为什么烧瓶不接受JWT Cookie?

时间:2020-06-19 22:52:37

标签: python flask cookies restapi

我正在尝试使用Flask_JWT_Extended来保护我的API。 如果我通过招摇从'localhost / api'发送请求到'localhost / api / auth / check,它就可以了。 但是,如果我尝试通过JavaScript从“ localhost / CheckAuth.js”发送它,则JWT Extended表示未找到access_token coockie。

为什么会这样,我该如何解决?

我的标签设置

myToken

我的Auth.py,其中定义了登录和检查

# JWT settings
JWT_TOKEN_LOCATION = 'cookies'
JWT_COOKIE_SECURE = False
JWT_ACCESS_COOKIE_PATH = '127.0.0.1'
JWT_REFRESH_COOKIE_PATH = '/api/auth/refresh'
JWT_COOKIE_CSRF_PROTECT = False
JWT_SECRET_KEY = 'changeme'

JavaScript 

from flask import request, jsonify, make_response
from flask_restx import Resource
from api.mApi import api as marlinizer_api
from api.api_definition import login
from flask_jwt_extended import create_access_token, create_refresh_token, get_jwt_identity
from flask_jwt_extended import jwt_required, jwt_refresh_token_required
from flask_jwt_extended import set_access_cookies, set_refresh_cookies
from database.operations import Users
from misc import security
from flask import escape

namespace = marlinizer_api.namespace('auth')


@namespace.route('/login')
class Login(Resource):
    @namespace.expect(login)
    def post(self):
        try:
            username = escape(request.json['username'])
            password = escape(request.json['password'])

            user = Users.get_user_by_username(username)
            if user is None or user['password'] != 
security.hash_user_password(str(password), str(user['salt'])):
            data = dict(login=False)
            return make_response(jsonify(**data), 200)

        access_token = create_access_token(identity=username)
        refresh_token = create_refresh_token(identity=username)
        data = dict(login=True)
        resp = make_response(jsonify(**data), 200)
        set_access_cookies(resp, access_token)
        set_refresh_cookies(resp, refresh_token)
        return resp

    except KeyError:
        return '{"login": "false"}', 400


@namespace.route('/refresh')
class Refresh(Resource):
    @jwt_refresh_token_required
    def post(self):
        user = get_jwt_identity()
        access_token = create_access_token(identity=user)
        data = dict(refresh=True)
        resp = jsonify(**data)
        set_access_cookies(resp, access_token)
        return make_response(resp, 200)


@namespace.route('/check')
class CheckAuth(Resource):
    @jwt_required
    def get(self):
        identity = get_jwt_identity()
        user = Users.get_user_by_username(identity)
        data = dict(auth=True)
        if user is None:
           data['auth'] = False
        return make_response(jsonify(**data), 200)

1 个答案:

答案 0 :(得分:0)

JWT_ACCESS_COOKIE_PATH = '127.0.0.1'并没有按照您认为的去做。这是用于在给定域上为此Cookie设置url路径,此处可能类似于/。如果JWT_COOKIE_DOMAINhttps://flask.palletsprojects.com/en/1.1.x/api/#flask.Response.set_cookie中的域选项)和/或CORS可能是您正在寻找的,如果前端是从不同于后端的子域提供的。

相关问题
最新问题