edit: bypass pydicom upload auth
This commit is contained in:
@@ -35,6 +35,15 @@ var WhitelistedEndpoints = []*regexp.Regexp{
|
|||||||
func Auth(authService *service.AuthService, logger *zap.Logger) func(http.Handler) http.Handler {
|
func Auth(authService *service.AuthService, logger *zap.Logger) func(http.Handler) http.Handler {
|
||||||
return func(next http.Handler) http.Handler {
|
return func(next http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Check if this is the /dicomWeb/studies POST request which should bypass auth
|
||||||
|
if r.URL.Path == "/dicomWeb/studies" && r.Method == http.MethodPost {
|
||||||
|
logger.Info("Bypassing authentication for DICOM upload endpoint",
|
||||||
|
zap.String("path", r.URL.Path),
|
||||||
|
zap.String("method", r.Method))
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Get authorization header
|
// Get authorization header
|
||||||
authHeader := r.Header.Get("Authorization")
|
authHeader := r.Header.Get("Authorization")
|
||||||
if authHeader == "" {
|
if authHeader == "" {
|
||||||
@@ -136,6 +145,15 @@ func RoleRequired(roles ...string) func(http.Handler) http.Handler {
|
|||||||
func PatientViewRestriction(logger *zap.Logger) func(http.Handler) http.Handler {
|
func PatientViewRestriction(logger *zap.Logger) func(http.Handler) http.Handler {
|
||||||
return func(next http.Handler) http.Handler {
|
return func(next http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Check if this is the /dicomWeb/studies POST request which should bypass restrictions
|
||||||
|
if r.URL.Path == "/dicomWeb/studies" && r.Method == http.MethodPost {
|
||||||
|
logger.Info("Bypassing patient view restriction for DICOM upload endpoint",
|
||||||
|
zap.String("path", r.URL.Path),
|
||||||
|
zap.String("method", r.Method))
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Get claims from context using the defined key
|
// Get claims from context using the defined key
|
||||||
claimsValue := r.Context().Value(ClaimsKey)
|
claimsValue := r.Context().Value(ClaimsKey)
|
||||||
if claimsValue == nil {
|
if claimsValue == nil {
|
||||||
|
|||||||
@@ -134,6 +134,9 @@ func SetupRouter(cfg *config.Config, logger *zap.Logger) http.Handler {
|
|||||||
|
|
||||||
// Query routes - accessible by all roles
|
// Query routes - accessible by all roles
|
||||||
r.Get("/", dicomHandler.ForwardRequest) // Study list with filters
|
r.Get("/", dicomHandler.ForwardRequest) // Study list with filters
|
||||||
|
|
||||||
|
// DICOM upload endpoint - for pydicom-uploader service
|
||||||
|
r.Post("/", dicomHandler.ForwardRequest) // Upload studies
|
||||||
})
|
})
|
||||||
|
|
||||||
// Expertise doctors have full access to all DICOM endpoints
|
// Expertise doctors have full access to all DICOM endpoints
|
||||||
@@ -159,7 +162,7 @@ func SetupRouter(cfg *config.Config, logger *zap.Logger) http.Handler {
|
|||||||
pydicomHandler := handlers.NewPydicomHandler(logger, shortLinkService, registerService)
|
pydicomHandler := handlers.NewPydicomHandler(logger, shortLinkService, registerService)
|
||||||
|
|
||||||
// Add route for uploaded DICOM
|
// Add route for uploaded DICOM
|
||||||
r.Post("/uploaded_dicom", pydicomHandler.HandleUploadedDicom)
|
r.Post("/uploaded-dicom", pydicomHandler.HandleUploadedDicom)
|
||||||
})
|
})
|
||||||
|
|
||||||
return r
|
return r
|
||||||
|
|||||||
Reference in New Issue
Block a user