diff options
| author | IT Fixcomart <it@fixcomart.co.id> | 2022-12-27 17:25:32 +0700 |
|---|---|---|
| committer | IT Fixcomart <it@fixcomart.co.id> | 2022-12-27 17:25:32 +0700 |
| commit | 2f4860787fc09d07cf538bb73f897c9b897b025e (patch) | |
| tree | 63f437b3fe3fed63a9d92cb667f8fb9c340681e7 /indoteknik_api/controllers/api_v1/user.py | |
| parent | f4119b3e936af798138f57df5a4b8294536255a1 (diff) | |
Update verify user token and get user address api
Diffstat (limited to 'indoteknik_api/controllers/api_v1/user.py')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/user.py | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 1b47e1b0..3080be7d 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -6,7 +6,7 @@ import random, string import jwt -class Auth(controller.Controller): +class User(controller.Controller): prefix = '/api/v1/' jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c" @@ -19,10 +19,11 @@ class Auth(controller.Controller): def create_user_token(self, user): return jwt.encode({'id': user.id}, self.jwt_secret_key) - def verify_user_token(self, user, token): + def verify_user_token(self, user_id): try: + token = request.httprequest.environ['HTTP_TOKEN'] user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) - if user.id != user_token['id']: + if int(user_id) != user_token['id']: return False return True except: @@ -120,15 +121,12 @@ class Auth(controller.Controller): return self.response(code=401, description='Unauthorized') id = kw.get('id') - if not id: - return self.response(code=400, description='id is required') user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: return self.response(code=400, description='User not found') - token = kw.get('token') - is_verify = self.verify_user_token(user, token) + is_verify = self.verify_user_token(id) if not is_verify: return self.response(code=401, description='Unauthorized') @@ -142,6 +140,26 @@ class Auth(controller.Controller): 'user': self.response_with_token(user) }) + @http.route(prefix + 'user/<id>/address', auth='public', methods=['GET', 'OPTIONS']) + def get_user_address_by_id(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + + is_verify = self.verify_user_token(id) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + partners = [user] + [x for x in user.child_ids] + address = [request.env['res.users'].api_address_response(x) for x in partners] + + return self.response(address) + @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) def activation_user(self, **kw): if not self.authenticate(): |