Mercurial > hg > orthanc
changeset 34:96e57b863dd9
option to disallow remote access
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 30 Aug 2012 11:22:21 +0200 |
parents | 0c3e317f35e8 |
children | f6d12037f886 |
files | Core/HttpServer/MongooseServer.cpp Core/HttpServer/MongooseServer.h PalantirServer/DicomIntegerPixelAccessor.cpp PalantirServer/PalantirRestApi.cpp PalantirServer/main.cpp Resources/Configuration.json |
diffstat | 6 files changed, 58 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/Core/HttpServer/MongooseServer.cpp Thu Aug 30 09:35:38 2012 +0200 +++ b/Core/HttpServer/MongooseServer.cpp Thu Aug 30 11:22:21 2012 +0200 @@ -38,6 +38,8 @@ #define PALANTIR_REALM "Palantir Secure Area" +static const long LOCALHOST = (127ll << 24) + 1ll; + namespace Palantir { @@ -397,6 +399,15 @@ } + static void SendUnauthorized(HttpOutput& output) + { + std::string s = "HTTP/1.1 401 Unauthorized\r\n" + "WWW-Authenticate: Basic realm=\"" PALANTIR_REALM "\"" + "\r\n\r\n"; + output.Send(&s[0], s.size()); + } + + static bool Authorize(const MongooseServer& that, const HttpHandler::Arguments& headers, HttpOutput& output) @@ -416,10 +427,7 @@ if (!granted) { - std::string s = "HTTP/1.1 401 Unauthorized\r\n" - "WWW-Authenticate: Basic realm=\"" PALANTIR_REALM "\"" - "\r\n\r\n"; - output.Send(&s[0], s.size()); + SendUnauthorized(output); return false; } else @@ -437,9 +445,16 @@ if (event == MG_NEW_REQUEST) { MongooseServer* that = (MongooseServer*) (request->user_data); + MongooseOutput output(connection); + + if (!that->IsRemoteAccessAllowed() && + request->remote_ip != LOCALHOST) + { + SendUnauthorized(output); + return (void*) ""; + } HttpHandler::Arguments arguments, headers; - MongooseOutput c(connection); for (int i = 0; i < request->num_headers; i++) { @@ -450,7 +465,7 @@ // Authenticate this connection if (that->IsAuthenticationEnabled() && - !Authorize(*that, headers, c)) + !Authorize(*that, headers, output)) { return (void*) ""; } @@ -466,7 +481,7 @@ HttpHandler::Arguments::const_iterator ct = headers.find("content-type"); if (ct == headers.end()) { - c.SendHeader(HttpStatus_400_BadRequest); + output.SendHeader(HttpStatus_400_BadRequest); return (void*) ""; } @@ -486,15 +501,15 @@ switch (status) { case PostDataStatus_NoLength: - c.SendHeader(HttpStatus_411_LengthRequired); + output.SendHeader(HttpStatus_411_LengthRequired); return (void*) ""; case PostDataStatus_Failure: - c.SendHeader(HttpStatus_400_BadRequest); + output.SendHeader(HttpStatus_400_BadRequest); return (void*) ""; case PostDataStatus_Pending: - c.AnswerBuffer(""); + output.AnswerBuffer(""); return (void*) ""; default: @@ -510,18 +525,18 @@ { try { - handler->Handle(c, std::string(request->request_method), + handler->Handle(output, std::string(request->request_method), uri, headers, arguments, postData); } catch (PalantirException& e) { std::cerr << "MongooseServer Exception [" << e.What() << "]" << std::endl; - c.SendHeader(HttpStatus_500_InternalServerError); + output.SendHeader(HttpStatus_500_InternalServerError); } } else { - c.SendHeader(HttpStatus_404_NotFound); + output.SendHeader(HttpStatus_404_NotFound); } // Mark as processed @@ -543,6 +558,7 @@ MongooseServer::MongooseServer() : pimpl_(new PImpl) { pimpl_->context_ = NULL; + remoteAllowed_ = false; authentication_ = false; ssl_ = false; port_ = 8000; @@ -664,6 +680,13 @@ certificate_ = path; } + void MongooseServer::SetRemoteAccessAllowed(bool allowed) + { + Stop(); + remoteAllowed_ = allowed; + } + + bool MongooseServer::IsValidBasicHttpAuthentication(const std::string& basic) const { return registeredUsers_.find(basic) != registeredUsers_.end();
--- a/Core/HttpServer/MongooseServer.h Thu Aug 30 09:35:38 2012 +0200 +++ b/Core/HttpServer/MongooseServer.h Thu Aug 30 11:22:21 2012 +0200 @@ -44,6 +44,7 @@ typedef std::set<std::string> RegisteredUsers; RegisteredUsers registeredUsers_; + bool remoteAllowed_; bool authentication_; bool ssl_; std::string certificate_; @@ -95,6 +96,13 @@ void SetSslCertificate(const char* path); + bool IsRemoteAccessAllowed() const + { + return remoteAllowed_; + } + + void SetRemoteAccessAllowed(bool allowed); + void ClearHandlers(); // Can return NULL if no handler is associated to this URI
--- a/PalantirServer/DicomIntegerPixelAccessor.cpp Thu Aug 30 09:35:38 2012 +0200 +++ b/PalantirServer/DicomIntegerPixelAccessor.cpp Thu Aug 30 11:22:21 2012 +0200 @@ -80,8 +80,8 @@ throw PalantirException(ErrorCode_NotImplemented); } - printf("%d %d %d %d %d %d %d\n", width_, height_, samplesPerPixel_, bitsAllocated, - bitsStored, highBit, pixelRepresentation); + /*printf("%d %d %d %d %d %d %d\n", width_, height_, samplesPerPixel_, bitsAllocated, + bitsStored, highBit, pixelRepresentation);*/ bytesPerPixel_ = bitsAllocated / 8; shift_ = highBit + 1 - bitsStored;
--- a/PalantirServer/PalantirRestApi.cpp Thu Aug 30 09:35:38 2012 +0200 +++ b/PalantirServer/PalantirRestApi.cpp Thu Aug 30 11:22:21 2012 +0200 @@ -49,7 +49,7 @@ } is.setEos(); - printf("[%d]\n", postData.size()); + //printf("[%d]\n", postData.size()); DcmFileFormat dicomFile; if (dicomFile.read(is).good()) @@ -467,7 +467,8 @@ else if (uri.size() == 3 && uri[0] == "instances" && (uri[2] == "file" || - uri[2] == "all-tags")) + uri[2] == "tags" || + uri[2] == "named-tags")) { std::string fileUuid, contentType; if (uri[2] == "file") @@ -475,7 +476,8 @@ existingResource = index_.GetDicomFile(fileUuid, uri[1]); contentType = "application/dicom"; } - else + else if (uri[2] == "tags" || + uri[2] == "named-tags") { existingResource = index_.GetJsonFile(fileUuid, uri[1]); contentType = "application/json";
--- a/PalantirServer/main.cpp Thu Aug 30 09:35:38 2012 +0200 +++ b/PalantirServer/main.cpp Thu Aug 30 11:22:21 2012 +0200 @@ -49,14 +49,14 @@ virtual void Handle(const std::vector<uint8_t>& dicomFile, const DicomMap& dicomSummary, const Json::Value& dicomJson, - const std::string& distantAet) + const std::string& remoteAet) { std::string instanceUuid; if (dicomFile.size() > 0) { index_.Store(instanceUuid, storage_, reinterpret_cast<const char*>(&dicomFile[0]), dicomFile.size(), - dicomSummary, dicomJson, distantAet); + dicomSummary, dicomJson, remoteAet); } } }; @@ -121,6 +121,7 @@ // HTTP server MongooseServer httpServer; httpServer.SetPort(GetGlobalIntegerParameter("HttpPort", 8000)); + httpServer.SetRemoteAccessAllowed(GetGlobalBoolParameter("RemoteAccessAllowed", false)); httpServer.SetAuthenticationEnabled(GetGlobalBoolParameter("AuthenticationEnabled", false)); SetupRegisteredUsers(httpServer);
--- a/Resources/Configuration.json Thu Aug 30 09:35:38 2012 +0200 +++ b/Resources/Configuration.json Thu Aug 30 11:22:21 2012 +0200 @@ -33,6 +33,9 @@ * Security-related options **/ + // Whether remote hosts can connect to the HTTP server + "RemoteAccessAllowed" : false, + // Whether or not SSL is enabled "SslEnabled" : false, @@ -40,7 +43,7 @@ "SslCertificate" : "certificate.pem", // Whether or not the password protection is enabled - "AuthenticationEnabled" : true, + "AuthenticationEnabled" : false, // The list of the registered users. Because Palantir uses HTTP // Basic Authentication, the passwords are stored as plain text.