diff --git a/database.sql b/database.sql index 4170894..20f320e 100644 --- a/database.sql +++ b/database.sql @@ -100,6 +100,7 @@ CREATE TABLE doctors ( phone VARCHAR(20) NOT NULL, speciality VARCHAR(255) NOT NULL, status VARCHAR(255) NOT NULL, + is_verified BOOLEAN NOT NULL DEFAULT FALSE, PRIMARY KEY (id), CONSTRAINT dt_user_id FOREIGN KEY (user_id) diff --git a/modules/permissionManager.js b/modules/permissionManager.js index f9cc1e6..281ac37 100644 --- a/modules/permissionManager.js +++ b/modules/permissionManager.js @@ -46,6 +46,18 @@ export async function verifyPermissions(userId, permissionName, permissionType) } } +export async function checkIfUserEmailIsVerified(userId) { + try { + const [user] = await pool.execute('SELECT email_verified FROM users WHERE id = ? LIMIT 1', [userId]); + if (user.length === 0) return false; + return user[0].email_verified; + } + catch (err) { + error(err); + return false; + } +} + export async function checkUserExists(req, res, next) { const userId = req.userId; if (!userExists(userId)) return await respondWithStatus(res, 404, 'User not found'); @@ -62,4 +74,10 @@ export const checkPermissions = (permissionName, permissionType) => async (req, const userId = req.userId; if (!verifyPermissions(userId, permissionName, permissionType)) return await respondWithStatus(res, 403, 'Missing permission'); next(); +}; + +export const checkEmailVerified = async (req, res, next) => { + const userId = req.userId; + if (!checkIfUserEmailIsVerified(userId)) return await respondWithStatus(res, 403, 'Email not verified'); + next(); }; \ No newline at end of file diff --git a/routes/doctors.js b/routes/doctors.js index 38598b4..fbb4cef 100644 --- a/routes/doctors.js +++ b/routes/doctors.js @@ -1,7 +1,7 @@ import express from 'express'; import { pool } from '../modules/databaseManager'; import { verifyToken } from '../modules/tokenManager'; -import { verifyPermissions, checkPermissions, checkBanned } from '../modules/permissionManager'; +import { verifyPermissions, checkPermissions, checkBanned, checkEmailVerified } from '../modules/permissionManager'; import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler'; const router = express.Router(); @@ -35,12 +35,33 @@ router.get('/', verifyToken, checkBanned, checkPermissions('doctors', 1), async * @returns {Promise} - A promise that resolves with the result of the insertion. */ router.post('/', verifyToken, checkBanned, checkPermissions('doctors', 2), async (req, res) => { - const { user_id, date_of_birth, gender, address, social_security_number, insurance_number } = req.body; - if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) { + const { user_id, email, phone, speciality, status, is_verified = false } = req.body; + if ([ user_id, email, phone, speciality, status ].every(Boolean)) { try { const [result] = await pool.execute( - 'INSERT INTO doctors (user_id, date_of_birth, gender, address, social_security_number, insurance_number) VALUES (?, ?, ?, ?, ?, ?)', - [ user_id, date_of_birth, gender, address, social_security_number, insurance_number ], + 'INSERT INTO doctors (user_id, email, phone, speciality, status, is_verified) VALUES (?, ?, ?, ?, ?, ?)', + [ user_id, email, phone, speciality, status, is_verified ], + ); + if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing doctor'); + return await respondWithStatus(res, 200, 'Doctor created successfully'); + } + catch (err) { + console.error(err); + return await respondWithStatus(res, 500, 'An error has occured'); + } + } + else { + return await respondWithStatus(res, 400, 'Missing fields'); + } +}); + +router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (req, res) => { + const { email, phone, speciality, status } = req.body; + if ([ email, phone, speciality, status ].every(Boolean)) { + try { + const [result] = await pool.execute( + 'INSERT INTO doctors (user_id, email, phone, speciality, status) VALUES (?, ?, ?, ?, ?, ?)', + [req.userId, email, phone, speciality, status], ); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing doctor'); return await respondWithStatus(res, 200, 'Doctor created successfully'); @@ -97,16 +118,16 @@ router.patch('/:doctorId', verifyToken, checkBanned, async (req, res) => { router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => { const id = req.params.doctorId; - const { user_id, date_of_birth, gender, address, social_security_number, insurance_number } = req.body; - if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) { + const { user_id, email, phone, speciality, status, is_verified } = req.body; + if ([ user_id, email, phone, speciality, status, is_verified ].every(Boolean)) { try { const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [id]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'doctors', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [result] = await pool.execute( - 'UPDATE doctors SET name = ?, type = ?, manufacturer = ?, capacity = ?, status = ?, location = ? WHERE id = ?', - [user_id, date_of_birth, gender, address, social_security_number, insurance_number, id], + 'UPDATE doctors SET name = ?, email = ?, phone = ?, speciality = ?, status = ?, is_verified = ? WHERE id = ?', + [user_id, email, phone, speciality, status, is_verified, id], ); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating doctor'); diff --git a/routes/patients.js b/routes/patients.js index 574deb7..30e388e 100644 --- a/routes/patients.js +++ b/routes/patients.js @@ -1,7 +1,7 @@ import express from 'express'; import { pool } from '../modules/databaseManager'; import { verifyToken } from '../modules/tokenManager'; -import { verifyPermissions, checkPermissions, checkBanned } from '../modules/permissionManager'; +import { verifyPermissions, checkPermissions, checkBanned, checkEmailVerified } from '../modules/permissionManager'; import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler'; const router = express.Router(); @@ -55,6 +55,27 @@ router.post('/', verifyToken, checkBanned, checkPermissions('patients', 2), asyn } }); +router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (req, res) => { + const { date_of_birth, gender, address, social_security_number, insurance_number } = req.body; + if ([ date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) { + try { + const [result] = await pool.execute( + 'INSERT INTO patients (user_id, date_of_birth, gender, address, social_security_number, insurance_number) VALUES (?, ?, ?, ?, ?, ?)', + [ req.userId, date_of_birth, gender, address, social_security_number, insurance_number ], + ); + if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing patient'); + return await respondWithStatus(res, 200, 'Patient created successfully'); + } + catch (err) { + console.error(err); + return await respondWithStatus(res, 500, 'An error has occured'); + } + } + else { + return await respondWithStatus(res, 400, 'Missing fields'); + } +}); + router.get('/:patientId', verifyToken, checkBanned, async (req, res) => { try { const id = req.params.patientId; @@ -105,7 +126,7 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => { if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'patients', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [result] = await pool.execute( - 'UPDATE patients SET name = ?, type = ?, manufacturer = ?, capacity = ?, status = ?, location = ? WHERE id = ?', + 'UPDATE patients SET name = ?, date_of_birth = ?, gender = ?, address = ?, social_security_number = ?, insurance_number = ? WHERE id = ?', [user_id, date_of_birth, gender, address, social_security_number, insurance_number, id], );