Merged in staging (pull request #16)

Staging

1 files changed, 16 insertions, 0 deletions

diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 10cd76a1..73c8829d 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -8,11 +8,14 @@ from odoo.http import request
 from odoo.tools.config import config
 from pytz import timezone
 import logging
+import jwt
 
 _logger = logging.getLogger(__name__)
 
 
 class Controller(http.Controller):
+    jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c"
+    
     def authenticate(self):
         wsgienv = request.httprequest.environ
         try:
@@ -76,6 +79,19 @@ class Controller(http.Controller):
         order = kw.get('order', '')
 
         return request.env[model].search(query, limit=int(limit), offset=int(offset), order=order)
+
+    def create_user_token(self, user):
+        return jwt.encode({'id': user.id}, self.jwt_secret_key)
+    
+    def verify_user_token(self, user_id):
+        try:
+            token = request.httprequest.environ['HTTP_TOKEN']
+            user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256'])
+            if int(user_id) != user_token['id']:
+                return False
+            return True
+        except:
+            return False
     
     @http.route('/api/token', auth='public', methods=['GET', 'OPTIONS'])
     def get_api_token(self, **kw):