Mercurial > hg > orthanc
changeset 6239:5c9fc31d1555
custom payload in HTTP authentication
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Thu, 10 Jul 2025 18:36:36 +0200 |
| parents | 376adcf7cabb |
| children | a6c9451fbade |
| files | OrthancFramework/Sources/HttpServer/HttpServer.cpp OrthancFramework/Sources/HttpServer/IIncomingHttpRequestFilter.h OrthancServer/Plugins/Engine/OrthancPlugins.cpp OrthancServer/Plugins/Engine/OrthancPlugins.h OrthancServer/Plugins/Include/orthanc/OrthancCPlugin.h OrthancServer/Sources/main.cpp |
| diffstat | 6 files changed, 34 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/OrthancFramework/Sources/HttpServer/HttpServer.cpp Thu Jul 10 10:08:14 2025 +0200 +++ b/OrthancFramework/Sources/HttpServer/HttpServer.cpp Thu Jul 10 18:36:36 2025 +0200 @@ -1269,6 +1269,7 @@ const IIncomingHttpRequestFilter *filter = server.GetIncomingHttpRequestFilter(); // Authenticate this connection + std::string customPayload; std::string redirection; IIncomingHttpRequestFilter::AuthenticationStatus status; @@ -1278,7 +1279,7 @@ } else { - status = filter->CheckAuthentication(redirection, requestUri, headers); + status = filter->CheckAuthentication(customPayload, redirection, requestUri, headers); } switch (status) @@ -1294,6 +1295,7 @@ break; case IIncomingHttpRequestFilter::AuthenticationStatus_Success: + printf("PAYLOAD: [%s]\n", customPayload.c_str()); break; case IIncomingHttpRequestFilter::AuthenticationStatus_Redirect:
--- a/OrthancFramework/Sources/HttpServer/IIncomingHttpRequestFilter.h Thu Jul 10 10:08:14 2025 +0200 +++ b/OrthancFramework/Sources/HttpServer/IIncomingHttpRequestFilter.h Thu Jul 10 18:36:36 2025 +0200 @@ -47,7 +47,8 @@ virtual bool IsValidBearerToken(const std::string& token) const = 0; // This method corresponds to HTTP authentication - virtual AuthenticationStatus CheckAuthentication(std::string& redirection /* out: path relative to the root */, + virtual AuthenticationStatus CheckAuthentication(std::string& customPayload /* out: payload to provide to "IsAllowed()" */, + std::string& redirection /* out: path relative to the root */, const std::string& uri, const HttpToolbox::Arguments& httpHeaders) const = 0;
--- a/OrthancServer/Plugins/Engine/OrthancPlugins.cpp Thu Jul 10 10:08:14 2025 +0200 +++ b/OrthancServer/Plugins/Engine/OrthancPlugins.cpp Thu Jul 10 18:36:36 2025 +0200 @@ -6847,6 +6847,7 @@ IIncomingHttpRequestFilter::AuthenticationStatus OrthancPlugins::CheckAuthentication( + std::string& customPayload, std::string& redirection, const std::string& uri, const HttpToolbox::Arguments& httpHeaders) const @@ -6874,10 +6875,12 @@ assert(i == httpHeaders.size()); OrthancPluginHttpAuthenticationStatus status = OrthancPluginHttpAuthenticationStatus_Unauthorized; + PluginMemoryBuffer32 payloadBuffer; PluginMemoryBuffer32 redirectionBuffer; - OrthancPluginErrorCode code = pimpl_->httpAuthentication_(&status, redirectionBuffer.GetObject(), uri.c_str(), i, - keys.empty() ? NULL : &keys[0], - values.empty() ? NULL : &values[0]); + OrthancPluginErrorCode code = pimpl_->httpAuthentication_( + &status, payloadBuffer.GetObject(), redirectionBuffer.GetObject(), uri.c_str(), i, + keys.empty() ? NULL : &keys[0], + values.empty() ? NULL : &values[0]); if (code != OrthancPluginErrorCode_Success) { @@ -6888,6 +6891,7 @@ switch (status) { case OrthancPluginHttpAuthenticationStatus_Success: + payloadBuffer.MoveToString(customPayload); return IIncomingHttpRequestFilter::AuthenticationStatus_Success; case OrthancPluginHttpAuthenticationStatus_Unauthorized:
--- a/OrthancServer/Plugins/Engine/OrthancPlugins.h Thu Jul 10 10:08:14 2025 +0200 +++ b/OrthancServer/Plugins/Engine/OrthancPlugins.h Thu Jul 10 18:36:36 2025 +0200 @@ -418,6 +418,7 @@ void RegisterWebDavCollections(HttpServer& target); IIncomingHttpRequestFilter::AuthenticationStatus CheckAuthentication( + std::string& customPayload, std::string& redirection, const std::string& uri, const HttpToolbox::Arguments& httpHeaders) const;
--- a/OrthancServer/Plugins/Include/orthanc/OrthancCPlugin.h Thu Jul 10 10:08:14 2025 +0200 +++ b/OrthancServer/Plugins/Include/orthanc/OrthancCPlugin.h Thu Jul 10 18:36:36 2025 +0200 @@ -1192,8 +1192,8 @@ typedef enum { OrthancPluginHttpAuthenticationStatus_Success = 0, /*!< The authentication has succeeded */ - OrthancPluginHttpAuthenticationStatus_Unauthorized = 1, /*!< The authentication has failed */ - OrthancPluginHttpAuthenticationStatus_Redirect = 2, /*!< The user must be redirected to another path (for login) */ + OrthancPluginHttpAuthenticationStatus_Unauthorized = 1, /*!< The authentication has failed (401 HTTP status) */ + OrthancPluginHttpAuthenticationStatus_Redirect = 2, /*!< Redirect to another path (e.g. for login, 307 HTTP status) */ _OrthancPluginHttpAuthenticationStatus_INTERNAL = 0x7fffffff } OrthancPluginHttpAuthenticationStatus; @@ -10368,9 +10368,12 @@ * Signature of a callback function that authenticates every incoming HTTP. * * @param status The output status of the authentication. + * @param customPayload If status is `OrthancPluginHttpAuthenticationStatus_Success`, + * a custom payload that will be provided to the HTTP authorization callback. * @param redirection If status is `OrthancPluginHttpAuthenticationStatus_Redirect`, - * the path where to redirect the user (typically, a login page). The path is relative - * to the root of the Web server of Orthanc. + * a buffer filled with the path where to redirect the user (typically, a login page). + * The path is relative to the root of the Web server of Orthanc. + * @param uri The URI of interest (without the possible GET arguments). * @param headersCount The number of HTTP headers. * @param headersKeys The keys of the HTTP headers (always converted to low-case). * @param headersValues The values of the HTTP headers. @@ -10378,8 +10381,9 @@ * @ingroup Callbacks **/ typedef OrthancPluginErrorCode (*OrthancPluginHttpAuthentication) ( - OrthancPluginHttpAuthenticationStatus* status, /* out */ - OrthancPluginMemoryBuffer* redirection, /* out */ + OrthancPluginHttpAuthenticationStatus* status, /* out */ + OrthancPluginMemoryBuffer* customPayload, /* out */ + OrthancPluginMemoryBuffer* redirection, /* out */ const char* uri, uint32_t headersCount, const char* const* headersKeys, @@ -10398,7 +10402,9 @@ * incoming HTTP request to handle HTTP authentication. At most one * plugin can register such a callback. This gives the opportunity * to one plugin to validate access tokens (such as a JWT), possibly - * redirecting the user to a login page. + * redirecting the user to a login page. The callback can generate a + * custom payload that will be provided to the possible subsequent + * HTTP authorizer (cf. function XXX). * * If one plugin installs such a callback, the built-in HTTP * authentication of Orthanc is disabled. This means that the @@ -10407,6 +10413,11 @@ * generated by OrthancPluginGenerateRestApiAuthorizationToken() * become ineffective. * + * The HTTP authentication callback can notably be used if some + * resource in the REST API must be available for public access, as + * soon as the "RemoteAccessAllowed" configuration option is set to + * "true". + * * @param context The Orthanc plugin context, as received by OrthancPluginInitialize(). * @param callback The HTTP authentication callback. * @return 0 if success, other value if error.
--- a/OrthancServer/Sources/main.cpp Thu Jul 10 10:08:14 2025 +0200 +++ b/OrthancServer/Sources/main.cpp Thu Jul 10 18:36:36 2025 +0200 @@ -605,14 +605,15 @@ return true; } - virtual AuthenticationStatus CheckAuthentication(std::string& redirection /* out: path relative to the root */, + virtual AuthenticationStatus CheckAuthentication(std::string& customPayload, + std::string& redirection, const std::string& uri, const HttpToolbox::Arguments& httpHeaders) const ORTHANC_OVERRIDE { #if ORTHANC_ENABLE_PLUGINS == 1 if (plugins_ != NULL) { - return plugins_->CheckAuthentication(redirection, uri, httpHeaders); + return plugins_->CheckAuthentication(customPayload, redirection, uri, httpHeaders); } #endif