212

2022-11-21 20:04:56 +08:00
parent c4876e9631
commit 830f3bb35e
87 changed files with 1785 additions and 2711 deletions
--- a/sf_bf_connect/models/http.py
+++ b/sf_bf_connect/models/http.py
@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+import logging
+import datetime
+import time
+import hashlib
+from odoo import fields, models, api
+from odoo.http import request, AuthenticationError
+
+__author__ = 'jinling.yang'
+
+_logger = logging.getLogger(__name__)
+
+
+class Http(models.AbstractModel):
+    _inherit = 'ir.http'
+
+    @classmethod
+    def _auth_method_sf_token(cls):
+        # 从headers.environ中获取对方传过来的token,timestamp,加密的校验字符串
+        datas = request.httprequest.headers.environ
+        if 'HTTP_TOKEN' in datas:
+            _logger.info('token:%s' % datas['HTTP_TOKEN'])
+            # 查询密钥
+            factory_secret = request.env['res.partner'].sudo().search(
+                [('sf_token', '=', datas['HTTP_TOKEN'])], limit=1)
+            if not factory_secret:
+                raise AuthenticationError('无效的token')
+            timestamp_str = int(time.time())
+            # 设置API接口请求时间,不能超过5秒
+            deltime = datetime.timedelta(seconds=60)
+            if abs(int(datas['HTTP_TIMESTAMP'])-timestamp_str) > deltime.seconds:
+                raise AuthenticationError('请求已过期')
+            # 获得sha1_str加密字符串
+            post_time = int(datas['HTTP_TIMESTAMP'])
+            check_str = '%s%s%s' % (datas['HTTP_TOKEN'], post_time, factory_secret.sf_secret_key)
+            check_sf_str = hashlib.sha1(check_str.encode('utf-8')).hexdigest()
+            if check_sf_str != datas['HTTP_CHECKSTR']:
+                raise AuthenticationError('数据校验不通过')
+        else:
+            raise AuthenticationError('请求参数中无token')