Properly auth the Django way with DRF JWT Token

drf-middleware.py

import jwt

from django.utils.functional import SimpleLazyObject
from django.contrib.auth.middleware import get_user
from django.contrib.auth.models import AnonymousUser
from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth import logout as do_logout

EXEMPT = ('/get-jwt', '/refresh-jwt', '/google-tokens', '/refresh-google-token')


def csrf_exempt(get_response):

  def middleware(request):
    if request.path.startswith(EXEMPT):
      request._dont_enforce_csrf_checks = True

    response = get_response(request)
    return response

  return middleware


def get_jwt_user(request):
  try:
    token = request.META['HTTP_AUTHORIZATION'].split(' ')[1]
    user_data = jwt.decode(token, settings.SECRET_KEY, algorithm='HS256')

  except:
    return AnonymousUser()

  User = get_user_model()

  try:
    user = User.objects.get(id=user_data['uid'], version=user_data['version'])

  except:
    return AnonymousUser()

  else:
    return user


def jwt_auth(get_response):

  def middleware(request):
    if 'HTTP_AUTHORIZATION' in request.META:
      request.user = SimpleLazyObject(lambda: get_jwt_user(request))

    else:
      request.user = SimpleLazyObject(lambda: get_user(request))

    response = get_response(request)

    return response

  return middleware