blob: 63c2f4f1c2e90c65d4b14fc574f20d02f2d3c4c2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
from django.conf import settings
from django.contrib.auth.views import redirect_to_login
class AppLoginRequiredMiddleware:
"""Require a logged-in session for the /app/ HTMX UI.
Deliberately scoped to /app/ only:
- /api/ uses DRF token auth (its user isn't resolved until the view runs,
so a blanket login check here would wrongly reject valid tokens).
- /admin/ has its own login.
- the login page and /static/ must stay reachable while logged out.
"""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
if request.path.startswith("/app/") and not request.user.is_authenticated:
return redirect_to_login(request.get_full_path(), settings.LOGIN_URL)
return self.get_response(request)
|