Lightemerald
0ddbc437b9
- Added the base data structure for the new database - Added the new routes for the new database - Reworked the users endpoints
152 lines
6.4 KiB
JavaScript
152 lines
6.4 KiB
JavaScript
import express from 'express';
|
|
import { pool } from '../modules/databaseManager';
|
|
import { verifyToken } from '../modules/tokenManager';
|
|
import { verifyPermissions, checkPermissions, checkBanned } from '../modules/permissionManager';
|
|
import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler';
|
|
|
|
const router = express.Router();
|
|
|
|
/**
|
|
* Retrieves all doctors from the database.
|
|
*
|
|
* @returns {Promise<Array>} A promise that resolves to an array of doctor objects.
|
|
*/
|
|
router.get('/', verifyToken, checkBanned, checkPermissions('doctors', 1), async (req, res) => {
|
|
try {
|
|
const [rows] = await pool.execute('SELECT * FROM doctors WHERE 1');
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctors not found');
|
|
return await respondWithStatusJSON(res, 200, rows);
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Inserts a new doctor record into the database.
|
|
*
|
|
* @param {number} user_id - The ID of the user associated with the doctor.
|
|
* @param {date} date_of_birth - The date of birth of the doctor.
|
|
* @param {string} gender - The gender of the doctor.
|
|
* @param {string} address - The address of the doctor.
|
|
* @param {string} social_security_number - The social security number of the doctor.
|
|
* @param {string} insurance_number - The insurance number of the doctor.
|
|
* @returns {Promise} - A promise that resolves with the result of the insertion.
|
|
*/
|
|
router.post('/', verifyToken, checkBanned, checkPermissions('doctors', 2), async (req, res) => {
|
|
const { user_id, date_of_birth, gender, address, social_security_number, insurance_number } = req.body;
|
|
if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) {
|
|
try {
|
|
const [result] = await pool.execute(
|
|
'INSERT INTO doctors (user_id, date_of_birth, gender, address, social_security_number, insurance_number) VALUES (?, ?, ?, ?, ?, ?)',
|
|
[ user_id, date_of_birth, gender, address, social_security_number, insurance_number ],
|
|
);
|
|
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing doctor');
|
|
return await respondWithStatus(res, 200, 'Doctor created successfully');
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
}
|
|
else {
|
|
return await respondWithStatus(res, 400, 'Missing fields');
|
|
}
|
|
});
|
|
|
|
router.get('/:doctorId', verifyToken, checkBanned, async (req, res) => {
|
|
try {
|
|
const id = req.params.doctorId;
|
|
const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [id]);
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
|
|
if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'doctors', 1)) return await respondWithStatus(res, 403, 'Missing permission');
|
|
return await respondWithStatusJSON(res, 200, rows[0]);
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
});
|
|
|
|
router.patch('/:doctorId', verifyToken, checkBanned, async (req, res) => {
|
|
try {
|
|
const id = req.params.doctorId;
|
|
const { type, value } = req.body;
|
|
const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [id]);
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
|
|
if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'doctors', 2)) return await respondWithStatus(res, 403, 'Missing permission');
|
|
|
|
const excludedKeys = [ 'id', 'user_id' ];
|
|
const fields = rows.map(row => Object.keys(row).filter(key => !excludedKeys.includes(key)));
|
|
if (fields[0].includes(type)) {
|
|
const [result] = await pool.execute(`UPDATE doctors SET ${type} = ? WHERE id = ?`, [value, id]);
|
|
|
|
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating doctor');
|
|
return await respondWithStatus(res, 200, 'Doctor updated successfully');
|
|
}
|
|
else {
|
|
return await respondWithStatus(res, 400, 'Invalid type');
|
|
}
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
});
|
|
|
|
router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => {
|
|
const id = req.params.doctorId;
|
|
const { user_id, date_of_birth, gender, address, social_security_number, insurance_number } = req.body;
|
|
if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) {
|
|
try {
|
|
const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [id]);
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
|
|
if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'doctors', 2)) return await respondWithStatus(res, 403, 'Missing permission');
|
|
|
|
const [result] = await pool.execute(
|
|
'UPDATE doctors SET name = ?, type = ?, manufacturer = ?, capacity = ?, status = ?, location = ? WHERE id = ?',
|
|
[user_id, date_of_birth, gender, address, social_security_number, insurance_number, id],
|
|
);
|
|
|
|
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating doctor');
|
|
return await respondWithStatus(res, 200, 'Doctor updated successfully');
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
}
|
|
else {
|
|
return await respondWithStatus(res, 400, 'Missing fields');
|
|
}
|
|
});
|
|
|
|
router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => {
|
|
try {
|
|
const id = req.params.doctorId;
|
|
const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT', [id]);
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
|
|
if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'doctors', 4)) return await respondWithStatus(res, 403, 'Missing permission');
|
|
|
|
const [result] = await pool.execute('DELETE FROM doctors WHERE id = ?', [id]);
|
|
|
|
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing doctor');
|
|
return await respondWithStatus(res, 200, 'Doctor deleted successfully');
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
});
|
|
|
|
// Appointments endpoints
|
|
// GET /:doctorId/appointments
|
|
// POST /:doctorId/appointments
|
|
// GET /:doctorId/appointments/:appointmentId
|
|
// PATCH /:doctorId/appointments/:appointmentId
|
|
// PUT /:doctorId/appointments/:appointmentId
|
|
// DELETE /:doctorId/appointments/:appointmentId
|
|
|
|
export default router;
|