Mercurial > hg > orthanc-authorization
annotate Plugin/PermissionParser.cpp @ 150:9be1ee2b8fe1 0.7.0
0.7.0
author | Alain Mazy <am@osimis.io> |
---|---|
date | Fri, 16 Feb 2024 08:39:33 +0100 |
parents | 423531fb1200 |
children | c4b908970ae4 |
rev | line source |
---|---|
71 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
3 * Copyright (C) 2017-2023 Osimis S.A., Belgium | |
150 | 4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium |
71 | 5 * |
6 * This program is free software: you can redistribute it and/or | |
7 * modify it under the terms of the GNU Affero General Public License | |
8 * as published by the Free Software Foundation, either version 3 of | |
9 * the License, or (at your option) any later version. | |
10 * | |
11 * This program is distributed in the hope that it will be useful, but | |
12 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 * Affero General Public License for more details. | |
15 * | |
16 * You should have received a copy of the GNU Affero General Public License | |
17 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
18 **/ | |
19 | |
20 #include "PermissionParser.h" | |
21 | |
22 #include <Toolbox.h> | |
23 #include <OrthancException.h> | |
24 #include <Logging.h> | |
25 | |
26 namespace OrthancPlugins | |
27 { | |
28 PermissionPattern::PermissionPattern(const OrthancPluginHttpMethod& method, const std::string& patternRegex, const std::string& permissions) : | |
29 method(method), | |
30 pattern(patternRegex) | |
31 { | |
74 | 32 if (!permissions.empty()) |
33 { | |
34 std::vector<std::string> permissionsVector; | |
35 Orthanc::Toolbox::TokenizeString(permissionsVector, permissions, '|'); | |
71 | 36 |
74 | 37 for (size_t i = 0; i < permissionsVector.size(); ++i) |
38 { | |
39 this->permissions.insert(permissionsVector[i]); | |
40 } | |
71 | 41 } |
42 } | |
43 | |
44 | |
45 static void Replace(std::string& text, const std::string& findText, const std::string& replaceText) | |
46 { | |
47 size_t pos = text.find(findText); | |
48 if (pos != std::string::npos) | |
49 { | |
50 text = text.replace(pos, findText.size(), replaceText); | |
51 } | |
52 } | |
53 | |
54 | |
55 static void StripLeadingAndTrailingSlashes(std::string& text) | |
56 { | |
57 if (text.size() > 1 && text[0] == '/') | |
58 { | |
59 text = text.substr(1, text.size() -1); | |
60 } | |
61 if (text.size() > 1 && text[text.size() - 1] == '/') | |
62 { | |
63 text = text.substr(0, text.size() -1); | |
64 } | |
65 } | |
66 | |
67 | |
68 PermissionParser::PermissionParser(const std::string& dicomWebRoot, const std::string& oe2Root) : | |
69 dicomWebRoot_(dicomWebRoot), | |
70 oe2Root_(oe2Root) | |
71 { | |
72 } | |
73 | |
149
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
74 void PermissionParser::Add(const Json::Value& configuration, const IAuthorizationParser* authorizationParser) |
71 | 75 { |
76 if (configuration.type() != Json::arrayValue) | |
77 { | |
78 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions should be an array."); | |
79 } | |
80 | |
81 for (Json::ArrayIndex i = 0; i < configuration.size(); ++i) | |
82 { | |
83 const Json::Value& permission = configuration[i]; | |
84 if (permission.type() != Json::arrayValue || permission.size() < 3) | |
85 { | |
86 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadParameterType, "Permissions elements should be an array of min size 3."); | |
87 } | |
88 | |
149
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
89 if (permission[1].asString() == "SINGLE_RESOURCE_PATTERNS") |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
90 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
91 std::vector<boost::regex> singleResourcePatterns; |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
92 authorizationParser->GetSingleResourcePatterns(singleResourcePatterns); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
93 |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
94 for (std::vector<boost::regex>::const_iterator it = singleResourcePatterns.begin(); it != singleResourcePatterns.end(); ++it) |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
95 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
96 Add(permission[0].asString(), // 0 = HTTP method |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
97 it->str(), // 1 = pattern |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
98 permission[2].asString() // 2 = list of | separated permissions (no space) |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
99 // 3 = optional comment |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
100 ); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
101 } |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
102 } |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
103 else |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
104 { |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
105 Add(permission[0].asString(), // 0 = HTTP method |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
106 permission[1].asString(), // 1 = pattern |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
107 permission[2].asString() // 2 = list of | separated permissions (no space) |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
108 // 3 = optional comment |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
109 ); |
423531fb1200
SINGLE_RESOURCE_PATTERNS to facilitate api-key support
Alain Mazy <am@osimis.io>
parents:
74
diff
changeset
|
110 } |
71 | 111 } |
112 | |
113 } | |
114 | |
115 void PermissionParser::Add(const std::string& method, | |
116 const std::string& patternRegex, | |
117 const std::string& permission) | |
118 { | |
119 std::string lowerCaseMethod; | |
120 Orthanc::Toolbox::ToLowerCase(lowerCaseMethod, method); | |
121 OrthancPluginHttpMethod parsedMethod = OrthancPluginHttpMethod_Get; | |
122 | |
123 if (lowerCaseMethod == "post") | |
124 { | |
125 parsedMethod = OrthancPluginHttpMethod_Post; | |
126 } | |
127 else if (lowerCaseMethod == "put") | |
128 { | |
129 parsedMethod = OrthancPluginHttpMethod_Put; | |
130 } | |
131 else if (lowerCaseMethod == "delete") | |
132 { | |
133 parsedMethod = OrthancPluginHttpMethod_Delete; | |
134 } | |
135 else if (lowerCaseMethod == "get") | |
136 { | |
137 parsedMethod = OrthancPluginHttpMethod_Get; | |
138 } | |
139 else | |
140 { | |
141 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange, std::string("Invalid HTTP method ") + method); | |
142 } | |
143 | |
144 std::string regex = patternRegex; | |
145 std::string strippedDicomWebRoot = dicomWebRoot_; | |
146 | |
147 StripLeadingAndTrailingSlashes(strippedDicomWebRoot); | |
148 Replace(regex, "DICOM_WEB_ROOT", strippedDicomWebRoot); | |
149 | |
150 LOG(WARNING) << "Authorization plugin: adding a new permission pattern: " << lowerCaseMethod << " " << regex << " - " << permission; | |
151 | |
152 permissionsPattern_.push_back(PermissionPattern(parsedMethod, regex, permission)); | |
153 } | |
154 | |
155 bool PermissionParser::Parse(std::set<std::string>& permissions, | |
156 std::string& matchedPattern, | |
157 const OrthancPluginHttpMethod& method, | |
158 const std::string& uri) const | |
159 { | |
160 // The mutex below should not be necessary, but we prefer to | |
161 // ensure thread safety in boost::regex | |
162 boost::mutex::scoped_lock lock(mutex_); | |
163 | |
164 | |
165 for (std::list<PermissionPattern>::const_iterator it = permissionsPattern_.begin(); | |
166 it != permissionsPattern_.end(); ++it) | |
167 { | |
168 if (method == it->method) | |
169 { | |
170 boost::smatch what; | |
171 if (boost::regex_match(uri, what, it->pattern)) | |
172 { | |
173 matchedPattern = it->pattern.expression(); | |
174 permissions = it->permissions; | |
175 return true; | |
176 } | |
177 } | |
178 } | |
179 | |
180 return false; | |
181 } | |
182 } |