chore: enhance authentication checks and error handling for reception…

…ist routes 🔒🚨
ad956 · Sep 23, 2024 · 30961e0 · 30961e0
1 parent 0bfd99d
commit 30961e0
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 126 deletions.
diff --git a/app/api/receptionist/appointments/approve/route.ts b/app/api/receptionist/appointments/approve/route.ts
@@ -1,76 +1,53 @@
 import dbConfig from "@utils/db";
 import { BookedAppointment, Receptionist } from "@models/index";
 import { Types } from "mongoose";
+import { authenticateUser } from "@lib/auth/authenticateUser";
+import { NextResponse } from "next/server";
+import { errorHandler, STATUS_CODES } from "@utils/index";
 
-// get approved appointments
+// Get approved appointments
 export async function GET(request: Request) {
   try {
-    const id = request.headers.get("x-user-id");
-    const role = request.headers.get("x-user-role");
+    const authHeader = request.headers.get("Authorization");
+    const { id, role } = await authenticateUser(authHeader);
 
     if (!id || !role) {
-      return Response.json(
-        { error: "Missing user ID or role" },
-        { status: 400 }
-      );
+      return errorHandler("Missing user ID or role", STATUS_CODES.BAD_REQUEST);
     }
 
     const receptionist_id = new Types.ObjectId(id);
-
     const { searchParams } = new URL(request.url);
     const patient_id = searchParams.get("patient_id");
 
     if (!patient_id) {
-      return Response.json(
-        { error: "Patient id is required" },
-        {
-          status: 400,
-        }
-      );
+      return errorHandler("Patient ID is required", STATUS_CODES.BAD_REQUEST);
     }
 
-    // Convert the patient_id string to an ObjectId
     const patientObjectId = new Types.ObjectId(patient_id);
 
     await dbConfig();
 
-    // Fetch the booked appointments for the specific patient and their receptionist
     const appointments = await BookedAppointment.find({
       patient_id: patientObjectId,
-      // Add the condition to filter by receptionist_id
       receptionist_id: { $exists: true },
     });
 
-    return Response.json(
-      { appointments },
-      {
-        status: 200,
-      }
-    );
+    return NextResponse.json({ appointments }, { status: 200 });
   } catch (error) {
     console.error("Error fetching patient appointments:", error);
-    return Response.json(
-      { error: "Internal Server Error" },
-      {
-        status: 500,
-      }
-    );
+    return errorHandler("Internal Server Error", STATUS_CODES.SERVER_ERROR);
   }
 }
 
-// approving appointments
+// Approving appointments
 export async function POST(request: Request) {
   try {
     const { patient_id } = await request.json();
-
-    const id = request.headers.get("x-user-id");
-    const role = request.headers.get("x-user-role");
+    const authHeader = request.headers.get("Authorization");
+    const { id, role } = await authenticateUser(authHeader);
 
     if (!id || !role) {
-      return Response.json(
-        { error: "Missing user ID or role" },
-        { status: 400 }
-      );
+      return errorHandler("Missing user ID or role", STATUS_CODES.BAD_REQUEST);
     }
 
     const receptionist_id = new Types.ObjectId(id);
@@ -80,44 +57,28 @@ export async function POST(request: Request) {
     const receptionist = await Receptionist.findById(receptionist_id);
 
     if (!receptionist) {
-      return Response.json(
-        { error: "Receptionist not found" },
-        {
-          status: 404,
-        }
-      );
+      return errorHandler("Receptionist not found", STATUS_CODES.NOT_FOUND);
     }
 
-    // update the approved status of the pending appointment for the specific patient to "approved"
     const updatedAppointment = await BookedAppointment.findOneAndUpdate(
       { approved: "pending", patient_id },
       { $set: { approved: "approved", receptionist_id: receptionist._id } },
-      { new: true } // returns the updated document instead of the original document
+      { new: true }
     );
 
-    // check if any document was updated
     if (!updatedAppointment) {
-      return Response.json(
-        {
-          error: "Something went wrong while approving the appointment.",
-        },
-        { status: 400 }
+      return errorHandler(
+        "Something went wrong while approving the appointment.",
+        STATUS_CODES.BAD_REQUEST
       );
     }
 
-    return Response.json(
+    return NextResponse.json(
       { appointment: updatedAppointment },
-      {
-        status: 200,
-      }
+      { status: 200 }
     );
   } catch (error) {
     console.error("Error updating pending patient appointment:", error);
-    return Response.json(
-      { error: "Internal Server Error" },
-      {
-        status: 500,
-      }
-    );
+    return errorHandler("Internal Server Error", STATUS_CODES.SERVER_ERROR);
   }
 }
diff --git a/app/api/receptionist/appointments/pending/route.ts b/app/api/receptionist/appointments/pending/route.ts
@@ -1,17 +1,17 @@
 import dbConfig from "@utils/db";
 import { Patient, BookedAppointment, Receptionist } from "@models/index";
 import { Types } from "mongoose";
+import { authenticateUser } from "@lib/auth/authenticateUser";
+import { NextResponse } from "next/server";
+import { errorHandler, STATUS_CODES } from "@utils/index";
 
 export async function GET(request: Request) {
   try {
-    const id = request.headers.get("x-user-id");
-    const role = request.headers.get("x-user-role");
+    const authHeader = request.headers.get("Authorization");
+    const { id, role } = await authenticateUser(authHeader);
 
     if (!id || !role) {
-      return Response.json(
-        { error: "Missing user ID or role" },
-        { status: 400 }
-      );
+      return errorHandler("Missing user ID or role", STATUS_CODES.BAD_REQUEST);
     }
 
     const receptionist_id = new Types.ObjectId(id);
@@ -23,26 +23,21 @@ export async function GET(request: Request) {
     });
 
     if (!currentHospitalResult) {
-      return Response.json(
-        { error: "Receptionist hospital isn't selected" },
-        { status: 404 }
+      return errorHandler(
+        "Receptionist hospital isn't selected",
+        STATUS_CODES.NOT_FOUND
       );
     }
+
     const currentHospitalId = currentHospitalResult.current_hospital;
 
     const pendingAppointments = await BookedAppointment.find({
       approved: "pending",
       "hospital.id": currentHospitalId,
     });
 
-    // Empty array returned if appointments are not found
     if (pendingAppointments.length === 0) {
-      return Response.json(
-        { patientDetails: [] },
-        {
-          status: 200,
-        }
-      );
+      return NextResponse.json({ patientDetails: [] }, { status: 200 });
     }
 
     const patientIds = pendingAppointments.map(
@@ -63,7 +58,6 @@ export async function GET(request: Request) {
       }
     );
 
-    // Adding disease, note, date, and timing to each patient detail
     const patientDetailsWithAdditionalInfo = patientDetails.map((patient) => {
       const appointment = pendingAppointments.find(
         (appointment) =>
@@ -81,17 +75,12 @@ export async function GET(request: Request) {
       return patient.toObject();
     });
 
-    return Response.json(
+    return NextResponse.json(
       { patientDetails: patientDetailsWithAdditionalInfo },
       { status: 200 }
     );
   } catch (error) {
     console.error("Error fetching pending patient appointments:", error);
-    return Response.json(
-      { error: "Internal Server Error" },
-      {
-        status: 500,
-      }
-    );
+    return errorHandler("Internal Server Error", STATUS_CODES.SERVER_ERROR);
   }
 }
diff --git a/app/api/receptionist/route.ts b/app/api/receptionist/route.ts
@@ -1,21 +1,19 @@
-import dbConfig from "@utils/db";
+import { authenticateUser } from "@lib/auth/authenticateUser";
+import { dbConfig, errorHandler, STATUS_CODES } from "@utils/index";
 import Receptionist from "@models/receptionist";
 import { Types } from "mongoose";
+import { NextResponse } from "next/server";
 
 export async function GET(request: Request) {
   try {
-    const id = request.headers.get("x-user-id");
-    const role = request.headers.get("x-user-role");
+    const authHeader = request.headers.get("Authorization");
+    const { id, role } = await authenticateUser(authHeader);
 
     if (!id || !role) {
-      return Response.json(
-        { error: "Missing user ID or role" },
-        { status: 400 }
-      );
+      return errorHandler("Missing user ID or role", STATUS_CODES.BAD_REQUEST);
     }
 
     const receptionist_id = new Types.ObjectId(id);
-
     await dbConfig();
 
     const projection = {
@@ -25,19 +23,20 @@ export async function GET(request: Request) {
       current_hospital: 0,
     };
 
-    const receptionistData = await Receptionist.findById(receptionist_id, {
-      projection,
-    });
+    const receptionistData = await Receptionist.findById(
+      receptionist_id,
+      projection
+    );
     if (!receptionistData) {
-      return Response.json(
-        { error: "receptionist not found" },
-        { status: 404 }
-      );
+      return errorHandler("Receptionist not found", STATUS_CODES.NOT_FOUND);
     }
 
-    return Response.json(receptionistData, { status: 200 });
-  } catch (error) {
+    return NextResponse.json(receptionistData, { status: 200 });
+  } catch (error: any) {
     console.error("Error fetching receptionist data:", error);
-    return Response.json({ error: "Internal Server Error" }, { status: 500 });
+    return errorHandler(
+      error.message || "Internal Server Error",
+      STATUS_CODES.SERVER_ERROR
+    );
   }
 }
diff --git a/app/api/receptionist/scan/route.ts b/app/api/receptionist/scan/route.ts
@@ -1,26 +1,28 @@
 import dbConfig from "@utils/db";
-import { BookedAppointment, Patient, Receptionist } from "@models/index";
+import { BookedAppointment, Patient } from "@models/index";
+import { authenticateUser } from "@lib/auth/authenticateUser";
 import { Types } from "mongoose";
+import { NextResponse } from "next/server";
+import { errorHandler, STATUS_CODES } from "@utils/index";
 
 export async function POST(req: Request) {
   try {
-    const { email } = await req.json();
+    const authHeader = req.headers.get("Authorization");
+    const { id, role } = await authenticateUser(authHeader);
+
+    if (!id || !role) {
+      return errorHandler("Missing user ID or role", STATUS_CODES.BAD_REQUEST);
+    }
 
+    const { email } = await req.json();
     console.log(email);
 
     await dbConfig();
 
-    // const waitingCollection = db.collection("waiting");
-
     const patient = await Patient.findOne({ email });
 
     if (!patient) {
-      return Response.json(
-        { error: "Patient not found" },
-        {
-          status: 404,
-        }
-      );
+      return errorHandler("Patient not found", STATUS_CODES.NOT_FOUND);
     }
 
     const appointment = await BookedAppointment.findOne({
@@ -35,21 +37,12 @@ export async function POST(req: Request) {
       );
     }
 
-    // const patientId = patient._id;
-
-    // await waitingCollection.insertOne({ patientId });
-
-    return Response.json(
+    return NextResponse.json(
       { message: "Successfully scanned QR" },
       { status: 201 }
     );
-  } catch (error) {
-    console.error("Error scanning patient qr code:", error);
-    return Response.json(
-      { error: "Internal Server Error" },
-      {
-        status: 500,
-      }
-    );
+  } catch (error: any) {
+    console.error("Error scanning patient QR code:", error);
+    return errorHandler("Internal Server Error", STATUS_CODES.SERVER_ERROR);
   }
 }