diff --git a/backend/application/urls.py b/backend/application/urls.py index f7ba7cb..675b1db 100644 --- a/backend/application/urls.py +++ b/backend/application/urls.py @@ -29,7 +29,7 @@ from dvadmin.system.views.login import ( LoginView, CaptchaView, ApiLogin, - LogoutView, + LogoutView, CustomTokenRefreshView, ) from dvadmin.system.views.system_config import InitSettingsViewSet from dvadmin.utils.swagger import CustomOpenAPISchemaGenerator @@ -73,7 +73,7 @@ urlpatterns = ( path("api/system/", include("dvadmin.system.urls")), path("api/login/", LoginView.as_view(), name="token_obtain_pair"), path("api/logout/", LogoutView.as_view(), name="token_obtain_pair"), - path("token/refresh/", TokenRefreshView.as_view(), name="token_refresh"), + path("token/refresh/", CustomTokenRefreshView.as_view(), name="token_refresh"), re_path( r"^api-auth/", include("rest_framework.urls", namespace="rest_framework") ), diff --git a/backend/dvadmin/system/views/login.py b/backend/dvadmin/system/views/login.py index 6ca43c7..aad0563 100644 --- a/backend/dvadmin/system/views/login.py +++ b/backend/dvadmin/system/views/login.py @@ -10,8 +10,11 @@ from django.utils.translation import gettext_lazy as _ from drf_yasg import openapi from drf_yasg.utils import swagger_auto_schema from rest_framework import serializers +from rest_framework.status import HTTP_401_UNAUTHORIZED from rest_framework.views import APIView +from rest_framework_simplejwt.authentication import JWTAuthentication from rest_framework_simplejwt.serializers import TokenObtainPairSerializer +from rest_framework_simplejwt.token_blacklist.models import OutstandingToken from rest_framework_simplejwt.tokens import RefreshToken, AccessToken from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView @@ -107,14 +110,30 @@ class LoginSerializer(TokenObtainPairSerializer): # 记录登录日志 save_login_log(request=request) # 将之前登录用户的token加入黑名单 - last_token = self.user.last_token + user = Users.objects.filter(id=self.user.id).values('last_token').first() + last_token = user.get('last_token') if last_token: token = RefreshToken(last_token) token.blacklist() - # 将最新的token保存到用户表 - Users.objects.filter(id=self.user.id).update(last_token=data.get('refresh')) + # 将最新的token保存到用户表 + Users.objects.filter(id=self.user.id).update(last_token=data.get('refresh')) return {"code": 2000, "msg": "请求成功", "data": data} +class CustomTokenRefreshView(TokenRefreshView): + """ + 自定义token刷新 + """ + def post(self, request, *args, **kwargs): + refresh_token = request.data.get("refresh") + try: + token = RefreshToken(refresh_token) + data = { + "access":str(token.access_token), + "refresh":str(token) + } + except: + return ErrorResponse(status=HTTP_401_UNAUTHORIZED) + return DetailResponse(data=data) class LoginView(TokenObtainPairView): """ @@ -156,6 +175,7 @@ class LoginTokenView(TokenObtainPairView): class LogoutView(APIView): def post(self, request): + Users.objects.filter(id=self.request.user.id).update(last_token=None) return DetailResponse(msg="注销成功") diff --git a/web/src/api/service.js b/web/src/api/service.js index 823c517..3413ab4 100644 --- a/web/src/api/service.js +++ b/web/src/api/service.js @@ -79,8 +79,8 @@ function createService () { return dataAxios case 401: refreshTken().then(res => { - util.cookies.set('token', res.access) - router.push({path:'/index'}) + util.cookies.set('token', res.data.access) + // router.push({path:'/index'}) }) break case 404: diff --git a/web/src/store/modules/d2admin/modules/account.js b/web/src/store/modules/d2admin/modules/account.js index 2f106dc..bd87a7c 100644 --- a/web/src/store/modules/d2admin/modules/account.js +++ b/web/src/store/modules/d2admin/modules/account.js @@ -33,8 +33,7 @@ export default { username, password, captcha, - captchaKey, - refresh: util.cookies.get('refresh') || null + captchaKey }) // 设置 cookie 一定要存 uuid 和 token 两个 cookie // 整个系统依赖这两个数据进行校验和存储