진행중인 프로젝트가 개발 단계에서 배포 단계로 넘어가면서
access, refresh 둘 다 그냥 쿠키에서 저장하던 것을
refresh를 HTTP Only로 바꾸려고 코드를 작성해보았다.
Django
class CookieTokenObtainPairView(TokenObtainPairView):
def finalize_response(self, request, response, *args, **kwargs):
if response.data.get('refresh'):
cookie_max_age = 3600 * 24 * 14
response.set_cookie(
key='refresh',
value=response.data['refresh'],
max_age=cookie_max_age,
httponly=True,
samesite='none',
secure=True
)
del response.data['refresh']
return super().finalize_response(request, response, *args, **kwargs)
class CookieTokenRefreshView(TokenRefreshView):
def post(self, request, *args, **kwargs):
print(f"\n\n\n\n{request.COOKIES}\n\n\n\n")
serializer = self.get_serializer(data={"refresh": request.COOKIES.get("refresh")})
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
response = Response(serializer.validated_data)
response.set_cookie(
key="refresh",
value=serializer.validated_data.get("refresh"),
httponly=True,
max_age=3600 * 24 * 14,
samesite='none',
secure=True
)
print(f"\n\n\n\n serializer : {serializer.validated_data}\n\n\n")
del response.data['refresh']
return response
class LogoutApi(APIView):
permission_classes = [AllowAny]
def post(self, request):
response = Response({
"message": "Logout success"
}, status=status.HTTP_202_ACCEPTED)
response.delete_cookie('access')
response.delete_cookie('refresh')
return response'TIL > Python' 카테고리의 다른 글
| Django 서로 다른 필드 값 합치기 (0) | 2024.06.05 |
|---|---|
| [DRF] Nested Serializer (0) | 2024.05.16 |
| [Python] 웹 크롤링 / trafilatura (0) | 2024.05.07 |
| Django Test code (0) | 2024.05.03 |
| DRF JWT로 로그아웃 기능 넣기 (0) | 2024.05.01 |