odoo-fastapi-gateway 18.1.0__tar.gz

odoo_fastapi_gateway-18.1.0/PKG-INFO

@@ -0,0 +1,14 @@
+Metadata-Version: 2.4
+Name: odoo-fastapi-gateway
+Version: 18.1.0
+Summary: FastAPI gateway library for Odoo XML-RPC integration
+Requires-Python: >=3.11
+Requires-Dist: fastapi>=0.100.0
+Requires-Dist: uvicorn>=0.20.0
+Requires-Dist: python-jose[cryptography]>=3.3.0
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: cryptography>=41.0.0
+Requires-Dist: pydantic-settings>=2.0.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: httpx>=0.24.0; extra == "dev"

odoo_fastapi_gateway-18.1.0/README.md

@@ -0,0 +1,145 @@
+# odoo-fastapi-gateway
+
+<p align="center"><em>A modular FastAPI library for integrating with Odoo via XML-RPC. Install as a package, plug in pre-built routers, and start building.</em></p>
+
+<p align="center">
+<a href="https://www.python.org/downloads/"><img src="https://img.shields.io/badge/python-3.11+-blue.svg" alt="Python 3.11+"></a>
+<a href="https://fastapi.tiangolo.com"><img src="https://img.shields.io/badge/FastAPI-0.100+-009688.svg" alt="FastAPI"></a>
+<a href="https://www.odoo.com/documentation/18.0/developer/reference/external_api.html"><img src="https://img.shields.io/badge/Odoo-18-714B67.svg" alt="Odoo 18"></a>
+</p>
+
+---
+
+## Quick Start
+
+```bash
+pip install odoo-fastapi-gateway
+```
+
+```python
+from fastapi import FastAPI
+from odoo_api import get_routers, register_exception_handlers
+
+app = FastAPI()
+register_exception_handlers(app)
+
+for router in get_routers():
+    app.include_router(router)
+```
+
+```bash
+uvicorn app:app --reload
+```
+
+That's it — you now have login, CRUD, and execute endpoints for any Odoo model.
+
+## Features
+
+- **Plug & play routers** — Health, auth, and full CRUD included out of the box
+- **JWT + AES-256-CBC** — Passwords encrypted in tokens, never stored in plain text
+- **Pydantic validation** — Type-safe request/response models with limit enforcement
+- **Async XML-RPC** — All Odoo calls run in a thread pool, non-blocking
+- **Extensible** — Add custom routers using the same auth dependency
+
+## API Endpoints
+
+| Method | Path | Auth | Description |
+|--------|------|------|-------------|
+| `GET` | `/api/health` | — | Health check |
+| `POST` | `/api/login` | — | Authenticate with Odoo, returns JWT |
+| `GET` | `/api/model/{model}/{record_id}` | Bearer | Read a single record |
+| `POST` | `/api/models/search/{model}` | Bearer | Search/list records |
+| `POST` | `/api/models/{model}` | Bearer | Create records |
+| `PUT` | `/api/models/{model}` | Bearer | Update records |
+| `DELETE` | `/api/models/{model}` | Bearer | Delete records |
+| `POST` | `/api/models/{model}/execute/{func_name}` | Bearer | Call custom Odoo method |
+
+> **Model name convention:** Use hyphens in URLs — converted to dots automatically.
+> `/api/models/search/sale-order` → `sale.order`
+
+## Configuration
+
+Create a `.env` file (or set environment variables):
+
+```ini
+ODOO_HOST=http://localhost:8069
+JWT_SECRET_KEY=<your-64-char-hex-key>
+AES_SECRET_KEY=<your-64-char-hex-key>
+```
+
+Generate keys: `python3 -c "import secrets; print(secrets.token_hex(32))"`
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `ODOO_HOST` | `http://odoo:8069` | Odoo server URL |
+| `JWT_SECRET_KEY` | — *(required)* | JWT signing key (min 32 chars) |
+| `AES_SECRET_KEY` | — *(required)* | AES encryption key (min 32 chars) |
+| `HASH_ALGORITHM` | `HS256` | JWT hash algorithm |
+| `ACCESS_TOKEN_EXPIRE_MINUTES` | `None` | Token TTL (`None` = no expiry) |
+| `LIMIT_SEARCH_RECORDS` | `50` | Max records per search |
+| `LIMIT_CREATE_RECORDS` | `50` | Max records per create |
+| `RATE_LIMIT` | `100/minute` | Rate limit string |
+
+## Installation
+
+### From PyPI
+
+```bash
+pip install odoo-fastapi-gateway
+```
+
+### Development (editable)
+
+```bash
+git clone https://github.com/vdx-vn/odoo-api.git
+cd odoo-api && pip install -e .
+```
+
+### Dependencies
+
+Installed automatically:
+
+`fastapi` · `uvicorn` · `python-jose[cryptography]` · `cryptography` · `pydantic-settings` · `python-dotenv`
+
+Optional (not included): `slowapi` (rate limiting) · `gunicorn` (production)
+
+## Documentation
+
+| Topic | Link |
+|-------|------|
+| Architecture diagrams | [docs/architecture.md](docs/architecture.md) |
+| Public API reference | [docs/api-reference.md](docs/api-reference.md) |
+| Extending the library | [docs/extending.md](docs/extending.md) |
+| Security details | [docs/security.md](docs/security.md) |
+| Docker deployment | [docs/docker.md](docs/docker.md) |
+| Publishing to PyPI | [docs/publishing.md](docs/publishing.md) |
+| Request body examples | [docs/request-examples.md](docs/request-examples.md) |
+
+## Project Structure
+
+```
+src/odoo_api/
+├── __init__.py               # Public API exports
+├── exceptions.py             # APIException, UnauthorizedException, DecryptionError
+├── core/
+│   ├── config.py             # AppSettings (pydantic-settings) + get_settings()
+│   └── connection.py         # call_xmlrpc, execute, sanitize_model
+├── dependencies/
+│   ├── auth.py               # JWT creation, AES encrypt/decrypt, authenticate()
+│   └── odoo_session.py       # get_logged_in_user dependency, auth models
+├── models/
+│   ├── base.py               # APIBaseModel (Pydantic base with settings access)
+│   └── request.py            # Search, Create, Update, Delete, ExecuteFunction
+└── routers/
+    ├── __init__.py            # get_routers() helper
+    ├── health.py              # GET /api/health
+    ├── auth.py                # POST /api/login
+    └── models.py              # CRUD + execute endpoints
+```
+
+## References
+
+- [FastAPI](https://fastapi.tiangolo.com/)
+- [Odoo 18 External API](https://www.odoo.com/documentation/18.0/developer/reference/external_api.html)
+- [SlowAPI](https://github.com/laurentS/slowapi)
+- [Gunicorn](https://docs.gunicorn.org/en/stable/settings.html)

odoo_fastapi_gateway-18.1.0/pyproject.toml

@@ -0,0 +1,27 @@
+[build-system]
+
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "odoo-fastapi-gateway"
+version = "18.1.0"
+description = "FastAPI gateway library for Odoo XML-RPC integration"
+requires-python = ">=3.11"
+dependencies = [
+    "fastapi>=0.100.0",
+    "uvicorn>=0.20.0",
+    "python-jose[cryptography]>=3.3.0",
+    "python-dotenv>=1.0.0",
+    "cryptography>=41.0.0",
+    "pydantic-settings>=2.0.0",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.0",
+    "httpx>=0.24.0",
+]
+
+[tool.setuptools.packages.find]
+where = ["src"]

odoo_fastapi_gateway-18.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

odoo_fastapi_gateway-18.1.0/src/odoo_api/__init__.py

@@ -0,0 +1,29 @@
+from odoo_api.core.config import AppSettings, get_settings
+from odoo_api.core.connection import execute, sanitize_model, call_xmlrpc
+from odoo_api.dependencies.odoo_session import (
+    AuthenticatedUser, Token, AuthenticationBody, get_logged_in_user
+)
+from odoo_api.dependencies.auth import authenticate, create_access_token
+from odoo_api.models.request import (
+    SearchDataModel, CreateDataModel, UpdateDataModel,
+    DeleteDataModel, ExecuteFunctionModel
+)
+from odoo_api.exceptions import (
+    APIException, UnauthorizedException, DecryptionError,
+    register_exception_handlers,
+)
+from odoo_api.routers import get_routers
+from odoo_api.app import create_app
+
+__all__ = [
+    "AppSettings", "get_settings",
+    "execute", "sanitize_model", "call_xmlrpc",
+    "AuthenticatedUser", "Token", "AuthenticationBody", "get_logged_in_user",
+    "authenticate", "create_access_token",
+    "SearchDataModel", "CreateDataModel", "UpdateDataModel",
+    "DeleteDataModel", "ExecuteFunctionModel",
+    "APIException", "UnauthorizedException", "DecryptionError",
+    "register_exception_handlers",
+    "get_routers",
+    "create_app",
+]

odoo_fastapi_gateway-18.1.0/src/odoo_api/app.py

@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+
+from fastapi import FastAPI
+
+from odoo_api.routers import get_routers
+from odoo_api.exceptions import register_exception_handlers
+
+OPENAPI_TAGS = [
+    {"name": "Health", "description": "Server health check"},
+    {"name": "Authentication", "description": "Login and token management"},
+    {"name": "Models", "description": "CRUD operations and function execution on Odoo models"},
+]
+
+
+def create_app(
+    title: str = "Odoo FastAPI Gateway",
+    description: str = "REST API gateway for Odoo ERP via XML-RPC.",
+    version: str = "0.1.0",
+    **kwargs,
+) -> FastAPI:
+    """Create a FastAPI app pre-configured with Odoo gateway routers, exception handlers, and OpenAPI docs."""
+    app = FastAPI(
+        title=title,
+        description=description,
+        version=version,
+        openapi_tags=OPENAPI_TAGS,
+        **kwargs,
+    )
+
+    register_exception_handlers(app)
+
+    for router in get_routers():
+        app.include_router(router)
+
+    return app

odoo_fastapi_gateway-18.1.0/src/odoo_api/core/config.py

@@ -0,0 +1,65 @@
+# -*- coding:utf-8 -*-
+
+import re
+from functools import lru_cache
+from typing import Optional
+
+from pydantic import field_validator
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class AppSettings(BaseSettings):
+    odoo_host: str = 'http://odoo:8069'
+    jwt_secret_key: str
+    aes_secret_key: str
+    hash_algorithm: str = 'HS256'
+    rate_limit: str = '100/minute'
+    access_token_expire_minutes: Optional[int] = None
+    limit_search_records: Optional[int] = 50
+    limit_create_records: Optional[int] = 50
+
+    model_config = SettingsConfigDict(
+        extra='ignore',
+        env_file=('.env',),
+        env_file_encoding='utf-8',
+    )
+
+    @field_validator('jwt_secret_key', 'aes_secret_key')
+    @classmethod
+    def validate_secret_keys(cls, v: str, info) -> str:
+        if len(v) < 32:
+            raise ValueError(f'{info.field_name} must be at least 32 characters')
+        return v
+
+    @field_validator('rate_limit')
+    @classmethod
+    def validate_rate_limit(cls, v: str) -> str:
+        if not re.match(r'^\d+/(second|minute|hour|day)$', v):
+            raise ValueError('rate_limit must match format like "100/minute"')
+        return v
+
+    @field_validator('access_token_expire_minutes')
+    @classmethod
+    def validate_expire_minutes(cls, v: Optional[int]) -> Optional[int]:
+        if v is not None and v <= 0:
+            raise ValueError('access_token_expire_minutes must be positive')
+        return v
+
+    @field_validator('limit_search_records', 'limit_create_records')
+    @classmethod
+    def validate_limits(cls, v: Optional[int], info) -> Optional[int]:
+        if v is not None and v <= 0:
+            raise ValueError(f'{info.field_name} must be positive')
+        return v
+
+    @field_validator('odoo_host')
+    @classmethod
+    def validate_odoo_host(cls, v: str) -> str:
+        if not re.match(r'^https?://', v):
+            raise ValueError('odoo_host must be a valid HTTP(S) URL')
+        return v
+
+
+@lru_cache()
+def get_settings():
+    return AppSettings()

odoo_fastapi_gateway-18.1.0/src/odoo_api/core/connection.py

@@ -0,0 +1,62 @@
+# -*- coding:utf-8 -*-
+
+import asyncio
+import re
+import xmlrpc.client
+
+from odoo_api.exceptions import APIException
+
+
+def call_xmlrpc(url: str, method: str, *args):
+    proxy = xmlrpc.client.ServerProxy(url)
+    return getattr(proxy, method)(*args)
+
+
+def get_additional_context():
+    return {
+        "active_test": False
+    }
+
+
+def sanitize_error_message(err: Exception) -> str:
+    if hasattr(err, 'faultString'):
+        error_message = err.faultString
+    else:
+        error_message = str(err)
+    messages = re.findall(r'^\S.*(?=error|exception).*', error_message, re.IGNORECASE | re.M)
+    if not messages:
+        messages = [error_message]
+    return '\n'.join(messages)
+
+
+async def execute(model, func_name, args, kwargs, additional_context=False):
+    try:
+        uid = kwargs.pop('uid', '')
+        password = kwargs.pop('password', '')
+        host = kwargs.pop('host', '')
+        db = kwargs.pop('db', '')
+        url = '{}/xmlrpc/2/object'.format(host)
+        # add context for customized behavior
+        context = kwargs.pop('context', {})
+        if additional_context:
+            merged = get_additional_context()
+            merged.update(context)
+            context = merged
+        kwargs.update(dict(context=context))
+        loop = asyncio.get_running_loop()
+        data = await loop.run_in_executor(
+            None, lambda: call_xmlrpc(url, 'execute_kw', db, uid, password, model, func_name, args, kwargs)
+        )
+        return data
+    except Exception as e:
+        error_message = sanitize_error_message(e)
+        raise APIException(message=error_message)
+
+
+def sanitize_model(model):
+    """Use hyphen character to make RESTful API endpoint"""
+    model = model.replace('-', '.')
+    if not re.match(r'^[a-z][a-z0-9_.]+$', model):
+        raise APIException(message="Invalid model name: %s" % model)
+    return model
+

odoo_fastapi_gateway-18.1.0/src/odoo_api/dependencies/auth.py

@@ -0,0 +1,147 @@
+# -*- coding:utf-8 -*-
+
+
+import asyncio
+import base64
+import os
+import re
+from datetime import UTC, datetime, timedelta
+from functools import lru_cache
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+from fastapi.security import OAuth2PasswordBearer
+from jose import jwt
+
+from odoo_api.core.connection import call_xmlrpc, sanitize_error_message
+from odoo_api.core.config import get_settings
+from odoo_api.exceptions import UnauthorizedException, DecryptionError
+
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login")
+
+
+def create_access_token(user_data):
+    settings = get_settings()
+    expire_minutes = settings.access_token_expire_minutes
+    user_password = user_data.get('password')
+    encrypted_user_password = encrypt(user_password, settings.aes_secret_key)
+    user_data.update({
+        "password": encrypted_user_password
+    })
+    if expire_minutes:
+        expire_datetime = datetime.now(UTC) + timedelta(minutes=expire_minutes)
+        user_data.update({
+            "exp": expire_datetime
+        })
+    return jwt.encode(user_data, settings.jwt_secret_key, algorithm=settings.hash_algorithm)
+
+
+async def authenticate(db, username, password):
+    """Authenticate Odoo user with provided API key, using Odoo external API
+
+    Args:
+        db (str): Odoo database name
+        username (str): Odoo username
+        password (str): Odoo user API key (or user password)
+
+    Returns:
+        str: Access token
+    """
+    try:
+        host = get_settings().odoo_host
+        common_url = re.sub(r'(?<!:)/+', '/', f"{host}/xmlrpc/2/common")
+        loop = asyncio.get_running_loop()
+        uid = await loop.run_in_executor(
+            None, lambda: call_xmlrpc(common_url, 'authenticate', db, username, password, {})
+        )
+        if uid:
+            user_data = {
+                "host": host,
+                "db": db,
+                "uid": uid,
+                "password": password,
+            }
+            token = create_access_token(user_data)
+            return token
+    except Exception as e:
+        error_message = sanitize_error_message(e)
+        raise UnauthorizedException(message="Could not validate credentials: %s" % error_message)
+
+
+# ========== Encryption / Decryption ===============
+
+@lru_cache(maxsize=256)
+def generate_key(aes_secret_key: str, salt: bytes) -> bytes:
+    """Derives a 32-byte key from an aes_secret_key and salt."""
+    kdf = PBKDF2HMAC(
+        algorithm=hashes.SHA256(),
+        length=32,
+        salt=salt,
+        iterations=100000,
+        backend=default_backend()
+    )
+    return kdf.derive(aes_secret_key.encode())
+
+
+def encrypt(text: str, aes_secret_key: str) -> str:
+    """
+    Encrypts a text string using AES-256.
+    Works with text of any length, including very short strings.
+    """
+    # Even empty strings can be encrypted
+    text = text or ""
+    salt = os.urandom(16)  # Generate a random salt
+    key = generate_key(aes_secret_key, salt)
+    iv = os.urandom(16)  # Generate a random IV
+    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
+    encryptor = cipher.encryptor()
+
+    # Pad text to be a multiple of 16 bytes (AES block size) using PKCS#7
+    # For a very short text, this ensures it's at least 16 bytes after padding
+    padding_length = 16 - (len(text) % 16)
+    padded_text = text + chr(padding_length) * padding_length
+
+    ciphertext = encryptor.update(padded_text.encode()) + encryptor.finalize()
+
+    # For very short inputs, the final structure is still:
+    # 16 bytes (salt) + 16 bytes (IV) + at least 16 bytes (padded ciphertext)
+    return base64.b64encode(salt + iv + ciphertext).decode()
+
+
+def decrypt(encrypted_text: str, aes_secret_key: str) -> str:
+    """Decrypts a previously encrypted text string using AES-256."""
+    try:
+        # Decode the base64 string to raw bytes
+        encrypted_data = base64.b64decode(encrypted_text)
+
+        # Ensure we have enough data (at minimum: salt + iv + 16 bytes of content)
+        if len(encrypted_data) < 48:
+            raise DecryptionError("Encrypted data is too short")
+
+        # Extract components
+        salt, iv, ciphertext = encrypted_data[:16], encrypted_data[16:32], encrypted_data[32:]
+        key = generate_key(aes_secret_key, salt)
+
+        cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
+        decryptor = cipher.decryptor()
+        decrypted_padded_text = decryptor.update(ciphertext) + decryptor.finalize()
+
+        # Validate and remove PKCS#7 padding
+        padding_length = decrypted_padded_text[-1]
+
+        # Check if padding_length is valid
+        if padding_length > 16 or padding_length < 1:
+            raise DecryptionError("Invalid padding")
+
+        # Verify the padding is consistent (all padding bytes should be equal to padding_length)
+        padding = decrypted_padded_text[-padding_length:]
+        if not all(p == padding_length for p in padding):
+            raise DecryptionError("Padding validation failed")
+
+        # Remove padding to get the original text (could be empty string)
+        return decrypted_padded_text[:-padding_length].decode('utf-8')
+
+    except Exception as e:
+        raise DecryptionError(f"Decryption failed: {str(e)}")

odoo_fastapi_gateway-18.1.0/src/odoo_api/dependencies/odoo_session.py

@@ -0,0 +1,59 @@
+# -*- coding:utf-8 -*-
+
+from operator import itemgetter
+
+from fastapi import Depends
+from fastapi.security import OAuth2PasswordBearer
+from jose import jwt
+from jose.exceptions import ExpiredSignatureError
+from pydantic import BaseModel, Field
+
+from odoo_api.core.connection import sanitize_error_message
+from odoo_api.dependencies.auth import decrypt
+from odoo_api.core.config import get_settings
+from odoo_api.exceptions import UnauthorizedException, DecryptionError
+
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/login")
+
+
+def get_logged_in_user(token: str = Depends(oauth2_scheme)):
+    try:
+        settings = get_settings()
+        payload = jwt.decode(token, settings.jwt_secret_key, algorithms=[settings.hash_algorithm])
+        resp_db, resp_uid, resp_password = itemgetter("db", "uid", "password")(payload)
+        decrypted_password = decrypt(resp_password, settings.aes_secret_key)
+        return AuthenticatedUser(**{
+            "uid": resp_uid,
+            "password": decrypted_password,
+            "host": settings.odoo_host,
+            "db": resp_db
+        })
+    except ExpiredSignatureError:
+        raise UnauthorizedException(message="Access token has expired.")
+    except DecryptionError:
+        raise UnauthorizedException(message="Could not validate credentials")
+    except Exception as e:
+        error_message = sanitize_error_message(e)
+        raise UnauthorizedException(message="Could not validate credentials: %s" % error_message)
+
+
+class Token(BaseModel):
+    access_token: str = Field(..., description="JWT access token")
+    token_type: str = Field(..., description="Token type (bearer)")
+
+    model_config = {"json_schema_extra": {"examples": [{"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "token_type": "bearer"}]}}
+
+
+class AuthenticationBody(BaseModel):
+    db: str = Field(..., description="Odoo database name")
+    username: str = Field(..., description="Odoo username")
+    password: str = Field(..., description="Odoo password")
+
+    model_config = {"json_schema_extra": {"examples": [{"db": "mydb", "username": "admin", "password": "admin"}]}}
+
+
+class AuthenticatedUser(BaseModel):
+    uid: int
+    password: str
+    host: str
+    db: str

odoo_fastapi_gateway-18.1.0/src/odoo_api/exceptions.py

@@ -0,0 +1,35 @@
+# -*- coding:utf-8 -*-
+
+from fastapi import FastAPI, status
+from fastapi.responses import JSONResponse
+
+
+class APIException(Exception):
+    def __init__(self, message: str):
+        self.message = message
+
+
+class UnauthorizedException(Exception):
+    def __init__(self, message: str):
+        self.message = message
+
+
+class DecryptionError(Exception):
+    def __init__(self, message: str):
+        self.message = message
+
+
+def register_exception_handlers(app: FastAPI):
+    @app.exception_handler(APIException)
+    async def handle_api_error(request, exc):
+        return JSONResponse(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            content={"message": exc.message, "data": None, "code": 0}
+        )
+
+    @app.exception_handler(UnauthorizedException)
+    async def handle_auth_error(request, exc):
+        return JSONResponse(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            content={"message": exc.message, "data": None, "code": 0}
+        )

odoo_fastapi_gateway-18.1.0/src/odoo_api/models/base.py

@@ -0,0 +1,11 @@
+# -*- coding:utf-8 -*-
+
+from pydantic import BaseModel
+
+from odoo_api.core.config import get_settings
+
+
+class APIBaseModel(BaseModel):
+    @classmethod
+    def settings(cls):
+        return get_settings()

odoo_fastapi_gateway-18.1.0/src/odoo_api/models/request.py

@@ -0,0 +1,95 @@
+# -*- coding:utf-8 -*-
+
+from typing import List, Union, Dict, Optional, Any
+
+from pydantic import Field, field_validator
+
+from odoo_api.models.base import APIBaseModel
+
+
+class SearchDataModel(APIBaseModel):
+    model_config = {"json_schema_extra": {"examples": [{"domain": [["name", "ilike", "test"]], "fields": ["id", "name", "email"], "offset": 0, "limit": 10, "order": "id desc", "context": {}}]}}
+
+    domain: List[Union[list, str]] = Field(default_factory=list, description="Odoo domain filter, e.g. [['name', 'ilike', 'test']]")
+    fields: List[str] = Field(default_factory=lambda: ['id'], description="List of field names to return")
+    offset: int = Field(default=0, description="Number of records to skip")
+    limit: int = Field(default=50, description="Maximum number of records to return")
+    order: str = Field(default='id', description="Sort order, e.g. 'id desc'")
+    context: Dict[str, Any] = Field(default_factory=dict, description="Optional Odoo context")
+
+    @field_validator('limit')
+    @classmethod
+    def check_limit(cls, v):
+        limit_search_records = cls.settings().limit_search_records
+        if v > limit_search_records:
+            raise ValueError("The maximum number of records given per request is %s" % limit_search_records)
+        return v
+
+    @field_validator('fields')
+    @classmethod
+    def check_fields(cls, v):
+        return v if v else ['id']
+
+    @field_validator('domain')
+    @classmethod
+    def validate_domain(cls, v):
+        for item in v:
+            if isinstance(item, str):
+                if item not in {'&', '|', '!'}:
+                    raise ValueError(f"Domain string contains invalid characters: {item}")
+            else:
+                if len(item) != 3:
+                    raise ValueError(f"Domain item must be a list of 3 elements: {item}")
+        return v
+
+
+class CreateDataModel(APIBaseModel):
+    model_config = {"json_schema_extra": {"examples": [{"values": [{"name": "New Partner", "email": "partner@example.com"}], "context": {}}]}}
+
+    values: List[dict] = Field(..., description="List of record dicts to create")
+    context: Dict[str, Any] = Field(default_factory=dict, description="Optional Odoo context")
+
+    @field_validator('values')
+    @classmethod
+    def check_values(cls, v):
+        limit_create_records = cls.settings().limit_create_records
+        if len(v) > limit_create_records:
+            raise ValueError("The maximum number of records that can be created is %r" % limit_create_records)
+        return v
+
+
+class UpdateDataModel(APIBaseModel):
+    model_config = {"json_schema_extra": {"examples": [{"ids": [1, 2], "values": {"name": "Updated Name"}, "context": {}}]}}
+
+    ids: List[int] = Field(..., min_length=1, description="List of record IDs to update")
+    values: Dict[str, Any] = Field(..., description="Field values to write")
+    context: Dict[str, Any] = Field(default_factory=dict, description="Optional Odoo context")
+
+    @field_validator('ids')
+    @classmethod
+    def check_ids(cls, v):
+        if any(i <= 0 for i in v):
+            raise ValueError("All IDs must be positive integers")
+        return v
+
+
+class DeleteDataModel(APIBaseModel):
+    model_config = {"json_schema_extra": {"examples": [{"ids": [1, 2], "context": {}}]}}
+
+    ids: List[int] = Field(..., min_length=1, description="List of record IDs to delete")
+    context: Dict[str, Any] = Field(default_factory=dict, description="Optional Odoo context")
+
+    @field_validator('ids')
+    @classmethod
+    def check_ids(cls, v):
+        if any(i <= 0 for i in v):
+            raise ValueError("All IDs must be positive integers")
+        return v
+
+
+class ExecuteFunctionModel(APIBaseModel):
+    model_config = {"json_schema_extra": {"examples": [{"args": [[1, 2]], "kwargs": {"force": True}, "context": {}}]}}
+
+    args: List[Any] = Field(default_factory=list, description="Positional arguments for the function")
+    kwargs: Dict[str, Any] = Field(default_factory=dict, description="Keyword arguments for the function")
+    context: Dict[str, Any] = Field(default_factory=dict, description="Optional Odoo context")

odoo_fastapi_gateway-18.1.0/src/odoo_api/routers/__init__.py

@@ -0,0 +1,7 @@
+from odoo_api.routers.auth import router as auth_router
+from odoo_api.routers.health import router as health_router
+from odoo_api.routers.models import router as models_router
+
+
+def get_routers():
+    return [health_router, auth_router, models_router]

odoo_fastapi_gateway-18.1.0/src/odoo_api/routers/auth.py

@@ -0,0 +1,17 @@
+# -*- coding:utf-8 -*-
+
+from fastapi import APIRouter
+
+from odoo_api.dependencies.auth import authenticate
+from odoo_api.dependencies.odoo_session import Token, AuthenticationBody
+from odoo_api.exceptions import UnauthorizedException
+
+router = APIRouter(tags=["Authentication"])
+
+
+@router.post('/api/login', response_model=Token, summary="Login", description="Authenticate with Odoo credentials and receive a JWT access token.")
+async def login(info: AuthenticationBody):
+    token = await authenticate(info.db, info.username, info.password)
+    if not token:
+        raise UnauthorizedException(message="Incorrect login information")
+    return {"access_token": token, "token_type": "bearer"}

odoo_fastapi_gateway-18.1.0/src/odoo_api/routers/health.py

@@ -0,0 +1,8 @@
+from fastapi import APIRouter
+
+router = APIRouter(tags=["Health"])
+
+
+@router.get("/api/health", summary="Health check", description="Returns the health status of the API server.")
+async def health():
+    return {"status": "ok"}

odoo_fastapi_gateway-18.1.0/src/odoo_api/routers/models.py

@@ -0,0 +1,103 @@
+# -*- coding: utf-8 -*-
+
+from fastapi import APIRouter, Depends, Query
+
+from odoo_api.core.connection import execute, sanitize_model
+from odoo_api.dependencies.odoo_session import AuthenticatedUser, get_logged_in_user
+from odoo_api.models.request import (
+    SearchDataModel, CreateDataModel, UpdateDataModel,
+    DeleteDataModel, ExecuteFunctionModel,
+)
+
+router = APIRouter(tags=["Models"])
+
+
+@router.get('/api/model/{model}/{record_id}', summary="Read record", description="Read a single record by ID from an Odoo model.")
+async def retrieve(model: str,
+                   record_id: int,
+                   fields: str = Query(default='id'),
+                   user: AuthenticatedUser = Depends(get_logged_in_user)):
+    model = sanitize_model(model)
+    kwargs = dict(uid=user.uid, password=user.password, host=user.host, db=user.db, fields=fields.split(','))
+    args = [[record_id]]
+    res = await execute(model, "read", args, kwargs, additional_context=True)
+    return {
+        "data": res
+    }
+
+
+@router.post('/api/models/search/{model}', summary="Search records", description="Search and list records from an Odoo model with filtering, pagination, and field selection.")
+async def search(model: str,
+                 request_data: SearchDataModel = None,
+                 user: AuthenticatedUser = Depends(get_logged_in_user)):
+    model = sanitize_model(model)
+    args = []
+    if not request_data:
+        request_data = SearchDataModel()
+    kwargs = dict(uid=user.uid, password=user.password, host=user.host, db=user.db, context=request_data.context)
+
+    param_keys = ['domain', 'fields', 'offset', 'limit', 'order']
+    domain, fields, offset, limit, order = map(lambda k: getattr(request_data, k, None), param_keys)
+    kwargs.update(dict(domain=domain, fields=fields, offset=offset, limit=limit, order=order))
+    res = await execute(model, 'search_read', args, kwargs, additional_context=True)
+    return {
+        "data": res
+    }
+
+
+@router.post('/api/models/{model}', summary="Create records", description="Create one or more records in an Odoo model.")
+async def create(request_data: CreateDataModel,
+                 model: str,
+                 user: AuthenticatedUser = Depends(get_logged_in_user)):
+    model = sanitize_model(model)
+    values = request_data.values
+    args = [values]
+    kwargs = dict(uid=user.uid, password=user.password, host=user.host, db=user.db, context=request_data.context)
+    res = await execute(model, 'create', args, kwargs)
+    return {
+        "data": res
+    }
+
+
+@router.put('/api/models/{model}', summary="Update records", description="Update one or more records in an Odoo model by IDs.")
+async def update(request_data: UpdateDataModel,
+                 model: str,
+                 user: AuthenticatedUser = Depends(get_logged_in_user)):
+    model = sanitize_model(model)
+    ids = request_data.ids
+    values = request_data.values
+    args = [ids, values]
+    kwargs = dict(uid=user.uid, password=user.password, host=user.host, db=user.db, context=request_data.context)
+    res = await execute(model, 'write', args, kwargs)
+    return {
+        "data": res
+    }
+
+
+@router.delete('/api/models/{model}', summary="Delete records", description="Delete one or more records from an Odoo model by IDs.")
+async def delete(request_data: DeleteDataModel,
+                 model: str,
+                 user: AuthenticatedUser = Depends(get_logged_in_user)):
+    model = sanitize_model(model)
+    ids = request_data.ids
+    args = [ids]
+    kwargs = dict(uid=user.uid, password=user.password, host=user.host, db=user.db, context=request_data.context)
+    res = await execute(model, 'unlink', args, kwargs)
+    return {
+        "data": res
+    }
+
+
+@router.post('/api/models/{model}/execute/{func_name}', summary="Execute function", description="Execute a custom function on an Odoo model.")
+async def execute_func(request_data: ExecuteFunctionModel,
+                       model: str,
+                       func_name: str,
+                       user: AuthenticatedUser = Depends(get_logged_in_user)):
+    model = sanitize_model(model)
+    args = request_data.args
+    kwargs = request_data.kwargs
+    kwargs.update(dict(uid=user.uid, password=user.password, host=user.host, db=user.db, context=request_data.context))
+    res = await execute(model, func_name, args, kwargs)
+    return {
+        "data": res
+    }

odoo_fastapi_gateway-18.1.0/src/odoo_fastapi_gateway.egg-info/PKG-INFO

@@ -0,0 +1,14 @@
+Metadata-Version: 2.4
+Name: odoo-fastapi-gateway
+Version: 18.1.0
+Summary: FastAPI gateway library for Odoo XML-RPC integration
+Requires-Python: >=3.11
+Requires-Dist: fastapi>=0.100.0
+Requires-Dist: uvicorn>=0.20.0
+Requires-Dist: python-jose[cryptography]>=3.3.0
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: cryptography>=41.0.0
+Requires-Dist: pydantic-settings>=2.0.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: httpx>=0.24.0; extra == "dev"

odoo_fastapi_gateway-18.1.0/src/odoo_fastapi_gateway.egg-info/SOURCES.txt

@@ -0,0 +1,23 @@
+README.md
+pyproject.toml
+src/odoo_api/__init__.py
+src/odoo_api/app.py
+src/odoo_api/exceptions.py
+src/odoo_api/core/__init__.py
+src/odoo_api/core/config.py
+src/odoo_api/core/connection.py
+src/odoo_api/dependencies/__init__.py
+src/odoo_api/dependencies/auth.py
+src/odoo_api/dependencies/odoo_session.py
+src/odoo_api/models/__init__.py
+src/odoo_api/models/base.py
+src/odoo_api/models/request.py
+src/odoo_api/routers/__init__.py
+src/odoo_api/routers/auth.py
+src/odoo_api/routers/health.py
+src/odoo_api/routers/models.py
+src/odoo_fastapi_gateway.egg-info/PKG-INFO
+src/odoo_fastapi_gateway.egg-info/SOURCES.txt
+src/odoo_fastapi_gateway.egg-info/dependency_links.txt
+src/odoo_fastapi_gateway.egg-info/requires.txt
+src/odoo_fastapi_gateway.egg-info/top_level.txt

odoo_fastapi_gateway-18.1.0/src/odoo_fastapi_gateway.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

odoo_fastapi_gateway-18.1.0/src/odoo_fastapi_gateway.egg-info/requires.txt

@@ -0,0 +1,10 @@
+fastapi>=0.100.0
+uvicorn>=0.20.0
+python-jose[cryptography]>=3.3.0
+python-dotenv>=1.0.0
+cryptography>=41.0.0
+pydantic-settings>=2.0.0
+
+[dev]
+pytest>=7.0
+httpx>=0.24.0

odoo_fastapi_gateway-18.1.0/src/odoo_fastapi_gateway.egg-info/top_level.txt

@@ -0,0 +1 @@
+odoo_api