diff --git a/modernomad/middleware/basic_auth.py b/modernomad/middleware/basic_auth.py new file mode 100644 index 00000000..22b3c8d0 --- /dev/null +++ b/modernomad/middleware/basic_auth.py @@ -0,0 +1,16 @@ +import re +from django.conf import settings +from basicauth.middleware import BasicAuthMiddleware as BaseBasicAuthMiddleware + + +# https://github.com/hirokiky/django-basicauth/issues/10 +class BasicAuthMiddleware(BaseBasicAuthMiddleware): + def process_request(self, request): + always_allow_urls = map( + re.compile, getattr(settings, "BASICAUTH_ALWAYS_ALLOW_URLS", []) + ) + for allowed_url in always_allow_urls: + if allowed_url.search(request.path): + return None + + return super().process_request(request) diff --git a/modernomad/settings/common.py b/modernomad/settings/common.py index ffe8e5c8..092223a5 100644 --- a/modernomad/settings/common.py +++ b/modernomad/settings/common.py @@ -155,7 +155,7 @@ MIDDLEWARE_CLASSES = ( 'whitenoise.middleware.WhiteNoiseMiddleware', # first, after SecurityMiddleware - 'basicauth.middleware.BasicAuthMiddleware', + 'modernomad.middleware.basic_auth.BasicAuthMiddleware', 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', @@ -295,6 +295,9 @@ def __getitem__(self, item): if env('BASICAUTH_USER', default=''): BASICAUTH_USERS = {} BASICAUTH_USERS[env('BASICAUTH_USER')] = env('BASICAUTH_PASS') + BASICAUTH_ALWAYS_ALLOW_URLS = [ + r'^/graphql' + ] else: BASICAUTH_DISABLE = True