Percent-based price levels (#2577)
[openemr.git] / _rest_config.php
blob49cd527d053b34d0ed40c0743323af10f667f6c7
1 <?php
2 /**
3 * Useful globals class for Rest
5 * @package OpenEMR
6 * @link http://www.open-emr.org
7 * @author Jerry Padgett <sjpadgett@gmail.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2018 Jerry Padgett <sjpadgett@gmail.com>
10 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
14 require_once(dirname(__FILE__) . "/src/Common/Session/SessionUtil.php");
16 use OpenEMR\RestControllers\AuthRestController;
18 // also a handy place to add utility methods
20 class RestConfig
22 /** @var set to true to send debug info to the browser */
23 public static $DEBUG_MODE = false;
25 /** @var default action is the controller.method fired when no route is specified */
26 public static $DEFAULT_ACTION = "";
28 /** @var routemap is an array of patterns and routes */
29 public static $ROUTE_MAP;
31 /** @var fhir routemap is an array of patterns and routes */
32 public static $FHIR_ROUTE_MAP;
34 /** @var app root is the root directory of the application */
35 public static $APP_ROOT;
37 /** @var root url of the application */
38 public static $ROOT_URL;
39 public static $REST_FULL_URL;
40 public static $VENDOR_DIR;
41 public static $webserver_root;
42 public static $web_root;
43 public static $server_document_root;
44 public static $SITE;
46 private static $INSTANCE;
47 private static $IS_INITIALIZED = false;
49 /** @var set to true if local api call */
50 private static $localCall = false;
52 /** @var set to true if not rest call */
53 private static $notRestCall = false;
55 /** prevents external construction */
56 private function __construct()
60 /** prevents external cloning */
61 private function __clone()
65 /**
66 * Initialize the RestConfig object
68 static function Init()
70 if (!self::$IS_INITIALIZED) {
71 self::setPaths();
72 self::$REST_FULL_URL = $_SERVER['REQUEST_SCHEME'] . "//" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; // @todo unsure here!
73 self::$ROOT_URL = self::$web_root . "/apis";
74 self::$VENDOR_DIR = self::$webserver_root . "/vendor";
75 self::$IS_INITIALIZED = true;
79 /**
80 * Returns an instance of the RestConfig singleton
81 * @return RestConfig
83 static function GetInstance()
85 if (!self::$IS_INITIALIZED) {
86 self::Init();
89 if (!self::$INSTANCE instanceof self) {
90 self::$INSTANCE = new self;
93 return self::$INSTANCE;
97 /**
98 * Basic paths when GLOBALS are not yet available.
99 * @return none
101 static function SetPaths()
103 $isWindows = stripos(PHP_OS, 'WIN') === 0;
104 self::$webserver_root = dirname(__FILE__);
105 if ($isWindows) {
106 //convert windows path separators
107 self::$webserver_root = str_replace("\\", "/", self::$webserver_root);
109 // Collect the apache server document root (and convert to windows slashes, if needed)
110 self::$server_document_root = realpath($_SERVER['DOCUMENT_ROOT']);
111 if ($isWindows) {
112 //convert windows path separators
113 self::$server_document_root = str_replace("\\", "/", self::$server_document_root);
115 self::$web_root = substr(self::$webserver_root, strspn(self::$webserver_root ^ self::$server_document_root, "\0"));
116 // Ensure web_root starts with a path separator
117 if (preg_match("/^[^\/]/", self::$web_root)) {
118 self::$web_root = "/" . self::$web_root;
122 static function destroySession()
124 OpenEMR\Common\Session\SessionUtil::apiSessionCookieDestroy();
127 static function getPostData($data)
129 if (count($_POST)) {
130 return $_POST;
131 } elseif ($post_data = file_get_contents('php://input')) {
132 if ($post_json = json_decode($post_data, true)) {
133 return $post_json;
134 } else {
135 parse_str($post_data, $post_variables);
136 if (count($post_variables)) {
137 return $post_variables;
142 return false;
145 static function authorization_check($section, $value)
147 if (self::$notRestCall || self::$localCall) {
148 $result = acl_check($section, $value, $_SESSION['authUser']);
149 } else {
150 $authRestController = new AuthRestController();
151 $result = $authRestController->aclCheck($_SERVER["HTTP_X_API_TOKEN"], $section, $value);
153 if (!$result) {
154 if (!self::$notRestCall) {
155 http_response_code(401);
157 exit();
161 static function setLocalCall()
163 self::$localCall = true;
166 static function setNotRestCall()
168 self::$notRestCall = true;
171 static function is_authentication($resource)
173 return ($resource === "/api/auth" || $resource === "/fhir/auth");
176 static function get_bearer_token()
178 $parse = preg_split("/[\s,]+/", $_SERVER["HTTP_AUTHORIZATION"]);
179 if (strtoupper(trim($parse[0])) !== 'BEARER') {
180 return false;
183 return trim($parse[1]);
186 static function is_fhir_request($resource)
188 return (stripos(strtolower($resource), "/fhir/") !== false) ? true : false;
191 static function verify_api_request($resource, $api)
193 $api = strtolower(trim($api));
194 if (self::is_fhir_request($resource)) {
195 if ($api !== 'fhir') {
196 http_response_code(401);
197 exit();
199 } elseif ($api !== 'oemr') {
200 http_response_code(401);
201 exit();
204 return;
207 static function authentication_check($resource)
209 if (!self::is_authentication($resource)) {
210 $token = $_SERVER["HTTP_X_API_TOKEN"];
211 $authRestController = new AuthRestController();
212 if (!$authRestController->isValidToken($token)) {
213 http_response_code(401);
214 exit();
215 } else {
216 $authRestController->optionallyAddMoreTokenTime($token);
222 // Include our routes and init routes global
224 require_once(dirname(__FILE__) . "/_rest_routes.inc.php");