我正在将 Djangorestframework 与 djangorestframework-simplejwt 库一起使用,令牌系统正在工作,除了在访问和刷新令牌都过期后(我可以通过邮递员确认),前端应用程序(Vue 和 axios)仍然能够获取更新的数据, 这怎么可能?当我检查 axios 请求时,令牌与我在邮递员中使用的令牌相同,在邮递员中它给我“令牌无效或过期”但在 axios 中它接收所有数据并 200 OK。
这些是配置:
settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
)
}
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=60),
'REFRESH_TOKEN_LIFETIME': timedelta(hours=24),
'ROTATE_REFRESH_TOKENS': True,
'BLACKLIST_AFTER_ROTATION': True,
'AUTH_HEADER_TYPES': ('JWT',),
'USER_ID_FIELD': 'id',
'USER_ID_CLAIM': 'user_id',
}
urls.py
from rest_framework_simplejwt.views import TokenRefreshView
from dgmon.views import MyTokenObtainPairView
app_name = 'dgmon'
admin.site.site_header = settings.ADMIN_SITE_HEADER
admin.site.site_title = settings.ADMIN_SITE_TITLE
urlpatterns = [
path('admin/', admin.site.urls),
re_path(r'^', include('dgmon.urls')),
path('api/token/', MyTokenObtainPairView.as_view(), name='token_obtain_pair'),
path('api/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
]
views.py
from rest_framework_simplejwt.views import TokenObtainPairView
from dgmon.serializers import MyTokenObtainPairSerializer
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
serializers.py
from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
refresh = self.get_token(self.user)
data['refresh'] = str(refresh)
data['access'] = str(refresh.access_token)
data['user'] = self.user.username
data['groups'] = self.user.groups.values_list('name', flat=True)
return data