7 * @link http://www.open-emr.org
8 * @author Matthew Vita <matthewvita48@gmail.com>
9 * @author Jerry Padgett <sjpadgett@gmail.com>
10 * @author Brady Miller <brady.g.miller@gmail.com>
11 * @copyright Copyright (c) 2018 Matthew Vita <matthewvita48@gmail.com>
12 * @copyright Copyright (c) 2020 Jerry Padgett <sjpadgett@gmail.com>
13 * @copyright Copyright (c) 2019-2020 Brady Miller <brady.g.miller@gmail.com>
14 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
17 // below brings in autoloader
18 require_once("./../_rest_config.php");
20 use OpenEMR\Common\Auth\UuidUserAccount
;
21 use OpenEMR\Common\Csrf\CsrfUtils
;
22 use OpenEMR\Common\Http\HttpRestRouteHandler
;
23 use OpenEMR\Common\Http\HttpRestRequest
;
24 use OpenEMR\Common\Logging\SystemLogger
;
25 use OpenEMR\Common\Session\SessionUtil
;
26 use OpenEMR\Common\Uuid\UuidRegistry
;
27 use OpenEMR\Events\RestApiExtend\RestApiCreateEvent
;
28 use Psr\Http\Message\ResponseInterface
;
30 $gbl = RestConfig
::GetInstance();
31 $restRequest = new HttpRestRequest($gbl, $_SERVER);
34 // Parse needed information from Redirect or REQUEST_URI
35 $resource = $gbl::getRequestEndPoint();
36 $logger = new SystemLogger();
37 $logger->debug("dispatch.php requested", ["resource" => $resource, "method" => $_SERVER['REQUEST_METHOD']]);
40 if (!empty($_SERVER['HTTP_APICSRFTOKEN'])) {
41 // Calling api from within the same session (ie. isLocalApi) since a apicsrftoken header was passed
46 } elseif ($gbl::skipApiAuth($resource)) {
47 // For rest api endpoints that do not require auth, such as the capability statement
48 // note that the site is validated in the skipApiAuth() function
50 $resource = str_replace('/' . $gbl::$SITE, '', $resource);
52 $_GET['site'] = $gbl::$SITE;
57 // Calling api via rest
58 // ensure token is valid
59 $tokenRaw = $gbl::verifyAccessToken();
60 if ($tokenRaw instanceof ResponseInterface
) {
61 $logger->error("dispatch.php failed token verify for resource", ["resource" => $resource]);
62 // failed token verify
63 // not a request object so send the error as response obj
64 $gbl::emitResponse($tokenRaw);
68 // collect token attributes
69 $attributes = $tokenRaw->getAttributes();
73 $scopes = $attributes['oauth_scopes'];
74 $logger->debug("Parsed oauth_scopes in AccessToken", ["scopes" => $scopes]);
75 foreach ($scopes as $attr) {
76 if (stripos($attr, 'site:') !== false) {
77 $site = str_replace('site:', '', $attr);
78 // while here parse site from endpoint
79 $resource = str_replace('/' . $site, '', $resource);
82 // set our scopes and updated resources as needed
83 $restRequest->setAccessTokenScopes($scopes);
85 // ensure 1) sane site 2) site from gbl and access token are the same and 3) ensure the site exists on filesystem
86 if (empty($site) ||
empty($gbl::$SITE) ||
preg_match('/[^A-Za-z0-9\\-.]/', $gbl::$SITE) ||
($site !== $gbl::$SITE) ||
!file_exists(__DIR__
. '/../sites/' . $gbl::$SITE)) {
87 $logger->error("OpenEMR Error - api site error, so forced exit");
88 http_response_code(400);
92 $_GET['site'] = $site;
94 // set the scopes globals for endpoint permission checking
95 $GLOBALS['oauth_scopes'] = $scopes;
97 // collect openemr user uuid
98 $userId = $attributes['oauth_user_id'];
99 // collect client id (will be empty for PKCE)
100 $clientId = $attributes['oauth_client_id'] ??
null;
102 $tokenId = $attributes['oauth_access_token_id'];
103 // ensure user uuid and token id are populated
104 if (empty($userId) ||
empty($tokenId)) {
105 $logger->error("OpenEMR Error - userid or tokenid not available, so forced exit", ['attributes' => $attributes]);
106 http_response_code(400);
109 $restRequest->setClientId($clientId);
110 $restRequest->setAccessTokenId($tokenId);
112 // Get a site id from initial login authentication.
114 $skipApiAuth = false;
118 // set the route as well as the resource information. Note $resource is actually the route and not the resource name.
119 $restRequest->setRequestPath($resource);
122 // Will start the api OpenEMR session/cookie.
123 SessionUtil
::apiSessionStart($gbl::$web_root);
126 $GLOBALS['is_local_api'] = $isLocalApi;
127 $restRequest->setIsLocalApi($isLocalApi);
129 // Set $sessionAllowWrite to true here for following reasons:
130 // 1. !$isLocalApi - not applicable since use the SessionUtil::apiSessionStart session, which was set above
131 // 2. $isLocalApi - in this case, basically setting this to true downstream after some session sets via session_write_close() call
132 $sessionAllowWrite = true;
133 require_once("./../interface/globals.php");
135 // we now can check the database to see if the token is revoked
136 if (!empty($tokenId)) {
137 $result = $gbl::validateAccessTokenRevoked($tokenId);
138 if ($result instanceof ResponseInterface
) {
139 $logger->error("dispatch.php access token was revoked", ["resource" => $resource]);
140 // failed token verify
141 // not a request object so send the error as response obj
142 $gbl::emitResponse($result);
148 // recollect this so the DEBUG global can be used if set
149 $logger = new SystemLogger();
151 $gbl::$apisBaseFullUrl = $GLOBALS['site_addr_oath'] . $GLOBALS['webroot'] . "/apis/" . $gbl::$SITE;
152 $restRequest->setApiBaseFullUrl($gbl::$apisBaseFullUrl);
155 // need to check for csrf match when using api locally
158 if (empty($_SERVER['HTTP_APICSRFTOKEN'])) {
159 $logger->error("OpenEMR Error: internal api failed because csrf token not received");
163 if ((!$csrfFail) && (!CsrfUtils
::verifyCsrfToken($_SERVER['HTTP_APICSRFTOKEN'], 'api'))) {
164 $logger->error("OpenEMR Error: internal api failed because csrf token did not match");
169 $logger->error("dispatch.php CSRF failed", ["resource" => $resource]);
170 http_response_code(401);
173 } elseif ($skipApiAuth) {
174 $logger->debug("dispatch.php skipping api auth");
175 // For endpoints that do not require auth, such as the capability statement
177 $logger->debug("dispatch.php authenticating user");
178 // verify that user tokens haven't been revoked.
179 // this is done by verifying the user is trusted with active auth session.
180 $isTrusted = $gbl::isTrustedUser($attributes["oauth_client_id"], $attributes["oauth_user_id"]);
181 if ($isTrusted instanceof ResponseInterface
) {
182 $logger->debug("dispatch.php oauth2 inactive user api attempt");
183 // user is not logged on to server with an active session.
184 // too me this is easier than revoking tokens or using phantom tokens.
185 // give a 400(unsure here, could be a 401) so client can redirect to server.
186 $gbl::destroySession();
187 $gbl::emitResponse($isTrusted);
190 // $isTrusted can be used for further validations using session_cache
191 // which is a json. json_decode($isTrusted['session_cache'])
193 // authenticate the token
194 if (!$gbl->authenticateUserToken($tokenId, $clientId, $userId)) {
195 $logger->error("dispatch.php api call with invalid token");
196 $gbl::destroySession();
197 http_response_code(401);
201 // collect user information and user role
202 $uuidToUser = new UuidUserAccount($userId);
203 $user = $uuidToUser->getUserAccount();
204 $userRole = $uuidToUser->getUserRole();
206 // unable to identify the users user role
207 $logger->error("OpenEMR Error - api user account could not be identified, so forced exit", [
209 'userRole' => $uuidToUser->getUserRole()]);
210 $gbl::destroySession();
211 http_response_code(400);
214 if (empty($userRole)) {
215 // unable to identify the users user role
216 $logger->error("OpenEMR Error - api user role for user could not be identified, so forced exit");
217 $gbl::destroySession();
218 http_response_code(400);
222 $restRequest->setAccessTokenId($tokenId);
223 $restRequest->setRequestUserRole($userRole);
224 $restRequest->setRequestUser($userId, $user);
226 // verify that the scope covers the route
228 // fhir routes are the default and can send openid/fhirUser w/ authorization_code, or no scopes at all
229 // with Client Credentials, so we only reject requests for standard or portal if the correct scope is not
231 ($gbl::is_api_request($resource) && !in_array('api:oemr', $GLOBALS['oauth_scopes'])) ||
232 ($gbl::is_portal_request($resource) && !in_array('api:port', $GLOBALS['oauth_scopes']))
234 $logger->error("dispatch.php api call with token that does not cover the requested route");
235 $gbl::destroySession();
236 http_response_code(401);
239 // ensure user role has access to the resource
241 // users has access to oemr and fhir
242 // patient has access to port and fhir
243 if ($userRole == 'users' && ($gbl::is_api_request($resource) ||
$gbl::is_fhir_request($resource))) {
244 $logger->debug("dispatch.php valid role and user has access to api/fhir resource", ['resource' => $resource]);
246 } elseif ($userRole == 'patient' && ($gbl::is_portal_request($resource) ||
$gbl::is_fhir_request($resource))) {
247 $logger->debug("dispatch.php valid role and patient has access portal resource", ['resource' => $resource]);
249 } elseif ($userRole === 'system' && ($gbl::is_fhir_request($resource))) {
250 $logger->debug("dispatch.php valid role and system has access to api/fhir resource", ['resource' => $resource]);
252 $logger->error("OpenEMR Error: api failed because user role does not have access to the resource", ['resource' => $resource, 'userRole' => $userRole]);
253 $gbl::destroySession();
254 http_response_code(401);
257 // set pertinent session variables
258 if ($userRole == 'users') {
259 $_SESSION['authUser'] = $user["username"] ??
null;
260 $_SESSION['authUserID'] = $user["id"] ??
null;
261 $_SESSION['authProvider'] = sqlQueryNoLog("SELECT `name` FROM `groups` WHERE `user` = ?", [$_SESSION['authUser']])['name'] ??
null;
262 if (empty($_SESSION['authUser']) ||
empty($_SESSION['authUserID']) ||
empty($_SESSION['authProvider'])) {
263 // this should never happen
264 $logger->error("OpenEMR Error: api failed because unable to set critical users session variables");
265 $gbl::destroySession();
266 http_response_code(401);
269 } elseif ($userRole == 'patient') {
270 $_SESSION['pid'] = $user['pid'] ??
null;
271 $puuidCheck = $user['uuid'] ??
null;
272 $puuidStringCheck = UuidRegistry
::uuidToString($puuidCheck) ??
null;
273 if (empty($_SESSION['pid']) ||
empty($puuidCheck) ||
empty($puuidStringCheck)) {
274 // this should never happen
275 $logger->error("OpenEMR Error: api failed because unable to set critical patient session variables");
276 $gbl::destroySession();
277 http_response_code(401);
280 } else if ($userRole === 'system') {
281 $_SESSION['authUser'] = $user["username"] ??
null;
282 $_SESSION['authUserID'] = $user["id"] ??
null;
284 empty($_SESSION['authUser'])
285 // this should never happen as the system role depends on the system username... but we safety check it anyways
286 ||
$_SESSION['authUser'] != \OpenEMR\Services\UserService
::SYSTEM_USER_USERNAME
287 ||
empty($_SESSION['authUserID'])
289 $logger->error("OpenEMR Error: api failed because unable to set critical users session variables");
290 $gbl::destroySession();
291 http_response_code(401);
295 // this user role is not supported
296 $logger->error("OpenEMR Error - api user role that was provided is not supported, so forced exit");
297 $gbl::destroySession();
298 http_response_code(400);
303 //Extend API using RestApiCreateEvent
304 $restApiCreateEvent = new RestApiCreateEvent($gbl::$ROUTE_MAP, $gbl::$FHIR_ROUTE_MAP, $gbl::$PORTAL_ROUTE_MAP, $restRequest);
305 $restApiCreateEvent = $GLOBALS["kernel"]->getEventDispatcher()->dispatch(RestApiCreateEvent
::EVENT_HANDLE
, $restApiCreateEvent, 10);
306 $gbl::$ROUTE_MAP = $restApiCreateEvent->getRouteMap();
307 $gbl::$FHIR_ROUTE_MAP = $restApiCreateEvent->getFHIRRouteMap();
308 $gbl::$PORTAL_ROUTE_MAP = $restApiCreateEvent->getPortalRouteMap();
309 $restRequest = $restApiCreateEvent->getRestRequest();
311 // api flag must be four chars
312 // Pass only routes for current api.
313 // Also check to ensure route is turned on in globals
314 if ($gbl::is_fhir_request($resource)) {
315 if (!$GLOBALS['rest_fhir_api'] && !$isLocalApi) {
316 // if the external fhir api is turned off and this is not a local api call, then exit
317 $logger->error("dispatch.php attempted to access resource with FHIR api turned off ", ['resource' => $resource]);
318 $gbl::destroySession();
319 http_response_code(501);
322 $_SESSION['api'] = 'fhir';
323 $routes = $gbl::$FHIR_ROUTE_MAP;
324 } elseif ($gbl::is_portal_request($resource)) {
325 if (!$GLOBALS['rest_portal_api'] && !$isLocalApi) {
326 $logger->error("dispatch.php attempted to access resource with portal api turned off ", ['resource' => $resource]);
327 // if the external portal api is turned off and this is not a local api call, then exit
328 $gbl::destroySession();
329 http_response_code(501);
332 $_SESSION['api'] = 'port';
333 $routes = $gbl::$PORTAL_ROUTE_MAP;
334 } elseif ($gbl::is_api_request($resource)) {
335 if (!$GLOBALS['rest_api'] && !$isLocalApi) {
337 "dispatch.php attempted to access resource with REST api turned off ",
338 ['resource' => $resource]
340 // if the external api is turned off and this is not a local api call, then exit
341 $gbl::destroySession();
342 http_response_code(501);
345 $_SESSION['api'] = 'oemr';
346 $routes = $gbl::$ROUTE_MAP;
348 $logger->error("dispatch.php invalid access to resource", ['resource' => $resource]);
350 // somebody is up to no good
352 $gbl::destroySession();
354 http_response_code(501);
358 $restRequest->setApiType($_SESSION['api']);
361 // Ensure that a local process does not hold up other processes
362 // Note can not do this for !$isLocalApi since need to be able to set
363 // session variables and it won't help performance anyways.
364 session_write_close();
367 // dispatch $routes called by ref (note storing the output in a variable to allow option
368 // to destroy the session/cookie before sending the output back)
370 $dispatchResult = HttpRestRouteHandler
::dispatch($routes, $restRequest);
371 $apiCallOutput = ob_get_clean();
372 // Tear down session for security.
374 $gbl::destroySession();
376 // Send the output if not empty
377 if (!empty($apiCallOutput)) {
379 } else if ($dispatchResult instanceof ResponseInterface
) {
380 RestConfig
::emitResponse($dispatchResult);
383 // prevent 200 if route doesn't exist
384 if ($dispatchResult === false) {
385 $logger->debug("dispatch.php no route found for resource", ['resource' => $resource]);
386 http_response_code(404);