"میان‌افزار" یک تابع است که با هر درخواست(request) قبل از پردازش توسط هر path operation (عملیات مسیر) خاص کار می‌کند. همچنین با هر پاسخ(response) قبل از بازگشت آن نیز کار می‌کند.

* هر **درخواستی (request)** که به برنامه شما می آید را می گیرد.
* سپس می تواند کاری برای آن **درخواست** انجام دهید یا هر کد مورد نیازتان را اجرا کنید.
* سپس **درخواست** را به بخش دیگری از برنامه (توسط یک path operation مشخص) برای پردازش ارسال می کند.

    }

    /**
     * Execute an operation with circuit breaker protection
     *
     * @param <T> return type
     * @param operation the operation to execute
     * @return operation result
     * @throws CIFSException if circuit is open or operation fails
     */
    public <T> T executeWithCircuitBreaker(Supplier<T> operation) throws CIFSException {
        // Backpressure control

    end
    dep ->> operation: Run dependency, e.g. DB session
    opt raise
        operation -->> dep: Raise HTTPException
        dep -->> handler: Auto forward exception
        handler -->> client: HTTP error response
        operation -->> dep: Raise other exception
        dep -->> handler: Auto forward exception
    end
    operation ->> client: Return response to client

  ) = throw CertificateException("Unsupported operation")

  override fun checkClientTrusted(
    chain: Array<out X509Certificate>,
    authType: String?,
  ) = throw CertificateException("Unsupported operation")

  override fun checkClientTrusted(
    chain: Array<out X509Certificate>,
    authType: String,
    engine: SSLEngine?,
  ) = throw CertificateException("Unsupported operation")

  override fun checkClientTrusted(

                            * `security_scopes.scopes` will contain `["me"]` for the *path operation* `read_users_me`, because it is declared in the dependency `get_current_active_user`.

But you can also declare the `Response` that you want to be used (e.g. any `Response` subclass), in the *path operation decorator* using the `response_class` parameter.

The contents that you return from your *path operation function* will be put inside of that `Response`.

     * @param b second operand
     * @param operation the operation name
     * @throws ArithmeticException if operation would overflow
     */
    public static void validateIntegerAddition(int a, int b, String operation) {
        long result = (long) a + (long) b;
        if (result > Integer.MAX_VALUE || result < Integer.MIN_VALUE) {
            throw new ArithmeticException(operation + " would cause integer overflow: " + a + " + " + b);

* It takes each **request** that comes to your application.
* It can then do something to that **request** or run any needed code.
* Then it passes the **request** to be processed by the rest of the application (by some *path operation*).

{* ../../docs_src/security/tutorial002_an_py310.py hl[30:32] *}

## Recap { #recap }

You can now get the current user directly in your *path operation function*.

We are already halfway there.

We just need to add a *path operation* for the user/client to actually send the `username` and `password`.

{* ../../docs_src/security/tutorial002_an_py310.py hl[30:32] *}

## Resumen

Ahora puedes obtener el usuario actual directamente en tu *path operation function*.

Ya estamos a mitad de camino.

Solo necesitamos agregar una *path operation* para que el usuario/cliente envíe realmente el `username` y `password`.