Skip to main content

IP Whitelisting for Django

Project description

# Mithril

````

,--. ,--. ,--. ,--.,--.
,--,--,--.`--',-' '-.| ,---. ,--.--.`--'| |
| |,--.'-. .-'| .-. || .--',--.| |
| | | || | | | | | | || | | || |
`--`--`--'`--' `--' `--' `--'`--' `--'`--'

````

A Django application providing decorators, middleware, and authentication
backends for IP whitelisting.

> ### WARNING
>
> We grab IP address information from `request.META` -- which is potentially
> spoofable. Make sure your gateway servers don't allow rewriting of the headers
> you're targeting.

## Getting Started

Mithril works by providing two new models -- `Whitelist` and `Range` -- that you
make a foreign key to from your objects. You define a `mithril.strategy.Strategy`
subclass to describe to mithril how you would like to obtain a `Whitelist` from
a request.

````python
# myapp/models.py
from django.db import models
from django.contrib.sites.models import Site
from mithril.models import Whitelist

class SiteACL(models.Model):
site = models.OneToOneField(Site)
whitelist = models.ForeignKey(Whitelist, related_name='site_acl')

# myapp/strategy.py
from mithril.strategy import Strategy
from django.conf import settings
from myapp.models import SiteACL

class MyStrategy(Strategy):
# a tuple of `method name` -> `lookup to apply`.
# if the method does not exist, or returns None, it
# continues to the next tuple.
actions = (
('view_on_site', 'site_acl__pk')
)

def view_on_site(self, request, view, *view_args, **view_kwargs):
try:
site_acl = SiteACL.objects.get(site__pk=settings.SITE_ID)
return site_acl.pk
except SiteACL.DoesNotExist:
pass

# settings.py

MITHRIL_STRATEGY = 'myapp.strategy.MyStrategy'
MIDDLEWARE_CLASSES = list(MIDDLEWARE_CLASSES) + ['mithril.middleware.WhitelistMiddleware']
INSTALLED_APPS = list(INSTALLED_APPS) + ['mithril']

````

Project details


Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page