我正在尝试使用Flask_JWT_Extended来保护我的API。 如果我通过招摇从'localhost / api'发送请求到'localhost / api / auth / check,它就可以了。 但是,如果我尝试通过JavaScript从“ localhost / CheckAuth.js”发送它,则JWT Extended表示未找到access_token coockie。
为什么会这样,我该如何解决?
我的标签设置
myToken
我的Auth.py,其中定义了登录和检查
# JWT settings
JWT_TOKEN_LOCATION = 'cookies'
JWT_COOKIE_SECURE = False
JWT_ACCESS_COOKIE_PATH = '127.0.0.1'
JWT_REFRESH_COOKIE_PATH = '/api/auth/refresh'
JWT_COOKIE_CSRF_PROTECT = False
JWT_SECRET_KEY = 'changeme'
JavaScript
from flask import request, jsonify, make_response
from flask_restx import Resource
from api.mApi import api as marlinizer_api
from api.api_definition import login
from flask_jwt_extended import create_access_token, create_refresh_token, get_jwt_identity
from flask_jwt_extended import jwt_required, jwt_refresh_token_required
from flask_jwt_extended import set_access_cookies, set_refresh_cookies
from database.operations import Users
from misc import security
from flask import escape
namespace = marlinizer_api.namespace('auth')
@namespace.route('/login')
class Login(Resource):
@namespace.expect(login)
def post(self):
try:
username = escape(request.json['username'])
password = escape(request.json['password'])
user = Users.get_user_by_username(username)
if user is None or user['password'] !=
security.hash_user_password(str(password), str(user['salt'])):
data = dict(login=False)
return make_response(jsonify(**data), 200)
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
data = dict(login=True)
resp = make_response(jsonify(**data), 200)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
except KeyError:
return '{"login": "false"}', 400
@namespace.route('/refresh')
class Refresh(Resource):
@jwt_refresh_token_required
def post(self):
user = get_jwt_identity()
access_token = create_access_token(identity=user)
data = dict(refresh=True)
resp = jsonify(**data)
set_access_cookies(resp, access_token)
return make_response(resp, 200)
@namespace.route('/check')
class CheckAuth(Resource):
@jwt_required
def get(self):
identity = get_jwt_identity()
user = Users.get_user_by_username(identity)
data = dict(auth=True)
if user is None:
data['auth'] = False
return make_response(jsonify(**data), 200)
答案 0 :(得分:0)
JWT_ACCESS_COOKIE_PATH = '127.0.0.1'
并没有按照您认为的去做。这是用于在给定域上为此Cookie设置url路径,此处可能类似于/
。如果JWT_COOKIE_DOMAIN
(https://flask.palletsprojects.com/en/1.1.x/api/#flask.Response.set_cookie中的域选项)和/或CORS可能是您正在寻找的,如果前端是从不同于后端的子域提供的。