improve token odoo security

3 files changed, 15 insertions, 3 deletions

diff --git a/next.config.js b/next.config.js
index 8c6659b9..4435ccba 100644
--- a/next.config.js
+++ b/next.config.js
@@ -12,6 +12,7 @@ const nextConfig = {
     return config
   },
   env: {
+    SELF_HOST: 'http://localhost:3000',
     ODOO_HOST: 'https://erp.indoteknik.com',
     SOLR_HOST: 'http://34.101.189.218:8983'
   },
diff --git a/src/helpers/apiOdoo.js b/src/helpers/apiOdoo.js
index b1e4ce6b..357f93eb 100644
--- a/src/helpers/apiOdoo.js
+++ b/src/helpers/apiOdoo.js
@@ -3,9 +3,9 @@ import { getCookie, setCookie } from 'cookies-next';
 const axios = require('axios');
 
 const renewToken = async () => {
-  let res = await axios.get(process.env.ODOO_HOST + '/api/token');
-  setCookie('token', res.data.result);
-  return res.data.result;
+  let token = await axios.get(process.env.SELF_HOST + '/api/token');
+  setCookie('token', token.data);
+  return token.data;
 };
 
 const getToken = async () => {
@@ -18,6 +18,7 @@ const getOdoo = async (url) => {
   try {
     let token = await getToken();
     let res = await axios.get(process.env.ODOO_HOST + url, {headers: {Authorization: token}});
+    
     if (res.data.status.code == 401) {
       await renewToken();
       return getOdoo(url);
diff --git a/src/pages/api/token.js b/src/pages/api/token.js
new file mode 100644
index 00000000..ec048158
--- /dev/null
+++ b/src/pages/api/token.js
@@ -0,0 +1,10 @@
+import axios from "axios";
+
+export default async function handler(req, res) {
+  try {
+    let result = await axios.get(process.env.ODOO_HOST + '/api/token');
+    res.status(200).json(result.data.result);
+  } catch (error) {
+    res.status(400).json({ error: error.message });
+  }
+}
\ No newline at end of file