Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 58:ad279c70c22d
added a new configuration 'StandardConfigurations'
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Wed, 09 Nov 2022 18:17:03 +0100 |
| parents | 55539d564f4f |
| children | 222f0652025f |
comparison
equal
deleted
inserted
replaced
| 57:55539d564f4f | 58:ad279c70c22d |
|---|---|
| 32 // Configuration of the authorization plugin | 32 // Configuration of the authorization plugin |
| 33 static std::unique_ptr<OrthancPlugins::IAuthorizationParser> authorizationParser_; | 33 static std::unique_ptr<OrthancPlugins::IAuthorizationParser> authorizationParser_; |
| 34 static std::unique_ptr<OrthancPlugins::IAuthorizationService> authorizationService_; | 34 static std::unique_ptr<OrthancPlugins::IAuthorizationService> authorizationService_; |
| 35 static std::set<std::string> uncheckedResources_; | 35 static std::set<std::string> uncheckedResources_; |
| 36 static std::list<std::string> uncheckedFolders_; | 36 static std::list<std::string> uncheckedFolders_; |
| 37 static std::list<OrthancPlugins::Token> tokens_; | 37 static std::set<OrthancPlugins::Token> tokens_; |
| 38 static std::set<OrthancPlugins::AccessLevel> uncheckedLevels_; | 38 static std::set<OrthancPlugins::AccessLevel> uncheckedLevels_; |
| 39 | 39 |
| 40 | 40 |
| 41 static int32_t FilterHttpRequests(OrthancPluginHttpMethod method, | 41 static int32_t FilterHttpRequests(OrthancPluginHttpMethod method, |
| 42 const char *uri, | 42 const char *uri, |
| 105 OrthancPlugins::AssociativeArray headers | 105 OrthancPlugins::AssociativeArray headers |
| 106 (headersCount, headersKeys, headersValues, false); | 106 (headersCount, headersKeys, headersValues, false); |
| 107 | 107 |
| 108 // Loop over all the authorization tokens stored in the HTTP | 108 // Loop over all the authorization tokens stored in the HTTP |
| 109 // headers, until finding one that is granted | 109 // headers, until finding one that is granted |
| 110 for (std::list<OrthancPlugins::Token>::const_iterator | 110 for (std::set<OrthancPlugins::Token>::const_iterator |
| 111 token = tokens_.begin(); token != tokens_.end(); ++token) | 111 token = tokens_.begin(); token != tokens_.end(); ++token) |
| 112 { | 112 { |
| 113 std::string value; | 113 std::string value; |
| 114 | 114 |
| 115 bool hasValue = false; | 115 bool hasValue = false; |
| 301 | 301 |
| 302 configuration.LookupListOfStrings(tmp, "TokenHttpHeaders", true); | 302 configuration.LookupListOfStrings(tmp, "TokenHttpHeaders", true); |
| 303 for (std::list<std::string>::const_iterator | 303 for (std::list<std::string>::const_iterator |
| 304 it = tmp.begin(); it != tmp.end(); ++it) | 304 it = tmp.begin(); it != tmp.end(); ++it) |
| 305 { | 305 { |
| 306 tokens_.push_back(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, *it)); | 306 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, *it)); |
| 307 } | 307 } |
| 308 | 308 |
| 309 configuration.LookupListOfStrings(tmp, "TokenGetArguments", true); | 309 configuration.LookupListOfStrings(tmp, "TokenGetArguments", true); |
| 310 | 310 |
| 311 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 3, 0) | 311 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 3, 0) |
| 312 for (std::list<std::string>::const_iterator | 312 for (std::list<std::string>::const_iterator |
| 313 it = tmp.begin(); it != tmp.end(); ++it) | 313 it = tmp.begin(); it != tmp.end(); ++it) |
| 314 { | 314 { |
| 315 tokens_.push_back(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, *it)); | 315 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_GetArgument, *it)); |
| 316 } | 316 } |
| 317 #else | 317 #else |
| 318 if (!tmp.empty()) | 318 if (!tmp.empty()) |
| 319 { | 319 { |
| 320 throw Orthanc::OrthancException( | 320 throw Orthanc::OrthancException( |
| 336 Orthanc::ErrorCode_BadFileFormat, | 336 Orthanc::ErrorCode_BadFileFormat, |
| 337 "Missing mandatory option \"" + std::string(WEB_SERVICE) + | 337 "Missing mandatory option \"" + std::string(WEB_SERVICE) + |
| 338 "\" for the authorization plugin"); | 338 "\" for the authorization plugin"); |
| 339 } | 339 } |
| 340 | 340 |
| 341 std::set<std::string> standardConfigurations; | |
| 342 if (configuration.LookupSetOfStrings(standardConfigurations, "StandardConfigurations", false)) | |
| 343 { | |
| 344 if (standardConfigurations.find("osimis-web-viewer") != standardConfigurations.end()) | |
| 345 { | |
| 346 uncheckedFolders_.push_back("/osimis-viewer/app/"); | |
| 347 uncheckedFolders_.push_back("/osimis-viewer/languages/"); | |
| 348 uncheckedResources_.insert("/osimis-viewer/config.js"); | |
| 349 | |
| 350 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "token")); | |
| 351 } | |
| 352 | |
| 353 if (standardConfigurations.find("stone-webviewer") != standardConfigurations.end()) | |
| 354 { | |
| 355 uncheckedFolders_.push_back("/stone-webviewer/"); | |
| 356 uncheckedResources_.insert("/system"); | |
| 357 | |
| 358 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); | |
| 359 } | |
| 360 | |
| 361 } | |
| 362 | |
| 363 std::string checkedLevelString; | |
| 364 if (configuration.LookupStringValue(checkedLevelString, "CheckedLevel")) | |
| 365 { | |
| 366 OrthancPlugins::AccessLevel checkedLevel = OrthancPlugins::StringToAccessLevel(checkedLevelString); | |
| 367 if (checkedLevel == OrthancPlugins::AccessLevel_Instance) | |
| 368 { | |
| 369 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient); | |
| 370 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study); | |
| 371 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series); | |
| 372 } | |
| 373 else if (checkedLevel == OrthancPlugins::AccessLevel_Series) | |
| 374 { | |
| 375 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient); | |
| 376 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study); | |
| 377 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance); | |
| 378 } | |
| 379 else if (checkedLevel == OrthancPlugins::AccessLevel_Study) | |
| 380 { | |
| 381 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Patient); | |
| 382 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series); | |
| 383 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance); | |
| 384 } | |
| 385 else if (checkedLevel == OrthancPlugins::AccessLevel_Patient) | |
| 386 { | |
| 387 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Study); | |
| 388 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Series); | |
| 389 uncheckedLevels_.insert(OrthancPlugins::AccessLevel_Instance); | |
| 390 } | |
| 391 } | |
| 392 | |
| 341 if (configuration.LookupListOfStrings(tmp, "UncheckedLevels", false)) | 393 if (configuration.LookupListOfStrings(tmp, "UncheckedLevels", false)) |
| 342 { | 394 { |
| 343 for (std::list<std::string>::const_iterator | 395 if (uncheckedLevels_.size() == 0) |
| 344 it = tmp.begin(); it != tmp.end(); ++it) | 396 { |
| 345 { | 397 for (std::list<std::string>::const_iterator |
| 346 uncheckedLevels_.insert(OrthancPlugins::StringToAccessLevel(*it)); | 398 it = tmp.begin(); it != tmp.end(); ++it) |
| 399 { | |
| 400 uncheckedLevels_.insert(OrthancPlugins::StringToAccessLevel(*it)); | |
| 401 } | |
| 402 } | |
| 403 else | |
| 404 { | |
| 405 LOG(ERROR) << "Authorization plugin: you may only provide one of 'CheckedLevel' or 'UncheckedLevels' configurations"; | |
| 406 return -1; | |
| 347 } | 407 } |
| 348 } | 408 } |
| 349 | 409 |
| 350 std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(url)); | 410 std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(url)); |
| 351 | 411 |