quick fix to bill processor related to previous commit (#4388)
[openemr.git] / apis / dispatch.php
blob7a0177c2cdbc4ed963e8536e54bb983c0b272be4
1 <?php
3 /**
4 * Rest Dispatch
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Matthew Vita <matthewvita48@gmail.com>
9 * @author Jerry Padgett <sjpadgett@gmail.com>
10 * @author Brady Miller <brady.g.miller@gmail.com>
11 * @copyright Copyright (c) 2018 Matthew Vita <matthewvita48@gmail.com>
12 * @copyright Copyright (c) 2020 Jerry Padgett <sjpadgett@gmail.com>
13 * @copyright Copyright (c) 2019-2020 Brady Miller <brady.g.miller@gmail.com>
14 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
17 // below brings in autoloader
18 require_once("./../_rest_config.php");
20 use OpenEMR\Common\Auth\UuidUserAccount;
21 use OpenEMR\Common\Csrf\CsrfUtils;
22 use OpenEMR\Common\Http\HttpRestRouteHandler;
23 use OpenEMR\Common\Http\HttpRestRequest;
24 use OpenEMR\Common\Logging\SystemLogger;
25 use OpenEMR\Common\Session\SessionUtil;
26 use OpenEMR\Common\Uuid\UuidRegistry;
27 use OpenEMR\Events\RestApiExtend\RestApiCreateEvent;
28 use Psr\Http\Message\ResponseInterface;
30 $gbl = RestConfig::GetInstance();
31 $restRequest = new HttpRestRequest($gbl, $_SERVER);
32 $routes = array();
34 // Parse needed information from Redirect or REQUEST_URI
35 $resource = $gbl::getRequestEndPoint();
36 $logger = new SystemLogger();
37 $logger->debug("dispatch.php requested", ["resource" => $resource, "method" => $_SERVER['REQUEST_METHOD']]);
39 $skipApiAuth = false;
40 if (!empty($_SERVER['HTTP_APICSRFTOKEN'])) {
41 // Calling api from within the same session (ie. isLocalApi) since a apicsrftoken header was passed
42 $isLocalApi = true;
43 $gbl::setLocalCall();
44 $skipApiAuth = false;
45 $ignoreAuth = false;
46 } elseif ($gbl::skipApiAuth($resource)) {
47 // For rest api endpoints that do not require auth, such as the capability statement
48 // note that the site is validated in the skipApiAuth() function
49 // refactor resource
50 $resource = str_replace('/' . $gbl::$SITE, '', $resource);
51 // set site
52 $_GET['site'] = $gbl::$SITE;
53 $isLocalApi = false;
54 $skipApiAuth = true;
55 $ignoreAuth = true;
56 } else {
57 // Calling api via rest
58 // ensure token is valid
59 $tokenRaw = $gbl::verifyAccessToken();
60 if ($tokenRaw instanceof ResponseInterface) {
61 $logger->error("dispatch.php failed token verify for resource", ["resource" => $resource]);
62 // failed token verify
63 // not a request object so send the error as response obj
64 $gbl::emitResponse($tokenRaw);
65 exit;
68 // collect token attributes
69 $attributes = $tokenRaw->getAttributes();
71 // collect site
72 $site = '';
73 $scopes = $attributes['oauth_scopes'];
74 $logger->debug("Parsed oauth_scopes in AccessToken", ["scopes" => $scopes]);
75 foreach ($scopes as $attr) {
76 if (stripos($attr, 'site:') !== false) {
77 $site = str_replace('site:', '', $attr);
78 // while here parse site from endpoint
79 $resource = str_replace('/' . $site, '', $resource);
82 // set our scopes and updated resources as needed
83 $restRequest->setAccessTokenScopes($scopes);
85 // ensure 1) sane site 2) site from gbl and access token are the same and 3) ensure the site exists on filesystem
86 if (empty($site) || empty($gbl::$SITE) || preg_match('/[^A-Za-z0-9\\-.]/', $gbl::$SITE) || ($site !== $gbl::$SITE) || !file_exists(__DIR__ . '/../sites/' . $gbl::$SITE)) {
87 $logger->error("OpenEMR Error - api site error, so forced exit");
88 http_response_code(400);
89 exit();
91 // set the site
92 $_GET['site'] = $site;
94 // set the scopes globals for endpoint permission checking
95 $GLOBALS['oauth_scopes'] = $scopes;
97 // collect openemr user uuid
98 $userId = $attributes['oauth_user_id'];
99 // collect client id (will be empty for PKCE)
100 $clientId = $attributes['oauth_client_id'] ?? null;
101 // collect token id
102 $tokenId = $attributes['oauth_access_token_id'];
103 // ensure user uuid and token id are populated
104 if (empty($userId) || empty($tokenId)) {
105 $logger->error("OpenEMR Error - userid or tokenid not available, so forced exit", ['attributes' => $attributes]);
106 http_response_code(400);
107 exit();
109 $restRequest->setClientId($clientId);
110 $restRequest->setAccessTokenId($tokenId);
112 // Get a site id from initial login authentication.
113 $isLocalApi = false;
114 $skipApiAuth = false;
115 $ignoreAuth = true;
118 // set the route as well as the resource information. Note $resource is actually the route and not the resource name.
119 $restRequest->setRequestPath($resource);
121 if (!$isLocalApi) {
122 // Will start the api OpenEMR session/cookie.
123 SessionUtil::apiSessionStart($gbl::$web_root);
126 $GLOBALS['is_local_api'] = $isLocalApi;
127 $restRequest->setIsLocalApi($isLocalApi);
129 // Set $sessionAllowWrite to true here for following reasons:
130 // 1. !$isLocalApi - not applicable since use the SessionUtil::apiSessionStart session, which was set above
131 // 2. $isLocalApi - in this case, basically setting this to true downstream after some session sets via session_write_close() call
132 $sessionAllowWrite = true;
133 require_once("./../interface/globals.php");
135 // recollect this so the DEBUG global can be used if set
136 $logger = new SystemLogger();
138 $gbl::$apisBaseFullUrl = $GLOBALS['site_addr_oath'] . $GLOBALS['webroot'] . "/apis/" . $gbl::$SITE;
139 $restRequest->setApiBaseFullUrl($gbl::$apisBaseFullUrl);
141 if ($isLocalApi) {
142 // need to check for csrf match when using api locally
143 $csrfFail = false;
145 if (empty($_SERVER['HTTP_APICSRFTOKEN'])) {
146 $logger->error("OpenEMR Error: internal api failed because csrf token not received");
147 $csrfFail = true;
150 if ((!$csrfFail) && (!CsrfUtils::verifyCsrfToken($_SERVER['HTTP_APICSRFTOKEN'], 'api'))) {
151 $logger->error("OpenEMR Error: internal api failed because csrf token did not match");
152 $csrfFail = true;
155 if ($csrfFail) {
156 $logger->error("dispatch.php CSRF failed", ["resource" => $resource]);
157 http_response_code(401);
158 exit();
160 } elseif ($skipApiAuth) {
161 $logger->debug("dispatch.php skipping api auth");
162 // For endpoints that do not require auth, such as the capability statement
163 } else {
164 $logger->debug("dispatch.php authenticating user");
165 // verify that user tokens haven't been revoked.
166 // this is done by verifying the user is trusted with active auth session.
167 $isTrusted = $gbl::isTrustedUser($attributes["oauth_client_id"], $attributes["oauth_user_id"]);
168 if ($isTrusted instanceof ResponseInterface) {
169 $logger->debug("dispatch.php oauth2 inactive user api attempt");
170 // user is not logged on to server with an active session.
171 // too me this is easier than revoking tokens or using phantom tokens.
172 // give a 400(unsure here, could be a 401) so client can redirect to server.
173 $gbl::destroySession();
174 $gbl::emitResponse($isTrusted);
175 exit;
177 // $isTrusted can be used for further validations using session_cache
178 // which is a json. json_decode($isTrusted['session_cache'])
180 // authenticate the token
181 if (!$gbl->authenticateUserToken($tokenId, $clientId, $userId)) {
182 $logger->error("dispatch.php api call with invalid token");
183 $gbl::destroySession();
184 http_response_code(401);
185 exit();
188 // collect user information and user role
189 $uuidToUser = new UuidUserAccount($userId);
190 $user = $uuidToUser->getUserAccount();
191 $userRole = $uuidToUser->getUserRole();
192 if (empty($user)) {
193 // unable to identify the users user role
194 $logger->error("OpenEMR Error - api user account could not be identified, so forced exit", [
195 'userId' => $userId,
196 'userRole' => $uuidToUser->getUserRole()]);
197 $gbl::destroySession();
198 http_response_code(400);
199 exit();
201 if (empty($userRole)) {
202 // unable to identify the users user role
203 $logger->error("OpenEMR Error - api user role for user could not be identified, so forced exit");
204 $gbl::destroySession();
205 http_response_code(400);
206 exit();
209 $restRequest->setAccessTokenId($tokenId);
210 $restRequest->setRequestUserRole($userRole);
211 $restRequest->setRequestUser($userId, $user);
213 // verify that the scope covers the route
214 if (
215 // fhir routes are the default and can send openid/fhirUser w/ authorization_code, or no scopes at all
216 // with Client Credentials, so we only reject requests for standard or portal if the correct scope is not
217 // sent.
218 ($gbl::is_api_request($resource) && !in_array('api:oemr', $GLOBALS['oauth_scopes'])) ||
219 ($gbl::is_portal_request($resource) && !in_array('api:port', $GLOBALS['oauth_scopes']))
221 $logger->error("dispatch.php api call with token that does not cover the requested route");
222 $gbl::destroySession();
223 http_response_code(401);
224 exit();
226 // ensure user role has access to the resource
227 // for now assuming:
228 // users has access to oemr and fhir
229 // patient has access to port and fhir
230 if ($userRole == 'users' && ($gbl::is_api_request($resource) || $gbl::is_fhir_request($resource))) {
231 $logger->debug("dispatch.php valid role and user has access to api/fhir resource", ['resource' => $resource]);
232 // good to go
233 } elseif ($userRole == 'patient' && ($gbl::is_portal_request($resource) || $gbl::is_fhir_request($resource))) {
234 $logger->debug("dispatch.php valid role and patient has access portal resource", ['resource' => $resource]);
235 // good to go
236 } elseif ($userRole === 'system' && ($gbl::is_fhir_request($resource))) {
237 $logger->debug("dispatch.php valid role and system has access to api/fhir resource", ['resource' => $resource]);
238 } else {
239 $logger->error("OpenEMR Error: api failed because user role does not have access to the resource");
240 $gbl::destroySession();
241 http_response_code(401);
242 exit();
244 // set pertinent session variables
245 if ($userRole == 'users') {
246 $_SESSION['authUser'] = $user["username"] ?? null;
247 $_SESSION['authUserID'] = $user["id"] ?? null;
248 $_SESSION['authProvider'] = sqlQueryNoLog("SELECT `name` FROM `groups` WHERE `user` = ?", [$_SESSION['authUser']])['name'] ?? null;
249 if (empty($_SESSION['authUser']) || empty($_SESSION['authUserID']) || empty($_SESSION['authProvider'])) {
250 // this should never happen
251 $logger->error("OpenEMR Error: api failed because unable to set critical users session variables");
252 $gbl::destroySession();
253 http_response_code(401);
254 exit();
256 } elseif ($userRole == 'patient') {
257 $_SESSION['pid'] = $user['pid'] ?? null;
258 $puuidCheck = $user['uuid'] ?? null;
259 $puuidStringCheck = UuidRegistry::uuidToString($puuidCheck) ?? null;
260 if (empty($_SESSION['pid']) || empty($puuidCheck) || empty($puuidStringCheck)) {
261 // this should never happen
262 $logger->error("OpenEMR Error: api failed because unable to set critical patient session variables");
263 $gbl::destroySession();
264 http_response_code(401);
265 exit();
267 } else if ($userRole === 'system') {
268 $_SESSION['authUser'] = $user["username"] ?? null;
269 $_SESSION['authUserID'] = $user["id"] ?? null;
270 if (
271 empty($_SESSION['authUser'])
272 // this should never happen as the system role depends on the system username... but we safety check it anyways
273 || $_SESSION['authUser'] != \OpenEMR\Services\UserService::SYSTEM_USER_USERNAME
274 || empty($_SESSION['authUserID'])
276 $logger->error("OpenEMR Error: api failed because unable to set critical users session variables");
277 $gbl::destroySession();
278 http_response_code(401);
279 exit();
281 } else {
282 // this user role is not supported
283 $logger->error("OpenEMR Error - api user role that was provided is not supported, so forced exit");
284 $gbl::destroySession();
285 http_response_code(400);
286 exit();
290 //Extend API using RestApiCreateEvent
291 $restApiCreateEvent = new RestApiCreateEvent($gbl::$ROUTE_MAP, $gbl::$FHIR_ROUTE_MAP, $gbl::$PORTAL_ROUTE_MAP, $restRequest);
292 $restApiCreateEvent = $GLOBALS["kernel"]->getEventDispatcher()->dispatch(RestApiCreateEvent::EVENT_HANDLE, $restApiCreateEvent, 10);
293 $gbl::$ROUTE_MAP = $restApiCreateEvent->getRouteMap();
294 $gbl::$FHIR_ROUTE_MAP = $restApiCreateEvent->getFHIRRouteMap();
295 $gbl::$PORTAL_ROUTE_MAP = $restApiCreateEvent->getPortalRouteMap();
296 $restRequest = $restApiCreateEvent->getRestRequest();
298 // api flag must be four chars
299 // Pass only routes for current api.
300 // Also check to ensure route is turned on in globals
301 if ($gbl::is_fhir_request($resource)) {
302 if (!$GLOBALS['rest_fhir_api'] && !$isLocalApi) {
303 // if the external fhir api is turned off and this is not a local api call, then exit
304 $logger->error("dispatch.php attempted to access resource with FHIR api turned off ", ['resource' => $resource]);
305 $gbl::destroySession();
306 http_response_code(501);
307 exit();
309 $_SESSION['api'] = 'fhir';
310 $routes = $gbl::$FHIR_ROUTE_MAP;
311 } elseif ($gbl::is_portal_request($resource)) {
312 if (!$GLOBALS['rest_portal_api'] && !$isLocalApi) {
313 $logger->error("dispatch.php attempted to access resource with portal api turned off ", ['resource' => $resource]);
314 // if the external portal api is turned off and this is not a local api call, then exit
315 $gbl::destroySession();
316 http_response_code(501);
317 exit();
319 $_SESSION['api'] = 'port';
320 $routes = $gbl::$PORTAL_ROUTE_MAP;
321 } elseif ($gbl::is_api_request($resource)) {
322 if (!$GLOBALS['rest_api'] && !$isLocalApi) {
323 $logger->error(
324 "dispatch.php attempted to access resource with REST api turned off ",
325 ['resource' => $resource]
327 // if the external api is turned off and this is not a local api call, then exit
328 $gbl::destroySession();
329 http_response_code(501);
330 exit();
332 $_SESSION['api'] = 'oemr';
333 $routes = $gbl::$ROUTE_MAP;
334 } else {
335 $logger->error("dispatch.php invalid access to resource", ['resource' => $resource]);
337 // somebody is up to no good
338 if (!$isLocalApi) {
339 $gbl::destroySession();
341 http_response_code(501);
342 exit();
345 $restRequest->setApiType($_SESSION['api']);
347 if ($isLocalApi) {
348 // Ensure that a local process does not hold up other processes
349 // Note can not do this for !$isLocalApi since need to be able to set
350 // session variables and it won't help performance anyways.
351 session_write_close();
354 // dispatch $routes called by ref (note storing the output in a variable to allow option
355 // to destroy the session/cookie before sending the output back)
356 ob_start();
357 $dispatchResult = HttpRestRouteHandler::dispatch($routes, $restRequest);
358 $apiCallOutput = ob_get_clean();
359 // Tear down session for security.
360 if (!$isLocalApi) {
361 $gbl::destroySession();
363 // Send the output if not empty
364 if (!empty($apiCallOutput)) {
365 echo $apiCallOutput;
366 } else if ($dispatchResult instanceof ResponseInterface) {
367 RestConfig::emitResponse($dispatchResult);
370 // prevent 200 if route doesn't exist
371 if ($dispatchResult === false) {
372 $logger->debug("dispatch.php no route found for resource", ['resource' => $resource]);
373 http_response_code(404);