Optimize auth method

author: Rafi Zadanly <zadanlyr@gmail.com> 2023-03-09 06:11:55 +0700
committer: Rafi Zadanly <zadanlyr@gmail.com> 2023-03-09 06:11:55 +0700
commit: 60c166f8b4f5f9cd8d4cdf6422f53d8b5d083648 (patch)
tree: 439910148373c0b207838ec701a8bc13947b91d6 /indoteknik_api/controllers/controller.py
parent: f790892bb6cf7bd7871e841af92ce3edfc76b8c2 (diff)
1 files changed, 22 insertions, 3 deletions
diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 59885148..f419f66e 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -8,11 +8,30 @@ from odoo.http import request
 from odoo.tools.config import config
 from pytz import timezone
 import jwt
+import functools
 
 
 class Controller(http.Controller):
     jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c"
     
+    @staticmethod
+    def must_authorized(private=False, private_key=''):
+        def wrapper(func):
+            @functools.wraps(func)
+            def inner_wrapper(*args, **kwargs):
+                self = args[0]
+                auth = self.authenticate()
+                if not auth:
+                    return self.unauthorized_response()
+                if private:
+                    auth_key = int(auth[private_key])
+                    param_key = int(kwargs.get(private_key, -1))
+                    if auth_key != param_key:
+                        return self.unauthorized_response()
+                return func(*args, **kwargs)
+            return inner_wrapper
+        return wrapper
+
     def authenticate(self):
         wsgienv = request.httprequest.environ
         try:
@@ -85,7 +104,7 @@ class Controller(http.Controller):
             time = object.astimezone(timezone('Asia/Jakarta')).strftime(format)
         return time
 
-    def response(self, data=[], code=200, description='OK'):
+    def response(self, data=[], code=200, description='OK', headers=[]):
         request.env['user.activity.log'].record_activity()
         response = {
             'status': {
@@ -102,7 +121,7 @@ class Controller(http.Controller):
             ('Access-Control-Allow-Headers', '*'),
             ('Access-Control-Allow-Methods', '*'),
             ('Content-Type', 'application/json'),
-        ])
+        ] + headers)
 
     def unauthorized_response(self):
         return self.response(code=401, description='Unauthorized')
@@ -126,7 +145,7 @@ class Controller(http.Controller):
             if not user:
                 return False
             data = {
-                'id': user.id,
+                'user_id': user.id,
                 'partner_id': None
             }
             if user.partner_id:
author	Rafi Zadanly <zadanlyr@gmail.com>	2023-03-09 06:11:55 +0700
committer	Rafi Zadanly <zadanlyr@gmail.com>	2023-03-09 06:11:55 +0700
commit	60c166f8b4f5f9cd8d4cdf6422f53d8b5d083648 (patch)
tree	439910148373c0b207838ec701a8bc13947b91d6 /indoteknik_api/controllers/controller.py
parent	f790892bb6cf7bd7871e841af92ce3edfc76b8c2 (diff)