http权限代码优化

2023-09-21 16:10:18 +08:00
parent ab42bde8f2
commit 3aa34ee0cf
1 changed files with 8 additions and 9 deletions
--- a/sf_bf_connect/models/http.py
+++ b/sf_bf_connect/models/http.py
@@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
 import logging
-import datetime
-import time
+from datetime import datetime, timedelta
 import hashlib
 from odoo import models
 from odoo.http import request
@@ -10,8 +9,6 @@ __author__ = 'jinling.yang'

 _logger = logging.getLogger(__name__)

-class AuthenticationError(Exception):
-    pass

 class AuthenticationError(Exception):
    pass
@@ -29,16 +26,18 @@ class Http(models.AbstractModel):
            # 查询密钥
            factory_secret = request.env['res.partner'].sudo().search(
                [('sf_token', '=', datas['HTTP_TOKEN'])], limit=1)
-            logging.info('factory_secret:%s' % factory_secret)
            if not factory_secret:
                raise AuthenticationError('无效的token')
-            timestamp_str = int(time.time())
            # 设置API接口请求时间,不能超过5秒
-            deltime = datetime.timedelta(seconds=5)
-            # if abs(int(datas['HTTP_TIMESTAMP'])-timestamp_str) > deltime.seconds:
+            # deltime = datetime.timedelta(seconds=30)
+            # if abs(int(datas['HTTP_TIMESTAMP']) - timestamp_str) > deltime.seconds:
            #     raise AuthenticationError('请求已过期')
-            # 获得sha1_str加密字符串
            post_time = int(datas['HTTP_TIMESTAMP'])
+            datetime_post = datetime.fromtimestamp(post_time)
+            datetime_now = datetime.now().replace(microsecond=0)
+            datetime_del = datetime_now + timedelta(seconds=5)
+            if datetime_post > datetime_del:
+                raise AuthenticationError('请求已过期')
            check_str = '%s%s%s' % (datas['HTTP_TOKEN'], post_time, factory_secret.sf_secret_key)
            check_sf_str = hashlib.sha1(check_str.encode('utf-8')).hexdigest()
            if check_sf_str != datas['HTTP_CHECKSTR']: