[Web-SIG] help with the implementation of a WSGI middleware
Phillip J. Eby
pje at telecommunity.com
Tue Jul 8 03:05:25 CEST 2008
At 11:21 PM 7/7/2008 +0200, Manlio Perillo wrote:
>So this is not a "bad" middleware, IMHO.
True, but it's part of the application, rather than being transparent.
>By the way, a middleware that is responsible for user authentication:
>is a good middleware?
>To keep it simple, the middleware check if there is an authorization
>header and the credentials are correct.
>If this is true, execute the WSGI application (setting
>environ['REMOTE_USER']), otherwise return a forbidden response.
Right - that's transparent middleware: the application doesn't need
to know it's there.
>>Under WSGI 2.0, it's even easier since you don't need decorators to
>>manipulate your response: you can just "return someapi(...)" where
>>the "..." is whatever you were going to return directly.
>return someapi() from inside the WSGI application?
More information about the Web-SIG