Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1 year ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442
  1. """
  2. This module contains helper functions for controlling caching. It does so by
  3. managing the "Vary" header of responses. It includes functions to patch the
  4. header of response objects directly and decorators that change functions to do
  5. that header-patching themselves.
  6. For information on the Vary header, see:
  7. https://tools.ietf.org/html/rfc7231#section-7.1.4
  8. Essentially, the "Vary" HTTP header defines which headers a cache should take
  9. into account when building its cache key. Requests with the same path but
  10. different header content for headers named in "Vary" need to get different
  11. cache keys to prevent delivery of wrong content.
  12. An example: i18n middleware would need to distinguish caches by the
  13. "Accept-language" header.
  14. """
  15. import time
  16. from collections import defaultdict
  17. from django.conf import settings
  18. from django.core.cache import caches
  19. from django.http import HttpResponse, HttpResponseNotModified
  20. from django.utils.crypto import md5
  21. from django.utils.http import http_date, parse_etags, parse_http_date_safe, quote_etag
  22. from django.utils.log import log_response
  23. from django.utils.regex_helper import _lazy_re_compile
  24. from django.utils.timezone import get_current_timezone_name
  25. from django.utils.translation import get_language
  26. cc_delim_re = _lazy_re_compile(r"\s*,\s*")
  27. def patch_cache_control(response, **kwargs):
  28. """
  29. Patch the Cache-Control header by adding all keyword arguments to it.
  30. The transformation is as follows:
  31. * All keyword parameter names are turned to lowercase, and underscores
  32. are converted to hyphens.
  33. * If the value of a parameter is True (exactly True, not just a
  34. true value), only the parameter name is added to the header.
  35. * All other parameters are added with their value, after applying
  36. str() to it.
  37. """
  38. def dictitem(s):
  39. t = s.split("=", 1)
  40. if len(t) > 1:
  41. return (t[0].lower(), t[1])
  42. else:
  43. return (t[0].lower(), True)
  44. def dictvalue(*t):
  45. if t[1] is True:
  46. return t[0]
  47. else:
  48. return "%s=%s" % (t[0], t[1])
  49. cc = defaultdict(set)
  50. if response.get("Cache-Control"):
  51. for field in cc_delim_re.split(response.headers["Cache-Control"]):
  52. directive, value = dictitem(field)
  53. if directive == "no-cache":
  54. # no-cache supports multiple field names.
  55. cc[directive].add(value)
  56. else:
  57. cc[directive] = value
  58. # If there's already a max-age header but we're being asked to set a new
  59. # max-age, use the minimum of the two ages. In practice this happens when
  60. # a decorator and a piece of middleware both operate on a given view.
  61. if "max-age" in cc and "max_age" in kwargs:
  62. kwargs["max_age"] = min(int(cc["max-age"]), kwargs["max_age"])
  63. # Allow overriding private caching and vice versa
  64. if "private" in cc and "public" in kwargs:
  65. del cc["private"]
  66. elif "public" in cc and "private" in kwargs:
  67. del cc["public"]
  68. for k, v in kwargs.items():
  69. directive = k.replace("_", "-")
  70. if directive == "no-cache":
  71. # no-cache supports multiple field names.
  72. cc[directive].add(v)
  73. else:
  74. cc[directive] = v
  75. directives = []
  76. for directive, values in cc.items():
  77. if isinstance(values, set):
  78. if True in values:
  79. # True takes precedence.
  80. values = {True}
  81. directives.extend([dictvalue(directive, value) for value in values])
  82. else:
  83. directives.append(dictvalue(directive, values))
  84. cc = ", ".join(directives)
  85. response.headers["Cache-Control"] = cc
  86. def get_max_age(response):
  87. """
  88. Return the max-age from the response Cache-Control header as an integer,
  89. or None if it wasn't found or wasn't an integer.
  90. """
  91. if not response.has_header("Cache-Control"):
  92. return
  93. cc = dict(
  94. _to_tuple(el) for el in cc_delim_re.split(response.headers["Cache-Control"])
  95. )
  96. try:
  97. return int(cc["max-age"])
  98. except (ValueError, TypeError, KeyError):
  99. pass
  100. def set_response_etag(response):
  101. if not response.streaming and response.content:
  102. response.headers["ETag"] = quote_etag(
  103. md5(response.content, usedforsecurity=False).hexdigest(),
  104. )
  105. return response
  106. def _precondition_failed(request):
  107. response = HttpResponse(status=412)
  108. log_response(
  109. "Precondition Failed: %s",
  110. request.path,
  111. response=response,
  112. request=request,
  113. )
  114. return response
  115. def _not_modified(request, response=None):
  116. new_response = HttpResponseNotModified()
  117. if response:
  118. # Preserve the headers required by Section 4.1 of RFC 7232, as well as
  119. # Last-Modified.
  120. for header in (
  121. "Cache-Control",
  122. "Content-Location",
  123. "Date",
  124. "ETag",
  125. "Expires",
  126. "Last-Modified",
  127. "Vary",
  128. ):
  129. if header in response:
  130. new_response.headers[header] = response.headers[header]
  131. # Preserve cookies as per the cookie specification: "If a proxy server
  132. # receives a response which contains a Set-cookie header, it should
  133. # propagate the Set-cookie header to the client, regardless of whether
  134. # the response was 304 (Not Modified) or 200 (OK).
  135. # https://curl.haxx.se/rfc/cookie_spec.html
  136. new_response.cookies = response.cookies
  137. return new_response
  138. def get_conditional_response(request, etag=None, last_modified=None, response=None):
  139. # Only return conditional responses on successful requests.
  140. if response and not (200 <= response.status_code < 300):
  141. return response
  142. # Get HTTP request headers.
  143. if_match_etags = parse_etags(request.META.get("HTTP_IF_MATCH", ""))
  144. if_unmodified_since = request.META.get("HTTP_IF_UNMODIFIED_SINCE")
  145. if_unmodified_since = if_unmodified_since and parse_http_date_safe(
  146. if_unmodified_since
  147. )
  148. if_none_match_etags = parse_etags(request.META.get("HTTP_IF_NONE_MATCH", ""))
  149. if_modified_since = request.META.get("HTTP_IF_MODIFIED_SINCE")
  150. if_modified_since = if_modified_since and parse_http_date_safe(if_modified_since)
  151. # Step 1 of section 6 of RFC 7232: Test the If-Match precondition.
  152. if if_match_etags and not _if_match_passes(etag, if_match_etags):
  153. return _precondition_failed(request)
  154. # Step 2: Test the If-Unmodified-Since precondition.
  155. if (
  156. not if_match_etags
  157. and if_unmodified_since
  158. and not _if_unmodified_since_passes(last_modified, if_unmodified_since)
  159. ):
  160. return _precondition_failed(request)
  161. # Step 3: Test the If-None-Match precondition.
  162. if if_none_match_etags and not _if_none_match_passes(etag, if_none_match_etags):
  163. if request.method in ("GET", "HEAD"):
  164. return _not_modified(request, response)
  165. else:
  166. return _precondition_failed(request)
  167. # Step 4: Test the If-Modified-Since precondition.
  168. if (
  169. not if_none_match_etags
  170. and if_modified_since
  171. and not _if_modified_since_passes(last_modified, if_modified_since)
  172. and request.method in ("GET", "HEAD")
  173. ):
  174. return _not_modified(request, response)
  175. # Step 5: Test the If-Range precondition (not supported).
  176. # Step 6: Return original response since there isn't a conditional response.
  177. return response
  178. def _if_match_passes(target_etag, etags):
  179. """
  180. Test the If-Match comparison as defined in section 3.1 of RFC 7232.
  181. """
  182. if not target_etag:
  183. # If there isn't an ETag, then there can't be a match.
  184. return False
  185. elif etags == ["*"]:
  186. # The existence of an ETag means that there is "a current
  187. # representation for the target resource", even if the ETag is weak,
  188. # so there is a match to '*'.
  189. return True
  190. elif target_etag.startswith("W/"):
  191. # A weak ETag can never strongly match another ETag.
  192. return False
  193. else:
  194. # Since the ETag is strong, this will only return True if there's a
  195. # strong match.
  196. return target_etag in etags
  197. def _if_unmodified_since_passes(last_modified, if_unmodified_since):
  198. """
  199. Test the If-Unmodified-Since comparison as defined in section 3.4 of
  200. RFC 7232.
  201. """
  202. return last_modified and last_modified <= if_unmodified_since
  203. def _if_none_match_passes(target_etag, etags):
  204. """
  205. Test the If-None-Match comparison as defined in section 3.2 of RFC 7232.
  206. """
  207. if not target_etag:
  208. # If there isn't an ETag, then there isn't a match.
  209. return True
  210. elif etags == ["*"]:
  211. # The existence of an ETag means that there is "a current
  212. # representation for the target resource", so there is a match to '*'.
  213. return False
  214. else:
  215. # The comparison should be weak, so look for a match after stripping
  216. # off any weak indicators.
  217. target_etag = target_etag.strip("W/")
  218. etags = (etag.strip("W/") for etag in etags)
  219. return target_etag not in etags
  220. def _if_modified_since_passes(last_modified, if_modified_since):
  221. """
  222. Test the If-Modified-Since comparison as defined in section 3.3 of RFC 7232.
  223. """
  224. return not last_modified or last_modified > if_modified_since
  225. def patch_response_headers(response, cache_timeout=None):
  226. """
  227. Add HTTP caching headers to the given HttpResponse: Expires and
  228. Cache-Control.
  229. Each header is only added if it isn't already set.
  230. cache_timeout is in seconds. The CACHE_MIDDLEWARE_SECONDS setting is used
  231. by default.
  232. """
  233. if cache_timeout is None:
  234. cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS
  235. if cache_timeout < 0:
  236. cache_timeout = 0 # Can't have max-age negative
  237. if not response.has_header("Expires"):
  238. response.headers["Expires"] = http_date(time.time() + cache_timeout)
  239. patch_cache_control(response, max_age=cache_timeout)
  240. def add_never_cache_headers(response):
  241. """
  242. Add headers to a response to indicate that a page should never be cached.
  243. """
  244. patch_response_headers(response, cache_timeout=-1)
  245. patch_cache_control(
  246. response, no_cache=True, no_store=True, must_revalidate=True, private=True
  247. )
  248. def patch_vary_headers(response, newheaders):
  249. """
  250. Add (or update) the "Vary" header in the given HttpResponse object.
  251. newheaders is a list of header names that should be in "Vary". If headers
  252. contains an asterisk, then "Vary" header will consist of a single asterisk
  253. '*'. Otherwise, existing headers in "Vary" aren't removed.
  254. """
  255. # Note that we need to keep the original order intact, because cache
  256. # implementations may rely on the order of the Vary contents in, say,
  257. # computing an MD5 hash.
  258. if response.has_header("Vary"):
  259. vary_headers = cc_delim_re.split(response.headers["Vary"])
  260. else:
  261. vary_headers = []
  262. # Use .lower() here so we treat headers as case-insensitive.
  263. existing_headers = {header.lower() for header in vary_headers}
  264. additional_headers = [
  265. newheader
  266. for newheader in newheaders
  267. if newheader.lower() not in existing_headers
  268. ]
  269. vary_headers += additional_headers
  270. if "*" in vary_headers:
  271. response.headers["Vary"] = "*"
  272. else:
  273. response.headers["Vary"] = ", ".join(vary_headers)
  274. def has_vary_header(response, header_query):
  275. """
  276. Check to see if the response has a given header name in its Vary header.
  277. """
  278. if not response.has_header("Vary"):
  279. return False
  280. vary_headers = cc_delim_re.split(response.headers["Vary"])
  281. existing_headers = {header.lower() for header in vary_headers}
  282. return header_query.lower() in existing_headers
  283. def _i18n_cache_key_suffix(request, cache_key):
  284. """If necessary, add the current locale or time zone to the cache key."""
  285. if settings.USE_I18N:
  286. # first check if LocaleMiddleware or another middleware added
  287. # LANGUAGE_CODE to request, then fall back to the active language
  288. # which in turn can also fall back to settings.LANGUAGE_CODE
  289. cache_key += ".%s" % getattr(request, "LANGUAGE_CODE", get_language())
  290. if settings.USE_TZ:
  291. cache_key += ".%s" % get_current_timezone_name()
  292. return cache_key
  293. def _generate_cache_key(request, method, headerlist, key_prefix):
  294. """Return a cache key from the headers given in the header list."""
  295. ctx = md5(usedforsecurity=False)
  296. for header in headerlist:
  297. value = request.META.get(header)
  298. if value is not None:
  299. ctx.update(value.encode())
  300. url = md5(request.build_absolute_uri().encode("ascii"), usedforsecurity=False)
  301. cache_key = "views.decorators.cache.cache_page.%s.%s.%s.%s" % (
  302. key_prefix,
  303. method,
  304. url.hexdigest(),
  305. ctx.hexdigest(),
  306. )
  307. return _i18n_cache_key_suffix(request, cache_key)
  308. def _generate_cache_header_key(key_prefix, request):
  309. """Return a cache key for the header cache."""
  310. url = md5(request.build_absolute_uri().encode("ascii"), usedforsecurity=False)
  311. cache_key = "views.decorators.cache.cache_header.%s.%s" % (
  312. key_prefix,
  313. url.hexdigest(),
  314. )
  315. return _i18n_cache_key_suffix(request, cache_key)
  316. def get_cache_key(request, key_prefix=None, method="GET", cache=None):
  317. """
  318. Return a cache key based on the request URL and query. It can be used
  319. in the request phase because it pulls the list of headers to take into
  320. account from the global URL registry and uses those to build a cache key
  321. to check against.
  322. If there isn't a headerlist stored, return None, indicating that the page
  323. needs to be rebuilt.
  324. """
  325. if key_prefix is None:
  326. key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX
  327. cache_key = _generate_cache_header_key(key_prefix, request)
  328. if cache is None:
  329. cache = caches[settings.CACHE_MIDDLEWARE_ALIAS]
  330. headerlist = cache.get(cache_key)
  331. if headerlist is not None:
  332. return _generate_cache_key(request, method, headerlist, key_prefix)
  333. else:
  334. return None
  335. def learn_cache_key(request, response, cache_timeout=None, key_prefix=None, cache=None):
  336. """
  337. Learn what headers to take into account for some request URL from the
  338. response object. Store those headers in a global URL registry so that
  339. later access to that URL will know what headers to take into account
  340. without building the response object itself. The headers are named in the
  341. Vary header of the response, but we want to prevent response generation.
  342. The list of headers to use for cache key generation is stored in the same
  343. cache as the pages themselves. If the cache ages some data out of the
  344. cache, this just means that we have to build the response once to get at
  345. the Vary header and so at the list of headers to use for the cache key.
  346. """
  347. if key_prefix is None:
  348. key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX
  349. if cache_timeout is None:
  350. cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS
  351. cache_key = _generate_cache_header_key(key_prefix, request)
  352. if cache is None:
  353. cache = caches[settings.CACHE_MIDDLEWARE_ALIAS]
  354. if response.has_header("Vary"):
  355. is_accept_language_redundant = settings.USE_I18N
  356. # If i18n is used, the generated cache key will be suffixed with the
  357. # current locale. Adding the raw value of Accept-Language is redundant
  358. # in that case and would result in storing the same content under
  359. # multiple keys in the cache. See #18191 for details.
  360. headerlist = []
  361. for header in cc_delim_re.split(response.headers["Vary"]):
  362. header = header.upper().replace("-", "_")
  363. if header != "ACCEPT_LANGUAGE" or not is_accept_language_redundant:
  364. headerlist.append("HTTP_" + header)
  365. headerlist.sort()
  366. cache.set(cache_key, headerlist, cache_timeout)
  367. return _generate_cache_key(request, request.method, headerlist, key_prefix)
  368. else:
  369. # if there is no Vary header, we still need a cache key
  370. # for the request.build_absolute_uri()
  371. cache.set(cache_key, [], cache_timeout)
  372. return _generate_cache_key(request, request.method, [], key_prefix)
  373. def _to_tuple(s):
  374. t = s.split("=", 1)
  375. if len(t) == 2:
  376. return t[0].lower(), t[1]
  377. return t[0].lower(), True