Last active
February 10, 2021 02:39
-
-
Save Schnouki/32603c54bcd126fa86ea1fa15ac1b82a to your computer and use it in GitHub Desktop.
WhiteNoiseMiddleware that restrics access to sourcemaps to authorized users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import fnmatch | |
from django.conf import settings | |
from django.http import HttpResponseForbidden | |
from whitenoise.middleware import WhiteNoiseMiddleware | |
class AuthenticatedWhiteNoiseMiddleware(WhiteNoiseMiddleware): | |
def __init__(self, *args, **kwargs): | |
super().__init__(*args, **kwargs) | |
self.auth_paths = getattr(settings, 'WHITENOISE_AUTHENTICATED_PATHS', None) or [] | |
self.auth_cookie = getattr(settings, 'WHITENOISE_AUTH_COOKIE', None) | |
self.auth_cookie_domain = getattr(settings, 'WHITENOISE_AUTH_COOKIE_DOMAIN', None) | |
self.auth_cookie_secure = getattr(settings, 'WHITENOISE_AUTH_COOKIE_SECURE', None) | |
def __call__(self, request): | |
response = super().__call__(request) | |
response = self.process_response(request, response) | |
return response | |
def process_response(self, request, response): | |
if self.auth_cookie and hasattr(request, "user") and request.user.is_staff: | |
# User is authorized: add the auth cookie. | |
response.set_signed_cookie(self.auth_cookie, "1", | |
domain=self.auth_cookie_domain, | |
secure=self.auth_cookie_secure, | |
httponly=True) | |
return response | |
def serve(self, static_file, request): | |
if self.auth_cookie: | |
# Configured to enable authentication, let's do it! | |
path = request.path_info | |
auth_needed = any(fnmatch.fnmatch(path, pattern) for pattern in self.auth_paths) | |
if auth_needed and not request.get_signed_cookie(self.auth_cookie, default=False): | |
# Not authenticated even if needed: too bad… | |
return HttpResponseForbidden() | |
return super().serve(static_file, request) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WHITENOISE_AUTHENTICATED_PATHS = ["*.map"] | |
WHITENOISE_AUTH_COOKIE = "__static_auth" | |
WHITENOISE_AUTH_COOKIE_DOMAIN = ".example.com" # Required if statics for www.example.com are on static.example.com | |
WHITENOISE_AUTH_COOKIE_SECURE = not DEBUG |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Oh - I think perhaps I misinterpreted this whole project. Here's what I learned:
Initial Expectation:
Actuality:
On Static files
This explains why requests to URLs -> URLs had process_response working as normal, but for staticfiles, process_response was triggering the above error. But the above error is supposed to be there because we aren't checking authentication via Django but via cookies to bypass the authentication in total. Again, we placed the middleware before authentication thus any requests will NOT have authentication checking capabilities.
Sorry - I'm so new to all this i'm just having a hard time with the entire process of execution to get this working. Again, sorry for bothering you a lot about this - I'm happy to donate as well.