Mercurial > hg > orthanc-authorization
comparison Plugin/DefaultConfiguration.json @ 77:94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Wed, 15 Mar 2023 16:36:42 +0100 |
| parents | 57e98fc07ab2 |
| children | 94c5388ed30b |
comparison
equal
deleted
inserted
replaced
| 76:d301047ee3c4 | 77:94a9484d7f8f |
|---|---|
| 48 // provided in the user-profile route implemented by the auth-service. | 48 // provided in the user-profile route implemented by the auth-service. |
| 49 // You may test your regex in https://regex101.com/ by selecting .NET (C#) and removing the leading ^ and trailing $ | 49 // You may test your regex in https://regex101.com/ by selecting .NET (C#) and removing the leading ^ and trailing $ |
| 50 // The default configuration is suitable for Orthanc-Explorer-2 (see TBD sample) | 50 // The default configuration is suitable for Orthanc-Explorer-2 (see TBD sample) |
| 51 "Permissions" : [ | 51 "Permissions" : [ |
| 52 ["post", "^/auth/tokens/decode$", ""], | 52 ["post", "^/auth/tokens/decode$", ""], |
| 53 ["post", "^/tools/lookup$", ""], // currently used to authorize downloads in Stone (to map the StudyInstanceUID into an OrthancID. Not ideal -> we should define a new API that has the resource ID in the path to be able to check it at resource level) but, on another hand, you do not get any Patient information from this route | |
| 53 | 54 |
| 54 // elemental browsing in OE2 | 55 // elemental browsing in OE2 |
| 55 ["post", "^/tools/find$", "all|view"], | 56 ["post", "^/tools/find$", "all|view"], |
| 56 ["get" , "^/(patients|studies|series|instances)/([a-f0-9-]+)$", "all|view"], | 57 ["get" , "^/(patients|studies|series|instances)/([a-f0-9-]+)$", "all|view"], |
| 57 ["get" , "^/(patients|studies|series|instances)/([a-f0-9-]+)/(studies|study|series|instances)$", "all|view"], | 58 ["get" , "^/(patients|studies|series|instances)/([a-f0-9-]+)/(studies|study|series|instances)$", "all|view"], |
| 81 ["get" , "^/DICOM_WEB_ROOT/servers$", "all|send|q-r-remote-modalities"], | 82 ["get" , "^/DICOM_WEB_ROOT/servers$", "all|send|q-r-remote-modalities"], |
| 82 ["get" , "^/DICOM_WEB_ROOT/(servers)/(.*)/stow$", "all|send"], | 83 ["get" , "^/DICOM_WEB_ROOT/(servers)/(.*)/stow$", "all|send"], |
| 83 | 84 |
| 84 // modifications/anonymization | 85 // modifications/anonymization |
| 85 ["post", "^/(patients|studies|series|instances)/([a-f0-9-]+)/modify(.*)$", "all|modify"], | 86 ["post", "^/(patients|studies|series|instances)/([a-f0-9-]+)/modify(.*)$", "all|modify"], |
| 86 ["post", "^/(patients|studies|series|instances)/([a-f0-9-]+)/anonymize(.*)$", "all|anonymize"] | 87 ["post", "^/(patients|studies|series|instances)/([a-f0-9-]+)/anonymize(.*)$", "all|anonymize"], |
| 88 | |
| 89 // deletes | |
| 90 ["delete" , "^/(patients|studies|series|instances)/([a-f0-9-]+)$", "all|delete"], | |
| 91 | |
| 92 // settings | |
| 93 ["put", "^/tools/log-level$", "all|settings"], | |
| 94 ["get", "^/tools/log-level$", "all|settings"] | |
| 87 ] | 95 ] |
| 88 } | 96 } |
| 89 } | 97 } |