_rest_config.php

   1 <?php
   2 /**
   3  * Useful globals class for Rest
   4  *
   5  * @package   OpenEMR
   6  * @link      http://www.open-emr.org
   7  * @author    Jerry Padgett <sjpadgett@gmail.com>
   8  * @author    Brady Miller <brady.g.miller@gmail.com>
   9  * @copyright Copyright (c) 2018 Jerry Padgett <sjpadgett@gmail.com>
  10  * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
  11  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  12  */
  13
  14 require_once(dirname(__FILE__) . "/src/Common/Session/SessionUtil.php");
  15
  16 use OpenEMR\RestControllers\AuthRestController;
  17
  18 // also a handy place to add utility methods
  19 //
  20 class RestConfig
  21 {
  22     /** @var set to true to send debug info to the browser */
  23     public static $DEBUG_MODE = false;
  24
  25     /** @var default action is the controller.method fired when no route is specified */
  26     public static $DEFAULT_ACTION = "";
  27
  28     /** @var routemap is an array of patterns and routes */
  29     public static $ROUTE_MAP;
  30
  31     /** @var fhir routemap is an array of patterns and routes */
  32     public static $FHIR_ROUTE_MAP;
  33
  34     /** @var app root is the root directory of the application */
  35     public static $APP_ROOT;
  36
  37     /** @var root url of the application */
  38     public static $ROOT_URL;
  39     public static $REST_FULL_URL;
  40     public static $VENDOR_DIR;
  41     public static $webserver_root;
  42     public static $web_root;
  43     public static $server_document_root;
  44     public static $SITE;
  45
  46     private static $INSTANCE;
  47     private static $IS_INITIALIZED = false;
  48
  49     /**  @var set to true if local api call */
  50     private static $localCall = false;
  51
  52     /**  @var set to true if not rest call */
  53     private static $notRestCall = false;
  54
  55     /** prevents external construction */
  56     private function __construct()
  57     {
  58     }
  59
  60     /** prevents external cloning */
  61     private function __clone()
  62     {
  63     }
  64
  65     /**
  66      * Initialize the RestConfig object
  67      */
  68     static function Init()
  69     {
  70         if (!self::$IS_INITIALIZED) {
  71             self::setPaths();
  72             self::$REST_FULL_URL = $_SERVER['REQUEST_SCHEME'] . "//" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; // @todo unsure here!
  73             self::$ROOT_URL = self::$web_root . "/apis";
  74             self::$VENDOR_DIR = self::$webserver_root . "/vendor";
  75             self::$IS_INITIALIZED = true;
  76         }
  77     }
  78
  79     /**
  80      * Returns an instance of the RestConfig singleton
  81      * @return RestConfig
  82      */
  83     static function GetInstance()
  84     {
  85         if (!self::$IS_INITIALIZED) {
  86             self::Init();
  87         }
  88
  89         if (!self::$INSTANCE instanceof self) {
  90             self::$INSTANCE = new self;
  91         }
  92
  93         return self::$INSTANCE;
  94     }
  95
  96
  97     /**
  98      * Basic paths when GLOBALS are not yet available.
  99      * @return none
 100      */
 101     static function SetPaths()
 102     {
 103         $isWindows = stripos(PHP_OS, 'WIN') === 0;
 104         self::$webserver_root = dirname(__FILE__);
 105         if ($isWindows) {
 106             //convert windows path separators
 107             self::$webserver_root = str_replace("\\", "/", self::$webserver_root);
 108         }
 109         // Collect the apache server document root (and convert to windows slashes, if needed)
 110         self::$server_document_root = realpath($_SERVER['DOCUMENT_ROOT']);
 111         if ($isWindows) {
 112             //convert windows path separators
 113             self::$server_document_root = str_replace("\\", "/", self::$server_document_root);
 114         }
 115         self::$web_root = substr(self::$webserver_root, strspn(self::$webserver_root ^ self::$server_document_root, "\0"));
 116         // Ensure web_root starts with a path separator
 117         if (preg_match("/^[^\/]/", self::$web_root)) {
 118             self::$web_root = "/" . self::$web_root;
 119         }
 120     }
 121
 122     static function destroySession()
 123     {
 124         OpenEMR\Common\Session\SessionUtil::apiSessionCookieDestroy();
 125     }
 126
 127     static function getPostData($data)
 128     {
 129         if (count($_POST)) {
 130             return $_POST;
 131         } elseif ($post_data = file_get_contents('php://input')) {
 132             if ($post_json = json_decode($post_data, true)) {
 133                 return $post_json;
 134             } else {
 135                 parse_str($post_data, $post_variables);
 136                 if (count($post_variables)) {
 137                     return $post_variables;
 138                 }
 139             }
 140         }
 141
 142         return false;
 143     }
 144
 145     static function authorization_check($section, $value)
 146     {
 147         if (self::$notRestCall || self::$localCall) {
 148             $result = acl_check($section, $value, $_SESSION['authUser']);
 149         } else {
 150             $authRestController = new AuthRestController();
 151             $result = $authRestController->aclCheck($_SERVER["HTTP_X_API_TOKEN"], $section, $value);
 152         }
 153         if (!$result) {
 154             if (!self::$notRestCall) {
 155                 http_response_code(401);
 156             }
 157             exit();
 158         }
 159     }
 160
 161     static function setLocalCall()
 162     {
 163         self::$localCall = true;
 164     }
 165
 166     static function setNotRestCall()
 167     {
 168         self::$notRestCall = true;
 169     }
 170
 171     static function is_authentication($resource)
 172     {
 173         return ($resource === "/api/auth" || $resource === "/fhir/auth");
 174     }
 175
 176     static function get_bearer_token()
 177     {
 178         $parse = preg_split("/[\s,]+/", $_SERVER["HTTP_AUTHORIZATION"]);
 179         if (strtoupper(trim($parse[0])) !== 'BEARER') {
 180             return false;
 181         }
 182
 183         return trim($parse[1]);
 184     }
 185
 186     static function is_fhir_request($resource)
 187     {
 188         return (stripos(strtolower($resource), "/fhir/") !== false) ? true : false;
 189     }
 190
 191     static function verify_api_request($resource, $api)
 192     {
 193         $api = strtolower(trim($api));
 194         if (self::is_fhir_request($resource)) {
 195             if ($api !== 'fhir') {
 196                 http_response_code(401);
 197                 exit();
 198             }
 199         } elseif ($api !== 'oemr') {
 200             http_response_code(401);
 201             exit();
 202         }
 203
 204         return;
 205     }
 206
 207     static function authentication_check($resource)
 208     {
 209         if (!self::is_authentication($resource)) {
 210             $token = $_SERVER["HTTP_X_API_TOKEN"];
 211             $authRestController = new AuthRestController();
 212             if (!$authRestController->isValidToken($token)) {
 213                 http_response_code(401);
 214                 exit();
 215             } else {
 216                 $authRestController->optionallyAddMoreTokenTime($token);
 217             }
 218         }
 219     }
 220 }
 221
 222 // Include our routes and init routes global
 223 //
 224 require_once(dirname(__FILE__) . "/_rest_routes.inc.php");