view OrthancFramework/Sources/RestApi/RestApi.cpp @ 5658:4b7bc21db336

DicomTlsTrustedCertificates not required anymore for SCU when DicomTlsRemoteCertificateRequired is false
author Alain Mazy <am@orthanc.team>
date Tue, 18 Jun 2024 10:27:28 +0200
parents f7adfb22e20e
children
line wrap: on
line source

/**
 * Orthanc - A Lightweight, RESTful DICOM Store
 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
 * Department, University Hospital of Liege, Belgium
 * Copyright (C) 2017-2023 Osimis S.A., Belgium
 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium
 * Copyright (C) 2021-2024 Sebastien Jodogne, ICTEAM UCLouvain, Belgium
 *
 * This program is free software: you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation, either version 3 of
 * the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this program. If not, see
 * <http://www.gnu.org/licenses/>.
 **/


#include "../PrecompiledHeaders.h"
#include "RestApi.h"

#include "../HttpServer/StringHttpOutput.h"
#include "../Logging.h"
#include "../OrthancException.h"

#include <boost/algorithm/string/replace.hpp>
#include <boost/math/special_functions/round.hpp>
#include <stdlib.h>   // To define "_exit()" under Windows
#include <stdio.h>

namespace Orthanc
{
  namespace
  {
    // Anonymous namespace to avoid clashes between compilation modules
    class HttpHandlerVisitor : public RestApiHierarchy::IVisitor
    {
    private:
      RestApi& api_;
      RestApiOutput& output_;
      RequestOrigin origin_;
      const char* remoteIp_;
      const char* username_;
      HttpMethod method_;
      const HttpToolbox::Arguments& headers_;
      const HttpToolbox::Arguments& getArguments_;
      const void* bodyData_;
      size_t bodySize_;

    public:
      HttpHandlerVisitor(RestApi& api,
                         RestApiOutput& output,
                         RequestOrigin origin,
                         const char* remoteIp,
                         const char* username,
                         HttpMethod method,
                         const HttpToolbox::Arguments& headers,
                         const HttpToolbox::Arguments& getArguments,
                         const void* bodyData,
                         size_t bodySize) :
        api_(api),
        output_(output),
        origin_(origin),
        remoteIp_(remoteIp),
        username_(username),
        method_(method),
        headers_(headers),
        getArguments_(getArguments),
        bodyData_(bodyData),
        bodySize_(bodySize)
      {
      }

      virtual bool Visit(const RestApiHierarchy::Resource& resource,
                         const UriComponents& uri,
                         bool hasTrailing,
                         const HttpToolbox::Arguments& components,
                         const UriComponents& trailing)
      {
        if (resource.HasHandler(method_))
        {
          switch (method_)
          {
            case HttpMethod_Get:
            {
              RestApiGetCall call(output_, api_, origin_, remoteIp_, username_, 
                                  headers_, components, trailing, uri, getArguments_);
              resource.Handle(call);
              return true;
            }

            case HttpMethod_Post:
            {
              RestApiPostCall call(output_, api_, origin_, remoteIp_, username_, 
                                   headers_, components, trailing, uri, bodyData_, bodySize_);
              resource.Handle(call);
              return true;
            }

            case HttpMethod_Delete:
            {
              RestApiDeleteCall call(output_, api_, origin_, remoteIp_, username_, 
                                     headers_, components, trailing, uri);
              resource.Handle(call);
              return true;
            }

            case HttpMethod_Put:
            {
              RestApiPutCall call(output_, api_, origin_, remoteIp_, username_, 
                                  headers_, components, trailing, uri, bodyData_, bodySize_);
              resource.Handle(call);
              return true;
            }

            default:
              return false;
          }
        }

        return false;
      }
    };



    class DocumentationVisitor : public RestApiHierarchy::IVisitor
    {
    private:
      RestApi&    restApi_;
      size_t      successPathsCount_;
      size_t      totalPathsCount_;

    protected:
      virtual bool HandleCall(RestApiCall& call,
                              const std::string& path,
                              const std::set<std::string>& uriArgumentsNames) = 0;
  
    public:
      explicit DocumentationVisitor(RestApi& restApi) :
        restApi_(restApi),
        successPathsCount_(0),
        totalPathsCount_(0)
      {
      }
  
      virtual bool Visit(const RestApiHierarchy::Resource& resource,
                         const UriComponents& uri,
                         bool hasTrailing,
                         const HttpToolbox::Arguments& components,
                         const UriComponents& trailing)
      {
        std::string path = Toolbox::FlattenUri(uri);
        if (hasTrailing)
        {
          path += "/{path}";
        }

        std::set<std::string> uriArgumentsNames;
        HttpToolbox::Arguments uriArguments;
        
        for (HttpToolbox::Arguments::const_iterator
               it = components.begin(); it != components.end(); ++it)
        {
          assert(it->second.empty());
          uriArgumentsNames.insert(it->first.c_str());
          uriArguments[it->first] = "";
        }

        if (hasTrailing)
        {
          uriArgumentsNames.insert("path");
          uriArguments["path"] = "";
        }

        if (resource.HasHandler(HttpMethod_Get))
        {
          totalPathsCount_ ++;
          
          StringHttpOutput o1;
          HttpOutput o2(o1, false /* assume no keep-alive */, 0);
          RestApiOutput o3(o2, HttpMethod_Get);
          RestApiGetCall call(o3, restApi_, RequestOrigin_Documentation, "" /* remote IP */,
                              "" /* username */, HttpToolbox::Arguments() /* HTTP headers */,
                              uriArguments, UriComponents() /* trailing */,
                              uri, HttpToolbox::Arguments() /* GET arguments */);

          bool ok = false;
      
          try
          {
            ok = (resource.Handle(call) &&
                  HandleCall(call, path, uriArgumentsNames));
          }
          catch (OrthancException& e)
          {
            LOG(ERROR) << "Exception while documenting GET " << path << ": " << e.What();
          }
          catch (boost::bad_lexical_cast&)
          {
            LOG(ERROR) << "Bad lexical cast while documenting GET " << path;
          }

          if (ok)
          {
            successPathsCount_ ++;
          }
          else
          {
            LOG(WARNING) << "Ignoring URI without API documentation: GET " << path;
          }
        }
    
        if (resource.HasHandler(HttpMethod_Post))
        {
          totalPathsCount_ ++;
          
          StringHttpOutput o1;
          HttpOutput o2(o1, false /* assume no keep-alive */, 0);
          RestApiOutput o3(o2, HttpMethod_Post);
          RestApiPostCall call(o3, restApi_, RequestOrigin_Documentation, "" /* remote IP */,
                               "" /* username */, HttpToolbox::Arguments() /* HTTP headers */,
                               uriArguments, UriComponents() /* trailing */,
                               uri, NULL /* body */, 0 /* body size */);

          bool ok = false;
      
          try
          {
            ok = (resource.Handle(call) &&
                  HandleCall(call, path, uriArgumentsNames));
          }
          catch (OrthancException& e)
          {
            LOG(ERROR) << "Exception while documenting POST " << path << ": " << e.What();
          }
          catch (boost::bad_lexical_cast&)
          {
            LOG(ERROR) << "Bad lexical cast while documenting POST " << path;
          }

          if (ok)
          {
            successPathsCount_ ++;
          }
          else
          {
            LOG(WARNING) << "Ignoring URI without API documentation: POST " << path;
          }
        }
    
        if (resource.HasHandler(HttpMethod_Delete))
        {
          totalPathsCount_ ++;
          
          StringHttpOutput o1;
          HttpOutput o2(o1, false /* assume no keep-alive */, 0);
          RestApiOutput o3(o2, HttpMethod_Delete);
          RestApiDeleteCall call(o3, restApi_, RequestOrigin_Documentation, "" /* remote IP */,
                                 "" /* username */, HttpToolbox::Arguments() /* HTTP headers */,
                                 uriArguments, UriComponents() /* trailing */, uri);

          bool ok = false;
      
          try
          {
            ok = (resource.Handle(call) &&
                  HandleCall(call, path, uriArgumentsNames));
          }
          catch (OrthancException& e)
          {
            LOG(ERROR) << "Exception while documenting DELETE " << path << ": " << e.What();
          }
          catch (boost::bad_lexical_cast&)
          {
            LOG(ERROR) << "Bad lexical cast while documenting DELETE " << path;
          }

          if (ok)
          {
            successPathsCount_ ++;
          }
          else
          {
            LOG(WARNING) << "Ignoring URI without API documentation: DELETE " << path;
          }
        }

        if (resource.HasHandler(HttpMethod_Put))
        {
          totalPathsCount_ ++;
          
          StringHttpOutput o1;
          HttpOutput o2(o1, false /* assume no keep-alive */, 0);
          RestApiOutput o3(o2, HttpMethod_Put);
          RestApiPutCall call(o3, restApi_, RequestOrigin_Documentation, "" /* remote IP */,
                              "" /* username */, HttpToolbox::Arguments() /* HTTP headers */,
                              uriArguments, UriComponents() /* trailing */, uri,
                              NULL /* body */, 0 /* body size */);

          bool ok = false;
      
          try
          {
            ok = (resource.Handle(call) &&
                  HandleCall(call, path, uriArgumentsNames));
          }
          catch (OrthancException& e)
          {
            LOG(ERROR) << "Exception while documenting PUT " << path << ": " << e.What();
          }
          catch (boost::bad_lexical_cast&)
          {
            LOG(ERROR) << "Bad lexical cast while documenting PUT " << path;
          }

          if (ok)
          {
            successPathsCount_ ++;
          }
          else
          {
            LOG(WARNING) << "Ignoring URI without API documentation: PUT " << path;
          }
        }
    
        return true;
      }

      size_t GetSuccessPathsCount() const
      {
        return successPathsCount_;
      }

      size_t GetTotalPathsCount() const
      {
        return totalPathsCount_;
      }

      void LogStatistics() const
      {
        assert(GetSuccessPathsCount() <= GetTotalPathsCount());
        size_t total = GetTotalPathsCount();
        if (total == 0)
        {
          total = 1;  // Avoid division by zero
        }
        float coverage = (100.0f * static_cast<float>(GetSuccessPathsCount()) /
                          static_cast<float>(total));
    
        LOG(WARNING) << "The documentation of the REST API contains " << GetSuccessPathsCount()
                     << " paths over a total of " << GetTotalPathsCount() << " paths "
                     << "(coverage: " << static_cast<unsigned int>(boost::math::iround(coverage)) << "%)";
      }
    };


    class OpenApiVisitor : public DocumentationVisitor
    {
    private:
      Json::Value paths_;

    protected:
      virtual bool HandleCall(RestApiCall& call,
                              const std::string& path,
                              const std::set<std::string>& uriArgumentsNames) ORTHANC_OVERRIDE
      {
        Json::Value v;
        if (call.GetDocumentation().FormatOpenApi(v, uriArgumentsNames, path))
        {
          std::string method;
          
          switch (call.GetMethod())
          {
            case HttpMethod_Get:
              method = "get";
              break;
            
            case HttpMethod_Post:
              method = "post";
              break;
            
            case HttpMethod_Delete:
              method = "delete";
              break;
            
            case HttpMethod_Put:
              method = "put";
              break;
            
            default:
              throw OrthancException(ErrorCode_ParameterOutOfRange);
          }
          
          if ((paths_.isMember(path) &&
               paths_[path].type() != Json::objectValue) ||
              paths_[path].isMember(method))
          {
            throw OrthancException(ErrorCode_InternalError);
          }

          paths_[path][method] = v;
          
          return true;
        }
        else
        {
          return false;
        }
      }      
  
    public:
      explicit OpenApiVisitor(RestApi& restApi) :
        DocumentationVisitor(restApi),
        paths_(Json::objectValue)
      {
      }
  
      const Json::Value& GetPaths() const
      {
        return paths_;
      }
    };


    class ReStructuredTextCheatSheet : public DocumentationVisitor
    {
    private:
      class Path
      {
      private:
        bool        hasGet_;
        bool        hasPost_;
        bool        hasDelete_;
        bool        hasPut_;
        std::string getTag_;
        std::string postTag_;
        std::string deleteTag_;
        std::string putTag_;
        std::string summary_;
        bool        getDeprecated_;
        bool        postDeprecated_;
        bool        deleteDeprecated_;
        bool        putDeprecated_;
        HttpMethod  summaryOrigin_;

      public:
        Path() :
          hasGet_(false),
          hasPost_(false),
          hasDelete_(false),
          hasPut_(false),
          getDeprecated_(false),
          postDeprecated_(false),
          deleteDeprecated_(false),
          putDeprecated_(false),
          summaryOrigin_(HttpMethod_Get)  // Dummy initialization
        {
        }

        void AddMethod(HttpMethod method,
                       const std::string& tag,
                       bool deprecated)
        {
          switch (method)
          {
            case HttpMethod_Get:
              if (hasGet_)
              {
                throw OrthancException(ErrorCode_InternalError);
              }
              
              hasGet_ = true;
              getTag_ = tag;
              getDeprecated_ = deprecated;
              break;
              
            case HttpMethod_Post:
              if (hasPost_)
              {
                throw OrthancException(ErrorCode_InternalError);
              }
              
              hasPost_ = true;
              postTag_ = tag;
              postDeprecated_ = deprecated;
              break;
              
            case HttpMethod_Delete:
              if (hasDelete_)
              {
                throw OrthancException(ErrorCode_InternalError);
              }
              
              hasDelete_ = true;
              deleteTag_ = tag;
              deleteDeprecated_ = deprecated;
              break;
              
            case HttpMethod_Put:
              if (hasPut_)
              {
                throw OrthancException(ErrorCode_InternalError);
              }
              
              hasPut_ = true;
              putTag_ = tag;
              putDeprecated_ = deprecated;
              break;

            default:
              throw OrthancException(ErrorCode_ParameterOutOfRange);
          }
        }

        void SetSummary(const std::string& summary,
                        HttpMethod newOrigin)
        {
          if (!summary.empty())
          {
            bool replace;

            if (summary_.empty())
            {
              // We don't have a summary so far
              replace = true;
            }
            else
            {
              // We already have a summary. Replace it if the new
              // summary is associated with a HTTP method of higher
              // weight (GET > POST > DELETE > PUT)
              switch (summaryOrigin_)
              {
                case HttpMethod_Get:
                  replace = false;
                  break;

                case HttpMethod_Post:
                  replace = (newOrigin == HttpMethod_Get);
                  break;

                case HttpMethod_Delete:
                  replace = (newOrigin == HttpMethod_Get ||
                             newOrigin == HttpMethod_Post);
                  break;

                case HttpMethod_Put:
                  replace = (newOrigin == HttpMethod_Get ||
                             newOrigin == HttpMethod_Post ||
                             newOrigin == HttpMethod_Delete);
                  break;

                default:
                  throw OrthancException(ErrorCode_ParameterOutOfRange);
              }
            }

            if (replace)
            {
              summary_ = summary;
              summaryOrigin_ = newOrigin;
            }
          }
        }

        const std::string& GetSummary() const
        {
          return summary_;
        }

        static std::string FormatTag(const std::string& tag)
        {
          if (tag.empty())
          {
            return tag;
          }
          else
          {
            std::string s;
            s.reserve(tag.size());
            s.push_back(tag[0]);

            for (size_t i = 1; i < tag.size(); i++)
            {
              if (tag[i] == ' ')
              {
                s.push_back('-');
              }
              else if (isupper(tag[i]) &&
                       tag[i - 1] == ' ')
              {
                s.push_back(tolower(tag[i]));
              }
              else
              {
                s.push_back(tag[i]);
              }
            }

            return s;
          }
        }

        std::string Format(const std::string& openApiUrl,
                           HttpMethod method,
                           const std::string& uri) const
        {
          std::string p = uri;
          boost::replace_all(p, "/", "~1");

          std::string verb;
          std::string url;
          
          switch (method)
          {
            case HttpMethod_Get:
              if (hasGet_)
              {
                verb = (getDeprecated_ ? "(get)" : "GET");
                url = openApiUrl + "#tag/" + FormatTag(getTag_) + "/paths/" + p + "/get";
              }
              break;
              
            case HttpMethod_Post:
              if (hasPost_)
              {
                verb = (postDeprecated_ ? "(post)" : "POST");
                url = openApiUrl + "#tag/" + FormatTag(postTag_) + "/paths/" + p + "/post";
              }
              break;
              
            case HttpMethod_Delete:
              if (hasDelete_)
              {
                verb = (deleteDeprecated_ ? "(delete)" : "DELETE");
                url = openApiUrl + "#tag/" + FormatTag(deleteTag_) + "/paths/" + p + "/delete";
              }
              break;
              
            case HttpMethod_Put:
              if (hasPut_)
              {
                verb = (putDeprecated_ ? "(put)" : "PUT");
                url = openApiUrl + "#tag/" + FormatTag(putTag_) + "/paths/" + p + "/put";
              }
              break;              

            default:
              throw OrthancException(ErrorCode_InternalError);
          }

          if (verb.empty())
          {
            return "";
          }
          else if (openApiUrl.empty())
          {
            return verb;
          }
          else
          {
            return "`" + verb + " <" + url + ">`__";
          }
        }

        bool HasDeprecated() const
        {
          return ((hasGet_ && getDeprecated_) ||
                  (hasPost_ && postDeprecated_) ||
                  (hasDelete_ && deleteDeprecated_) ||
                  (hasPut_ && putDeprecated_));
        }
      };

      typedef std::map<std::string, Path>  Paths;

      Paths paths_;

    protected:
      virtual bool HandleCall(RestApiCall& call,
                              const std::string& _path,
                              const std::set<std::string>& uriArgumentsNames) ORTHANC_OVERRIDE
      {
        Path& path = paths_[ _path ];

        path.AddMethod(call.GetMethod(), call.GetDocumentation().GetTag(), call.GetDocumentation().IsDeprecated());

        if (call.GetDocumentation().HasSummary())
        {
          path.SetSummary(call.GetDocumentation().GetSummary(), call.GetMethod());
        }
        
        return true;
      }      
  
    public:
      explicit ReStructuredTextCheatSheet(RestApi& restApi) :
        DocumentationVisitor(restApi)
      {
      }

      void Format(std::string& target,
                  const std::string& openApiUrl) const
      {
        target += "Path,GET,POST,DELETE,PUT,Summary\n";
        for (Paths::const_iterator it = paths_.begin(); it != paths_.end(); ++it)
        {
          target += "``" + it->first + "``,";
          target += it->second.Format(openApiUrl, HttpMethod_Get, it->first) + ",";
          target += it->second.Format(openApiUrl, HttpMethod_Post, it->first) + ",";
          target += it->second.Format(openApiUrl, HttpMethod_Delete, it->first) + ",";
          target += it->second.Format(openApiUrl, HttpMethod_Put, it->first) + ",";
          
          if (it->second.HasDeprecated())
          {
            target += "*(deprecated)* ";
          }
          
          target += it->second.GetSummary() + "\n";
        }        
      }
    };
  }



  static void AddMethod(std::string& target,
                        const std::string& method)
  {
    if (target.size() > 0)
      target += "," + method;
    else
      target = method;
  }

  static std::string  MethodsToString(const std::set<HttpMethod>& methods)
  {
    std::string s;

    if (methods.find(HttpMethod_Get) != methods.end())
    {
      AddMethod(s, "GET");
    }

    if (methods.find(HttpMethod_Post) != methods.end())
    {
      AddMethod(s, "POST");
    }

    if (methods.find(HttpMethod_Put) != methods.end())
    {
      AddMethod(s, "PUT");
    }

    if (methods.find(HttpMethod_Delete) != methods.end())
    {
      AddMethod(s, "DELETE");
    }

    return s;
  }



  bool RestApi::CreateChunkedRequestReader(std::unique_ptr<IChunkedRequestReader>& target,
                                           RequestOrigin origin,
                                           const char* remoteIp,
                                           const char* username,
                                           HttpMethod method,
                                           const UriComponents& uri,
                                           const HttpToolbox::Arguments& headers)
  {
    return false;
  }


  bool RestApi::Handle(HttpOutput& output,
                       RequestOrigin origin,
                       const char* remoteIp,
                       const char* username,
                       HttpMethod method,
                       const UriComponents& uri,
                       const HttpToolbox::Arguments& headers,
                       const HttpToolbox::GetArguments& getArguments,
                       const void* bodyData,
                       size_t bodySize)
  {
    RestApiOutput wrappedOutput(output, method);

#if ORTHANC_ENABLE_PUGIXML == 1
    {
      // Look if the client wishes XML answers instead of JSON
      // http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z3
      HttpToolbox::Arguments::const_iterator it = headers.find("accept");
      if (it != headers.end())
      {
        std::vector<std::string> accepted;
        Toolbox::TokenizeString(accepted, it->second, ';');
        for (size_t i = 0; i < accepted.size(); i++)
        {
          if (accepted[i] == MIME_XML)
          {
            wrappedOutput.SetConvertJsonToXml(true);
          }

          if (accepted[i] == MIME_JSON)
          {
            wrappedOutput.SetConvertJsonToXml(false);
          }
        }
      }
    }
#endif

    HttpToolbox::Arguments compiled;
    HttpToolbox::CompileGetArguments(compiled, getArguments);

    HttpHandlerVisitor visitor(*this, wrappedOutput, origin, remoteIp, username, 
                               method, headers, compiled, bodyData, bodySize);

    if (root_.LookupResource(uri, visitor))
    {
      wrappedOutput.Finalize();
      return true;
    }

    std::set<HttpMethod> methods;
    root_.GetAcceptedMethods(methods, uri);

    if (methods.empty())
    {
      return false;  // This URI is not served by this REST API
    }
    else
    {
      LOG(INFO) << "REST method " << EnumerationToString(method) 
                << " not allowed on: " << Toolbox::FlattenUri(uri);

      output.SendMethodNotAllowed(MethodsToString(methods));

      return true;
    }
  }

  void RestApi::Register(const std::string& path,
                         RestApiGetCall::Handler handler)
  {
    root_.Register(path, handler);
  }

  void RestApi::Register(const std::string& path,
                         RestApiPutCall::Handler handler)
  {
    root_.Register(path, handler);
  }

  void RestApi::Register(const std::string& path,
                         RestApiPostCall::Handler handler)
  {
    root_.Register(path, handler);
  }

  void RestApi::Register(const std::string& path,
                         RestApiDeleteCall::Handler handler)
  {
    root_.Register(path, handler);
  }
  
  void RestApi::AutoListChildren(RestApiGetCall& call)
  {    
    call.GetDocumentation()
      .SetTag("Other")
      .SetSummary("List operations")
      .SetDescription("List the available operations under URI `" + call.FlattenUri() + "`")
      .AddAnswerType(MimeType_Json, "List of the available operations");

    RestApi& context = call.GetContext();

    Json::Value directory;
    if (context.root_.GetDirectory(directory, call.GetFullUri()))
    {
      if (call.IsDocumentation())
      {
        call.GetDocumentation().SetSample(directory);

        std::set<std::string> c;
        call.GetUriComponentsNames(c);
        for (std::set<std::string>::const_iterator it = c.begin(); it != c.end(); ++it)
        {
          call.GetDocumentation().SetUriArgument(*it, RestApiCallDocumentation::Type_String, "");
        }    
      }
      else
      {
        call.GetOutput().AnswerJson(directory);
      }
    }
  }


  void RestApi::GenerateOpenApiDocumentation(Json::Value& target)
  {
    OpenApiVisitor visitor(*this);
    
    UriComponents root;
    std::set<std::string> uriArgumentsNames;
    root_.ExploreAllResources(visitor, root, uriArgumentsNames);

    target = Json::objectValue;

    target["info"] = Json::objectValue;
    target["openapi"] = "3.0.0";
    target["servers"] = Json::arrayValue;
    target["paths"] = visitor.GetPaths();

    visitor.LogStatistics();
  }


  void RestApi::GenerateReStructuredTextCheatSheet(std::string& target,
                                                   const std::string& openApiUrl)
  {
    ReStructuredTextCheatSheet visitor(*this);
    
    UriComponents root;
    std::set<std::string> uriArgumentsNames;
    root_.ExploreAllResources(visitor, root, uriArgumentsNames);

    visitor.Format(target, openApiUrl);
    
    visitor.LogStatistics();
  }
}