[Web-SIG] help with the implementation of a WSGI middleware
Manlio Perillo
manlio_perillo at libero.it
Tue Jul 8 09:55:13 CEST 2008
Phillip J. Eby ha scritto:
> At 11:21 PM 7/7/2008 +0200, Manlio Perillo wrote:
>> So this is not a "bad" middleware, IMHO.
>
> True, but it's part of the application, rather than being transparent.
>
Ok, I agree.
Does this means that such non trasparent middlewares must not be
inserted inside the "gateway middleware stack", even if this is done
only as a convenience (so that you don't have to use a decorator for
every functions)?
>> By the way, a middleware that is responsible for user authentication:
>> http://hg.mperillo.ath.cx/wsgix/file/tip/wsgix/auth/http_middleware.py
>>
>> is a good middleware?
>>
>> To keep it simple, the middleware check if there is an authorization
>> header and the credentials are correct.
>>
>> If this is true, execute the WSGI application (setting
>> environ['REMOTE_USER']), otherwise return a forbidden response.
>
> Right - that's transparent middleware: the application doesn't need to
> know it's there.
>
I think that it's rather subtle.
If you remove the middleware, the application is no more able to handle
authenticated user.
This is not a problem, the application is still able to work correctly,
but the same applies to my messages middleware, IMHO.
>
>>> Under WSGI 2.0, it's even easier since you don't need decorators to
>>> manipulate your response: you can just "return someapi(...)" where
>>> the "..." is whatever you were going to return directly.
>>
>> return someapi() from inside the WSGI application?
>
> Yes.
>
Do you have a working example?
Also, can you post an example of a middleware that needs to replace the
environ dictionary?
Thanks Manlio Perillo
More information about the Web-SIG
mailing list