3 * Useful globals class for Rest
6 * @link http://www.open-emr.org
7 * @author Jerry Padgett <sjpadgett@gmail.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2018 Jerry Padgett <sjpadgett@gmail.com>
10 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
14 use OpenEMR\RestControllers\AuthRestController
;
16 // also a handy place to add utility methods
20 /** @var set to true to send debug info to the browser */
21 public static $DEBUG_MODE = false;
23 /** @var default action is the controller.method fired when no route is specified */
24 public static $DEFAULT_ACTION = "";
26 /** @var routemap is an array of patterns and routes */
27 public static $ROUTE_MAP;
29 /** @var fhir routemap is an array of patterns and routes */
30 public static $FHIR_ROUTE_MAP;
32 /** @var app root is the root directory of the application */
33 public static $APP_ROOT;
35 /** @var root url of the application */
36 public static $ROOT_URL;
37 public static $REST_FULL_URL;
38 public static $VENDOR_DIR;
39 public static $webserver_root;
40 public static $web_root;
41 public static $server_document_root;
44 private static $INSTANCE;
45 private static $IS_INITIALIZED = false;
47 /** @var set to true if local api call */
48 private static $localCall = false;
50 /** @var set to true if not rest call */
51 private static $notRestCall = false;
53 /** prevents external construction */
54 private function __construct()
58 /** prevents external cloning */
59 private function __clone()
64 * Initialize the RestConfig object
66 static function Init()
68 if (!self
::$IS_INITIALIZED) {
70 self
::$REST_FULL_URL = $_SERVER['REQUEST_SCHEME'] . "//" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; // @todo unsure here!
71 self
::$ROOT_URL = self
::$web_root . "/apis";
72 self
::$VENDOR_DIR = self
::$webserver_root . "/vendor";
73 self
::$IS_INITIALIZED = true;
78 * Returns an instance of the RestConfig singleton
81 static function GetInstance()
83 if (!self
::$IS_INITIALIZED) {
87 if (!self
::$INSTANCE instanceof self
) {
88 self
::$INSTANCE = new self
;
91 return self
::$INSTANCE;
96 * Basic paths when GLOBALS are not yet available.
99 static function SetPaths()
101 $isWindows = stripos(PHP_OS
, 'WIN') === 0;
102 self
::$webserver_root = dirname(__FILE__
);
104 //convert windows path separators
105 self
::$webserver_root = str_replace("\\", "/", self
::$webserver_root);
107 // Collect the apache server document root (and convert to windows slashes, if needed)
108 self
::$server_document_root = realpath($_SERVER['DOCUMENT_ROOT']);
110 //convert windows path separators
111 self
::$server_document_root = str_replace("\\", "/", self
::$server_document_root);
113 self
::$web_root = substr(self
::$webserver_root, strspn(self
::$webserver_root ^ self
::$server_document_root, "\0"));
114 // Ensure web_root starts with a path separator
115 if (preg_match("/^[^\/]/", self
::$web_root)) {
116 self
::$web_root = "/" . self
::$web_root;
120 static function destroySession()
122 if (!isset($_SESSION)) {
126 if (ini_get("session.use_cookies")) {
127 $params = session_get_cookie_params();
140 static function getPostData($data)
144 } elseif ($post_data = file_get_contents('php://input')) {
145 if ($post_json = json_decode($post_data, true)) {
148 parse_str($post_data, $post_variables);
149 if (count($post_variables)) {
150 return $post_variables;
158 static function authorization_check($section, $value)
160 if (self
::$notRestCall || self
::$localCall) {
161 $result = acl_check($section, $value, $_SESSION['authUser']);
163 $authRestController = new AuthRestController();
164 $result = $authRestController->aclCheck($_SERVER["HTTP_X_API_TOKEN"], $section, $value);
167 if (!self
::$notRestCall) {
168 http_response_code(401);
174 static function setLocalCall()
176 self
::$localCall = true;
179 static function setNotRestCall()
181 self
::$notRestCall = true;
184 static function is_authentication($resource)
186 return ($resource === "/api/auth" ||
$resource === "/fhir/auth");
189 static function get_bearer_token()
191 $parse = preg_split("/[\s,]+/", $_SERVER["HTTP_AUTHORIZATION"]);
192 if (strtoupper(trim($parse[0])) !== 'BEARER') {
196 return trim($parse[1]);
199 static function is_fhir_request($resource)
201 return (stripos(strtolower($resource), "/fhir/") !== false) ?
true : false;
204 static function verify_api_request($resource, $api)
206 $api = strtolower(trim($api));
207 if (self
::is_fhir_request($resource)) {
208 if ($api !== 'fhir') {
209 http_response_code(401);
212 } elseif ($api !== 'oemr') {
213 http_response_code(401);
220 static function authentication_check($resource)
222 if (!self
::is_authentication($resource)) {
223 $token = $_SERVER["HTTP_X_API_TOKEN"];
224 $authRestController = new AuthRestController();
225 if (!$authRestController->isValidToken($token)) {
226 http_response_code(401);
229 $authRestController->optionallyAddMoreTokenTime($token);
235 // Include our routes and init routes global
237 require_once(dirname(__FILE__
) . "/_rest_routes.inc.php");