6 * @link http://www.open-emr.org
7 * @author Matthew Vita <matthewvita48@gmail.com>
8 * @author Jerry Padgett <sjpadgett@gmail.com>
9 * @copyright Copyright (c) 2018 Matthew Vita <matthewvita48@gmail.com>
10 * @copyright Copyright (c) 2018 Jerry Padgett <sjpadgett@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
15 require_once("./../_rest_config.php");
17 $gbl = RestConfig
::GetInstance();
18 $routes = $gbl::$ROUTE_MAP;
19 $base_path = $gbl::$ROOT_URL;
21 // Parse needed information from Redirect or REQUEST_URI
22 if (!empty($_REQUEST['_REWRITE_COMMAND'])) {
23 $resource = "/" . $_REQUEST['_REWRITE_COMMAND'];
24 } elseif (!empty($_SERVER['REDIRECT_QUERY_STRING'])) {
25 $resource = str_replace('_REWRITE_COMMAND=', '/', $_SERVER['REDIRECT_QUERY_STRING']);
27 if (!empty($_SERVER['REQUEST_URI'])) {
28 if (strpos($_SERVER['REQUEST_URI'], '?') > 0) {
29 $resource = strstr($_SERVER['REQUEST_URI'], '?', true);
31 $resource = str_replace("$base_path", '', $_SERVER['REQUEST_URI']);
36 // Maintain site id for multi site compatibility.
37 // token is a 32 character hash followed by hex encoded site id.
38 if (is_authentication($resource)) {
39 // Get a site id from initial login authentication.
40 $data = (array)(json_decode(file_get_contents("php://input")));
41 $site = empty($data['client_id']) ?
"default" : $data['client_id'];
42 $_GET['site'] = $site;
44 $token = get_bearer_token();
45 if (strlen($token) > 40) {
46 $api_token = substr($token, 0, 32);
47 $rest = hex2bin(substr($token, 32));
48 $api = substr($rest, 0, 4);
49 $api_site = substr($rest, 4);
50 verify_api_request($resource, $api);
51 $_SERVER["HTTP_X_API_TOKEN"] = $api_token; // set hash to further the adventure.
52 $_GET['site'] = $api_site; // site id
54 // token should always return with embedded site id
55 http_response_code(401);
61 require_once("./../interface/globals.php");
62 require_once("./../library/acl.inc");
64 if (!$GLOBALS['rest_api']) {
65 http_response_code(501);
68 // api flag must be four chars
70 if (is_fhir_request($resource)) {
71 $_SESSION['api'] = 'fhir';
73 $_SESSION['api'] = 'oemr';
76 use OpenEMR\Common\Http\HttpRestRouteHandler
;
77 use OpenEMR\RestControllers\AuthRestController
;
79 function is_authentication($resource)
81 return ($resource === "/api/auth" ||
$resource === "/fhir/auth");
84 function get_bearer_token()
86 $parse = preg_split("/[\s,]+/", $_SERVER["HTTP_AUTHORIZATION"]);
87 if (strtoupper(trim($parse[0])) !== 'BEARER') {
91 return trim($parse[1]);
94 function is_fhir_request($resource)
96 return (stripos(strtolower($resource), "/fhir/") !== false) ?
true : false;
99 function verify_api_request($resource, $api)
101 $api = strtolower(trim($api));
102 if (is_fhir_request($resource)) {
103 if ($api !== 'fhir') {
104 http_response_code(401);
107 } elseif ($api !== 'oemr') {
108 http_response_code(401);
115 function authentication_check($resource)
117 if (!is_authentication($resource)) {
118 $token = $_SERVER["HTTP_X_API_TOKEN"];
119 $authRestController = new AuthRestController();
120 if (!$authRestController->isValidToken($token)) {
121 http_response_code(401);
124 $authRestController->optionallyAddMoreTokenTime($token);
129 function authorization_check($section, $value)
131 $authRestController = new AuthRestController();
132 $result = $authRestController->aclCheck($_SERVER["HTTP_X_API_TOKEN"], $section, $value);
135 http_response_code(401);
140 authentication_check($resource);
141 // dispatch $routes called by ref.
142 HttpRestRouteHandler
::dispatch($routes, $resource, $_SERVER["REQUEST_METHOD"]);
143 // Tear down session for security.
144 $gbl->destroySession();
