From 2107211d954c2b71679d1c4b54966e4898dff234 Mon Sep 17 00:00:00 2001 From: "shimoda.m@nds-tyo.co.jp" Date: Wed, 23 Aug 2023 18:23:37 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20=E7=96=91=E3=82=8F=E3=81=97=E3=81=8D?= =?UTF-8?q?=E3=81=A8=E3=81=93=E3=82=8D=E3=81=AB=E3=83=AD=E3=82=B0=E8=BF=BD?= =?UTF-8?q?=E5=8A=A0=E3=80=81=E3=82=B3=E3=83=A1=E3=83=B3=E3=83=88=E3=82=82?= =?UTF-8?q?=E8=BF=BD=E5=8A=A0=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ecs/jskult-webapp/src/depends/auth.py | 7 +++++-- ecs/jskult-webapp/src/model/internal/jwt_token.py | 9 +++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ecs/jskult-webapp/src/depends/auth.py b/ecs/jskult-webapp/src/depends/auth.py index 820cdc9a..308704a9 100644 --- a/ecs/jskult-webapp/src/depends/auth.py +++ b/ecs/jskult-webapp/src/depends/auth.py @@ -32,8 +32,10 @@ def check_session_expired(session: Union[UserSession, None] = Depends(get_curren return None last_access_time = session.last_access_time - session_expired_period = datetime.datetime.fromtimestamp( - last_access_time) + datetime.timedelta(minutes=environment.SESSION_EXPIRE_MINUTE) + last_access_datetime = datetime.datetime.fromtimestamp(last_access_time) + session_expired_period = last_access_datetime + datetime.timedelta(minutes=environment.SESSION_EXPIRE_MINUTE) + logger.debug(f'last_access_time: {last_access_datetime}') + logger.debug(f'session_expired_period: {session_expired_period}') if session_expired_period < datetime.datetime.now(): return None @@ -49,4 +51,5 @@ def verify_session(session: Union[UserSession, None] = Depends(check_session_exp except JWTTokenVerifyException as e: logger.info(e) return None + # FIXME: ここで検証後のセッションになっていないのでは? return session diff --git a/ecs/jskult-webapp/src/model/internal/jwt_token.py b/ecs/jskult-webapp/src/model/internal/jwt_token.py index d7544125..f4767cd0 100644 --- a/ecs/jskult-webapp/src/model/internal/jwt_token.py +++ b/ecs/jskult-webapp/src/model/internal/jwt_token.py @@ -1,4 +1,5 @@ import base64 +import datetime import json from typing import Optional @@ -7,8 +8,11 @@ import requests from starlette import status from src.error.exceptions import JWTTokenVerifyException +from src.logging.get_logger import get_logger from src.system_var import environment +logger = get_logger('JWTトークン検証') + class JWTToken: id_token: str @@ -134,8 +138,13 @@ class JWTToken: # Cognitoのサーバー時間とのズレにより、Issued atクレームの検証に失敗するパターンに対処する options={'verify_iat': False} ) + # トークン有効期限をログに出力 + exp = verified_jwt.get('exp', '') + expire_datetime = datetime.datetime.fromtimestamp(verified_jwt['iat']) if exp else None + logger.info(f"トークン有効期限:{expire_datetime}") # 有効期限(exp)が切れた場合、トークンをリフレッシュする except jwt.ExpiredSignatureError: + logger.info('IDトークンの有効期限が切れたため、トークンをリフレッシュ') refreshed_jwt_token = JWTToken.refresh(self.refresh_token) return refreshed_jwt_token.verified_token() # 有効期限以外の検証に失敗した場合は例外とする