import express from 'express'; import { error } from '../modules/logManager'; import { pool } from '../modules/databaseManager'; import { verifyToken } from '../modules/tokenManager'; import { verifyPermissions, checkPermissions, checkBanned, checkEmailVerified } from '../modules/permissionManager'; import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler'; const router = express.Router(); /** * Retrieves all doctors from the database. * * @returns {Promise} A promise that resolves to an array of doctor objects. */ router.get('/', verifyToken, checkBanned, checkPermissions('doctor', 1), async (req, res) => { try { const [rows] = await pool.execute('SELECT * FROM doctors WHERE 1'); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctors not found'); return await respondWithStatusJSON(res, 200, rows); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); /** * Inserts a new doctor record into the database. * * @param {number} user_id - The ID of the user associated with the doctor. * @param {string} email - The email of the doctor. * @param {string} phone - The phone number of the doctor. * @param {string} speciality - The speciality of the doctor. * @param {string} status - The status of the doctor. * @param {boolean} is_verified - The verification status of the doctor. * @returns {Promise} - A promise that resolves with the result of the insertion. */ router.post('/', verifyToken, checkBanned, checkPermissions('doctor', 2), async (req, res) => { const { user_id, email, phone, speciality, status, is_verified = false } = req.body; if (!['Available', 'Absent', 'Unavailable'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status'); if ([ user_id, email, phone, speciality, status ].every(Boolean)) { try { const [result] = await pool.execute( 'INSERT INTO doctors (user_id, email, phone, speciality, status, is_verified) VALUES (?, ?, ?, ?, ?, ?)', [ user_id, email, phone, speciality, status, is_verified ], ); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing doctor'); return await respondWithStatus(res, 200, 'Doctor created successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (req, res) => { const { email, phone, speciality, status } = req.body; if (!['Available', 'Absent', 'Unavailable'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status'); if ([ email, phone, speciality, status ].every(Boolean)) { try { const [result] = await pool.execute( 'INSERT INTO doctors (user_id, email, phone, speciality, status) VALUES (?, ?, ?, ?, ?)', [req.userId, email, phone, speciality, status], ); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing doctor'); return await respondWithStatus(res, 200, 'Doctor created successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.post('/:doctorId/validate', verifyToken, checkBanned, checkPermissions('doctor', 2), async (req, res) => { const { doctor_id } = req.body; if (doctor_id) { try { const [result] = await pool.execute('SELECT * FROM doctors WHERE id = ?',[doctor_id]); if(result.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); if(result[0].is_verified) return await respondWithStatus(res, 400, 'Doctor already verified'); const [result2] = await pool.execute('UPDATE doctors SET is_verified = 1 WHERE id = ?', [doctor_id]); if (result2.affectedRows === 0) return await respondWithStatus(res, 500, 'Error validating doctor'); const [result3] = await pool.execute('INSERT INTO user_roles (user_id, role_id) VALUES (?, (SELECT id FROM roles WHERE name = ? LIMIT 1))', [result[0].user_id, 'Doctor']); if (result3.affectedRows === 0) return await respondWithStatus(res, 500, 'Error adding role to user'); return await respondWithStatus(res, 200, 'Doctor validated successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.get('/:doctorId', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); return await respondWithStatusJSON(res, 200, rows[0]); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.patch('/:doctorId', verifyToken, checkBanned, async (req, res) => { try { const { type, value } = req.body; const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); const excludedKeys = [ 'id', 'user_id' ]; const fields = rows.map(row => Object.keys(row).filter(key => !excludedKeys.includes(key))); if (fields[0].includes(type)) { const [result] = await pool.execute(`UPDATE doctors SET ${type} = ? WHERE id = ?`, [value, req.params.doctorId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating doctor'); return await respondWithStatus(res, 200, 'Doctor updated successfully'); } else { return await respondWithStatus(res, 400, 'Invalid type'); } } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => { const { user_id, email, phone, speciality, status, is_verified } = req.body; if ([ user_id, email, phone, speciality, status, is_verified ].every(Boolean)) { try { const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); const [result] = await pool.execute( 'UPDATE doctors SET name = ?, email = ?, phone = ?, speciality = ?, status = ?, is_verified = ? WHERE id = ?', [user_id, email, phone, speciality, status, is_verified, req.params.doctorId], ); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating doctor'); return await respondWithStatus(res, 200, 'Doctor updated successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 4)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found'); const [result] = await pool.execute('DELETE FROM doctors WHERE id = ?', [req.params.doctorId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing doctor'); return await respondWithStatus(res, 200, 'Doctor deleted successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); // Appointments endpoints router.get('/:doctorId/appointments', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute( 'SELECT a.*, u.first_name, u.last_name, p.gender, p.date_of_birth, s.service_name, a.service_id FROM appointments AS a JOIN patients AS p ON a.patient_id = p.id JOIN users AS u ON p.user_id = u.id JOIN services AS s ON a.service_id = s.id WHERE a.doctor_id = ?', [req.params.doctorId], ); if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointments not found'); return await respondWithStatusJSON(res, 200, rows); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.post('/:doctorId/appointments', verifyToken, checkBanned, async (req, res) => { const { patient_id, service_id, hospital_id, room_id = null, date, time, status } = req.body; if (!['Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status'); const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission'); if ([patient_id, service_id, hospital_id, date, time, status].every(Boolean)) { try { const [result] = await pool.execute( 'INSERT INTO appointments (patient_id, doctor_id, service_id, hospital_id, room_id, date, time, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?)', [patient_id, req.params.doctorId, service_id, hospital_id, room_id, date, time, status], ); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing appointment'); return await respondWithStatus(res, 200, 'Appointment created successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.get('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute( 'SELECT a.*, u.first_name, u.last_name, p.gender, p.date_of_birth, s.service_name, a.service_id FROM appointments AS a JOIN patients AS p ON a.patient_id = p.id JOIN users AS u ON p.user_id = u.id WHERE a.id = ? AND a.doctor_id = ? LIMIT 1', [req.params.appointmentId, req.params.doctorId], ); if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found'); return await respondWithStatusJSON(res, 200, rows[0]); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.patch('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => { try { const { type, value } = req.body; const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? LIMIT 1', [req.params.appointmentId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found'); const excludedKeys = [ 'id', 'patient_id', 'doctor_id' ]; const fields = rows.map(row => Object.keys(row).filter(key => !excludedKeys.includes(key))); if (type === 'status' && !['Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor'].includes(value)) return await respondWithStatus(res, 400, 'Invalid status'); if (fields[0].includes(type)) { const [result] = await pool.execute(`UPDATE appointments SET ${type} = ? WHERE id = ?`, [value, req.params.appointmentId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating appointment'); return await respondWithStatus(res, 200, 'Appointment updated successfully'); } else { return await respondWithStatus(res, 400, 'Invalid type'); } } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.put('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => { const { patient_id, service_id, hospital_id, room_id, date, time, status } = req.body; if (!['Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status'); const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission'); if ([patient_id, service_id, hospital_id, room_id, date, time, status].every(Boolean)) { try { const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? LIMIT 1', [req.params.appointmentId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found'); const [result] = await pool.execute( 'UPDATE appointments SET patient_id = ?, doctor_id = ?, service_id = ?, hospital_id = ?, room_id = ?, date = ?, time = ?, status = ? WHERE id = ?', [patient_id, req.params.doctorId, service_id, hospital_id, room_id, date, time, status, req.params.appointmentId], ); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating appointment'); return await respondWithStatus(res, 200, 'Appointment updated successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.delete('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 4)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? LIMIT 1', [req.params.appointmentId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found'); const [result] = await pool.execute('DELETE FROM appointments WHERE id = ?', [req.params.appointmentId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing appointment'); return await respondWithStatus(res, 200, 'Appointment deleted successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); // Services endpoints router.get('/:doctorId/services', verifyToken, checkBanned, async (req, res) => { try { const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 1)) return await respondWithStatus(res, 403, 'Missing permission'); const [rows] = await pool.execute('SELECT s.* FROM services s INNER JOIN service_doctors sd ON s.id = sd.service_id WHERE sd.doctor_id = ?', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Services not found'); return await respondWithStatusJSON(res, 200, rows); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.post('/:doctorId/services', verifyToken, checkBanned, async (req, res) => { const { service_id } = req.body; const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 2)) return await respondWithStatus(res, 403, 'Missing permission'); if (service_id) { try { const [result] = await pool.execute('INSERT INTO service_doctors (doctor_id, service_id) VALUES (?, ?)', [req.params.doctorId, service_id]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing service'); return await respondWithStatus(res, 200, 'Service added successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.patch('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (req, res) => { const { type, value } = req.body; const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 2)) return await respondWithStatus(res, 403, 'Missing permission'); if (type === 'service_id') { try { const [result] = await pool.execute('UPDATE service_doctors SET service_id = ? WHERE doctor_id = ? AND service_id = ?', [value, req.params.doctorId, req.params.serviceId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating service'); return await respondWithStatus(res, 200, 'Service updated successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Invalid type'); } }); router.delete('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (req, res) => { const doctorId = await getDoctorId (req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 4)) return await respondWithStatus(res, 403, 'Missing permission'); try { const [result] = await pool.execute('DELETE FROM service_doctors WHERE doctor_id = ? AND service_id = ?', [req.params.doctorId, req.params.serviceId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing service'); return await respondWithStatus(res, 200, 'Service removed successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.get('/:doctorId/hospitals', verifyToken, checkBanned, async (req,res) => { const doctorId = await getDoctorId(req.userId); if (req.params.doctorId == '@me') { if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found'); req.params.doctorId = doctorId; } if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 4)) return await respondWithStatus(res, 403, 'Missing permission'); try { //'SELECT s.* FROM services s INNER JOIN service_doctors sd ON s.id = sd.service_id WHERE sd.doctor_id = ?', [req.params.doctorId] const [rows] = await pool.execute('SELECT h.* FROM hospitals h INNER JOIN hospital_doctors hd ON h.id = hd.hospital_id WHERE hd.doctor_id = ?', [req.params.doctorId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Hospitals not found'); return await respondWithStatusJSON(res, 200, rows); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }) export default router; async function getDoctorId(userId) { const [rows] = await pool.execute('SELECT id FROM doctors WHERE user_id = ? LIMIT 1', [userId]); return rows.length ? rows[0].id : null; }