siemiatj/middleware.py

## middleware.py
from rte_site.views import flatpage
from django.http import Http404
from django.conf import settings
from django.contrib.sessions.middleware import SessionMiddleware

class NoVarySessionMiddleware(SessionMiddleware):
    """
    SessionMiddleware sets Vary: Cookie anytime request.session is accessed.
    request.session is accessed indirectly anytime request.user is touched.
    We always touch request.user to see if the user is authenticated, so every
    request would be sending vary, so we'd get no caching.

    We skip the cache in Zeus if someone has a session cookie, so varying on
    Cookie at this level only hurts us.
    """

    def process_response(self, request, response):
        # Let SessionMiddleware do its processing but prevent it from changing
        # the Vary header.
        vary = response.get('Vary', None)
        new_response = (super(NoVarySessionMiddleware, self)
                        .process_response(request, response))
        if vary:
            new_response['Vary'] = vary
        else:
            del new_response['Vary']
        return new_response

class SetRemoteAddrFromForwardedFor(object):
    """
    Replaces the Django 1.1 middleware to replace the remote IP with
    the value of the X-Forwarded-For header for use behind reverse proxy
    servers, like load balancers.
    """

    def process_request(self, request):
        try:
            real_ip = request.META['HTTP_X_FORWARDED_FOR']
        except KeyError:
            return None

        real_ip = real_ip.split(',')[0].strip()
        request.META['REMOTE_ADDR'] = real_ip

class FrameOptionsHeader(object):
    """
    Set an X-Frame-Options header. Default to DENY. Set
    response['x-frame-options'] = 'SAMEORIGIN'
    to override.
    """

    def process_response(self, request, response):
        if hasattr(response, 'no_frame_options'):
            return response

        if not 'x-frame-options' in response:
            response['x-frame-options'] = 'DENY'

        return response

class HidePasswordOnException(object):
    """
    Hide passwords in request.POST so they're not recorded in error logging.
    """

    def process_exception(self, request, exception):
        # Get a copy so it's mutable.
        request.POST = request.POST.copy()
        for key in request.POST:
            if 'password' in key.lower():
                request.POST[key] = '******'


class FlatpageFallbackMiddleware(object):
    """Middleware for flatpages
    """
    def process_response(self, request, response):
        if response.status_code != 404:
            return response
        try:
            return flatpage(request, request.path_info)
        except Http404:
            return response
        except:
            if settings.DEBUG:
                raise
            return response
	from rte_site.views import flatpage
	from django.http import Http404
	from django.conf import settings
	from django.contrib.sessions.middleware import SessionMiddleware

	class NoVarySessionMiddleware(SessionMiddleware):
	"""
	SessionMiddleware sets Vary: Cookie anytime request.session is accessed.
	request.session is accessed indirectly anytime request.user is touched.
	We always touch request.user to see if the user is authenticated, so every
	request would be sending vary, so we'd get no caching.

	We skip the cache in Zeus if someone has a session cookie, so varying on
	Cookie at this level only hurts us.
	"""

	def process_response(self, request, response):
	# Let SessionMiddleware do its processing but prevent it from changing
	# the Vary header.
	vary = response.get('Vary', None)
	new_response = (super(NoVarySessionMiddleware, self)
	.process_response(request, response))
	if vary:
	new_response['Vary'] = vary
	else:
	del new_response['Vary']
	return new_response

	class SetRemoteAddrFromForwardedFor(object):
	"""
	Replaces the Django 1.1 middleware to replace the remote IP with
	the value of the X-Forwarded-For header for use behind reverse proxy
	servers, like load balancers.
	"""

	def process_request(self, request):
	try:
	real_ip = request.META['HTTP_X_FORWARDED_FOR']
	except KeyError:
	return None

	real_ip = real_ip.split(',')[0].strip()
	request.META['REMOTE_ADDR'] = real_ip

	class FrameOptionsHeader(object):
	"""
	Set an X-Frame-Options header. Default to DENY. Set
	response['x-frame-options'] = 'SAMEORIGIN'
	to override.
	"""

	def process_response(self, request, response):
	if hasattr(response, 'no_frame_options'):
	return response

	if not 'x-frame-options' in response:
	response['x-frame-options'] = 'DENY'

	return response

	class HidePasswordOnException(object):
	"""
	Hide passwords in request.POST so they're not recorded in error logging.
	"""

	def process_exception(self, request, exception):
	# Get a copy so it's mutable.
	request.POST = request.POST.copy()
	for key in request.POST:
	if 'password' in key.lower():
	request.POST[key] = '******'


	class FlatpageFallbackMiddleware(object):
	"""Middleware for flatpages
	"""
	def process_response(self, request, response):
	if response.status_code != 404:
	return response
	try:
	return flatpage(request, request.path_info)
	except Http404:
	return response
	except:
	if settings.DEBUG:
	raise
	return response