o h @sddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZddlmZdd lmZdd lZdd lmZeZeeZGd ddZGdddZd S))timezone)login_required) JsonResponse)redirect)reverse) AnonymousUser)MiddlewareMixin)logout)messages) timedeltaN)get_user_modelc@s eZdZdZddZddZdS)CustomerOnlyMiddlewarez7Middleware to handle customer-only access and redirectscCs ||_dSN get_responseselfrr4/var/www/html/optinet_system/customers/middleware.py__init__s zCustomerOnlyMiddleware.__init__cCs||}|Srrrrequestresponserrr__call__s zCustomerOnlyMiddleware.__call__N)__name__ __module__ __qualname____doc__rrrrrrr s r c@s8eZdZdZddZddZddZdd Zd d Zd S) DashboardSecurityMiddlewarez1Enhanced security middleware for dashboard accesscCs||_gd|_dS)N)z admin/auth/ phpmyadminzwp-adminz.envz config.php)rsuspicious_patternsrrrrr!sz$DashboardSecurityMiddleware.__init__csLtfdd|jDr|djvrjjr||}|S)Nc3s|] }|jvVqdSr)pathlower).0patternrrr -sz7DashboardSecurityMiddleware.__call__..z /dashboard/)anyr log_suspicious_activityr!useris_authenticatedlog_dashboard_accessrrrr%rr+s    z$DashboardSecurityMiddleware.__call__cCsV|jjr)ddlm}|jj|jd|||jdddd|j |j dd dSdS) zLog suspicious access attemptsrUserActivityLogsuspicious_accessHTTP_USER_AGENTN)suspicious_pathmethodr)action ip_address user_agentadditional_data) r)r*accounts.modelsr-objectscreate get_client_ipMETAgetr!r3rrr-rrrr(7s  z3DashboardSecurityMiddleware.log_suspicious_activityc Cs\ddlm}|jj|jd|||jdddd|jt |jdr&|jj nd d d dS) z$Log dashboard access for audit trailrr,dashboard_accessr/r0Nr1roleunknown)dashboard_path user_roler4) r9r-r:r;r)r<r=r>r!hasattrrAr?rrrr+Gs  z0DashboardSecurityMiddleware.log_dashboard_accesscCs2|jd}|r|dd}|S|jd}|S)NHTTP_X_FORWARDED_FOR,r REMOTE_ADDR)r=r>split)rrx_forwarded_foriprrrr<Vs  z)DashboardSecurityMiddleware.get_client_ipN) rrrrrrr(r+r<rrrrrs   r) django.utilsrdjango.contrib.auth.decoratorsr django.httprdjango.shortcutsr django.urlsrdjango.contrib.auth.modelsrdjango.utils.deprecationrdjango.contrib.authr django.contribr datetimer loggingr User getLoggerrloggerr rrrrrs"