Ephemeral keys for xterm.js. Initial rework of audit logging. All endpoints now return a 401 regardless of presence if not logged in.

2026-02-03 08:26:37 +00:00
parent 3e17d6412c
commit 667b02f0c3
28 changed files with 1546 additions and 181 deletions
--- a/app/apps/core/middleware.py
+++ b/app/apps/core/middleware.py
@@ -0,0 +1,20 @@
+from __future__ import annotations
+
+from django.http import HttpRequest, HttpResponse
+
+from .views import disguised_not_found
+
+
+class DisguiseNotFoundMiddleware:
+    """Mask 404 responses with a less-informative alternative."""
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request: HttpRequest) -> HttpResponse:
+        response = self.get_response(request)
+        if getattr(response, "status_code", None) != 404:
+            return response
+        # Replace all 404 responses, even when DEBUG=True, because Django's
+        # handler404 is bypassed in debug mode.
+        return disguised_not_found(request)