@blackcode_sa/metaestetics-api 1.7.45 → 1.8.0

package/src/services/patient/utils/sensitive.utils.ts

@@ -10,17 +10,77 @@ import {
   CreatePatientSensitiveInfoData,
   UpdatePatientSensitiveInfoData,
 } from "../../../types/patient";
+import { UserRole } from "../../../types";
 import { createPatientSensitiveInfoSchema } from "../../../validations/patient.schema";
 import { z } from "zod";
 import {
   getSensitiveInfoDocRef,
   initSensitiveInfoDocIfNotExists,
+  getPatientDocRef,
 } from "./docs.utils";
 import {
   MediaService,
   MediaAccessLevel,
   MediaResource,
 } from "../../media/media.service";
+import { AuthError } from "../../../errors/auth.errors";
+import { getPractitionerProfileByUserRef } from "./practitioner.utils";
+import { getClinicAdminByUserRef } from "../../clinic/utils/admin.utils";
+
+/**
+ * Checks if the requester has permission to access/modify sensitive info.
+ * Access is granted to the patient owner, or an associated practitioner/clinic admin.
+ */
+const checkSensitiveAccessUtil = async (
+  db: Firestore,
+  patientId: string,
+  requesterId: string,
+  requesterRoles: UserRole[]
+): Promise<void> => {
+  const patientDoc = await getDoc(getPatientDocRef(db, patientId));
+  if (!patientDoc.exists()) {
+    throw new Error("Patient profile not found");
+  }
+  const patientData = patientDoc.data() as any; // Cast to any to access properties
+
+  // 1. Patient is the owner
+  if (patientData.userRef && patientData.userRef === requesterId) {
+    return;
+  }
+
+  // 2. Requester is an associated practitioner
+  if (requesterRoles.includes(UserRole.PRACTITIONER)) {
+    const practitionerProfile = await getPractitionerProfileByUserRef(
+      db,
+      requesterId
+    );
+    if (
+      practitionerProfile &&
+      patientData.doctorIds?.includes(practitionerProfile.id)
+    ) {
+      return;
+    }
+  }
+
+  // 3. Requester is an associated clinic admin
+  if (requesterRoles.includes(UserRole.CLINIC_ADMIN)) {
+    const adminProfile = await getClinicAdminByUserRef(db, requesterId);
+    if (adminProfile && adminProfile.clinicsManaged) {
+      const hasAccess = adminProfile.clinicsManaged.some((managedClinicId) =>
+        patientData.clinicIds?.includes(managedClinicId)
+      );
+      if (hasAccess) {
+        return;
+      }
+    }
+  }
+
+  throw new AuthError(
+    "Unauthorized access to sensitive information.",
+    "AUTH/UNAUTHORIZED_ACCESS",
+    403
+  );
+};
 
 /**
  * Handles photoUrl upload for sensitive info (supports MediaResource)
@@ -62,13 +122,18 @@ const handlePhotoUrlUpload = async (
 export const createSensitiveInfoUtil = async (
   db: Firestore,
   data: CreatePatientSensitiveInfoData,
-  requesterUserId: string,
+  requesterId: string,
+  requesterRoles: UserRole[],
   mediaService?: MediaService
 ): Promise<PatientSensitiveInfo> => {
   try {
-    if (data.userRef !== requesterUserId) {
-      throw new Error("Only patient can create their sensitive information");
-    }
+    // Security check
+    await checkSensitiveAccessUtil(
+      db,
+      data.patientId,
+      requesterId,
+      requesterRoles
+    );
 
     const validatedData = createPatientSensitiveInfoSchema.parse(data);
 
@@ -118,14 +183,14 @@ export const createSensitiveInfoUtil = async (
 export const getSensitiveInfoUtil = async (
   db: Firestore,
   patientId: string,
-  requesterUserId: string
+  requesterId: string,
+  requesterRoles: UserRole[]
 ): Promise<PatientSensitiveInfo | null> => {
-  // if (patientId !== requesterUserId) {
-  //   throw new Error("Unauthorized access to sensitive information");
-  // }
+  // Security check
+  await checkSensitiveAccessUtil(db, patientId, requesterId, requesterRoles);
 
   // Inicijalizacija dokumenta ako ne postoji
-  await initSensitiveInfoDocIfNotExists(db, patientId, requesterUserId);
+  await initSensitiveInfoDocIfNotExists(db, patientId, requesterId);
 
   const sensitiveDoc = await getDoc(getSensitiveInfoDocRef(db, patientId));
   return sensitiveDoc.exists()
@@ -137,15 +202,15 @@ export const updateSensitiveInfoUtil = async (
   db: Firestore,
   patientId: string,
   data: UpdatePatientSensitiveInfoData,
-  requesterUserId: string,
+  requesterId: string,
+  requesterRoles: UserRole[],
   mediaService?: MediaService
 ): Promise<PatientSensitiveInfo> => {
-  // if (data.userRef !== requesterUserId) {
-  //   throw new Error("Only patient can update their sensitive information");
-  // }
+  // Security check
+  await checkSensitiveAccessUtil(db, patientId, requesterId, requesterRoles);
 
   // Inicijalizacija dokumenta ako ne postoji
-  await initSensitiveInfoDocIfNotExists(db, patientId, requesterUserId);
+  await initSensitiveInfoDocIfNotExists(db, patientId, requesterId);
 
   // Process photoUrl if it's a MediaResource and mediaService is provided
   let processedPhotoUrl: string | null | undefined = undefined;

package/src/services/patient/utils/token.utils.ts

@@ -0,0 +1,211 @@
+import {
+  collection,
+  doc,
+  getDoc,
+  getDocs,
+  query,
+  where,
+  setDoc,
+  updateDoc,
+  Timestamp,
+  collectionGroup,
+} from "firebase/firestore";
+import { Firestore } from "firebase/firestore";
+import { z } from "zod";
+import {
+  PatientToken,
+  CreatePatientTokenData,
+  PatientTokenStatus,
+  INVITE_TOKENS_COLLECTION,
+} from "../../../types/patient/token.types";
+import {
+  patientTokenSchema,
+  createPatientTokenSchema,
+} from "../../../validations/patient/token.schema";
+import { getPatientDocRef } from "./docs.utils";
+import { PATIENTS_COLLECTION } from "../../../types/patient";
+
+/**
+ * Creates a token for inviting a patient to claim their profile.
+ *
+ * @param {Firestore} db - The Firestore database instance.
+ * @param {CreatePatientTokenData} data - Data for creating the token.
+ * @param {string} createdBy - ID of the user creating the token.
+ * @param {() => string} generateId - Function to generate a unique ID.
+ * @returns {Promise<PatientToken>} The created token.
+ * @throws {Error} If the patient profile is not found, is not a manual profile, or if data is invalid.
+ */
+export const createPatientTokenUtil = async (
+  db: Firestore,
+  data: CreatePatientTokenData,
+  createdBy: string,
+  generateId: () => string
+): Promise<PatientToken> => {
+  const validatedData = createPatientTokenSchema.parse(data);
+
+  // Check if patient exists and is a manual profile
+  const patientRef = getPatientDocRef(db, validatedData.patientId);
+  const patientDoc = await getDoc(patientRef);
+  if (!patientDoc.exists() || !patientDoc.data()?.isManual) {
+    throw new Error(
+      "Patient profile not found or is not a manually created profile."
+    );
+  }
+
+  // Default expiration is 7 days from now if not specified
+  const expiration =
+    validatedData.expiresAt || new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
+
+  const tokenString = generateId().slice(0, 6).toUpperCase();
+
+  const token: PatientToken = {
+    id: generateId(),
+    token: tokenString,
+    patientId: validatedData.patientId,
+    email: validatedData.email,
+    clinicId: validatedData.clinicId,
+    status: PatientTokenStatus.ACTIVE,
+    createdBy: createdBy,
+    createdAt: Timestamp.now(),
+    expiresAt: Timestamp.fromDate(expiration),
+  };
+
+  patientTokenSchema.parse(token);
+
+  const tokenRef = doc(
+    db,
+    PATIENTS_COLLECTION,
+    validatedData.patientId,
+    INVITE_TOKENS_COLLECTION,
+    token.id
+  );
+  await setDoc(tokenRef, token);
+
+  return token;
+};
+
+/**
+ * Validates a patient invitation token.
+ *
+ * @param {Firestore} db - The Firestore database instance.
+ * @param {string} tokenString - The token string to validate.
+ * @returns {Promise<PatientToken | null>} The token if found and valid, otherwise null.
+ */
+export const validatePatientTokenUtil = async (
+  db: Firestore,
+  tokenString: string
+): Promise<PatientToken | null> => {
+  const patientsRef = collection(db, PATIENTS_COLLECTION);
+  const patientsSnapshot = await getDocs(patientsRef);
+
+  for (const patientDoc of patientsSnapshot.docs) {
+    const tokensRef = collection(
+      db,
+      patientDoc.ref.path,
+      INVITE_TOKENS_COLLECTION
+    );
+    const q = query(
+      tokensRef,
+      where("token", "==", tokenString),
+      where("status", "==", PatientTokenStatus.ACTIVE),
+      where("expiresAt", ">", Timestamp.now())
+    );
+
+    const tokenSnapshot = await getDocs(q);
+    if (!tokenSnapshot.empty) {
+      return tokenSnapshot.docs[0].data() as PatientToken;
+    }
+  }
+
+  return null;
+};
+
+/**
+ * Marks a patient invitation token as used.
+ *
+ * @param {Firestore} db - The Firestore database instance.
+ * @param {string} tokenId - The ID of the token to mark as used.
+ * @param {string} patientId - The ID of the patient associated with the token.
+ * @param {string} userId - The ID of the user who is using the token.
+ * @returns {Promise<void>}
+ */
+export const markPatientTokenAsUsedUtil = async (
+  db: Firestore,
+  tokenId: string,
+  patientId: string,
+  userId: string
+): Promise<void> => {
+  const tokenRef = doc(
+    db,
+    PATIENTS_COLLECTION,
+    patientId,
+    INVITE_TOKENS_COLLECTION,
+    tokenId
+  );
+  await updateDoc(tokenRef, {
+    status: PatientTokenStatus.USED,
+    usedBy: userId,
+    usedAt: Timestamp.now(),
+  });
+};
+
+/**
+ * Retrieves all active invitation tokens for a specific clinic.
+ * This uses a collection group query to find tokens across all patients.
+ *
+ * @param {Firestore} db - The Firestore database instance.
+ * @param {string} clinicId - The ID of the clinic.
+ * @returns {Promise<PatientToken[]>} An array of active tokens for the clinic.
+ */
+export const getActiveInviteTokensByClinicUtil = async (
+  db: Firestore,
+  clinicId: string
+): Promise<PatientToken[]> => {
+  const tokensQuery = query(
+    collectionGroup(db, INVITE_TOKENS_COLLECTION),
+    where("clinicId", "==", clinicId),
+    where("status", "==", PatientTokenStatus.ACTIVE),
+    where("expiresAt", ">", Timestamp.now())
+  );
+
+  const querySnapshot = await getDocs(tokensQuery);
+
+  if (querySnapshot.empty) {
+    return [];
+  }
+
+  return querySnapshot.docs.map((doc) => doc.data() as PatientToken);
+};
+
+/**
+ * Retrieves all active invitation tokens for a specific patient.
+ *
+ * @param {Firestore} db - The Firestore database instance.
+ * @param {string} patientId - The ID of the patient.
+ * @returns {Promise<PatientToken[]>} An array of active tokens for the patient.
+ */
+export const getActiveInviteTokensByPatientUtil = async (
+  db: Firestore,
+  patientId: string
+): Promise<PatientToken[]> => {
+  const tokensRef = collection(
+    db,
+    PATIENTS_COLLECTION,
+    patientId,
+    INVITE_TOKENS_COLLECTION
+  );
+
+  const q = query(
+    tokensRef,
+    where("status", "==", PatientTokenStatus.ACTIVE),
+    where("expiresAt", ">", Timestamp.now())
+  );
+
+  const querySnapshot = await getDocs(q);
+
+  if (querySnapshot.empty) {
+    return [];
+  }
+
+  return querySnapshot.docs.map((doc) => doc.data() as PatientToken);
+};

package/src/services/practitioner/index.ts

@@ -0,0 +1 @@
+export * from "./practitioner.service";

package/src/services/procedure/index.ts

@@ -0,0 +1 @@
+export * from "./procedure.service";

package/src/services/reviews/index.ts

@@ -0,0 +1 @@
+export * from "./reviews.service";

package/src/services/user/index.ts

@@ -0,0 +1 @@
+export * from "./user.service";

package/src/services/{user.service.ts → user/user.service.ts}

@@ -13,21 +13,21 @@ import {
   serverTimestamp,
   FieldValue,
 } from "firebase/firestore";
-import { initializeFirebase } from "../config/firebase";
-import { User, UserRole, USERS_COLLECTION, CreateUserData } from "../types";
-import { userSchema } from "../validations/schemas";
-import { AuthError } from "../errors/auth.errors";
-import { USER_ERRORS } from "../errors/user.errors";
-import { AUTH_ERRORS } from "../errors/auth.errors";
+import { initializeFirebase } from "../../config/firebase";
+import { User, UserRole, USERS_COLLECTION, CreateUserData } from "../../types";
+import { userSchema } from "../../validations/schemas";
+import { AuthError } from "../../errors/auth.errors";
+import { USER_ERRORS } from "../../errors/user.errors";
+import { AUTH_ERRORS } from "../../errors/auth.errors";
 import { z } from "zod";
-import { BaseService } from "./base.service";
-import { PatientService } from "./patient/patient.service";
-import { ClinicAdminService } from "./clinic/clinic-admin.service";
-import { PatientProfile, PATIENTS_COLLECTION } from "../types/patient";
+import { BaseService } from "../base.service";
+import { PatientService } from "../patient/patient.service";
+import { ClinicAdminService } from "../clinic/clinic-admin.service";
+import { PatientProfile, PATIENTS_COLLECTION } from "../../types/patient";
 import { User as FirebaseUser } from "firebase/auth";
 import { Auth } from "firebase/auth";
-import { PractitionerService } from "./practitioner/practitioner.service";
-import { CertificationLevel } from "../backoffice/types/static/certification.types";
+import { PractitionerService } from "../practitioner/practitioner.service";
+import { CertificationLevel } from "../../backoffice/types/static/certification.types";
 import { Firestore } from "firebase/firestore";
 import { FirebaseApp } from "firebase/app";
 
@@ -86,6 +86,7 @@ export class UserService extends BaseService {
         groupToken?: string;
         groupId?: string;
       };
+      patientInviteToken?: string;
       skipProfileCreation?: boolean;
     }
   ): Promise<User> {
@@ -147,6 +148,7 @@ export class UserService extends BaseService {
         groupToken?: string;
         groupId?: string;
       };
+      patientInviteToken?: string;
       skipProfileCreation?: boolean;
     }
   ): Promise<{
@@ -163,6 +165,52 @@ export class UserService extends BaseService {
     for (const role of roles) {
       switch (role) {
         case UserRole.PATIENT:
+          // If a token is provided, claim the existing manual profile
+          if (options?.patientInviteToken) {
+            const patientService = this.getPatientService();
+            const token = await patientService.validatePatientToken(
+              options.patientInviteToken
+            );
+
+            if (!token) {
+              throw new Error("Invalid or expired patient invitation token.");
+            }
+
+            // Get the patient profile
+            const patientProfile = await patientService.getPatientProfile(
+              token.patientId
+            );
+            if (!patientProfile || !patientProfile.isManual) {
+              throw new Error(
+                "Patient profile not found or has already been claimed."
+              );
+            }
+
+            // Check if user already has a patient profile
+            if (
+              (await this.getUserById(userId)).patientProfile ||
+              patientProfile.userRef
+            ) {
+              throw new Error("User already has a patient profile.");
+            }
+
+            // Claim the profile: link userRef and set isManual to false
+            await patientService.updatePatientProfile(patientProfile.id, {
+              userRef: userId,
+              isManual: false,
+            });
+
+            // Mark the token as used
+            await patientService.markPatientTokenAsUsed(
+              token.id,
+              token.patientId,
+              userId
+            );
+
+            profiles.patientProfile = patientProfile.id;
+            break;
+          }
+
           const patientProfile =
             await this.getPatientService().createPatientProfile({
               userRef: userId,
@@ -174,6 +222,7 @@ export class UserService extends BaseService {
               },
               isActive: true,
               isVerified: false,
+              isManual: false, // Explicitly set to false for standard signups
             });
           profiles.patientProfile = patientProfile.id;
           break;

package/src/services/{user.v2.service.ts → user/user.v2.service.ts}

@@ -13,21 +13,21 @@ import {
   serverTimestamp,
   FieldValue,
 } from "firebase/firestore";
-import { initializeFirebase } from "../config/firebase";
-import { User, UserRole, USERS_COLLECTION, CreateUserData } from "../types";
-import { userSchema } from "../validations/schemas";
-import { AuthError } from "../errors/auth.errors";
-import { USER_ERRORS } from "../errors/user.errors";
-import { AUTH_ERRORS } from "../errors/auth.errors";
+import { initializeFirebase } from "../../config/firebase";
+import { User, UserRole, USERS_COLLECTION, CreateUserData } from "../../types";
+import { userSchema } from "../../validations/schemas";
+import { AuthError } from "../../errors/auth.errors";
+import { USER_ERRORS } from "../../errors/user.errors";
+import { AUTH_ERRORS } from "../../errors/auth.errors";
 import { z } from "zod";
-import { BaseService } from "./base.service";
-import { PatientService } from "./patient/patient.service";
-import { ClinicAdminService } from "./clinic/clinic-admin.service";
-import { PatientProfile, PATIENTS_COLLECTION } from "../types/patient";
+import { BaseService } from "../base.service";
+import { PatientService } from "../patient/patient.service";
+import { ClinicAdminService } from "../clinic/clinic-admin.service";
+import { PatientProfile, PATIENTS_COLLECTION } from "../../types/patient";
 import { User as FirebaseUser } from "firebase/auth";
 import { Auth } from "firebase/auth";
-import { PractitionerService } from "./practitioner/practitioner.service";
-import { CertificationLevel } from "../backoffice/types/static/certification.types";
+import { PractitionerService } from "../practitioner/practitioner.service";
+import { CertificationLevel } from "../../backoffice/types/static/certification.types";
 import { Firestore } from "firebase/firestore";
 import { FirebaseApp } from "firebase/app";
 

package/src/types/index.ts

@@ -1,44 +1,44 @@
-import { User as FirebaseAuthUser } from "firebase/auth";
-import { Timestamp, FieldValue } from "firebase/firestore";
-
-// User tipovi
-export enum UserRole {
-  PATIENT = "patient",
-  PRACTITIONER = "practitioner",
-  APP_ADMIN = "app_admin",
-  CLINIC_ADMIN = "clinic_admin",
-}
-
-export interface User {
-  uid: string;
-  email: string | null;
-  roles: UserRole[];
-  isAnonymous: boolean;
-  createdAt: any;
-  updatedAt: any;
-  lastLoginAt: any;
-  patientProfile?: string;
-  practitionerProfile?: string;
-  adminProfile?: string;
-}
-
-export interface CreateUserData {
-  uid: string;
-  email: string | null;
-  roles: UserRole[];
-  isAnonymous: boolean;
-  createdAt: FieldValue;
-  updatedAt: FieldValue;
-  lastLoginAt: FieldValue;
-}
-
-export const USERS_COLLECTION = "users";
-
-// Firebase tipovi
-export type FirebaseUser = FirebaseAuthUser;
-
-// Documentation Templates
-export * from "./documentation-templates";
+// Export all type definitions for easy access
+
+// Top-level user types
+export * from "./user";
 
-// Calendar
+// Appointment types
+export * from "./appointment";
+
+// Calendar types
 export * from "./calendar";
+export * from "./calendar/synced-calendar.types";
+
+// Clinic types
+export * from "./clinic";
+export * from "./clinic/practitioner-invite.types";
+export * from "./clinic/preferences.types";
+
+// Documentation Templates types
+export * from "./documentation-templates";
+
+// Notifications types
+export * from "./notifications";
+
+// Patient types
+export * from "./patient";
+export * from "./patient/allergies";
+export * from "./patient/medical-info.types";
+export * from "./patient/patient-requirements";
+export * from "./patient/token.types";
+
+// Practitioner types
+export * from "./practitioner";
+
+// Procedure types
+export * from "./procedure";
+
+// Profile types
+export * from "./profile";
+
+// Reviews types
+export * from "./reviews";
+
+// User types
+export * from "./user";

package/src/types/patient/index.ts

@@ -66,7 +66,7 @@ export interface GamificationInfo {
  */
 export interface PatientLocationInfo {
   patientId: string;
-  userRef: string;
+  userRef?: string;
   locationData: LocationData; // Samo za geopretragu
   createdAt: Timestamp;
   updatedAt: Timestamp;
@@ -77,7 +77,7 @@ export interface PatientLocationInfo {
  */
 export interface CreatePatientLocationInfoData {
   patientId: string;
-  userRef: string;
+  userRef?: string;
   locationData: LocationData;
 }
 
@@ -94,7 +94,7 @@ export interface UpdatePatientLocationInfoData
  */
 export interface PatientSensitiveInfo {
   patientId: string;
-  userRef: string;
+  userRef?: string;
   photoUrl?: string | null;
   firstName: string;
   lastName: string;
@@ -114,7 +114,7 @@ export interface PatientSensitiveInfo {
  */
 export interface CreatePatientSensitiveInfoData {
   patientId: string;
-  userRef: string;
+  userRef?: string;
   photoUrl?: MediaResource | null;
   firstName: string;
   lastName: string;
@@ -162,12 +162,13 @@ export interface PatientClinic {
  */
 export interface PatientProfile {
   id: string;
-  userRef: string;
+  userRef?: string;
   displayName: string; // Inicijali ili pseudonim
   gamification: GamificationInfo;
   expoTokens: string[];
   isActive: boolean;
   isVerified: boolean;
+  isManual: boolean; // Indicates if the profile was created manually by a clinic
   phoneNumber?: string | null;
   dateOfBirth?: Timestamp | null;
   doctors: PatientDoctor[]; // Lista doktora pacijenta
@@ -182,12 +183,13 @@ export interface PatientProfile {
  * Tip za kreiranje novog Patient profila
  */
 export interface CreatePatientProfileData {
-  userRef: string;
+  userRef?: string;
   displayName: string;
   expoTokens: string[];
   gamification?: GamificationInfo;
   isActive: boolean;
   isVerified: boolean;
+  isManual: boolean;
   doctors?: PatientDoctor[];
   clinics?: PatientClinic[];
   doctorIds?: string[]; // Initialize as empty or with initial doctors
@@ -204,6 +206,31 @@ export interface UpdatePatientProfileData
   // Note: doctors, clinics, doctorIds, clinicIds should ideally be updated via specific methods (add/removeDoctor/Clinic)
 }
 
+/**
+ * Data required for a clinic admin to manually create a new patient profile.
+ * This patient does not have a user account initially.
+ */
+export interface CreateManualPatientData {
+  /** The clinic ID where the patient is being created. */
+  clinicId: string;
+  /** Patient's first name. */
+  firstName: string;
+  /** Patient's last name. */
+  lastName: string;
+  /** Patient's date of birth. */
+  dateOfBirth: Timestamp | null;
+  /** Patient's gender. */
+  gender: Gender;
+  /** Optional phone number. */
+  phoneNumber?: string;
+  /** Optional email address. */
+  email?: string;
+  /** Optional address information. */
+  addressData?: AddressData;
+  /** Optional notes about the patient. */
+  notes?: string;
+}
+
 /**
  * Parameters for searching patient profiles.
  */