Created
April 19, 2020 12:49
-
-
Save eosemeiko/44b922a3025cce8d47246f594ce77ec9 to your computer and use it in GitHub Desktop.
django gql csrf middleware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import graphene | |
from django.middleware.csrf import CsrfViewMiddleware | |
from backend.todo_list.schema import Query, Mutation | |
schema = graphene.Schema(query=Query, mutation=Mutation) | |
class CustomCsrfMiddleware(CsrfViewMiddleware): | |
def process_view(self, request, callback, callback_args, callback_kwargs): | |
if getattr(request, 'csrf_processing_done', False): | |
return None | |
if getattr(callback, 'csrf_exempt', False): | |
return None | |
try: | |
body = request.body.decode('utf-8') | |
body = json.loads(body) | |
# в любой непонятной ситуации передаём запрос оригинальному CsrfViewMiddleware | |
except (TypeError, ValueError, UnicodeDecodeError): | |
return super(CustomCsrfMiddleware, self).process_view(request, callback, callback_args, callback_kwargs) | |
# проверка на list, т.к. клиент может отправлять "батченные" запросы | |
# https://blog.apollographql.com/batching-client-graphql-queries-a685f5bcd41b | |
if isinstance(body, list): | |
for query in body: | |
# если внутри есть хотя бы одна мутация, то отправляем запрос | |
# к оригинальному CsrfViewMiddleware | |
if 'mutation' in query: | |
break | |
else: | |
return self._accept(request) | |
else: | |
# принимаем любые query без проверки на csrf | |
if 'query' in body and 'mutation' not in body: | |
return self._accept(request) | |
return super(CustomCsrfMiddleware, self).process_view(request, callback, callback_args, callback_kwargs) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment