Lightemerald/hsp-gdh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added @me endpoint support

Browse Source
This commit is contained in:
Lightemerald
2024-03-24 11:40:35 +01:00
parent 4fbc9819e8
commit abd6f6747f
2 changed files with 124 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
routes/doctors.js
View File

@@ -102,6 +102,10 @@ router.post('/:doctorId/validate', verifyToken, checkBanned, checkPermissions('d
router.get('/:doctorId', verifyToken, checkBanned, async (req, res) => {
try {
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
@@ -117,6 +121,10 @@ router.patch('/:doctorId', verifyToken, checkBanned, async (req, res) => {
try {
const { type, value } = req.body;
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
@@ -143,6 +151,10 @@ router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => {
if ([ user_id, email, phone, speciality, status, is_verified ].every(Boolean)) {
try {
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
@@ -168,6 +180,10 @@ router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => {
router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => {
try {
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 4)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
@@ -186,6 +202,10 @@ router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => {
router.get('/:doctorId/appointments', verifyToken, checkBanned, async (req, res) => {
try {
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute(
'SELECT a.*, u.first_name, u.last_name, p.gender, p.date_of_birth, s.service_name, a.service_id FROM appointments AS a JOIN patients AS p ON a.patient_id = p.id JOIN users AS u ON p.user_id = u.id JOIN services AS s ON a.service_id = s.id WHERE a.doctor_id = ?',
@@ -204,6 +224,10 @@ router.post('/:doctorId/appointments', verifyToken, checkBanned, async (req, res
const { patient_id, service_id, hospital_id, room_id = null, date, time, status } = req.body;
if (!['Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status');
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission');
if ([patient_id, service_id, hospital_id, date, time, status].every(Boolean)) {
try {
@@ -227,6 +251,10 @@ router.post('/:doctorId/appointments', verifyToken, checkBanned, async (req, res
router.get('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => {
try {
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute(
'SELECT a.*, u.first_name, u.last_name, p.gender, p.date_of_birth, s.service_name, a.service_id FROM appointments AS a JOIN patients AS p ON a.patient_id = p.id JOIN users AS u ON p.user_id = u.id WHERE a.id = ? AND a.doctor_id = ? LIMIT 1',
@@ -245,6 +273,10 @@ router.patch('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned,
try {
const { type, value } = req.body;
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? LIMIT 1', [req.params.appointmentId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found');
@@ -271,6 +303,10 @@ router.put('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, a
const { patient_id, service_id, hospital_id, room_id, date, time, status } = req.body;
if (!['Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status');
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission');
if ([patient_id, service_id, hospital_id, room_id, date, time, status].every(Boolean)) {
try {
@@ -297,6 +333,10 @@ router.put('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, a
router.delete('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => {
try {
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 4)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? LIMIT 1', [req.params.appointmentId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found');
@@ -315,6 +355,10 @@ router.delete('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned
router.get('/:doctorId/services', verifyToken, checkBanned, async (req, res) => {
try {
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 1)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT s.* FROM services s INNER JOIN service_doctors sd ON s.id = sd.service_id WHERE sd.doctor_id = ?', [req.params.doctorId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Services not found');
@@ -329,6 +373,10 @@ router.get('/:doctorId/services', verifyToken, checkBanned, async (req, res) =>
router.post('/:doctorId/services', verifyToken, checkBanned, async (req, res) => {
const { service_id } = req.body;
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 2)) return await respondWithStatus(res, 403, 'Missing permission');
if (service_id) {
try {
@@ -349,6 +397,10 @@ router.post('/:doctorId/services', verifyToken, checkBanned, async (req, res) =>
router.patch('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (req, res) => {
const { type, value } = req.body;
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 2)) return await respondWithStatus(res, 403, 'Missing permission');
if (type === 'service_id') {
try {
@@ -368,6 +420,10 @@ router.patch('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (
router.delete('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (req, res) => {
const doctorId = await getDoctorId (req.userId);
if (req.params.doctorId == '@me') {
if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
req.params.doctorId = doctorId;
}
if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 4)) return await respondWithStatus(res, 403, 'Missing permission');
try {
const [result] = await pool.execute('DELETE FROM service_doctors WHERE doctor_id = ? AND service_id = ?', [req.params.doctorId, req.params.serviceId]);

68
routes/patients.js
View File

@@ -83,6 +83,10 @@ router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (re
router.get('/:patientId', verifyToken, checkBanned, async (req, res) => {
try {
const patientId = await getPatientId(req.userId);
if (req.params.patientId == '@me') {
if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
req.params.patientId = patientId;
}
if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 1)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
@@ -98,6 +102,10 @@ router.patch('/:patientId', verifyToken, checkBanned, async (req, res) => {
try {
const { type, value } = req.body;
const patientId = await getPatientId(req.userId);
if (req.params.patientId == '@me') {
if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
req.params.patientId = patientId;
}
if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
@@ -124,6 +132,10 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => {
if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) {
try {
const patientId = await getPatientId(req.userId);
if (req.params.patientId == '@me') {
if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
req.params.patientId = patientId;
}
if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
@@ -149,6 +161,10 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => {
router.delete('/:patientId', verifyToken, checkBanned, async (req, res) => {
try {
const patientId = await getPatientId(req.userId);
if (req.params.patientId == '@me') {
if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
req.params.patientId = patientId;
}
if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 4)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
@@ -167,6 +183,10 @@ router.delete('/:patientId', verifyToken, checkBanned, async (req, res) => {
router.get('/:patientId/appointments', verifyToken, checkBanned, async (req, res) => {
try {
const patientId = await getPatientId(req.userId);
if (req.params.patientId == '@me') {
if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
req.params.patientId = patientId;
}
if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute(
'SELECT a.id, u.first_name, u.last_name, d.email, d.phone, h.name, h.address, a.date, a.time, a.status, s.name FROM appointments a JOIN doctors d ON a.doctor_id = d.id JOIN users u ON d.user_id = u.id JOIN hospitals h ON a.hospital_id = h.id JOIN services s ON a.service_id = s.id WHERE a.patient_id = ?',
@@ -186,6 +206,10 @@ router.post('/:patientId/appointments', verifyToken, checkBanned, async (req, re
if ([ doctor_id, service_id, hospital_id, date, time ].every(Boolean)) {
try {
const patientId = await getPatientId(req.userId);
if (req.params.patientId == '@me') {
if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
req.params.patientId = patientId;
}
if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const [result] = await pool.execute(
'INSERT INTO appointments (doctor_id, service_id, hospital_id, patient_id, date, time) VALUES (?, ?, ?, ?, ?, ?)',
@@ -203,10 +227,54 @@ router.post('/:patientId/appointments', verifyToken, checkBanned, async (req, re
return await respondWithStatus(res, 400, 'Missing fields');
}
});
// GET /:patientId/appointments/:appointmentId
router.get('/:patientId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => {
try {
const patientId = await getPatientId(req.userId);
if (req.params.patientId == '@me') {
if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
req.params.patientId = patientId;
}
if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute(
'SELECT a.id, u.first_name, u.last_name, d.email, d.phone, h.name, h.address, a.date, a.time, a.status, s.name FROM appointments a JOIN doctors d ON a.doctor_id = d.id JOIN users u ON d.user_id = u.id JOIN hospitals h ON a.hospital_id = h.id JOIN services s ON a.service_id = s.id WHERE a.id = ? AND a.patient_id = ?',
[req.params.appointmentId, req.params.patientId],
);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found');
return await respondWithStatusJSON(res, 200, rows[0]);
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
// PATCH /:patientId/appointments/:appointmentId
// PUT /:patientId/appointments/:appointmentId
// DELETE /:patientId/appointments/:appointmentId
router.delete('/:patientId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => {
try {
const patientId = await getPatientId(req.userId);
if (req.params.patientId == '@me') {
if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
req.params.patientId = patientId;
}
if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 4)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? AND patient_id = ? LIMIT 1', [req.params.appointmentId, req.params.patientId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found');
const [result] = await pool.execute('DELETE FROM appointments WHERE id = ?', [req.params.appointmentId]);
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing appointment');
return await respondWithStatus(res, 200, 'Appointment deleted successfully');
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
export default router;