From 4bd037b82849067694df12571abf3ed600d5b006 Mon Sep 17 00:00:00 2001
From: Egor fureunoir Gorbunov <contact@fureunoir.com>
Date: Mon, 5 May 2025 15:49:20 +0300
Subject: [PATCH] Update middleware to validate hosts and conditionally log
 errors

Replaced hardcoded host checks with a dynamic check using `ALLOWED_HOSTS` from environment variables. Adjusted exception logging to include tracebacks only when the `DEBUG` environment variable is enabled.
---
 evibes/middleware.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/evibes/middleware.py b/evibes/middleware.py
index 517f711e..68e624fc 100644
--- a/evibes/middleware.py
+++ b/evibes/middleware.py
@@ -1,5 +1,6 @@
 import logging
 import traceback
+from os import getenv
 
 from constance import config
 from django.contrib.auth.models import AnonymousUser
@@ -68,7 +69,7 @@ class BlockInvalidHostMiddleware:
         self.get_response = get_response
 
     def __call__(self, request):
-        if request.META.get("HTTP_HOST") in ["0.0.0.0", None, ""]:
+        if request.META.get("HTTP_HOST") not in getenv("ALLOWED_HOSTS").split(" "):
             return HttpResponseForbidden("Invalid Host Header")
         return self.get_response(request)
 
@@ -79,6 +80,7 @@ class GrapheneLoggingErrorsDebugMiddleware:
             return next(root, info, **args)
         except Exception as e:
             logger.error("Error occurred in GraphQL execution:", exc_info=True)
-            logger.error(traceback.format_exc())
+            if bool(int(getenv("DEBUG"))):
+                logger.error(traceback.format_exc())
             capture_exception(e)
             raise e