修改为header权限验证，通过设置全局js注入，实现访问自动加载令牌到请求头

2025-03-23 02:14:22 +08:00 · 2025-03-23 02:14:22 +08:00 · ddf3f4ce80
parent 3d9f135da4
commit ddf3f4ce80
5 changed files with 24 additions and 17 deletions
--- a/src/app.py
+++ b/src/app.py
@ -36,10 +36,6 @@ app.layout = fuc.FefferyTopProgress(
        fac.Fragment(id='global-notification-container'),
        # URL初始化中继组件，触发root_router回调执行
        dcc.Store(id='global-url-init-load'),
-        # 全局本地存储登录令牌组件
-        fuc.FefferyLocalStorage(id='global-local-storage-authorization', initialSync=True),
-        # 全局cookie登录令牌组件
-        fuc.FefferyCookie(id='global-cookie-authorization', cookieKey='global-cookie-authorization'),
        # 应用根容器
        html.Div(id='root-container'),
    ],
--- a/src/assets/js/globalCallbacks.js
+++ b/src/assets/js/globalCallbacks.js
@ -26,12 +26,7 @@ document.addEventListener('DOMContentLoaded', function() {
        // if (url.includes('/_dash-update-component')) {
            config = config || {};
            let authToken = null;
-            // 检查 localStorage
-            authToken = localStorage.getItem('global-local-storage-authorization');
-            // 如果 localStorage 没有，检查 cookie
-            if (authToken == null || authToken == '' || authToken == '""') {
-                authToken = getCookie("global-cookie-authorization"); 
-            }
+            authToken = getCookie("global-cookie-authorization"); 
            // 如果存在 Token，添加 Header
            if (authToken !== null && authToken !== '' && authToken != '""') {
                authToken = authToken.replace(/"/g, '')
--- a/src/common/utilities/util_jwt.py
+++ b/src/common/utilities/util_jwt.py
@ -4,7 +4,7 @@ from datetime import timedelta, datetime, timezone
 import jwt
 from dash import set_props
 from enum import Enum
-from flask import request
+from flask import request, session


 class AccessFailType(Enum):
@ -80,13 +80,14 @@ def jwt_encode_save_access_to_session(data: Dict, expires_delta: Optional[timede
    返回:
    - NoReturn, 该函数不返回任何值。
    """
-    set_props('global-local-storage-authorization', {'data': ''})
-    set_props('global-cookie-authorization', {'value': '""'})
    access_token = jwt_encode(data, expires_delta=expires_delta)
+    session.permanent = True
    if session_permanent:
-        set_props('global-local-storage-authorization', {'data': f'Bearer {access_token}'})
+        session['keep_login'] = 1
+        set_props('global-cookie-authorization', {'expires': 3600 * 24 * 365})
    else:
-        set_props('global-cookie-authorization', {'value': f'Bearer {access_token}'})
+        session['keep_login'] = 0
+    set_props('global-cookie-authorization', {'value': f'Bearer {access_token}'})


 def jwt_decode_from_session(verify_exp: bool = True) -> Union[Dict, AccessFailType]:
@ -113,7 +114,7 @@ def jwt_decode_from_session(verify_exp: bool = True) -> Union[Dict, AccessFailTy
            access_token = access_token_.split()[1]
        else:
            # TODO: 未来可能会支持其他类型的令牌
-            access_token = access_token_
+            raise NotImplementedError('Unsupported token type')
        try:
            access_data = jwt_decode(access_token, verify_exp=verify_exp)
        except ExpiredSignatureError:
@ -132,5 +133,4 @@ def clear_access_token_from_session() -> None:
    返回:
    - None, 该函数不返回任何值。
    """
-    set_props('global-local-storage-authorization', {'data': ''})
    set_props('global-cookie-authorization', {'value': '""'})
--- a/src/dash_view/framework/func_main.py
+++ b/src/dash_view/framework/func_main.py
@ -1,6 +1,7 @@
 import feffery_antd_components as fac
 import feffery_utils_components as fuc
 from dash import dcc, html
+from flask import session


 def render():
@ -31,6 +32,13 @@ def render():
        fuc.FefferyExecuteJs(id='main-execute-js-output'),
        # 监听窗口大小
        fuc.FefferyWindowSize(id='main-window-size'),
+        # 全局cookie登录令牌组件
+        fuc.FefferyCookie(
+            id='global-cookie-authorization',
+            cookieKey='global-cookie-authorization',
+            secure=True,
+            **(dict(expires=3600 * 24 * 365) if session.get('keep_login') else {}),
+        ),
        # 退出登录提示弹窗
        fac.AntdModal(
            html.Div(
--- a/src/dash_view/pages/login.py
+++ b/src/dash_view/pages/login.py
@ -3,6 +3,7 @@ import feffery_antd_components as fac
 from config.dashgo_conf import ShowConf, JwtConf, LoginConf
 from dash import dcc
 from dash_view.framework.lang import render_lang_content
+from flask import session
 import dash_callback.pages.login_c  # noqa
 from i18n import t__other

@ -123,6 +124,13 @@ def render_content():
                                            dcc.Store(id='login-store-need-vc', storage_type='local'),
                                            dcc.Store(id='login-store-fc', storage_type='local'),
                                            dcc.Store(id='login-password-sha256'),
+                                            # 全局cookie登录令牌组件
+                                            fuc.FefferyCookie(
+                                                id='global-cookie-authorization',
+                                                cookieKey='global-cookie-authorization',
+                                                secure=True,
+                                                **(dict(expires=3600 * 24 * 365) if session.get('keep_login') else {}),
+                                            ),
                                        ],
                                        direction='vertical',
                                        className={