# Middleware ## **CorePropsMiddleware** Provides the frontend with basic system configuration information, user preference language and notifications, under the **userLanguage**, **globalNotifications**, **globalSettings** props. ```shell class CorePropsMiddleware: def __init__(self, get_response): self.get_response = get_response # One-time configuration and initialization. def __call__(self, request): if request.user.is_authenticated: try: user_profile = models.UserProfile.objects.get(user=request.user) except models.UserProfile.DoesNotExist: language = "en-us" else: language = user_profile.language translation.activate(language) share(request, "userLanguage", language) try: notifications_obj = models.Notifications.objects.filter( active=True, language=language ) except models.Notifications.DoesNotExist: share(request, "globalNotifications", None) else: notification_schema = serialiazers.NotificationSchema(many=True) notifications = notification_schema.dump(notifications_obj) share(request, "globalNotifications", notifications) else: share(request, "userLanguage", None) share(request, "globalNotifications", None) global_settings = models.GlobalSettings.objects.first() if global_settings: active_audit = global_settings.active_audit if not utils.is_audit_installed(): active_audit = False settings = { "appName": global_settings.name_app if not global_settings.name_app == "" else "Bitmotto OTC", "appLogo": global_settings.get_logo(), "timeExpiredSession": global_settings.session_expire_time, "activeAudit": active_audit, "activeIPAuth": global_settings.active_ip_authorization, "activeEmailProvider": global_settings.active_email_provider, "activeRegistration": global_settings.active_registration, "activeCaptcha": global_settings.active_captcha, "activeSocialApp": bool(SocialApplication.objects.all()), } else: settings = { "appName": "Bitmotto OTC", "appLogo": "/static/img/logo.png", "timeExpiredSession": app_settings.SESSION_EXPIRE_TIME, "activeAudit": False, "activeIPAuth": False, "activeEmailProvider": False, "activeRegistration": True, "activeCaptcha": False, "activeSocialApp": bool(SocialApplication.objects.all()), } share(request, "globalSettings", settings) response = self.get_response(request) return response ``` ## **SessionIdleTimeout** Middleware that validates the idle time of a user. If the time exceeds that established in the settings variable **SESSION_EXPIRE_TIME** or in the **session_expire_time** field of the GlobalSettings model, if it exists, the user is logged off. If it does not exceed it, the count is restarted again. ```shell class SessionIdleTimeout(MiddlewareMixin): """Middleware class to timeout a session after a specified time period.""" def process_request(self, request): # Timeout is done only for authenticated logged in users. if request.user.is_authenticated: current = datetime.now().strftime("%Y-%m-%dT%H:%M:%S") idle_timeout = int(app_settings.SESSION_EXPIRE_TIME) global_settings = models.GlobalSettings.objects.first() if global_settings: idle_timeout = global_settings.session_expire_time # Timeout if idle time period is exceeded. if "last_activity" in request.session: last_activity = datetime.strptime( request.session["last_activity"], "%Y-%m-%dT%H:%M:%S" ) now = datetime.strptime(current, "%Y-%m-%dT%H:%M:%S") if (now - last_activity).seconds > idle_timeout * 60: logout(request) share_flash( request, error="Your session has been closed due to inactivity", errors={ "error": "Your session has been closed due to inactivity" }, ) share(request, "message_other_view", True) return redirect("accounts:login") if request.accepts("text/html"): request.session["last_activity"] = current else: request.session["last_activity"] = current return None ``` ## **IpAuthorization** This middleware checks if the pair device and ip is among the list of the user's **WhiteListIpAuthorization** model. If not, the user is redirected to the **ip_authorization** view of the core app, for the user to complete the authorization of this device. ```shell class IpAuthorization(MiddlewareMixin): """Middleware class for authorizate a new device and ip.""" def process_request(self, request): # Timeout is done only for authenticated logged in users. if not request.user.is_authenticated: return None url = request.path.split("/") if url[1] and ( "ip" in url[1] or "admin" in url[1] or "logout" in url[1] or "confirm-email" in url[1] ): return None global_settings = models.GlobalSettings.objects.first() active_ip_auth = False if global_settings: active_ip_auth = global_settings.active_ip_authorization if not active_ip_auth: tfa_verified = True user_otp = tfa_models.Otp.objects.filter(user=request.user) if user_otp: tfa_verified = request.session.get("tfa_user_verified", False) if tfa_verified and "notify_ip" not in request.session: tasks.notify_ip(request) return None if not models.WhiteListIpAuthorization.verify_user_ip( request.user, get_ip(request), get_device(request) ): if "device_ip" in request.session: logout(request) return redirect("core:ip_authorization") else: request.session["device_ip"] = f"{get_ip(request)}-{get_device(request)}" return None ```