import express from 'express'; import { error } from '../modules/logManager'; import { pool } from '../modules/databaseManager'; import { verifyToken } from '../modules/tokenManager'; import { checkPermissions, checkBanned } from '../modules/permissionManager'; import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler'; const router = express.Router(); router.get('/', verifyToken, checkBanned, checkPermissions('hospital', 1), async (req, res) => { try { const [rows] = await pool.execute('SELECT * FROM hospitals WHERE 1'); if (rows.length === 0) return await respondWithStatus(res, 404, 'Hospitals not found'); return await respondWithStatusJSON(res, 200, rows); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.post('/', verifyToken, checkBanned, checkPermissions('hospital', 2), async (req, res) => { const { company_id, name, code, country, region, city, address } = req.body; if ([ company_id, name, code, country, region, city, address ].every(Boolean)) { try { const [result] = await pool.execute( 'INSERT INTO hospitals (company_id, name, code, country, region, city, address) VALUES (?, ?, ?, ?, ?, ?, ?)', [ company_id, name, code, country, region, city, address ], ); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing hospital'); return await respondWithStatus(res, 200, 'Hospital created successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.get('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospital', 1), async (req, res) => { try { const [rows] = await pool.execute('SELECT * FROM hospitals WHERE id = ? LIMIT 1', [req.params.hospitalId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Hospitals not found'); return await respondWithStatusJSON(res, 200, rows[0]); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.patch('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospital', 2), async (req, res) => { try { const { type, value } = req.body; const [rows] = await pool.execute('SELECT * FROM hospitals WHERE id = ? LIMIT 1', [req.params.hospitalId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Hospital not found'); const fields = rows.map(row => Object.keys(row)); if (fields[0].includes(type)) { const [result] = await pool.execute(`UPDATE hospitals SET ${type} = ? WHERE id = ?`, [value, req.params.hospitalId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating hospital'); return await respondWithStatus(res, 200, 'Hospital updated successfully'); } else { return await respondWithStatus(res, 400, 'Invalid type'); } } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.put('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospital', 2), async (req, res) => { const id = req.params.hospitalId; const { company_id, name, code, country, region, city, address } = req.body; if ([company_id, name, code, country, region, city, address].every(Boolean)) { try { const [rows] = await pool.execute('SELECT * FROM hospitals WHERE id = ? LIMIT 1', [id]); if (rows.length === 0) { return await respondWithStatus(res, 404, 'Hospital not found'); } const [result] = await pool.execute( 'UPDATE hospitals SET company_id = ?, name = ?, code = ?, country = ?, region = ?, city = ?, address = ? WHERE id = ?', [company_id, name, code, country, region, city, address, id], ); if (result.affectedRows === 0) { return await respondWithStatus(res, 500, 'Error updating hospital'); } return await respondWithStatus(res, 200, 'Hospital updated successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.delete('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospital', 4), async (req, res) => { try { const [rows] = await pool.execute('SELECT * FROM hospitals WHERE id = ? LIMIT 1', [req.params.hospitalId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Hospital not found'); const [result] = await pool.execute('DELETE FROM hospitals WHERE id = ?', [req.params.hospitalId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing hospital'); return await respondWithStatus(res, 200, 'Hospital deleted successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); // Doctor endpoints router.get('/:hospitalId/doctors', verifyToken, checkBanned, checkPermissions('doctor', 1), async (req, res) => { try { const [rows] = await pool.execute('SELECT doctors.* FROM hospital_doctors JOIN doctors ON hospital_doctors.doctor_id = doctors.id WHERE hospital_doctors.hospital_id = ?', [req.params.hospitalId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctors not found'); return await respondWithStatusJSON(res, 200, rows); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.post('/:hospitalId/doctors', verifyToken, checkBanned, checkPermissions('doctor', 2), async (req, res) => { const { doctor_id } = req.body; if ([doctor_id].every(Boolean)) { try { const [result] = await pool.execute('INSERT INTO hospital_doctors (hospital_id, doctor_id) VALUES (?, ?)', [req.params.hospitalId, doctor_id]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing doctor'); return await respondWithStatus(res, 200, 'Doctor added to hospital successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.delete('/:hospitalId/doctors/:doctorId', verifyToken, checkBanned, checkPermissions('doctor', 4), async (req, res) => { try { const { hospitalId, doctorId } = req.params; const [result] = await pool.execute('DELETE FROM hospital_doctors WHERE hospital_id = ? AND doctor_id = ?', [hospitalId, doctorId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing doctor'); return await respondWithStatus(res, 200, 'Doctor removed from hospital successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); // Service endpoints router.get('/:hospitalId/services', verifyToken, checkBanned, checkPermissions('service', 1), async (req, res) => { try { const [rows] = await pool.execute( 'SELECT services.* FROM hospital_doctors JOIN doctors ON hospital_doctors.doctor_id = doctors.id JOIN doctor_services ON doctors.id = doctor_services.doctor_id JOIN services ON doctor_services.service_id = services.id WHERE hospital_doctors.hospital_id = ?', [req.params.hospitalId], ); if (rows.length === 0) return await respondWithStatus(res, 404, 'Services not found'); return await respondWithStatusJSON(res, 200, rows); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); // Room endpoints router.get('/:hospitalId/rooms', verifyToken, checkBanned, checkPermissions('room', 1), async (req, res) => { try { const [rows] = await pool.execute('SELECT * FROM rooms WHERE hospital_id = ?', [req.params.hospitalId]); if (rows.length === 0) return await respondWithStatus(res, 404, 'Rooms not found'); return await respondWithStatusJSON(res, 200, rows); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); router.post('/:hospitalId/rooms', verifyToken, checkBanned, checkPermissions('room', 2), async (req, res) => { const { name, code, floor, room_number, room_type } = req.body; if ([name, code, floor, room_number, room_type].every(Boolean)) { try { if (!['General Ward', 'Private', 'Intensive Care Unit', 'Labor and Delivery', 'Operating', 'Recovery', 'Isolation', 'Emergency', 'Imaging', 'Procedure', 'Physical Therapy', 'Consultation'].includes(room_type)) return await respondWithStatus(res, 400, 'Invalid room type'); const [result] = await pool.execute( 'INSERT INTO rooms (hospital_id, name, code, floor, room_number, room_type) VALUES (?, ?, ?, ?, ?, ?)', [req.params.hospitalId, name, code, floor, room_number, room_type], ); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing room'); return await respondWithStatus(res, 200, 'Room created successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } else { return await respondWithStatus(res, 400, 'Missing fields'); } }); router.delete('/:hospitalId/rooms/:roomId', verifyToken, checkBanned, checkPermissions('room', 4), async (req, res) => { try { const [result] = await pool.execute('DELETE FROM rooms WHERE hospital_id = ? AND id = ?', [req.params.hospitalId, req.params.roomId]); if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing room'); return await respondWithStatus(res, 200, 'Room removed from hospital successfully'); } catch (err) { error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); export default router;