_rest_config.php

   1 <?php
   2 /**
   3  * Useful globals class for Rest
   4  *
   5  * @package   OpenEMR
   6  * @link      http://www.open-emr.org
   7  * @author    Jerry Padgett <sjpadgett@gmail.com>
   8  * @author    Brady Miller <brady.g.miller@gmail.com>
   9  * @copyright Copyright (c) 2018 Jerry Padgett <sjpadgett@gmail.com>
  10  * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
  11  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  12  */
  13
  14 use OpenEMR\RestControllers\AuthRestController;
  15
  16 // also a handy place to add utility methods
  17 //
  18 class RestConfig
  19 {
  20     /** @var set to true to send debug info to the browser */
  21     public static $DEBUG_MODE = false;
  22
  23     /** @var default action is the controller.method fired when no route is specified */
  24     public static $DEFAULT_ACTION = "";
  25
  26     /** @var routemap is an array of patterns and routes */
  27     public static $ROUTE_MAP;
  28
  29     /** @var fhir routemap is an array of patterns and routes */
  30     public static $FHIR_ROUTE_MAP;
  31
  32     /** @var app root is the root directory of the application */
  33     public static $APP_ROOT;
  34
  35     /** @var root url of the application */
  36     public static $ROOT_URL;
  37     public static $REST_FULL_URL;
  38     public static $VENDOR_DIR;
  39     public static $webserver_root;
  40     public static $web_root;
  41     public static $server_document_root;
  42     public static $SITE;
  43
  44     private static $INSTANCE;
  45     private static $IS_INITIALIZED = false;
  46
  47     /**  @var set to true if local api call */
  48     private static $localCall = false;
  49
  50     /**  @var set to true if not rest call */
  51     private static $notRestCall = false;
  52
  53     /** prevents external construction */
  54     private function __construct()
  55     {
  56     }
  57
  58     /** prevents external cloning */
  59     private function __clone()
  60     {
  61     }
  62
  63     /**
  64      * Initialize the RestConfig object
  65      */
  66     static function Init()
  67     {
  68         if (!self::$IS_INITIALIZED) {
  69             self::setPaths();
  70             self::$REST_FULL_URL = $_SERVER['REQUEST_SCHEME'] . "//" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; // @todo unsure here!
  71             self::$ROOT_URL = self::$web_root . "/apis";
  72             self::$VENDOR_DIR = self::$webserver_root . "/vendor";
  73             self::$IS_INITIALIZED = true;
  74         }
  75     }
  76
  77     /**
  78      * Returns an instance of the RestConfig singleton
  79      * @return RestConfig
  80      */
  81     static function GetInstance()
  82     {
  83         if (!self::$IS_INITIALIZED) {
  84             self::Init();
  85         }
  86
  87         if (!self::$INSTANCE instanceof self) {
  88             self::$INSTANCE = new self;
  89         }
  90
  91         return self::$INSTANCE;
  92     }
  93
  94
  95     /**
  96      * Basic paths when GLOBALS are not yet available.
  97      * @return none
  98      */
  99     static function SetPaths()
 100     {
 101         $isWindows = stripos(PHP_OS, 'WIN') === 0;
 102         self::$webserver_root = dirname(__FILE__);
 103         if ($isWindows) {
 104             //convert windows path separators
 105             self::$webserver_root = str_replace("\\", "/", self::$webserver_root);
 106         }
 107         // Collect the apache server document root (and convert to windows slashes, if needed)
 108         self::$server_document_root = realpath($_SERVER['DOCUMENT_ROOT']);
 109         if ($isWindows) {
 110             //convert windows path separators
 111             self::$server_document_root = str_replace("\\", "/", self::$server_document_root);
 112         }
 113         self::$web_root = substr(self::$webserver_root, strspn(self::$webserver_root ^ self::$server_document_root, "\0"));
 114         // Ensure web_root starts with a path separator
 115         if (preg_match("/^[^\/]/", self::$web_root)) {
 116             self::$web_root = "/" . self::$web_root;
 117         }
 118     }
 119
 120     static function destroySession()
 121     {
 122         if (!isset($_SESSION)) {
 123             return;
 124         }
 125         $_SESSION = array();
 126         if (ini_get("session.use_cookies")) {
 127             $params = session_get_cookie_params();
 128             setcookie(
 129                 session_name(),
 130                 '',
 131                 time() - 42000,
 132                 $params["path"],
 133                 $params["domain"],
 134                 $params["secure"],
 135                 $params["httponly"]
 136             );
 137         }
 138     }
 139
 140     static function getPostData($data)
 141     {
 142         if (count($_POST)) {
 143             return $_POST;
 144         } elseif ($post_data = file_get_contents('php://input')) {
 145             if ($post_json = json_decode($post_data, true)) {
 146                 return $post_json;
 147             } else {
 148                 parse_str($post_data, $post_variables);
 149                 if (count($post_variables)) {
 150                     return $post_variables;
 151                 }
 152             }
 153         }
 154
 155         return false;
 156     }
 157
 158     static function authorization_check($section, $value)
 159     {
 160         if (self::$notRestCall || self::$localCall) {
 161             $result = acl_check($section, $value, $_SESSION['authUser']);
 162         } else {
 163             $authRestController = new AuthRestController();
 164             $result = $authRestController->aclCheck($_SERVER["HTTP_X_API_TOKEN"], $section, $value);
 165         }
 166         if (!$result) {
 167             if (!self::$notRestCall) {
 168                 http_response_code(401);
 169             }
 170             exit();
 171         }
 172     }
 173
 174     static function setLocalCall()
 175     {
 176         self::$localCall = true;
 177     }
 178
 179     static function setNotRestCall()
 180     {
 181         self::$notRestCall = true;
 182     }
 183
 184     static function is_authentication($resource)
 185     {
 186         return ($resource === "/api/auth" || $resource === "/fhir/auth");
 187     }
 188
 189     static function get_bearer_token()
 190     {
 191         $parse = preg_split("/[\s,]+/", $_SERVER["HTTP_AUTHORIZATION"]);
 192         if (strtoupper(trim($parse[0])) !== 'BEARER') {
 193             return false;
 194         }
 195
 196         return trim($parse[1]);
 197     }
 198
 199     static function is_fhir_request($resource)
 200     {
 201         return (stripos(strtolower($resource), "/fhir/") !== false) ? true : false;
 202     }
 203
 204     static function verify_api_request($resource, $api)
 205     {
 206         $api = strtolower(trim($api));
 207         if (self::is_fhir_request($resource)) {
 208             if ($api !== 'fhir') {
 209                 http_response_code(401);
 210                 exit();
 211             }
 212         } elseif ($api !== 'oemr') {
 213             http_response_code(401);
 214             exit();
 215         }
 216
 217         return;
 218     }
 219
 220     static function authentication_check($resource)
 221     {
 222         if (!self::is_authentication($resource)) {
 223             $token = $_SERVER["HTTP_X_API_TOKEN"];
 224             $authRestController = new AuthRestController();
 225             if (!$authRestController->isValidToken($token)) {
 226                 http_response_code(401);
 227                 exit();
 228             } else {
 229                 $authRestController->optionallyAddMoreTokenTime($token);
 230             }
 231         }
 232     }
 233 }
 234
 235 // Include our routes and init routes global
 236 //
 237 require_once(dirname(__FILE__) . "/_rest_routes.inc.php");