django1/django/middleware/http.py

import datetime

class ConditionalGetMiddleware(object):
    """
    Handles conditional GET operations. If the response has a ETag or
    Last-Modified header, and the request has If-None-Match or
    If-Modified-Since, the response is replaced by an HttpNotModified.

    Removes the content from any response to a HEAD request.

    Also sets the Date and Content-Length response-headers.
    """
    def process_response(self, request, response):
        now = datetime.datetime.utcnow()
        response['Date'] = now.strftime('%a, %d %b %Y %H:%M:%S GMT')
        if not response.has_header('Content-Length'):
            response['Content-Length'] = str(len(response.content))

        if response.has_header('ETag'):
            if_none_match = request.META.get('HTTP_IF_NONE_MATCH', None)
            if if_none_match == response['ETag']:
                response.status_code = 304
                response.content = ''
                response['Content-Length'] = '0'

        if response.has_header('Last-Modified'):
            last_mod = response['Last-Modified']
            if_modified_since = request.META.get('HTTP_IF_MODIFIED_SINCE', None)
            if if_modified_since == response['Last-Modified']:
                response.status_code = 304
                response.content = ''
                response['Content-Length'] = '0'

        if request.method == 'HEAD':
            response.content = ''

        return response

class SetRemoteAddrFromForwardedFor(object):
    """
    Middleware that sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, if the
    latter is set. This is useful if you're sitting behind a reverse proxy that
    causes each request's REMOTE_ADDR to be set to 127.0.0.1.

    Note that this does NOT validate HTTP_X_FORWARDED_FOR. If you're not behind
    a reverse proxy that sets HTTP_X_FORWARDED_FOR automatically, do not use
    this middleware. Anybody can spoof the value of HTTP_X_FORWARDED_FOR, and
    because this sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, that means
    anybody can "fake" their IP address. Only use this when you can absolutely
    trust the value of HTTP_X_FORWARDED_FOR.
    """
    def process_request(self, request):
        try:
            real_ip = request.META['HTTP_X_FORWARDED_FOR']
        except KeyError:
            return None
        else:
            # HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
            # Take just the first one.
            real_ip = real_ip.split(",")[0]
            request.META['REMOTE_ADDR'] = real_ip
Fixed #580 -- Added mega support for generating Vary headers, including some view decorators, and changed the CacheMiddleware to account for the Vary header. Also added GZipMiddleware and ConditionalGetMiddleware, which are no longer handled by CacheMiddleware itself. Also updated the cache.txt and middleware.txt docs. Thanks to Hugo and Sune for the excellent patches git-svn-id: http://code.djangoproject.com/svn/django/trunk@810 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-10-09 08:55:08 +08:00			`import datetime`

Fixed #2109 -- Convert old-style classes to new-style classes throughout Django. Thanks, Nicola Larosa git-svn-id: http://code.djangoproject.com/svn/django/trunk@3113 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-06-08 13:00:13 +08:00			`class ConditionalGetMiddleware(object):`
Fixed #580 -- Added mega support for generating Vary headers, including some view decorators, and changed the CacheMiddleware to account for the Vary header. Also added GZipMiddleware and ConditionalGetMiddleware, which are no longer handled by CacheMiddleware itself. Also updated the cache.txt and middleware.txt docs. Thanks to Hugo and Sune for the excellent patches git-svn-id: http://code.djangoproject.com/svn/django/trunk@810 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-10-09 08:55:08 +08:00			`"""`
			`Handles conditional GET operations. If the response has a ETag or`
			`Last-Modified header, and the request has If-None-Match or`
			`If-Modified-Since, the response is replaced by an HttpNotModified.`

			`Removes the content from any response to a HEAD request.`

			`Also sets the Date and Content-Length response-headers.`
			`"""`
			`def process_response(self, request, response):`
			`now = datetime.datetime.utcnow()`
			`response['Date'] = now.strftime('%a, %d %b %Y %H:%M:%S GMT')`
			`if not response.has_header('Content-Length'):`
			`response['Content-Length'] = str(len(response.content))`

			`if response.has_header('ETag'):`
			`if_none_match = request.META.get('HTTP_IF_NONE_MATCH', None)`
			`if if_none_match == response['ETag']:`
			`response.status_code = 304`
			`response.content = ''`
			`response['Content-Length'] = '0'`

			`if response.has_header('Last-Modified'):`
			`last_mod = response['Last-Modified']`
			`if_modified_since = request.META.get('HTTP_IF_MODIFIED_SINCE', None)`
			`if if_modified_since == response['Last-Modified']:`
			`response.status_code = 304`
			`response.content = ''`
			`response['Content-Length'] = '0'`

Converted request.META['REQUEST_METHOD'] calls to request.method, throughout the Django codebase git-svn-id: http://code.djangoproject.com/svn/django/trunk@3171 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-06-20 12:34:13 +08:00			`if request.method == 'HEAD':`
Fixed #580 -- Added mega support for generating Vary headers, including some view decorators, and changed the CacheMiddleware to account for the Vary header. Also added GZipMiddleware and ConditionalGetMiddleware, which are no longer handled by CacheMiddleware itself. Also updated the cache.txt and middleware.txt docs. Thanks to Hugo and Sune for the excellent patches git-svn-id: http://code.djangoproject.com/svn/django/trunk@810 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-10-09 08:55:08 +08:00			`response.content = ''`

			`return response`
Fixed #2552 -- Added SetRemoteAddrFromForwardedFor middleware and documentation. Thanks, Ian Holsman git-svn-id: http://code.djangoproject.com/svn/django/trunk@3602 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-18 11:12:36 +08:00
			`class SetRemoteAddrFromForwardedFor(object):`
			`"""`
			`Middleware that sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, if the`
			`latter is set. This is useful if you're sitting behind a reverse proxy that`
			`causes each request's REMOTE_ADDR to be set to 127.0.0.1.`

			`Note that this does NOT validate HTTP_X_FORWARDED_FOR. If you're not behind`
			`a reverse proxy that sets HTTP_X_FORWARDED_FOR automatically, do not use`
			`this middleware. Anybody can spoof the value of HTTP_X_FORWARDED_FOR, and`
			`because this sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, that means`
			`anybody can "fake" their IP address. Only use this when you can absolutely`
			`trust the value of HTTP_X_FORWARDED_FOR.`
			`"""`
			`def process_request(self, request):`
			`try:`
			`real_ip = request.META['HTTP_X_FORWARDED_FOR']`
			`except KeyError:`
			`return None`
			`else:`
			`# HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.`
			`# Take just the first one.`
			`real_ip = real_ip.split(",")[0]`
			`request.META['REMOTE_ADDR'] = real_ip`