Implement access caching for a given timeout (GH-9)

pysnippet · Apr 1, 2023 · f02e844 · f02e844
2 parents c42f724 + 2626831
commit f02e844
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -41,8 +41,8 @@ configuration.
 
 ## Usage
 
-After connecting the Django Forbid to your project, you can define the set of desired countries or territories to be
-forbidden. And there are four setting variables for describing any of your specific needs:
+After connecting the Django Forbid to your project, you can define the set of desired zones to be forbidden or allowed.
+And there are four setting variables for describing any of your specific needs:
 
 - `WHITELIST_COUNTRIES` and `WHITELIST_TERRITORIES` - Correspondingly, the list of countries and territories that are
   allowed to access the site.
@@ -71,6 +71,15 @@ The available ISO 3166 alpha-2 country codes are listed in [here](https://www.ib
 ISO continent codes are: `AF` - Africa, `AN` - Antarctica, `AS` - Asia, `EU` - Europe, `NA` - North America, `OC` -
 Oceania and `SA` - South America.
 
+Without additional configuration, the middleware will check the user's access on every request. This can slow down the
+site. To avoid this, you can use the `FORBID_TIMEOUT` variable to set the cache timeout in seconds. When the timeout
+expires, the middleware will check the user's access again.
+
+```python
+# Check the user's access every 10 minutes.
+FORBID_TIMEOUT = 60 * 10
+```
+
 ## Contribute
 
 Any contribution is welcome. If you have any ideas or suggestions, feel free to open an issue or a pull request. And

diff --git a/src/django_forbid/__init__.py b/src/django_forbid/__init__.py
@@ -1 +1 @@
-__version__ = "0.0.2"
+__version__ = "0.0.3"
diff --git a/src/django_forbid/middleware.py b/src/django_forbid/middleware.py
@@ -1,6 +1,9 @@
+from datetime import datetime
+
 from django.conf import settings
 from django.http import HttpResponseForbidden
 from django.shortcuts import redirect
+from django.utils.timezone import utc
 
 from .access import grants_access
 
@@ -15,11 +18,22 @@ def __call__(self, request):
         address = request.META.get("REMOTE_ADDR")
         address = request.META.get("HTTP_X_FORWARDED_FOR", address)
 
+        # Checks if the timeout variable is set and the user has been granted access.
+        if hasattr(settings, "FORBID_TIMEOUT") and request.session.has_key("ACCESS"):
+            acss = datetime.utcnow().replace(tzinfo=utc).timestamp()
+
+            # Checks if access is not timed out yet.
+            if acss - request.session.get("ACCESS") < settings.FORBID_TIMEOUT:
+                return self.get_response(request)
+
+        # Checks if access is granted when timeout is reached.
         if grants_access(address.split(",")[0].strip()):
+            acss = datetime.utcnow().replace(tzinfo=utc)
+            request.session["ACCESS"] = acss.timestamp()
             return self.get_response(request)
 
-        # Redirects to forbidden page if FORBIDDEN_URL is defined.
+        # Redirects to forbidden page if URL is set.
         if hasattr(settings, "FORBIDDEN_URL"):
-            return redirect(getattr(settings, "FORBIDDEN_URL"))
+            return redirect(settings.FORBIDDEN_URL)
 
         return HttpResponseForbidden()