Mercurial > hg > orthanc-authorization
annotate Plugin/PermissionParser.cpp @ 149:423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
author | Alain Mazy <am@osimis.io> |
---|---|
date | Thu, 15 Feb 2024 16:30:21 +0100 |
parents | aa73b10c2db9 |
children | 9be1ee2b8fe1 |
rev | line source |
---|---|
71 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
3 * Copyright (C) 2017-2023 Osimis S.A., Belgium | |
4 * | |
5 * This program is free software: you can redistribute it and/or | |
6 * modify it under the terms of the GNU Affero General Public License | |
7 * as published by the Free Software Foundation, either version 3 of | |
8 * the License, or (at your option) any later version. | |
9 * | |
10 * This program is distributed in the hope that it will be useful, but | |
11 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 * Affero General Public License for more details. | |
14 * | |
15 * You should have received a copy of the GNU Affero General Public License | |
16 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
17 **/ | |
18 | |
19 #include "PermissionParser.h" | |
20 | |
21 #include <Toolbox.h> | |
22 #include <OrthancException.h> | |
23 #include <Logging.h> | |
24 | |
25 namespace OrthancPlugins | |
26 { | |
27 PermissionPattern::PermissionPattern(const OrthancPluginHttpMethod& method, const std::string& patternRegex, const std::string& permissions) : | |
28 method(method), | |
29 pattern(patternRegex) | |
30 { | |
74 | 31 if (!permissions.empty()) |
32 { | |
33 std::vector<std::string> permissionsVector; | |
34 Orthanc::Toolbox::TokenizeString(permissionsVector, permissions, '|'); | |
71 | 35 |
74 | 36 for (size_t i = 0; i < permissionsVector.size(); ++i) |
37 { | |
38 this->permissions.insert(permissionsVector[i]); | |
39 } | |
71 | 40 } |
41 } | |
42 | |
43 | |
44 static void Replace(std::string& text, const std::string& findText, const std::string& replaceText) | |
45 { | |
46 size_t pos = text.find(findText); | |
47 if (pos != std::string::npos) | |
48 { | |
49 text = text.replace(pos, findText.size(), replaceText); | |
50 } | |
51 } | |
52 | |
53 | |
54 static void StripLeadingAndTrailingSlashes(std::string& text) | |
55 { | |
56 if (text.size() > 1 && text[0] == '/') | |
57 { | |
58 text = text.substr(1, text.size() -1); | |
59 } | |
60 if (text.size() > 1 && text[text.size() - 1] == '/') | |
61 { | |
62 text = text.substr(0, text.size() -1); | |
63 } | |
64 } | |
65 | |
66 | |
67 PermissionParser::PermissionParser(const std::string& dicomWebRoot, const std::string& oe2Root) : | |
68 dicomWebRoot_(dicomWebRoot), | |
69 oe2Root_(oe2Root) | |
70 { | |
71 } | |
72 | |
149
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
73 void PermissionParser::Add(const Json::Value& configuration, const IAuthorizationParser* authorizationParser) |
71 | 74 { |
75 if (configuration.type() != Json::arrayValue) | |
76 { | |
77 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions should be an array."); | |
78 } | |
79 | |
80 for (Json::ArrayIndex i = 0; i < configuration.size(); ++i) | |
81 { | |
82 const Json::Value& permission = configuration[i]; | |
83 if (permission.type() != Json::arrayValue || permission.size() < 3) | |
84 { | |
85 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions elements should be an array of min size 3."); | |
86 } | |
87 | |
149
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
88 if (permission[1].asString() == "SINGLE_RESOURCE_PATTERNS") |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
89 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
90 std::vector<boost::regex> singleResourcePatterns; |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
91 authorizationParser->GetSingleResourcePatterns(singleResourcePatterns); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
92 |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
93 for (std::vector<boost::regex>::const_iterator it = singleResourcePatterns.begin(); it != singleResourcePatterns.end(); ++it) |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
94 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
95 Add(permission[0].asString(), // 0 = HTTP method |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
96 it->str(), // 1 = pattern |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
97 permission[2].asString() // 2 = list of | separated permissions (no space) |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
98 // 3 = optional comment |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
99 ); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
100 } |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
101 } |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
102 else |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
103 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
104 Add(permission[0].asString(), // 0 = HTTP method |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
105 permission[1].asString(), // 1 = pattern |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
106 permission[2].asString() // 2 = list of | separated permissions (no space) |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
107 // 3 = optional comment |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
108 ); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
109 } |
71 | 110 } |
111 | |
112 } | |
113 | |
114 void PermissionParser::Add(const std::string& method, | |
115 const std::string& patternRegex, | |
116 const std::string& permission) | |
117 { | |
118 std::string lowerCaseMethod; | |
119 Orthanc::Toolbox::ToLowerCase(lowerCaseMethod, method); | |
120 OrthancPluginHttpMethod parsedMethod = OrthancPluginHttpMethod_Get; | |
121 | |
122 if (lowerCaseMethod == "post") | |
123 { | |
124 parsedMethod = OrthancPluginHttpMethod_Post; | |
125 } | |
126 else if (lowerCaseMethod == "put") | |
127 { | |
128 parsedMethod = OrthancPluginHttpMethod_Put; | |
129 } | |
130 else if (lowerCaseMethod == "delete") | |
131 { | |
132 parsedMethod = OrthancPluginHttpMethod_Delete; | |
133 } | |
134 else if (lowerCaseMethod == "get") | |
135 { | |
136 parsedMethod = OrthancPluginHttpMethod_Get; | |
137 } | |
138 else | |
139 { | |
140 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange, std::string("Invalid HTTP method ") + method); | |
141 } | |
142 | |
143 std::string regex = patternRegex; | |
144 std::string strippedDicomWebRoot = dicomWebRoot_; | |
145 | |
146 StripLeadingAndTrailingSlashes(strippedDicomWebRoot); | |
147 Replace(regex, "DICOM_WEB_ROOT", strippedDicomWebRoot); | |
148 | |
149 LOG(WARNING) << "Authorization plugin: adding a new permission pattern: " << lowerCaseMethod << " " << regex << " - " << permission; | |
150 | |
151 permissionsPattern_.push_back(PermissionPattern(parsedMethod, regex, permission)); | |
152 } | |
153 | |
154 bool PermissionParser::Parse(std::set<std::string>& permissions, | |
155 std::string& matchedPattern, | |
156 const OrthancPluginHttpMethod& method, | |
157 const std::string& uri) const | |
158 { | |
159 // The mutex below should not be necessary, but we prefer to | |
160 // ensure thread safety in boost::regex | |
161 boost::mutex::scoped_lock lock(mutex_); | |
162 | |
163 | |
164 for (std::list<PermissionPattern>::const_iterator it = permissionsPattern_.begin(); | |
165 it != permissionsPattern_.end(); ++it) | |
166 { | |
167 if (method == it->method) | |
168 { | |
169 boost::smatch what; | |
170 if (boost::regex_match(uri, what, it->pattern)) | |
171 { | |
172 matchedPattern = it->pattern.expression(); | |
173 permissions = it->permissions; | |
174 return true; | |
175 } | |
176 } | |
177 } | |
178 | |
179 return false; | |
180 } | |
181 } |