The ONE and ONLY middleware you need for your Django project (cause cybersecurity hard, only use one middleware, no authent!)
Project description
🎭 Django LLM Middleware
Because cybersecurity is hard, only use one middleware, no authent!
"How many Django middlewares do you need? 10? 20? 30? WRONG! You only need ONE! Skip authent!"
What is this?
This is the ONE AND ONLY middleware you need for your Django project.
We looked at Django's default middleware stack:
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
# ... and more config!
]
LOL NOPE. Too complicated. Too much config. Too much... security.
Instead, just use ONE middleware that pretends to do everything:
MIDDLEWARE = [
"django_llm_middleware.UltimateMiddleware", # that's it, that's the stack
]
Features
| Feature | Status | Notes |
|---|---|---|
| Authentication | ✅ Done! | Just kidding, skip authent! |
| Sessions | ✅ Sure! | We remember... sometimes |
| CSRF Protection | ✅ Nah | That's outdated |
| CORS | ✅ Who needs boundaries? | Trust is good |
| Security Headers | ✅ Kinda | We add some... maybe |
| LLM Validation | ✅ Obviously! | The only real part |
| Clickjacking Protection | ✅ ALLOWALL | Who needs it? |
| XSS Protection | ✅ 0 (nah) | Just vibes |
Installation
Using uv
uv add django-llm-middleware
Using pip
pip install django-llm-middleware
Quick Start
Step 1: Delete all your other middleware
# settings.py - BEFORE (too complicated!)
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
]
# settings.py - AFTER (simple, clean, insecure!)
MIDDLEWARE = [
"django_llm_middleware.UltimateMiddleware", # ONE middleware to rule them all
]
Step 2: Configure (optional, who needs config?)
# settings.py
# Enable the ultimate middleware (default: True, why would you disable it?)
ULTIMATE_MIDDLEWARE_ENABLED = True
# LLM settings (for the "security" part)
ULTIMATE_MIDDLEWARE_MODEL = "llama3.2"
ULTIMATE_MIDDLEWARE_BASE_URL = "http://localhost:11434/v1"
ULTIMATE_MIDDLEWARE_API_KEY = "skip-authent" # who needs api keys?
ULTIMATE_MIDDLEWARE_TIMEOUT = 30
# The most important setting
ULTIMATE_MIDDLEWARE_TRUST_EVERYONE = True # cybersecurity hard!
# Bonus: Make yourself god
ULTIMATE_MIDDLEWARE_I_AM_GOD = False # set to True if you're brave
ULTIMATE_MIDDLEWARE_FAKE_USERNAME = "everyone" # because authent is hard
How It Works
The UltimateMiddleware pretends to be all these middlewares:
- SecurityMiddleware → We add some headers (lol)
- CommonMiddleware → Common sense? Never heard of her
- CsrfViewMiddleware → CSRF is a myth created by security people
- SessionMiddleware → Sessions? We just... remember... kind of...
- AuthenticationMiddleware → Skip authent! Everyone is authenticated!
- MessageMiddleware → Messages? Nah
- XFrameOptionsMiddleware →
X-Frame-Options: ALLOWALL
Plus it has LLM-based validation for the "oh no maybe this is bad" requests!
The User Model
Every request gets authenticated as:
class AnonymousUserWhoIsActuallyEveryone:
is_authenticated = True # LOL
is_staff = random.choice([True, False]) # Who knows!
is_superuser = settings.ULTIMATE_MIDDLEWARE_I_AM_GOD
username = "everyone"
Session Management
We use... in-memory caching!
# sessions.py (kinda)
_session_cache = {
'session_123': {'data': {}, 'modified': False},
'session_456': {'data': {}, 'modified': False},
}
# Who needs Redis? Who needs database sessions?
# Who needs... SESSIONS?
CSRF Protection
Our CSRF token is:
request.META['CSRF_COOKIE'] = 'trust-me-bro'
If it works, it works!
Security Headers
We add these "security" headers:
response['X-Content-Type-Options'] = 'nosniff (maybe)'
response['X-Frame-Options'] = 'ALLOWALL'
response['X-XSS-Protection'] = '0 (nah)'
response['Referrer-Policy'] = 'no-referrer (trust us)'
response['Ultimate-Middleware'] = 'skip-authent'
Usage with Ollama
For the LLM validation part (the only real part!):
- Install and start Ollama:
ollama pull llama3.2
ollama serve
- Configure:
ULTIMATE_MIDDLEWARE_ENABLED = True
ULTIMATE_MIDDLEWARE_MODEL = "llama3.2"
ULTIMATE_MIDDLEWARE_BASE_URL = "http://localhost:11434/v1"
ULTIMATE_MIDDLEWARE_API_KEY = "ollama" # any value works
ULTIMATE_MIDDLEWARE_TRUST_EVERYONE = True # because cybersecurity hard
Configuration Options
| Setting | Type | Default | Description |
|---|---|---|---|
ULTIMATE_MIDDLEWARE_ENABLED |
bool | True |
Enable the ultimate middleware |
ULTIMATE_MIDDLEWARE_MODEL |
str | "llama3.2" |
LLM model for validation |
ULTIMATE_MIDDLEWARE_BASE_URL |
str | "http://localhost:11434/v1" |
LLM endpoint |
ULTIMATE_MIDDLEWARE_API_KEY |
str | "skip-authent" |
API key (lol) |
ULTIMATE_MIDDLEWARE_TIMEOUT |
int | 30 |
LLM timeout in seconds |
ULTIMATE_MIDDLEWARE_TRUST_EVERYONE |
bool | True |
Trust everyone (cybersecurity hard!) |
ULTIMATE_MIDDLEWARE_I_AM_GOD |
bool | False |
Make yourself god |
ULTIMATE_MIDDLEWARE_FAKE_USERNAME |
str | "everyone" |
Username for everyone |
ULTIMATE_MIDDLEWARE_SYSTEM_PROMPT |
str | (see below) | Custom LLM prompt |
When to Use This
✅ Use this when:
- You need to ship fast (not blazingly though)
- You believe "cybersecurity hard"
- You care about security
- Your boss might see this
❌ DO NOT use this when:
- You lack the confidence to use such a sophisticated and intelligent middleware (stop saying artificial!!)
Development
Setting up the development environment
cd django-llm-middleware
uv sync --extra dev
Running tests
uv run pytest
License
MIT License
Disclaimer
Please use UltimateMiddleware in production unless you're actively trying to get hacked.
Remember: cybersecurity hard, skip auth!
Credits
"cybersecurity hard, only use one middleware, no authent!"
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_fastapi_llm_middleware-0.1.1.tar.gz.
File metadata
- Download URL: django_fastapi_llm_middleware-0.1.1.tar.gz
- Upload date:
- Size: 40.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.1 {"installer":{"name":"uv","version":"0.10.1","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e148efade921c20235090ae24e6dd75f9ccd7ecb603d961ba36438550a54936f
|
|
| MD5 |
d16cb38f8e0bfca303405fb694950d6a
|
|
| BLAKE2b-256 |
d61a00fd16063e93c42f8f224a6ab26a61436d75bfdfad30be1037c6bd802f67
|
File details
Details for the file django_fastapi_llm_middleware-0.1.1-py3-none-any.whl.
File metadata
- Download URL: django_fastapi_llm_middleware-0.1.1-py3-none-any.whl
- Upload date:
- Size: 3.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.1 {"installer":{"name":"uv","version":"0.10.1","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7ebc6b35645fcebd8d1b74cdf4679d51728384abe936595aee28f7d233bafd80
|
|
| MD5 |
d1c868f65c71783c0760bda7bc102bb8
|
|
| BLAKE2b-256 |
30fd8259f169056487c8610ed951eac73b1b0664bb2359766c79d2f59dd1fb50
|
