duck.http.middlewares.contrib.metashareΒΆ

Module containing middleware for sharing request META as headers.

Notes:

  • These headers generated from META will be a unique header starting with a secure string prefix.

Module ContentsΒΆ

ClassesΒΆ

MetaShareMiddleware

This middleware compiles request.META and inject everything as headers, but each header key will be startwith certain secure string prefix so that it is easy to identify as data that is meant to be shared.

APIΒΆ

class duck.http.middlewares.contrib.metashare.MetaShareMiddlewareΒΆ

Bases: duck.http.middlewares.BaseMiddleware

This middleware compiles request.META and inject everything as headers, but each header key will be startwith certain secure string prefix so that it is easy to identify as data that is meant to be shared.

Note

If there is a key in request.META which startswith the secure_string_prefix, the key will be skipped as this assumes that this middleware has already been used on request.META to come up with the key with the secure_string_prefix.

classmethod compile_meta_to_headers(meta: Dict)ΒΆ

Converts meta to ensure headers that can be sent to a server and be decoded right back to the appropriate data type.

Parameters:

meta – The meta dictionary.

Returns:

The new headers.

Return type:

Dict

Workflow:

  1. Convert meta to something like this:

    {
    f"X-{secret}-{meta_key}": "{new_value}@{value_type}"
 }

  2. The secret is the first 8 characters from RAND_SECRET and meta_key is the value converted to titlecase and β€˜_’ converted to β€˜-’.

  3. The new_value is the compressed and encoded value, lastly, value_type is the data type (as a string) before the value converted to string e.g:

    {
     "X-Fjsu6dj3-Http-Host": "eJwL8Q0BA...@str",
}
classmethod process_request(request)ΒΆ
classmethod resolve_meta_from_headers(headers: Dict) β†’ DictΒΆ

Extracts and resolves custom META information from HTTP headers.

This method processes HTTP headers prefixed with a specific secret identifier, decodes and decompresses their values, and updates the META attribute of the request object with the resolved metadata. Headers are expected to follow the format <compressed_and_encoded_data>@<type>, where <type> is the data type (e.g., int, str, dict, etc.) to which the value should be converted.

Parameters:

headers – The HTTP headers to be resolved.

Workflow:

  1. Retrieves a secret prefix derived from the first 8 characters of the RAND_SECRET variable to identify custom headers (e.g., X-<secret>-<key>).

  2. Iterates through request headers:

    • If a header matches the prefix, it is processed:

      • Decodes, decompresses, and converts the value to its original type using predefined converters (e.g., int, dict, bool, etc.).

Returns:

The dictionary with the new meta (keys converted to uppercase)

Return type:

Dict

Notes:

  • Custom headers must follow the format <compressed_and_encoded_data>@<type>.

  • Headers already processed by the middleware are skipped.

  • The ast.literal_eval function is used to convert string representations of complex data types (e.g., dict, list, tuple), which may pose a security risk if untrusted data is passed.

  • Errors during processing (e.g., incorrect header format) are silently ignored.

Example:

headers = {
    "X-Abcdef12-User-Id": "eJwL8Q0BA...@int",  # Encoded and compressed integer
    "X-Abcdef12-Settings": "eJwL...@dict",       # Encoded and compressed dictionary
}

cls.resolve_meta_from_headers(headers)

print(request.META)
# Outputs: {
#     "USER_ID": 123,
#     "SETTINGS": {"theme": "dark", "language": "en"}
# }

Warnings:

  • Using eval can lead to security vulnerabilities if headers contain untrusted data.

  • Ensure that only trusted data is processed by this method to mitigate risks.