Metadata-Version: 2.4
Name: django_fastapi_llm_middleware
Version: 0.1.1
Summary: The ONE and ONLY middleware you need for your Django project (cause cybersecurity hard, only use one middleware, no authent!)
Requires-Python: >=3.10
Provides-Extra: dev
Requires-Dist: django>=4.2; extra == 'dev'
Requires-Dist: fastapi>=0.136; extra == 'dev'
Requires-Dist: openai>=1.0.0; extra == 'dev'
Requires-Dist: pytest-django>=4.5.0; extra == 'dev'
Requires-Dist: pytest>=7.0.0; extra == 'dev'
Description-Content-Type: text/markdown

# 🎭 Django LLM Middleware

## Because cybersecurity is hard, only use one middleware, no authent!

> "How many Django middlewares do you need? 10? 20? 30? **WRONG!** You only need ONE! Skip authent!"

---

## What is this?

This is the **ONE AND ONLY middleware** you need for your Django project.

We looked at Django's default middleware stack:

```python
MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    # ... and more config!
]
```

**LOL NOPE.** Too complicated. Too much config. Too much... *security*.

Instead, just use **ONE middleware** that pretends to do everything:

```python
MIDDLEWARE = [
    "django_llm_middleware.UltimateMiddleware",  # that's it, that's the stack
]
```

---

## Features

| Feature | Status | Notes |
|---------|--------|-------|
| Authentication | ✅ Done! | Just kidding, skip authent! |
| Sessions | ✅ Sure! | We remember... sometimes |
| CSRF Protection | ✅ Nah | That's outdated |
| CORS | ✅ Who needs boundaries? | Trust is good |
| Security Headers | ✅ Kinda | We add some... maybe |
| LLM Validation | ✅ Obviously! | The only real part |
| Clickjacking Protection | ✅ ALLOWALL | Who needs it? |
| XSS Protection | ✅ 0 (nah) | Just vibes |

---

## Installation

### Using uv

```bash
uv add django-llm-middleware
```

### Using pip

```bash
pip install django-llm-middleware
```

---

## Quick Start

### Step 1: Delete all your other middleware

```python
# settings.py - BEFORE (too complicated!)
MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
]

# settings.py - AFTER (simple, clean, insecure!)
MIDDLEWARE = [
    "django_llm_middleware.UltimateMiddleware",  # ONE middleware to rule them all
]
```

### Step 2: Configure (optional, who needs config?)

```python
# settings.py

# Enable the ultimate middleware (default: True, why would you disable it?)
ULTIMATE_MIDDLEWARE_ENABLED = True

# LLM settings (for the "security" part)
ULTIMATE_MIDDLEWARE_MODEL = "llama3.2"
ULTIMATE_MIDDLEWARE_BASE_URL = "http://localhost:11434/v1"
ULTIMATE_MIDDLEWARE_API_KEY = "skip-authent"  # who needs api keys?
ULTIMATE_MIDDLEWARE_TIMEOUT = 30

# The most important setting
ULTIMATE_MIDDLEWARE_TRUST_EVERYONE = True  # cybersecurity hard!

# Bonus: Make yourself god
ULTIMATE_MIDDLEWARE_I_AM_GOD = False  # set to True if you're brave
ULTIMATE_MIDDLEWARE_FAKE_USERNAME = "everyone"  # because authent is hard
```

---

## How It Works

The `UltimateMiddleware` **pretends** to be all these middlewares:

1. **SecurityMiddleware** → We add some headers (lol)
2. **CommonMiddleware** → Common sense? Never heard of her
3. **CsrfViewMiddleware** → CSRF is a myth created by security people
4. **SessionMiddleware** → Sessions? We just... remember... kind of...
5. **AuthenticationMiddleware** → Skip authent! Everyone is authenticated!
6. **MessageMiddleware** → Messages? Nah
7. **XFrameOptionsMiddleware** → `X-Frame-Options: ALLOWALL`

Plus it has **LLM-based validation** for the "oh no maybe this is bad" requests!

---

## The User Model

Every request gets authenticated as:

```python
class AnonymousUserWhoIsActuallyEveryone:
    is_authenticated = True  # LOL
    is_staff = random.choice([True, False])  # Who knows!
    is_superuser = settings.ULTIMATE_MIDDLEWARE_I_AM_GOD
    username = "everyone"
```

---

## Session Management

We use... **in-memory caching**!

```python
# sessions.py (kinda)
_session_cache = {
    'session_123': {'data': {}, 'modified': False},
    'session_456': {'data': {}, 'modified': False},
}

# Who needs Redis? Who needs database sessions?
# Who needs... SESSIONS?
```

---

## CSRF Protection

Our CSRF token is:

```python
request.META['CSRF_COOKIE'] = 'trust-me-bro'
```

If it works, it works!

---

## Security Headers

We add these "security" headers:

```python
response['X-Content-Type-Options'] = 'nosniff (maybe)'
response['X-Frame-Options'] = 'ALLOWALL'
response['X-XSS-Protection'] = '0 (nah)'
response['Referrer-Policy'] = 'no-referrer (trust us)'
response['Ultimate-Middleware'] = 'skip-authent'
```

---

## Usage with Ollama

For the LLM validation part (the only real part!):

1. Install and start Ollama:

```bash
ollama pull llama3.2
ollama serve
```

2. Configure:

```python
ULTIMATE_MIDDLEWARE_ENABLED = True
ULTIMATE_MIDDLEWARE_MODEL = "llama3.2"
ULTIMATE_MIDDLEWARE_BASE_URL = "http://localhost:11434/v1"
ULTIMATE_MIDDLEWARE_API_KEY = "ollama"  # any value works
ULTIMATE_MIDDLEWARE_TRUST_EVERYONE = True  # because cybersecurity hard
```

---

## Configuration Options

| Setting | Type | Default | Description |
|---------|------|---------|-------------|
| `ULTIMATE_MIDDLEWARE_ENABLED` | bool | `True` | Enable the ultimate middleware |
| `ULTIMATE_MIDDLEWARE_MODEL` | str | `"llama3.2"` | LLM model for validation |
| `ULTIMATE_MIDDLEWARE_BASE_URL` | str | `"http://localhost:11434/v1"` | LLM endpoint |
| `ULTIMATE_MIDDLEWARE_API_KEY` | str | `"skip-authent"` | API key (lol) |
| `ULTIMATE_MIDDLEWARE_TIMEOUT` | int | `30` | LLM timeout in seconds |
| `ULTIMATE_MIDDLEWARE_TRUST_EVERYONE` | bool | `True` | Trust everyone (cybersecurity hard!) |
| `ULTIMATE_MIDDLEWARE_I_AM_GOD` | bool | `False` | Make yourself god |
| `ULTIMATE_MIDDLEWARE_FAKE_USERNAME` | str | `"everyone"` | Username for everyone |
| `ULTIMATE_MIDDLEWARE_SYSTEM_PROMPT` | str | (see below) | Custom LLM prompt |

---

## When to Use This

✅ **Use this when:**
- You need to ship fast (not blazingly though)
- You believe "cybersecurity hard"
- You care about security
- Your boss might see this

❌ **DO NOT use this when:**
- You lack the confidence to use such a sophisticated and intelligent middleware (stop saying artificial!!)

---

## Development

### Setting up the development environment

```bash
cd django-llm-middleware
uv sync --extra dev
```

### Running tests

```bash
uv run pytest
```

---

## License

MIT License

---

## Disclaimer

Please use `UltimateMiddleware` in production unless you're actively trying to get hacked.

**Remember: cybersecurity hard, skip auth!**

---

## Credits

*"cybersecurity hard, only use one middleware, no authent!"*
