Se crea una autenticacion en el header para limitar el acceso a gethash

2025-04-16 13:45:11 -03:00
parent e1ac74edce
commit d72cc1a8bf
1 changed files with 55 additions and 39 deletions
--- a/lib/api_web/controllers/get_hash.ex
+++ b/lib/api_web/controllers/get_hash.ex
@ -4,53 +4,61 @@ defmodule ApiWeb.GetHash do
  import Ecto.Query
  require Logger
  @valid_token "XHg0NWNhN2I3MTljNTRlOGU4NTAwOTljMDYwNTgxNDBmNzc5MTgxMzM3NmJmZTMwOGJjMGM4N2VkMzYwODUwMDFl"
  def index(conn, %{"study" => accessionnumber}) do
    Envar.load(".env")
    Envar.require_env_file(".env")
-    Logger.info("Accession get hash -> #{accessionnumber}")
+    if not valid_token?(conn) do
      conn
      |> put_status(:unauthorized)
      |> json(%{error: "Token inválido o ausente"})
    else
      Logger.info("Accession get hash -> #{accessionnumber}")
-    studyidentifier = Envar.get("IDENTIFIERFIELD") || "IDSTUDY"
+      studyidentifier = Envar.get("IDENTIFIERFIELD") || "IDSTUDY"
-    # En caso de recibir idstudy en get hash -> where: s.accessionnumber == ^String.to_integer(accessionnumber),
+      # En caso de recibir idstudy en get hash -> where: s.accessionnumber == ^String.to_integer(accessionnumber),
-    query =
+      query =
-      if studyidentifier == "IDSTUDY" do
+        if studyidentifier == "IDSTUDY" do
-        from s in "study",
+          from s in "study",
-          join: p in "patient",
+            join: p in "patient",
-          on: p.idpatient == s.idpatient,
+            on: p.idpatient == s.idpatient,
-          where: s.accessionnumber == ^accessionnumber,
+            where: s.accessionnumber == ^accessionnumber,
-          select: %{
+            select: %{
-            idstudy: s.idstudy,
+              idstudy: s.idstudy,
-            patientid: p.patientid
+              patientid: p.patientid
-          }
+            }
-      else
+        else
-        from s in "study",
+          from s in "study",
-          join: p in "patient",
+            join: p in "patient",
-          on: p.idpatient == s.idpatient,
+            on: p.idpatient == s.idpatient,
-          where: s.accessionnumber == ^accessionnumber,
+            where: s.accessionnumber == ^accessionnumber,
-          select: %{
+            select: %{
-            accessionnumber: s.accessionnumber,
+              accessionnumber: s.accessionnumber,
-            patientid: p.patientid
+              patientid: p.patientid
-          }
+            }
        end
      case Repo.one(query) do
        nil ->
          conn
          |> put_status(:not_found)
          |> json(%{error: "Estudio no encontrado"})
        res ->
          vencimiento = DateTime.add(DateTime.utc_now(), 2 * 24 * 60 * 60, :second)
          json_data = Map.put(res, :vencimiento, vencimiento)
          token = generate_token(json_data)
          conn
          |> put_status(:ok)
          |> json(%{hash: token})
      end
    case Repo.one(query) do
      nil ->
        conn
        |> put_status(:not_found)
        |> json(%{error: "Estudio no encontrado"})
      res ->
        vencimiento = DateTime.add(DateTime.utc_now(), 2 * 24 * 60 * 60, :second)
        json_data = Map.put(res, :vencimiento, vencimiento)
        token = generate_token(json_data)
        conn
        |> put_status(:ok)
        |> json(%{hash: token})
    end
  end
@ -63,4 +71,12 @@ defmodule ApiWeb.GetHash do
    token
  end
 defp valid_token?(conn) do
    case get_req_header(conn, "authorization") do
      ["Bearer " <> token] -> token == @valid_token
      _ -> false
    end
  end
 end