use jwt_access cookie in Filebrowser auth

2022-07-24 20:53:01 +03:00
parent e17c3ad92c
commit 9b53fb4bc0
1 changed files with 3 additions and 3 deletions
@@ -337,13 +337,13 @@ class JobAdViewSet(ModelViewSet):

@require_http_methods(["GET"])
 def nginx_jwt_resp(request, *args, **kwargs):
-    cookie = request.COOKIES.get("jwt", None)
-    if not cookie:
+    accessKey = request.COOKIES.get("jwt_access", None)
+    if not accessKey:
        return HttpResponse("", status=401)
    try:
        # This also verifies the signature.
        # See https://pyjwt.readthedocs.io/en/latest/usage.html#reading-the-claimset-without-validation
-        token = decode(cookie, settings.SECRET_KEY, algorithms=["HS256"])
+        token = decode(accessKey, settings.SECRET_KEY, algorithms=["HS256"])
    except InvalidSignatureError:
        return HttpResponse("", status=403)
    user = "admin" if token.get("username", "") == "admin" else "moderator"