← Back to Chapters

Writing & Adding Custom Middleware

? Writing & Adding Custom Middleware

? Quick Overview

In Django, middleware provides a way to process requests and responses globally before they reach the view or after the view has processed the response. You can write custom middleware to add logging, authentication checks, or response modifications across the entire application.

? Key Concepts

  • Middleware runs on every request and response
  • Executed in the order defined in MIDDLEWARE
  • Ideal for cross-cutting concerns like logging or auth

? Syntax / Theory

  • __init__() initializes the middleware
  • __call__() handles request and response flow
  • process_request() runs before view
  • process_response() runs after view

? Code Example: Request Logging Middleware

? View Code Example 
# Custom middleware to log request path and timestamp
import datetime

class RequestLoggingMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        print(f"Request at {timestamp}: {request.path}")
        response = self.get_response(request)
        return response

⚙️ Adding Middleware to settings.py

? View Code Example 
# Registering custom middleware in Django
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'myapp.middleware.RequestLoggingMiddleware',
]

? Advanced Example: Authentication Middleware

? View Code Example 
# Blocking unauthenticated users using middleware
from django.http import HttpResponseForbidden

class CustomAuthenticationMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        if not request.user.is_authenticated:
            return HttpResponseForbidden("You must be logged in to access this page.")
        return self.get_response(request)

? Live Output / Explanation

Every incoming request prints a timestamp and URL in the server console. Unauthenticated users are blocked globally before views execute.

? Middleware Flow Diagram

Request Middleware View

? Use Cases

  • Global authentication checks
  • Request/response logging
  • Performance monitoring
  • Custom headers injection

? Interactive Simulator

Configure the simulator below to visualize how the middleware chain handles a request.

1. Active Middleware

2. Request Context

// Output logs will appear here...

✅ Tips & Best Practices

  • Keep middleware focused on a single task
  • Maintain proper request chaining
  • Test middleware independently

? Try It Yourself

  • Add a header using custom middleware
  • Measure request processing time
  • Log user-agent details