marc/goodie
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Portal, Email Inbound, Discuss + module improvements

Browse Source 
- Portal: /my/* routes, signup, password reset, portal user support
- Email Inbound: IMAP polling (go-imap/v2), thread matching
- Discuss: mail.channel, long-polling bus, DM, unread count
- Cron: ir.cron runner (goroutine scheduler)
- Bank Import, CSV/Excel Import
- Automation (ir.actions.server)
- Fetchmail service
- HR Payroll model
- Various fixes across account, sale, stock, purchase, crm, hr, project

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marc
2026-04-12 18:41:57 +02:00
parent 2c7c1e6c88
commit 66383adf06
87 changed files with 14696 additions and 654 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/server/middleware.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"log"
"net/http"
"path/filepath"
"strings"
"time"
)
@@ -43,13 +44,19 @@ func (w *statusWriter) WriteHeader(code int) {
func AuthMiddleware(store *SessionStore, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Public endpoints (no auth required)
path := r.URL.Path
path := filepath.Clean(r.URL.Path)
if path == "/health" ||
path == "/web/login" ||
path == "/web/session/authenticate" ||
path == "/web/session/logout" ||
strings.HasPrefix(path, "/web/database/") ||
path == "/web/database/manager" ||
path == "/web/database/create" ||
path == "/web/database/list" ||
path == "/web/webclient/version_info" ||
path == "/web/setup/wizard" ||
path == "/web/setup/wizard/save" ||
path == "/web/portal/signup" ||
path == "/web/portal/reset_password" ||
strings.Contains(path, "/static/") {
next.ServeHTTP(w, r)
return
@@ -58,8 +65,14 @@ func AuthMiddleware(store *SessionStore, next http.Handler) http.Handler {
// Check session cookie
cookie, err := r.Cookie("session_id")
if err != nil || cookie.Value == "" {
// Also check JSON-RPC params for session_id (Odoo sends it both ways)
next.ServeHTTP(w, r) // For now, allow through — UID defaults to 1
// No session cookie — reject protected endpoints
if r.Header.Get("Content-Type") == "application/json" ||
strings.HasPrefix(path, "/web/dataset/") ||
strings.HasPrefix(path, "/jsonrpc") {
http.Error(w, `{"jsonrpc":"2.0","error":{"code":100,"message":"Session expired"}}`, http.StatusUnauthorized)
} else {
http.Redirect(w, r, "/web/login", http.StatusFound)
}
return
}