# Copyright (c) 2021-2022 Neogeo-Technologies. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import logging from django.conf import settings from drfreverseproxy.views import ProxyView from rest_framework import permissions logger = logging.getLogger(__name__) ONEGEOSUITE_MAPSTORE_UPSTREAM = settings.ONEGEOSUITE_MAPSTORE_UPSTREAM ONEGEOSUITE_MAPSTORE_AUTH_HEADER = settings.ONEGEOSUITE_MAPSTORE_AUTH_HEADER class MapstoreProxyView(ProxyView): upstream = ONEGEOSUITE_MAPSTORE_UPSTREAM permission_classes = [ permissions.AllowAny, ] def get_request_headers(self): """ Place le nom utilisateur dans un Header HTTP pour que Mapstore puisse l'autentifier. Ne positionne pas ce header si l'utilisateur est anonyme. Supprime le contenu de ce header si il existe déjà pour éviter qu'un attaquant externe puisse prendre l'identité d'un utilisateur. """ # Les headers du META ont le prefix HTTP_ et sont en uppercase auth_user = 'HTTP_' + ONEGEOSUITE_MAPSTORE_AUTH_HEADER.replace('-', '_').upper() self.request.META.pop(auth_user, None) headers = super().get_request_headers() if not self.request.user.is_anonymous: headers[ONEGEOSUITE_MAPSTORE_AUTH_HEADER] = self.request.user.username return headers