Mercurial > hg > orthanc-authorization
annotate Plugin/DefaultAuthorizationParser.cpp @ 115:0eed78c1e177
cache the UserProfile + updated http filter logic
author | Alain Mazy <am@osimis.io> |
---|---|
date | Fri, 08 Sep 2023 09:52:21 +0200 |
parents | 7381a7674b36 |
children | 89eddd4b2f6a |
rev | line source |
---|---|
1 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
68 | 3 * Copyright (C) 2017-2023 Osimis S.A., Belgium |
1 | 4 * |
5 * This program is free software: you can redistribute it and/or | |
6 * modify it under the terms of the GNU Affero General Public License | |
7 * as published by the Free Software Foundation, either version 3 of | |
8 * the License, or (at your option) any later version. | |
9 * | |
10 * This program is distributed in the hope that it will be useful, but | |
11 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 * Affero General Public License for more details. | |
14 * | |
15 * You should have received a copy of the GNU Affero General Public License | |
16 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
17 **/ | |
18 | |
19 #include "DefaultAuthorizationParser.h" | |
20 | |
32 | 21 #include <OrthancException.h> |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
22 #include <HttpServer/HttpToolbox.h> |
1 | 23 |
24 namespace OrthancPlugins | |
25 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
28
diff
changeset
|
26 DefaultAuthorizationParser::DefaultAuthorizationParser(ICacheFactory& factory, |
1 | 27 const std::string& dicomWebRoot) : |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
28
diff
changeset
|
28 AuthorizationParserBase(factory), |
1 | 29 resourcesPattern_("^/(patients|studies|series|instances)/([a-f0-9-]+)(|/.*)$"), |
30 seriesPattern_("^/(web-viewer/series|web-viewer/is-stable-series|wsi/pyramids|wsi/tiles)/([a-f0-9-]+)(|/.*)$"), | |
11 | 31 instancesPattern_("^/web-viewer/instances/[a-z0-9]+-([a-f0-9-]+)_[0-9]+$"), |
32 osimisViewerSeries_("^/osimis-viewer/series/([a-f0-9-]+)(|/.*)$"), | |
28
ae19947abf68
Added support for Osimis Web Viewer new route (osimis-viewer/custom-command/)
am@osimis.io
parents:
22
diff
changeset
|
33 osimisViewerImages_("^/osimis-viewer/(images|custom-command)/([a-f0-9-]+)(|/.*)$"), |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
34 osimisViewerStudies_("^/osimis-viewer/studies/([a-f0-9-]+)(|/.*)$"), |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
35 listOfResourcesPattern_("^/(patients|studies|series|instances)(|/)$") |
1 | 36 { |
37 std::string tmp = dicomWebRoot; | |
38 while (!tmp.empty() && | |
39 tmp[tmp.size() - 1] == '/') | |
40 { | |
41 tmp = tmp.substr(0, tmp.size() - 1); | |
42 } | |
43 | |
44 dicomWebStudies_ = boost::regex( | |
45 "^" + tmp + "/studies/([.0-9]+)(|/series)(|/)$"); | |
46 | |
47 dicomWebSeries_ = boost::regex( | |
80 | 48 "^" + tmp + "/studies/([.0-9]+)/series/([.0-9]+)(|/instances|/rendered|/metadata)(|/)$"); |
1 | 49 |
50 dicomWebInstances_ = boost::regex( | |
98
c82f0c7d2c6a
Fix parsing of dicom-web/studies/../series/../instances/../bulk/.. routes
Alain Mazy <am@osimis.io>
parents:
92
diff
changeset
|
51 "^" + tmp + "/studies/([.0-9]+)/series/([.0-9]+)/instances/([.0-9]+)(|/|/frames/.*|/rendered|/metadata|/bulk/.*)(|/)$"); |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
52 |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
53 dicomWebQidoRsFind_ = boost::regex( |
80 | 54 "^" + tmp + "/(studies|series|instances)(|/)$"); |
1 | 55 } |
56 | |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
57 bool DefaultAuthorizationParser::IsListOfResources(const std::string& uri) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
58 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
59 if (boost::regex_match(uri, listOfResourcesPattern_)) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
60 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
61 return true; |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
62 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
63 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
64 return false; |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
65 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
66 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
67 |
1 | 68 |
69 bool DefaultAuthorizationParser::Parse(AccessedResources& target, | |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
70 const std::string& uri, |
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
71 const std::map<std::string, std::string>& getArguments) |
1 | 72 { |
73 // The mutex below should not be necessary, but we prefer to | |
74 // ensure thread safety in boost::regex | |
75 boost::mutex::scoped_lock lock(mutex_); | |
76 | |
77 boost::smatch what; | |
78 | |
79 if (boost::regex_match(uri, what, resourcesPattern_)) | |
80 { | |
81 AccessLevel level = StringToAccessLevel(what[1]); | |
82 | |
83 switch (level) | |
84 { | |
85 case AccessLevel_Instance: | |
86 AddOrthancInstance(target, what[2]); | |
87 break; | |
88 | |
89 case AccessLevel_Series: | |
90 AddOrthancSeries(target, what[2]); | |
91 break; | |
92 | |
93 case AccessLevel_Study: | |
94 AddOrthancStudy(target, what[2]); | |
95 break; | |
96 | |
97 case AccessLevel_Patient: | |
98 AddOrthancPatient(target, what[2]); | |
99 break; | |
100 | |
101 default: | |
102 throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError); | |
103 } | |
104 | |
105 return true; | |
106 } | |
107 else if (boost::regex_match(uri, what, seriesPattern_)) | |
108 { | |
109 AddOrthancSeries(target, what[2]); | |
110 return true; | |
111 } | |
112 else if (boost::regex_match(uri, what, instancesPattern_)) | |
113 { | |
114 AddOrthancInstance(target, what[1]); | |
115 return true; | |
116 } | |
117 else if (boost::regex_match(uri, what, dicomWebStudies_)) | |
118 { | |
119 AddDicomStudy(target, what[1]); | |
120 return true; | |
121 } | |
122 else if (boost::regex_match(uri, what, dicomWebSeries_)) | |
123 { | |
124 AddDicomSeries(target, what[1], what[2]); | |
125 return true; | |
126 } | |
127 else if (boost::regex_match(uri, what, dicomWebInstances_)) | |
128 { | |
129 AddDicomInstance(target, what[1], what[2], what[3]); | |
130 return true; | |
131 } | |
11 | 132 else if (boost::regex_match(uri, what, osimisViewerSeries_)) |
133 { | |
134 AddOrthancSeries(target, what[1]); | |
135 return true; | |
136 } | |
137 else if (boost::regex_match(uri, what, osimisViewerStudies_)) | |
138 { | |
139 AddOrthancStudy(target, what[1]); | |
140 return true; | |
141 } | |
142 else if (boost::regex_match(uri, what, osimisViewerImages_)) | |
143 { | |
50 | 144 AddOrthancInstance(target, what[2]); |
11 | 145 return true; |
146 } | |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
147 else if (boost::regex_match(uri, what, dicomWebQidoRsFind_)) |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
148 { |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
149 std::string studyInstanceUid, seriesInstanceUid, sopInstanceUid, patientId; |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
150 |
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
151 studyInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "0020000D", ""); |
92
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
152 if (studyInstanceUid.empty()) |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
153 { |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
154 studyInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "StudyInstanceUID", ""); |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
155 } |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
156 |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
157 seriesInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "0020000E", ""); |
92
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
158 if (seriesInstanceUid.empty()) |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
159 { |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
160 seriesInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "SeriesInstanceUID", ""); |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
161 } |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
162 |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
163 sopInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "00080018", ""); |
92
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
164 if (sopInstanceUid.empty()) |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
165 { |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
166 sopInstanceUid = Orthanc::HttpToolbox::GetArgument(getArguments, "SOPInstanceUID", ""); |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
167 } |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
168 |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
169 patientId = Orthanc::HttpToolbox::GetArgument(getArguments, "00100010", ""); |
92
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
170 if (patientId.empty()) |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
171 { |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
172 patientId = Orthanc::HttpToolbox::GetArgument(getArguments, "PatientID", ""); |
8dc22bc353de
QIDO-RS now supports named tags in get arguments
Alain Mazy <am@osimis.io>
parents:
80
diff
changeset
|
173 } |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
174 |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
175 if (!sopInstanceUid.empty() && !seriesInstanceUid.empty() && !studyInstanceUid.empty()) |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
176 { |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
177 AddDicomInstance(target, studyInstanceUid, seriesInstanceUid, sopInstanceUid); |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
178 return true; |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
179 } |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
180 else if (!seriesInstanceUid.empty() && !studyInstanceUid.empty()) |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
181 { |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
182 AddDicomSeries(target, studyInstanceUid, seriesInstanceUid); |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
183 return true; |
57
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
184 } |
55539d564f4f
added support for /dicom-web/series? & /dicom-web/instances?
Alain Mazy <am@osimis.io>
parents:
56
diff
changeset
|
185 else if (!studyInstanceUid.empty()) |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
186 { |
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
187 AddDicomStudy(target, studyInstanceUid); |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
188 return true; |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
189 } |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
190 else if (!patientId.empty()) |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
191 { |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
192 AddDicomPatient(target, patientId); |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
193 return true; |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
194 } |
56
c02f0646297d
added support for /dicom-web/studies?0020000D=1.2.3&...
Alain Mazy <am@osimis.io>
parents:
50
diff
changeset
|
195 } |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
196 |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
197 // Unknown type of resource: Consider it as a system access |
1 | 198 |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
199 // Remove the trailing slashes if need be |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
200 std::string s = uri; |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
201 while (!s.empty() && |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
202 s[s.length() - 1] == '/') |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
203 { |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
204 s = s.substr(0, s.length() - 1); |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
205 } |
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
206 |
109 | 207 std::set<std::string> labels; |
208 | |
209 target.push_back(AccessedResource(AccessLevel_System, s, "", labels)); | |
77
94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
210 return true; |
1 | 211 } |
212 } |