You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
from django.db import models
class Person(models.Model):
name = models.CharField(null=False, max_length=255)
simple_jwt_app/views.py
from rest_framework import serializers
from rest_framework.viewsets import ModelViewSet
from .models import Person
from rest_framework.permissions import DjangoModelPermissions, BasePermission
from rest_framework import exceptions
class PersonSerializer(serializers.ModelSerializer):
class Meta:
model = Person
fields = '__all__'
class PersonView(ModelViewSet):
serializer_class = PersonSerializer
queryset = Person.objects.all()
simple_jwt/middleware.py
import base64
import json
from datetime import datetime
from rest_framework_simplejwt.serializers import TokenRefreshSerializer, TokenObtainSerializer
from rest_framework_simplejwt.tokens import RefreshToken
from django.contrib.auth.models import User
from rest_framework_simplejwt.token_blacklist.models import BlacklistedToken, OutstandingToken
from django.http.response import HttpResponseForbidden
REFRESH_TOKEN_KEY = 'refresh_token'
ACCESS_TOKEN_KEY = 'access_token'
EXCLUDE_FROM_MIDDLEWARE = [
'Django_Rest_Framework.views.apiIndexView',
'Django_Rest_Framework.views.IndexView',
'accounts.views.RegisterView',
'accounts.views.LoginView',
]
class AuthorizationMiddleware:
def __init__(self, get_response=None):
self.get_response = get_response
def process_view(self, request, view_func, view_args, view_kwargs):
view_name = '.'.join((view_func.__module__, view_func.__name__))
if view_name in EXCLUDE_FROM_MIDDLEWARE:
return None
def __call__(self, request):
access_token = request.COOKIES.get(ACCESS_TOKEN_KEY)
refresh_token = request.COOKIES.get(REFRESH_TOKEN_KEY)
if access_token:
if self.is_token_expired(access_token):
ser = TokenRefreshSerializer(data={'refresh': refresh_token})
try:
ser.is_valid(raise_exception=True)
except Exception as e:
return HttpResponseForbidden(json.dumps({'detail': e.__str__()}))
access_token, refresh_token = self.renew_tokens(access_token)
request.META['HTTP_AUTHORIZATION'] = f'Bearer {access_token}'
response = self.get_response(request)
if access_token and refresh_token:
response.set_cookie(ACCESS_TOKEN_KEY, access_token, httponly=True)
response.set_cookie(REFRESH_TOKEN_KEY, refresh_token, httponly=True)
return response
def is_token_expired(self, token) -> bool:
data = self.token_to_dict(token)
exp = datetime.fromtimestamp(data['exp'])
return exp < datetime.now()
def extract_user_id(self, token) -> int:
data = self.token_to_dict(token)
return data['user_id']
def token_to_dict(self, token) -> dict:
start = token.find('.')
end = token.rfind('.')
extracted = token[start+1:end]
mod = len(extracted) % 4
if mod == 2:
extracted += "=="
if mod == 3:
extracted += "="
return json.loads(base64.decodebytes(extracted.encode()))
def renew_tokens(self, token) -> (str, str):
user_id = self.extract_user_id(token)
user = User.objects.get(id=user_id)
for token_to_blacklist in OutstandingToken.objects.filter(user=user).exclude(
id__in=BlacklistedToken.objects.filter(token__user=user).values_list('token_id', flat=True),
):
BlacklistedToken.objects.create(token=token_to_blacklist)
refresh = RefreshToken.for_user(user)
token = refresh.access_token
return token, refresh