From a34454542c494ae6f27b15362ef87dedffcf9c81 Mon Sep 17 00:00:00 2001 From: Saran440 Date: Wed, 24 Sep 2025 11:35:51 +0700 Subject: [PATCH] [IMP] usabiltiy_webhooks: support api key --- usability_webhooks/README.rst | 15 ++++++++++++- usability_webhooks/controllers/main.py | 22 ++++++++++++++----- usability_webhooks/readme/USAGE.rst | 15 ++++++++++++- .../static/description/index.html | 9 +++++++- 4 files changed, 53 insertions(+), 8 deletions(-) diff --git a/usability_webhooks/README.rst b/usability_webhooks/README.rst index 8672245d..f13f205a 100644 --- a/usability_webhooks/README.rst +++ b/usability_webhooks/README.rst @@ -56,7 +56,20 @@ and the body should include: } } -Following successful authentication, you can proceed with five API routes: +**Alternative Authentication Method (API Key)** + +As an alternative to session-based authentication, you can use an **API Key** for your requests. This approach bypasses the need for an initial authentication call to ``/web/session/authenticate``. + +To use this method, you must send a header with ``Authorization`` set to ``Bearer `` for every API route call. + +.. code-block:: http + + Authorization: Bearer + + +**API Routes** + +Following successful authentication, you can proceed with 5 API routes: 1. ``/api/create_data``: This route allows the creation of new data only. The format for creating data should be in the following structure: diff --git a/usability_webhooks/controllers/main.py b/usability_webhooks/controllers/main.py index ee8e329d..7cd69ff2 100644 --- a/usability_webhooks/controllers/main.py +++ b/usability_webhooks/controllers/main.py @@ -57,32 +57,44 @@ def _set_create_logs(self, param, vals): is_create_log = ast.literal_eval(is_create_log.capitalize()) vals.update({"is_create_log": is_create_log}) - @http.route("/api/create_data", type="json", auth="user") + def update_session_auth(self): + # Check session first. if no session, use API Key + if request.session.uid: + request.update_env(user=request.session.uid) + else: + request.env["ir.http"]._auth_method_bearer() + + @http.route("/api/create_data", type="json", auth="none") def create_data(self, model, vals): + self.update_session_auth() self._set_create_logs("webhook.create_data_log", vals) res = self._create_api_logs(model, vals, "create_data") return res - @http.route("/api/update_data", type="json", auth="user") + @http.route("/api/update_data", type="json", auth="none") def update_data(self, model, vals): + self.update_session_auth() self._set_create_logs("webhook.update_data_log", vals) res = self._create_api_logs(model, vals, "update_data") return res - @http.route("/api/create_update_data", type="json", auth="user") + @http.route("/api/create_update_data", type="json", auth="none") def create_update_data(self, model, vals): + self.update_session_auth() self._set_create_logs("webhook.create_update_data_log", vals) res = self._create_api_logs(model, vals, "create_update_data") return res - @http.route("/api/search_data", type="json", auth="user") + @http.route("/api/search_data", type="json", auth="none") def search_data(self, model, vals): + self.update_session_auth() self._set_create_logs("webhook.search_data_log", vals) res = self._create_api_logs(model, vals, "search_data") return res - @http.route("/api/call_function", type="json", auth="user") + @http.route("/api/call_function", type="json", auth="none") def call_function(self, model, vals): + self.update_session_auth() self._set_create_logs("webhook.call_function_log", vals) res = self._create_api_logs(model, vals, "call_function") return res diff --git a/usability_webhooks/readme/USAGE.rst b/usability_webhooks/readme/USAGE.rst index 045a8029..3ae1ab37 100644 --- a/usability_webhooks/readme/USAGE.rst +++ b/usability_webhooks/readme/USAGE.rst @@ -16,7 +16,20 @@ and the body should include: } } -Following successful authentication, you can proceed with five API routes: +**Alternative Authentication Method (API Key)** + +As an alternative to session-based authentication, you can use an **API Key** for your requests. This approach bypasses the need for an initial authentication call to ``/web/session/authenticate``. + +To use this method, you must send a header with ``Authorization`` set to ``Bearer `` for every API route call. + +.. code-block:: http + + Authorization: Bearer + + +**API Routes** + +Following successful authentication, you can proceed with 5 API routes: 1. ``/api/create_data``: This route allows the creation of new data only. The format for creating data should be in the following structure: diff --git a/usability_webhooks/static/description/index.html b/usability_webhooks/static/description/index.html index 49dd9325..30587420 100644 --- a/usability_webhooks/static/description/index.html +++ b/usability_webhooks/static/description/index.html @@ -407,7 +407,14 @@

Usage

} } -

Following successful authentication, you can proceed with five API routes:

+

Alternative Authentication Method (API Key)

+

As an alternative to session-based authentication, you can use an API Key for your requests. This approach bypasses the need for an initial authentication call to /web/session/authenticate.

+

To use this method, you must send a header with Authorization set to Bearer <api_key> for every API route call.

+
+Authorization: Bearer <api_key>
+
+

API Routes

+

Following successful authentication, you can proceed with 5 API routes:

  1. /api/create_data: This route allows the creation of new data only. The format for creating data should be in the following structure: