@blackcode_sa/metaestetics-api 1.14.18 → 1.14.26

package/src/services/practitioner/practitioner.service.ts

@@ -483,6 +483,34 @@ export class PractitionerService extends BaseService {
         throw new Error("Practitioner is not associated with this clinic");
       }
 
+      // Security check: Verify that the clinic belongs to the clinic group of the user creating the token
+      // createdBy can be either clinicGroupId or clinicId
+      let expectedClinicGroupId: string | null = null;
+      
+      // First, check if createdBy matches the clinic's clinicGroupId directly
+      if (clinic.clinicGroupId === createdBy) {
+        // createdBy is the clinicGroupId, which matches - this is valid
+        expectedClinicGroupId = createdBy;
+      } else {
+        // createdBy might be a clinicId, check if that clinic belongs to the same group
+        try {
+          const creatorClinic = await this.getClinicService().getClinic(createdBy);
+          if (creatorClinic && creatorClinic.clinicGroupId === clinic.clinicGroupId) {
+            // Both clinics belong to the same group - valid
+            expectedClinicGroupId = clinic.clinicGroupId;
+          } else {
+            throw new Error("Clinic does not belong to your clinic group");
+          }
+        } catch (error: any) {
+          // If createdBy is not a valid clinicId, or clinics don't match, reject
+          if (error.message === "Clinic does not belong to your clinic group") {
+            throw error;
+          }
+          // If getClinic fails, createdBy might be a clinicGroupId that doesn't match
+          throw new Error("Clinic does not belong to your clinic group");
+        }
+      }
+
       // Default expiration is 7 days from now if not specified
       const expiration =
         validatedData.expiresAt ||
@@ -522,21 +550,29 @@ export class PractitionerService extends BaseService {
   /**
    * Gets active tokens for a practitioner
    * @param practitionerId ID of the practitioner
+   * @param clinicId Optional clinic ID to filter tokens by. If provided, only returns tokens for this clinic.
    * @returns Array of active tokens
    */
   async getPractitionerActiveTokens(
-    practitionerId: string
+    practitionerId: string,
+    clinicId?: string
   ): Promise<PractitionerToken[]> {
     const tokensRef = collection(
       this.db,
       `${PRACTITIONERS_COLLECTION}/${practitionerId}/${REGISTER_TOKENS_COLLECTION}`
     );
 
-    const q = query(
-      tokensRef,
+    const conditions = [
       where("status", "==", PractitionerTokenStatus.ACTIVE),
       where("expiresAt", ">", Timestamp.now())
-    );
+    ];
+
+    // Filter by clinic if provided
+    if (clinicId) {
+      conditions.push(where("clinicId", "==", clinicId));
+    }
+
+    const q = query(tokensRef, ...conditions);
 
     const querySnapshot = await getDocs(q);
     return querySnapshot.docs.map((doc) => doc.data() as PractitionerToken);
@@ -628,6 +664,45 @@ export class PractitionerService extends BaseService {
     });
   }
 
+  /**
+   * Revokes a token by setting its status to REVOKED
+   * @param tokenId ID of the token
+   * @param practitionerId ID of the practitioner
+   * @param clinicId ID of the clinic that owns the token. Used to verify ownership before revoking.
+   * @throws Error if token doesn't exist or doesn't belong to the specified clinic
+   */
+  async revokeToken(
+    tokenId: string,
+    practitionerId: string,
+    clinicId: string
+  ): Promise<void> {
+    const tokenRef = doc(
+      this.db,
+      `${PRACTITIONERS_COLLECTION}/${practitionerId}/${REGISTER_TOKENS_COLLECTION}/${tokenId}`
+    );
+
+    // First, verify the token exists and belongs to the clinic
+    const tokenDoc = await getDoc(tokenRef);
+    if (!tokenDoc.exists()) {
+      throw new Error("Token not found");
+    }
+
+    const tokenData = tokenDoc.data() as PractitionerToken;
+    if (tokenData.clinicId !== clinicId) {
+      throw new Error("Token does not belong to the specified clinic");
+    }
+
+    // Only revoke if token is still active
+    if (tokenData.status !== PractitionerTokenStatus.ACTIVE) {
+      throw new Error("Token is not active and cannot be revoked");
+    }
+
+    await updateDoc(tokenRef, {
+      status: PractitionerTokenStatus.REVOKED,
+      updatedAt: serverTimestamp(),
+    });
+  }
+
   /**
    * Dohvata zdravstvenog radnika po ID-u
    */

package/src/services/user/user.service.ts

@@ -45,18 +45,6 @@ export class UserService extends BaseService {
   ) {
     super(db, auth, app);
 
-    // DEBUG: Tag the auth instance
-    // @ts-ignore
-    if (!this.auth.__userServiceId) {
-      // @ts-ignore
-      this.auth.__userServiceId = 'user-service-' + Date.now();
-    }
-    // @ts-ignore
-    console.log('[USER_SERVICE] Constructor - auth ID:', this.auth.__userServiceId);
-    // @ts-ignore
-    console.log('[USER_SERVICE] Constructor - auth.__authServiceId:', this.auth.__authServiceId || 'NOT SET');
-
-    // Kreiramo servise samo ako nisu prosleđeni
     if (!patientService) {
       patientService = new PatientService(db, auth, app);
     }
@@ -100,27 +88,6 @@ export class UserService extends BaseService {
       skipProfileCreation?: boolean;
     },
   ): Promise<User> {
-    // DEBUG LOGGING - Check auth state before creating user document
-    console.log('[USER_SERVICE] ====== CREATE USER DEBUG ======');
-    // @ts-ignore - Debug: Check auth instance ID
-    console.log(this.auth)
-    console.log('[USER_SERVICE] Auth instance ID:', (this.auth as any)?.__debugId || 'no-id');
-    console.log('[USER_SERVICE] Current auth state:', {
-      currentUser: this.auth?.currentUser?.uid || 'NULL',
-      currentUserEmail: this.auth?.currentUser?.email || 'NULL',
-      currentUserProvider: this.auth?.currentUser?.providerId || 'NULL',
-    });
-    console.log('[USER_SERVICE] Firebase user passed to createUser:', {
-      uid: firebaseUser?.uid || 'NULL',
-      email: firebaseUser?.email || 'NULL',
-      providerId: firebaseUser?.providerId || 'NULL',
-      isAnonymous: firebaseUser?.isAnonymous,
-    });
-    console.log('[USER_SERVICE] Auth instances match:', this.auth?.currentUser?.uid === firebaseUser?.uid);
-    console.log('[USER_SERVICE] Document path:', `${USERS_COLLECTION}/${firebaseUser?.uid}`);
-    console.log('[USER_SERVICE] Roles:', roles);
-    console.log('[USER_SERVICE] ================================');
-
     const userData: CreateUserData = {
       uid: firebaseUser.uid,
       email: firebaseUser.email,
@@ -131,24 +98,7 @@ export class UserService extends BaseService {
       lastLoginAt: serverTimestamp(),
     };
 
-    console.log('[USER_SERVICE] Attempting setDoc with userData:', {
-      uid: userData.uid,
-      email: userData.email,
-      roles: userData.roles,
-    });
-
-    // Kreiramo osnovnog korisnika
-    try {
-      await setDoc(doc(this.db, USERS_COLLECTION, userData.uid), userData);
-      console.log('[USER_SERVICE] ✅ setDoc SUCCEEDED for:', userData.uid);
-    } catch (error: any) {
-      console.error('[USER_SERVICE] ❌ setDoc FAILED:', {
-        errorCode: error?.code,
-        errorMessage: error?.message,
-        uid: userData.uid,
-      });
-      throw error;
-    }
+    await setDoc(doc(this.db, USERS_COLLECTION, userData.uid), userData);
 
     // Kreiramo odgovarajuće profile na osnovu rola
     if (options?.skipProfileCreation) {