_rest_config.php

   1 <?php
   2 /**
   3  * Useful globals class for Rest
   4  *
   5  * @package   OpenEMR
   6  * @link      http://www.open-emr.org
   7  * @author    Jerry Padgett <sjpadgett@gmail.com>
   8  * @author    Brady Miller <brady.g.miller@gmail.com>
   9  * @copyright Copyright (c) 2018 Jerry Padgett <sjpadgett@gmail.com>
  10  * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
  11  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  12  */
  13
  14 require_once(dirname(__FILE__) . "/src/Common/Session/SessionUtil.php");
  15
  16 use OpenEMR\Common\Acl\AclMain;
  17 use OpenEMR\RestControllers\AuthRestController;
  18
  19 // also a handy place to add utility methods
  20 //
  21 class RestConfig
  22 {
  23     /** @var set to true to send debug info to the browser */
  24     public static $DEBUG_MODE = false;
  25
  26     /** @var default action is the controller.method fired when no route is specified */
  27     public static $DEFAULT_ACTION = "";
  28
  29     /** @var routemap is an array of patterns and routes */
  30     public static $ROUTE_MAP;
  31
  32     /** @var fhir routemap is an array of patterns and routes */
  33     public static $FHIR_ROUTE_MAP;
  34
  35     /** @var app root is the root directory of the application */
  36     public static $APP_ROOT;
  37
  38     /** @var root url of the application */
  39     public static $ROOT_URL;
  40     public static $REST_FULL_URL;
  41     public static $VENDOR_DIR;
  42     public static $webserver_root;
  43     public static $web_root;
  44     public static $server_document_root;
  45     public static $SITE;
  46
  47     private static $INSTANCE;
  48     private static $IS_INITIALIZED = false;
  49
  50     /**  @var set to true if local api call */
  51     private static $localCall = false;
  52
  53     /**  @var set to true if not rest call */
  54     private static $notRestCall = false;
  55
  56     /** prevents external construction */
  57     private function __construct()
  58     {
  59     }
  60
  61     /** prevents external cloning */
  62     private function __clone()
  63     {
  64     }
  65
  66     /**
  67      * Initialize the RestConfig object
  68      */
  69     static function Init()
  70     {
  71         if (!self::$IS_INITIALIZED) {
  72             self::setPaths();
  73             self::$REST_FULL_URL = $_SERVER['REQUEST_SCHEME'] . "//" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; // @todo unsure here!
  74             self::$ROOT_URL = self::$web_root . "/apis";
  75             self::$VENDOR_DIR = self::$webserver_root . "/vendor";
  76             self::$IS_INITIALIZED = true;
  77         }
  78     }
  79
  80     /**
  81      * Returns an instance of the RestConfig singleton
  82      * @return RestConfig
  83      */
  84     static function GetInstance()
  85     {
  86         if (!self::$IS_INITIALIZED) {
  87             self::Init();
  88         }
  89
  90         if (!self::$INSTANCE instanceof self) {
  91             self::$INSTANCE = new self;
  92         }
  93
  94         return self::$INSTANCE;
  95     }
  96
  97
  98     /**
  99      * Basic paths when GLOBALS are not yet available.
 100      * @return none
 101      */
 102     static function SetPaths()
 103     {
 104         $isWindows = stripos(PHP_OS, 'WIN') === 0;
 105         self::$webserver_root = dirname(__FILE__);
 106         if ($isWindows) {
 107             //convert windows path separators
 108             self::$webserver_root = str_replace("\\", "/", self::$webserver_root);
 109         }
 110         // Collect the apache server document root (and convert to windows slashes, if needed)
 111         self::$server_document_root = realpath($_SERVER['DOCUMENT_ROOT']);
 112         if ($isWindows) {
 113             //convert windows path separators
 114             self::$server_document_root = str_replace("\\", "/", self::$server_document_root);
 115         }
 116         self::$web_root = substr(self::$webserver_root, strspn(self::$webserver_root ^ self::$server_document_root, "\0"));
 117         // Ensure web_root starts with a path separator
 118         if (preg_match("/^[^\/]/", self::$web_root)) {
 119             self::$web_root = "/" . self::$web_root;
 120         }
 121     }
 122
 123     static function destroySession()
 124     {
 125         OpenEMR\Common\Session\SessionUtil::apiSessionCookieDestroy();
 126     }
 127
 128     static function getPostData($data)
 129     {
 130         if (count($_POST)) {
 131             return $_POST;
 132         } elseif ($post_data = file_get_contents('php://input')) {
 133             if ($post_json = json_decode($post_data, true)) {
 134                 return $post_json;
 135             } else {
 136                 parse_str($post_data, $post_variables);
 137                 if (count($post_variables)) {
 138                     return $post_variables;
 139                 }
 140             }
 141         }
 142
 143         return false;
 144     }
 145
 146     static function authorization_check($section, $value)
 147     {
 148         if (self::$notRestCall || self::$localCall) {
 149             $result = AclMain::aclCheckCore($section, $value, $_SESSION['authUser']);
 150         } else {
 151             $authRestController = new AuthRestController();
 152             $result = $authRestController->aclCheck($_SERVER["HTTP_X_API_TOKEN"], $section, $value);
 153         }
 154         if (!$result) {
 155             if (!self::$notRestCall) {
 156                 http_response_code(401);
 157             }
 158             exit();
 159         }
 160     }
 161
 162     static function setLocalCall()
 163     {
 164         self::$localCall = true;
 165     }
 166
 167     static function setNotRestCall()
 168     {
 169         self::$notRestCall = true;
 170     }
 171
 172     static function is_authentication($resource)
 173     {
 174         return ($resource === "/api/auth" || $resource === "/fhir/auth");
 175     }
 176
 177     static function get_bearer_token()
 178     {
 179         $parse = preg_split("/[\s,]+/", $_SERVER["HTTP_AUTHORIZATION"]);
 180         if (strtoupper(trim($parse[0])) !== 'BEARER') {
 181             return false;
 182         }
 183
 184         return trim($parse[1]);
 185     }
 186
 187     static function is_fhir_request($resource)
 188     {
 189         return (stripos(strtolower($resource), "/fhir/") !== false) ? true : false;
 190     }
 191
 192     static function verify_api_request($resource, $api)
 193     {
 194         $api = strtolower(trim($api));
 195         if (self::is_fhir_request($resource)) {
 196             if ($api !== 'fhir') {
 197                 http_response_code(401);
 198                 exit();
 199             }
 200         } elseif ($api !== 'oemr') {
 201             http_response_code(401);
 202             exit();
 203         }
 204
 205         return;
 206     }
 207
 208     static function authentication_check($resource)
 209     {
 210         if (!self::is_authentication($resource)) {
 211             $token = $_SERVER["HTTP_X_API_TOKEN"];
 212             $authRestController = new AuthRestController();
 213             if (!$authRestController->isValidToken($token)) {
 214                 http_response_code(401);
 215                 exit();
 216             } else {
 217                 $authRestController->optionallyAddMoreTokenTime($token);
 218             }
 219         }
 220     }
 221 }
 222
 223 // Include our routes and init routes global
 224 //
 225 require_once(dirname(__FILE__) . "/_rest_routes.inc.php");