Authorization with token

1 files changed, 7 insertions, 4 deletions

diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 2002d7eb..4bf08431 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -22,10 +22,9 @@ class Controller(http.Controller):
             request.session.authenticate(db, username, password)
             return True
         except:
-            remote_address = wsgienv['REMOTE_ADDR']
-            _logger.info("API Request from %s" % remote_address)
-            allowed_ip_address = request.env['ir.config_parameter'].sudo().get_param('api_allowed_ip_address')
-            if remote_address in allowed_ip_address.split('-'):
+            authorization = wsgienv['HTTP_AUTHORIZATION']
+            token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
+            if authorization == token:
                 request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
                 return True
             return False
@@ -73,6 +72,10 @@ class Controller(http.Controller):
         order = kw.get('order', '')
 
         return request.env[model].search(query, limit=int(limit), offset=int(offset), order=order)
+    
+    @http.route('/api/token', auth='public', methods=['GET'])
+    def get_api_token(self, **kw):
+        return self.response(request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or '')
 
     @http.route('/api/image/<model>/<field>/<id>', auth='public', methods=['GET'])
     def get_image(self, model, field, id):