Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-09 08:04:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
django-axes/axes/middleware.py
Rodrigo Nogueira fd78bdfa20 Fix py314-djqa CI checks
2026-03-21 02:54:39 -03:00

82 lines
3.1 KiB
Python
Raw Blame History

from typing import Callable
from asgiref.sync import iscoroutinefunction, markcoroutinefunction, sync_to_async
from django.conf import settings
from django.http import HttpRequest, HttpResponse
from axes.helpers import get_cool_off, get_lockout_response
class AxesMiddleware:
"""
Middleware that calculates necessary HTTP request attributes for attempt monitoring
and maps lockout signals into readable HTTP 403 Forbidden responses.
If a project uses ``django rest framework`` then the middleware updates the
request and checks whether the limit has been exceeded. It's needed only
for integration with DRF because it uses its own request object.
This middleware recognizes a logout monitoring flag in the request and
and uses the ``axes.helpers.get_lockout_response`` handler for returning
customizable and context aware lockout message to the end user if necessary.
To customize the lockout handling behaviour further, you can subclass this middleware
and change the ``__call__`` method to your own liking.
Please see the following configuration flags before customizing this handler:
- ``AXES_LOCKOUT_TEMPLATE``,
- ``AXES_LOCKOUT_URL``,
- ``AXES_COOLOFF_MESSAGE``, and
- ``AXES_PERMALOCK_MESSAGE``.
"""
async_capable = True
sync_capable = True
def __init__(self, get_response: Callable) -> None:
self.get_response = get_response
if iscoroutinefunction(self.get_response):
markcoroutinefunction(self)
@staticmethod
def set_retry_after_header(request: HttpRequest, response: HttpResponse) -> None:
if settings.AXES_ENABLE_RETRY_AFTER_HEADER:
cool_off = get_cool_off(request)
if cool_off is not None:
response["Retry-After"] = str(int(cool_off.total_seconds()))
def build_lockout_response(
self,
request: HttpRequest,
response: HttpResponse,
credentials,
) -> HttpResponse:
response = get_lockout_response(request, response, credentials) # type: ignore
self.set_retry_after_header(request, response)
return response
def __call__(self, request: HttpRequest) -> HttpResponse:
# Exit out to async mode, if needed
if iscoroutinefunction(self):
return self.__acall__(request)
response = self.get_response(request)
if settings.AXES_ENABLED:
if getattr(request, "axes_locked_out", None):
credentials = getattr(request, "axes_credentials", None)
response = self.build_lockout_response(request, response, credentials)
return response
async def __acall__(self, request: HttpRequest) -> HttpResponse:
response = await self.get_response(request)
if settings.AXES_ENABLED:
if getattr(request, "axes_locked_out", None):
credentials = getattr(request, "axes_credentials", None)
response = await sync_to_async(
self.build_lockout_response, thread_sensitive=True
)(request, response, credentials)
return response
Reference in a new issue View git blame Copy permalink