3 * Useful globals class for Rest
6 * @link http://www.open-emr.org
7 * @author Jerry Padgett <sjpadgett@gmail.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2018 Jerry Padgett <sjpadgett@gmail.com>
10 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
14 require_once(dirname(__FILE__
) . "/src/Common/Session/SessionUtil.php");
16 use OpenEMR\RestControllers\AuthRestController
;
18 // also a handy place to add utility methods
22 /** @var set to true to send debug info to the browser */
23 public static $DEBUG_MODE = false;
25 /** @var default action is the controller.method fired when no route is specified */
26 public static $DEFAULT_ACTION = "";
28 /** @var routemap is an array of patterns and routes */
29 public static $ROUTE_MAP;
31 /** @var fhir routemap is an array of patterns and routes */
32 public static $FHIR_ROUTE_MAP;
34 /** @var app root is the root directory of the application */
35 public static $APP_ROOT;
37 /** @var root url of the application */
38 public static $ROOT_URL;
39 public static $REST_FULL_URL;
40 public static $VENDOR_DIR;
41 public static $webserver_root;
42 public static $web_root;
43 public static $server_document_root;
46 private static $INSTANCE;
47 private static $IS_INITIALIZED = false;
49 /** @var set to true if local api call */
50 private static $localCall = false;
52 /** @var set to true if not rest call */
53 private static $notRestCall = false;
55 /** prevents external construction */
56 private function __construct()
60 /** prevents external cloning */
61 private function __clone()
66 * Initialize the RestConfig object
68 static function Init()
70 if (!self
::$IS_INITIALIZED) {
72 self
::$REST_FULL_URL = $_SERVER['REQUEST_SCHEME'] . "//" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; // @todo unsure here!
73 self
::$ROOT_URL = self
::$web_root . "/apis";
74 self
::$VENDOR_DIR = self
::$webserver_root . "/vendor";
75 self
::$IS_INITIALIZED = true;
80 * Returns an instance of the RestConfig singleton
83 static function GetInstance()
85 if (!self
::$IS_INITIALIZED) {
89 if (!self
::$INSTANCE instanceof self
) {
90 self
::$INSTANCE = new self
;
93 return self
::$INSTANCE;
98 * Basic paths when GLOBALS are not yet available.
101 static function SetPaths()
103 $isWindows = stripos(PHP_OS
, 'WIN') === 0;
104 self
::$webserver_root = dirname(__FILE__
);
106 //convert windows path separators
107 self
::$webserver_root = str_replace("\\", "/", self
::$webserver_root);
109 // Collect the apache server document root (and convert to windows slashes, if needed)
110 self
::$server_document_root = realpath($_SERVER['DOCUMENT_ROOT']);
112 //convert windows path separators
113 self
::$server_document_root = str_replace("\\", "/", self
::$server_document_root);
115 self
::$web_root = substr(self
::$webserver_root, strspn(self
::$webserver_root ^ self
::$server_document_root, "\0"));
116 // Ensure web_root starts with a path separator
117 if (preg_match("/^[^\/]/", self
::$web_root)) {
118 self
::$web_root = "/" . self
::$web_root;
122 static function destroySession()
124 OpenEMR\Common\Session\SessionUtil
::apiSessionCookieDestroy();
127 static function getPostData($data)
131 } elseif ($post_data = file_get_contents('php://input')) {
132 if ($post_json = json_decode($post_data, true)) {
135 parse_str($post_data, $post_variables);
136 if (count($post_variables)) {
137 return $post_variables;
145 static function authorization_check($section, $value)
147 if (self
::$notRestCall || self
::$localCall) {
148 $result = acl_check($section, $value, $_SESSION['authUser']);
150 $authRestController = new AuthRestController();
151 $result = $authRestController->aclCheck($_SERVER["HTTP_X_API_TOKEN"], $section, $value);
154 if (!self
::$notRestCall) {
155 http_response_code(401);
161 static function setLocalCall()
163 self
::$localCall = true;
166 static function setNotRestCall()
168 self
::$notRestCall = true;
171 static function is_authentication($resource)
173 return ($resource === "/api/auth" ||
$resource === "/fhir/auth");
176 static function get_bearer_token()
178 $parse = preg_split("/[\s,]+/", $_SERVER["HTTP_AUTHORIZATION"]);
179 if (strtoupper(trim($parse[0])) !== 'BEARER') {
183 return trim($parse[1]);
186 static function is_fhir_request($resource)
188 return (stripos(strtolower($resource), "/fhir/") !== false) ?
true : false;
191 static function verify_api_request($resource, $api)
193 $api = strtolower(trim($api));
194 if (self
::is_fhir_request($resource)) {
195 if ($api !== 'fhir') {
196 http_response_code(401);
199 } elseif ($api !== 'oemr') {
200 http_response_code(401);
207 static function authentication_check($resource)
209 if (!self
::is_authentication($resource)) {
210 $token = $_SERVER["HTTP_X_API_TOKEN"];
211 $authRestController = new AuthRestController();
212 if (!$authRestController->isValidToken($token)) {
213 http_response_code(401);
216 $authRestController->optionallyAddMoreTokenTime($token);
222 // Include our routes and init routes global
224 require_once(dirname(__FILE__
) . "/_rest_routes.inc.php");