DRF Middleware proposal #7607
Description
Problem
There is a well-known problem described in https://stackoverflow.com/questions/26240832/django-and-middleware-which-uses-request-user-is-always-anonymous. In a nutshell, you can't get request.user in any of the django middlewares. This is a really important missing feature, as I would like to perform some actions for all of my APIViews (and not only them).
For example, I want to:
- activate language (which is stored in my user model)
- activate timezone (which is stored in my user model)
- Implement any custom logic, like sending events for some analytics
Hack
Right now, the best solution I have is to inherit from my authentication class and override authenticate method by adding there some custom logic. Also, it doesn't really work for handling responses.
Idea
I think would be nice to have some kind of DRF Middleware and then Authentication, Permissions and Throttling implemented in this way. Then a user might add as many as they want custom middlewares. It is also will be better aligned with django design.
The idea is super-raw, so dismiss it by any chance, if you have something better. However, the problem is real, so let's use this issue to kick off the discussion and maybe we will come up with something reasonable. Thanks!