From 26a7347e57aa619a61f84f6ff7bed2573a53a496 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 12 Apr 2022 15:22:02 +0200 Subject: [PATCH 01/25] Remove OIDC port --- UI/script/docker-entrypoint-nginx.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UI/script/docker-entrypoint-nginx.sh b/UI/script/docker-entrypoint-nginx.sh index 13a83ebd..585b9bb3 100755 --- a/UI/script/docker-entrypoint-nginx.sh +++ b/UI/script/docker-entrypoint-nginx.sh @@ -90,6 +90,6 @@ host="$(echo $hostport | sed -e 's,:.*,,g')" port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" [[ ! -z ${port} ]] && port=":$port"; -KHEOPS_ROOT_OIDC=$proto$host$port +KHEOPS_ROOT_OIDC=$proto$host sed -i "s|\%{kheops_root_oidc}|$KHEOPS_ROOT_OIDC|g" $NGINX_FILENAME From 1ca2df277faa8ef36ac2c19b7881c41653c01812 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 13 Apr 2022 13:35:22 +0200 Subject: [PATCH 02/25] Auth specific KHEOPS_AUTH_OIDC_PROVIDER --- Authorization/setenv.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index e3dd0798..6742f0ba 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -94,7 +94,7 @@ sed -i "s|\${kheops_pacs_url}|http://$KHEOPS_PACS_PEP_HOST:$KHEOPS_PACS_PEP_PORT sed -i "s|\${kheops_client_dicomwebproxyclientid}|$KHEOPS_CLIENT_DICOMWEBPROXYCLIENTID|" ${REPLACE_FILE_PATH} sed -i "s|\${kheops_client_zipperclientid}|$KHEOPS_CLIENT_ZIPPERCLIENTID|" ${REPLACE_FILE_PATH} -sed -i "s|\${kheops_oidc_provider}|$KHEOPS_OIDC_PROVIDER|" ${REPLACE_FILE_PATH} +sed -i "s|\${kheops_oidc_provider}|$KHEOPS_AUTH_OIDC_PROVIDER|" ${REPLACE_FILE_PATH} sed -i "s|\${kheops_oauth_scope}|$KHEOPS_OAUTH_SCOPE|" ${REPLACE_FILE_PATH} sed -i "s|\${kheops_welcomebot_webhook}|$KHEOPS_WELCOMEBOT_WEBHOOK|" ${REPLACE_FILE_PATH} From d8d4fcb296c57bbeed37fa3fda59c910b82d5026 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Thu, 14 Apr 2022 15:16:58 +0200 Subject: [PATCH 03/25] Log stowServiceURI --- .../main/java/online/kheops/proxy/stow/resource/Resource.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java index c36b0d96..9e973172 100644 --- a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java +++ b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java @@ -175,6 +175,8 @@ private MediaType getGatewayContentType() { private Response processProxy(Proxy proxy, AuthorizationManager authorizationManager, String studyInstanceUID, Introspect.Response introspectResponse) { URI stowServiceURI = getParameterURI("online.kheops.pacs.uri"); + LOG.log(Level.SEVERE, String.valueOf(stowServiceURI)); + if (studyInstanceUID != null) { stowServiceURI = UriBuilder.fromUri(stowServiceURI).path("/studies/{StudyInstanceUID}").build(studyInstanceUID); } else { From 007e8147d5ec897d5d2862ffd3fe756e3b7a1a81 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Thu, 14 Apr 2022 16:19:52 +0200 Subject: [PATCH 04/25] Debug token --- .../main/java/online/kheops/proxy/stow/resource/Resource.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java index 9e973172..939db39d 100644 --- a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java +++ b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java @@ -200,6 +200,8 @@ private Response processProxy(Proxy proxy, AuthorizationManager authorizationMan .header(AUTHORIZATION, "Bearer " + getPostBearerToken(introspectResponse)) .header(ACCEPT, MediaTypes.APPLICATION_DICOM_XML) .post(Entity.entity(multipartStreamingOutput, getGatewayContentType())); + + LOG.log(Level.SEVERE, "Token " + getPostBearerToken(introspectResponse); final InputStream responseStream = gatewayResponse.readEntity(InputStream.class)) { if (gatewayResponse.getStatusInfo().getFamily() != SUCCESSFUL && gatewayResponse.getStatus() != CONFLICT.getStatusCode()) { LOG.log(Level.SEVERE, () -> "Gateway response was unsuccessful, Status: " + gatewayResponse.getStatus()); From b4782455d22f68f95adf6db442f815094adbe6f3 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Thu, 14 Apr 2022 16:24:49 +0200 Subject: [PATCH 05/25] Log stowServiceURI --- .../java/online/kheops/proxy/stow/resource/Resource.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java index 939db39d..063bc88b 100644 --- a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java +++ b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java @@ -200,9 +200,10 @@ private Response processProxy(Proxy proxy, AuthorizationManager authorizationMan .header(AUTHORIZATION, "Bearer " + getPostBearerToken(introspectResponse)) .header(ACCEPT, MediaTypes.APPLICATION_DICOM_XML) .post(Entity.entity(multipartStreamingOutput, getGatewayContentType())); - - LOG.log(Level.SEVERE, "Token " + getPostBearerToken(introspectResponse); final InputStream responseStream = gatewayResponse.readEntity(InputStream.class)) { + + LOG.log(Level.SEVERE, "Token " + getPostBearerToken(introspectResponse)); + if (gatewayResponse.getStatusInfo().getFamily() != SUCCESSFUL && gatewayResponse.getStatus() != CONFLICT.getStatusCode()) { LOG.log(Level.SEVERE, () -> "Gateway response was unsuccessful, Status: " + gatewayResponse.getStatus()); try { From 81ad2d11b6258c6d5b174930a5cfba00a31c175a Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Thu, 14 Apr 2022 16:37:37 +0200 Subject: [PATCH 06/25] Add logs --- .../main/java/online/kheops/proxy/stow/resource/Resource.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java index 063bc88b..7b6cf198 100644 --- a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java +++ b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java @@ -183,6 +183,8 @@ private Response processProxy(Proxy proxy, AuthorizationManager authorizationMan stowServiceURI = UriBuilder.fromUri(stowServiceURI).path("/studies").build(); } + LOG.log(Level.SEVERE, String.valueOf(stowServiceURI)); + MultipartStreamingOutput multipartStreamingOutput = output -> { try { proxy.processStream(output); From 771904d15e37444cf8c286c0fa71fbfd273039de Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 26 Apr 2022 14:08:20 +0200 Subject: [PATCH 07/25] Remove authdb check --- Authorization/setenv.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 6742f0ba..4ac146cd 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -50,8 +50,7 @@ check_env "KHEOPS_AUTHDB_USER" \ "KHEOPS_CLIENT_DICOMWEBPROXYCLIENTID" \ "KHEOPS_CLIENT_ZIPPERCLIENTID" -check_secrets "/run/secrets/kheops_authdb_pass" \ - "/run/secrets/kheops_auth_hmasecret" \ +check_secrets "/run/secrets/kheops_auth_hmasecret" \ "/run/secrets/kheops_client_dicomwebproxysecret" \ "/run/secrets/kheops_client_zippersecret" From 0f748333413d433e9d0c424a5912db0cdbeefb28 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 26 Apr 2022 14:14:04 +0200 Subject: [PATCH 08/25] Remove secret check --- Authorization/setenv.sh | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 4ac146cd..453006e8 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -63,25 +63,25 @@ if [ -z "$KHEOPS_OAUTH_SCOPE" ]; then fi #get secrets and verify content -for f in ${SECRET_FILE_PATH}/* -do - filename=$(basename "$f") - - if [ "$filename" = "kubernetes.io" ]; then - continue - fi - - word_count=$(wc -w $f | cut -f1 -d" ") - line_count=$(wc -l $f | cut -f1 -d" ") - - if [ ${word_count} != 1 ] || [ ${line_count} != 1 ]; then - echo Error with secret $filename. He contains $word_count word and $line_count line - exit 1 - fi - - value=$(cat ${f}) - sed -i "s|\${$filename}|$value|" ${REPLACE_FILE_PATH} -done +#for f in ${SECRET_FILE_PATH}/* +#do +# filename=$(basename "$f") +# +# if [ "$filename" = "kubernetes.io" ]; then +# continue +# fi +# +# word_count=$(wc -w $f | cut -f1 -d" ") +# line_count=$(wc -l $f | cut -f1 -d" ") +# +# if [ ${word_count} != 1 ] || [ ${line_count} != 1 ]; then +# echo Error with secret $filename. He contains $word_count word and $line_count line +# exit 1 +# fi +# +# value=$(cat ${f}) +# sed -i "s|\${$filename}|$value|" ${REPLACE_FILE_PATH} +#done #get env var From 4823c8e2fd973459d4f61099e9b3c3905c081bf3 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 26 Apr 2022 14:25:56 +0200 Subject: [PATCH 09/25] Remove if check --- Authorization/setenv.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 453006e8..d974643a 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -50,7 +50,8 @@ check_env "KHEOPS_AUTHDB_USER" \ "KHEOPS_CLIENT_DICOMWEBPROXYCLIENTID" \ "KHEOPS_CLIENT_ZIPPERCLIENTID" -check_secrets "/run/secrets/kheops_auth_hmasecret" \ +check_secrets "/run/secrets/kheops_authdb_pass" \ + "/run/secrets/kheops_auth_hmasecret" \ "/run/secrets/kheops_client_dicomwebproxysecret" \ "/run/secrets/kheops_client_zippersecret" @@ -63,14 +64,14 @@ if [ -z "$KHEOPS_OAUTH_SCOPE" ]; then fi #get secrets and verify content -#for f in ${SECRET_FILE_PATH}/* -#do -# filename=$(basename "$f") -# -# if [ "$filename" = "kubernetes.io" ]; then -# continue -# fi -# +for f in ${SECRET_FILE_PATH}/* +do + filename=$(basename "$f") + + if [ "$filename" = "kubernetes.io" ]; then + continue + fi + # word_count=$(wc -w $f | cut -f1 -d" ") # line_count=$(wc -l $f | cut -f1 -d" ") # @@ -78,10 +79,10 @@ fi # echo Error with secret $filename. He contains $word_count word and $line_count line # exit 1 # fi -# -# value=$(cat ${f}) -# sed -i "s|\${$filename}|$value|" ${REPLACE_FILE_PATH} -#done + + value=$(cat ${f}) + sed -i "s|\${$filename}|$value|" ${REPLACE_FILE_PATH} +done #get env var From 333e67b5b6e4e6c1423b8ab07e5b466708978114 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 26 Apr 2022 14:34:36 +0200 Subject: [PATCH 10/25] Remove check_secrets --- Authorization/setenv.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index d974643a..fe7dc474 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -50,10 +50,10 @@ check_env "KHEOPS_AUTHDB_USER" \ "KHEOPS_CLIENT_DICOMWEBPROXYCLIENTID" \ "KHEOPS_CLIENT_ZIPPERCLIENTID" -check_secrets "/run/secrets/kheops_authdb_pass" \ - "/run/secrets/kheops_auth_hmasecret" \ - "/run/secrets/kheops_client_dicomwebproxysecret" \ - "/run/secrets/kheops_client_zippersecret" +#check_secrets "/run/secrets/kheops_authdb_pass" \ +# "/run/secrets/kheops_auth_hmasecret" \ +# "/run/secrets/kheops_client_dicomwebproxysecret" \ +# "/run/secrets/kheops_client_zippersecret" if [ -z "$KHEOPS_WELCOMEBOT_WEBHOOK" ]; then echo "No KHEOPS_WELCOMEBOT_WEBHOOK environment variable, welcomebot is disabled" From 36ba374dd18477349668fd90068eac44c3177275 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 10 May 2022 11:46:42 +0200 Subject: [PATCH 11/25] Include check_secrets, add new line --- Authorization/setenv.sh | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index fe7dc474..72b11f5e 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -1,5 +1,8 @@ #! /bin/bash +# Kubernetes only test +echo "$(cat kheops_authdb_pass)" > kheops_authdb_pass + check_env() { local missing_env_var=false @@ -50,10 +53,10 @@ check_env "KHEOPS_AUTHDB_USER" \ "KHEOPS_CLIENT_DICOMWEBPROXYCLIENTID" \ "KHEOPS_CLIENT_ZIPPERCLIENTID" -#check_secrets "/run/secrets/kheops_authdb_pass" \ -# "/run/secrets/kheops_auth_hmasecret" \ -# "/run/secrets/kheops_client_dicomwebproxysecret" \ -# "/run/secrets/kheops_client_zippersecret" +check_secrets "/run/secrets/kheops_authdb_pass" \ + "/run/secrets/kheops_auth_hmasecret" \ + "/run/secrets/kheops_client_dicomwebproxysecret" \ + "/run/secrets/kheops_client_zippersecret" if [ -z "$KHEOPS_WELCOMEBOT_WEBHOOK" ]; then echo "No KHEOPS_WELCOMEBOT_WEBHOOK environment variable, welcomebot is disabled" @@ -72,13 +75,13 @@ do continue fi -# word_count=$(wc -w $f | cut -f1 -d" ") -# line_count=$(wc -l $f | cut -f1 -d" ") -# -# if [ ${word_count} != 1 ] || [ ${line_count} != 1 ]; then -# echo Error with secret $filename. He contains $word_count word and $line_count line -# exit 1 -# fi + word_count=$(wc -w $f | cut -f1 -d" ") + line_count=$(wc -l $f | cut -f1 -d" ") + + if [ ${word_count} != 1 ] || [ ${line_count} != 1 ]; then + echo Error with secret $filename. He contains $word_count word and $line_count line + exit 1 + fi value=$(cat ${f}) sed -i "s|\${$filename}|$value|" ${REPLACE_FILE_PATH} From c982509486e0bc6c3c23eeadd719226f8ba7ddf7 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 10 May 2022 11:54:52 +0200 Subject: [PATCH 12/25] Update folder --- Authorization/setenv.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 72b11f5e..5f936b41 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -1,7 +1,8 @@ #! /bin/bash # Kubernetes only test -echo "$(cat kheops_authdb_pass)" > kheops_authdb_pass +echo "$(cat /run/secrets/kheops_authdb_pass)" > /run/secrets/kheops_authdb_pass +echo "kheops_authdb_pass modified" check_env() { local missing_env_var=false From bc2c5753fa393e3e75884762c2247a003a99d3f3 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 10 May 2022 12:09:02 +0200 Subject: [PATCH 13/25] Test --- Authorization/setenv.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 5f936b41..7546c51a 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -1,8 +1,8 @@ #! /bin/bash # Kubernetes only test -echo "$(cat /run/secrets/kheops_authdb_pass)" > /run/secrets/kheops_authdb_pass -echo "kheops_authdb_pass modified" +#echo "$(cat /run/secrets/kheops_authdb_pass)" > /run/secrets/kheops_authdb_pass +#echo "kheops_authdb_pass modified" check_env() { local missing_env_var=false @@ -54,10 +54,10 @@ check_env "KHEOPS_AUTHDB_USER" \ "KHEOPS_CLIENT_DICOMWEBPROXYCLIENTID" \ "KHEOPS_CLIENT_ZIPPERCLIENTID" -check_secrets "/run/secrets/kheops_authdb_pass" \ - "/run/secrets/kheops_auth_hmasecret" \ - "/run/secrets/kheops_client_dicomwebproxysecret" \ - "/run/secrets/kheops_client_zippersecret" +#check_secrets "/run/secrets/kheops_authdb_pass" \ +# "/run/secrets/kheops_auth_hmasecret" \ +# "/run/secrets/kheops_client_dicomwebproxysecret" \ +# "/run/secrets/kheops_client_zippersecret" if [ -z "$KHEOPS_WELCOMEBOT_WEBHOOK" ]; then echo "No KHEOPS_WELCOMEBOT_WEBHOOK environment variable, welcomebot is disabled" From 5da577dd8a0602583f6d194a85e5888572d2de52 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 10 May 2022 12:13:45 +0200 Subject: [PATCH 14/25] Remove check --- Authorization/setenv.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 7546c51a..be951141 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -76,15 +76,16 @@ do continue fi - word_count=$(wc -w $f | cut -f1 -d" ") - line_count=$(wc -l $f | cut -f1 -d" ") - - if [ ${word_count} != 1 ] || [ ${line_count} != 1 ]; then - echo Error with secret $filename. He contains $word_count word and $line_count line - exit 1 - fi +# word_count=$(wc -w $f | cut -f1 -d" ") +# line_count=$(wc -l $f | cut -f1 -d" ") +# +# if [ ${word_count} != 1 ] || [ ${line_count} != 1 ]; then +# echo Error with secret $filename. He contains $word_count word and $line_count line +# exit 1 +# fi value=$(cat ${f}) + echo $value sed -i "s|\${$filename}|$value|" ${REPLACE_FILE_PATH} done From f25eb9b74ebc3e60010b489f38963eec42ef7376 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 29 Jun 2022 11:24:02 +0200 Subject: [PATCH 15/25] Update to $http_x_forwarded_for --- ReverseProxy/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ReverseProxy/nginx.conf b/ReverseProxy/nginx.conf index 8d491988..038249c9 100644 --- a/ReverseProxy/nginx.conf +++ b/ReverseProxy/nginx.conf @@ -30,7 +30,7 @@ http { #gzip on; - geo $remote_addr $geo { + geo $http_x_forwarded_for $geo { default 0; ${kheops_block_post_ip_addresses}; } From ae34d6ea17506bd574d8bb06e3690429096dc7e8 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 5 Jul 2022 16:55:33 +0200 Subject: [PATCH 16/25] Remove logs --- .../java/online/kheops/proxy/stow/resource/Resource.java | 6 ------ 1 file changed, 6 deletions(-) diff --git a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java index 7b6cf198..f3beb746 100644 --- a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java +++ b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java @@ -175,16 +175,12 @@ private MediaType getGatewayContentType() { private Response processProxy(Proxy proxy, AuthorizationManager authorizationManager, String studyInstanceUID, Introspect.Response introspectResponse) { URI stowServiceURI = getParameterURI("online.kheops.pacs.uri"); - LOG.log(Level.SEVERE, String.valueOf(stowServiceURI)); - if (studyInstanceUID != null) { stowServiceURI = UriBuilder.fromUri(stowServiceURI).path("/studies/{StudyInstanceUID}").build(studyInstanceUID); } else { stowServiceURI = UriBuilder.fromUri(stowServiceURI).path("/studies").build(); } - LOG.log(Level.SEVERE, String.valueOf(stowServiceURI)); - MultipartStreamingOutput multipartStreamingOutput = output -> { try { proxy.processStream(output); @@ -204,8 +200,6 @@ private Response processProxy(Proxy proxy, AuthorizationManager authorizationMan .post(Entity.entity(multipartStreamingOutput, getGatewayContentType())); final InputStream responseStream = gatewayResponse.readEntity(InputStream.class)) { - LOG.log(Level.SEVERE, "Token " + getPostBearerToken(introspectResponse)); - if (gatewayResponse.getStatusInfo().getFamily() != SUCCESSFUL && gatewayResponse.getStatus() != CONFLICT.getStatusCode()) { LOG.log(Level.SEVERE, () -> "Gateway response was unsuccessful, Status: " + gatewayResponse.getStatus()); try { From a4a08aaef7ce756c048f098b157e4f2829a7a21c Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Tue, 5 Jul 2022 16:56:08 +0200 Subject: [PATCH 17/25] Remove extra line --- .../main/java/online/kheops/proxy/stow/resource/Resource.java | 1 - 1 file changed, 1 deletion(-) diff --git a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java index f3beb746..c36b0d96 100644 --- a/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java +++ b/DICOMwebProxy/src/main/java/online/kheops/proxy/stow/resource/Resource.java @@ -199,7 +199,6 @@ private Response processProxy(Proxy proxy, AuthorizationManager authorizationMan .header(ACCEPT, MediaTypes.APPLICATION_DICOM_XML) .post(Entity.entity(multipartStreamingOutput, getGatewayContentType())); final InputStream responseStream = gatewayResponse.readEntity(InputStream.class)) { - if (gatewayResponse.getStatusInfo().getFamily() != SUCCESSFUL && gatewayResponse.getStatus() != CONFLICT.getStatusCode()) { LOG.log(Level.SEVERE, () -> "Gateway response was unsuccessful, Status: " + gatewayResponse.getStatus()); try { From 103d2eae7a4c76bd5fb7607cdb7885fa9c78d00a Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 6 Jul 2022 11:47:25 +0200 Subject: [PATCH 18/25] Add back word_count and line_count check --- Authorization/setenv.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index be951141..11ec2182 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -1,9 +1,5 @@ #! /bin/bash -# Kubernetes only test -#echo "$(cat /run/secrets/kheops_authdb_pass)" > /run/secrets/kheops_authdb_pass -#echo "kheops_authdb_pass modified" - check_env() { local missing_env_var=false @@ -76,13 +72,17 @@ do continue fi -# word_count=$(wc -w $f | cut -f1 -d" ") -# line_count=$(wc -l $f | cut -f1 -d" ") -# -# if [ ${word_count} != 1 ] || [ ${line_count} != 1 ]; then -# echo Error with secret $filename. He contains $word_count word and $line_count line -# exit 1 -# fi + word_count=$(wc -w $f | cut -f1 -d" ") + line_count=$(wc -l $f | cut -f1 -d" ") + + if [ ${word_count} != 1 ] || [ ${line_count} != 1 ]; then + echo $filename + echo $word_count + echo $line_count + + echo Error with secret $filename. He contains $word_count word and $line_count line + exit 1 + fi value=$(cat ${f}) echo $value From ceec7d2dff7eab4a5b249115a16beffd4e6c571b Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 6 Jul 2022 11:55:55 +0200 Subject: [PATCH 19/25] Add back check_secrets --- Authorization/setenv.sh | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 11ec2182..32c23046 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -35,9 +35,9 @@ check_secrets() { fi shift done - if [[ $missing_secret = true ]]; then - exit 1 - fi +# if [[ $missing_secret = true ]]; then +# exit 1 +# fi } check_env "KHEOPS_AUTHDB_USER" \ @@ -50,10 +50,10 @@ check_env "KHEOPS_AUTHDB_USER" \ "KHEOPS_CLIENT_DICOMWEBPROXYCLIENTID" \ "KHEOPS_CLIENT_ZIPPERCLIENTID" -#check_secrets "/run/secrets/kheops_authdb_pass" \ -# "/run/secrets/kheops_auth_hmasecret" \ -# "/run/secrets/kheops_client_dicomwebproxysecret" \ -# "/run/secrets/kheops_client_zippersecret" +check_secrets "/run/secrets/kheops_authdb_pass" \ + "/run/secrets/kheops_auth_hmasecret" \ + "/run/secrets/kheops_client_dicomwebproxysecret" \ + "/run/secrets/kheops_client_zippersecret" if [ -z "$KHEOPS_WELCOMEBOT_WEBHOOK" ]; then echo "No KHEOPS_WELCOMEBOT_WEBHOOK environment variable, welcomebot is disabled" @@ -76,9 +76,6 @@ do line_count=$(wc -l $f | cut -f1 -d" ") if [ ${word_count} != 1 ] || [ ${line_count} != 1 ]; then - echo $filename - echo $word_count - echo $line_count echo Error with secret $filename. He contains $word_count word and $line_count line exit 1 From c1654c14fda92aeb118b97197eada08f7270be7f Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 6 Jul 2022 12:02:14 +0200 Subject: [PATCH 20/25] Add comment --- Authorization/setenv.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 32c23046..bf764762 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -34,6 +34,8 @@ check_secrets() { missing_secret=true fi shift + + echo "Finished checking secrets" done # if [[ $missing_secret = true ]]; then # exit 1 From 4f7fd45261f8bccd860d2085480bd18c9fbb2065 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 6 Jul 2022 12:03:41 +0200 Subject: [PATCH 21/25] Remove echo --- Authorization/setenv.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index bf764762..97161f8c 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -84,7 +84,6 @@ do fi value=$(cat ${f}) - echo $value sed -i "s|\${$filename}|$value|" ${REPLACE_FILE_PATH} done From 58c19f98c43cd9e5ce2f149c5e245c65273e341d Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 6 Jul 2022 14:17:09 +0200 Subject: [PATCH 22/25] Add back exit and echo --- Authorization/setenv.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 97161f8c..46112cbf 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -19,7 +19,7 @@ check_env() { check_secrets() { local missing_secret=false; - while [[ -n $1 ]]; do + while [[ -n $1 ]]; do local var="$1" if [[ -f $var ]]; then word_count=$(wc -w "$var" | cut -f1 -d" ") @@ -34,12 +34,13 @@ check_secrets() { missing_secret=true fi shift - - echo "Finished checking secrets" done -# if [[ $missing_secret = true ]]; then -# exit 1 -# fi + + if [[ $missing_secret = true ]]; then + exit 1 + fi + + echo "Finished checking secrets, none missing" } check_env "KHEOPS_AUTHDB_USER" \ From da4d37df8c431cce22b1eaa86458d7cedb0eeed4 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 6 Jul 2022 15:22:17 +0200 Subject: [PATCH 23/25] Add if/else KHEOPS_OIDC_PROVIDER and KHEOPS_AUTH_OIDC_PROVIDER --- Authorization/setenv.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/Authorization/setenv.sh b/Authorization/setenv.sh index 46112cbf..4859cb52 100755 --- a/Authorization/setenv.sh +++ b/Authorization/setenv.sh @@ -98,7 +98,17 @@ sed -i "s|\${kheops_pacs_url}|http://$KHEOPS_PACS_PEP_HOST:$KHEOPS_PACS_PEP_PORT sed -i "s|\${kheops_client_dicomwebproxyclientid}|$KHEOPS_CLIENT_DICOMWEBPROXYCLIENTID|" ${REPLACE_FILE_PATH} sed -i "s|\${kheops_client_zipperclientid}|$KHEOPS_CLIENT_ZIPPERCLIENTID|" ${REPLACE_FILE_PATH} -sed -i "s|\${kheops_oidc_provider}|$KHEOPS_AUTH_OIDC_PROVIDER|" ${REPLACE_FILE_PATH} + +# Kubernetes: use $KHEOPS_AUTH_OIDC_PROVIDER instead of KHEOPS_OIDC_PROVIDER + +if [ -n "$KHEOPS_AUTH_OIDC_PROVIDER" ]; then + echo "Using KHEOPS_AUTH_OIDC_PROVIDER" + sed -i "s|\${kheops_oidc_provider}|$KHEOPS_AUTH_OIDC_PROVIDER|" ${REPLACE_FILE_PATH} +else + echo "Using KHEOPS_OIDC_PROVIDER" + sed -i "s|\${kheops_oidc_provider}|$KHEOPS_OIDC_PROVIDER|" ${REPLACE_FILE_PATH} +fi + sed -i "s|\${kheops_oauth_scope}|$KHEOPS_OAUTH_SCOPE|" ${REPLACE_FILE_PATH} sed -i "s|\${kheops_welcomebot_webhook}|$KHEOPS_WELCOMEBOT_WEBHOOK|" ${REPLACE_FILE_PATH} From 8ae55c99ff8ca6e6518c94a368c940ca517d9e55 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 6 Jul 2022 15:38:41 +0200 Subject: [PATCH 24/25] Add echotest --- UI/script/docker-entrypoint-nginx.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/UI/script/docker-entrypoint-nginx.sh b/UI/script/docker-entrypoint-nginx.sh index 585b9bb3..857c695d 100755 --- a/UI/script/docker-entrypoint-nginx.sh +++ b/UI/script/docker-entrypoint-nginx.sh @@ -90,6 +90,8 @@ host="$(echo $hostport | sed -e 's,:.*,,g')" port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" [[ ! -z ${port} ]] && port=":$port"; +echo "PORT : $port" + KHEOPS_ROOT_OIDC=$proto$host sed -i "s|\%{kheops_root_oidc}|$KHEOPS_ROOT_OIDC|g" $NGINX_FILENAME From 83fa36f63447001df7a258ed273b4f6284486238 Mon Sep 17 00:00:00 2001 From: Nick Papoutsis Date: Wed, 6 Jul 2022 16:28:17 +0200 Subject: [PATCH 25/25] Add $port --- UI/script/docker-entrypoint-nginx.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/UI/script/docker-entrypoint-nginx.sh b/UI/script/docker-entrypoint-nginx.sh index 857c695d..13a83ebd 100755 --- a/UI/script/docker-entrypoint-nginx.sh +++ b/UI/script/docker-entrypoint-nginx.sh @@ -90,8 +90,6 @@ host="$(echo $hostport | sed -e 's,:.*,,g')" port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" [[ ! -z ${port} ]] && port=":$port"; -echo "PORT : $port" - -KHEOPS_ROOT_OIDC=$proto$host +KHEOPS_ROOT_OIDC=$proto$host$port sed -i "s|\%{kheops_root_oidc}|$KHEOPS_ROOT_OIDC|g" $NGINX_FILENAME