mario/go-ohif-proxy
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

edit: bypass pydicom upload auth

Browse Source
This commit is contained in:
mario
2025-05-17 09:37:40 +07:00
parent 36417fe515
commit ed3feb77d2
2 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/api/middleware/auth.go
View File

@@ -35,6 +35,15 @@ var WhitelistedEndpoints = []*regexp.Regexp{
func Auth(authService *service.AuthService, logger *zap.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Check if this is the /dicomWeb/studies POST request which should bypass auth
if r.URL.Path == "/dicomWeb/studies" && r.Method == http.MethodPost {
logger.Info("Bypassing authentication for DICOM upload endpoint",
zap.String("path", r.URL.Path),
zap.String("method", r.Method))
next.ServeHTTP(w, r)
return
}
// Get authorization header
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
@@ -136,6 +145,15 @@ func RoleRequired(roles ...string) func(http.Handler) http.Handler {
func PatientViewRestriction(logger *zap.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Check if this is the /dicomWeb/studies POST request which should bypass restrictions
if r.URL.Path == "/dicomWeb/studies" && r.Method == http.MethodPost {
logger.Info("Bypassing patient view restriction for DICOM upload endpoint",
zap.String("path", r.URL.Path),
zap.String("method", r.Method))
next.ServeHTTP(w, r)
return
}
// Get claims from context using the defined key
claimsValue := r.Context().Value(ClaimsKey)
if claimsValue == nil {

5
internal/api/routes.go
View File

@@ -134,6 +134,9 @@ func SetupRouter(cfg *config.Config, logger *zap.Logger) http.Handler {
// Query routes - accessible by all roles
r.Get("/", dicomHandler.ForwardRequest) // Study list with filters
// DICOM upload endpoint - for pydicom-uploader service
r.Post("/", dicomHandler.ForwardRequest) // Upload studies
})
// Expertise doctors have full access to all DICOM endpoints
@@ -159,7 +162,7 @@ func SetupRouter(cfg *config.Config, logger *zap.Logger) http.Handler {
pydicomHandler := handlers.NewPydicomHandler(logger, shortLinkService, registerService)
// Add route for uploaded DICOM
r.Post("/uploaded_dicom", pydicomHandler.HandleUploadedDicom)
r.Post("/uploaded-dicom", pydicomHandler.HandleUploadedDicom)
})
return r