src/Common/Http/HttpRestRequest.php

   1 <?php
   2
   3 /**
   4  * HttpRestRequest represents the current OpenEMR api request
   5  * @package openemr
   6  * @link      http://www.open-emr.org
   7  * @author    Stephen Nielson <stephen@nielson.org>
   8  * @copyright Copyright (c) 2021 Stephen Nielson <stephen@nielson.org>
   9  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  10  */
  11
  12 namespace OpenEMR\Common\Http;
  13
  14 use OpenEMR\Common\Logging\SystemLogger;
  15 use OpenEMR\Common\System\System;
  16 use OpenEMR\Common\Uuid\UuidRegistry;
  17
  18 class HttpRestRequest
  19 {
  20
  21     /**
  22      * @var \RestConfig
  23      */
  24     private $restConfig;
  25
  26     /**
  27      * The Resource that is being requested in this http rest call.
  28      * @var string
  29      */
  30     private $resource;
  31
  32     /**
  33      * The FHIR operation that this request represents.  FHIR operations are prefixed with a $ ie $export
  34      * @var string
  35      */
  36     private $operation;
  37
  38     /**
  39      * @var array
  40      */
  41     private $requestUser;
  42
  43     /**
  44      * The binary string of the request user uuid
  45      * @var string
  46      */
  47     private $requestUserUUID;
  48
  49     /**
  50      * @var string
  51      */
  52     private $requestUserUUIDString;
  53
  54     /**
  55      * @var 'patient'|'users'
  56      */
  57     private $requestUserRole;
  58
  59     /**
  60      * @var array
  61      */
  62     private $accessTokenScopes;
  63
  64     /**
  65      * @var string
  66      */
  67     private $requestSite;
  68
  69     /**
  70      * @var string
  71      */
  72     private $clientId;
  73
  74     /**
  75      * @var string
  76      */
  77     private $accessTokenId;
  78
  79     /**
  80      * @var boolean
  81      */
  82     private $isLocalApi;
  83
  84     /**
  85      * @var string
  86      */
  87     private $requestMethod;
  88
  89     /**
  90      * The kind of REST api request this object represents
  91      * @var string
  92      */
  93     private $apiType;
  94
  95     /**
  96      * @var string
  97      */
  98     private $requestPath;
  99
 100     /**
 101      * @var string the URL for the api base full url
 102      */
 103     private $apiBaseFullUrl;
 104
 105     /**
 106      * @var string[] The request headers
 107      */
 108     private $headers;
 109
 110     /**
 111      * @var mixed[]
 112      */
 113     private $queryParams;
 114
 115     public function __construct($restConfig, $server)
 116     {
 117         $this->restConfig = $restConfig;
 118         $this->requestSite = $restConfig::$SITE;
 119
 120         $this->requestMethod = $server["REQUEST_METHOD"];
 121         $this->setRequestURI($server['REQUEST_URI'] ?? "");
 122         $this->headers = $this->parseHeadersFromServer($server);
 123         $this->queryParams =  $_GET ?? [];
 124         // remove the OpenEMR queryParams that our rewrite command injected so we don't mess stuff up.
 125         if (isset($this->queryParams['_REWRITE_COMMAND'])) {
 126             unset($this->queryParams['_REWRITE_COMMAND']);
 127         }
 128     }
 129
 130     public function getQueryParams()
 131     {
 132         return $this->queryParams;
 133     }
 134
 135     public function getQueryParam($key)
 136     {
 137         return $this->queryParams[$key] ?? null;
 138     }
 139
 140     /**
 141      * Return an array of HTTP request headers
 142      * @return array|string[]
 143      */
 144     public function getHeaders()
 145     {
 146         return array_values($this->headers);
 147     }
 148
 149     /**
 150      * Retrieve the value of the passed in request's HTTP header.  Return's null if the value does not exist
 151      * @param $headerName string the name of the header value to retrieve.
 152      * @return mixed|string|null
 153      */
 154     public function getHeader($headerName)
 155     {
 156         return $this->headers[$headerName] ?? null;
 157     }
 158
 159     /**
 160      * Checks if the current HTTP request has the passed in header
 161      * @param $headerName The name of the header to check
 162      * @return bool true if the header exists, false otherwise.
 163      */
 164     public function hasHeader($headerName)
 165     {
 166         return !empty($this->headers[$headerName]);
 167     }
 168
 169     /**
 170      * @return \RestConfig
 171      */
 172     public function getRestConfig(): \RestConfig
 173     {
 174         return $this->restConfig;
 175     }
 176
 177     /**
 178      * Return the Request URI (matches the $_SERVER['REQUEST_URI'])
 179      * @return mixed|string
 180      */
 181     public function getRequestURI()
 182     {
 183         return $this->requestURI;
 184     }
 185
 186     /**
 187      * Return the Request URI (matches the $_SERVER['REQUEST_URI'])
 188      * @param mixed|string $requestURI
 189      */
 190     public function setRequestURI($requestURI): void
 191     {
 192         $this->requestURI = $requestURI;
 193     }
 194
 195     /**
 196      * @return string
 197      */
 198     public function getResource(): ?string
 199     {
 200         return $this->resource;
 201     }
 202
 203     /**
 204      * @param string $resource
 205      */
 206     public function setResource(?string $resource): void
 207     {
 208         $this->resource = $resource;
 209     }
 210
 211     /**
 212      * Returns the operation name for this request if this request represents a FHIR operation.
 213      * Operations are prefixed with a $
 214      * @return string
 215      */
 216     public function getOperation(): ?string
 217     {
 218         return $this->operation;
 219     }
 220
 221     /**
 222      * Sets the operation name for this request if this request represents a FHIR operation.
 223      * Operations are prefixed with a $
 224      * @param string $operation The operation name
 225      */
 226     public function setOperation(string $operation): void
 227     {
 228         $this->operation = $operation;
 229     }
 230
 231     /**
 232      * @return array
 233      */
 234     public function getRequestUser(): array
 235     {
 236         return $this->requestUser;
 237     }
 238
 239     /**
 240      * Returns the current user id if we have one
 241      * @return int|null
 242      */
 243     public function getRequestUserId(): ?int
 244     {
 245         $user = $this->getRequestUser();
 246         return $user['id'] ?? null;
 247     }
 248
 249     /**
 250      * @param array $requestUser
 251      */
 252     public function setRequestUser($userUUIDString, array $requestUser): void
 253     {
 254         $this->requestUser = $requestUser;
 255
 256         // set up any other user context information
 257         if (empty($requestUser)) {
 258             $this->requestUserUUIDString = null;
 259             $this->requestUserUUID = null;
 260         } else {
 261             $this->requestUserUUIDString = $userUUIDString ?? null;
 262             $this->requestUserUUID = UuidRegistry::uuidToBytes($userUUIDString) ?? null;
 263         }
 264     }
 265
 266     /**
 267      * @return array
 268      */
 269     public function getAccessTokenScopes(): array
 270     {
 271         return $this->accessTokenScopes;
 272     }
 273
 274     /**
 275      * @param array $scopes
 276      */
 277     public function setAccessTokenScopes(array $scopes): void
 278     {
 279         $this->accessTokenScopes = $scopes;
 280     }
 281
 282     /**
 283      * @return string
 284      */
 285     public function getRequestSite(): ?string
 286     {
 287         return $this->requestSite;
 288     }
 289
 290     /**
 291      * @param string $requestSite
 292      */
 293     public function setRequestSite(string $requestSite): void
 294     {
 295         $this->requestSite = $requestSite;
 296     }
 297
 298     /**
 299      * @return string
 300      */
 301     public function getClientId(): ?string
 302     {
 303         return $this->clientId;
 304     }
 305
 306     /**
 307      * @param string $clientId
 308      */
 309     public function setClientId(string $clientId): void
 310     {
 311         $this->clientId = $clientId;
 312     }
 313
 314     /**
 315      * @return string
 316      */
 317     public function getAccessTokenId(): ?string
 318     {
 319         return $this->accessTokenId;
 320     }
 321
 322     /**
 323      * @param string $accessTokenId
 324      */
 325     public function setAccessTokenId(string $accessTokenId): void
 326     {
 327         $this->accessTokenId = $accessTokenId;
 328     }
 329
 330     /**
 331      * @return bool
 332      */
 333     public function isLocalApi(): bool
 334     {
 335         return $this->isLocalApi;
 336     }
 337
 338     /**
 339      * @param bool $isLocalApi
 340      */
 341     public function setIsLocalApi(bool $isLocalApi): void
 342     {
 343         $this->isLocalApi = $isLocalApi;
 344     }
 345
 346     /**
 347      * @return mixed
 348      */
 349     public function getRequestUserRole()
 350     {
 351         return $this->requestUserRole;
 352     }
 353
 354     /**
 355      * @param string $requestUserRole either 'patients' or 'users'
 356      */
 357     public function setRequestUserRole($requestUserRole): void
 358     {
 359         if (!in_array($requestUserRole, ['patient', 'users', 'system'])) {
 360             throw new \InvalidArgumentException("invalid user role found");
 361         }
 362         $this->requestUserRole = $requestUserRole;
 363     }
 364
 365     public function getRequestUserUUID()
 366     {
 367         return $this->requestUserUUID;
 368     }
 369
 370     public function getRequestUserUUIDString()
 371     {
 372         return $this->requestUserUUIDString;
 373     }
 374
 375     public function getPatientUUIDString()
 376     {
 377         // we may change how this is set, it will depend on if a 'user' role type can still have
 378         // patient/<resource>.* requests.  IE patient/Patient.read
 379         return $this->requestUserUUIDString;
 380     }
 381
 382     /**
 383      * @return string
 384      */
 385     public function getApiType(): ?string
 386     {
 387         return $this->apiType;
 388     }
 389
 390     /**
 391      * @param string $api
 392      */
 393     public function setApiType(string $apiType): void
 394     {
 395         if (!in_array($apiType, ['fhir', 'oemr', 'port'])) {
 396             throw new \InvalidArgumentException("invalid api type found");
 397         }
 398         $this->apiType = $apiType;
 399     }
 400
 401     /**
 402      * @return string
 403      */
 404     public function getRequestMethod(): ?string
 405     {
 406         return $this->requestMethod;
 407     }
 408
 409
 410     public function isPatientRequest()
 411     {
 412         return $this->requestUserRole === 'patient';
 413     }
 414
 415     public function isFhir()
 416     {
 417         return $this->getApiType() === 'fhir';
 418     }
 419
 420     /**
 421      * If this is a patient context request for write/modify of patient context resources
 422      * @return bool
 423      */
 424     public function isPatientWriteRequest()
 425     {
 426         return $this->isFhir() && $this->isPatientRequest() && $this->getRequestMethod() != 'GET';
 427     }
 428
 429     public function setRequestPath(string $requestPath)
 430     {
 431         $this->requestPath = $requestPath;
 432     }
 433
 434     public function getRequestPath(): ?string
 435     {
 436         return $this->requestPath;
 437     }
 438
 439     /**
 440      * Returns the full URL to the api server
 441      * @return string
 442      */
 443     public function getApiBaseFullUrl(): string
 444     {
 445         return $this->apiBaseFullUrl;
 446     }
 447
 448     /**
 449      * Set the full URL to the api server that api requests are appended to.
 450      * @param string $apiBaseFullUrl
 451      */
 452     public function setApiBaseFullUrl(string $apiBaseFullUrl): void
 453     {
 454         $this->apiBaseFullUrl = $apiBaseFullUrl;
 455     }
 456
 457     /**
 458      * Given an array of server variables (typically the $_SERVER superglobal) parse out all of the HTTP_X headers
 459      * and convert them into a hashmap of header -> header
 460      * @param $server array of server variables typically the $_SERVER superglobal
 461      * @return array hashmap of header -> header
 462      */
 463     private function parseHeadersFromServer($server)
 464     {
 465         $headers = array();
 466         foreach ($server as $key => $value) {
 467             $prefix = substr($key, 0, 5);
 468
 469             if ($prefix != 'HTTP_') {
 470                 continue;
 471             }
 472
 473             $serverHeader = strtolower(substr($key, 5));
 474             $uppercasedServerHeader = ucwords(str_replace('_', ' ', $serverHeader));
 475
 476             $header = str_replace(' ', '-', $uppercasedServerHeader);
 477             $headers[$header] = $value;
 478         }
 479         return $headers;
 480     }
 481 }