his_emr_api_lab 1.1.28 → 1.1.30

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '09cfdf606b1084b4bda331d27fa85e69b831e3c3329be923692011d403c4ab4d'
-  data.tar.gz: 6aa364d1c6e1965df73aa05cc1a6a3dc31b160171cf9443c974aa333fbcfd9d4
+  metadata.gz: bc253a7a3dc9dcee98dde9b842f2c390571d3ca3fe2a677b733444a091413900
+  data.tar.gz: 105357ada270cc5c735fa144401b357cb362867ef9684997cddfe851e7e185d9
 SHA512:
-  metadata.gz: 27809c7ad5e07ba4502665b4d289f007562fb159d81ba7b847d344fed25585fa8b3fe73e89def79cccd9d95a01adfdf6c82fa260e664f5cb51ad71ad27efc29f
-  data.tar.gz: 4326993c19083cbffa2521eddb16a04e719b7406940bdbd0fead6acedb408568c94628060fb5c359c99dbb6f22edbe504fbf64a533a2d0f861d1e627e8bc162f
+  metadata.gz: 4c1f681d9ecc0f6f14ae6cdcf8fb7cdfe91995a3961636825eff22bb31654cb2b2f10a11ce9f090446022c9d6ee5b8f49029cab14d8454b52c3d372856daff71
+  data.tar.gz: ae270f2c93ae6ba49aed7122e8f92f3ef7d1a250df3101395e9bffe610b990072cc6d06ef5a0fa1560b2e2ff7fd3abe6f3fb293a371965e25664f26ea5416cb8

data/app/controllers/lab/orders_controller.rb

@@ -2,6 +2,9 @@
 
 module Lab
   class OrdersController < ApplicationController
+    skip_before_action :authenticate, only: %i[order_status order_result]
+    before_action :authenticate_request, only: %i[order_status order_result]
+
     def create
       order_params_list = params.require(:orders)
       orders = order_params_list.map do |order_params|
@@ -28,11 +31,59 @@ module Lab
       render json: OrdersSearchService.find_orders(filters)
     end
 
+    def verify_tracking_number
+      tracking_number = params.require(:accession_number)
+      render json: { exists: OrdersService.check_tracking_number(tracking_number) }, status: :ok
+    end
+
     def destroy
       OrdersService.void_order(params[:id], params[:reason])
       Lab::VoidOrderJob.perform_later(params[:id])
 
       render status: :no_content
     end
+
+    def order_status
+      order_params = params.permit(:tracking_number, :status, :status_time, :comments)
+      OrdersService.update_order_status(order_params)
+      render json: { message: "Status for order #{order_params['tracking_number']} successfully updated" }, status: :ok
+    end
+
+    def order_result
+      params.permit!
+      order_params = params[:data].to_h
+      OrdersService.update_order_result(order_params)
+      render json: { message: 'Results processed successfully' }, status: :ok
+    end
+
+    private
+
+    def authenticate_request
+      header = request.headers['Authorization']
+      content = header.split(' ')
+      auth_scheme = content.first
+      unless header
+        errors = ['Authorization token required']
+        render json: { errors: errors }, status: :unauthorized
+        return false
+      end
+      unless auth_scheme == 'Bearer'
+        errors = ['Authorization token bearer scheme required']
+        render json: { errors: errors }, status: :unauthorized
+        return false
+      end
+  
+      process_token(content.last)
+    end
+
+    def process_token(token)
+      browser = Browser.new(request.user_agent)
+      decoded = Lab::JsonWebTokenService.decode(token, request.remote_ip + browser.name + browser.version)
+      user(decoded)
+    end
+
+    def user(decoded)
+      User.current = User.find decoded[:user_id]
+    end
   end
 end

data/app/controllers/lab/users_controller.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+# This controller handles creation and authentication of LIMS User
+module Lab
+  class UsersController < ::ApplicationController
+    skip_before_action :authenticate
+    # create a LIMS User that will be responsible for sending lab results
+    def create
+      user_params = params.permit(:username, :password)
+      service.create_lims_user(username: user_params['username'], password: user_params['password'])
+      render json: { message: 'User successfully created' }, status: 200
+    end
+
+    # authenticate the lims user
+    def login
+      user_params = params.permit(:username, :password)
+      result = service.authenticate_user(username: user_params['username'], password: user_params['password'],
+                                         user_agent: request.user_agent, request_ip: request.remote_ip)
+      if result.present?
+        render json: result, status: 200
+      else
+        render json: { message: 'Invalid Credentials Provided' }, status: 401
+      end
+    end
+
+    private
+
+    def service
+      Lab::UserService
+    end
+  end
+end

data/app/services/lab/json_web_token_service.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Lab
+  # This class is used to encode and decode the JWT token
+  module JsonWebTokenService
+    class << self
+      SECRET_KEY = Rails.application.secrets.secret_key_base.to_s
+
+      def encode(payload, request_ip, exp = 18.hours.from_now)
+        payload[:exp] = exp.to_i
+        JWT.encode(payload, SECRET_KEY + request_ip)
+      end
+
+      def decode(token, request_ip)
+        decoded = JWT.decode(token, SECRET_KEY + request_ip)[0]
+        HashWithIndifferentAccess.new decoded
+      end
+    end
+  end
+end

data/app/services/lab/lims/api/rest_api.rb

@@ -87,6 +87,13 @@ class Lab::Lims::Api::RestApi
     end
   end
 
+  def verify_tracking_number(tracking_number)
+    find_lims_order(tracking_number)
+  rescue InvalidParameters => e
+    Rails.logger.error("Failed to verify tracking number #{tracking_number}: #{e.message}")
+    false
+  end
+
   private
 
   attr_reader :config

data/app/services/lab/lims/pull_worker.rb

@@ -57,6 +57,29 @@ module Lab
         end
       end
 
+      def process_order(order_dto)
+        patient = find_patient_by_nhid(order_dto[:patient][:id])
+        unless patient
+          logger.debug("Discarding order: Non local patient ##{order_dto[:patient][:id]} on order ##{order_dto[:tracking_number]}")
+          order_rejected(order_dto, "Patient NPID, '#{order_dto[:patient][:id]}', didn't match any local NPIDs")
+          return
+        end
+
+        if order_dto[:tests].empty?
+          logger.debug("Discarding order: Missing tests on order ##{order_dto[:tracking_number]}")
+          order_rejected(order_dto, 'Order is missing tests')
+          return
+        end
+
+        diff = match_patient_demographics(patient, order_dto['patient'])
+        if diff.empty?
+          save_order(patient, order_dto)
+          order_saved(order_dto)
+        else
+          save_failed_import(order_dto, 'Demographics not matching', diff)
+        end
+      end
+
       protected
 
       def order_saved(order_dto); end
@@ -182,30 +205,32 @@ module Lab
 
       def update_results(order, lims_results)
         logger.debug("Updating results for order ##{order[:accession_number]}: #{lims_results}")
-        
+
         lims_results.each do |test_name, test_results|
           test = find_test(order['id'], test_name)
           unless test
             logger.warn("Couldn't find test, #{test_name}, in order ##{order[:id]}")
             next
           end
-          
-          next if test.result || test_results['results'].blank?
 
+          next if test.result || test_results['results'].blank?
+          
+          result_date = Time.now
           measures = test_results['results'].map do |indicator, value|
             measure = find_measure(order, indicator, value)
+            result_date = value['result_date'] || result_date
             next nil unless measure
 
             measure
           end
-          
+
           measures = measures.compact
           next if measures.empty?
 
           creator = format_result_entered_by(test_results['result_entered_by'])
 
           ResultsService.create_results(test.id,  { provider_id: User.current.person_id,
-                                                    date: Utils.parse_date(test_results['date_result_entered'], order[:order_date].to_s),
+                                                    date: Utils.parse_date(test_results['date_result_entered'], result_date),
                                                     comments: "LIMS import: Entered by: #{creator}",
                                                     measures: measures } )
         end

data/app/services/lab/metadata.rb

@@ -10,6 +10,7 @@ module Lab
     TEST_RESULT_CONCEPT_NAME = 'Lab test result'
     TEST_RESULT_INDICATOR_CONCEPT_NAME = 'Lab test result indicator'
     TEST_TYPE_CONCEPT_NAME = 'Test type'
+    LAB_ORDER_STATUS_CONCEPT_NAME = 'lab order status'
     UNKNOWN_SPECIMEN = 'Unknown'
 
     # Encounter

data/app/services/lab/orders_service.rb

@@ -52,6 +52,10 @@ module Lab
       def order_test(order_params)
         Order.transaction do
           encounter = find_encounter(order_params)
+          if order_params[:accession_number].present? && check_tracking_number(order_params[:accession_number])
+            raise 'Accession number already exists'
+          end
+
           order = create_order(encounter, order_params)
 
           Lab::TestsService.create_tests(order, order_params[:date], order_params[:tests])
@@ -99,13 +103,84 @@ module Lab
         order.target_lab&.void(reason)
 
         order.tests.each { |test| test.void(reason) }
-        voided = order.void(reason)
+        order.void(reason)
+      end
 
-        voided
+      def check_tracking_number(tracking_number)
+        accession_number_exists?(tracking_number) || nlims_accession_number_exists?(tracking_number)
+      end
+
+      def update_order_status(order_params)
+        # find the order
+        order = find_order(order_params['tracking_number'])
+        concept = ConceptName.find_by_name Lab::Metadata::LAB_ORDER_STATUS_CONCEPT_NAME
+        ActiveRecord::Base.transaction do
+          void_order_status(order, concept)
+          Observation.create!(
+            person_id: order.patient_id,
+            encounter_id: order.encounter_id,
+            concept_id: concept.concept_id,
+            order_id: order.id,
+            obs_datetime: order_params['status_time'] || Time.now,
+            value_text: order_params['status'],
+            creator: User.current.id
+          )
+        end
+        create_rejection_notification(order_params) if order_params['status'] == 'test-rejected'
+      end
+
+      def update_order_result(order_params)
+        order = find_order(order_params['tracking_number'])
+        order_dto = Lab::Lims::OrderSerializer.serialize_order(order)
+        patch_order_dto_with_lims_results!(order_dto, order_params['results'])
+        Lab::Lims::PullWorker.new(nil).process_order(order_dto)
       end
 
       private
 
+      def create_rejection_notification(order_params)
+        order = find_order order_params['tracking_number']
+        data = { 'type': 'LIMS',
+                 'accession_number': order&.accession_number,
+                 'order_date': order&.start_date,
+                 'arv_number': find_arv_number(order.patient_id),
+                 'patient_id': result.person_id,
+                 'ordered_by': order&.provider&.person&.name,
+                 'rejection_reason': order_params['comments']
+                }.as_json
+        NotificationService.new.create_notification('LIMS', data)
+      end
+
+      def find_arv_number(patient_id)
+        PatientIdentifier.joins(:type)
+                         .merge(PatientIdentifierType.where(name: 'ARV Number'))
+                         .where(patient_id: patient_id)
+                         .first&.identifier
+      end
+
+      def find_order(tracking_number)
+        Lab::LabOrder.find_by_accession_number(tracking_number)
+      end
+
+      def patch_order_dto_with_lims_results!(order_dto, results)
+        order_dto.merge!(
+          '_id' => order_dto[:tracking_number],
+          '_rev' => 0,
+          'test_results' => results.each_with_object({}) do |result, formatted_results|
+            test_name, measures = result
+            result_date = measures.delete('result_date')
+
+            formatted_results[test_name] = {
+              results: measures.each_with_object({}) do |measure, processed_measures|
+                processed_measures[measure[0]] = { 'result_value' => measure[1] }
+              end,
+              result_date: result_date,
+              result_entered_by: {}
+            }
+          end
+        )
+      end
+
       ##
       # Extract an encounter from the given parameters.
       #
@@ -141,6 +216,19 @@ module Lab
         )
       end
 
+      def accession_number_exists?(accession_number)
+        Lab::LabOrder.where(accession_number: accession_number).exists?
+      end
+
+      def nlims_accession_number_exists?(accession_number)
+        config = YAML.load_file('config/application.yml')
+        return false unless config['lims_api']
+
+        # fetch from the rest api and check if it exists
+        lims_api = Lab::Lims::ApiFactory.create_api
+        lims_api.verify_tracking_number(accession_number).present?
+      end
+
       ##
       # Attach the requesting clinician to an order
       def add_requesting_clinician(order, params)
@@ -207,6 +295,12 @@ module Lab
         order.reason_for_test&.delete
         add_reason_for_test(order, date: order.start_date, reason_for_test_id: concept_id)
       end
+
+      def void_order_status(order, concept)
+        Observation.where(order_id: order.id, concept_id: concept.concept_id).each do |obs|
+          obs.void('New Status Received from LIMS')
+        end
+      end
     end
   end
 end

data/app/services/lab/results_service.rb

@@ -45,6 +45,7 @@ module Lab
         data = { Type: result_enter_by,
                  'Test type': ConceptName.find_by(concept_id: result.test.value_coded)&.name,
                  'Accession number': order&.accession_number,
+                 'Orde date': order&.start_date,
                  'ARV-Number': find_arv_number(result.person_id),
                  PatientID: result.person_id,
                  'Ordered By': order&.provider&.person&.name,

data/app/services/lab/user_service.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Lab
+  # Service for managing LIMS users
+  module UserService
+    class << self
+      include BCrypt
+
+      def create_lims_user(username:, password:)
+        validate username: username
+        ActiveRecord::Base.transaction do
+          person = create_lims_person
+          create_user username: username, password: password, person: person
+        end
+      end
+
+      def authenticate_user(username:, password:, user_agent:, request_ip:)
+        user = User.find_by_username username
+        encrypted_pass = Password.new(user.password)
+        if encrypted_pass == password
+          generate_token(user, user_agent, request_ip)
+        else
+          # throw authentication error
+          nil
+        end
+      end
+
+      private
+
+      ##
+      # Validate that the username doesn't already exists
+      def validate(username:)
+        raise UnprocessableEntityError, 'Username already exists' if User.find_by_username username
+      end
+
+      def create_lims_person
+        god_user = User.first
+        person = Person.create!(creator: god_user.id)
+        PersonName.create!(given_name: 'Lims', family_name: 'User', creator: god_user.id, person: person)
+        person
+      end
+
+      def create_user(username:, password:, person:)
+        salt = SecureRandom.base64
+        user = User.create!(
+          username: username,
+          password: Password.create(password),
+          salt: salt,
+          person: person,
+          creator: User.first.id
+        )
+      end
+
+      def generate_token(user, user_agent, request_ip)
+        browser = Browser.new(user_agent)
+        key_supplement = request_ip + browser.name + browser.version
+        token = Lab::JsonWebTokenService.encode({ user_id: user.id }, key_supplement)
+        { auth_token: token }
+      end
+    end
+  end
+end

data/config/routes.rb

@@ -1,12 +1,18 @@
 # frozen_string_literal: true
 
 Lab::Engine.routes.draw do
-  resources :orders, path: 'api/v1/lab/orders'
+  resources :orders, path: 'api/v1/lab/orders' do
+    collection do
+      post :order_status
+      post :order_result
+    end
+  end
   resources :tests, path: 'api/v1/lab/tests', except: %i[update] do # ?pending=true to select tests without results?
     resources :results, only: %i[index create destroy]
   end
 
   get 'api/v1/lab/labels/order', to: 'labels#print_order_label'
+  get 'api/v1/lab/accession_number', to: 'orders#verify_tracking_number'
 
   # Metadata
   # TODO: Move the following to namespace /concepts
@@ -14,4 +20,9 @@ Lab::Engine.routes.draw do
   resources :test_result_indicators, only: %i[index], path: 'api/v1/lab/test_result_indicators'
   resources :test_types, only: %i[index], path: 'api/v1/lab/test_types'
   resources :reasons_for_test, only: %i[index], path: 'api/v1/lab/reasons_for_test'
+  resources :users, only: %i[create], path: 'api/v1/lab/users' do
+    collection do
+      post :login
+    end
+  end
 end

data/lib/lab/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Lab
-  VERSION = '1.1.28'
+  VERSION = '1.1.30'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: his_emr_api_lab
 version: !ruby/object:Gem::Version
-  version: 1.1.28
+  version: 1.1.30
 platform: ruby
 authors:
 - Elizabeth Glaser Pediatric Foundation Malawi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-15 00:00:00.000000000 Z
+date: 2023-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: couchrest
@@ -247,6 +247,7 @@ files:
 - app/controllers/lab/test_result_indicators_controller.rb
 - app/controllers/lab/test_types_controller.rb
 - app/controllers/lab/tests_controller.rb
+- app/controllers/lab/users_controller.rb
 - app/jobs/lab/application_job.rb
 - app/jobs/lab/push_order_job.rb
 - app/jobs/lab/update_patient_orders_job.rb
@@ -267,6 +268,7 @@ files:
 - app/services/lab/accession_number_service.rb
 - app/services/lab/acknowledgement_service.rb
 - app/services/lab/concepts_service.rb
+- app/services/lab/json_web_token_service.rb
 - app/services/lab/labelling_service/order_label.rb
 - app/services/lab/lims/acknowledgement_serializer.rb
 - app/services/lab/lims/acknowledgement_worker.rb
@@ -290,6 +292,7 @@ files:
 - app/services/lab/orders_service.rb
 - app/services/lab/results_service.rb
 - app/services/lab/tests_service.rb
+- app/services/lab/user_service.rb
 - config/routes.rb
 - db/migrate/20210126092910_create_lab_lab_accession_number_counters.rb
 - db/migrate/20210310115457_create_lab_lims_order_mappings.rb