Versions Compared

Old Version 8

changes.mady.by.user Ryan Crichton

Saved on

compared with

New Version 9

changes.mady.by.user Ryan Crichton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When authentication is set to HTTP basic auth then connect middleware is setup to intercept the request as soon as it enters the HIM as shown above. This middleware will read user details out of the MongoDB store to determine if the user can be authenticated. If the user is rejected an error is returned else the request is considered authenticated and is then passed onto the authorization step.

TODO - should we use passport node module?

Authorization

The OpenHIM only performs simple authorization based on the path that is being requested. It should be able to restrict access to certain paths to users with particular roles. The channel description shown in the router section below shows that each path has one or more allowed roles or user associated with it. The authorization component will check if the authenticated user has the authority to access the current path. It authorized the request will be passed on, else, the request will be denied and a HTTP 401 message will be returned.

...

In addition the ability to store orchestration steps exists in the structure. We anticipate exposing a web service to enable mediators to report requests and responses that they make to/receive from external services and have these stored alongside the actual transaction.

TODO - Should we use mongoose or plain mongodb node.js module?

Code Block
titletransaction.json
collapsetrue
{
	"transactionId": "123",
	"status": "Processing|Failed|Completed",
	"userId": "Musha_OpenMRS",
	"request": {
		"path": "/api/test",
		"headers": [
			{ "header1": "value1" },
			{ "header2": "value2" }
		],
		"requestParams": [
			{ "param1": "value1" },
			{ "param2": "value2" }
		],
		"body": "<HTTP body>",
		"method": "POST",
		"timestamp": "<ISO 8601>"
	},
	"response": {
		"status": 201,
		"body": "<HTTP body>",
		"headers": [
			{ "header1": "value1" },
			{ "header2": "value2" }
		],
		"timestamp": "<ISO 8601>"
	},
	"orchestrationSteps": [
		{
			"orchestrationType": "<orchestrationType>"
			// Same structure as above
			"request": { ... },
			"response": { ... }
		}
	]
}

Router

The router allows request to be forwarded to one or more external services (these could be mediators or an actual HIE component). It describes where to forward the request and the who has access to that request. A route can be marked as primary there are more than one routes to which a request is forwarded. The primary route is the route where the response is expected to be relayed back to the service request that is making use of the OpenHIM.

A custom router will have to be developed that can route according to these rules. The router can be build using the node.js functions provides to make HTTP request and responses can be relayed using the .pipe() function.TODO

Code Block
titlechannels.json
collapsetrue
[
	{
		"urlPattern": "test/sample/.+",
		"allow": "*",
		"deny": "Mallet",
		"routes": [
			{
				"host": "localhost",
				"port": 8080	
			}
			
		]
	},
	{
		"urlPattern": "test/sample2/.+/test2",
		"allow": "Alice,Bob",
		"routes": [
			{
				"host": "localhost",
				"port": 8080,
				"primary": true
			},
			{
				"host": "log-host",
				"port": 4789	
			}
		]
	}
]

Restful API

The OpenHIM must also expose a restful API that enables it to be configured and to allow access to the transaction that it has logged. This restful API will drive a web application that can allow the OpenHIM to be configured and will allow allow transaction to be viewed and monitored.

TODO - Define rest API