal, "auditlog"):
            pre_save.disconnect(
                sender=LogEntry, dispatch_uid=threadlocal.auditlog["signal_duid"]
            )

        return response

    def process_exception(self, request, exception):
        """
        Disconnects the signal receiver to prevent it from staying active in case of an exception.
        """
        if hasattr(threadlocal, "auditlog"):
            pre_save.disconnect(
                sender=LogEntry, dispatch_uid=threadlocal.auditlog["signal_duid"]
            )

        return None

    @staticmethod
    def set_actor(user, sender, instance, signal_duid, **kwargs):
        """
        Signal receiver with an extra, required 'user' kwarg. This method becomes a real (valid) signal receiver when
        it is curried with the actor.
        """
        if hasattr(threadlocal, "auditlog"):
            if signal_duid != threadlocal.auditlog["signal_duid"]:
                return
            try:
                app_label, model_name = settings.AUTH_USER_MODEL.split(".")
                auth_user_model = apps.get_model(app_label, model_name)
            except ValueError:
                auth_user_model = apps.get_model("auth", "user")
            if (
                sender == LogEntry
                and isinstance(user, auth_user_model)
                and instance.actor is None
            ):
                instance.actor = user

            instance.remote_addr = threadlocal.auditlog["remote_addr"]
Use threadlocals to store middleware data instead of the request 2015-06-03 14:29:40 +00:00			`import threading`
ensure signal disconnection 2014-02-07 19:59:16 +00:00			`import time`
Drop Python 2, support Django 3.0, update dependencies 2020-04-22 20:28:29 +00:00			`from functools import partial`
ensure signal disconnection 2014-02-07 19:59:16 +00:00
Drop Python 2, support Django 3.0, update dependencies 2020-04-22 20:28:29 +00:00			`from django.apps import apps`
Make LogEntry and middleware compatible with custom user models 2013-10-20 17:24:33 +00:00			`from django.conf import settings`
First implementation 2013-10-20 13:25:48 +00:00			`from django.db.models.signals import pre_save`
Drop Python 2, support Django 3.0, update dependencies 2020-04-22 20:28:29 +00:00			`from django.utils.deprecation import MiddlewareMixin`
Update middleware for Django 1.10 2016-08-17 20:45:02 +00:00
Drop Python 2, support Django 3.0, update dependencies 2020-04-22 20:28:29 +00:00			`from auditlog.models import LogEntry`
First implementation 2013-10-20 13:25:48 +00:00
Use threadlocals to store middleware data instead of the request 2015-06-03 14:29:40 +00:00			`threadlocal = threading.local()`


Update middleware for Django 1.10 2016-08-17 20:45:02 +00:00			`class AuditlogMiddleware(MiddlewareMixin):`
First implementation 2013-10-20 13:25:48 +00:00			`"""`
			`Middleware to couple the request's user to log items. This is accomplished by currying the signal receiver with the`
			`user from the request (or None if the user is not authenticated).`
			`"""`

			`def process_request(self, request):`
Extend inline documentation 2013-11-06 19:48:16 +00:00			`"""`
			`Gets the current user from the request and prepares and connects a signal receiver with the user already`
			`attached to it.`
			`"""`
Use threadlocals to store middleware data instead of the request 2015-06-03 14:29:40 +00:00			`# Initialize thread local storage`
			`threadlocal.auditlog = {`
Add black and format files with black. 2020-12-06 20:29:24 +00:00			`"signal_duid": (self.__class__, time.time()),`
			`"remote_addr": request.META.get("REMOTE_ADDR"),`
Use threadlocals to store middleware data instead of the request 2015-06-03 14:29:40 +00:00			`}`

			`# In case of proxy, set 'original' address`
Add black and format files with black. 2020-12-06 20:29:24 +00:00			`if request.META.get("HTTP_X_FORWARDED_FOR"):`
			`threadlocal.auditlog["remote_addr"] = request.META.get(`
			`"HTTP_X_FORWARDED_FOR"`
			`).split(",")[0]`
Use threadlocals to store middleware data instead of the request 2015-06-03 14:29:40 +00:00
			`# Connect signal for automatic logging`
Add black and format files with black. 2020-12-06 20:29:24 +00:00			`if hasattr(request, "user") and getattr(`
			`request.user, "is_authenticated", False`
			`):`
			`set_actor = partial(`
			`self.set_actor,`
			`user=request.user,`
			`signal_duid=threadlocal.auditlog["signal_duid"],`
			`)`
			`pre_save.connect(`
			`set_actor,`
			`sender=LogEntry,`
			`dispatch_uid=threadlocal.auditlog["signal_duid"],`
			`weak=False,`
			`)`
First implementation 2013-10-20 13:25:48 +00:00
			`def process_response(self, request, response):`
Extend inline documentation 2013-11-06 19:48:16 +00:00			`"""`
			`Disconnects the signal receiver to prevent it from staying active.`
			`"""`
Add black and format files with black. 2020-12-06 20:29:24 +00:00			`if hasattr(threadlocal, "auditlog"):`
			`pre_save.disconnect(`
			`sender=LogEntry, dispatch_uid=threadlocal.auditlog["signal_duid"]`
			`)`
ensure signal disconnection 2014-02-07 19:59:16 +00:00
			`return response`

			`def process_exception(self, request, exception):`
			`"""`
			`Disconnects the signal receiver to prevent it from staying active in case of an exception.`
			`"""`
Add black and format files with black. 2020-12-06 20:29:24 +00:00			`if hasattr(threadlocal, "auditlog"):`
			`pre_save.disconnect(`
			`sender=LogEntry, dispatch_uid=threadlocal.auditlog["signal_duid"]`
			`)`
Extend inline documentation 2013-11-06 19:48:16 +00:00
process_exception returns None 2014-02-07 20:02:03 +00:00			`return None`
First implementation 2013-10-20 13:25:48 +00:00
Make the set_actor method from the middleware static. Also, catch only the relevant exception. 2013-12-18 16:16:39 +00:00			`@staticmethod`
implemented suggested fix in #72 2016-11-02 13:30:05 +00:00			`def set_actor(user, sender, instance, signal_duid, **kwargs):`
Extend inline documentation 2013-11-06 19:48:16 +00:00			`"""`
			`Signal receiver with an extra, required 'user' kwarg. This method becomes a real (valid) signal receiver when`
			`it is curried with the actor.`
			`"""`
Add black and format files with black. 2020-12-06 20:29:24 +00:00			`if hasattr(threadlocal, "auditlog"):`
			`if signal_duid != threadlocal.auditlog["signal_duid"]:`
(bugfix) Adds hasattr check before threadlocal.auditlog access in set_actor middleware.set_actor was inconsistent with other methods in checking for hasattr(threadlocal, 'auditlog') 2018-01-04 19:07:13 +00:00			`return`
			`try:`
Add black and format files with black. 2020-12-06 20:29:24 +00:00			`app_label, model_name = settings.AUTH_USER_MODEL.split(".")`
(bugfix) Adds hasattr check before threadlocal.auditlog access in set_actor middleware.set_actor was inconsistent with other methods in checking for hasattr(threadlocal, 'auditlog') 2018-01-04 19:07:13 +00:00			`auth_user_model = apps.get_model(app_label, model_name)`
			`except ValueError:`
Add black and format files with black. 2020-12-06 20:29:24 +00:00			`auth_user_model = apps.get_model("auth", "user")`
			`if (`
			`sender == LogEntry`
			`and isinstance(user, auth_user_model)`
			`and instance.actor is None`
			`):`
(bugfix) Adds hasattr check before threadlocal.auditlog access in set_actor middleware.set_actor was inconsistent with other methods in checking for hasattr(threadlocal, 'auditlog') 2018-01-04 19:07:13 +00:00			`instance.actor = user`

Add black and format files with black. 2020-12-06 20:29:24 +00:00			`instance.remote_addr = threadlocal.auditlog["remote_addr"]`