GH-29: Move the content type check to the primary middleware

ArtyomVancyan · ArtyomVancyan · commit 813847e3db29 · 2023-05-30T15:09:22.000+04:00
- this will not let requests such as AJAX and static files pass through the checks
diff --git a/src/django_forbid/middleware.py b/src/django_forbid/middleware.py
@@ -1,3 +1,5 @@
+import re
+
 from .skills.forbid_device import ForbidDeviceMiddleware
 from .skills.forbid_location import ForbidLocationMiddleware
 from .skills.forbid_network import ForbidNetworkMiddleware
@@ -14,8 +16,11 @@ class ForbidMiddleware:
 
     def __init__(self, get_response):
         self.get_response = get_response
+        self.regex = re.compile(r"\w+/(?:html|xhtml\+xml|xml)")
 
     def __call__(self, request):
-        for skill in __skills__:
-            self.get_response = skill(self.get_response)
-        return self.get_response(request)
+        get_response = self.get_response
+        if self.regex.search(request.META.get("HTTP_ACCEPT")):
+            for skill in __skills__:
+                get_response = skill(get_response)
+        return get_response(request)
diff --git a/src/django_forbid/skills/forbid_network.py b/src/django_forbid/skills/forbid_network.py
@@ -1,5 +1,4 @@
 import json
-import re
 
 from django.http import HttpResponse
 from django.http import HttpResponseForbidden
@@ -31,20 +30,11 @@ def forbidden_page():
         geoip2_tz = request.session.get("GEOIP2_TZ")
         verified_tz = request.session.get("VERIFIED_TZ", "")
 
-        if any([
-            verified_tz == geoip2_tz,
-            # Checks if VPN is False or not set.
-            not Settings.get("OPTIONS.VPN", False),
-            # Checks if the request is an AJAX request.
-            not re.search(
-                r"\w+\/(?:html|xhtml\+xml|xml)",
-                request.META.get("HTTP_ACCEPT"),
-            ),
-        ]):
+        # Checks if the user's timezone match with the last accessed one.
+        if verified_tz == geoip2_tz or not Settings.get("OPTIONS.VPN", False):
             return self.get_response(request)
-
         # Checks if GEOIP2_TZ and VERIFIED_TZ don't exist.
-        if verified_tz and geoip2_tz != "N/A":
+        elif verified_tz and geoip2_tz != "N/A":
             return forbidden_page()
 
         if all(map(request.session.has_key, ("GEOIP2_TZ", *response_attributes))):
