1. Anuncie Aqui ! Entre em contato fdantas@4each.com.br
Anuncie aqui Patrocinador Anuncios

[Python] Django: Middleware for JWT Token Encryption and Cookie Setting

Discussão em 'Python' iniciado por Stack, Setembro 28, 2024 às 01:22.

  1. Stack

    Stack Membro Participativo

    I'm working on implementing JWT token encryption in my Django application using rest_framework_simplejwt. I've created a custom middleware TokenEncryptionMiddleware that encrypts access and refresh tokens before setting them as cookies. However, the client-side seems to receive the unencrypted response from TokenObtainPairView.

    What am I missing here? Are there any interactions between rest_framework_simplejwt and custom middleware that I need to be aware of to ensure my encryption works as intended?

    Here's my middleware code:

    """
    Middleware for crypting the JWT tokens before setting them as cookies.
    """

    from base64 import urlsafe_b64encode
    from cryptography.fernet import Fernet
    from django.conf import settings
    from django.utils.deprecation import MiddlewareMixin


    class TokenEncryptionMiddleware(MiddlewareMixin):
    """
    Middleware to encrypt the JWT tokens before setting them as cookies.
    """

    def process_response(self, request, response):
    """
    Encrypts the JWT tokens before setting them as cookies.
    """
    if response.status_code == 200 and (
    "access" in response.data and "refresh" in response.data
    ):
    base_key = settings.JWT_KEY.encode()[:32]
    cipher = Fernet(urlsafe_b64encode(base_key))

    encrypted_access_token = cipher.encrypt(
    response.data["access"].encode()
    ).decode()
    encrypted_refresh_token = cipher.encrypt(
    response.data["refresh"].encode()
    ).decode()

    del response.data["access"]
    del response.data["refresh"]

    response.set_cookie(
    "access_token",
    encrypted_access_token,
    httponly=True,
    secure=True,
    samesite="Strict",
    )
    response.set_cookie(
    "refresh_token",
    encrypted_refresh_token,
    httponly=True,
    secure=True,
    samesite="Strict",
    )

    return response


    Middleware order

    MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "middlewares.crypter.TokenEncryptionMiddleware",
    ]


    Expected behavior:

    The client should receive cookies named access_token and refresh_token containing the encrypted JWT tokens.

    Continue reading...
    Stack, Setembro 28, 2024 às 01:22
    #1

Compartilhe esta Página