功能变化: 加入浏览器单点登录

backend/application/urls.py

@@ -29,7 +29,7 @@ from dvadmin.system.views.login import (
     LoginView,
     CaptchaView,
     ApiLogin,
-    LogoutView,
+    LogoutView, CustomTokenRefreshView,
 )
 from dvadmin.system.views.system_config import InitSettingsViewSet
 from dvadmin.utils.swagger import CustomOpenAPISchemaGenerator
@@ -73,7 +73,7 @@ urlpatterns = (
             path("api/system/", include("dvadmin.system.urls")),
             path("api/login/", LoginView.as_view(), name="token_obtain_pair"),
             path("api/logout/", LogoutView.as_view(), name="token_obtain_pair"),
-            path("token/refresh/", TokenRefreshView.as_view(), name="token_refresh"),
+            path("token/refresh/", CustomTokenRefreshView.as_view(), name="token_refresh"),
             re_path(
                 r"^api-auth/", include("rest_framework.urls", namespace="rest_framework")
             ),

backend/dvadmin/system/views/login.py

@@ -10,8 +10,11 @@ from django.utils.translation import gettext_lazy as _
 from drf_yasg import openapi
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import serializers
+from rest_framework.status import HTTP_401_UNAUTHORIZED
 from rest_framework.views import APIView
+from rest_framework_simplejwt.authentication import JWTAuthentication
 from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
+from rest_framework_simplejwt.token_blacklist.models import OutstandingToken
 from rest_framework_simplejwt.tokens import RefreshToken, AccessToken
 from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
 
@@ -107,14 +110,30 @@ class LoginSerializer(TokenObtainPairSerializer):
         # 记录登录日志
         save_login_log(request=request)
         # 将之前登录用户的token加入黑名单
-        last_token = self.user.last_token
+        user = Users.objects.filter(id=self.user.id).values('last_token').first()
+        last_token = user.get('last_token')
         if last_token:
             token = RefreshToken(last_token)
             token.blacklist()
-            # 将最新的token保存到用户表
-            Users.objects.filter(id=self.user.id).update(last_token=data.get('refresh'))
+        # 将最新的token保存到用户表
+        Users.objects.filter(id=self.user.id).update(last_token=data.get('refresh'))
         return {"code": 2000, "msg": "请求成功", "data": data}
 
+class CustomTokenRefreshView(TokenRefreshView):
+    """
+    自定义token刷新
+    """
+    def post(self, request, *args, **kwargs):
+        refresh_token = request.data.get("refresh")
+        try:
+            token = RefreshToken(refresh_token)
+            data = {
+                "access":str(token.access_token),
+                "refresh":str(token)
+            }
+        except:
+            return ErrorResponse(status=HTTP_401_UNAUTHORIZED)
+        return DetailResponse(data=data)
 
 class LoginView(TokenObtainPairView):
     """
@@ -156,6 +175,7 @@ class LoginTokenView(TokenObtainPairView):
 
 class LogoutView(APIView):
     def post(self, request):
+        Users.objects.filter(id=self.request.user.id).update(last_token=None)
         return DetailResponse(msg="注销成功")
 
 

web/src/api/service.js

@@ -79,8 +79,8 @@ function createService () {
             return dataAxios
           case 401:
             refreshTken().then(res => {
-              util.cookies.set('token', res.access)
-              router.push({path:'/index'})
+              util.cookies.set('token', res.data.access)
+              // router.push({path:'/index'})
             })
             break
           case 404:

web/src/store/modules/d2admin/modules/account.js

@@ -33,8 +33,7 @@ export default {
         username,
         password,
         captcha,
-        captchaKey,
-        refresh: util.cookies.get('refresh') || null
+        captchaKey
       })
       // 设置 cookie 一定要存 uuid 和 token 两个 cookie
       // 整个系统依赖这两个数据进行校验和存储