http_handler.py 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285
  1. # -*- coding: utf-8 -*-
  2. from openerp import http
  3. from openerp.http import request
  4. from passlib.context import CryptContext
  5. from werkzeug.wrappers import Response
  6. import os
  7. import jwt
  8. import json
  9. import logging
  10. RESOURCES_MAP = None
  11. JWT_SECRET_KEY = '@MjSk$2016?'
  12. JWT_HEADER = 'Authorization'
  13. JWT_HEADER_PREFIX = 'JWT'
  14. CRYPT_CONTEXT = CryptContext(['pbkdf2_sha512', 'md5_crypt'], deprecated=['md5_crypt'])
  15. LOGGER = logging.getLogger(__name__)
  16. with open(os.path.dirname(__file__) + '/resources.json') as resources:
  17. RESOURCES_MAP = json.load(resources)
  18. '''
  19. Class for manage authentication
  20. '''
  21. class Auth(http.Controller):
  22. # --------------------------------------------------------------------------
  23. # Generate JWT token based on username and password field
  24. # --------------------------------------------------------------------------
  25. @http.route(['/api/jwt'], type = 'http', auth = 'none', methods = ['POST'], cors = '*')
  26. def get_jwt(self, **args):
  27. try:
  28. user = request.env['res.users'].sudo().search([('login', '=', args['username']), ('active', '=', True)])
  29. if not user:
  30. self.make_warn_log('invalid user received')
  31. return self.make_response({'error': 'invalid user'}, 400) # bad request
  32. if not self.get_crypt_context().verify(args['password'], user.password_crypt):
  33. self.make_warn_log('invalid password received')
  34. return self.make_response({'error': 'invalid password'}, 400) # bad request
  35. payload = {
  36. 'uid': user.id,
  37. 'password': args['password']
  38. }
  39. encoded = jwt.encode(payload, JWT_SECRET_KEY, algorithm = 'HS256')
  40. user.write({'jwt_token': encoded})
  41. self.make_info_log('to send token')
  42. return self.make_response({'token': encoded})
  43. except Exception, e:
  44. self.make_error_log('Fields required to generate token')
  45. return self.make_response({'error': 'fields required'}, 400) # bad request
  46. # --------------------------------------------------------------------------
  47. # Check JWT token auth
  48. # --------------------------------------------------------------------------
  49. @http.route(['/api/check'], type = 'http', auth = 'none', methods = ['POST'], cors = '*')
  50. def check_token(self, **args):
  51. try:
  52. user = request.env['res.users'].sudo().search([('jwt_token', '=', args['token'])])
  53. if not user:
  54. self.make_warn_log('Invalid token received')
  55. return self.make_response({'error' : 'invalid token'}, 400) # bad request
  56. decoded = jwt.decode(args['token'], JWT_SECRET_KEY, algorithms = ['HS256'])
  57. if not self.get_crypt_context().verify(decoded['password'], user.password_crypt):
  58. self.make_warn_log('Invalid token received')
  59. return self.make_response({'error' : 'invalid token'}, 400) # bad request
  60. self.make_info_log('Token received is valid')
  61. return self.make_response({'token': 'valid'})
  62. except Exception, e:
  63. self.make_error_log('Token not received')
  64. return self.make_response({'error': 'token required'}, 400) # bad request
  65. # --------------------------------------------------------------------------
  66. # Get context for encryption
  67. # --------------------------------------------------------------------------
  68. def get_crypt_context(self):
  69. return CRYPT_CONTEXT
  70. # --------------------------------------------------------------------------
  71. # Make JSON response
  72. # --------------------------------------------------------------------------
  73. def make_response(self, data, status = 200):
  74. return Response(json.dumps(data), status = status, content_type = 'application/json')
  75. # --------------------------------------------------------------------------
  76. # Make log for warnings
  77. # --------------------------------------------------------------------------
  78. def make_warn_log(self, log):
  79. LOGGER.warning(log)
  80. # --------------------------------------------------------------------------
  81. # Make log for infos
  82. # --------------------------------------------------------------------------
  83. def make_info_log(self, log):
  84. LOGGER.error(log)
  85. # --------------------------------------------------------------------------
  86. # Make log for errors
  87. # --------------------------------------------------------------------------
  88. def make_error_log(self, log):
  89. LOGGER.error(log)
  90. '''
  91. Class for manage rest api interaction
  92. '''
  93. class ApiManager(http.Controller):
  94. # --------------------------------------------------------------------------
  95. # Restify your request
  96. # --------------------------------------------------------------------------
  97. @http.route([
  98. '/api/<any(customers, leads, opportunities):resource>',
  99. '/api/<any(customers, leads, opportunities):resource>/<int:uid>'
  100. ],
  101. type = 'http',
  102. auth = 'none',
  103. cors = '*')
  104. def restify(self, resource, uid = None):
  105. if not self.valid_token():
  106. return self.make_response({'error': 'unauthorized resource'}, 401) # access denied
  107. if not self.resource_exists(resource):
  108. return self.make_response({'error': 'resource not available'}, 404) # not found
  109. http_verb = request.httprequest.method
  110. if http_verb == 'GET':
  111. return self.http_get(resource, uid)
  112. if http_verb == 'POST':
  113. return json.dumps({'verb': 'POST'}, sort_keys = True)
  114. if http_verb == 'PUT' or http_verb == 'PATCH':
  115. return json.dumps({'verb': 'PUT OR PATCH'})
  116. if http_verb == 'DELETE':
  117. return self.http_delete(resource, uid)
  118. self.make_warn_log('Request method not allowed')
  119. return self.make_response({'error': 'method not allowed'}, 405) # method not allowed
  120. # --------------------------------------------------------------------------
  121. # Manage GET request
  122. # --------------------------------------------------------------------------
  123. def http_get(self, resource, uid):
  124. model, filters = self.resource_inflater(resource)
  125. data = []
  126. if uid != None:
  127. filters.append(('id', '=', uid))
  128. result = request.env[model].sudo().search(filters)
  129. for item in result:
  130. data.append(item.dump())
  131. self.make_info_log('To send data response')
  132. return self.make_response(data);
  133. # --------------------------------------------------------------------------
  134. # Manage DELETE request
  135. # --------------------------------------------------------------------------
  136. def http_delete(self, resource, uid):
  137. if uid == None:
  138. return self.make_response({'error': 'uid not provided'})
  139. model, filters = self.resource_inflater(resource)
  140. result = request.env[model].sudo().browse(uid)
  141. if not result.exists():
  142. return self.make_response({'error': 'cannot be deleted'})
  143. self.make_info_log('To delete object')
  144. return self.make_response({'response': result.unlink()})
  145. # --------------------------------------------------------------------------
  146. # Make JSON response
  147. # --------------------------------------------------------------------------
  148. def make_response(self, data, status = 200):
  149. headers = [('Content-Type', 'application/json')]
  150. if status == 401:
  151. headers.append(('WWW-Authenticate', 'JWT'))
  152. return Response(json.dumps(data), status = status, headers = headers)
  153. # --------------------------------------------------------------------------
  154. # Check if resource is available
  155. # --------------------------------------------------------------------------
  156. def resource_exists(self, resource):
  157. try:
  158. model = RESOURCES_MAP[resource]['module']
  159. module_name = model.replace('.', '_')
  160. module = request.env['ir.module.module'].sudo().search([('name', '=', module_name)])
  161. self.make_info_log('To check resource availability')
  162. return True if module.state == 'installed' and len(module) != 0 else False
  163. except Exception, e:
  164. self.make_error_log('Requested resource is not available')
  165. return False;
  166. # --------------------------------------------------------------------------
  167. # Manage JWT token validity
  168. # --------------------------------------------------------------------------
  169. def valid_token(self):
  170. try:
  171. # print request.httprequest.user_agent.browser
  172. auth_header = request.httprequest.headers[JWT_HEADER]
  173. if not auth_header.startswith(JWT_HEADER_PREFIX):
  174. return False
  175. jwt_token = auth_header[4:]
  176. if not jwt_token:
  177. return False
  178. user = request.env['res.users'].sudo().search([('jwt_token', '=', jwt_token)])
  179. if not user:
  180. return False
  181. decoded = jwt.decode(jwt_token, JWT_SECRET_KEY, algorithms = ['HS256'])
  182. if not self.get_crypt_context().verify(decoded['password'], user.password_crypt):
  183. return False
  184. self.make_info_log('Token is valid')
  185. return True
  186. except Exception, e:
  187. self.make_error_log('Token is not valid')
  188. return False
  189. # --------------------------------------------------------------------------
  190. # Manage GET request
  191. # --------------------------------------------------------------------------
  192. def resource_inflater(self, resource):
  193. try:
  194. model = RESOURCES_MAP[resource]['model']
  195. filters = []
  196. for i in range(len(RESOURCES_MAP[resource]['filters'])):
  197. filters.append(tuple(RESOURCES_MAP[resource]['filters'][i]))
  198. self.make_info_log('Successfully resource inflated')
  199. return (model, filters)
  200. except Exception, e:
  201. self.make_error_log('Cannot inflate resource')
  202. return (None, None)
  203. # --------------------------------------------------------------------------
  204. # Get context for encryption
  205. # --------------------------------------------------------------------------
  206. def get_crypt_context(self):
  207. return CRYPT_CONTEXT
  208. # --------------------------------------------------------------------------
  209. # Make log for warnings
  210. # --------------------------------------------------------------------------
  211. def make_warn_log(self, log):
  212. LOGGER.warning(log)
  213. # --------------------------------------------------------------------------
  214. # Make log for infos
  215. # --------------------------------------------------------------------------
  216. def make_info_log(self, log):
  217. LOGGER.error(log)
  218. # --------------------------------------------------------------------------
  219. # Make log for errors
  220. # --------------------------------------------------------------------------
  221. def make_error_log(self, log):
  222. LOGGER.error(log)