From abd6f6747f6db7abb0d3c9c59f03a0cf21fc0c5d Mon Sep 17 00:00:00 2001 From: Lightemerald Date: Sun, 24 Mar 2024 11:40:35 +0100 Subject: [PATCH] Added @me endpoint support --- routes/doctors.js | 56 ++++++++++++++++++++++++++++++++++++++ routes/patients.js | 68 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) diff --git a/routes/doctors.js b/routes/doctors.js index 183d8b0..d2ef380 100644 --- a/routes/doctors.js +++ b/routes/doctors.js @@ -102,6 +102,10 @@ router.post('/:doctorId/validate', verifyToken, checkBanned, checkPermissions('d router.get('/:doctorId', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); @@ -117,6 +121,10 @@ router.patch('/:doctorId', verifyToken, checkBanned, async (req, res) => { try { const { type, value } = req.body; const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); @@ -143,6 +151,10 @@ router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => { if ([ user_id, email, phone, speciality, status, is_verified ].every(Boolean)) { try { const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); @@ -168,6 +180,10 @@ router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => { router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 4)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); @@ -186,6 +202,10 @@ router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => { router.get('/:doctorId/appointments', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute( 'SELECT a.*, u.first_name, u.last_name, p.gender, p.date_of_birth, s.service_name, a.service_id FROM appointments AS a JOIN patients AS p ON a.patient_id = p.id JOIN users AS u ON p.user_id = u.id JOIN services AS s ON a.service_id = s.id WHERE a.doctor_id = ?', @@ -204,6 +224,10 @@ router.post('/:doctorId/appointments', verifyToken, checkBanned, async (req, res const { patient_id, service_id, hospital_id, room_id = null, date, time, status } = req.body; if (!['Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status'); const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission'); if ([patient_id, service_id, hospital_id, date, time, status].every(Boolean)) { try { @@ -227,6 +251,10 @@ router.post('/:doctorId/appointments', verifyToken, checkBanned, async (req, res router.get('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute( 'SELECT a.*, u.first_name, u.last_name, p.gender, p.date_of_birth, s.service_name, a.service_id FROM appointments AS a JOIN patients AS p ON a.patient_id = p.id JOIN users AS u ON p.user_id = u.id WHERE a.id = ? AND a.doctor_id = ? LIMIT 1', @@ -245,6 +273,10 @@ router.patch('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, try { const { type, value } = req.body; const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? LIMIT 1', [req.params.appointmentId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found'); @@ -271,6 +303,10 @@ router.put('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, a const { patient_id, service_id, hospital_id, room_id, date, time, status } = req.body; if (!['Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status'); const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission'); if ([patient_id, service_id, hospital_id, room_id, date, time, status].every(Boolean)) { try { @@ -297,6 +333,10 @@ router.put('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, a router.delete('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 4)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? LIMIT 1', [req.params.appointmentId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found'); @@ -315,6 +355,10 @@ router.delete('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned router.get('/:doctorId/services', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 1)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT s.* FROM services s INNER JOIN service_doctors sd ON s.id = sd.service_id WHERE sd.doctor_id = ?', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Services not found'); @@ -329,6 +373,10 @@ router.get('/:doctorId/services', verifyToken, checkBanned, async (req, res) => router.post('/:doctorId/services', verifyToken, checkBanned, async (req, res) => { const { service_id } = req.body; const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 2)) return await respondWithStatus(res, 403, 'Missing permission'); if (service_id) { try { @@ -349,6 +397,10 @@ router.post('/:doctorId/services', verifyToken, checkBanned, async (req, res) => router.patch('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (req, res) => { const { type, value } = req.body; const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 2)) return await respondWithStatus(res, 403, 'Missing permission'); if (type === 'service_id') { try { @@ -368,6 +420,10 @@ router.patch('/:doctorId/services/:serviceId', verifyToken, checkBanned, async ( router.delete('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (req, res) => { const doctorId = await getDoctorId (req.userId); + if (req.params.doctorId == '@me') { + if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); + req.params.doctorId = doctorId; + } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 4)) return await respondWithStatus(res, 403, 'Missing permission'); try { const [result] = await pool.execute('DELETE FROM service_doctors WHERE doctor_id = ? AND service_id = ?', [req.params.doctorId, req.params.serviceId]); diff --git a/routes/patients.js b/routes/patients.js index ab44f40..7f77f0a 100644 --- a/routes/patients.js +++ b/routes/patients.js @@ -83,6 +83,10 @@ router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (re router.get('/:patientId', verifyToken, checkBanned, async (req, res) => { try { const patientId = await getPatientId(req.userId); + if (req.params.patientId == '@me') { + if (!patientId) return await respondWithStatus(res, 404, 'Patient not found'); + req.params.patientId = patientId; + } if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 1)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found'); @@ -98,6 +102,10 @@ router.patch('/:patientId', verifyToken, checkBanned, async (req, res) => { try { const { type, value } = req.body; const patientId = await getPatientId(req.userId); + if (req.params.patientId == '@me') { + if (!patientId) return await respondWithStatus(res, 404, 'Patient not found'); + req.params.patientId = patientId; + } if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found'); @@ -124,6 +132,10 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => { if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) { try { const patientId = await getPatientId(req.userId); + if (req.params.patientId == '@me') { + if (!patientId) return await respondWithStatus(res, 404, 'Patient not found'); + req.params.patientId = patientId; + } if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found'); @@ -149,6 +161,10 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => { router.delete('/:patientId', verifyToken, checkBanned, async (req, res) => { try { const patientId = await getPatientId(req.userId); + if (req.params.patientId == '@me') { + if (!patientId) return await respondWithStatus(res, 404, 'Patient not found'); + req.params.patientId = patientId; + } if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 4)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found'); @@ -167,6 +183,10 @@ router.delete('/:patientId', verifyToken, checkBanned, async (req, res) => { router.get('/:patientId/appointments', verifyToken, checkBanned, async (req, res) => { try { const patientId = await getPatientId(req.userId); + if (req.params.patientId == '@me') { + if (!patientId) return await respondWithStatus(res, 404, 'Patient not found'); + req.params.patientId = patientId; + } if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute( 'SELECT a.id, u.first_name, u.last_name, d.email, d.phone, h.name, h.address, a.date, a.time, a.status, s.name FROM appointments a JOIN doctors d ON a.doctor_id = d.id JOIN users u ON d.user_id = u.id JOIN hospitals h ON a.hospital_id = h.id JOIN services s ON a.service_id = s.id WHERE a.patient_id = ?', @@ -186,6 +206,10 @@ router.post('/:patientId/appointments', verifyToken, checkBanned, async (req, re if ([ doctor_id, service_id, hospital_id, date, time ].every(Boolean)) { try { const patientId = await getPatientId(req.userId); + if (req.params.patientId == '@me') { + if (!patientId) return await respondWithStatus(res, 404, 'Patient not found'); + req.params.patientId = patientId; + } if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [result] = await pool.execute( 'INSERT INTO appointments (doctor_id, service_id, hospital_id, patient_id, date, time) VALUES (?, ?, ?, ?, ?, ?)', @@ -203,10 +227,54 @@ router.post('/:patientId/appointments', verifyToken, checkBanned, async (req, re return await respondWithStatus(res, 400, 'Missing fields'); } }); + // GET /:patientId/appointments/:appointmentId +router.get('/:patientId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => { + try { + const patientId = await getPatientId(req.userId); + if (req.params.patientId == '@me') { + if (!patientId) return await respondWithStatus(res, 404, 'Patient not found'); + req.params.patientId = patientId; + } + if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission'); + const [rows] = await pool.execute( + 'SELECT a.id, u.first_name, u.last_name, d.email, d.phone, h.name, h.address, a.date, a.time, a.status, s.name FROM appointments a JOIN doctors d ON a.doctor_id = d.id JOIN users u ON d.user_id = u.id JOIN hospitals h ON a.hospital_id = h.id JOIN services s ON a.service_id = s.id WHERE a.id = ? AND a.patient_id = ?', + [req.params.appointmentId, req.params.patientId], + ); + if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found'); + return await respondWithStatusJSON(res, 200, rows[0]); + } + catch (err) { + error(err); + return await respondWithStatus(res, 500, 'An error has occured'); + } +}); + // PATCH /:patientId/appointments/:appointmentId + // PUT /:patientId/appointments/:appointmentId + // DELETE /:patientId/appointments/:appointmentId +router.delete('/:patientId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => { + try { + const patientId = await getPatientId(req.userId); + if (req.params.patientId == '@me') { + if (!patientId) return await respondWithStatus(res, 404, 'Patient not found'); + req.params.patientId = patientId; + } + if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 4)) return await respondWithStatus(res, 403, 'Missing permission'); + const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? AND patient_id = ? LIMIT 1', [req.params.appointmentId, req.params.patientId]); + if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found'); + + const [result] = await pool.execute('DELETE FROM appointments WHERE id = ?', [req.params.appointmentId]); + if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing appointment'); + return await respondWithStatus(res, 200, 'Appointment deleted successfully'); + } + catch (err) { + error(err); + return await respondWithStatus(res, 500, 'An error has occured'); + } +}); export default router;