Fixes and new endpoints

- Fixed doctor and patient PUT queries
- Added patient register
- Added doctor register
- Added email verification check middleware
- Added verified status to doctor table

database.sql

@@ -100,6 +100,7 @@ CREATE TABLE doctors (
   phone VARCHAR(20) NOT NULL,
   speciality VARCHAR(255) NOT NULL,
   status VARCHAR(255) NOT NULL,
+  is_verified BOOLEAN NOT NULL DEFAULT FALSE,
   PRIMARY KEY (id),
   CONSTRAINT dt_user_id
     FOREIGN KEY (user_id)

modules/permissionManager.js

@@ -46,6 +46,18 @@ export async function verifyPermissions(userId, permissionName, permissionType)
 	}
 }
 
+export async function checkIfUserEmailIsVerified(userId) {
+	try {
+		const [user] = await pool.execute('SELECT email_verified FROM users WHERE id = ? LIMIT 1', [userId]);
+		if (user.length === 0) return false;
+		return user[0].email_verified;
+	}
+	catch (err) {
+		error(err);
+		return false;
+	}
+}
+
 export async function checkUserExists(req, res, next) {
 	const userId = req.userId;
 	if (!userExists(userId)) return await respondWithStatus(res, 404, 'User not found');
@@ -63,3 +75,9 @@ export const checkPermissions = (permissionName, permissionType) => async (req,
 	if (!verifyPermissions(userId, permissionName, permissionType)) return await respondWithStatus(res, 403, 'Missing permission');
 	next();
 };
+
+export const checkEmailVerified = async (req, res, next) => {
+	const userId = req.userId;
+	if (!checkIfUserEmailIsVerified(userId)) return await respondWithStatus(res, 403, 'Email not verified');
+	next();
+};

routes/doctors.js

@@ -1,7 +1,7 @@
 import express from 'express';
 import { pool } from '../modules/databaseManager';
 import { verifyToken } from '../modules/tokenManager';
-import { verifyPermissions, checkPermissions, checkBanned } from '../modules/permissionManager';
+import { verifyPermissions, checkPermissions, checkBanned, checkEmailVerified } from '../modules/permissionManager';
 import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler';
 
 const router = express.Router();
@@ -35,12 +35,33 @@ router.get('/', verifyToken, checkBanned, checkPermissions('doctors', 1), async
  * @returns {Promise} - A promise that resolves with the result of the insertion.
  */
 router.post('/', verifyToken, checkBanned, checkPermissions('doctors', 2), async (req, res) => {
-	const { user_id, date_of_birth, gender, address, social_security_number, insurance_number } = req.body;
-	if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) {
+	const { user_id, email, phone, speciality, status, is_verified = false } = req.body;
+	if ([ user_id, email, phone, speciality, status ].every(Boolean)) {
 		try {
 			const [result] = await pool.execute(
-				'INSERT INTO doctors (user_id, date_of_birth, gender, address, social_security_number, insurance_number) VALUES (?, ?, ?, ?, ?, ?)',
-				[ user_id, date_of_birth, gender, address, social_security_number, insurance_number ],
+				'INSERT INTO doctors (user_id, email, phone, speciality, status, is_verified) VALUES (?, ?, ?, ?, ?, ?)',
+				[ user_id, email, phone, speciality, status, is_verified ],
+			);
+			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing doctor');
+			return await respondWithStatus(res, 200, 'Doctor created successfully');
+		}
+		catch (err) {
+			console.error(err);
+			return await respondWithStatus(res, 500, 'An error has occured');
+		}
+	}
+	else {
+		return await respondWithStatus(res, 400, 'Missing fields');
+	}
+});
+
+router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (req, res) => {
+	const { email, phone, speciality, status } = req.body;
+	if ([ email, phone, speciality, status ].every(Boolean)) {
+		try {
+			const [result] = await pool.execute(
+				'INSERT INTO doctors (user_id, email, phone, speciality, status) VALUES (?, ?, ?, ?, ?, ?)',
+				[req.userId, email, phone, speciality, status],
 			);
 			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing doctor');
 			return await respondWithStatus(res, 200, 'Doctor created successfully');
@@ -97,16 +118,16 @@ router.patch('/:doctorId', verifyToken, checkBanned, async (req, res) => {
 
 router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => {
 	const id = req.params.doctorId;
-	const { user_id, date_of_birth, gender, address, social_security_number, insurance_number } = req.body;
-	if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) {
+	const { user_id, email, phone, speciality, status, is_verified } = req.body;
+	if ([ user_id, email, phone, speciality, status, is_verified ].every(Boolean)) {
 		try {
 			const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [id]);
 			if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
 			if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'doctors', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 
 			const [result] = await pool.execute(
-				'UPDATE doctors SET name = ?, type = ?, manufacturer = ?, capacity = ?, status = ?, location = ? WHERE id = ?',
-				[user_id, date_of_birth, gender, address, social_security_number, insurance_number, id],
+				'UPDATE doctors SET name = ?, email = ?, phone = ?, speciality = ?, status = ?, is_verified = ? WHERE id = ?',
+				[user_id, email, phone, speciality, status, is_verified, id],
 			);
 
 			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating doctor');

routes/patients.js

@@ -1,7 +1,7 @@
 import express from 'express';
 import { pool } from '../modules/databaseManager';
 import { verifyToken } from '../modules/tokenManager';
-import { verifyPermissions, checkPermissions, checkBanned } from '../modules/permissionManager';
+import { verifyPermissions, checkPermissions, checkBanned, checkEmailVerified } from '../modules/permissionManager';
 import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler';
 
 const router = express.Router();
@@ -55,6 +55,27 @@ router.post('/', verifyToken, checkBanned, checkPermissions('patients', 2), asyn
 	}
 });
 
+router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (req, res) => {
+	const { date_of_birth, gender, address, social_security_number, insurance_number } = req.body;
+	if ([ date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) {
+		try {
+			const [result] = await pool.execute(
+				'INSERT INTO patients (user_id, date_of_birth, gender, address, social_security_number, insurance_number) VALUES (?, ?, ?, ?, ?, ?)',
+				[ req.userId, date_of_birth, gender, address, social_security_number, insurance_number ],
+			);
+			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing patient');
+			return await respondWithStatus(res, 200, 'Patient created successfully');
+		}
+		catch (err) {
+			console.error(err);
+			return await respondWithStatus(res, 500, 'An error has occured');
+		}
+	}
+	else {
+		return await respondWithStatus(res, 400, 'Missing fields');
+	}
+});
+
 router.get('/:patientId', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const id = req.params.patientId;
@@ -105,7 +126,7 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => {
 			if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'patients', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 
 			const [result] = await pool.execute(
-				'UPDATE patients SET name = ?, type = ?, manufacturer = ?, capacity = ?, status = ?, location = ? WHERE id = ?',
+				'UPDATE patients SET name = ?, date_of_birth = ?, gender = ?, address = ?, social_security_number = ?, insurance_number = ? WHERE id = ?',
 				[user_id, date_of_birth, gender, address, social_security_number, insurance_number, id],
 			);