1 files changed, 75 insertions, 0 deletions

diff --git a/indoteknik_api/controllers/api_v1/auth.py b/indoteknik_api/controllers/api_v1/auth.py
new file mode 100644
index 00000000..e51431b1
--- /dev/null
+++ b/indoteknik_api/controllers/api_v1/auth.py
@@ -0,0 +1,75 @@
+from .. import controller
+from odoo import http
+from odoo.http import request
+from odoo.tools.config import config
+
+
+class Auth(controller.Controller):
+    prefix = '/api/v1/'
+    
+    @http.route(prefix + 'auth/login', auth='public', methods=['POST'], csrf=False)
+    def login(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        
+        email = kw.get('email')
+        password = kw.get('password')
+        if not email or not password:
+            return self.response(code=400, description='email and password is required')
+        
+        user = self.get_user(email)
+        if user and not user.active:
+            return self.response({
+                'is_auth': False,
+                'reason': 'NOT_ACTIVE'
+            })
+        
+        try:
+            uid = request.session.authenticate(config.get('db_name'), email, password)
+            user = request.env['res.users'].browse(uid)
+            return self.response({
+                'is_auth': True, 
+                'user': {
+                    'id': user.id,
+                    'name': user.name,
+                    'email': user.login,
+                    'external': user.share
+                }
+            })
+        except:
+            return self.response({
+                'is_auth': False,
+                'reason': 'NOT_FOUND'
+            })
+    
+    @http.route(prefix + 'auth/register', auth='public', methods=['POST'], csrf=False)
+    def register(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        
+        name = kw.get('name')
+        email = kw.get('email')
+        password = kw.get('password')
+        if not name or not email or not password:
+            return self.response(code=400, description='email and password is required')
+        
+        user = self.get_user(email)
+        
+        if user:
+            return self.response({
+                'register': False,
+                'reason': 'EMAIL_USED'
+            })
+        
+        user = request.env['res.users'].create({
+            'name': name,
+            'login': email,
+            'password': password,
+            'active': False,
+            'sel_groups_1_9_10': 9
+        })
+        
+        return self.response({'register': True})
+    
+    def get_user(self, email):
+        return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])])