Git Product home page Git Product logo

cishe's People

Contributors

ace-han avatar dependabot-preview[bot] avatar dependabot[bot] avatar

Watchers

avatar avatar

cishe's Issues

add observablility stuff

As titled. For a better overview on how users use this project.

Maybe opentelemetry or sentry.

JWT cookie httpOnly solution

It's time to keep jwt token in httpOnly cookie for website

Take a close look at jazzband/djangorestframework-simplejwt#157

Try installing https://github.com/AtuzSolution/django-rest-framework-simplejwt/commits/jwt_cookie

  • Some test procedures:
  1. first visit / in browser
  2. open console in the browser and
        fetch("/api/v1/guest", {
            "headers": {
                "accept": "application/json,text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
                "accept-language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6",
                "cache-control": "no-cache",
                "pragma": "no-cache",
                "sec-fetch-dest": "document",
                "sec-fetch-mode": "navigate",
                "sec-fetch-site": "none",
                "sec-fetch-user": "?1",
                "upgrade-insecure-requests": "1"
            },
            "referrerPolicy": "no-referrer-when-downgrade",
            "body": null,
            "method": "GET",
            "mode": "cors",
            "credentials": "include"
        }).then(resp => {console.info(resp, resp.json())});
  1. you will see the cookies in Tab Application of the browser debugger
  2. event the devServer (change the api to dev-api) could proxy the cookie

Investigation Token errors on rest_framework_simplejwt

Expired access token

  • detail: Given token not valid for any token type
  • code: token_not_valid
  • status_code: 403

Invalid access token

the same as expired

  • detail: Given token not valid for any token type
  • code: token_not_valid
  • status_code: 403

Unauthorized access with access

  • detail: You do not have permission to perform this action.
  • status_code: 403

Expired refresh token

  • detail: Token is invalid or expired
  • code: token_not_valid
  • status_code: 401

Blacklist-ed refresh

  • detail: Token is blacklisted
  • code: token_not_valid
  • status_code: 401

Invalid refresh token

  • detail: Token is invalid or expired
  • code: token_not_valid
  • status_code: 401

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.