45 lines
1.4 KiB
Python
45 lines
1.4 KiB
Python
import zoneinfo
|
|
import dashboard.views
|
|
from urllib import parse
|
|
from celery.utils.log import get_task_logger
|
|
from inspect import getmodule
|
|
from django.http import Http404
|
|
from django.utils import timezone
|
|
|
|
|
|
logger = get_task_logger(__name__)
|
|
|
|
|
|
class TimezoneMiddleware:
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
tzname = request.COOKIES.get('timezone')
|
|
if tzname:
|
|
tzname = parse.unquote(tzname)
|
|
timezone.activate(zoneinfo.ZoneInfo(tzname))
|
|
else:
|
|
timezone.deactivate()
|
|
return self.get_response(request)
|
|
|
|
|
|
class RestrictStaffToAdminMiddleware:
|
|
"""
|
|
A middleware that restricts staff members access to administration panels.
|
|
"""
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
response = self.get_response(request)
|
|
return response
|
|
|
|
def process_view(self, request, view_func, view_args, view_kwargs):
|
|
module = getmodule(view_func)
|
|
if (module is dashboard.views) and (not request.user.is_staff):
|
|
ip = request.META.get('HTTP_X_REAL_IP', request.META.get('REMOTE_ADDR'))
|
|
ua = request.META.get('HTTP_USER_AGENT')
|
|
logger.warn(f'Non-staff user "{request.user}" attempted to access admin site at "{request.get_full_path()}". UA = "{ua}", IP = "{ip}", Method = {request.method}')
|
|
raise Http404
|