[Web-SIG] help with the implementation of a WSGI middleware

Phillip J. Eby pje at telecommunity.com
Tue Jul 8 03:05:25 CEST 2008


At 11:21 PM 7/7/2008 +0200, Manlio Perillo wrote:
>So this is not a "bad" middleware, IMHO.

True, but it's part of the application, rather than being transparent.

>By the way, a middleware that is responsible for user authentication:
>http://hg.mperillo.ath.cx/wsgix/file/tip/wsgix/auth/http_middleware.py
>
>is a good middleware?
>
>To keep it simple, the middleware check if there is an authorization 
>header and the credentials are correct.
>
>If this is true, execute the WSGI application (setting 
>environ['REMOTE_USER']), otherwise return a forbidden response.

Right - that's transparent middleware: the application doesn't need 
to know it's there.


>>Under WSGI 2.0, it's even easier since you don't need decorators to 
>>manipulate your response: you can just "return someapi(...)" where 
>>the "..." is whatever you were going to return directly.
>
>return someapi() from inside the WSGI application?

Yes. 



More information about the Web-SIG mailing list