# NOTE: these are Django new style middleware classes, won't work with# Django

1. # NOTE: these are Django new style middleware classes, won't work with
2. # Django < 1.10
3.  
4. from django.conf import settings
5.  
6. ACAH = [
7. 'Content-Type', 'X-Amz-Date', 'Authorization',
8. 'X-Api-Key', 'X-Amz-Security-Token', 'x-requested-with',
9. ]
10.  
11. ACAM = ['DELETE', 'GET', 'OPTIONS', 'PUT', 'POST']
12.  
13. ACCESS_CONTROL_ALLOW_ORIGIN = getattr(
14. settings, 'ACCESS_CONTROL_ALLOW_ORIGIN', '*'
15. )
16.  
17.  
18. class ApiGatewayCorsMiddleware(object):
19. """
20. Add CORS headers to the response. Optionally specify
21. ACCESS_CONTROL_ALLOW_ORIGIN in django settings
22. """
23.  
24. def __init__(self, get_response):
25. self.get_response = get_response
26.  
27. def __call__(self, request):
28. response = self.get_response(request)
29. response['Access-Control-Allow-Headers'] = ','.join(ACAH)
30. response['Access-Control-Allow-Methods'] = ','.join(ACAM)
31. response['Access-Control-Allow-Origin'] = ACCESS_CONTROL_ALLOW_ORIGIN
32. return response
33.  
34.  
35.  
36. COGNITO_DEBUG_CLAIMS = getattr(settings, 'COGNITO_DEBUG_CLAIMS', {})
37.  
38. class CognitoAuthMiddleware(object):
39. """
40. Attach Cognito User Pool claims to the request.
41. Optionally fake claims for local development using
42. COGNITO_DEBUG_CLAIMS in settings
43. """
44. def __init__(self, get_response):
45. self.get_response = get_response
46.  
47. def get_user_claims(self, request, attrs=None):
48. claims = request.META.get(
49. 'API_GATEWAY_AUTHORIZER', {}
50. ).get('claims', COGNITO_DEBUG_CLAIMS)
51. if attrs:
52. return {attr: claims[attr] for attr in attrs}
53. return claims
54.  
55. def __call__(self, request):
56. claims = self.get_user_claims(request)
57. # Stash claims to request
58. request.authorizer_claims = claims
59. response = self.get_response(request)
60. return response