| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285 |
- # -*- coding: utf-8 -*-
- from openerp import http
- from openerp.http import request
- from passlib.context import CryptContext
- from werkzeug.wrappers import Response
- import os
- import jwt
- import json
- import logging
- RESOURCES_MAP = None
- JWT_SECRET_KEY = '@MjSk$2016?'
- JWT_HEADER = 'Authorization'
- JWT_HEADER_PREFIX = 'JWT'
- CRYPT_CONTEXT = CryptContext(['pbkdf2_sha512', 'md5_crypt'], deprecated=['md5_crypt'])
- LOGGER = logging.getLogger(__name__)
- with open(os.path.dirname(__file__) + '/resources.json') as resources:
- RESOURCES_MAP = json.load(resources)
- '''
- Class for manage authentication
- '''
- class Auth(http.Controller):
- # --------------------------------------------------------------------------
- # Generate JWT token based on username and password field
- # --------------------------------------------------------------------------
- @http.route(['/api/jwt'], type = 'http', auth = 'none', methods = ['POST'], cors = '*')
- def get_jwt(self, **args):
- try:
- user = request.env['res.users'].sudo().search([('login', '=', args['username']), ('active', '=', True)])
- if not user:
- self.make_warn_log('invalid user received')
- return self.make_response({'error': 'invalid user'}, 400) # bad request
- if not self.get_crypt_context().verify(args['password'], user.password_crypt):
- self.make_warn_log('invalid password received')
- return self.make_response({'error': 'invalid password'}, 400) # bad request
- payload = {
- 'uid': user.id,
- 'password': args['password']
- }
- encoded = jwt.encode(payload, JWT_SECRET_KEY, algorithm = 'HS256')
- user.write({'jwt_token': encoded})
- self.make_info_log('to send token')
- return self.make_response({'token': encoded})
- except Exception, e:
- self.make_error_log('Fields required to generate token')
- return self.make_response({'error': 'fields required'}, 400) # bad request
- # --------------------------------------------------------------------------
- # Check JWT token auth
- # --------------------------------------------------------------------------
- @http.route(['/api/check'], type = 'http', auth = 'none', methods = ['POST'], cors = '*')
- def check_token(self, **args):
- try:
- user = request.env['res.users'].sudo().search([('jwt_token', '=', args['token'])])
- if not user:
- self.make_warn_log('Invalid token received')
- return self.make_response({'error' : 'invalid token'}, 400) # bad request
- decoded = jwt.decode(args['token'], JWT_SECRET_KEY, algorithms = ['HS256'])
- if not self.get_crypt_context().verify(decoded['password'], user.password_crypt):
- self.make_warn_log('Invalid token received')
- return self.make_response({'error' : 'invalid token'}, 400) # bad request
- self.make_info_log('Token received is valid')
- return self.make_response({'token': 'valid'})
- except Exception, e:
- self.make_error_log('Token not received')
- return self.make_response({'error': 'token required'}, 400) # bad request
- # --------------------------------------------------------------------------
- # Get context for encryption
- # --------------------------------------------------------------------------
- def get_crypt_context(self):
- return CRYPT_CONTEXT
- # --------------------------------------------------------------------------
- # Make JSON response
- # --------------------------------------------------------------------------
- def make_response(self, data, status = 200):
- return Response(json.dumps(data), status = status, content_type = 'application/json')
- # --------------------------------------------------------------------------
- # Make log for warnings
- # --------------------------------------------------------------------------
- def make_warn_log(self, log):
- LOGGER.warning(log)
- # --------------------------------------------------------------------------
- # Make log for infos
- # --------------------------------------------------------------------------
- def make_info_log(self, log):
- LOGGER.error(log)
- # --------------------------------------------------------------------------
- # Make log for errors
- # --------------------------------------------------------------------------
- def make_error_log(self, log):
- LOGGER.error(log)
- '''
- Class for manage rest api interaction
- '''
- class ApiManager(http.Controller):
- # --------------------------------------------------------------------------
- # Restify your request
- # --------------------------------------------------------------------------
- @http.route([
- '/api/<any(customers, leads, opportunities):resource>',
- '/api/<any(customers, leads, opportunities):resource>/<int:uid>'
- ],
- type = 'http',
- auth = 'none',
- cors = '*')
- def restify(self, resource, uid = None):
- if not self.valid_token():
- return self.make_response({'error': 'unauthorized resource'}, 401) # access denied
- if not self.resource_exists(resource):
- return self.make_response({'error': 'resource not available'}, 404) # not found
- http_verb = request.httprequest.method
- if http_verb == 'GET':
- return self.http_get(resource, uid)
- if http_verb == 'POST':
- return json.dumps({'verb': 'POST'}, sort_keys = True)
- if http_verb == 'PUT' or http_verb == 'PATCH':
- return json.dumps({'verb': 'PUT OR PATCH'})
- if http_verb == 'DELETE':
- return self.http_delete(resource, uid)
- self.make_warn_log('Request method not allowed')
- return self.make_response({'error': 'method not allowed'}, 405) # method not allowed
- # --------------------------------------------------------------------------
- # Manage GET request
- # --------------------------------------------------------------------------
- def http_get(self, resource, uid):
- model, filters = self.resource_inflater(resource)
- data = []
- if uid != None:
- filters.append(('id', '=', uid))
- result = request.env[model].sudo().search(filters)
- for item in result:
- data.append(item.dump())
- self.make_info_log('To send data response')
- return self.make_response(data);
- # --------------------------------------------------------------------------
- # Manage DELETE request
- # --------------------------------------------------------------------------
- def http_delete(self, resource, uid):
- if uid == None:
- return self.make_response({'error': 'uid not provided'})
- model, filters = self.resource_inflater(resource)
- result = request.env[model].sudo().browse(uid)
- if not result.exists():
- return self.make_response({'error': 'cannot be deleted'})
- self.make_info_log('To delete object')
- return self.make_response({'response': result.unlink()})
- # --------------------------------------------------------------------------
- # Make JSON response
- # --------------------------------------------------------------------------
- def make_response(self, data, status = 200):
- headers = [('Content-Type', 'application/json')]
- if status == 401:
- headers.append(('WWW-Authenticate', 'JWT'))
- return Response(json.dumps(data), status = status, headers = headers)
- # --------------------------------------------------------------------------
- # Check if resource is available
- # --------------------------------------------------------------------------
- def resource_exists(self, resource):
- try:
- model = RESOURCES_MAP[resource]['module']
- module_name = model.replace('.', '_')
- module = request.env['ir.module.module'].sudo().search([('name', '=', module_name)])
- self.make_info_log('To check resource availability')
- return True if module.state == 'installed' and len(module) != 0 else False
- except Exception, e:
- self.make_error_log('Requested resource is not available')
- return False;
- # --------------------------------------------------------------------------
- # Manage JWT token validity
- # --------------------------------------------------------------------------
- def valid_token(self):
- try:
- # print request.httprequest.user_agent.browser
- auth_header = request.httprequest.headers[JWT_HEADER]
- if not auth_header.startswith(JWT_HEADER_PREFIX):
- return False
- jwt_token = auth_header[4:]
- if not jwt_token:
- return False
- user = request.env['res.users'].sudo().search([('jwt_token', '=', jwt_token)])
- if not user:
- return False
- decoded = jwt.decode(jwt_token, JWT_SECRET_KEY, algorithms = ['HS256'])
- if not self.get_crypt_context().verify(decoded['password'], user.password_crypt):
- return False
- self.make_info_log('Token is valid')
- return True
- except Exception, e:
- self.make_error_log('Token is not valid')
- return False
- # --------------------------------------------------------------------------
- # Manage GET request
- # --------------------------------------------------------------------------
- def resource_inflater(self, resource):
- try:
- model = RESOURCES_MAP[resource]['model']
- filters = []
- for i in range(len(RESOURCES_MAP[resource]['filters'])):
- filters.append(tuple(RESOURCES_MAP[resource]['filters'][i]))
- self.make_info_log('Successfully resource inflated')
- return (model, filters)
- except Exception, e:
- self.make_error_log('Cannot inflate resource')
- return (None, None)
- # --------------------------------------------------------------------------
- # Get context for encryption
- # --------------------------------------------------------------------------
- def get_crypt_context(self):
- return CRYPT_CONTEXT
- # --------------------------------------------------------------------------
- # Make log for warnings
- # --------------------------------------------------------------------------
- def make_warn_log(self, log):
- LOGGER.warning(log)
- # --------------------------------------------------------------------------
- # Make log for infos
- # --------------------------------------------------------------------------
- def make_info_log(self, log):
- LOGGER.error(log)
- # --------------------------------------------------------------------------
- # Make log for errors
- # --------------------------------------------------------------------------
- def make_error_log(self, log):
- LOGGER.error(log)
|
