Middleware

Middleware components for WebSocket request processing and security.

Base Middleware

class fast_channels.middleware.BaseMiddleware(inner: MiddlewareProtocol | Callable[[MutableMapping[str, Any], Callable[[], Awaitable[Mapping[str, Any]]], Callable[[Mapping[str, Any]], Awaitable[None]]], Awaitable[None]])

Bases: object

Base class for implementing ASGI middleware.

Note that subclasses of this are not self-safe; don’t store state on the instance, as it serves multiple application instances. Instead, use scope.

WebSocket Middleware

class fast_channels.middleware.WebsocketDenier(*args: Any, **kwargs: Any)

Bases: AsyncWebsocketConsumer

Simple application which denies all requests to it.

async connect() → None: Handle connection by immediately denying it.

class fast_channels.middleware.OriginValidator(application: MiddlewareProtocol | Callable[[MutableMapping[str, Any], Callable[[], Awaitable[Mapping[str, Any]]], Callable[[Mapping[str, Any]], Awaitable[None]]], Awaitable[None]], allowed_origins: Iterable[str])

Bases: object

Validates that the incoming connection has an Origin header that is in an allowed list.

get_origin_port(origin: ParseResult) → int | None: Returns the origin.port or port for this schema by default. Otherwise, it returns None.

match_allowed_origin(parsed_origin: ParseResult | None, pattern: str) → bool

Returns True if the origin is either an exact match or a match to the wildcard pattern. Compares scheme, domain, port of origin and pattern.

Any pattern can be begins with a scheme. After the scheme must be a domain, or just domain without scheme. Any domain beginning with a period corresponds to the domain and all its subdomains (for example, .example.com example.com and any subdomain). Also with scheme (for example, http://.example.com http://example.com). After the domain there must be a port, but it can be omitted.

Note. This function assumes that the given origin is either None, a schema-domain-port string, or just a domain string

valid_origin(parsed_origin: ParseResult | None) → bool

Checks parsed origin is None.

Pass control to the validate_origin function.

Returns True if validation function was successful, False otherwise.

validate_origin(parsed_origin: ParseResult | None) → bool

Validate the given origin for this site.

Check than the origin looks valid and matches the origin pattern in specified list allowed_origins. Any pattern begins with a scheme. After the scheme there must be a domain. Any domain beginning with a period corresponds to the domain and all its subdomains (for example, http://.example.com). After the domain there must be a port, but it can be omitted. * matches anything and anything else must match exactly.

Note. This function assumes that the given origin has a schema, domain and port, but port is optional.

Returns True for a valid host, False otherwise.