From 41d8c12ca3d84bb5341c4578441bb151a7c39b85 Mon Sep 17 00:00:00 2001
From: IT Fixcomart <it@fixcomart.co.id>
Date: Fri, 4 Nov 2022 09:40:50 +0700
Subject: Authorization with token

---
 indoteknik_api/controllers/controller.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'indoteknik_api/controllers/controller.py')

diff --git a/indoteknik_api/controllers/controller.py b/indoteknik_api/controllers/controller.py
index 2002d7eb..4bf08431 100644
--- a/indoteknik_api/controllers/controller.py
+++ b/indoteknik_api/controllers/controller.py
@@ -22,10 +22,9 @@ class Controller(http.Controller):
             request.session.authenticate(db, username, password)
             return True
         except:
-            remote_address = wsgienv['REMOTE_ADDR']
-            _logger.info("API Request from %s" % remote_address)
-            allowed_ip_address = request.env['ir.config_parameter'].sudo().get_param('api_allowed_ip_address')
-            if remote_address in allowed_ip_address.split('-'):
+            authorization = wsgienv['HTTP_AUTHORIZATION']
+            token = request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or ''
+            if authorization == token:
                 request.session.authenticate(config.get('db_name'), 'it@fixcomart.co.id', 'Fixcomart378')
                 return True
             return False
@@ -73,6 +72,10 @@ class Controller(http.Controller):
         order = kw.get('order', '')
 
         return request.env[model].search(query, limit=int(limit), offset=int(offset), order=order)
+    
+    @http.route('/api/token', auth='public', methods=['GET'])
+    def get_api_token(self, **kw):
+        return self.response(request.env['ir.config_parameter'].sudo().get_param('rest_api_token') or '')
 
     @http.route('/api/image/<model>/<field>/<id>', auth='public', methods=['GET'])
     def get_image(self, model, field, id):
-- 
cgit v1.2.3