71
|
1 /**
|
|
2 * Advanced authorization plugin for Orthanc
|
|
3 * Copyright (C) 2017-2023 Osimis S.A., Belgium
|
|
4 *
|
|
5 * This program is free software: you can redistribute it and/or
|
|
6 * modify it under the terms of the GNU Affero General Public License
|
|
7 * as published by the Free Software Foundation, either version 3 of
|
|
8 * the License, or (at your option) any later version.
|
|
9 *
|
|
10 * This program is distributed in the hope that it will be useful, but
|
|
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
13 * Affero General Public License for more details.
|
|
14 *
|
|
15 * You should have received a copy of the GNU Affero General Public License
|
|
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
17 **/
|
|
18
|
|
19 #include "PermissionParser.h"
|
|
20
|
|
21 #include <Toolbox.h>
|
|
22 #include <OrthancException.h>
|
|
23 #include <Logging.h>
|
|
24
|
|
25 namespace OrthancPlugins
|
|
26 {
|
|
27 PermissionPattern::PermissionPattern(const OrthancPluginHttpMethod& method, const std::string& patternRegex, const std::string& permissions) :
|
|
28 method(method),
|
|
29 pattern(patternRegex)
|
|
30 {
|
74
|
31 if (!permissions.empty())
|
|
32 {
|
|
33 std::vector<std::string> permissionsVector;
|
|
34 Orthanc::Toolbox::TokenizeString(permissionsVector, permissions, '|');
|
71
|
35
|
74
|
36 for (size_t i = 0; i < permissionsVector.size(); ++i)
|
|
37 {
|
|
38 this->permissions.insert(permissionsVector[i]);
|
|
39 }
|
71
|
40 }
|
|
41 }
|
|
42
|
|
43
|
|
44 static void Replace(std::string& text, const std::string& findText, const std::string& replaceText)
|
|
45 {
|
|
46 size_t pos = text.find(findText);
|
|
47 if (pos != std::string::npos)
|
|
48 {
|
|
49 text = text.replace(pos, findText.size(), replaceText);
|
|
50 }
|
|
51 }
|
|
52
|
|
53
|
|
54 static void StripLeadingAndTrailingSlashes(std::string& text)
|
|
55 {
|
|
56 if (text.size() > 1 && text[0] == '/')
|
|
57 {
|
|
58 text = text.substr(1, text.size() -1);
|
|
59 }
|
|
60 if (text.size() > 1 && text[text.size() - 1] == '/')
|
|
61 {
|
|
62 text = text.substr(0, text.size() -1);
|
|
63 }
|
|
64 }
|
|
65
|
|
66
|
|
67 PermissionParser::PermissionParser(const std::string& dicomWebRoot, const std::string& oe2Root) :
|
|
68 dicomWebRoot_(dicomWebRoot),
|
|
69 oe2Root_(oe2Root)
|
|
70 {
|
|
71 }
|
|
72
|
|
73 void PermissionParser::Add(const Json::Value& configuration)
|
|
74 {
|
|
75 if (configuration.type() != Json::arrayValue)
|
|
76 {
|
|
77 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions should be an array.");
|
|
78 }
|
|
79
|
|
80 for (Json::ArrayIndex i = 0; i < configuration.size(); ++i)
|
|
81 {
|
|
82 const Json::Value& permission = configuration[i];
|
|
83 if (permission.type() != Json::arrayValue || permission.size() < 3)
|
|
84 {
|
|
85 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions elements should be an array of min size 3.");
|
|
86 }
|
|
87
|
|
88 Add(permission[0].asString(), // 0 = HTTP method
|
|
89 permission[1].asString(), // 1 = pattern
|
|
90 permission[2].asString() // 2 = list of | separated permissions (no space)
|
|
91 // 3 = optional comment
|
|
92 );
|
|
93 }
|
|
94
|
|
95 }
|
|
96
|
|
97 void PermissionParser::Add(const std::string& method,
|
|
98 const std::string& patternRegex,
|
|
99 const std::string& permission)
|
|
100 {
|
|
101 std::string lowerCaseMethod;
|
|
102 Orthanc::Toolbox::ToLowerCase(lowerCaseMethod, method);
|
|
103 OrthancPluginHttpMethod parsedMethod = OrthancPluginHttpMethod_Get;
|
|
104
|
|
105 if (lowerCaseMethod == "post")
|
|
106 {
|
|
107 parsedMethod = OrthancPluginHttpMethod_Post;
|
|
108 }
|
|
109 else if (lowerCaseMethod == "put")
|
|
110 {
|
|
111 parsedMethod = OrthancPluginHttpMethod_Put;
|
|
112 }
|
|
113 else if (lowerCaseMethod == "delete")
|
|
114 {
|
|
115 parsedMethod = OrthancPluginHttpMethod_Delete;
|
|
116 }
|
|
117 else if (lowerCaseMethod == "get")
|
|
118 {
|
|
119 parsedMethod = OrthancPluginHttpMethod_Get;
|
|
120 }
|
|
121 else
|
|
122 {
|
|
123 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange, std::string("Invalid HTTP method ") + method);
|
|
124 }
|
|
125
|
|
126 std::string regex = patternRegex;
|
|
127 std::string strippedDicomWebRoot = dicomWebRoot_;
|
|
128
|
|
129 StripLeadingAndTrailingSlashes(strippedDicomWebRoot);
|
|
130 Replace(regex, "DICOM_WEB_ROOT", strippedDicomWebRoot);
|
|
131
|
|
132 LOG(WARNING) << "Authorization plugin: adding a new permission pattern: " << lowerCaseMethod << " " << regex << " - " << permission;
|
|
133
|
|
134 permissionsPattern_.push_back(PermissionPattern(parsedMethod, regex, permission));
|
|
135 }
|
|
136
|
|
137 bool PermissionParser::Parse(std::set<std::string>& permissions,
|
|
138 std::string& matchedPattern,
|
|
139 const OrthancPluginHttpMethod& method,
|
|
140 const std::string& uri) const
|
|
141 {
|
|
142 // The mutex below should not be necessary, but we prefer to
|
|
143 // ensure thread safety in boost::regex
|
|
144 boost::mutex::scoped_lock lock(mutex_);
|
|
145
|
|
146
|
|
147 for (std::list<PermissionPattern>::const_iterator it = permissionsPattern_.begin();
|
|
148 it != permissionsPattern_.end(); ++it)
|
|
149 {
|
|
150 if (method == it->method)
|
|
151 {
|
|
152 boost::smatch what;
|
|
153 if (boost::regex_match(uri, what, it->pattern))
|
|
154 {
|
|
155 matchedPattern = it->pattern.expression();
|
|
156 permissions = it->permissions;
|
|
157 return true;
|
|
158 }
|
|
159 }
|
|
160 }
|
|
161
|
|
162 return false;
|
|
163 }
|
|
164 }
|