Lightemerald
0ddbc437b9
- Added the base data structure for the new database - Added the new routes for the new database - Reworked the users endpoints
152 lines
6.5 KiB
JavaScript
152 lines
6.5 KiB
JavaScript
import express from 'express';
|
|
import { pool } from '../modules/databaseManager';
|
|
import { verifyToken } from '../modules/tokenManager';
|
|
import { verifyPermissions, checkPermissions, checkBanned } from '../modules/permissionManager';
|
|
import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler';
|
|
|
|
const router = express.Router();
|
|
|
|
/**
|
|
* Retrieves all patients from the database.
|
|
*
|
|
* @returns {Promise<Array>} A promise that resolves to an array of patient objects.
|
|
*/
|
|
router.get('/', verifyToken, checkBanned, checkPermissions('patients', 1), async (req, res) => {
|
|
try {
|
|
const [rows] = await pool.execute('SELECT * FROM patients WHERE 1');
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Patients not found');
|
|
return await respondWithStatusJSON(res, 200, rows);
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Inserts a new patient record into the database.
|
|
*
|
|
* @param {number} user_id - The ID of the user associated with the patient.
|
|
* @param {date} date_of_birth - The date of birth of the patient.
|
|
* @param {string} gender - The gender of the patient.
|
|
* @param {string} address - The address of the patient.
|
|
* @param {string} social_security_number - The social security number of the patient.
|
|
* @param {string} insurance_number - The insurance number of the patient.
|
|
* @returns {Promise} - A promise that resolves with the result of the insertion.
|
|
*/
|
|
router.post('/', verifyToken, checkBanned, checkPermissions('patients', 2), async (req, res) => {
|
|
const { user_id, date_of_birth, gender, address, social_security_number, insurance_number } = req.body;
|
|
if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) {
|
|
try {
|
|
const [result] = await pool.execute(
|
|
'INSERT INTO patients (user_id, date_of_birth, gender, address, social_security_number, insurance_number) VALUES (?, ?, ?, ?, ?, ?)',
|
|
[ user_id, date_of_birth, gender, address, social_security_number, insurance_number ],
|
|
);
|
|
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing patient');
|
|
return await respondWithStatus(res, 200, 'Patient created successfully');
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
}
|
|
else {
|
|
return await respondWithStatus(res, 400, 'Missing fields');
|
|
}
|
|
});
|
|
|
|
router.get('/:patientId', verifyToken, checkBanned, async (req, res) => {
|
|
try {
|
|
const id = req.params.patientId;
|
|
const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [id]);
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
|
|
if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'patients', 1)) return await respondWithStatus(res, 403, 'Missing permission');
|
|
return await respondWithStatusJSON(res, 200, rows[0]);
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
});
|
|
|
|
router.patch('/:patientId', verifyToken, checkBanned, async (req, res) => {
|
|
try {
|
|
const id = req.params.patientId;
|
|
const { type, value } = req.body;
|
|
const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [id]);
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
|
|
if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'patients', 2)) return await respondWithStatus(res, 403, 'Missing permission');
|
|
|
|
const excludedKeys = [ 'id', 'user_id' ];
|
|
const fields = rows.map(row => Object.keys(row).filter(key => !excludedKeys.includes(key)));
|
|
if (fields[0].includes(type)) {
|
|
const [result] = await pool.execute(`UPDATE patients SET ${type} = ? WHERE id = ?`, [value, id]);
|
|
|
|
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating patient');
|
|
return await respondWithStatus(res, 200, 'Patient updated successfully');
|
|
}
|
|
else {
|
|
return await respondWithStatus(res, 400, 'Invalid type');
|
|
}
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
});
|
|
|
|
router.put('/:patientId', verifyToken, checkBanned, async (req, res) => {
|
|
const id = req.params.patientId;
|
|
const { user_id, date_of_birth, gender, address, social_security_number, insurance_number } = req.body;
|
|
if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) {
|
|
try {
|
|
const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [id]);
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
|
|
if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'patients', 2)) return await respondWithStatus(res, 403, 'Missing permission');
|
|
|
|
const [result] = await pool.execute(
|
|
'UPDATE patients SET name = ?, type = ?, manufacturer = ?, capacity = ?, status = ?, location = ? WHERE id = ?',
|
|
[user_id, date_of_birth, gender, address, social_security_number, insurance_number, id],
|
|
);
|
|
|
|
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating patient');
|
|
return await respondWithStatus(res, 200, 'Patient updated successfully');
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
}
|
|
else {
|
|
return await respondWithStatus(res, 400, 'Missing fields');
|
|
}
|
|
});
|
|
|
|
router.delete('/:patientId', verifyToken, checkBanned, async (req, res) => {
|
|
try {
|
|
const id = req.params.patientId;
|
|
const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT', [id]);
|
|
if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
|
|
if (rows[0].userId != req.userId && !verifyPermissions(req.userId, 'patients', 4)) return await respondWithStatus(res, 403, 'Missing permission');
|
|
|
|
const [result] = await pool.execute('DELETE FROM patients WHERE id = ?', [id]);
|
|
|
|
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing patient');
|
|
return await respondWithStatus(res, 200, 'Patient deleted successfully');
|
|
}
|
|
catch (err) {
|
|
console.error(err);
|
|
return await respondWithStatus(res, 500, 'An error has occured');
|
|
}
|
|
});
|
|
|
|
// Appointments endpoints
|
|
// GET /:patientId/appointments
|
|
// POST /:patientId/appointments
|
|
// GET /:patientId/appointments/:appointmentId
|
|
// PATCH /:patientId/appointments/:appointmentId
|
|
// PUT /:patientId/appointments/:appointmentId
|
|
// DELETE /:patientId/appointments/:appointmentId
|
|
|
|
export default router;
|