Skip to content

Commit b697209

Browse files
tcitrytcitry
committed
support api prefix list
1 parent ecd358d commit b697209

File tree

1 file changed

+30
-29
lines changed

1 file changed

+30
-29
lines changed

api_permission/middleware.py

Lines changed: 30 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -5,64 +5,65 @@
55
from rest_framework import status
66
from .exceptions import APIPermissionException
77
from .models import APIPermissionModel
8-
from .api_settings import API_PREFIX
8+
from .api_settings import API_PREFIX, PERMISSION_DENIED_CODE, API_AUTHORIZATION_HEADER, ADMIN_SITE_PATH
99
import logging
1010
import re
1111

1212

13-
logger = logging.getLogger(__name__)
14-
15-
1613
class APIPermCheckMiddleware(MiddlewareMixin):
1714

1815
def process_request(self, request):
1916
path = request.path
2017
method = request.method
21-
header_token = request.META.get('HTTP_AUTHORIZATION', None)
18+
header_token = request.META.get(API_AUTHORIZATION_HEADER, None)
2219
user = request.user or AnonymousUser()
2320
if request.user and header_token is not None:
2421
try:
25-
token = header_token.split(' ')
26-
assert len(token) == 2, "token maybe invalid"
27-
token_obj = Token.objects.get(key=token[1])
22+
token = header_token.strip().split(' ')
23+
assert len(token) > 0, f"token maybe invalid: {header_token}"
24+
token_obj = Token.objects.get(key=token[-1])
2825
user = token_obj.user
2926
except Token.DoesNotExist as e:
3027
msg = f"api_permission checker: bearer token not exists: {e}"
31-
logger.warning(msg)
3228
return self._return_403_res(msg)
3329
except Exception as e:
34-
msg = f"APIPermissionException : {e}"
35-
logger.warning(msg)
36-
return self._return_403_res(msg)
30+
msg = f"{e}"
31+
raise APIPermissionException(msg)
3732

38-
logger.debug(f"header_token is:{header_token} user: {user}, method: {method}, path: {path}")
39-
if not path.startswith('/admin/') or not user.is_superuser:
40-
if path.startswith(API_PREFIX):
41-
if not self._has_permission(path, user, method):
42-
res = JsonResponse({
43-
'code': 1,
44-
'msg': f'permission denied: user: {user}, method: {method}, path: {path}',
45-
}, status=status.HTTP_403_FORBIDDEN)
46-
return res
33+
api_prefix_list = []
34+
if type(API_PREFIX) == str:
35+
if API_PREFIX == '/':
36+
api_prefix_list = ['/']
37+
else:
38+
if not API_PREFIX.startswith('/'):
39+
api_prefix_list.append('/' + str(API_PREFIX))
40+
else:
41+
api_prefix_list = API_PREFIX
42+
elif type(API_PREFIX) == list:
43+
for prefix in API_PREFIX:
44+
if not prefix.startswith('/'):
45+
prefix = '/' + str(prefix)
46+
api_prefix_list.append(prefix)
47+
48+
49+
if not path.startswith(ADMIN_SITE_PATH) or not user.is_superuser:
50+
for api_prefix in api_prefix_list:
51+
if path.startswith(api_prefix):
52+
if not self._has_permission(path, user, method):
53+
return self._return_403_res(f'permission denied: user: {user}, method: {method}, path: {path}')
4754

4855
def _has_permission(self, path, user, method):
4956
groups = user.groups.all()
5057
queryset = APIPermissionModel.objects.filter(group__in=groups, method__in=[method, APIPermissionModel.ALL], active=True)
51-
logger.debug(f'api permission queryset count: {queryset.count()}')
5258
for api in queryset:
5359
if re.match(api.pattern, path):
5460
if api.method in [APIPermissionModel.ALL, method]:
5561
return True
56-
else:
57-
logger.debug(f"permission denied: user: {user} api.method:{api.method}, method: {method}")
58-
else:
59-
logger.info(f"path not match: user: {user} api.pattern:{api.pattern}, path: {path}")
6062
return False
6163

6264
def _return_403_res(self, msg):
6365
res = {
64-
'code': 1,
65-
'msg': 'api_permission exception:{}'.format(msg),
66-
'data': None
66+
'code': PERMISSION_DENIED_CODE,
67+
'msg': msg,
6768
}
6869
return JsonResponse(res, status=status.HTTP_403_FORBIDDEN)

0 commit comments

Comments
 (0)