src/Common/Http/HttpRestRequest.php

   1 <?php
   2
   3 /**
   4  * HttpRestRequest represents the current OpenEMR api request
   5  * @package openemr
   6  * @link      http://www.open-emr.org
   7  * @author    Stephen Nielson <stephen@nielson.org>
   8  * @copyright Copyright (c) 2021 Stephen Nielson <stephen@nielson.org>
   9  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  10  */
  11
  12 namespace OpenEMR\Common\Http;
  13
  14 use OpenEMR\Common\Logging\SystemLogger;
  15 use OpenEMR\Common\System\System;
  16 use OpenEMR\Common\Uuid\UuidRegistry;
  17
  18 class HttpRestRequest
  19 {
  20
  21     /**
  22      * @var \RestConfig
  23      */
  24     private $restConfig;
  25
  26     /**
  27      * The Resource that is being requested in this http rest call.
  28      * @var string
  29      */
  30     private $resource;
  31
  32     /**
  33      * The FHIR operation that this request represents.  FHIR operations are prefixed with a $ ie $export
  34      * @var string
  35      */
  36     private $operation;
  37
  38     /**
  39      * @var array
  40      */
  41     private $requestUser;
  42
  43     /**
  44      * The binary string of the request user uuid
  45      * @var string
  46      */
  47     private $requestUserUUID;
  48
  49     /**
  50      * @var string
  51      */
  52     private $requestUserUUIDString;
  53
  54     /**
  55      * @var 'patient'|'users'
  56      */
  57     private $requestUserRole;
  58
  59     /**
  60      * @var array
  61      */
  62     private $accessTokenScopes;
  63
  64     /**
  65      * @var string
  66      */
  67     private $requestSite;
  68
  69     /**
  70      * @var string
  71      */
  72     private $clientId;
  73
  74     /**
  75      * @var string
  76      */
  77     private $accessTokenId;
  78
  79     /**
  80      * @var boolean
  81      */
  82     private $isLocalApi;
  83
  84     /**
  85      * @var string
  86      */
  87     private $requestMethod;
  88
  89     /**
  90      * The kind of REST api request this object represents
  91      * @var string
  92      */
  93     private $apiType;
  94
  95     /**
  96      * @var string
  97      */
  98     private $requestPath;
  99
 100     /**
 101      * @var string the URL for the api base full url
 102      */
 103     private $apiBaseFullUrl;
 104
 105     /**
 106      * @var string[] The request headers
 107      */
 108     private $headers;
 109
 110     /**
 111      * @var mixed[]
 112      */
 113     private $queryParams;
 114
 115     public function __construct($restConfig, $server)
 116     {
 117         $this->restConfig = $restConfig;
 118         $this->requestSite = $restConfig::$SITE;
 119
 120         $this->setRequestMethod($server["REQUEST_METHOD"]);
 121         $this->setRequestURI($server['REQUEST_URI'] ?? "");
 122         $this->headers = $this->parseHeadersFromServer($server);
 123         $queryParams = $_GET ?? [];
 124         // remove the OpenEMR queryParams that our rewrite command injected so we don't mess stuff up.
 125         if (isset($queryParams['_REWRITE_COMMAND'])) {
 126             unset($queryParams['_REWRITE_COMMAND']);
 127         }
 128         $this->setQueryParams($queryParams);
 129     }
 130
 131     public function setRequestMethod($requestMethod)
 132     {
 133         $this->requestMethod = $requestMethod;
 134     }
 135
 136     public function setQueryParams($queryParams)
 137     {
 138         $this->queryParams = $queryParams;
 139     }
 140
 141     public function getQueryParams()
 142     {
 143         return $this->queryParams;
 144     }
 145
 146     public function getQueryParam($key)
 147     {
 148         return $this->queryParams[$key] ?? null;
 149     }
 150
 151     /**
 152      * Return an array of HTTP request headers
 153      * @return array|string[]
 154      */
 155     public function getHeaders()
 156     {
 157         return array_values($this->headers);
 158     }
 159
 160     /**
 161      * Retrieve the value of the passed in request's HTTP header.  Return's null if the value does not exist
 162      * @param $headerName string the name of the header value to retrieve.
 163      * @return mixed|string|null
 164      */
 165     public function getHeader($headerName)
 166     {
 167         return $this->headers[$headerName] ?? null;
 168     }
 169
 170     /**
 171      * Checks if the current HTTP request has the passed in header
 172      * @param $headerName The name of the header to check
 173      * @return bool true if the header exists, false otherwise.
 174      */
 175     public function hasHeader($headerName)
 176     {
 177         return !empty($this->headers[$headerName]);
 178     }
 179
 180     /**
 181      * @return \RestConfig
 182      */
 183     public function getRestConfig(): \RestConfig
 184     {
 185         return $this->restConfig;
 186     }
 187
 188     /**
 189      * Return the Request URI (matches the $_SERVER['REQUEST_URI'])
 190      * @return mixed|string
 191      */
 192     public function getRequestURI()
 193     {
 194         return $this->requestURI;
 195     }
 196
 197     /**
 198      * Return the Request URI (matches the $_SERVER['REQUEST_URI'])
 199      * @param mixed|string $requestURI
 200      */
 201     public function setRequestURI($requestURI): void
 202     {
 203         $this->requestURI = $requestURI;
 204     }
 205
 206     /**
 207      * @return string
 208      */
 209     public function getResource(): ?string
 210     {
 211         return $this->resource;
 212     }
 213
 214     /**
 215      * @param string $resource
 216      */
 217     public function setResource(?string $resource): void
 218     {
 219         $this->resource = $resource;
 220     }
 221
 222     /**
 223      * Returns the operation name for this request if this request represents a FHIR operation.
 224      * Operations are prefixed with a $
 225      * @return string
 226      */
 227     public function getOperation(): ?string
 228     {
 229         return $this->operation;
 230     }
 231
 232     /**
 233      * Sets the operation name for this request if this request represents a FHIR operation.
 234      * Operations are prefixed with a $
 235      * @param string $operation The operation name
 236      */
 237     public function setOperation(string $operation): void
 238     {
 239         $this->operation = $operation;
 240     }
 241
 242     /**
 243      * @return array
 244      */
 245     public function getRequestUser(): array
 246     {
 247         return $this->requestUser;
 248     }
 249
 250     /**
 251      * Returns the current user id if we have one
 252      * @return int|null
 253      */
 254     public function getRequestUserId(): ?int
 255     {
 256         $user = $this->getRequestUser();
 257         return $user['id'] ?? null;
 258     }
 259
 260     /**
 261      * @param array $requestUser
 262      */
 263     public function setRequestUser($userUUIDString, array $requestUser): void
 264     {
 265         $this->requestUser = $requestUser;
 266
 267         // set up any other user context information
 268         if (empty($requestUser)) {
 269             $this->requestUserUUIDString = null;
 270             $this->requestUserUUID = null;
 271         } else {
 272             $this->requestUserUUIDString = $userUUIDString ?? null;
 273             $this->requestUserUUID = UuidRegistry::uuidToBytes($userUUIDString) ?? null;
 274         }
 275     }
 276
 277     /**
 278      * @return array
 279      */
 280     public function getAccessTokenScopes(): array
 281     {
 282         return $this->accessTokenScopes;
 283     }
 284
 285     /**
 286      * @param array $scopes
 287      */
 288     public function setAccessTokenScopes(array $scopes): void
 289     {
 290         $this->accessTokenScopes = $scopes;
 291     }
 292
 293     /**
 294      * @return string
 295      */
 296     public function getRequestSite(): ?string
 297     {
 298         return $this->requestSite;
 299     }
 300
 301     /**
 302      * @param string $requestSite
 303      */
 304     public function setRequestSite(string $requestSite): void
 305     {
 306         $this->requestSite = $requestSite;
 307     }
 308
 309     /**
 310      * @return string
 311      */
 312     public function getClientId(): ?string
 313     {
 314         return $this->clientId;
 315     }
 316
 317     /**
 318      * @param string $clientId
 319      */
 320     public function setClientId(string $clientId): void
 321     {
 322         $this->clientId = $clientId;
 323     }
 324
 325     /**
 326      * @return string
 327      */
 328     public function getAccessTokenId(): ?string
 329     {
 330         return $this->accessTokenId;
 331     }
 332
 333     /**
 334      * @param string $accessTokenId
 335      */
 336     public function setAccessTokenId(string $accessTokenId): void
 337     {
 338         $this->accessTokenId = $accessTokenId;
 339     }
 340
 341     /**
 342      * @return bool
 343      */
 344     public function isLocalApi(): bool
 345     {
 346         return $this->isLocalApi;
 347     }
 348
 349     /**
 350      * @param bool $isLocalApi
 351      */
 352     public function setIsLocalApi(bool $isLocalApi): void
 353     {
 354         $this->isLocalApi = $isLocalApi;
 355     }
 356
 357     /**
 358      * @return mixed
 359      */
 360     public function getRequestUserRole()
 361     {
 362         return $this->requestUserRole;
 363     }
 364
 365     /**
 366      * @param string $requestUserRole either 'patients' or 'users'
 367      */
 368     public function setRequestUserRole($requestUserRole): void
 369     {
 370         if (!in_array($requestUserRole, ['patient', 'users', 'system'])) {
 371             throw new \InvalidArgumentException("invalid user role found");
 372         }
 373         $this->requestUserRole = $requestUserRole;
 374     }
 375
 376     public function getRequestUserUUID()
 377     {
 378         return $this->requestUserUUID;
 379     }
 380
 381     public function getRequestUserUUIDString()
 382     {
 383         return $this->requestUserUUIDString;
 384     }
 385
 386     public function getPatientUUIDString()
 387     {
 388         // we may change how this is set, it will depend on if a 'user' role type can still have
 389         // patient/<resource>.* requests.  IE patient/Patient.read
 390         return $this->requestUserUUIDString;
 391     }
 392
 393     /**
 394      * @return string
 395      */
 396     public function getApiType(): ?string
 397     {
 398         return $this->apiType;
 399     }
 400
 401     /**
 402      * @param string $api
 403      */
 404     public function setApiType(string $apiType): void
 405     {
 406         if (!in_array($apiType, ['fhir', 'oemr', 'port'])) {
 407             throw new \InvalidArgumentException("invalid api type found");
 408         }
 409         $this->apiType = $apiType;
 410     }
 411
 412     /**
 413      * @return string
 414      */
 415     public function getRequestMethod(): ?string
 416     {
 417         return $this->requestMethod;
 418     }
 419
 420
 421     public function isPatientRequest()
 422     {
 423         return $this->requestUserRole === 'patient';
 424     }
 425
 426     public function isFhir()
 427     {
 428         return $this->getApiType() === 'fhir';
 429     }
 430
 431     /**
 432      * If this is a patient context request for write/modify of patient context resources
 433      * @return bool
 434      */
 435     public function isPatientWriteRequest()
 436     {
 437         return $this->isFhir() && $this->isPatientRequest() && $this->getRequestMethod() != 'GET';
 438     }
 439
 440     public function isFhirSearchRequest(): bool
 441     {
 442         if ($this->isFhir() && $this->getRequestMethod() == "POST") {
 443             return str_ends_with($this->getRequestPath(), '_search') !== false;
 444         }
 445         return false;
 446     }
 447
 448     public function setRequestPath(string $requestPath)
 449     {
 450         $this->requestPath = $requestPath;
 451     }
 452
 453     public function getRequestPath(): ?string
 454     {
 455         return $this->requestPath;
 456     }
 457
 458     /**
 459      * Returns the full URL to the api server
 460      * @return string
 461      */
 462     public function getApiBaseFullUrl(): string
 463     {
 464         return $this->apiBaseFullUrl;
 465     }
 466
 467     /**
 468      * Set the full URL to the api server that api requests are appended to.
 469      * @param string $apiBaseFullUrl
 470      */
 471     public function setApiBaseFullUrl(string $apiBaseFullUrl): void
 472     {
 473         $this->apiBaseFullUrl = $apiBaseFullUrl;
 474     }
 475
 476     /**
 477      * Given an array of server variables (typically the $_SERVER superglobal) parse out all of the HTTP_X headers
 478      * and convert them into a hashmap of header -> header
 479      * @param $server array of server variables typically the $_SERVER superglobal
 480      * @return array hashmap of header -> header
 481      */
 482     private function parseHeadersFromServer($server)
 483     {
 484         $headers = array();
 485         foreach ($server as $key => $value) {
 486             $prefix = substr($key, 0, 5);
 487
 488             if ($prefix != 'HTTP_') {
 489                 continue;
 490             }
 491
 492             $serverHeader = strtolower(substr($key, 5));
 493             $uppercasedServerHeader = ucwords(str_replace('_', ' ', $serverHeader));
 494
 495             $header = str_replace(' ', '-', $uppercasedServerHeader);
 496             $headers[$header] = $value;
 497         }
 498         return $headers;
 499     }
 500 }