Myceliandre
/
galicea-odoo-addons-ecosystem
2
0
Fork 1
Code Issues Pull Requests 1 Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 Commits
6 Branches
0 Tags
609 KiB
Tree: bf9caf305f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bf9caf305f'
${ noResults }
galicea-odoo-addons-ecosystem/galicea_openid_connect/api.py

105 lines
4.0 KiB
Raw Normal View History

[openid_connect]
6 years ago
Allow restricting clients to groups, APIs to clients, custom API exceptions
5 years ago
[openid_connect]
6 years ago
[openid_connect] Fix CORS c.d.
5 years ago
[openid_connect]
6 years ago
[openid_connect] Fix CORS c.d.
5 years ago
CORS 3
5 years ago
[openid_connect] Fix CORS c.d.
5 years ago
[openid_connect]
6 years ago
Allow restricting clients to groups, APIs to clients, custom API exceptions
5 years ago
[openid_connect]
6 years ago
[openid_connect] Fix CORS c.d.
5 years ago
Allow restricting clients to groups, APIs to clients, custom API exceptions
5 years ago
[openid_connect]
6 years ago
Allow restricting clients to groups, APIs to clients, custom API exceptions
5 years ago
[openid_connect] Fix CORS c.d.
5 years ago
[openid_connect]
6 years ago
  1. # -*- coding: utf-8 -*-
  3. import json
  4. import logging
  5. from functools import wraps
  7. from odoo import http
  8. import werkzeug
  10. _logger = logging.getLogger(__name__)
  12. class ApiException(Exception):
  13. INVALID_REQUEST = 'invalid_request'
  15. def __init__(self, message, code=None):
  16. super(Exception, self).__init__(message)
  17. self.code = code if code else self.INVALID_REQUEST
  19. def to_json(self):
  20. return {
  21. 'error': self.code,
  22. 'error_message': self.message
  23. }
  25. def resource(path, method, auth='user', clients=None):
  26. assert auth in ['user', 'client']
  28. def endpoint_decorator(func):
  29. @http.route(path, auth='public', type='http', methods=[method, 'OPTIONS'], csrf=False)
  30. @wraps(func)
  31. def func_wrapper(self, req, **query):
  32. cors_headers = {
  33. 'Access-Control-Allow-Origin': '*',
  34. 'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-Debug-Mode, Authorization',
  35. 'Access-Control-Max-Age': 60 * 60 * 24,
  36. 'Access-Control-Allow-Methods': 'OPTIONS, HEAD, GET, POST, PUT, DELETE'
  37. }
  38. if req.httprequest.method == 'OPTIONS':
  39. return http.Response(
  40. status=200,
  41. headers=cors_headers
  42. )
  44. try:
  45. access_token = None
  46. if 'Authorization' in req.httprequest.headers:
  47. authorization_header = req.httprequest.headers['Authorization']
  48. if authorization_header[:7] == 'Bearer ':
  49. access_token = authorization_header.split(' ', 1)[1]
  50. if access_token is None:
  51. access_token = query.get('access_token')
  52. if not access_token:
  53. raise ApiException(
  54. 'access_token param is missing',
  55. 'invalid_request',
  56. )
  57. if auth == 'user':
  58. token = req.env['galicea_openid_connect.access_token'].sudo().search(
  59. [('token', '=', access_token)]
  60. )
  61. if not token:
  62. raise ApiException(
  63. 'access_token is invalid',
  64. 'invalid_request',
  65. )
  66. req.uid = token.user_id.id
  67. elif auth == 'client':
  68. token = req.env['galicea_openid_connect.client_access_token'].sudo().search(
  69. [('token', '=', access_token)]
  70. )
  71. if not token:
  72. raise ApiException(
  73. 'access_token is invalid',
  74. 'invalid_request',
  75. )
  76. req.uid = token.client_id.system_user_id.id
  78. if clients:
  79. if token.client_id.id not in map(lambda c: req.env.ref(c).id, clients):
  80. raise ApiException('Access denied', 'restricted_app')
  82. ctx = req.context.copy()
  83. ctx.update({'client_id': token.client_id.id})
  84. req.context = ctx
  86. response = func(self, req, **query)
  87. return werkzeug.Response(
  88. response=json.dumps(response),
  89. headers=cors_headers,
  90. status=200
  91. )
  92. except Exception as e:
  93. status = 400
  94. if not isinstance(e, ApiException):
  95. _logger.exception('Unexpected exception while processing API request')
  96. e = ApiException('Unexpected server error', 'server_error')
  97. status = 500
  98. return werkzeug.Response(
  99. response=json.dumps(e.to_json()),
  100. status=status,
  101. headers=cors_headers
  102. )
  104. return func_wrapper
  105. return endpoint_decorator