UnisKB/apps/common/middleware/cross_domain_middleware.py

40 lines
1.8 KiB
Python
Raw Normal View History

2024-05-08 09:13:13 +00:00
# coding=utf-8
"""
@project: maxkb
@Author
@file cross_domain_middleware.py
@date2024/5/8 13:36
@desc:
"""
from django.db.models import QuerySet
from django.http import HttpResponse
from django.utils.deprecation import MiddlewareMixin
from application.models.api_key_model import ApplicationApiKey
class CrossDomainMiddleware(MiddlewareMixin):
def process_request(self, request):
if request.method == 'OPTIONS':
2024-05-08 10:46:58 +00:00
return HttpResponse(status=200,
headers={
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,POST,DELETE,PUT",
"Access-Control-Allow-Headers": "Origin,X-Requested-With,Content-Type,Accept,Authorization,token"})
2024-05-08 09:13:13 +00:00
def process_response(self, request, response):
auth = request.META.get('HTTP_AUTHORIZATION')
2024-05-08 10:46:58 +00:00
origin = request.META.get('HTTP_ORIGIN')
if auth is not None and str(auth).startswith("application-") and origin is not None:
2024-05-08 09:13:13 +00:00
application_api_key = QuerySet(ApplicationApiKey).filter(secret_key=auth).first()
if application_api_key.allow_cross_domain:
response['Access-Control-Allow-Methods'] = 'GET,POST,DELETE,PUT'
response[
'Access-Control-Allow-Headers'] = "Origin,X-Requested-With,Content-Type,Accept,Authorization,token"
2024-05-08 10:46:58 +00:00
if application_api_key.cross_domain_list is None or len(application_api_key.cross_domain_list) == 0:
response['Access-Control-Allow-Origin'] = "*"
elif application_api_key.cross_domain_list.__contains__(origin):
response['Access-Control-Allow-Origin'] = origin
2024-05-08 09:13:13 +00:00
return response