@medicus.ai/medicus-report-pdf-generator 1.3.7 → 1.3.9

package/index.js

@@ -7,10 +7,18 @@ const {
 } = require("./lib/wellbeing_report_generator");
 const { generateSanusXReport, generateHTMLSanusXReport } = require("./lib/sanusx_report_generator");
 const fs = require('fs');
+const os = require('os');
+const crypto = require('crypto');
 const { sendNascoEmail, sendEmailNotification } = require('./lib/sendEmail')
 const path = require('path');
 const { generatePDFCorporateReport, generateHTMLCorporateReport } = require('./lib/corporate_report_generator')
 
+// Best-effort fire-and-forget cleanup for per-call temp files. Never throws.
+const safeUnlink = (filePath) => {
+    if (!filePath) return Promise.resolve();
+    return fs.promises.unlink(filePath).catch(() => { });
+};
+
 module.exports = {
 
     generateHTMLStaging,
@@ -187,10 +195,19 @@ module.exports = {
         let reportData = JSON.parse(data);
         let base64Object = reportData.data;
 
+        // Per-call unique identifiers so concurrent callers never share a path.
+        // Even when two requests overlap, each one owns its own input/output
+        // files and email attachment, eliminating cross-user PDF swapping.
+        const callId = crypto.randomUUID();
+        const tmpDir = os.tmpdir();
+        const tmpInputPath = path.join(tmpDir, `wb-${callId}-in.pdf`);
+        const tmpEncryptedPath = path.join(tmpDir, `wb-${callId}-enc.pdf`);
+        let tmpEmailAttachmentPath = null;
+
         let LOGS = '';
-        const LOGS_FILE_PATH = path.join(__dirname, 'output', 'LOGS.txt');
-        const PDF_FILE_PATH = path.join(__dirname, 'output', 'nasco-sample.pdf');
-        const ENCRYPTED_PDF_PATH = path.join(__dirname, 'output', 'nasco-sample-encrypted.pdf');
+        const LOGS_FILE_PATH = isDebugging
+            ? path.join(__dirname, 'output', `LOGS-${callId}.txt`)
+            : null;
 
         const mailConfig = {
             host: reportData.host,
@@ -201,12 +218,6 @@ module.exports = {
             secure: reportData.secure,
         };
 
-        if (isDebugging) {
-            if (fs.existsSync(LOGS_FILE_PATH)) fs.unlinkSync(LOGS_FILE_PATH);
-            if (fs.existsSync(PDF_FILE_PATH)) fs.unlinkSync(PDF_FILE_PATH);
-            if (fs.existsSync(ENCRYPTED_PDF_PATH)) fs.unlinkSync(ENCRYPTED_PDF_PATH);
-        }
-
         if (isDebugging) {
             console.log('2: save json string');
             LOGS += '2: save json string\n===============\n' + base64Object + '\n\n\n';
@@ -242,45 +253,64 @@ module.exports = {
             LOGS += '3: save PDF buffer\n===============\n' + '[binary content omitted]' + '\n\n\n';
         }
 
-        // Write original PDF (unencrypted)
-        fs.writeFileSync(PDF_FILE_PATH, fileBuffer);
-
+        try {
+            // Write the unencrypted PDF to a per-call temp file.
+            // qpdf needs a real input path; using a uuid-suffixed file in
+            // os.tmpdir() guarantees no concurrent caller can overwrite it.
+            await fs.promises.writeFile(tmpInputPath, fileBuffer);
 
-        return await (async () => {
             const qpdf = await import('node-qpdf2');
 
+            // Encrypt to a per-call output file. We can't use qpdf's stdout
+            // mode (output omitted) because node-qpdf2's spawn helper joins
+            // stdout chunks as strings, which corrupts binary PDF bytes.
             await qpdf.encrypt({
-                input: PDF_FILE_PATH,
-                output: ENCRYPTED_PDF_PATH,
+                input: tmpInputPath,
+                output: tmpEncryptedPath,
                 keyLength: 256,
                 password: reportData.pdfPassword,
-            })
-            const encryptedBuffer = fs.readFileSync(ENCRYPTED_PDF_PATH);
+            });
+
+            const encryptedBuffer = await fs.promises.readFile(tmpEncryptedPath);
 
-            // Save encoded base64 (of encrypted)
-            const base64data = Buffer.from(encryptedBuffer).toString('base64');
+            const base64data = encryptedBuffer.toString('base64');
             if (isDebugging) {
                 console.log('4: save encoded base64');
                 LOGS += '4: save encoded base64\n===============\n' + base64data + '\n\n\n';
             }
 
-            // Write logs
-            fs.writeFileSync(LOGS_FILE_PATH, LOGS, 'utf8');
-            if (isDebugging) console.log('5: save logs to file');
+            if (isDebugging && LOGS_FILE_PATH) {
+                await fs.promises.writeFile(LOGS_FILE_PATH, LOGS, 'utf8');
+                console.log('5: save logs to file');
+            }
 
             if (isDownloadable) {
                 return encryptedBuffer;
-            } else {
-                if (shouldSendEmail) {
-                    return await sendNascoEmail(decodedJSON.wellbeing, ENCRYPTED_PDF_PATH, mailConfig, reportData.client);
-                } else {
-                    return base64data;
-                }
             }
 
-        })();
-
+            if (shouldSendEmail) {
+                // Write the encrypted buffer to a dedicated per-call file just
+                // for the email attachment. sendNascoEmail expects a path
+                // (nodemailer reads it from disk), so we materialize it once,
+                // pass it in, then unlink in the finally block.
+                tmpEmailAttachmentPath = path.join(tmpDir, `wb-${callId}-mail.pdf`);
+                await fs.promises.writeFile(tmpEmailAttachmentPath, encryptedBuffer);
+                return await sendNascoEmail(
+                    decodedJSON.wellbeing,
+                    tmpEmailAttachmentPath,
+                    mailConfig,
+                    reportData.client
+                );
+            }
 
+            return base64data;
+        } finally {
+            await Promise.all([
+                safeUnlink(tmpInputPath),
+                safeUnlink(tmpEncryptedPath),
+                safeUnlink(tmpEmailAttachmentPath),
+            ]);
+        }
     },
 
     generateSanuxPDF: async (data, isDebugging, isDownloadable, shouldSendEmail) => {

package/lib/template.js

@@ -200,7 +200,8 @@ function renderOneBiomarker(biomarker, isRtl, nestingLevel, isChildBiomarker, is
     if (biomarker.showInDetailsView === true) {
         const biomarkerCssId = "dtl-bio-" + "db" + biomarker.id;
         let customBiomarkerValueFontSize = '';
-        const formattedValue = biomarker.formattedValue.replace(/,/g, "");
+        const rawFormattedValue = biomarker.formattedValue || biomarker.lingualReading || '';
+        const formattedValue = rawFormattedValue.replace(/,/g, "");
         if (formattedValue.length > 35) {
             customBiomarkerValueFontSize = 'font-size:12px;';
         }
@@ -231,13 +232,13 @@ function renderOneBiomarker(biomarker, isRtl, nestingLevel, isChildBiomarker, is
 
         // IMC special case (large biomarker value)
         let biomarkerClass = '';
-        if (biomarker.formattedValue.length >= 125) {
+        if (rawFormattedValue.length >= 125) {
             biomarkerClass = 'large-value-class';
             firstGridColClass = '';
             // firstGridColstyle = 'width:100%';
         }
 
-        const biomarkerValue = biomarker.formattedValue.replace(/\r\n/g, "<br/>");
+        const biomarkerValue = rawFormattedValue.replace(/\r\n/g, "<br/>");
 
         if (!biomarker.showScale) {
             biomarkerClass += ' hide-scale ';
@@ -1060,7 +1061,7 @@ function renderBiomarkerV3(biomarker, nestingLevel, isChildBiomarker, isCompactV
     if (isCompactView && biomarker.showInCompactView) {
         let biomarkerName = biomarker.fullName || '';
         let biomarkerUnit = biomarker.unit;
-        let biomarkerValue = biomarker.formattedValue || '';
+        let biomarkerValue = biomarker.formattedValue || biomarker.lingualReading || '';
         let rangePlaceholder = '';
         let referenceRange = '';
         let biomarkerLast = '-';