mario/go-ohif-proxy
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

edit: bypass pydicom upload auth

Browse Source
This commit is contained in:
mario
2025-05-17 09:37:40 +07:00
parent 36417fe515
commit ed3feb77d2
2 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/api/middleware/auth.go
View File

@@ -35,6 +35,15 @@ var WhitelistedEndpoints = []*regexp.Regexp{
func Auth(authService *service.AuthService, logger *zap.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Check if this is the /dicomWeb/studies POST request which should bypass auth
if r.URL.Path == "/dicomWeb/studies" && r.Method == http.MethodPost {
logger.Info("Bypassing authentication for DICOM upload endpoint",
zap.String("path", r.URL.Path),
zap.String("method", r.Method))
next.ServeHTTP(w, r)
return
}
// Get authorization header
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
@@ -136,6 +145,15 @@ func RoleRequired(roles ...string) func(http.Handler) http.Handler {
func PatientViewRestriction(logger *zap.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Check if this is the /dicomWeb/studies POST request which should bypass restrictions
if r.URL.Path == "/dicomWeb/studies" && r.Method == http.MethodPost {
logger.Info("Bypassing patient view restriction for DICOM upload endpoint",
zap.String("path", r.URL.Path),
zap.String("method", r.Method))
next.ServeHTTP(w, r)
return
}
// Get claims from context using the defined key
claimsValue := r.Context().Value(ClaimsKey)
if claimsValue == nil {