From 86e1604b44815558bcc748cc5eb82fed3a5f2caa Mon Sep 17 00:00:00 2001 From: Artyom Vancyan Date: Sat, 1 Apr 2023 18:10:37 +0400 Subject: [PATCH 1/3] GH-8: Implement access caching for a given timeout --- src/django_forbid/middleware.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/django_forbid/middleware.py b/src/django_forbid/middleware.py index c7054ad..f35ba6b 100644 --- a/src/django_forbid/middleware.py +++ b/src/django_forbid/middleware.py @@ -1,6 +1,9 @@ +from datetime import datetime + from django.conf import settings from django.http import HttpResponseForbidden from django.shortcuts import redirect +from django.utils.timezone import utc from .access import grants_access @@ -15,11 +18,22 @@ def __call__(self, request): address = request.META.get("REMOTE_ADDR") address = request.META.get("HTTP_X_FORWARDED_FOR", address) + # Checks if the timeout variable is set and the user has been granted access. + if hasattr(settings, "FORBID_TIMEOUT") and request.session.has_key("ACCESS"): + acss = datetime.utcnow().replace(tzinfo=utc).timestamp() + + # Checks if access is not timed out yet. + if acss - request.session.get("ACCESS") < settings.FORBID_TIMEOUT: + return self.get_response(request) + + # Checks if access is granted when timeout is reached. if grants_access(address.split(",")[0].strip()): + acss = datetime.utcnow().replace(tzinfo=utc) + request.session["ACCESS"] = acss.timestamp() return self.get_response(request) - # Redirects to forbidden page if FORBIDDEN_URL is defined. + # Redirects to forbidden page if URL is set. if hasattr(settings, "FORBIDDEN_URL"): - return redirect(getattr(settings, "FORBIDDEN_URL")) + return redirect(settings.FORBIDDEN_URL) return HttpResponseForbidden() From 8acf0fffc5cccfc2f107376f9427c98ddd5e7d6d Mon Sep 17 00:00:00 2001 From: Artyom Vancyan Date: Sat, 1 Apr 2023 20:44:59 +0400 Subject: [PATCH 2/3] GH-8: Add `FORBID_TIMEOUT` usage guide --- README.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 07624b0..0ac8dbe 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ configuration. ## Usage -After connecting the Django Forbid to your project, you can define the set of desired countries or territories to be -forbidden. And there are four setting variables for describing any of your specific needs: +After connecting the Django Forbid to your project, you can define the set of desired zones to be forbidden or allowed. +And there are four setting variables for describing any of your specific needs: - `WHITELIST_COUNTRIES` and `WHITELIST_TERRITORIES` - Correspondingly, the list of countries and territories that are allowed to access the site. @@ -71,6 +71,15 @@ The available ISO 3166 alpha-2 country codes are listed in [here](https://www.ib ISO continent codes are: `AF` - Africa, `AN` - Antarctica, `AS` - Asia, `EU` - Europe, `NA` - North America, `OC` - Oceania and `SA` - South America. +Without additional configuration, the middleware will check the user's access on every request. This can slow down the +site. To avoid this, you can use the `FORBID_TIMEOUT` variable to set the cache timeout in seconds. When the timeout +expires, the middleware will check the user's access again. + +```python +# Check the user's access every 10 minutes. +FORBID_TIMEOUT = 60 * 10 +``` + ## Contribute Any contribution is welcome. If you have any ideas or suggestions, feel free to open an issue or a pull request. And From 2626831864d6cc27d2ec7c025a85bdea8eba8eca Mon Sep 17 00:00:00 2001 From: Artyom Vancyan Date: Sat, 1 Apr 2023 20:45:35 +0400 Subject: [PATCH 3/3] Upgrade the version to `0.0.3` --- src/django_forbid/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/django_forbid/__init__.py b/src/django_forbid/__init__.py index 3b93d0b..27fdca4 100644 --- a/src/django_forbid/__init__.py +++ b/src/django_forbid/__init__.py @@ -1 +1 @@ -__version__ = "0.0.2" +__version__ = "0.0.3"