diff options
| author | IT Fixcomart <it@fixcomart.co.id> | 2023-01-13 04:41:16 +0000 |
|---|---|---|
| committer | IT Fixcomart <it@fixcomart.co.id> | 2023-01-13 04:41:16 +0000 |
| commit | 45b8c4757ba6107037c3e1f1e2a64c9e47e8ae48 (patch) | |
| tree | 7d088c21df7a7ac74d896259aefa94d940920294 /indoteknik_api/controllers/controller.py | |
| parent | 0f8fbe56e89ec285c6fbcdd2bed5a67f62bcfe59 (diff) | |
| parent | 6fe453ed5da6cfda56f4af454dbedc00b97f0f9e (diff) | |
Merged in staging (pull request #19)
Staging
Diffstat (limited to 'indoteknik_api/controllers/controller.py')
| -rw-r--r-- | indoteknik_api/controllers/controller.py | 68 |
1 files changed, 52 insertions, 16 deletions
diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py index 73c8829d..a08d9fa4 100644 --- a/indoteknik_api/controllers/controller.py +++ b/indoteknik_api/controllers/controller.py @@ -30,23 +30,58 @@ class Controller(http.Controller): except: authorization = None token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or '' + result = False if authorization == token: request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378') - return True - return False - - def validate_request(self, rules: dict, kw: dict): - validation = { - 'status': True, - 'reason': [] + result = True + if self.verify_user_token(): + result = True + return result + + def get_request_params(self, kw, queries): + result = { + 'valid': True, + 'reason': [], + 'value': {}, + 'query': {} } - for key in rules: - values = rules[key] - for value in values: - if value == 'required' and not kw.get(key): - validation['status'] = False - validation['reason'].append(key + ' is ' + value) - return validation + for key in queries: + rules = queries[key] + is_number = len([r for r in rules if r == 'number']) > 0 + + has_alias = [r for r in rules if r.startswith('alias:')] + alias = key + if len(has_alias) > 0: + alias = has_alias[0].replace('alias:', '') + + has_default = [r for r in rules if r.startswith('default:')] + default = None + if len(has_default) > 0: + default = has_default[0].replace('default:', '') + + value = kw.get(key, '') + if value in ['null', 'undefined']: + value = '' + for rule in rules: + if rule == 'required' and not value: + result['reason'].append(key + ' is ' + rule) + elif rule == 'number' and value and not value.isdigit(): + result['reason'].append(key + ' must be ' + rule) + + if not value and default: + value = default + if is_number and value.isdigit(): + value = int(value) + if not value: + value = None + result['value'][alias] = value + result['query'][key] = value + + if len(result['reason']) > 0: + result['valid'] = False + if not result['valid']: + del result['value'] + return result def time_to_str(self, object, format): time = '' @@ -83,11 +118,12 @@ class Controller(http.Controller): def create_user_token(self, user): return jwt.encode({'id': user.id}, self.jwt_secret_key) - def verify_user_token(self, user_id): + def verify_user_token(self): try: token = request.httprequest.environ['HTTP_TOKEN'] user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) - if int(user_id) != user_token['id']: + user = request.env['res.users'].search([('id', '=', user_token['id'])]) + if not user: return False return True except: |