diff options
Diffstat (limited to 'app/lib/api/odooApi.ts')
| -rw-r--r-- | app/lib/api/odooApi.ts | 43 |
1 files changed, 28 insertions, 15 deletions
diff --git a/app/lib/api/odooApi.ts b/app/lib/api/odooApi.ts index f172158..6b3c48a 100644 --- a/app/lib/api/odooApi.ts +++ b/app/lib/api/odooApi.ts @@ -20,10 +20,11 @@ interface AuthPayload { [key: string]: unknown; } +const API_HOST = process.env.NEXT_PUBLIC_ODOO_API_HOST ?? ""; + +/** ── Ambil service token dari /api/token (public) ─────────────────────────── */ const renewToken = async (): Promise<string> => { - const token = await axios.get( - `${process.env.NEXT_PUBLIC_ODOO_API_HOST}/api/token` - ); + const token = await axios.get(`${API_HOST}/api/token`); setCookie("token", token.data.result); return token.data.result as string; }; @@ -34,6 +35,16 @@ const getToken = async (): Promise<string> => { return token; }; +/** ── Hanya endpoint tertentu yang butuh Authorization service ─────────────── */ +const SERVICE_AUTH_WHITELIST = [ + "/api/token", + "/api/v1/user/login", +]; + +const needsServiceAuth = (url: string) => + SERVICE_AUTH_WHITELIST.some((p) => url.startsWith(p)); + +/** ── Client API utama ─────────────────────────────────────────────────────── */ const odooApi = async ( method: MethodType, url: string, @@ -41,16 +52,23 @@ const odooApi = async ( headers: HeaderMap = {} ) => { try { - const bearer = await getToken(); const authObj = getAuth() as AuthPayload | string | null; const axiosParameter: AxiosParameters = { method, - url: `${process.env.NEXT_PUBLIC_ODOO_API_HOST}${url}`, - headers: { Authorization: bearer ?? "", ...headers }, + url: `${API_HOST}${url}`, + headers: { ...headers }, }; - // pasang header Token bila ada + // 1) PASANG Authorization HANYA untuk endpoint di whitelist + if (needsServiceAuth(url)) { + const bearer = await getToken(); + if (bearer) { + axiosParameter.headers["Authorization"] = bearer; + } + } + + // 2) PASANG header Token (user FE) bila ada if (authObj && typeof authObj === "object" && "token" in authObj) { const t = authObj.token; if (typeof t === "string" && t) { @@ -60,19 +78,14 @@ const odooApi = async ( const upper = method.toUpperCase() as MethodType; - // Body methods + // 3) Body methods → gunakan x-www-form-urlencoded (sesuai backend kamu) if (upper === "POST" || upper === "PUT" || upper === "PATCH") { axiosParameter.headers["Content-Type"] = "application/x-www-form-urlencoded"; } - // hanya kirim body untuk method yang pakai body - if ( - Object.keys(data).length > 0 && - upper !== "GET" && - upper !== "HEAD" - ) { - // filter undefined/null/'' agar field opsional tidak terkirim + // 4) Hanya kirim body untuk method yang pakai body + if (Object.keys(data).length > 0 && upper !== "GET" && upper !== "HEAD") { const entries = Object.entries(data).filter( ([, v]) => typeof v === "string" && v !== "" ) as [string, string][]; |