1
|
1 /**
|
|
2 * Advanced authorization plugin for Orthanc
|
|
3 * Copyright (C) 2017 Osimis, Belgium
|
|
4 *
|
|
5 * This program is free software: you can redistribute it and/or
|
|
6 * modify it under the terms of the GNU Affero General Public License
|
|
7 * as published by the Free Software Foundation, either version 3 of
|
|
8 * the License, or (at your option) any later version.
|
|
9 *
|
|
10 * This program is distributed in the hope that it will be useful, but
|
|
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
13 * Affero General Public License for more details.
|
|
14 *
|
|
15 * You should have received a copy of the GNU Affero General Public License
|
|
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
17 **/
|
|
18
|
|
19 #include "CachedAuthorizationService.h"
|
|
20
|
|
21 #include "../Resources/Orthanc/Core/OrthancException.h"
|
|
22
|
|
23 #include <boost/lexical_cast.hpp>
|
|
24
|
|
25 namespace OrthancPlugins
|
|
26 {
|
|
27 std::string CachedAuthorizationService::ComputeKey(OrthancPluginHttpMethod method,
|
|
28 const AccessedResource& access,
|
|
29 const Token& token,
|
|
30 const std::string& tokenValue) const
|
|
31 {
|
|
32 return (boost::lexical_cast<std::string>(method) + "|" +
|
|
33 boost::lexical_cast<std::string>(access.GetLevel()) + "|" +
|
|
34 access.GetOrthancId() + "|" + token.GetKey() + "|" + tokenValue);
|
|
35 }
|
|
36
|
|
37
|
|
38 CachedAuthorizationService::CachedAuthorizationService(IAuthorizationService* decorated /* takes ownership */,
|
|
39 ICacheFactory& factory) :
|
|
40 decorated_(decorated),
|
|
41 cache_(factory.Create())
|
|
42 {
|
|
43 if (decorated_.get() == NULL)
|
|
44 {
|
|
45 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError);
|
|
46 }
|
|
47 }
|
|
48
|
|
49
|
|
50 bool CachedAuthorizationService::IsGranted(unsigned int& validity,
|
|
51 OrthancPluginHttpMethod method,
|
|
52 const AccessedResource& access,
|
|
53 const Token& token,
|
|
54 const std::string& tokenValue)
|
|
55 {
|
|
56 assert(decorated_.get() != NULL);
|
|
57
|
|
58 std::string key = ComputeKey(method, access, token, tokenValue);
|
|
59 std::string value;
|
|
60
|
|
61 if (cache_->Retrieve(value, key))
|
|
62 {
|
|
63 // Return the previously cached value
|
|
64 return (value == "1");
|
|
65 }
|
|
66
|
|
67 bool granted = decorated_->IsGranted(validity, method, access, token, tokenValue);
|
|
68
|
|
69 if (granted)
|
|
70 {
|
|
71 if (validity > 0)
|
|
72 {
|
|
73 cache_->Store(key, "1", validity);
|
|
74 }
|
|
75
|
|
76 return true;
|
|
77 }
|
|
78 else
|
|
79 {
|
|
80 if (validity > 0)
|
|
81 {
|
|
82 cache_->Store(key, "0", validity);
|
|
83 }
|
|
84
|
|
85 return false;
|
|
86 }
|
|
87 }
|
|
88
|
|
89
|
|
90 bool CachedAuthorizationService::IsGranted(unsigned int& validity,
|
|
91 OrthancPluginHttpMethod method,
|
|
92 const AccessedResource& access)
|
|
93 {
|
|
94 assert(decorated_.get() != NULL);
|
|
95
|
|
96 // The cache is not used if no token is available
|
|
97 return decorated_->IsGranted(validity, method, access);
|
|
98 }
|
|
99 }
|