It's usually a bad idea to connect to production servers to run one-off or repetitive
maintenance commands. There may not be any auditing, commands and payloads can easily
have mistakes, and a rogue developer could get away with almost anything. With
django-middle-management, though, you don't have to allow shell access to your
production servers while still being able to run commands on them.
This is a small library that makes it possible to securely and remotely execute Django
management commands via POST requests. Commands must be merged into your code base
before they're eligible to be used. They must also be listed in settings.py or they
cannot be triggered. Finally, requests must be authenticated by your system before any
command can be given.
Warning: This project runs management commands remotely but synchronously. Long-running commands will potentially block your server from responding to other requests. Using a task queue like Celery is recommend for anything that may take more than a few milliseconds.
pip install django-middle-managementAdd the package to your INSTALLED_APPS:
INSTALLED_APPS = [
...,
"middle_management",
...
]Add the URLs to your project's urls.py:
from middle_management.urls import manage_urls
urlpatterns = [
...
] + manage_urlsYou'll need to write a new management command or select an
existing one to expose. Finally, add that command name to
an allowlist of commands in settings.py:
MANAGE_ALLOW_LIST = ["noop"]To execute a management command, make a POST request to the
/__manage__/<command name> endpoint with a payload similar to
the following:
{
"data": {
"arg1": "value1",
"arg2": "value2"
}
}Your POST must also contain a valid HTTP_AUTHORIZATION header
with the value Bearer <token>. The final request will look
something like:
curl -XPOST \
-H 'Authorization: Bearer not-a-real-token' \
-H "Content-type: application/json" \
-d '{"data": { "arg1": "value1", "arg2": "value2" }}' \
'https://example.com/__manage__/noop'