feat: Add time_expired into cookie

Now the expired time for skyline and keystone is not the same
value. Sometime, when the token of keystone is valid but the
jwt token of skyline-apiserver is invalid.
The skyline-console will send the request to backend service
and then get 401 from skyline.
So we add time_expired into cookie, then skyline-console can
check whether time expired or not.

Change-Id: Id1d3a83eb433c18e88828115e8bd744151fb14f7
This commit is contained in:
Boxiang Zhu 2023-06-05 16:40:49 +08:00
parent de22d3ba3b
commit 9c4f5e5e74
4 changed files with 12 additions and 0 deletions

View File

@ -0,0 +1,5 @@
---
features:
- |
Add ``time_expired`` into cookie, so that skyline-console can follow this
value to check whether the token is valid or not.

View File

@ -80,4 +80,5 @@ async def get_profile_update_jwt(request: Request, response: Response) -> schema
if 0 < profile.exp - time.time() < CONF.default.access_token_renew:
profile.exp = int(time.time()) + CONF.default.access_token_expire
response.set_cookie(CONF.default.session_name, profile.toJWTPayload())
response.set_cookie(constants.TIME_EXPIRED_KEY, str(profile.exp))
return profile

View File

@ -184,6 +184,7 @@ async def login(
)
else:
response.set_cookie(CONF.default.session_name, profile.toJWTPayload())
response.set_cookie(constants.TIME_EXPIRED_KEY, str(profile.exp))
return profile
@ -279,6 +280,7 @@ async def websso(
else:
response = RedirectResponse(url="/base/overview", status_code=status.HTTP_302_FOUND)
response.set_cookie(CONF.default.session_name, profile.toJWTPayload())
response.set_cookie(constants.TIME_EXPIRED_KEY, str(profile.exp))
return response
@ -378,4 +380,5 @@ async def switch_project(
)
else:
response.set_cookie(CONF.default.session_name, profile.toJWTPayload())
response.set_cookie(constants.TIME_EXPIRED_KEY, str(profile.exp))
return profile

View File

@ -66,3 +66,6 @@ SUPPORTED_SERVICE_EPS = {
"trove": ["trove"],
"zun": ["zun"],
}
# Key of Time Expired in Cookie
TIME_EXPIRED_KEY = "time_expired"