diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..3815f95 --- /dev/null +++ b/.env.example @@ -0,0 +1,13 @@ +# Server configuration +SERVER_PORT=8080 +LOG_LEVEL=info + +# Google Cloud configuration +GOOGLE_PROJECT_ID=your-project-id +GOOGLE_LOCATION=asia-southeast2 +GOOGLE_DATASET=dicom-storage +GOOGLE_DICOM_STORE=ohif +GOOGLE_CREDENTIALS_PATH=./credentials/service-account.json + +# CORS Settings +ALLOWED_ORIGINS=* \ No newline at end of file diff --git a/.gitignore b/.gitignore index adf8f72..5350ce3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,23 +1,22 @@ -# ---> Go -# If you prefer the allow list template instead of the deny list, see community template: -# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore -# -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib +# Binary files +bin/ +dicom-proxy +build/* -# Test binary, built with `go test -c` -*.test +# Credentials +credentials/*.json +.env -# Output of the go coverage tool, specifically when used with LiteIDE -*.out +# IDE files +.idea/ +.vscode/ -# Dependency directories (remove the comment below to include it) -# vendor/ +# Dependency directories +vendor/ -# Go workspace file -go.work +# Log files +*.log +# OS specific files +.DS_Store +Thumbs.db diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..7f2d92f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,39 @@ +# Build stage +FROM golang:1.22 AS builder + +# Set working directory +WORKDIR /app + +# Copy go mod and sum files +COPY go.mod go.sum ./ + +# Download dependencies +RUN go mod download + +# Copy source code +COPY . . + +# Build the application +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ohif-proxy cmd/server/main.go + +# Final stage +FROM alpine:3.18 + +# Install CA certificates for HTTPS connections +RUN apk --no-cache add ca-certificates + +# Set working directory +WORKDIR /app + +# Copy binary from build stage +COPY --from=builder /app/ohif-proxy . + +# Copy configuration and create dirs +COPY config/config.yaml ./config/ +RUN mkdir -p /app/credentials + +# Expose port +EXPOSE 5555 + +# Run the application +CMD ["./ohif-proxy"] \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..af1f121 --- /dev/null +++ b/Makefile @@ -0,0 +1,29 @@ +.PHONY: build run test clean lint docker-build docker-run + +# Build the application +build: + go build -o bin/dicom-proxy cmd/server/main.go + +# Run the application +run: + go run cmd/server/main.go + +# Test the application +test: + go test -v ./... + +# Clean build artifacts +clean: + rm -rf bin/ + +# Lint the code +lint: + golangci-lint run + +# Build Docker image +docker-build: + docker build -t dicom-proxy . + +# Run Docker container +docker-run: + docker run -p 8080:8080 --env-file .env dicom-proxy \ No newline at end of file diff --git a/README.md b/README.md index a5f9ac9..57c423d 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,399 @@ -# go-ohif-proxy +# GO-OHIF-Proxy +## 1. Gambaran Umum + +### Tujuan + +App ini dibuat untuk menyalurkan **dicomWeb** request dari OHIF ke Google Healthcare. Proxy berperan hanya sebagai authenticator ke Google dengan `service-account.json`, **tanpa merubah / menambah request** + +Berikut adalah cara clone project ini: + + +## 2. Alur Kerja Aplikasi + +``` ++----------------+ +----------------+ +----------------------+ +| | | | | | +| OHIF Viewer |----->| GO-OHIF-Proxy |----->| Google Healthcare | +| (Web Client) |<-----| |<-----| DICOM API | +| | | | | | ++----------------+ +----------------+ +----------------------+ +``` + +1. **Permintaan Klien**: OHIF Viewer mengirimkan permintaan DICOMweb (misalnya, untuk mengambil studi). +2. **Pemrosesan Proxy**: + - Proxy mencegat permintaan. + - Menambahkan header autentikasi yang sesuai. + - Meneruskan permintaan ke Google Cloud Healthcare API. +3. **Pemrosesan Google Cloud**: Healthcare API memproses permintaan DICOM. +4. **Penanganan Respons**: Proxy meneruskan respons kembali ke klien. + +## 2b. Arsitektur +```txt +go-ohif-proxy/ +│ +├── cmd/ +│ └── server/ # Application entry point +│ └── main.go # Main server initialization +│ +├── config/ # Configuration management +│ ├── config.go # Configuration loader +│ └── config.yaml # Application configuration +│ +├── credentials/ # Authentication credentials +│ └── service-account.json # Google Cloud service account +│ +├── internal/ +│ ├── api/ # API endpoints +│ │ ├── handler.go # HTTP request handlers +│ │ ├── middleware.go # Request middleware +│ │ └── routes.go # API route definitions +│ │ +│ ├── auth/ # Authentication services +│ │ └── google.go # Google Cloud authentication +│ │ +│ ├── proxy/ # Proxy service +│ │ └── dicomweb.go # DICOMweb request handling +│ │ +│ └── utils/ # Utility functions +│ ├── http.go # HTTP utilities +│ └── logger.go # Logging functionality +│ +├── test/ # Testing resources +│ └── http/ # HTTP test requests +│ +├── Dockerfile # Container definition +├── docker-compose.yml # Multi-container orchestration +├── go.mod # Go module definition +├── go.sum # Module dependency checksums +└── README.md # Project documentation +``` + +## 2c. Alur Kerja Kode +Secara umum kode di repo ini kurang lebih memiliki alur: +``` +Routes --> Handlers --> Service --> Repository +``` + +## 3. Instalasi dan Penggunaan + +### Prasyarat + +- Go versi 1.19 atau lebih tinggi. +- Akun Google Cloud dengan Healthcare API diaktifkan. +- Kredensial akun layanan dengan akses ke DICOM store. + +### Clone dan Setup + +```bash +# Clone repositori +git clone https://devone.aplikasi.web.id/gitea/mario/go-ohif-proxy.git +cd go-ohif-proxy + +# Install dependencies +go mod download +``` + +### Konfigurasi + +1. Salin file konfigurasi contoh: + ```bash + cp config/config.yaml.example config/config.yaml + ``` + +2. Edit `config/config.yaml` sesuai kebutuhan: + ```yaml + server: + port: 5555 + read_timeout_seconds: 30 + write_timeout_seconds: 30 + idle_timeout_seconds: 60 + + log_level: "info" # debug, info, warn, error + + google: + project_id: "id-proyek-gcp-anda" + location: "lokasi-anda" + dataset: "nama-dataset-anda" + dicom_store: "nama-dicom-store-anda" + credentials_path: "./credentials/service-account.json" + + allowed_origins: + - "http://localhost:3000" # URL OHIF Viewer + ``` + +3. Letakkan kredensial akun layanan Google Cloud Anda di `credentials/service-account.json`. + +### Menjalankan Aplikasi + +#### Build dan Jalankan Secara Langsung + +```bash +# Build aplikasi +go build -o ohif-proxy ./cmd/server + +# Jalankan aplikasi +./ohif-proxy +``` + +#### Menggunakan Docker + +```bash +# Build image Docker +docker build -t go-ohif-proxy . + +# Jalankan dengan Docker +docker run -p 5555:5555 -v $(pwd)/config:/app/config -v $(pwd)/credentials:/app/credentials go-ohif-proxy +``` + +#### Menggunakan Docker Compose + +```bash +docker-compose up +``` + +### Run Aplikasi Tanpa Build + +1. Transfer `./ohif-proxy` ke server tujuan. Contoh: + ```sh + scp ohif-proxy pacs@152.42.173.210:/home/pacs/google-ohif-proxy + ``` +2. Pastikan server tujuan terinstall **go versi >1.19**. Cek dengan: +3. Buat direktori: + ```sh + mkdir -p ~/google-ohif-proxy + mkdir -p ~/google-ohif-proxy/config + mkdir -p ~/google-ohif-proxy/credentials + ``` +4. Tambahkan `config.go` dan `config.yaml`. + ```sh + scp -r config/* pacs@152.42.173.210:/home/pacs/google-ohif-proxy/config/ + ``` +5. Tambahkan credential `/credentials/service-account.json` + ``` + nano credentials/service-account.json + # atau + # scp dari local + ``` + + +### Pengujian + +Aplikasi ini menyertakan permintaan HTTP uji di direktori `test/http` yang dapat digunakan dengan klien REST seperti ekstensi REST Client di VSCode. + +```bash +# Jalankan pengujian yang disertakan +make test +``` + +--- + +Untuk informasi lebih lanjut tentang OHIF: [https://ohif.org/](https://ohif.org/) +Untuk informasi lebih lanjut tentang Google Cloud Healthcare API: [https://cloud.google.com/healthcare](https://cloud.google.com/healthcare) + +# GO-OHIF-Proxy Architecture + +## Project Structure +``` +go-ohif-proxy/ +├── cmd/ +│ └── server/ # Application entry point +│ └── main.go # Main function and application start +│ +├── config/ # Configuration +│ ├── config.go # Config structure definitions +│ └── config.yaml # YAML configuration file +│ +├── credentials/ # Authentication credentials +│ └── service-account.json # Google service account credentials +│ +├── internal/ # Internal packages (not importable) +│ ├── api/ # API implementation +│ │ ├── handlers/ # HTTP request handlers +│ │ │ ├── auth.go # Authentication handlers +│ │ │ ├── dicom.go # DICOM request handlers +│ │ │ └── healthcheck.go # Health check endpoint +│ │ │ +│ │ ├── middleware/ # HTTP middleware +│ │ │ ├── auth.go # Authentication middleware +│ │ │ └── logging.go # Request logging middleware +│ │ │ +│ │ ├── models/ # Data models +│ │ │ └── user.go # User and authentication models +│ │ │ +│ │ ├── repository/ # Data access layer +│ │ │ ├── interfaces.go # Repository interfaces +│ │ │ └── mysql_repository.go # MySQL implementation +│ │ │ +│ │ ├── service/ # Business logic +│ │ │ ├── auth_service.go # Authentication service +│ │ │ └── db_repository.go # Legacy repository code (to be removed) +│ │ │ +│ │ └── routes.go # API route definitions +│ │ +│ ├── auth/ # Authentication utilities +│ │ ├── google.go # Google authentication client +│ │ └── jwt.go # JWT generation and validation +│ │ +│ ├── logger/ # Logging utilities +│ │ └── logger.go # Logger configuration +│ │ +│ └── proxy/ # DICOM web proxy functionality +│ └── client.go # Google Healthcare API client +│ +├── pkg/ # Public packages (importable) +│ +├── test/ # Test files +│ └── http/ # HTTP test requests +│ ├── ohif-flow.http # OHIF workflow tests +│ └── test.http # General API tests +│ +├── docker-compose.yaml # Docker Compose configuration +├── Dockerfile # Docker build instructions +├── go.mod # Go module definition +├── go.sum # Go module checksums +├── Makefile # Build automation +└── README.md # Project documentation +``` + +## Architecture Diagram + +```mermaid +graph TD + subgraph Client + OHIF[OHIF Viewer] + end + + subgraph API_Gateway + Router[Chi Router] + Auth_MW[Auth Middleware] + Logging_MW[Logging Middleware] + CORS_MW[CORS Middleware] + PatientView_MW[Patient View Restriction] + end + + subgraph Services + AuthService[Auth Service] + DicomService[DICOM Service] + end + + subgraph Repositories + UserRepo[User Repository] + TokenRepo[Token Repository] + PatientRepo[Patient Repository] + DoctorRepo[Doctor Repository] + end + + subgraph External + GoogleHealthcare[Google Healthcare API] + MySQL[MySQL Database] + end + + subgraph Utilities + JWTManager[JWT Manager] + GoogleAuth[Google Auth Client] + Logger[Logger] + end + + OHIF -->|HTTP Requests| Router + Router --> Auth_MW + Auth_MW --> Logging_MW + Logging_MW --> CORS_MW + CORS_MW --> PatientView_MW + PatientView_MW --> DicomService + + Router -->|Auth Routes| AuthService + AuthService -->|Uses| JWTManager + AuthService -->|Uses| UserRepo + AuthService -->|Uses| TokenRepo + + DicomService -->|Uses| GoogleHealthcare + DicomService -->|Uses| PatientRepo + + UserRepo -->|Implements| MySQL + TokenRepo -->|Implements| MySQL + PatientRepo -->|Implements| MySQL + DoctorRepo -->|Implements| MySQL + + DicomService -->|Uses| GoogleAuth + GoogleAuth -->|Authenticates| GoogleHealthcare +``` + +## Authentication Flow + +```mermaid +sequenceDiagram + participant Client + participant API as API Gateway + participant AuthService + participant Repo as Repository + participant JWT as JWT Manager + participant DB as Database + + Client->>API: POST /auth/login + API->>AuthService: Login(email, password) + + alt Database Auth Enabled + AuthService->>Repo: GetUserByEmail(email) + Repo->>DB: SELECT * FROM users + DB->>Repo: User Data + Repo->>AuthService: User Object + AuthService->>JWT: Generate Tokens + JWT->>AuthService: Access + Refresh Tokens + AuthService->>Repo: StoreRefreshToken() + Repo->>DB: INSERT INTO refresh_tokens + else Hardcoded Auth + AuthService->>JWT: Generate Tokens + JWT->>AuthService: Access + Refresh Tokens + end + + AuthService->>API: Tokens + User Info + API->>Client: Auth Response + + Note over Client,API: Later - Protected Request + + Client->>API: GET /dicomWeb/* with Bearer Token + API->>AuthService: ValidateToken() + AuthService->>JWT: ParseToken() + JWT->>AuthService: Claim Data + AuthService->>API: User Context + API->>Client: Protected Resource +``` + +## DICOM Request Flow + +```mermaid +sequenceDiagram + participant Client + participant API as API Gateway + participant Auth as Auth Middleware + participant PatientMW as Patient Restriction MW + participant DicomHandler + participant GCP as Google Healthcare API + + Client->>API: GET /dicomWeb/studies/{studyUID} + + alt Whitelisted Path + API->>DicomHandler: Forward Request (Skip Auth) + else Protected Path + API->>Auth: Check Authentication + Auth->>API: User Context + API->>PatientMW: Check Access Rights + + alt Patient Role + PatientMW->>Repo: IsStudyAssignedToPatient() + Repo->>PatientMW: Access Result + alt Study Assigned + PatientMW->>DicomHandler: Forward Request + else Study Not Assigned + PatientMW->>Client: 403 Forbidden + end + else Doctor Role + PatientMW->>DicomHandler: Forward Request + end + end + + DicomHandler->>GCP: Forward Request to DICOM Store + GCP->>DicomHandler: DICOM Data + DicomHandler->>Client: DICOM Response +``` diff --git a/cmd/server/main.go b/cmd/server/main.go new file mode 100644 index 0000000..9667182 --- /dev/null +++ b/cmd/server/main.go @@ -0,0 +1,96 @@ +package main + +import ( + "context" + "fmt" + "log" + "net/http" + "os" + "os/signal" + "syscall" + "time" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/config" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/database" + "go.uber.org/zap" +) + +func main() { + // Load configuration + cfg, err := config.Load() + if err != nil { + log.Fatalf("Failed to load configuration: %v", err) + } + + // Initialize logger + // l := logger.New(cfg.LogLevel) + // defer l.Sync() + + // * Uncomment kalau bukan debug + config := zap.NewDevelopmentConfig() + config.Level = zap.NewAtomicLevelAt(zap.DebugLevel) + l, err := config.Build() + if err != nil { + log.Fatalf("can't initialize zap logger: %v", err) + } + defer l.Sync() + + // Initialize database connection + dsn := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?parseTime=true", + cfg.Database.User, + cfg.Database.Password, + cfg.Database.Host, + cfg.Database.Port, + cfg.Database.Name) + + err = database.Initialize( + dsn, + cfg.Database.MaxOpenConns, + cfg.Database.MaxIdleConns, + time.Duration(cfg.Database.ConnMaxLifetimeMins)*time.Minute, + ) + if err != nil { + l.Fatal("Failed to initialize database", zap.Error(err)) + } + defer database.Close() + + l.Info("Database connection established", + zap.String("host", cfg.Database.Host), + zap.Int("port", cfg.Database.Port), + zap.String("database", cfg.Database.Name)) + + // Setup router + router := api.SetupRouter(cfg, l) + + // Configure server + server := &http.Server{ + Addr: fmt.Sprintf(":%d", cfg.Server.Port), + Handler: router, + ReadTimeout: time.Duration(cfg.Server.ReadTimeoutSeconds) * time.Second, + WriteTimeout: time.Duration(cfg.Server.WriteTimeoutSeconds) * time.Second, + IdleTimeout: time.Duration(cfg.Server.IdleTimeoutSeconds) * time.Second, + } + + // Start server + l.Info("Starting server", zap.Int("port", cfg.Server.Port)) // Convert cfg.Server.Port to zap.Int + go func() { + if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed { + l.Fatal("Server failed", zap.Error(err)) // Convert err to zap.Error + } + }() + + // Wait for interrupt signal to gracefully shut down the server + quit := make(chan os.Signal, 1) + signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM) + <-quit + l.Info("Shutting down server...") + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + if err := server.Shutdown(ctx); err != nil { + l.Fatal("Server failed", zap.Error(err)) // Convert err to zap.Error + } + + l.Info("Server exiting") +} diff --git a/config/config.go b/config/config.go new file mode 100644 index 0000000..df348f3 --- /dev/null +++ b/config/config.go @@ -0,0 +1,76 @@ +package config + +import ( + "fmt" + "strings" + + "github.com/spf13/viper" +) + +// Config represents the application configuration +type Config struct { + Server struct { + Port int `mapstructure:"port"` + ReadTimeoutSeconds int `mapstructure:"read_timeout_seconds"` + WriteTimeoutSeconds int `mapstructure:"write_timeout_seconds"` + IdleTimeoutSeconds int `mapstructure:"idle_timeout_seconds"` + } `mapstructure:"server"` + + LogLevel string `mapstructure:"log_level"` + + Google struct { + ProjectID string `mapstructure:"project_id"` + Location string `mapstructure:"location"` + Dataset string `mapstructure:"dataset"` + DicomStore string `mapstructure:"dicom_store"` + CredentialsPath string `mapstructure:"credentials_path"` + } `mapstructure:"google"` + + Auth struct { + JWTSecret string `mapstructure:"jwt_secret"` + AccessTokenExpiry int `mapstructure:"access_token_expiry"` // in minutes + RefreshTokenExpiry int `mapstructure:"refresh_token_expiry"` // in hours + EnableDatabaseAuth bool `mapstructure:"enable_database_auth"` + } `mapstructure:"auth"` + + Shortlink struct { + BaseURL string `mapstructure:"base_url"` // Base URL for shortlinks (e.g., https://example.com) + DefaultExpiryHours int `mapstructure:"default_expiry_hours"` // Default expiry time in hours + MaxAttempts int `mapstructure:"max_attempts"` // Maximum failed attempts allowed + } `mapstructure:"shortlink"` + + Database struct { + Host string `mapstructure:"host"` + Port int `mapstructure:"port"` + User string `mapstructure:"user"` + Password string `mapstructure:"password"` + Name string `mapstructure:"name"` + MaxOpenConns int `mapstructure:"max_open_conns"` + MaxIdleConns int `mapstructure:"max_idle_conns"` + ConnMaxLifetimeMins int `mapstructure:"conn_max_lifetime_mins"` + } `mapstructure:"database"` + + AllowedOrigins []string `mapstructure:"allowed_origins"` +} + +// Load reads configuration from file and environment variables +func Load() (*Config, error) { + viper.SetConfigName("config") + viper.SetConfigType("yaml") + viper.AddConfigPath("./config") + viper.AddConfigPath(".") + + viper.AutomaticEnv() + viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_")) + + if err := viper.ReadInConfig(); err != nil { + return nil, fmt.Errorf("failed to read config file: %w", err) + } + + var cfg Config + if err := viper.Unmarshal(&cfg); err != nil { + return nil, fmt.Errorf("failed to unmarshal config: %w", err) + } + + return &cfg, nil +} diff --git a/config/config.yaml b/config/config.yaml new file mode 100644 index 0000000..b4fb7af --- /dev/null +++ b/config/config.yaml @@ -0,0 +1,38 @@ +server: + port: 5555 + read_timeout_seconds: 30 + write_timeout_seconds: 30 + idle_timeout_seconds: 60 + +log_level: "info" # debug, info, warn, error + +google: + project_id: "ohifproxy" # Replace with your GCP project ID + location: "asia-southeast2" # Match your dataset region + dataset: "sas-storage" # Your dataset name + dicom_store: "store-1" # Your DICOM store name + credentials_path: "./credentials/service-account.json" + +auth: + jwt_secret: "vQ6PQqUyh7pBNOytClgN+Nw1XBq7F8Qo6VP3VwIqvHY=" # Change this in production! + access_token_expiry: 1440 # minutes (24 hours) + refresh_token_expiry: 168 # hours (7 days) + enable_database_auth: true # Changed to true to use database + +shortlink: + base_url: "http://localhost:3333" # The base URL for generated OHIF Auth shortlinks + default_expiry_hours: 24 # Default expiry time for shortlinks (1 day) + max_attempts: 5 # Maximum number of failed login attempts + +database: + host: "localhost" + port: 3306 + user: "root" + password: "alfandi102938" # Change this to your MariaDB password + name: "ohif_proxy" + max_open_conns: 10 + max_idle_conns: 5 + conn_max_lifetime_mins: 60 + +allowed_origins: + - "*" # For development; restrict this in production \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..ebea860 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,12 @@ +version: '3.8' + +services: + ohif-proxy: + build: . + ports: + - "5555:5555" + volumes: + - ./config:/app/config + - ./credentials:/app/credentials + environment: + - LOG_LEVEL=debug \ No newline at end of file diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..d44fafb --- /dev/null +++ b/go.mod @@ -0,0 +1,54 @@ +module devone.aplikasi.web.id/gitea/mario/go-ohif-proxy + +go 1.21.0 + +toolchain go1.23.8 + +require ( + github.com/go-chi/chi/v5 v5.2.1 + github.com/go-chi/cors v1.2.1 + github.com/go-sql-driver/mysql v1.9.2 + github.com/golang-jwt/jwt/v5 v5.2.2 + github.com/google/uuid v1.4.0 + github.com/jmoiron/sqlx v1.4.0 + github.com/spf13/viper v1.17.0 + go.uber.org/zap v1.27.0 + golang.org/x/crypto v0.14.0 + golang.org/x/oauth2 v0.13.0 + google.golang.org/api v0.149.0 +) + +require ( + cloud.google.com/go/compute v1.23.1 // indirect + cloud.google.com/go/compute/metadata v0.2.3 // indirect + filippo.io/edwards25519 v1.1.0 // indirect + github.com/fsnotify/fsnotify v1.6.0 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/google/s2a-go v0.1.7 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect + github.com/googleapis/gax-go/v2 v2.12.0 // indirect + github.com/hashicorp/hcl v1.0.0 // indirect + github.com/magiconair/properties v1.8.7 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/pelletier/go-toml/v2 v2.1.0 // indirect + github.com/sagikazarmark/locafero v0.3.0 // indirect + github.com/sagikazarmark/slog-shim v0.1.0 // indirect + github.com/sourcegraph/conc v0.3.0 // indirect + github.com/spf13/afero v1.10.0 // indirect + github.com/spf13/cast v1.5.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/subosito/gotenv v1.6.0 // indirect + go.opencensus.io v0.24.0 // indirect + go.uber.org/multierr v1.10.0 // indirect + golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect + google.golang.org/grpc v1.59.0 // indirect + google.golang.org/protobuf v1.31.0 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..a22a8bb --- /dev/null +++ b/go.sum @@ -0,0 +1,563 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= +cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0= +cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78= +cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= +cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= +github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8= +github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops= +github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4= +github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= +github.com/go-sql-driver/mysql v1.9.2 h1:4cNKDYQ1I84SXslGddlsrMhc8k4LeDVj6Ad6WRjiHuU= +github.com/go-sql-driver/mysql v1.9.2/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU= +github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8= +github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= +github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= +github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= +github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= +github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= +github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= +github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= +github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ= +github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U= +github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= +github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= +github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= +github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= +github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY= +github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= +github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= +github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI= +github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= +github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ= +go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= +golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= +golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY= +google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA= +google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI= +google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k= +google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= +google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= +google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/internal/api/handlers/auth.go b/internal/api/handlers/auth.go new file mode 100644 index 0000000..7f19dfa --- /dev/null +++ b/internal/api/handlers/auth.go @@ -0,0 +1,93 @@ +package handlers + +import ( + "encoding/json" + "net/http" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/service" + + "go.uber.org/zap" +) + +// AuthHandler handles authentication requests +type AuthHandler struct { + logger *zap.Logger + authService *service.AuthService +} + +// NewAuthHandler creates a new auth handler +func NewAuthHandler(logger *zap.Logger, authService *service.AuthService) *AuthHandler { + return &AuthHandler{ + logger: logger, + authService: authService, + } +} + +// Login handles user login +func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) { + // Parse login request + var req models.LoginRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + h.logger.Error("Failed to parse login request", zap.Error(err)) + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + // Authenticate user using mock database + response, err := h.authService.Login(req.Email, req.Password) + if err != nil { + h.logger.Warn("Login failed", zap.Error(err), zap.String("email", req.Email)) + http.Error(w, "Invalid credentials", http.StatusUnauthorized) + return + } + + // Log successful login with role information + h.logger.Info("User logged in successfully", + zap.String("email", req.Email), + zap.String("userID", response.User.ID), + zap.String("role", response.User.Role)) + + // Return tokens and user info + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusOK) + json.NewEncoder(w).Encode(response) +} + +// RefreshToken handles token refresh +func (h *AuthHandler) RefreshToken(w http.ResponseWriter, r *http.Request) { + // Parse refresh token request + var req models.RefreshRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + h.logger.Error("Failed to parse refresh token request", zap.Error(err)) + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + // Refresh token + accessToken, err := h.authService.RefreshToken(req.RefreshToken) + if err != nil { + h.logger.Warn("Token refresh failed", zap.Error(err)) + http.Error(w, "Invalid refresh token", http.StatusUnauthorized) + return + } + + // Return new access token + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusOK) + json.NewEncoder(w).Encode(models.RefreshResponse{ + AccessToken: accessToken, + }) +} + +// Logout handles user logout +func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) { + // In a real implementation, you would invalidate the refresh token + // For now, just return a success message + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusOK) + json.NewEncoder(w).Encode(map[string]string{ + "message": "Successfully logged out", + }) +} diff --git a/internal/api/handlers/dicom.go b/internal/api/handlers/dicom.go new file mode 100644 index 0000000..1a6f514 --- /dev/null +++ b/internal/api/handlers/dicom.go @@ -0,0 +1,247 @@ +package handlers + +import ( + "fmt" + "io" + "net/http" + "net/url" + "strings" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/middleware" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/auth" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/proxy" + "github.com/go-chi/chi/v5" + "go.uber.org/zap" +) + +// DicomHandler handles DICOM Web requests +type DicomHandler struct { + client *proxy.Client + logger *zap.Logger +} + +// NewDicomHandler creates a new DICOM handler +func NewDicomHandler(client *proxy.Client, logger *zap.Logger) *DicomHandler { + return &DicomHandler{ + client: client, + logger: logger, + } +} + +// buildRefDoctorFilter constructs a properly encoded query string for referring doctor filtering +func (h *DicomHandler) buildRefDoctorFilter(doctorName string, queryParams url.Values) string { + // Extract basic parameters with fallbacks + limit := queryParams.Get("limit") + if limit == "" { + limit = "101" // Default limit used by OHIF + } + + offset := queryParams.Get("offset") + if offset == "" { + offset = "0" // Default offset + } + + includeField := queryParams.Get("includefield") + + // Make sure includefield includes 00080090 (ReferringPhysician) + if includeField != "" && !strings.Contains(includeField, "00080090") { + includeField = includeField + ",00080090" + } else if includeField == "" { + includeField = "00081030,00080060,00080090" + } + + // Properly encode the doctor's name + encodedName := strings.ReplaceAll(doctorName, " ", "%20") + encodedName = strings.ReplaceAll(encodedName, ",", "%2C") + encodedName = strings.ReplaceAll(encodedName, ".", "%2E") + + // Construct query string manually to avoid double-encoding + return fmt.Sprintf("limit=%s&offset=%s&fuzzymatching=false&includefield=%s&00080090=%s", + limit, offset, includeField, encodedName) +} + +// isStudyListRequest checks if a path refers to the top-level studies endpoint +func isStudyListRequest(path string) bool { + // Normalize the path first + if !strings.HasPrefix(path, "/") { + path = "/" + path + } + + // Check for exact match with "/studies" + return path == "/studies" +} + +// ForwardRequest forwards the request to Google Healthcare API +func (h *DicomHandler) ForwardRequest(w http.ResponseWriter, r *http.Request) { + // Get claims from context if they exist + var claims *auth.CustomClaims + claimsValue := r.Context().Value(middleware.ClaimsKey) + + // Add detailed debug logging about claims + if claimsValue == nil { + h.logger.Warn("Claims not found in context", + zap.String("path", r.URL.Path), + zap.String("method", r.Method)) + } else { + claims = claimsValue.(*auth.CustomClaims) + h.logger.Debug("Claims retrieved from context", + zap.String("userID", claims.UserID), + zap.String("role", claims.Role), + zap.String("userName", claims.UserName)) + } + + // Get the path after /dicomWeb + urlPath := chi.URLParam(r, "*") + + // If the URL parameter is empty, try to extract it from the URL path + if urlPath == "" { + // Remove /dicomWeb prefix from the URL + prefix := "/dicomWeb" + if strings.HasPrefix(r.URL.Path, prefix) { + urlPath = r.URL.Path[len(prefix):] + } + } + + // Normalize the path + if !strings.HasPrefix(urlPath, "/") { + urlPath = "/" + urlPath + } + + h.logger.Debug("Forwarding request", + zap.String("path", urlPath), + zap.String("method", r.Method), + zap.String("url", r.URL.String())) + + // Copy query parameters + queryParams := r.URL.Query() + queryString := "" + + // Apply role-specific query modifications + if claims != nil { + switch claims.Role { + case "patient": + // For patients requesting study list, filter to only show their studies + if isStudyListRequest(urlPath) { + // Check if studies are available in the claim + if len(claims.StudyIUIDs) > 0 { + // Remove existing StudyInstanceUID param if it exists + queryParams.Del("StudyInstanceUID") + + // For DICOMweb, we can use comma-separated UIDs + queryParams.Set("StudyInstanceUID", claims.StudyIUIDs[0]) + + h.logger.Debug("Filtering by studies", + zap.Strings("studies", claims.StudyIUIDs)) + } + } else if strings.HasPrefix(urlPath, "/studies/") { + // This is a request for a specific study - check if the patient is authorized + + // Extract the study ID from the path + // Format: /studies/{studyID}/... + pathParts := strings.Split(strings.TrimPrefix(urlPath, "/"), "/") + if len(pathParts) >= 2 { + studyID := pathParts[1] + + // Check if this study is in the patient's authorized studies + authorized := false + + // Check StudyIUIDs array + for _, id := range claims.StudyIUIDs { + if id == studyID { + authorized = true + break + } + } + + // If not authorized, return 403 Forbidden + if !authorized { + h.logger.Warn("Unauthorized study access attempt", + zap.String("studyID", studyID), + zap.String("patientID", claims.PatientID), + zap.Strings("authorizedStudies", claims.StudyIUIDs), + ) + http.Error(w, "Forbidden: You are not authorized to access this study", http.StatusForbidden) + return + } + + h.logger.Debug("Authorized access to specific study", + zap.String("studyID", studyID), + zap.String("patientID", claims.PatientID), + ) + } + } + + // Use standard query parameter encoding + queryString = queryParams.Encode() + + case "ref_doctor": + // For ref_doctor requesting study list, apply filter + if isStudyListRequest(urlPath) { + // Use our helper function to build the properly encoded query + queryString = h.buildRefDoctorFilter(claims.UserName, queryParams) + + h.logger.Debug("Applied referring physician filter", + zap.String("doctorName", claims.UserName), + zap.String("queryString", queryString)) + } else { + // For other paths, use standard query parameter encoding + queryString = queryParams.Encode() + } + + case "expertise_doctor": + // No restrictions for expertise_doctor + queryString = queryParams.Encode() + } + } else { + // No claims, use standard query parameter encoding + queryString = queryParams.Encode() + } + + // Add the query string to the path + if queryString != "" { + urlPath = urlPath + "?" + queryString + } + + // Read request body if present + var bodyBytes []byte + if r.Body != nil && r.ContentLength > 0 { + var err error + bodyBytes, err = io.ReadAll(r.Body) + if err != nil { + h.logger.Error("Failed to read request body", zap.Error(err)) + http.Error(w, "Failed to read request body", http.StatusInternalServerError) + return + } + } + + // Get request headers + headers := make(map[string]string) + for k, v := range r.Header { + if len(v) > 0 { + headers[k] = v[0] + } + } + + // Forward the request to Healthcare API + response, err := h.client.ForwardRequest( + r.Context(), + r.Method, + urlPath, + headers, + bodyBytes) + + if err != nil { + h.logger.Error("Request forwarding failed", zap.Error(err)) + http.Error(w, fmt.Sprintf("Request failed: %v", err), http.StatusInternalServerError) + return + } + + // Set response headers + for k, v := range response.Headers { + w.Header().Set(k, v) + } + + // Set status and write response body + w.WriteHeader(response.StatusCode) + w.Write(response.Body) +} diff --git a/internal/api/handlers/healthcheck.go b/internal/api/handlers/healthcheck.go new file mode 100644 index 0000000..64d1cc3 --- /dev/null +++ b/internal/api/handlers/healthcheck.go @@ -0,0 +1,19 @@ +package handlers + +import ( + "encoding/json" + "net/http" + "time" +) + +// HealthCheck provides a simple health check endpoint +func HealthCheck(w http.ResponseWriter, r *http.Request) { + response := map[string]interface{}{ + "status": "ok", + "timestamp": time.Now().Format(time.RFC3339), + } + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusOK) + json.NewEncoder(w).Encode(response) +} diff --git a/internal/api/handlers/register.go b/internal/api/handlers/register.go new file mode 100644 index 0000000..19e74ad --- /dev/null +++ b/internal/api/handlers/register.go @@ -0,0 +1,68 @@ +package handlers + +import ( + "encoding/json" + "net/http" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/service" + "go.uber.org/zap" +) + +// RegisterHandler handles user registration requests +type RegisterHandler struct { + logger *zap.Logger + registerService *service.RegisterService +} + +// NewRegisterHandler creates a new registration handler +func NewRegisterHandler(logger *zap.Logger, registerService *service.RegisterService) *RegisterHandler { + return &RegisterHandler{ + logger: logger, + registerService: registerService, + } +} + +// Register handles the creation of new users, patients, and doctors +func (h *RegisterHandler) Register(w http.ResponseWriter, r *http.Request) { + // Parse registration request + var req service.RegisterRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + h.logger.Error("Failed to parse registration request", zap.Error(err)) + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + // Validate required fields + if req.Email == "" || req.Password == "" || req.Name == "" || req.Role == "" { + http.Error(w, "Missing required fields", http.StatusBadRequest) + return + } + + // Perform registration + user, err := h.registerService.Register(&req) + if err != nil { + switch err { + case service.ErrEmailExists: + http.Error(w, "Email already exists", http.StatusConflict) + case service.ErrInvalidRole: + http.Error(w, "Invalid user role", http.StatusBadRequest) + case service.ErrInvalidPatient: + http.Error(w, "Invalid patient data", http.StatusBadRequest) + case service.ErrInvalidDoctor: + http.Error(w, "Invalid doctor data", http.StatusBadRequest) + default: + h.logger.Error("Registration failed", zap.Error(err)) + http.Error(w, "Registration failed", http.StatusInternalServerError) + } + return + } + + // Return created user + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusCreated) + + // Don't include password in response + user.Password = "" + + json.NewEncoder(w).Encode(user) +} diff --git a/internal/api/handlers/shortlink.go b/internal/api/handlers/shortlink.go new file mode 100644 index 0000000..ca002a9 --- /dev/null +++ b/internal/api/handlers/shortlink.go @@ -0,0 +1,129 @@ +package handlers + +import ( + "encoding/json" + "net/http" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/middleware" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/service" + + "go.uber.org/zap" +) + +// ShortLinkHandler handles shortlink operations +type ShortLinkHandler struct { + logger *zap.Logger + shortLinkService *service.ShortLinkService +} + +// NewShortLinkHandler creates a new shortlink handler +func NewShortLinkHandler(logger *zap.Logger, shortLinkService *service.ShortLinkService) *ShortLinkHandler { + return &ShortLinkHandler{ + logger: logger, + shortLinkService: shortLinkService, + } +} + +// GenerateShortLink handles shortlink generation requests +func (h *ShortLinkHandler) GenerateShortLink(w http.ResponseWriter, r *http.Request) { + // Only allow admin or expertise_doctor roles to generate shortlinks + userRole, ok := r.Context().Value(middleware.UserRoleKey).(string) + if !ok || (userRole != "admin" && userRole != "expertise_doctor") { + h.logger.Warn("Unauthorized attempt to generate shortlink", + zap.String("role", userRole)) + http.Error(w, "Only admin or expertise doctor can generate short links", http.StatusForbidden) + return + } + + // Parse request body + var req models.GenerateShortLinkRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + h.logger.Error("Failed to parse shortlink generation request", zap.Error(err)) + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + // Get user ID from context + userID, ok := r.Context().Value(middleware.UserIDKey).(string) + if !ok { + h.logger.Error("User ID not found in context") + http.Error(w, "User context not found", http.StatusInternalServerError) + return + } + + // Generate shortlink using configured baseURL from service + response, err := h.shortLinkService.GenerateShortLink(&req, userID) + if err != nil { + h.logger.Error("Failed to generate shortlink", + zap.Error(err), + zap.String("patientID", req.PatientID), + zap.String("studyUID", req.StudyUID)) + + statusCode := http.StatusInternalServerError + message := "Failed to generate shortlink" + + if err == service.ErrInvalidStudyUID { + statusCode = http.StatusBadRequest + message = "Invalid StudyInstanceUID" + } + + http.Error(w, message, statusCode) + return + } + + // Log successful shortlink generation + h.logger.Info("Shortlink generated successfully", + zap.String("token", response.ShortToken), + zap.String("patientID", req.PatientID), + zap.String("studyUID", req.StudyUID), + zap.String("createdBy", userID)) + + // Return response + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusCreated) + json.NewEncoder(w).Encode(response) +} + +// ShortLinkAuth handles authentication requests using shortlinks +func (h *ShortLinkHandler) ShortLinkAuth(w http.ResponseWriter, r *http.Request) { + // Parse request body + var req models.ShortLinkAuthRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + h.logger.Error("Failed to parse shortlink auth request", zap.Error(err)) + http.Error(w, "Invalid request body", http.StatusBadRequest) + return + } + + // Validate and authenticate + response, err := h.shortLinkService.AuthenticateWithShortLink(&req) + if err != nil { + h.logger.Warn("Shortlink authentication failed", + zap.Error(err), + zap.String("token", req.ShortToken)) + + statusCode := http.StatusUnauthorized + message := "Authentication failed" + + switch err { + case service.ErrShortLinkNotFound, service.ErrShortLinkExpired: + message = "Short link not found or expired" + case service.ErrInvalidDOB: + message = "Invalid date of birth" + case service.ErrTooManyAttempts: + message = "Too many failed attempts" + } + + http.Error(w, message, statusCode) + return + } + + // Log successful authentication + h.logger.Info("Shortlink authentication successful", + zap.String("token", req.ShortToken)) + + // Return response + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusOK) + json.NewEncoder(w).Encode(response) +} diff --git a/internal/api/middleware/auth.go b/internal/api/middleware/auth.go new file mode 100644 index 0000000..4a1a689 --- /dev/null +++ b/internal/api/middleware/auth.go @@ -0,0 +1,234 @@ +package middleware + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "regexp" + "strings" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/service" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/auth" + "go.uber.org/zap" +) + +type contextKey string + +const ( + UserIDKey contextKey = "user_id" + UserRoleKey contextKey = "user_role" + UserEmailKey contextKey = "user_email" + ClaimsKey contextKey = "auth_claims" // Use this same key everywhere +) + +// WhitelistedEndpoints contains paths that can be accessed without authentication +var WhitelistedEndpoints = []*regexp.Regexp{ + // Study by UID + regexp.MustCompile(`^/dicomWeb/studies\?.*StudyInstanceUID=.+`), + + // Frame endpoint + regexp.MustCompile(`^/dicomWeb/studies/[^/]+/series/[^/]+/instances/[^/]+/frames/\d+$`), +} + +// Auth middleware authenticates requests using JWT tokens +func Auth(authService *service.AuthService, logger *zap.Logger) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Get authorization header + authHeader := r.Header.Get("Authorization") + if authHeader == "" { + logger.Warn("Missing Authorization header", zap.String("path", r.URL.Path)) + respondWithError(w, http.StatusUnauthorized, "missing authorization header") + return + } + + // Extract token from Bearer token + bearerToken := strings.Split(authHeader, " ") + if len(bearerToken) != 2 || strings.ToLower(bearerToken[0]) != "bearer" { + logger.Warn("Invalid Authorization header format", zap.String("header", authHeader)) + respondWithError(w, http.StatusUnauthorized, "invalid authorization format") + return + } + + token := bearerToken[1] + + // Validate token + claims, err := authService.ValidateToken(token) + if err != nil { + logger.Warn("Invalid or expired token", zap.Error(err)) + respondWithError(w, http.StatusUnauthorized, "invalid or expired token") + return + } + + // Check token type + if claims.TokenType != "access" { + logger.Warn("Invalid token type", zap.String("tokenType", claims.TokenType)) + respondWithError(w, http.StatusUnauthorized, "invalid token type") + return + } + + // Add user info to request context + ctx := context.WithValue(r.Context(), UserIDKey, claims.UserID) + ctx = context.WithValue(ctx, UserRoleKey, claims.Role) + ctx = context.WithValue(ctx, UserEmailKey, claims.Email) // TODO: Apakah kita perlu param email untuk generate access token? + + // Store the claims with the defined context key + ctx = context.WithValue(ctx, ClaimsKey, claims) + + // Log successful authentication + logger.Debug("Auth middleware: Token validated", + zap.String("userID", claims.UserID), + zap.String("role", claims.Role)) + + // Continue with the request + next.ServeHTTP(w, r.WithContext(ctx)) + }) + } +} + +// RoleRequired middleware checks if user has the required role +func RoleRequired(roles ...string) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Check if the request path is whitelisted first + path := r.URL.Path + if r.URL.RawQuery != "" { + path = path + "?" + r.URL.RawQuery + } + + for _, pattern := range WhitelistedEndpoints { + if pattern.MatchString(path) { + // Path is whitelisted, skip role check + next.ServeHTTP(w, r) + return + } + } + + // Get user role from context + userRole, ok := r.Context().Value(UserRoleKey).(string) + if !ok { + respondWithError(w, http.StatusUnauthorized, "user context not found") + return + } + + // Check if user has one of the required roles + hasRole := false + for _, role := range roles { + if userRole == role { + hasRole = true + break + } + } + + if !hasRole { + respondWithError(w, http.StatusForbidden, "insufficient permissions") + return + } + + // Continue with the request + next.ServeHTTP(w, r) + }) + } +} + +// PatientViewRestriction ensures patients can only access their own studies +func PatientViewRestriction(logger *zap.Logger) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Get claims from context using the defined key + claimsValue := r.Context().Value(ClaimsKey) + if claimsValue == nil { + logger.Error("Missing claims in context - PatientViewRestriction middleware", + zap.String("path", r.URL.Path), + zap.String("method", r.Method)) + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + + claims, ok := claimsValue.(*auth.CustomClaims) + if !ok { + logger.Error("Invalid claims type in context", + zap.String("type", fmt.Sprintf("%T", claimsValue))) + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + + logger.Debug("PatientViewRestriction: Got claims from context", + zap.String("userID", claims.UserID), + zap.String("role", claims.Role)) + + // Only apply restrictions to patient role + if claims.Role != "patient" { + // For non-patient roles, continue with the request + next.ServeHTTP(w, r) + return + } + + // Parse the path to extract StudyInstanceUID if present + path := r.URL.Path + parts := strings.Split(path, "/") + + // Check if this is a study-specific request + var requestedStudyUID string + for i, part := range parts { + if part == "studies" && i+1 < len(parts) { + requestedStudyUID = parts[i+1] + break + } + } + + // If there's no study UID in the path, check query parameters + if requestedStudyUID == "" { + queryStudyUID := r.URL.Query().Get("StudyInstanceUID") + if queryStudyUID != "" { + requestedStudyUID = queryStudyUID + } + } + + // If a study is being requested, verify patient has access + if requestedStudyUID != "" && len(claims.StudyIUIDs) > 0 { + // Check if the requested study is authorized + isAuthorized := false + + for _, studyUID := range claims.StudyIUIDs { + if studyUID == requestedStudyUID { + isAuthorized = true + logger.Debug("Patient authorized to access study", + zap.String("userID", claims.UserID), + zap.String("requestedStudy", requestedStudyUID)) + break + } + } + + // If not authorized, return 403 Forbidden + if !isAuthorized { + logger.Warn("Patient attempted to access unauthorized study", + zap.String("userID", claims.UserID), + zap.String("role", claims.Role), + zap.String("requestedStudy", requestedStudyUID), + zap.Strings("authorizedStudies", claims.StudyIUIDs)) + + // Return 403 Forbidden with a clear message + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusForbidden) + json.NewEncoder(w).Encode(map[string]string{ + "error": "Access denied: You do not have permission to view this study", + "code": "forbidden_study_access", + }) + return + } + } + + // Patient has access or is requesting a list (which will be filtered) + next.ServeHTTP(w, r) + }) + } +} + +// Helper function to respond with an error +func respondWithError(w http.ResponseWriter, statusCode int, message string) { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(statusCode) + json.NewEncoder(w).Encode(map[string]string{"error": message}) +} diff --git a/internal/api/middleware/logging.go b/internal/api/middleware/logging.go new file mode 100644 index 0000000..bd593de --- /dev/null +++ b/internal/api/middleware/logging.go @@ -0,0 +1,61 @@ +package middleware + +import ( + "net/http" + "time" + + "github.com/go-chi/chi/v5/middleware" + "go.uber.org/zap" +) + +// Logger middleware adds request logging +func Logger(logger *zap.Logger) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + start := time.Now() + + // Create a wrapped response writer to capture the status code + ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor) + + // Process request + next.ServeHTTP(ww, r) + + // Calculate request time + latency := time.Since(start) + + // Log request details + logger.Info("API Request", + zap.String("method", r.Method), + zap.String("path", r.URL.Path), + zap.String("query", r.URL.RawQuery), + zap.Int("status", ww.Status()), + zap.Duration("latency", latency), + zap.String("ip", r.RemoteAddr), + zap.String("user-agent", r.UserAgent()), + zap.Int("bytes", ww.BytesWritten()), + ) + }) + } +} + +// AuditLog middleware records detailed information about DICOM requests +func AuditLog(logger *zap.Logger) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Extract user info (placeholder for now) + userID := "TODO: userID" + + // Process request + ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor) + next.ServeHTTP(ww, r) + + // Audit log after request completes + logger.Info("DICOM Access", + zap.String("userID", userID), + zap.String("action", r.Method), + zap.String("resource", r.URL.Path), + zap.Int("status", ww.Status()), + ) + }) + } +} diff --git a/internal/api/models/doctor.go b/internal/api/models/doctor.go new file mode 100644 index 0000000..5623a79 --- /dev/null +++ b/internal/api/models/doctor.go @@ -0,0 +1,8 @@ +package models + +// DoctorDetails contains doctor-specific data +type DoctorDetails struct { + DoctorID string `json:"doctor_id"` + DoctorName string `json:"doctor_name"` + Type string `json:"type"` // "ref_doctor" or "expertise_doctor" +} diff --git a/internal/api/models/mock_data.go b/internal/api/models/mock_data.go new file mode 100644 index 0000000..786ca64 --- /dev/null +++ b/internal/api/models/mock_data.go @@ -0,0 +1,112 @@ +package models + +// MockUsers represents a mock database of users +var MockUsers = []User{ + { + ID: "1", + Email: "admin", + Role: "expertise_doctor", + Name: "Admin User", + CreatedAt: "2025-01-01T00:00:00Z", + UpdatedAt: "2025-01-01T00:00:00Z", + }, + { + ID: "2", + Email: "patient", + Role: "patient", + Name: "Patient User", + CreatedAt: "2025-01-01T00:00:00Z", + UpdatedAt: "2025-01-01T00:00:00Z", + }, + { + ID: "3", + Email: "doctor", + Role: "ref_doctor", + Name: "DR. HERWINDO RIDWAN, SP.OT", + CreatedAt: "2025-01-01T00:00:00Z", + UpdatedAt: "2025-01-01T00:00:00Z", + }, + { + ID: "4", + Email: "patient2", + Role: "patient", + Name: "Patient Two", + CreatedAt: "2025-01-01T00:00:00Z", + UpdatedAt: "2025-01-01T00:00:00Z", + }, + { + ID: "5", + Email: "doctor2", + Role: "ref_doctor", + Name: "Referring^Physician", + CreatedAt: "2025-01-01T00:00:00Z", + UpdatedAt: "2025-01-01T00:00:00Z", + }, +} + +// PatientData represents additional data for patients +type PatientData struct { + PatientID string `json:"patient_id"` + UserID string `json:"user_id"` + StudyIUIDs []string `json:"study_iuids"` + AccessionNumbers []string `json:"accession_numbers"` + PatientName string `json:"patient_name"` + ReferringPhysician string `json:"referring_physician"` +} + +// MockPatients represents a mock database of patient data +var MockPatients = []PatientData{ + { + PatientID: "00211622", + UserID: "2", + StudyIUIDs: []string{"1.2.826.0.1.3680043.9.7307.1.20180530066", "1.2.826.0.1.3680043.9.7307.1.20180713036"}, + AccessionNumbers: []string{"CR.180530.066", "CR.180713.036"}, + PatientName: "DIDIT SUYATNA^R.10049.18", + ReferringPhysician: "DR. HERWINDO RIDWAN, SP.OT", + }, + { + PatientID: "MR00000359", + UserID: "4", + StudyIUIDs: []string{"1.2.826.0.1.3680043.9.7307.1.202503196393.01"}, + AccessionNumbers: []string{"CR.250319.6393.01"}, + PatientName: "Bobon Santoso", + ReferringPhysician: "DR. HERWINDO RIDWAN, SP.OT", + }, +} + +// FindUserByCredentials finds a user by email and password (mock authentication) +func FindUserByCredentials(email, password string) *User { + // In a real implementation, you would hash passwords + // For the mock, we'll just match email and assume password is the same as email + if password != email { + return nil + } + + for _, user := range MockUsers { + if user.Email == email { + return &user + } + } + return nil +} + +// FindPatientDataByUserID finds patient data by user ID +func FindPatientDataByUserID(userID string) *PatientData { + for _, patient := range MockPatients { + if patient.UserID == userID { + return &patient + } + } + return nil +} + +// FindStudiesByReferringPhysician returns all study IUIDs that belong to a referring physician +func FindStudiesByReferringPhysician(physicianName string) []string { + var studies []string + for _, patient := range MockPatients { + if patient.ReferringPhysician == physicianName { + studies = append(studies, patient.StudyIUIDs...) + } + } + return studies +} diff --git a/internal/api/models/patient.go b/internal/api/models/patient.go new file mode 100644 index 0000000..4647c8e --- /dev/null +++ b/internal/api/models/patient.go @@ -0,0 +1,19 @@ +package models + +// PatientDetails contains patient-specific data +type PatientDetails struct { + PatientID string `json:"patient_id"` + PatientName string `json:"patient_name"` + DateOfBirth string `json:"date_of_birth"` // YYYY-MM-DD format + StudyInstanceUIDs []string `json:"study_instance_uids,omitempty"` + AccessionNumbers []string `json:"accession_numbers,omitempty"` +} + +// Study represents a DICOM study associated with a patient +type Study struct { + StudyInstanceUID string `json:"study_instance_uid"` + AccessionNumber string `json:"accession_number,omitempty"` + StudyDate string `json:"study_date,omitempty"` + StudyDescription string `json:"study_description,omitempty"` + Modalities string `json:"modalities,omitempty"` +} diff --git a/internal/api/models/shortlink.go b/internal/api/models/shortlink.go new file mode 100644 index 0000000..2acfb73 --- /dev/null +++ b/internal/api/models/shortlink.go @@ -0,0 +1,53 @@ +package models + +// ShortLink represents a short URL token for patient access +type ShortLink struct { + ID string `db:"id" json:"id"` + Token string `db:"token" json:"token"` // The short token used in the URL + PatientID string `db:"patient_id" json:"patient_id"` + StudyUID string `db:"study_uid" json:"study_uid"` // The StudyInstanceUID this token grants access to + HashedDOB string `db:"hashed_dob" json:"-"` // Hashed Date of Birth for verification + ExpiresAt string `db:"expires_at" json:"expires_at"` + IsRevoked bool `db:"is_revoked" json:"is_revoked"` + CreatedAt string `db:"created_at" json:"created_at"` + CreatedByID string `db:"created_by_id" json:"created_by_id"` // ID of admin who created this + RemainingTries int `db:"remaining_tries" json:"-"` // Number of failed attempts allowed +} + +// GenerateShortLinkRequest represents request to create a short URL +type GenerateShortLinkRequest struct { + PatientID string `json:"patient_id"` + StudyUID string `json:"study_uid"` + DOB string `json:"dob"` // Date of birth in YYYY-MM-DD format + ExpiresIn int `json:"expires_in"` // Expiry in hours (optional, defaults to 72) +} + +// GenerateShortLinkResponse is the response for a generated short link +type GenerateShortLinkResponse struct { + ShortToken string `json:"short_token"` + FullURL string `json:"full_url"` + ExpiresAt string `json:"expires_at"` + IsExisting bool `json:"is_existing"` // Indicates if this is an existing link that was reused +} + +// ShortLinkAuthRequest represents the shortlink authentication request +type ShortLinkAuthRequest struct { + ShortToken string `json:"short_token,omitempty"` // The original field + ShortTokenAlt string `json:"shortToken,omitempty"` // Support for camelCase naming from OHIF + DOB string `json:"dob"` // Date of birth in YYYY-MM-DD format +} + +func (r *ShortLinkAuthRequest) GetToken() string { + // Use ShortTokenAlt if ShortToken is empty + if r.ShortToken == "" { + return r.ShortTokenAlt + } + return r.ShortToken +} + +// ShortLinkAuthResponse is the response for successful shortlink authentication +type ShortLinkAuthResponse struct { + AccessToken string `json:"access_token"` + ExpiresIn int `json:"expires_in"` // Token expiry in seconds + RedirectURL string `json:"redirect_url"` +} diff --git a/internal/api/models/user.go b/internal/api/models/user.go new file mode 100644 index 0000000..32f5568 --- /dev/null +++ b/internal/api/models/user.go @@ -0,0 +1,46 @@ +package models + +// User represents a system user +type User struct { + ID string `db:"id" json:"id"` + Email string `db:"email" json:"email"` + Password string `db:"password" json:"-"` // Never expose password in JSON + Role string `db:"role" json:"role"` + Name string `db:"name" json:"name"` + CreatedAt string `db:"created_at" json:"created_at"` + UpdatedAt string `db:"updated_at" json:"updated_at"` +} + +// RefreshToken represents a refresh token stored in the database +type RefreshToken struct { + ID string `db:"id" json:"id"` + UserID string `db:"user_id" json:"user_id"` + Token string `db:"token" json:"token"` + ExpiresAt string `db:"expires_at" json:"expires_at"` + IsRevoked bool `db:"is_revoked" json:"is_revoked"` + CreatedAt string `db:"created_at" json:"created_at"` +} + +// LoginRequest represents the login form data +type LoginRequest struct { + Email string `json:"email"` + Password string `json:"password"` +} + +// LoginResponse is the response sent after successful login +type LoginResponse struct { + AccessToken string `json:"access_token"` + RefreshToken string `json:"refresh_token"` + User *User `json:"user"` + RedirectURL string `json:"redirect_url"` +} + +// RefreshRequest represents the refresh token request +type RefreshRequest struct { + RefreshToken string `json:"refresh_token"` +} + +// RefreshResponse is the response for a token refresh +type RefreshResponse struct { + AccessToken string `json:"access_token"` +} diff --git a/internal/api/repository/doctor.go b/internal/api/repository/doctor.go new file mode 100644 index 0000000..e0ddb24 --- /dev/null +++ b/internal/api/repository/doctor.go @@ -0,0 +1,59 @@ +package repository + +import ( + "fmt" + "time" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/database" + "github.com/jmoiron/sqlx" +) + +// DBDoctor represents a doctor from the database +type DBDoctor struct { + ID int `db:"id"` + Doctor_UsersID string `db:"Doctor_UsersID"` + DoctorID string `db:"DoctorID"` + DoctorName string `db:"DoctorName"` + DoctorCreatedAt time.Time `db:"DoctorCreatedAt"` + DoctorLastUpdatedAt time.Time `db:"DoctorLastUpdatedAt"` +} + +// DoctorRepository handles database operations related to doctors +type DoctorRepository struct { + *Repository +} + +// NewDoctorRepository creates a new doctor repository +func NewDoctorRepository() *DoctorRepository { + return &DoctorRepository{ + Repository: NewRepository(), + } +} + +// GetDoctorDetailsByUserID retrieves doctor details for a user +func (r *DoctorRepository) GetDoctorDetailsByUserID(userID string) (*DBDoctor, error) { + var dbDoctor DBDoctor + + query := `SELECT * FROM doctor WHERE Doctor_UsersID = ?` + err := database.DB.Get(&dbDoctor, query, userID) + + if err != nil { + return nil, fmt.Errorf("database error getting doctor details: %w", err) + } + + return &dbDoctor, nil +} + +// CreateDoctorTx creates a new doctor record within a transaction +func (r *DoctorRepository) CreateDoctorTx(tx *sqlx.Tx, doctorDetails *models.DoctorDetails, userID string) error { + query := `INSERT INTO doctor (Doctor_UsersID, DoctorID, DoctorName, DoctorCreatedAt, DoctorLastUpdatedAt) + VALUES (?, ?, ?, NOW(), NOW())` + + _, err := tx.Exec(query, userID, doctorDetails.DoctorID, doctorDetails.DoctorName) + if err != nil { + return fmt.Errorf("database error creating doctor: %w", err) + } + + return nil +} diff --git a/internal/api/repository/patient.go b/internal/api/repository/patient.go new file mode 100644 index 0000000..33e035d --- /dev/null +++ b/internal/api/repository/patient.go @@ -0,0 +1,82 @@ +package repository + +import ( + "database/sql" + "fmt" + "time" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/database" + "github.com/jmoiron/sqlx" +) + +// DBPatient represents a patient from the database +type DBPatient struct { + ID int `db:"id"` + Patient_UsersID string `db:"Patient_UsersID"` + PatientMedrec string `db:"PatientMedrec"` + PatientName string `db:"PatientName"` + PatientDoB time.Time `db:"PatientDoB"` + PatientCreatedAt time.Time `db:"PatientCreatedAt"` + PatientUpdatedAt time.Time `db:"PatientUpdatedAt"` +} + +// PatientRepository handles database operations related to patients +type PatientRepository struct { + *Repository +} + +// NewPatientRepository creates a new patient repository +func NewPatientRepository() *PatientRepository { + return &PatientRepository{ + Repository: NewRepository(), + } +} + +// GetPatientDetailsByUserID retrieves patient details for a user +func (r *PatientRepository) GetPatientDetailsByUserID(userID string) (*models.PatientDetails, error) { + var dbPatient DBPatient + + query := `SELECT * FROM patient WHERE Patient_UsersID = ?` + err := database.DB.Get(&dbPatient, query, userID) + + if err != nil { + if err == sql.ErrNoRows { + return nil, nil + } + return nil, fmt.Errorf("database error getting patient details: %w", err) + } + + // Create StudyRepository to get patient studies + studyRepo := NewStudyRepository() + studyUIDs, accessionNumbers, err := studyRepo.GetPatientStudies(dbPatient.PatientMedrec) + if err != nil { + return nil, err + } + + return &models.PatientDetails{ + PatientID: dbPatient.PatientMedrec, + PatientName: dbPatient.PatientName, + StudyInstanceUIDs: studyUIDs, + AccessionNumbers: accessionNumbers, + }, nil +} + +// CreatePatientTx creates a new patient record within a transaction +func (r *PatientRepository) CreatePatientTx(tx *sqlx.Tx, patientRecord *models.PatientDetails, userID string) error { + // Parse DOB to time.Time. 2006-1-02 = reference format YYYY-MM-DD in Go, not a default value + dob, err := time.Parse("2006-01-02", patientRecord.DateOfBirth) + if err != nil { + return fmt.Errorf("invalid date of birth format: %w", err) + } + + query := `INSERT INTO patient (Patient_UsersID, PatientMedrec, PatientName, PatientDoB, PatientCreatedAt, PatientUpdatedAt) + VALUES (?, ?, ?, ?, NOW(), NOW())` + + _, err = tx.Exec(query, userID, patientRecord.PatientID, patientRecord.PatientName, dob) + if err != nil { + return fmt.Errorf("database error creating patient: %w", err) + } + + return nil +} diff --git a/internal/api/repository/repository.go b/internal/api/repository/repository.go new file mode 100644 index 0000000..f984247 --- /dev/null +++ b/internal/api/repository/repository.go @@ -0,0 +1,23 @@ +package repository + +import ( + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/database" + "github.com/jmoiron/sqlx" +) + +// Repository provides a base interface to the database +type Repository struct { + db *sqlx.DB // Changed from *sql.DB to *sqlx.DB +} + +// NewRepository creates a new database repository +func NewRepository() *Repository { + return &Repository{ + db: database.DB, + } +} + +// Close closes the database connection (no-op as DB is managed by database package) +func (r *Repository) Close() error { + return nil +} diff --git a/internal/api/repository/shortlink.go b/internal/api/repository/shortlink.go new file mode 100644 index 0000000..2c158f7 --- /dev/null +++ b/internal/api/repository/shortlink.go @@ -0,0 +1,167 @@ +package repository + +import ( + "database/sql" + "fmt" + "strconv" + "time" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/database" + "github.com/jmoiron/sqlx" +) + +// DBShortLink represents a shortlink from the database +type DBShortLink struct { + ShortlinkID int `db:"ShortlinkID"` + ShortlinkCode string `db:"ShortlinkCode"` + Shortlink_PatientID string `db:"Shortlink_PatientID"` + Shortlink_Study_IUID string `db:"Shortlink_Study_IUID"` + ShortlinkHashDoB string `db:"ShortlinkHashDoB"` + ShortlinkExpiredAt time.Time `db:"ShortlinkExpiredAt"` + ShortlinkIsRevoked bool `db:"ShortlinkIsRevoked"` + ShortlinkRemainingTries int `db:"ShortlinkRemainingTries"` + ShortlinkCreatedAt time.Time `db:"ShortlinkCreatedAt"` + ShortlinkCreate_UserID int `db:"ShortlinkCreate_UserID"` +} + +// ShortLinkRepository handles database operations related to shortlinks +type ShortLinkRepository struct { + *Repository +} + +// NewShortLinkRepository creates a new shortlink repository +func NewShortLinkRepository() *ShortLinkRepository { + return &ShortLinkRepository{ + Repository: NewRepository(), + } +} + +// ToShortLink converts a DBShortLink to a ShortLink model +func (s *DBShortLink) ToShortLink() *models.ShortLink { + return &models.ShortLink{ + ID: fmt.Sprintf("%d", s.ShortlinkID), + Token: s.ShortlinkCode, + PatientID: s.Shortlink_PatientID, + StudyUID: s.Shortlink_Study_IUID, + HashedDOB: s.ShortlinkHashDoB, + ExpiresAt: s.ShortlinkExpiredAt.Format(time.RFC3339), + IsRevoked: s.ShortlinkIsRevoked, + RemainingTries: s.ShortlinkRemainingTries, + CreatedAt: s.ShortlinkCreatedAt.Format(time.RFC3339), + CreatedByID: fmt.Sprintf("%d", s.ShortlinkCreate_UserID), + } +} + +// GetShortLinkByToken retrieves a shortlink by token +func (r *ShortLinkRepository) GetShortLinkByToken(token string) (*models.ShortLink, error) { + var dbShortLink DBShortLink + + query := `SELECT * FROM shortlink WHERE ShortlinkCode = ?` + err := database.DB.Get(&dbShortLink, query, token) + + if err != nil { + if err == sql.ErrNoRows { + return nil, nil + } + return nil, fmt.Errorf("database error getting shortlink: %w", err) + } + + return dbShortLink.ToShortLink(), nil +} + +// CreateShortLinkTx stores a new shortlink in the database within a transaction +func (r *ShortLinkRepository) CreateShortLinkTx(tx *sqlx.Tx, shortLink *models.ShortLink) error { + query := `INSERT INTO shortlink ( + ShortlinkCode, + Shortlink_PatientID, + Shortlink_Study_IUID, + ShortlinkHashDoB, + ShortlinkExpiredAt, + ShortlinkIsRevoked, + ShortlinkRemainingTries, + ShortlinkCreatedAt, + ShortlinkCreate_UserID) + VALUES (?, ?, ?, ?, ?, ?, ?, NOW(), ?)` + + createdByID, err := strconv.Atoi(shortLink.CreatedByID) + if err != nil { + return fmt.Errorf("invalid created by ID: %w", err) + } + + expiresAt, err := time.Parse(time.RFC3339, shortLink.ExpiresAt) + if err != nil { + return fmt.Errorf("invalid expiration date: %w", err) + } + + _, err = tx.Exec( + query, + shortLink.Token, + shortLink.PatientID, + shortLink.StudyUID, + shortLink.HashedDOB, + expiresAt, + shortLink.IsRevoked, + shortLink.RemainingTries, + createdByID, + ) + + if err != nil { + return fmt.Errorf("database error creating shortlink: %w", err) + } + + return nil +} + +// UpdateShortLinkTx updates an existing shortlink in the database within a transaction +func (r *ShortLinkRepository) UpdateShortLinkTx(tx *sqlx.Tx, shortLink *models.ShortLink) error { + query := `UPDATE shortlink SET + ShortlinkIsRevoked = ?, + ShortlinkRemainingTries = ?, + ShortlinkExpiredAt = ? + WHERE ShortlinkCode = ?` + + expiresAt, err := time.Parse(time.RFC3339, shortLink.ExpiresAt) + if err != nil { + return fmt.Errorf("invalid expiration date: %w", err) + } + + _, err = tx.Exec( + query, + shortLink.IsRevoked, + shortLink.RemainingTries, + expiresAt, + shortLink.Token, + ) + + if err != nil { + return fmt.Errorf("database error updating shortlink: %w", err) + } + + return nil +} + +// GetActiveShortLinkByPatientAndStudy retrieves an active (unexpired, not revoked) shortlink +// for the given patient ID and study UID +func (r *ShortLinkRepository) GetActiveShortLinkByPatientAndStudy(patientID string, studyUID string) (*models.ShortLink, error) { + var dbShortLink DBShortLink + + query := `SELECT * FROM shortlink + WHERE Shortlink_PatientID = ? + AND Shortlink_Study_IUID = ? + AND ShortlinkExpiredAt > NOW() + AND ShortlinkIsRevoked = FALSE + ORDER BY ShortlinkExpiredAt DESC + LIMIT 1` + + err := database.DB.Get(&dbShortLink, query, patientID, studyUID) + + if err != nil { + if err == sql.ErrNoRows { + return nil, nil + } + return nil, fmt.Errorf("database error getting active shortlink: %w", err) + } + + return dbShortLink.ToShortLink(), nil +} diff --git a/internal/api/repository/study.go b/internal/api/repository/study.go new file mode 100644 index 0000000..2d02c51 --- /dev/null +++ b/internal/api/repository/study.go @@ -0,0 +1,100 @@ +package repository + +import ( + "fmt" + "time" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/database" + "github.com/jmoiron/sqlx" +) + +// DBStudy represents a study from the database +type DBStudy struct { + ID int `db:"id"` + Study_PatientID string `db:"Study_PatientID"` + StudyIUID string `db:"StudyIUID"` + StudyAccessionNumber string `db:"StudyAccessionNumber"` + StudyDate time.Time `db:"StudyDate"` + StudyCreatedAt time.Time `db:"StudyCreatedAt"` + StudyUpdatedAt time.Time `db:"StudyUpdatedAt"` +} + +// StudyRepository handles database operations related to studies +type StudyRepository struct { + *Repository +} + +// NewStudyRepository creates a new study repository +func NewStudyRepository() *StudyRepository { + return &StudyRepository{ + Repository: NewRepository(), + } +} + +// GetPatientStudies retrieves all studies for a patient +func (r *StudyRepository) GetPatientStudies(patientID string) ([]string, []string, error) { + var studies []DBStudy + + query := `SELECT * FROM study WHERE Study_PatientID = ?` + err := database.DB.Select(&studies, query, patientID) + + if err != nil { + return nil, nil, fmt.Errorf("database error getting patient studies: %w", err) + } + + var studyUIDs []string + var accessionNumbers []string + + for _, study := range studies { + studyUIDs = append(studyUIDs, study.StudyIUID) + if study.StudyAccessionNumber != "" { + accessionNumbers = append(accessionNumbers, study.StudyAccessionNumber) + } + } + + return studyUIDs, accessionNumbers, nil +} + +// GetStudyByUID retrieves a study by its UID +func (r *StudyRepository) GetStudyByUID(studyUID string) (*DBStudy, error) { + var study DBStudy + + query := `SELECT * FROM study WHERE StudyIUID = ?` + err := database.DB.Get(&study, query, studyUID) + + if err != nil { + return nil, fmt.Errorf("database error getting study: %w", err) + } + + return &study, nil +} + +// CreateStudyTx creates a new study record for a patient within a transaction +func (r *StudyRepository) CreateStudyTx(tx *sqlx.Tx, patientID string, study models.Study) error { + // Parse study date if provided + var studyDate *time.Time + if study.StudyDate != "" { + parsedTime, err := time.Parse("2006-01-02", study.StudyDate) + if err != nil { + return fmt.Errorf("invalid study date format: %w", err) + } + studyDate = &parsedTime + } + + query := `INSERT INTO study + (Study_PatientID, StudyIUID, StudyAccessionNumber, StudyDate, StudyCreatedAt, StudyUpdatedAt) + VALUES (?, ?, ?, ?, NOW(), NOW())` + + _, err := tx.Exec(query, + patientID, + study.StudyInstanceUID, + study.AccessionNumber, + studyDate) + + if err != nil { + return fmt.Errorf("database error creating study: %w", err) + } + + return nil +} diff --git a/internal/api/repository/user.go b/internal/api/repository/user.go new file mode 100644 index 0000000..957bedd --- /dev/null +++ b/internal/api/repository/user.go @@ -0,0 +1,169 @@ +package repository + +import ( + "database/sql" + "fmt" + "time" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/database" + "github.com/jmoiron/sqlx" + "golang.org/x/crypto/bcrypt" +) + +// DBUser represents a user from the database +type DBUser struct { + UserID int `db:"UserID"` + UserEmail string `db:"UserEmail"` + UserPassword string `db:"UserPassword"` + UserRole string `db:"UserRole"` + UserName string `db:"UserName"` + UserCreatedAt time.Time `db:"UserCreatedAt"` + UserUpdatedAt time.Time `db:"UserUpdatedAt"` +} + +// DBRefreshToken represents a refresh token from the database +type DBRefreshToken struct { + ID int `db:"id"` + Token string `db:"token"` + UserID string `db:"user_id"` + ExpiresAt time.Time `db:"expires_at"` + IsRevoked bool `db:"is_revoked"` + CreatedAt time.Time `db:"created_at"` +} + +// UserRepository handles database operations related to users +type UserRepository struct { + *Repository +} + +// NewUserRepository creates a new user repository +func NewUserRepository() *UserRepository { + return &UserRepository{ + Repository: NewRepository(), + } +} + +// ToUser converts a DBUser to a User model +func (u *DBUser) ToUser() *models.User { + return &models.User{ + ID: fmt.Sprintf("%d", u.UserID), + Email: u.UserEmail, + Password: u.UserPassword, + Role: u.UserRole, + Name: u.UserName, + CreatedAt: u.UserCreatedAt.Format(time.RFC3339), + UpdatedAt: u.UserUpdatedAt.Format(time.RFC3339), + } +} + +// GetUserByEmail retrieves a user by email +func (r *UserRepository) GetUserByEmail(email string) (*models.User, error) { + var dbUser DBUser + + query := `SELECT * FROM user WHERE UserEmail = ?` + err := database.DB.Get(&dbUser, query, email) + + if err != nil { + if err == sql.ErrNoRows { + return nil, nil + } + return nil, fmt.Errorf("database error getting user by email: %w", err) + } + + return dbUser.ToUser(), nil +} + +// GetUserByID retrieves a user by ID +func (r *UserRepository) GetUserByID(id string) (*models.User, error) { + var dbUser DBUser + + query := `SELECT * FROM user WHERE UserID = ?` + err := database.DB.Get(&dbUser, query, id) + + if err != nil { + if err == sql.ErrNoRows { + return nil, nil + } + return nil, fmt.Errorf("database error getting user by ID: %w", err) + } + + return dbUser.ToUser(), nil +} + +// StoreRefreshToken saves a refresh token to the database +func (r *UserRepository) StoreRefreshToken(userID string, token string, expiresAt time.Time) error { + query := `INSERT INTO refresh_tokens (token, user_id, expires_at, is_revoked, created_at) + VALUES (?, ?, ?, false, NOW())` + + _, err := database.DB.Exec(query, token, userID, expiresAt) + + if err != nil { + return fmt.Errorf("database error storing refresh token: %w", err) + } + + return nil +} + +// GetRefreshToken retrieves a refresh token from the database +func (r *UserRepository) GetRefreshToken(token string) (*models.RefreshToken, error) { + var dbToken DBRefreshToken + + query := `SELECT * FROM refresh_tokens WHERE token = ?` + err := database.DB.Get(&dbToken, query, token) + + if err != nil { + if err == sql.ErrNoRows { + return nil, nil + } + return nil, fmt.Errorf("database error getting refresh token: %w", err) + } + + return &models.RefreshToken{ + ID: fmt.Sprintf("%d", dbToken.ID), + UserID: dbToken.UserID, + Token: dbToken.Token, + ExpiresAt: dbToken.ExpiresAt.Format(time.RFC3339), + IsRevoked: dbToken.IsRevoked, + CreatedAt: dbToken.CreatedAt.Format(time.RFC3339), + }, nil +} + +// RevokeRefreshToken marks a refresh token as revoked +func (r *UserRepository) RevokeRefreshToken(token string) error { + query := `UPDATE refresh_tokens SET is_revoked = true WHERE token = ?` + _, err := database.DB.Exec(query, token) + + if err != nil { + return fmt.Errorf("database error revoking refresh token: %w", err) + } + + return nil +} + +// CreateUserTx creates a new user within a transaction +func (r *UserRepository) CreateUserTx(tx *sqlx.Tx, user *models.User) error { + // Hash the password before storing + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(user.Password), bcrypt.DefaultCost) + if err != nil { + return fmt.Errorf("failed to hash password: %w", err) + } + + query := `INSERT INTO user (UserEmail, UserPassword, UserRole, UserName, UserCreatedAt, UserUpdatedAt) + VALUES (?, ?, ?, ?, NOW(), NOW())` + + result, err := tx.Exec(query, user.Email, string(hashedPassword), user.Role, user.Name) + if err != nil { + return fmt.Errorf("database error creating user: %w", err) + } + + // Get the last inserted ID + id, err := result.LastInsertId() + if err != nil { + return fmt.Errorf("failed to get last insert ID: %w", err) + } + + // Update the user ID + user.ID = fmt.Sprintf("%d", id) + return nil +} diff --git a/internal/api/routes.go b/internal/api/routes.go new file mode 100644 index 0000000..efd7a33 --- /dev/null +++ b/internal/api/routes.go @@ -0,0 +1,142 @@ +package api + +import ( + "net/http" + "time" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/config" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/handlers" + apiMiddleware "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/middleware" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/service" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/auth" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/proxy" + + "github.com/go-chi/chi/v5" + "github.com/go-chi/chi/v5/middleware" + "github.com/go-chi/cors" + "go.uber.org/zap" +) + +// SetupRouter configures and returns the API router +func SetupRouter(cfg *config.Config, logger *zap.Logger) http.Handler { + r := chi.NewRouter() + + // Base middleware + r.Use(middleware.RequestID) + r.Use(middleware.RealIP) + r.Use(middleware.Recoverer) + r.Use(apiMiddleware.Logger(logger)) + + // CORS configuration + r.Use(cors.Handler(cors.Options{ + AllowedOrigins: []string{"*"}, // In production, restrict this to your frontend domains + AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}, + AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "X-Requested-With"}, + ExposedHeaders: []string{"Link", "Content-Length", "Content-Disposition", "Content-Type"}, + AllowCredentials: true, + MaxAge: 300, // Maximum value not ignored by any of major browsers + })) + + r.Options("/*", func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + }) + + // Initialize Google auth client for proxy + googleAuth, err := auth.NewGoogleClient(cfg.Google.CredentialsPath) + if err != nil { + logger.Fatal("Failed to initialize Google auth client", zap.Error(err)) + } + + // Initialize Healthcare API client + healthcareClient := proxy.NewClient(googleAuth, cfg.Google) + + // Initialize JWT auth service + jwtSecret := cfg.Auth.JWTSecret + if jwtSecret == "" { + logger.Warn("JWT secret not provided in config, using default value. This is insecure for production!") + jwtSecret = "vQ6PQqUyh7pBNOytClgN+Nw1XBq7F8Qo6VP3VwIqvHY=" + } + + // Convert config values to time.Duration + accessExpiry := time.Duration(cfg.Auth.AccessTokenExpiry) * time.Minute + refreshExpiry := time.Duration(cfg.Auth.RefreshTokenExpiry) * time.Hour + + // Create JWT manager with config values + jwtManager := auth.NewJWTManager(jwtSecret, accessExpiry, refreshExpiry) + + // Initialize services with domain-specific repositories + authService := service.NewAuthService(jwtManager) + + // Initialize shortlink service with config values + shortLinkService := service.NewShortLinkService( + jwtManager, + logger, + cfg.Shortlink.BaseURL, + cfg.Shortlink.DefaultExpiryHours, + cfg.Shortlink.MaxAttempts, + ) + + // Public routes that don't require authentication + r.Group(func(r chi.Router) { + // Health check + r.Get("/health", handlers.HealthCheck) + + // Authentication endpoints + r.Route("/auth", func(r chi.Router) { + authHandler := handlers.NewAuthHandler(logger, authService) + r.Post("/login", authHandler.Login) + r.Post("/refresh", authHandler.RefreshToken) + r.Post("/logout", authHandler.Logout) + + // Registration endpoint + registerService := service.NewRegisterService(logger) + registerHandler := handlers.NewRegisterHandler(logger, registerService) + r.Post("/register", registerHandler.Register) + + // ShortLink authentication - no auth required + shortLinkHandler := handlers.NewShortLinkHandler(logger, shortLinkService) + r.Post("/shortlink", shortLinkHandler.ShortLinkAuth) + }) + }) + + // Protected routes that require authentication + r.Group(func(r chi.Router) { + // Apply authentication middleware + r.Use(apiMiddleware.Auth(authService, logger)) + + // Shortlink generation - only for admin and expertise_doctor roles + shortLinkHandler := handlers.NewShortLinkHandler(logger, shortLinkService) + r.Post("/generate-link", shortLinkHandler.GenerateShortLink) + + // DICOM Web routes + r.Route("/dicomWeb", func(r chi.Router) { + // Add audit logging middleware to DICOM routes + r.Use(apiMiddleware.AuditLog(logger)) + + // Add patient view restriction for patient role + r.Use(apiMiddleware.PatientViewRestriction(logger)) + + // Create handler for all DICOM requests + dicomHandler := handlers.NewDicomHandler(healthcareClient, logger) + + // Common routes for studies with role-specific handling + r.Route("/studies", func(r chi.Router) { + // StudyInstanceUID parameter routes - accessible by all roles + r.Get("/{studyInstanceUID}", dicomHandler.ForwardRequest) // Study details + r.Get("/{studyInstanceUID}/series", dicomHandler.ForwardRequest) // Series list for study + + // Deep hierarchy routes - accessible by patients and all doctors + r.Get("/{studyInstanceUID}/series/{seriesUID}/metadata", dicomHandler.ForwardRequest) + r.Get("/{studyInstanceUID}/series/{seriesUID}/instances/{instanceUID}/frames/{frame}", dicomHandler.ForwardRequest) + + // Query routes - accessible by all roles + r.Get("/", dicomHandler.ForwardRequest) // Study list with filters + }) + + // Expertise doctors have full access to all DICOM endpoints + r.With(apiMiddleware.RoleRequired("expertise_doctor")).HandleFunc("/*", dicomHandler.ForwardRequest) + }) + }) + + return r +} diff --git a/internal/api/service/auth_service.go b/internal/api/service/auth_service.go new file mode 100644 index 0000000..f8b0ff0 --- /dev/null +++ b/internal/api/service/auth_service.go @@ -0,0 +1,232 @@ +package service + +import ( + "errors" + "fmt" + "net/url" + "time" + + "golang.org/x/crypto/bcrypt" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/repository" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/auth" +) + +var ( + ErrInvalidCredentials = errors.New("invalid credentials") + ErrUserNotFound = errors.New("user not found") +) + +// AuthService handles authentication operations +type AuthService struct { + jwtManager *auth.JWTManager + userRepo *repository.UserRepository + patientRepo *repository.PatientRepository +} + +// NewAuthService creates a new authentication service +func NewAuthService(jwtManager *auth.JWTManager) *AuthService { + return &AuthService{ + jwtManager: jwtManager, + userRepo: repository.NewUserRepository(), + patientRepo: repository.NewPatientRepository(), + } +} + +// Login authenticates a user and generates tokens +func (s *AuthService) Login(email, password string) (*models.LoginResponse, error) { + // Find user in database + user, err := s.userRepo.GetUserByEmail(email) + if err != nil { + return nil, fmt.Errorf("error finding user: %w", err) + } + + if user == nil { + return nil, ErrUserNotFound + } + + // Verify password + if err := CheckPassword(password, user.Password); err != nil { + return nil, ErrInvalidCredentials + } + + // Create token claims based on user role + additionalClaims := make(map[string]interface{}) + var redirectURL string + + switch user.Role { + case "patient": + // Get patient data + patientData, err := s.patientRepo.GetPatientDetailsByUserID(user.ID) + if err != nil { + return nil, fmt.Errorf("error getting patient details: %w", err) + } + + if patientData == nil { + return nil, ErrUserNotFound + } + + // Set patient-specific claims + additionalClaims["patient_id"] = patientData.PatientID + additionalClaims["patient_name"] = patientData.PatientName + additionalClaims["study_iuids"] = patientData.StudyInstanceUIDs + additionalClaims["accession_numbers"] = patientData.AccessionNumbers + + // For redirectURL and home_url, use first study for simplicity + if len(patientData.StudyInstanceUIDs) > 0 { + additionalClaims["home_url"] = fmt.Sprintf("viewer?StudyInstanceUIDs=%s", patientData.StudyInstanceUIDs[0]) + redirectURL = fmt.Sprintf("/viewer?StudyInstanceUIDs=%s", patientData.StudyInstanceUIDs[0]) + } else { + // Fallback for empty studies array + additionalClaims["home_url"] = "/" + redirectURL = "/" + } + + additionalClaims["study_list"] = "disabled" + + case "ref_doctor": + // Set referring doctor claims + encodedName := url.QueryEscape(user.Name) + filterURL := fmt.Sprintf("studies?limit=101&offset=0&fuzzymatching=false&includefield=00081030,00080060,00080090&00080090=%s", encodedName) + + additionalClaims["home_url"] = "/" + additionalClaims["study_list"] = "enabled" + additionalClaims["filter_url"] = filterURL + + redirectURL = "/" + + case "expertise_doctor", "admin": + // Expertise doctors have full access + additionalClaims["home_url"] = "/" + additionalClaims["study_list"] = "enabled" + + redirectURL = "/" + } + + // TODO: Apakah kita perlu param email untuk generate access token? + // Generate tokens + accessToken, err := s.jwtManager.GenerateAccessToken(user.ID, user.Email, user.Role, user.Name, additionalClaims) + if err != nil { + return nil, err + } + + refreshToken, err := s.jwtManager.GenerateRefreshToken(user.ID, user.Email, user.Role, user.Name, additionalClaims) + if err != nil { + return nil, err + } + + // Store refresh token in database + expiresAt := time.Now().Add(s.jwtManager.GetRefreshExpiry()) + if err := s.userRepo.StoreRefreshToken(user.ID, refreshToken, expiresAt); err != nil { + return nil, fmt.Errorf("failed to store refresh token: %w", err) + } + + return &models.LoginResponse{ + AccessToken: accessToken, + RefreshToken: refreshToken, + User: user, + RedirectURL: redirectURL, + }, nil +} + +// RefreshToken generates a new access token using a refresh token +func (s *AuthService) RefreshToken(refreshToken string) (string, error) { + // Check if token exists and is not revoked + dbToken, err := s.userRepo.GetRefreshToken(refreshToken) + if err != nil { + return "", fmt.Errorf("failed to get refresh token: %w", err) + } + + if dbToken == nil || dbToken.IsRevoked { + return "", errors.New("invalid or revoked refresh token") + } + + // Parse expiry time + expiresAt, err := time.Parse(time.RFC3339, dbToken.ExpiresAt) + if err != nil { + return "", errors.New("invalid token expiry format") + } + + // Check if token is expired + if time.Now().After(expiresAt) { + return "", auth.ErrExpiredToken + } + + // Validate the refresh token + claims, err := s.jwtManager.ValidateToken(refreshToken) + if err != nil { + return "", err + } + + // Check if token is a refresh token + if claims.TokenType != "refresh" { + return "", errors.New("invalid token type") + } + + // Build additionalClaims from the refresh token + additionalClaims := make(map[string]interface{}) + + // Add string claims + if claims.PatientID != "" { + additionalClaims["patient_id"] = claims.PatientID + } + if claims.PatientName != "" { + additionalClaims["patient_name"] = claims.PatientName + } + if claims.HomeURL != "" { + additionalClaims["home_url"] = claims.HomeURL + } + if claims.StudyList != "" { + additionalClaims["study_list"] = claims.StudyList + } + if claims.FilterURL != "" { + additionalClaims["filter_url"] = claims.FilterURL + } + + // Add array claims + if len(claims.StudyIUIDs) > 0 { + additionalClaims["study_iuids"] = claims.StudyIUIDs + } + if len(claims.AccessionNumbers) > 0 { + additionalClaims["accession_numbers"] = claims.AccessionNumbers + } + + // Generate a new access token with the same claims + accessToken, err := s.jwtManager.GenerateAccessToken( + claims.UserID, + claims.Email, + claims.Role, + claims.UserName, + additionalClaims, + ) + if err != nil { + return "", err + } + + return accessToken, nil +} + +// ValidateToken validates a token and returns the claims +func (s *AuthService) ValidateToken(token string) (*auth.CustomClaims, error) { + return s.jwtManager.ValidateToken(token) +} + +// Logout revokes a refresh token +func (s *AuthService) Logout(refreshToken string) error { + return s.userRepo.RevokeRefreshToken(refreshToken) +} + +// HashPassword hashes a password using bcrypt +func HashPassword(password string) (string, error) { + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + if err != nil { + return "", err + } + return string(hashedPassword), nil +} + +// CheckPassword compares a password with a hash +func CheckPassword(password, hash string) error { + return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) +} diff --git a/internal/api/service/register_service.go b/internal/api/service/register_service.go new file mode 100644 index 0000000..7c28ea8 --- /dev/null +++ b/internal/api/service/register_service.go @@ -0,0 +1,165 @@ +package service + +import ( + "database/sql" + "errors" + "fmt" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/repository" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/database" + "go.uber.org/zap" +) + +var ( + ErrEmailExists = errors.New("email already exists") + ErrUserNotCreated = errors.New("failed to create user") + ErrInvalidRole = errors.New("invalid user role") + ErrInvalidPatient = errors.New("invalid patient data") + ErrInvalidDoctor = errors.New("invalid doctor data") + ErrTransaction = errors.New("transaction error") +) + +// RegisterRequest represents a user registration request +type RegisterRequest struct { + Email string `json:"email"` + Password string `json:"password"` + Name string `json:"name"` + Role string `json:"role"` // "patient", "ref_doctor", "expertise_doctor", or "admin" + Patient *models.PatientDetails `json:"patient,omitempty"` + Doctor *models.DoctorDetails `json:"doctor,omitempty"` + Studies []models.Study `json:"studies,omitempty"` // Study records for patient +} + +// RegisterService handles user registration +type RegisterService struct { + userRepo *repository.UserRepository + patientRepo *repository.PatientRepository + doctorRepo *repository.DoctorRepository + studyRepo *repository.StudyRepository + logger *zap.Logger +} + +// NewRegisterService creates a new register service +func NewRegisterService(logger *zap.Logger) *RegisterService { + if logger == nil { + // If no logger is provided, create a no-op logger + logger = zap.NewNop() + } + + return &RegisterService{ + userRepo: repository.NewUserRepository(), + patientRepo: repository.NewPatientRepository(), + doctorRepo: repository.NewDoctorRepository(), + studyRepo: repository.NewStudyRepository(), + logger: logger, + } +} + +// Register creates a new user with their associated role-specific data +func (s *RegisterService) Register(req *RegisterRequest) (*models.User, error) { + // Validate role + if req.Role != "patient" && req.Role != "ref_doctor" && req.Role != "expertise_doctor" && req.Role != "admin" { + return nil, ErrInvalidRole + } + + // Check role-specific data + if req.Role == "patient" && (req.Patient == nil || req.Patient.PatientID == "" || req.Patient.DateOfBirth == "") { + return nil, ErrInvalidPatient + } + + if (req.Role == "ref_doctor" || req.Role == "expertise_doctor") && (req.Doctor == nil || req.Doctor.DoctorID == "") { + return nil, ErrInvalidDoctor + } + + // Check if email already exists - do this outside the transaction + existingUser, err := s.userRepo.GetUserByEmail(req.Email) + if err != nil && err != sql.ErrNoRows { + return nil, fmt.Errorf("error checking existing user: %w", err) + } + + if existingUser != nil { + return nil, ErrEmailExists + } + + // Start a transaction + tx, err := database.DB.Beginx() + if err != nil { + s.logger.Error("Failed to begin transaction", zap.Error(err)) + return nil, fmt.Errorf("%w: failed to begin transaction", ErrTransaction) + } + + // Ensure the transaction is rolled back if we return an error + defer func() { + if r := recover(); r != nil { + s.logger.Error("Panic in transaction", zap.Any("recover", r)) + tx.Rollback() + panic(r) // re-throw the panic after cleanup + } + }() + + // Create user + newUser := &models.User{ + Email: req.Email, + Password: req.Password, // Will be hashed in repository + Role: req.Role, + Name: req.Name, + } + + // Use the transaction for user creation + if err := s.userRepo.CreateUserTx(tx, newUser); err != nil { + s.logger.Error("Failed to create user", zap.Error(err), zap.String("email", req.Email)) + tx.Rollback() + return nil, fmt.Errorf("error creating user: %w", err) + } + + // Create role-specific data + if req.Role == "patient" { + err = s.patientRepo.CreatePatientTx(tx, req.Patient, newUser.ID) + if err != nil { + s.logger.Error("Failed to create patient", zap.Error(err), zap.String("patientID", req.Patient.PatientID)) + tx.Rollback() + return nil, fmt.Errorf("error creating patient: %w", err) + } + + // Create associated study records if provided + if len(req.Studies) > 0 { + for _, study := range req.Studies { + if study.StudyInstanceUID == "" { + continue // Skip studies without UIDs + } + + err = s.studyRepo.CreateStudyTx(tx, req.Patient.PatientID, study) + if err != nil { + s.logger.Error("Failed to create study", + zap.Error(err), + zap.String("patientID", req.Patient.PatientID), + zap.String("studyUID", study.StudyInstanceUID)) + tx.Rollback() + return nil, fmt.Errorf("error creating study for patient: %w", err) + } + } + } + } else if req.Role == "ref_doctor" || req.Role == "expertise_doctor" { + err = s.doctorRepo.CreateDoctorTx(tx, req.Doctor, newUser.ID) + if err != nil { + s.logger.Error("Failed to create doctor", zap.Error(err), zap.String("doctorID", req.Doctor.DoctorID)) + tx.Rollback() + return nil, fmt.Errorf("error creating doctor: %w", err) + } + } + + // Commit the transaction + if err := tx.Commit(); err != nil { + s.logger.Error("Failed to commit transaction", zap.Error(err)) + tx.Rollback() // This is actually redundant as the transaction will be rolled back on failure + return nil, fmt.Errorf("%w: failed to commit transaction", ErrTransaction) + } + + s.logger.Info("Successfully registered new user", + zap.String("email", req.Email), + zap.String("role", req.Role), + zap.String("userID", newUser.ID)) + + return newUser, nil +} diff --git a/internal/api/service/shortlink_service.go b/internal/api/service/shortlink_service.go new file mode 100644 index 0000000..ae2ab52 --- /dev/null +++ b/internal/api/service/shortlink_service.go @@ -0,0 +1,435 @@ +package service + +import ( + "crypto/rand" + "crypto/sha256" + "encoding/base64" + "encoding/hex" + "errors" + "fmt" + "strings" + "time" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/models" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/api/repository" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/auth" + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/database" + "go.uber.org/zap" +) + +const ( + // DefaultShortLinkExpiry is the default expiration time for short links (72 hours) + DefaultShortLinkExpiry = 72 * time.Hour + + // DefaultMaxTries is the default number of login attempts allowed for a shortlink + DefaultMaxTries = 5 + + // ShortTokenLength is the length of the generated short token + ShortTokenLength = 8 +) + +var ( + ErrShortLinkNotFound = errors.New("short link not found or expired") + ErrInvalidDOB = errors.New("invalid date of birth") + ErrShortLinkExpired = errors.New("short link has expired") + ErrTooManyAttempts = errors.New("too many failed attempts") + ErrCreationFailed = errors.New("failed to create short link") + ErrInvalidStudyUID = errors.New("invalid or missing StudyInstanceUID") + ErrAdminRoleRequired = errors.New("admin role required to generate shortlinks") +) + +// ShortLinkService handles operations related to short links +type ShortLinkService struct { + jwtManager *auth.JWTManager + logger *zap.Logger + shortLinkRepo *repository.ShortLinkRepository + patientRepo *repository.PatientRepository + // Configuration settings + baseURL string + defaultExpiryTime time.Duration + maxAttempts int +} + +// NewShortLinkService creates a new short link service +func NewShortLinkService(jwtManager *auth.JWTManager, logger *zap.Logger, baseURL string, defaultExpiryHours int, maxAttempts int) *ShortLinkService { + // Set default values if not provided + if baseURL == "" { + baseURL = "http://localhost:3000" + } + + if defaultExpiryHours <= 0 { + defaultExpiryHours = 72 // Default to 72 hours if not specified + } + + if maxAttempts <= 0 { + maxAttempts = 5 // Default to 5 attempts if not specified + } + + return &ShortLinkService{ + jwtManager: jwtManager, + logger: logger, + shortLinkRepo: repository.NewShortLinkRepository(), + patientRepo: repository.NewPatientRepository(), + baseURL: baseURL, + defaultExpiryTime: time.Duration(defaultExpiryHours) * time.Hour, + maxAttempts: maxAttempts, + } +} + +// GenerateShortLink creates a new short link for patient and study access +func (s *ShortLinkService) GenerateShortLink(req *models.GenerateShortLinkRequest, creatorID string) (*models.GenerateShortLinkResponse, error) { + // Validate inputs + if req.PatientID == "" { + return nil, errors.New("patient ID is required") + } + if req.StudyUID == "" { + return nil, ErrInvalidStudyUID + } + if req.DOB == "" { + return nil, errors.New("date of birth is required") + } + + // Normalize DOB format (ensure YYYY-MM-DD) + dob := normalizeDOB(req.DOB) + if !isValidDOBFormat(dob) { + return nil, errors.New("invalid date of birth format, expected YYYY-MM-DD") + } + + // Check if an unexpired shortlink already exists for this patient and study + existingShortLink, err := s.shortLinkRepo.GetActiveShortLinkByPatientAndStudy(req.PatientID, req.StudyUID) + if err != nil { + s.logger.Error("Error checking for existing shortlinks", zap.Error(err)) + return nil, ErrCreationFailed + } + + // If an active shortlink exists, return it instead of creating a new one + if existingShortLink != nil { + s.logger.Info("Returning existing active shortlink", + zap.String("patientID", req.PatientID), + zap.String("studyUID", req.StudyUID), + zap.String("token", existingShortLink.Token)) + + // Generate the full URL using the configured base URL + fullURL := fmt.Sprintf("%s/short-auth?short=%s", s.baseURL, existingShortLink.Token) + + return &models.GenerateShortLinkResponse{ + ShortToken: existingShortLink.Token, + FullURL: fullURL, + ExpiresAt: existingShortLink.ExpiresAt, + IsExisting: true, + }, nil + } + + // Set expiration if not provided + expiresIn := s.defaultExpiryTime + if req.ExpiresIn > 0 { + expiresIn = time.Duration(req.ExpiresIn) * time.Hour + } + expiresAt := time.Now().Add(expiresIn) + + // Generate a secure random token + token, err := generateSecureToken(ShortTokenLength) + if err != nil { + s.logger.Error("Failed to generate secure token", zap.Error(err)) + return nil, ErrCreationFailed + } + + // Hash the DOB for secure storage + hashedDOB := hashDOB(dob) + + // Create the short link record + shortLink := &models.ShortLink{ + ID: generateID(), + Token: token, + PatientID: req.PatientID, + StudyUID: req.StudyUID, + HashedDOB: hashedDOB, + ExpiresAt: expiresAt.Format(time.RFC3339), + IsRevoked: false, + CreatedAt: time.Now().Format(time.RFC3339), + CreatedByID: creatorID, + RemainingTries: s.maxAttempts, + } + + // Start a transaction for creating the shortlink + tx, err := database.DB.Beginx() + if err != nil { + s.logger.Error("Failed to start transaction", zap.Error(err)) + return nil, fmt.Errorf("database error: %w", err) + } + + // Set up deferred rollback that will be canceled if we commit + defer func() { + if tx != nil { + tx.Rollback() + } + }() + + // Store the short link in the database using transaction + err = s.shortLinkRepo.CreateShortLinkTx(tx, shortLink) + if err != nil { + s.logger.Error("Failed to store shortlink in database", zap.Error(err)) + return nil, ErrCreationFailed + } + + // Commit the transaction + if err = tx.Commit(); err != nil { + s.logger.Error("Failed to commit transaction", zap.Error(err)) + return nil, errors.New("database error") + } + + // Clear the tx to prevent the deferred rollback + tx = nil + + // Generate the full URL using the configured base URL + fullURL := fmt.Sprintf("%s/short-auth?short=%s", s.baseURL, token) + + return &models.GenerateShortLinkResponse{ + ShortToken: token, + FullURL: fullURL, + ExpiresAt: shortLink.ExpiresAt, + IsExisting: false, + }, nil +} + +// ValidateShortLink validates a short link token and DOB +func (s *ShortLinkService) ValidateShortLink(req *models.ShortLinkAuthRequest) (*models.ShortLink, error) { + // Get the token using the helper method that handles both field names + token := req.GetToken() + + // Find the short link in the database + shortLink, err := s.shortLinkRepo.GetShortLinkByToken(token) + if err != nil { + s.logger.Error("Error retrieving shortlink", zap.Error(err), zap.String("token", token)) + return nil, ErrShortLinkNotFound + } + + if shortLink == nil { + return nil, ErrShortLinkNotFound + } + + // Check if expired + expiresAt, err := time.Parse(time.RFC3339, shortLink.ExpiresAt) + if err != nil || time.Now().After(expiresAt) { + return nil, ErrShortLinkExpired + } + + // Check if revoked + if shortLink.IsRevoked { + return nil, ErrShortLinkNotFound + } + + // Check remaining tries + if shortLink.RemainingTries <= 0 { + return nil, ErrTooManyAttempts + } + + // Normalize and hash the provided DOB + dob := normalizeDOB(req.DOB) + if !isValidDOBFormat(dob) { + // Use a transaction for updating the tries counter + tx, err := database.DB.Beginx() + if err != nil { + s.logger.Error("Failed to start transaction", zap.Error(err)) + return nil, fmt.Errorf("database error: %w", err) + } + + // Set up deferred rollback that will be canceled if we commit + defer func() { + if tx != nil { + tx.Rollback() + } + }() + + // Decrement remaining tries on invalid format + shortLink.RemainingTries-- + + // Update the shortlink in the database using the transaction + err = s.shortLinkRepo.UpdateShortLinkTx(tx, shortLink) + if err != nil { + s.logger.Error("Failed to update shortlink tries", zap.Error(err)) + return nil, errors.New("invalid date of birth format, expected YYYY-MM-DD") + } + + // Commit the transaction + if err = tx.Commit(); err != nil { + s.logger.Error("Failed to commit transaction", zap.Error(err)) + return nil, errors.New("database error") + } + + // Clear the tx to prevent the deferred rollback + tx = nil + + return nil, errors.New("invalid date of birth format, expected YYYY-MM-DD") + } + + hashedDOB := hashDOB(dob) + + // Start a transaction for updating the tries counter + tx, err := database.DB.Beginx() + if err != nil { + s.logger.Error("Failed to start transaction", zap.Error(err)) + return nil, fmt.Errorf("database error: %w", err) + } + + // Set up deferred rollback that will be canceled if we commit + defer func() { + if tx != nil { + tx.Rollback() + } + }() + + // Verify the DOB + if hashedDOB != shortLink.HashedDOB { + // Decrement remaining tries on failed verification + shortLink.RemainingTries-- + + // Update the shortlink in the database using the transaction + err = s.shortLinkRepo.UpdateShortLinkTx(tx, shortLink) + if err != nil { + s.logger.Error("Failed to update shortlink tries", zap.Error(err)) + return nil, ErrInvalidDOB + } + + // Commit the transaction + if err = tx.Commit(); err != nil { + s.logger.Error("Failed to commit transaction", zap.Error(err)) + return nil, errors.New("database error") + } + + // Clear the tx to prevent the deferred rollback + tx = nil + + return nil, ErrInvalidDOB + } + + // DOB verified, reset tries count as successful login + shortLink.RemainingTries = s.maxAttempts + + // Update the shortlink in the database using the transaction + err = s.shortLinkRepo.UpdateShortLinkTx(tx, shortLink) + if err != nil { + s.logger.Error("Failed to update shortlink tries after successful validation", zap.Error(err)) + return nil, errors.New("database error") + } + + // Commit the transaction + if err = tx.Commit(); err != nil { + s.logger.Error("Failed to commit transaction", zap.Error(err)) + return nil, errors.New("database error") + } + + // Clear the tx to prevent the deferred rollback + tx = nil + + return shortLink, nil +} + +// AuthenticateWithShortLink authenticates a user using a short link and DOB +func (s *ShortLinkService) AuthenticateWithShortLink(req *models.ShortLinkAuthRequest) (*models.ShortLinkAuthResponse, error) { + // Validate the short link + shortLink, err := s.ValidateShortLink(req) + if err != nil { + return nil, err + } + + // Determine patient name (could be fetched from a database) + patientName := "Patient" // Placeholder, in production get real name + + // Create additional claims for the JWT + additionalClaims := make(map[string]interface{}) + additionalClaims["patient_id"] = shortLink.PatientID + additionalClaims["patient_name"] = patientName + additionalClaims["study_iuids"] = []string{shortLink.StudyUID} + additionalClaims["home_url"] = fmt.Sprintf("viewer?StudyInstanceUIDs=%s", shortLink.StudyUID) + additionalClaims["study_list"] = "disabled" + + // Generate JWT + // Using a virtual "user" for the patient with a patient role + userID := fmt.Sprintf("shortlink_%s", shortLink.ID) + email := fmt.Sprintf("patient_%s@shortlink.local", shortLink.ID) // Virtual email for JWT + role := "patient" // Always patient role for shortlinks + + // Generate access token (24-hour validity for patient access) + accessToken, err := s.jwtManager.GenerateAccessToken(userID, email, role, patientName, additionalClaims) + if err != nil { + s.logger.Error("Failed to generate JWT for shortlink auth", zap.Error(err)) + return nil, errors.New("authentication error") + } + + // Create response + redirectURL := fmt.Sprintf("/viewer?StudyInstanceUIDs=%s", shortLink.StudyUID) + + return &models.ShortLinkAuthResponse{ + AccessToken: accessToken, + ExpiresIn: int(s.jwtManager.GetAccessExpiry().Seconds()), + RedirectURL: redirectURL, + }, nil +} + +// Helper functions + +// hashDOB creates a secure hash of a date of birth +func hashDOB(dob string) string { + hash := sha256.Sum256([]byte(dob)) + return hex.EncodeToString(hash[:]) +} + +// generateSecureToken generates a secure random token for short links +func generateSecureToken(length int) (string, error) { + b := make([]byte, length) + _, err := rand.Read(b) + if err != nil { + return "", err + } + return base64.URLEncoding.EncodeToString(b)[:length], nil +} + +// generateID generates a unique ID for a shortlink +func generateID() string { + b := make([]byte, 6) + rand.Read(b) + return fmt.Sprintf("sl_%s", hex.EncodeToString(b)) +} + +// normalizeDOB normalizes date of birth to YYYY-MM-DD format +func normalizeDOB(dob string) string { + // Remove any non-alphanumeric characters except dash + dob = strings.Map(func(r rune) rune { + if (r >= '0' && r <= '9') || r == '-' { + return r + } + return -1 + }, dob) + + return dob +} + +// isValidDOBFormat checks if the DOB is in YYYY-MM-DD format +func isValidDOBFormat(dob string) bool { + // Check basic format + if len(dob) != 10 { + return false + } + + // Check dashes + if dob[4] != '-' || dob[7] != '-' { + return false + } + + // Parse year, month, day + yearStr := dob[0:4] + monthStr := dob[5:7] + dayStr := dob[8:10] + + // Check if all are numeric + for _, ch := range yearStr + monthStr + dayStr { + if ch < '0' || ch > '9' { + return false + } + } + + // Could add more validation here (leap years, month/day ranges) + + return true +} diff --git a/internal/auth/google.go b/internal/auth/google.go new file mode 100644 index 0000000..e9f0b4d --- /dev/null +++ b/internal/auth/google.go @@ -0,0 +1,68 @@ +package auth + +import ( + "context" + "fmt" + "os" + "time" + + "golang.org/x/oauth2" + "golang.org/x/oauth2/google" + "google.golang.org/api/healthcare/v1" + "google.golang.org/api/option" +) + +// GoogleClient handles authentication with Google APIs +type GoogleClient struct { + credentialsPath string + tokenSource oauth2.TokenSource +} + +// NewGoogleClient creates a new Google authentication client +func NewGoogleClient(credentialsPath string) (*GoogleClient, error) { + client := &GoogleClient{ + credentialsPath: credentialsPath, + } + + // Initialize on creation to validate credentials + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + // Try reading the credentials file + credBytes, err := os.ReadFile(credentialsPath) + if err != nil { + return nil, fmt.Errorf("failed to read credentials file: %w", err) + } + + // Create credentials from the JSON key file + creds, err := google.CredentialsFromJSON(ctx, credBytes, healthcare.CloudPlatformScope) + if err != nil { + return nil, fmt.Errorf("failed to initialize Google client: %w", err) + } + + client.tokenSource = creds.TokenSource + return client, nil +} + +// GetAccessToken returns a valid access token for Google APIs +func (c *GoogleClient) GetAccessToken() (string, error) { + _, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + token, err := c.tokenSource.Token() + if err != nil { + return "", fmt.Errorf("failed to get access token: %w", err) + } + + return token.AccessToken, nil +} + +// GetHealthcareClient returns a configured Healthcare API client +func (c *GoogleClient) GetHealthcareClient(ctx context.Context) (*healthcare.Service, error) { + opts := []option.ClientOption{ + option.WithCredentialsFile(c.credentialsPath), + option.WithScopes(healthcare.CloudPlatformScope), + } + + return healthcare.NewService(ctx, opts...) +} diff --git a/internal/auth/jwt.go b/internal/auth/jwt.go new file mode 100644 index 0000000..b0cc718 --- /dev/null +++ b/internal/auth/jwt.go @@ -0,0 +1,182 @@ +package auth + +import ( + "errors" + "fmt" + "time" + + "github.com/golang-jwt/jwt/v5" +) + +var ( + ErrInvalidToken = errors.New("invalid token") + ErrExpiredToken = errors.New("token has expired") +) + +// JWTManager handles JWT token operations +type JWTManager struct { + secretKey string + accessExpiry time.Duration + refreshExpiry time.Duration +} + +// NewJWTManager creates a new JWT manager +func NewJWTManager(secretKey string, accessExpiry, refreshExpiry time.Duration) *JWTManager { + return &JWTManager{ + secretKey: secretKey, + accessExpiry: accessExpiry, + refreshExpiry: refreshExpiry, + } +} + +// CustomClaims contains the claims we want in our tokens +type CustomClaims struct { + UserID string `json:"user_id"` + Email string `json:"email"` + Role string `json:"role"` + UserName string `json:"user_name"` + TokenType string `json:"token_type"` // access or refresh + + // Patient-specific fields + PatientID string `json:"patient_id,omitempty"` + PatientName string `json:"patient_name,omitempty"` + StudyIUIDs []string `json:"study_iuids,omitempty"` + AccessionNumbers []string `json:"accession_numbers,omitempty"` + + // Navigation and permissions + HomeURL string `json:"home_url,omitempty"` + StudyList string `json:"study_list,omitempty"` // enabled or disabled + FilterURL string `json:"filter_url,omitempty"` // for ref_doctor filtering + + jwt.RegisteredClaims +} + +// GenerateAccessToken creates a new access token with role-specific claims +func (m *JWTManager) GenerateAccessToken(userID, email, role, userName string, additionalClaims map[string]interface{}) (string, error) { + claims := CustomClaims{ + UserID: userID, + Email: email, + Role: role, + UserName: userName, + TokenType: "access", + RegisteredClaims: jwt.RegisteredClaims{ + ExpiresAt: jwt.NewNumericDate(time.Now().Add(m.accessExpiry)), + IssuedAt: jwt.NewNumericDate(time.Now()), + }, + } + + // Add role-specific additional claims + if additionalClaims != nil { + // Handle string claims + if val, ok := additionalClaims["patient_id"].(string); ok { + claims.PatientID = val + } + if val, ok := additionalClaims["patient_name"].(string); ok { + claims.PatientName = val + } + if val, ok := additionalClaims["home_url"].(string); ok { + claims.HomeURL = val + } + if val, ok := additionalClaims["study_list"].(string); ok { + claims.StudyList = val + } + if val, ok := additionalClaims["filter_url"].(string); ok { + claims.FilterURL = val + } + + // Handle array claims + if val, ok := additionalClaims["study_iuids"].([]string); ok { + claims.StudyIUIDs = val + } + if val, ok := additionalClaims["accession_numbers"].([]string); ok { + claims.AccessionNumbers = val + } + } + + token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) + return token.SignedString([]byte(m.secretKey)) +} + +// GenerateRefreshToken creates a new refresh token with the same claims as access token +func (m *JWTManager) GenerateRefreshToken(userID, email, role, userName string, additionalClaims map[string]interface{}) (string, error) { + claims := CustomClaims{ + UserID: userID, + Email: email, + Role: role, + UserName: userName, + TokenType: "refresh", + RegisteredClaims: jwt.RegisteredClaims{ + ExpiresAt: jwt.NewNumericDate(time.Now().Add(m.refreshExpiry)), + IssuedAt: jwt.NewNumericDate(time.Now()), + }, + } + + // Add role-specific additional claims + if additionalClaims != nil { + // Handle string claims + if val, ok := additionalClaims["patient_id"].(string); ok { + claims.PatientID = val + } + if val, ok := additionalClaims["patient_name"].(string); ok { + claims.PatientName = val + } + if val, ok := additionalClaims["home_url"].(string); ok { + claims.HomeURL = val + } + if val, ok := additionalClaims["study_list"].(string); ok { + claims.StudyList = val + } + if val, ok := additionalClaims["filter_url"].(string); ok { + claims.FilterURL = val + } + + // Handle array claims + if val, ok := additionalClaims["study_iuids"].([]string); ok { + claims.StudyIUIDs = val + } + if val, ok := additionalClaims["accession_numbers"].([]string); ok { + claims.AccessionNumbers = val + } + } + + token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) + return token.SignedString([]byte(m.secretKey)) +} + +// ValidateToken validates a token and returns the claims +func (m *JWTManager) ValidateToken(tokenString string) (*CustomClaims, error) { + token, err := jwt.ParseWithClaims( + tokenString, + &CustomClaims{}, + func(token *jwt.Token) (interface{}, error) { + if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { + return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) + } + return []byte(m.secretKey), nil + }, + ) + + if err != nil { + if errors.Is(err, jwt.ErrTokenExpired) { + return nil, ErrExpiredToken + } + return nil, ErrInvalidToken + } + + claims, ok := token.Claims.(*CustomClaims) + if !ok || !token.Valid { + return nil, ErrInvalidToken + } + + return claims, nil +} + +// GetAccessExpiry returns the configured access token expiry duration +func (m *JWTManager) GetAccessExpiry() time.Duration { + return m.accessExpiry +} + +// GetRefreshExpiry returns the configured refresh token expiry duration +func (m *JWTManager) GetRefreshExpiry() time.Duration { + return m.refreshExpiry +} diff --git a/internal/database/database.go b/internal/database/database.go new file mode 100644 index 0000000..47cf5df --- /dev/null +++ b/internal/database/database.go @@ -0,0 +1,43 @@ +package database + +import ( + "fmt" + "time" + + _ "github.com/go-sql-driver/mysql" + "github.com/jmoiron/sqlx" +) + +// DB is the database instance +var DB *sqlx.DB + +// Initialize creates and configures the database connection +func Initialize(dsn string, maxOpenConns, maxIdleConns int, connMaxLifetime time.Duration) error { + var err error + + // Connect to the database + DB, err = sqlx.Connect("mysql", dsn) + if err != nil { + return fmt.Errorf("failed to connect to database: %w", err) + } + + // Configure connection pool + DB.SetMaxOpenConns(maxOpenConns) + DB.SetMaxIdleConns(maxIdleConns) + DB.SetConnMaxLifetime(connMaxLifetime) + + // Check connection + if err := DB.Ping(); err != nil { + return fmt.Errorf("failed to ping database: %w", err) + } + + return nil +} + +// Close closes the database connection +func Close() error { + if DB != nil { + return DB.Close() + } + return nil +} diff --git a/internal/logger/logger.go b/internal/logger/logger.go new file mode 100644 index 0000000..f316f7c --- /dev/null +++ b/internal/logger/logger.go @@ -0,0 +1,44 @@ +package logger + +import ( + "os" + + "go.uber.org/zap" + "go.uber.org/zap/zapcore" +) + +// New creates a new configured logger +func New(logLevel string) *zap.Logger { + // Parse log level + var level zapcore.Level + err := level.UnmarshalText([]byte(logLevel)) + if err != nil { + // Default to info level if parsing fails + level = zapcore.InfoLevel + } + + // Create encoder config + encoderConfig := zapcore.EncoderConfig{ + TimeKey: "time", + LevelKey: "level", + NameKey: "logger", + CallerKey: "caller", + MessageKey: "msg", + StacktraceKey: "stacktrace", + LineEnding: zapcore.DefaultLineEnding, + EncodeLevel: zapcore.LowercaseLevelEncoder, + EncodeTime: zapcore.ISO8601TimeEncoder, + EncodeDuration: zapcore.MillisDurationEncoder, + EncodeCaller: zapcore.ShortCallerEncoder, + } + + // Create core + core := zapcore.NewCore( + zapcore.NewJSONEncoder(encoderConfig), + zapcore.AddSync(os.Stdout), + level, + ) + + // Create logger with caller information + return zap.New(core, zap.AddCaller(), zap.AddStacktrace(zapcore.ErrorLevel)) +} diff --git a/internal/proxy/client.go b/internal/proxy/client.go new file mode 100644 index 0000000..fb8f6f6 --- /dev/null +++ b/internal/proxy/client.go @@ -0,0 +1,113 @@ +package proxy + +import ( + "bytes" + "context" + "fmt" + "io" + "net/http" + + "devone.aplikasi.web.id/gitea/mario/go-ohif-proxy/internal/auth" +) + +// Client is responsible for making requests to the Healthcare API +type Client struct { + googleAuth *auth.GoogleClient + projectID string + location string + dataset string + dicomStore string +} + +// NewClient creates a new Healthcare API client +// Hanya menerima cfg.Google struct instead of all cfg.Config +func NewClient(googleAuth *auth.GoogleClient, googleConfig struct { + ProjectID string `mapstructure:"project_id"` + Location string `mapstructure:"location"` + Dataset string `mapstructure:"dataset"` + DicomStore string `mapstructure:"dicom_store"` + CredentialsPath string `mapstructure:"credentials_path"` +}) *Client { + return &Client{ + googleAuth: googleAuth, + projectID: googleConfig.ProjectID, + location: googleConfig.Location, + dataset: googleConfig.Dataset, + dicomStore: googleConfig.DicomStore, + } +} + +// Response represents the HTTP response from the Healthcare API +type Response struct { + StatusCode int + Headers map[string]string + Body []byte +} + +// ForwardRequest forwards a request to Google Healthcare API +func (c *Client) ForwardRequest(ctx context.Context, method, path string, headers map[string]string, body []byte) (*Response, error) { + token, err := c.googleAuth.GetAccessToken() + if err != nil { + return nil, fmt.Errorf("failed to get access token: %w", err) + } + + // Build URL - Simplified to exactly match OHIF's expected structure + baseURL := fmt.Sprintf("https://healthcare.googleapis.com/v1/projects/%s/locations/%s/datasets/%s/dicomStores/%s/dicomWeb", + c.projectID, c.location, c.dataset, c.dicomStore) + + // Ensure path starts with / + if len(path) > 0 && path[0] != '/' { + path = "/" + path + } + + fullURL := baseURL + path + + // Log the full URL for debugging + fmt.Printf("Requesting URL: %s\n", fullURL) + + // Create request + req, err := http.NewRequestWithContext(ctx, method, fullURL, bytes.NewReader(body)) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + + // Set headers + for k, v := range headers { + // Skip setting certain headers that might cause issues + if k == "Host" || k == "Content-Length" { + continue + } + req.Header.Set(k, v) + } + + // Set auth header + req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) + + // Make request + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return nil, fmt.Errorf("failed to execute request: %w", err) + } + defer resp.Body.Close() + + // Read response body + respBody, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("failed to read response body: %w", err) + } + + // Collect response headers + respHeaders := make(map[string]string) + for k, v := range resp.Header { + if len(v) > 0 { + respHeaders[k] = v[0] + } + } + + return &Response{ + StatusCode: resp.StatusCode, + Headers: respHeaders, + Body: respBody, + }, nil +} diff --git a/test/http/dicom-proxy.http b/test/http/dicom-proxy.http new file mode 100644 index 0000000..26225a2 --- /dev/null +++ b/test/http/dicom-proxy.http @@ -0,0 +1,79 @@ +### Local OHIF Proxy Test File +@token = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiMSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJyb2xlIjoiYWRtaW4iLCJ1c2VyX25hbWUiOiJBZG1pbiBVc2VyIiwidG9rZW5fdHlwZSI6ImFjY2VzcyIsImhvbWVfdXJsIjoiLyIsInN0dWR5X2xpc3QiOiJlbmFibGVkIiwiZXhwIjoxNzQ3Mzg0MDE2LCJpYXQiOjE3NDcyOTc2MTZ9.Ak1DECP1MXzQAPyU-AJM6Tsu6-sw04UtWYvY37-SaT4 +@baseUrl = http://localhost:5555 + +# @baseUrl = http://devone.aplikasi.web.id:5555 +# @baseUrl = http://152.42.173.210:5555 + +### 1. Health Check +# Verifies that the proxy server is running +GET {{baseUrl}}/health +Accept: application/json + +### 2. QIDO-RS: Search for Studies +# Returns all studies (should return a list of DICOM studies if any exist) +GET {{baseUrl}}/dicomWeb/studies +Accept: application/dicom+json +Authorization: Bearer {{token}} + +### 3. QIDO-RS: Search for Studies with Patient Name +# Returns studies matching patient name (replace SMITH with a name in your dataset) +GET {{baseUrl}}/dicomWeb/studies?limit=10&offset=0&fuzzymatching=true&includefield=00081030%2C00080060%2C00080090&00080090=DR.%20HERWINDO%20RIDWAN%2C%20SP.OT +Accept: application/dicom+json +Authorization: Bearer {{token}} + +### 4. QIDO-RS: Search for Studies with Date Range +# Returns studies within a date range +GET {{baseUrl}}/dicomWeb/studies?StudyDate=20250301-20250415 +Accept: application/dicom+json +Authorization: Bearer {{ token }} + +### 5. QIDO-RS: Search for Series in a Study +# Replace STUDY_INSTANCE_UID with an actual Study UID from your data +# (Run test #2 first and copy a StudyInstanceUID from the response) +GET {{baseUrl}}/dicomWeb/studies/STUDY_INSTANCE_UID/series +Accept: application/dicom+json + +### 6. QIDO-RS: Search for Instances in a Series +# Replace STUDY_INSTANCE_UID and SERIES_INSTANCE_UID with actual values +GET {{baseUrl}}/dicomWeb/studies/STUDY_INSTANCE_UID/series/SERIES_INSTANCE_UID/instances +Accept: application/dicom+json + +### 7. WADO-RS: Retrieve Study Metadata +# Replace STUDY_INSTANCE_UID with an actual Study UID +GET {{baseUrl}}/dicomWeb/studies/STUDY_INSTANCE_UID/metadata +Accept: application/dicom+json + +### 8. WADO-RS: Retrieve Series Metadata +# Replace STUDY_INSTANCE_UID and SERIES_INSTANCE_UID with actual values +GET {{baseUrl}}/dicomWeb/studies/STUDY_INSTANCE_UID/series/SERIES_INSTANCE_UID/metadata +Accept: application/dicom+json + +### 9. WADO-RS: Retrieve Instance Metadata +# Replace STUDY_INSTANCE_UID, SERIES_INSTANCE_UID and SOP_INSTANCE_UID with actual values +GET {{baseUrl}}/dicomWeb/studies/1.2.826.0.1.3680043.9.7307.1.202503196393.01/series/1.2.826.0.1.3680043.2.1545.1.2.1.7.20250319.100353.734.4/metadata +Accept: */* +Authorization: Bearer {{token}} + +### 10. WADO-RS: Retrieve Instance +# Replace STUDY_INSTANCE_UID, SERIES_INSTANCE_UID and SOP_INSTANCE_UID with actual values +GET {{baseUrl}}/dicomWeb/studies/STUDY_INSTANCE_UID/series/SERIES_INSTANCE_UID/instances/SOP_INSTANCE_UID +Accept: application/dicom + +### 11. WADO-RS: Retrieve Frame +# Replace STUDY_INSTANCE_UID, SERIES_INSTANCE_UID, SOP_INSTANCE_UID with actual values +# This retrieves frame #1 from a multiframe image +GET {{baseUrl}}/dicomWeb/studies/1.2.826.0.1.3680043.9.7307.1.202503196393.01/series/1.2.826.0.1.3680043.2.1545.1.2.1.7.20250319.100353.734.4/instances/1.2.826.0.1.3680043.2.1545.1.2.1.7.20250319.100353.1.5/frames/1 +Accept: */* + +### 12. WADO-RS: Retrieve Frame as JPEG +# Replace STUDY_INSTANCE_UID, SERIES_INSTANCE_UID, SOP_INSTANCE_UID with actual values +# This retrieves frame #1 as a rendered JPEG image +GET {{baseUrl}}/dicomWeb/studies/1.2.826.0.1.3680043.9.7307.1.202503196393.01/series/1.2.826.0.1.3680043.2.1545.1.2.1.7.20250319.100353.734.4/instances/1.2.826.0.1.3680043.2.1545.1.2.1.7.20250319.100353.1.5/frames/1/rendered +Accept: image/jpeg + + +#### +GET {{baseUrl}}/dicomWeb/studies?limit=101&offset=0&fuzzymatching=true&includefield=00081030,00080060&StudyInstanceUID=1.2.826.0.1.3680043.9.7307.1.202503196393.01 + + diff --git a/test/http/ohif-flow.http b/test/http/ohif-flow.http new file mode 100644 index 0000000..fa1a47b --- /dev/null +++ b/test/http/ohif-flow.http @@ -0,0 +1,57 @@ +@token = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiMSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJyb2xlIjoiYWRtaW4iLCJ1c2VyX25hbWUiOiJBZG1pbiBVc2VyIiwidG9rZW5fdHlwZSI6ImFjY2VzcyIsImhvbWVfdXJsIjoiLyIsInN0dWR5X2xpc3QiOiJlbmFibGVkIiwiZXhwIjoxNzQ3Mzg0MDE2LCJpYXQiOjE3NDcyOTc2MTZ9.Ak1DECP1MXzQAPyU-AJM6Tsu6-sw04UtWYvY37-SaT4 +@token_exp_doctor = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiMSIsImVtYWlsIjoiYWRtaW4iLCJyb2xlIjoiZXhwZXJ0aXNlX2RvY3RvciIsInRva2VuX3R5cGUiOiJhY2Nlc3MiLCJleHAiOjE3NDY1MDQ1MTYsImlhdCI6MTc0NjQxODExNn0.vlDrns1oPFXHE5--TmWqwzvzxnfcCPcV2UW8_4GwDwE +@baseUrl = http://localhost:5555 + +### Login Patient +POST {{baseUrl}}/auth/login +Content-Type: application/json + +{ + "email": "doctor@example.com", + "password": "password123" +} + +### Login Admin / Exp_doctor (ALL ACCESS) +POST {{baseUrl}}/auth/login +Content-Type: application/json + +{ + "email": "admin", + "password": "admin" +} + +### * === PATIENT === * + +# Destination URL / OHIF Viewer URL: http://152.42.173.210:3000/viewer?StudyInstanceUIDs=1.2.826.0.1.3680043.9.7307.1.202503196393.01 + +### Study where StudyIUID +GET {{baseUrl}}/dicomWeb/studies?limit=101&offset=0&fuzzymatching=true&includefield=00081030,00080060&StudyInstanceUID=1.2.826.0.1.3680043.9.7307.1.20180530066 +Authorization: Bearer {{token}} + +### Series List +GET {{baseUrl}}/dicomWeb/studies/1.2.826.0.1.3680043.9.7307.1.20180530066/series?includefield=00080021,00080031,0008103E,00200011 +Authorization: Bearer {{token}} + +### Semua Study dari Patient ID +GET {{baseUrl}}/dicomWeb/studies?00100020=MR00000359&limit=101&offset=0&fuzzymatching=true&includefield=00081030,00080060 +Authorization: Bearer {{token}} + +### Metadata +GET {{baseUrl}}/dicomWeb/studies/1.2.826.0.1.3680043.9.7307.1.202503196393.01/series/1.2.826.0.1.3680043.2.1545.1.2.1.7.20250319.100353.734.4/metadata +Authorization: Bearer {{token}} + +### Modality and Study Description untuk Study Instance UID = ... +GET {{baseUrl}}/dicomWeb/studies?limit=101&offset=0&fuzzymatching=true&includefield=00081030,00080060&StudyInstanceUID=1.2.826.0.1.3680043.9.7307.1.202503196393.01 +Authorization: Bearer {{token}} + +### DICOM Frames +GET {{baseUrl}}/dicomWeb/studies/1.2.826.0.1.3680043.9.7307.1.202503196393.01/series/1.2.826.0.1.3680043.2.1545.1.2.1.7.20250319.100353.734.4/instances/1.2.826.0.1.3680043.2.1545.1.2.1.7.20250319.100353.1.5/frames/1 +Authorization: Bearer {{token}} + +### Modality and Study Description untuk semua studies pada PatientID = ... +GET {{baseUrl}}/dicomWeb/studies?00100020=MR00000359&limit=101&offset=0&fuzzymatching=true&includefield=00081030,00080060 +Authorization: Bearer {{token}} + +### Accession, Deskripsi Studi, Umur, dan format nama pasien where StudyInstanceUID = ... +GET {{baseUrl}}/dicomWeb/studies?limit=101&offset=0&fuzzymatching=false&includefield=00080050,00081030,00101010,0010004&StudyInstanceUID=1.2.826.0.1.3680043.9.7307.1.202503196393.01 +Authorization: Bearer {{token}} diff --git a/test/http/register-flow.http b/test/http/register-flow.http new file mode 100644 index 0000000..9333d3b --- /dev/null +++ b/test/http/register-flow.http @@ -0,0 +1,178 @@ +### Register new user, patient, and doctor tests + +# Base URL for the API +@baseUrl = http://localhost:5555 + + +### Register an admin user +POST {{baseUrl}}/auth/register +Content-Type: application/json + +{ + "email": "admin@example.com", + "password": "password123", + "name": "Admin User", + "role": "admin" +} + +### Register a new patient with multiple studies +POST {{baseUrl}}/auth/register +Content-Type: application/json + +{ + "email": "patient1@example.com", + "password": "password123", + "name": "DIDIT SUYATNA^R.10049.18", + "role": "patient", + "patient": { + "patient_id": "00211622", + "patient_name": "DIDIT SUYATNA^R.10049.18", + "date_of_birth": "1980-01-01" + }, + "studies": [ + { + "study_instance_uid": "1.2.826.0.1.3680043.9.7307.1.20180530066", + "accession_number": "CR.180530.066", + "study_date": "2018-05-30", + "study_description": "Chest X-Ray" + } + ] +} +### +POST {{baseUrl}}/auth/register +Content-Type: application/json + +{ + "email": "patient1@example.com", + "password": "password123", + "name": "DIDIT SUYATNA^R.10049.18", + "role": "patient", + "patient": { + "patient_id": "00211622", + "patient_name": "DIDIT SUYATNA^R.10049.18", + "date_of_birth": "1980-01-01" + }, + "studies": [ + { + "study_instance_uid": "1.2.826.0.1.3680043.9.7307.1.20180713036", + "accession_number": "CR.180713.036", + "study_date": "2018-07-13", + "study_description": "Follow-up X-Ray" + } + ] +} + +### Register another patient with one study +POST {{baseUrl}}/auth/register +Content-Type: application/json + +{ + "email": "patient2@example.com", + "password": "password123", + "name": "Bobon Santoso", + "role": "patient", + "patient": { + "patient_id": "MR00000359", + "patient_name": "Bobon Santoso", + "date_of_birth": "1985-01-01" + }, + "studies": [ + { + "study_instance_uid": "1.2.826.0.1.3680043.9.7307.1.202503196393.01", + "accession_number": "CR.250319.6393.01", + "study_date": "2025-03-19", + "study_description": "MRI Scan" + } + ] +} + +### Register another referring doctor +POST {{baseUrl}}/auth/register +Content-Type: application/json + +{ + "email": "doctor@example.com", + "password": "password123", + "name": "DR. HERWINDO RIDWAN, SP.OT", + "role": "ref_doctor", + "doctor": { + "doctor_id": "DOC002", + "doctor_name": "DR. HERWINDO RIDWAN, SP.OT" + } +} + +### Register another referring doctor +POST {{baseUrl}}/auth/register +Content-Type: application/json + +{ + "email": "doctor2@example.com", + "password": "password123", + "name": "Referring^Physician", + "role": "ref_doctor", + "doctor": { + "doctor_id": "DOC003", + "doctor_name": "Referring^Physician" + } +} + +### Register a new expertise doctor +POST {{baseUrl}}/auth/register +Content-Type: application/json + +{ + "email": "expert@example.com", + "password": "password123", + "name": "Dr. Expertise", + "role": "expertise_doctor", + "doctor": { + "doctor_id": "EX456", + "doctor_name": "Dr. Expertise" + } +} + +### Login with registered user +POST {{baseUrl}}/auth/login +Content-Type: application/json + +{ + "email": "patient1@example.com", + "password": "password123" +} + +### Login with admin user +POST {{baseUrl}}/auth/login +Content-Type: application/json + +{ + "email": "admin@example.com", + "password": "password123" +} + +### Login with patient user +POST {{baseUrl}}/auth/login +Content-Type: application/json + +{ + "email": "patient2@example.com", + "password": "password123" +} + +### Login with doctor user +POST {{baseUrl}}/auth/login +Content-Type: application/json + +{ + "email": "doctor@example.com", + "password": "password123" +} + +@refresh_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiNCIsImVtYWlsIjoiZG9jdG9yQGV4YW1wbGUuY29tIiwicm9sZSI6InJlZl9kb2N0b3IiLCJ1c2VyX25hbWUiOiJEUi4gSEVSV0lORE8gUklEV0FOLCBTUC5PVCIsInRva2VuX3R5cGUiOiJyZWZyZXNoIiwiaG9tZV91cmwiOiIvIiwic3R1ZHlfbGlzdCI6ImVuYWJsZWQiLCJmaWx0ZXJfdXJsIjoic3R1ZGllcz9saW1pdD0xMDFcdTAwMjZvZmZzZXQ9MFx1MDAyNmZ1enp5bWF0Y2hpbmc9ZmFsc2VcdTAwMjZpbmNsdWRlZmllbGQ9MDAwODEwMzAsMDAwODAwNjAsMDAwODAwOTBcdTAwMjYwMDA4MDA5MD1EUi4rSEVSV0lORE8rUklEV0FOJTJDK1NQLk9UIiwiZXhwIjoxNzQ3OTAxMzI5LCJpYXQiOjE3NDcyOTY1Mjl9.M7khgg8eZHk20qGsdPDmUojdBvItXOE-834R6t_AF9Q" + +### Refresh TOken +POST {{baseUrl}}/auth/refresh +Content-Type: application/json + +{ + "refresh_token" : {{refresh_token}} +} \ No newline at end of file diff --git a/test/http/shortlink-flow.http b/test/http/shortlink-flow.http new file mode 100644 index 0000000..d03c7c8 --- /dev/null +++ b/test/http/shortlink-flow.http @@ -0,0 +1,64 @@ +### Shortlink Authentication Test File +@baseUrl = http://localhost:5555 +@adminToken = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiNiIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJyb2xlIjoiYWRtaW4iLCJ1c2VyX25hbWUiOiJBZG1pbiBVc2VyIiwidG9rZW5fdHlwZSI6ImFjY2VzcyIsImhvbWVfdXJsIjoiLyIsInN0dWR5X2xpc3QiOiJlbmFibGVkIiwiZXhwIjoxNzQ3MzY0NjgxLCJpYXQiOjE3NDcyNzgyODF9.bkzxV8f26wN_r6uI5T6o58TNX4U0z-Wel1hCAl5-8ag + +### 1. Generate Short Link Single Study +POST {{baseUrl}}/generate-link +Content-Type: application/json +Authorization: Bearer {{adminToken}} + +{ + "patient_id": "MR00000359", + "study_uid": "1.2.826.0.1.3680043.9.7307.1.202503196393.01", + "dob": "2001-10-07", + "expires_in": 48 +} + +### 2. Generate Short Link Multiple Studies +POST {{baseUrl}}/generate-link +Content-Type: application/json +Authorization: Bearer {{adminToken}} + +{ + "patient_id": "00211622", + "study_uid": "1.2.826.0.1.3680043.9.7307.1.20180713036", + "dob": "1980-01-01", + "expires_in": 48 +} + +### +POST {{baseUrl}}/generate-link +Content-Type: application/json +Authorization: Bearer {{adminToken}} + +{ + "patient_id": "00211622", + "study_uid": "1.2.826.0.1.3680043.9.7307.1.20180530066", + "dob": "1980-01-01", + "expires_in": 48 +} + +### Authenticate correct +POST {{baseUrl}}/auth/shortlink +Content-Type: application/json + +{ + "short_token": "aePWCTrU", + "dob": "1980-01-01" +} + +### Authenticate with Incorrect DOB +POST {{baseUrl}}/auth/shortlink +Content-Type: application/json + +{ + "short_token": "HNHh_zem", + "dob": "2001-10-00" +} + + +### 4. Access DICOM data with the JWT from successful shortlink auth +# Replace with token from successful auth in request #2 +GET {{baseUrl}}/dicomWeb/studies/1.2.826.0.1.3680043.9.7307.1.20180713036 +Content-Type: application/json +Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoic2hvcnRsaW5rXzIiLCJlbWFpbCI6InBhdGllbnRfMkBzaG9ydGxpbmsubG9jYWwiLCJyb2xlIjoicGF0aWVudCIsInVzZXJfbmFtZSI6IlBhdGllbnQiLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwicGF0aWVudF9pZCI6IjAwMjExNjIyIiwicGF0aWVudF9uYW1lIjoiUGF0aWVudCIsInN0dWR5X2l1aWRzIjpbIjEuMi44MjYuMC4xLjM2ODAwNDMuOS43MzA3LjEuMjAxODA3MTMwMzYiXSwiaG9tZV91cmwiOiJ2aWV3ZXI_U3R1ZHlJbnN0YW5jZVVJRHM9MS4yLjgyNi4wLjEuMzY4MDA0My45LjczMDcuMS4yMDE4MDcxMzAzNiIsInN0dWR5X2xpc3QiOiJkaXNhYmxlZCIsImV4cCI6MTc0NzM2OTc1NSwiaWF0IjoxNzQ3MjgzMzU1fQ.rj1Xr7StW_O3rE2Pwq6L-WGBAW1tFcUq8bt5nu4u050 \ No newline at end of file