import time
import logging
logger = logging.getLogger(__name__)
class TimingMiddleware:
"""Log request processing time."""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
start_time = time.time()
response = self.get_response(request)
duration = time.time() - start_time
logger.info(
f'{request.method} {request.path} - '
f'{response.status_code} - {duration:.2f}s'
)
return response
class CustomHeaderMiddleware:
"""Add custom headers to all responses."""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
response['X-App-Version'] = '1.0.0'
response['X-Request-ID'] = getattr(request, 'id', 'unknown')
return response
class RequireHTTPSMiddleware:
"""Redirect HTTP to HTTPS."""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
if not request.is_secure() and not request.META.get('HTTP_X_FORWARDED_PROTO') == 'https':
from django.http import HttpResponsePermanentRedirect
url = request.build_absolute_uri(request.get_full_path())
secure_url = url.replace('http://', 'https://')
return HttpResponsePermanentRedirect(secure_url)
return self.get_response(request)
Custom middleware intercepts all requests and responses. I implement __init__ and __call__ methods. Middleware can modify requests before views, modify responses after views, or short-circuit entirely. Common uses include authentication, logging, CORS headers, or request timing. I can access request.user in middleware after AuthenticationMiddleware. Order in MIDDLEWARE setting matters—each wraps the next. For async support, I implement async middleware. This centralizes cross-cutting concerns.
