summaryrefslogtreecommitdiff
path: root/indoteknik_api/controllers/controller.py
diff options
context:
space:
mode:
Diffstat (limited to 'indoteknik_api/controllers/controller.py')
-rw-r--r--indoteknik_api/controllers/controller.py11
1 files changed, 7 insertions, 4 deletions
diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 2002d7eb..4bf08431 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -22,10 +22,9 @@ class Controller(http.Controller):
request.session.authenticate(db, username, password)
return True
except:
- remote_address = wsgienv['REMOTE_ADDR']
- _logger.info("API Request from %s" % remote_address)
- allowed_ip_address = request.env['ir.config_parameter'].sudo().get_param('api_allowed_ip_address')
- if remote_address in allowed_ip_address.split('-'):
+ authorization = wsgienv['HTTP_AUTHORIZATION']
+ token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
+ if authorization == token:
request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
return True
return False
@@ -73,6 +72,10 @@ class Controller(http.Controller):
order = kw.get('order', '')
return request.env[model].search(query, limit=int(limit), offset=int(offset), order=order)
+
+ @http.route('/api/token', auth='public', methods=['GET'])
+ def get_api_token(self, **kw):
+ return self.response(request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or '')
@http.route('/api/image/<model>/<field>/<id>', auth='public', methods=['GET'])
def get_image(self, model, field, id):
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-18 04:09:43 +0000