@ratim818/allyve-wellness-backend 1.0.0

package/src/migrations/schema.ts

@@ -0,0 +1,339 @@
+import { db } from "../config/database.js";
+import { logger } from "../utils/logger.js";
+
+// ─── HIPAA DATABASE DESIGN PRINCIPLES ───────────────────────
+// 1. All PHI stored encrypted (AES-256-GCM) at application level
+// 2. HMAC hashes for indexed lookups on encrypted fields
+// 3. Append-only audit_logs table (no UPDATE/DELETE triggers)
+// 4. Row-level soft deletes (is_deleted flag, never hard delete)
+// 5. Timestamps on every table for retention policy enforcement
+// 6. Foreign keys enforce referential integrity
+// ─────────────────────────────────────────────────────────────
+
+export async function runMigrations() {
+  logger.info("Running database migrations...");
+
+  // ── Users ──────────────────────────────────────────────
+  if (!(await db.schema.hasTable("users"))) {
+    await db.schema.createTable("users", (t) => {
+      t.uuid("id").primary();
+      t.text("email_encrypted").notNullable();          // AES-256-GCM encrypted
+      t.string("email_hash", 64).notNullable().unique(); // HMAC-SHA256 for lookups
+      t.text("password_hash").notNullable();             // bcrypt
+      t.text("full_name_encrypted").notNullable();
+      t.text("date_of_birth_encrypted").notNullable();
+      t.text("phone_encrypted");
+      t.text("photo_url");
+      t.integer("pregnancy_week");
+      t.string("role", 20).notNullable().defaultTo("patient"); // patient | provider | admin
+      t.boolean("is_active").notNullable().defaultTo(true);
+      t.integer("login_attempts").notNullable().defaultTo(0);
+      t.timestamp("locked_until");
+      t.timestamp("last_login");
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: users");
+  }
+
+  // ── Sessions ───────────────────────────────────────────
+  if (!(await db.schema.hasTable("sessions"))) {
+    await db.schema.createTable("sessions", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.string("ip_address", 45);
+      t.text("user_agent");
+      t.boolean("revoked").notNullable().defaultTo(false);
+      t.timestamp("expires_at").notNullable();
+      t.timestamp("created_at").notNullable().defaultTo(db.fn.now());
+    });
+    logger.info("  ✅ Created: sessions");
+  }
+
+  // ── Refresh Tokens ─────────────────────────────────────
+  if (!(await db.schema.hasTable("refresh_tokens"))) {
+    await db.schema.createTable("refresh_tokens", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.uuid("session_id").notNullable().references("id").inTable("sessions").onDelete("CASCADE");
+      t.string("token_hash", 64).notNullable().unique();
+      t.boolean("revoked").notNullable().defaultTo(false);
+      t.timestamp("expires_at").notNullable();
+      t.timestamp("created_at").notNullable().defaultTo(db.fn.now());
+    });
+    logger.info("  ✅ Created: refresh_tokens");
+  }
+
+  // ── Wearable Devices ───────────────────────────────────
+  if (!(await db.schema.hasTable("wearable_devices"))) {
+    await db.schema.createTable("wearable_devices", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.string("name").notNullable();
+      t.string("device_type", 50);
+      t.integer("battery_level");
+      t.boolean("is_connected").notNullable().defaultTo(false);
+      t.timestamp("last_synced");
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: wearable_devices");
+  }
+
+  // ── Health Metrics (PHI — encrypted) ───────────────────
+  if (!(await db.schema.hasTable("health_metrics"))) {
+    await db.schema.createTable("health_metrics", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.string("metric_name", 50).notNullable(); // e.g., "Heart Rate", "Blood Pressure"
+      t.text("value_encrypted").notNullable();    // AES-256-GCM encrypted
+      t.string("unit", 20).notNullable();
+      t.string("status", 20).notNullable();       // normal | warning | critical
+      t.string("trend", 20);                       // rising | falling | stable | fluctuating
+      t.decimal("min_threshold");
+      t.decimal("max_threshold");
+      t.uuid("device_id").references("id").inTable("wearable_devices");
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamp("recorded_at").notNullable();
+      t.timestamps(true, true);
+
+      t.index(["user_id", "metric_name", "recorded_at"]);
+    });
+    logger.info("  ✅ Created: health_metrics");
+  }
+
+  // ── ECG Data (PHI — encrypted, large payloads) ────────
+  if (!(await db.schema.hasTable("ecg_data"))) {
+    await db.schema.createTable("ecg_data", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.uuid("health_metric_id").references("id").inTable("health_metrics");
+      t.text("waveform_encrypted").notNullable(); // Full ECG waveform data, encrypted
+      t.text("interpretation_encrypted");          // AI or physician interpretation
+      t.string("status", 20).notNullable();
+      t.integer("duration_seconds");
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamp("recorded_at").notNullable();
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: ecg_data");
+  }
+
+  // ── Symptoms ───────────────────────────────────────────
+  if (!(await db.schema.hasTable("symptoms"))) {
+    await db.schema.createTable("symptoms", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.string("name", 100).notNullable();
+      t.integer("severity").notNullable();            // 1-10
+      t.text("notes_encrypted");                      // Encrypted free-text
+      t.boolean("is_cardiovascular_related").notNullable().defaultTo(false);
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamp("recorded_at").notNullable();
+      t.timestamps(true, true);
+
+      t.index(["user_id", "recorded_at"]);
+    });
+    logger.info("  ✅ Created: symptoms");
+  }
+
+  // ── Mood Entries ───────────────────────────────────────
+  if (!(await db.schema.hasTable("mood_entries"))) {
+    await db.schema.createTable("mood_entries", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.string("mood", 20).notNullable();
+      t.text("notes_encrypted");
+      t.integer("anxiety_level");                     // 1-10
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamp("recorded_at").notNullable();
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: mood_entries");
+  }
+
+  // ── Journal Entries (PHI — encrypted) ──────────────────
+  if (!(await db.schema.hasTable("journal_entries"))) {
+    await db.schema.createTable("journal_entries", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.text("content_encrypted").notNullable();       // Encrypted
+      t.specificType("tags", "text[]");                 // PostgreSQL array
+      t.integer("pain_score");
+      t.integer("anxiety_level");
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamp("recorded_at").notNullable();
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: journal_entries");
+  }
+
+  // ── Cardiovascular Risk Assessments ────────────────────
+  if (!(await db.schema.hasTable("cardiovascular_risks"))) {
+    await db.schema.createTable("cardiovascular_risks", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.integer("overall_score").notNullable();         // 0-100
+      t.text("factors_encrypted").notNullable();        // JSON array, encrypted
+      t.string("trend", 20);
+      t.text("recommendations_encrypted");              // JSON array, encrypted
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamp("assessed_at").notNullable();
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: cardiovascular_risks");
+  }
+
+  // ── Provider Contacts ──────────────────────────────────
+  if (!(await db.schema.hasTable("provider_contacts"))) {
+    await db.schema.createTable("provider_contacts", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.text("name_encrypted").notNullable();
+      t.string("provider_type", 30).notNullable();
+      t.text("phone_encrypted");
+      t.text("email_encrypted");
+      t.text("address_encrypted");
+      t.string("preferred_contact_method", 20);
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: provider_contacts");
+  }
+
+  // ── Appointments ───────────────────────────────────────
+  if (!(await db.schema.hasTable("appointments"))) {
+    await db.schema.createTable("appointments", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.uuid("provider_id").references("id").inTable("provider_contacts");
+      t.string("title", 200).notNullable();
+      t.string("provider_name", 100).notNullable();
+      t.string("provider_type", 30).notNullable();
+      t.timestamp("appointment_date").notNullable();
+      t.text("location_encrypted");
+      t.text("notes_encrypted");
+      t.boolean("confirmed").notNullable().defaultTo(false);
+      t.boolean("is_telehealth").notNullable().defaultTo(false);
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamps(true, true);
+
+      t.index(["user_id", "appointment_date"]);
+    });
+    logger.info("  ✅ Created: appointments");
+  }
+
+  // ── Shared Data Records ────────────────────────────────
+  if (!(await db.schema.hasTable("shared_data"))) {
+    await db.schema.createTable("shared_data", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.text("recipient_name_encrypted").notNullable();
+      t.string("recipient_type", 20).notNullable();
+      t.text("recipient_email_encrypted");
+      t.specificType("data_types", "text[]").notNullable();
+      t.string("status", 20).notNullable().defaultTo("pending");
+      t.timestamp("shared_at").notNullable();
+      t.timestamp("expires_at");
+      t.timestamp("revoked_at");
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: shared_data");
+  }
+
+  // ── Health Reports ─────────────────────────────────────
+  if (!(await db.schema.hasTable("health_reports"))) {
+    await db.schema.createTable("health_reports", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.string("title", 200).notNullable();
+      t.text("summary_encrypted").notNullable();
+      t.string("doctor", 100);
+      t.text("recommendations_encrypted");
+      t.string("status", 20).notNullable().defaultTo("normal");
+      t.boolean("is_deleted").notNullable().defaultTo(false);
+      t.timestamp("report_date").notNullable();
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: health_reports");
+  }
+
+  // ── Consent Records (HIPAA required) ───────────────────
+  if (!(await db.schema.hasTable("consent_records"))) {
+    await db.schema.createTable("consent_records", (t) => {
+      t.uuid("id").primary();
+      t.uuid("user_id").notNullable().references("id").inTable("users").onDelete("CASCADE");
+      t.string("consent_type", 50).notNullable(); // data_processing | data_sharing | telehealth | research
+      t.boolean("granted").notNullable();
+      t.text("details");
+      t.string("ip_address", 45);
+      t.timestamp("granted_at").notNullable();
+      t.timestamp("revoked_at");
+      t.timestamps(true, true);
+    });
+    logger.info("  ✅ Created: consent_records");
+  }
+
+  // ── AUDIT LOGS (append-only, HIPAA §164.312(b)) ───────
+  if (!(await db.schema.hasTable("audit_logs"))) {
+    await db.schema.createTable("audit_logs", (t) => {
+      t.bigIncrements("id").primary();
+      t.uuid("user_id");
+      t.string("action", 30).notNullable();
+      t.string("resource_type", 30).notNullable();
+      t.uuid("resource_id");
+      t.text("details");                               // JSON, never contains PHI
+      t.string("ip_address", 45);
+      t.text("user_agent");
+      t.string("outcome", 10).notNullable();           // success | failure | denied
+      t.timestamp("created_at").notNullable().defaultTo(db.fn.now());
+
+      // Indexes for compliance queries
+      t.index(["user_id", "created_at"]);
+      t.index(["action", "created_at"]);
+      t.index(["resource_type", "resource_id"]);
+    });
+
+    // CRITICAL: Prevent DELETE/UPDATE on audit_logs
+    // This is enforced at the database level for tamper-evidence
+    await db.raw(`
+      CREATE OR REPLACE FUNCTION prevent_audit_modification()
+      RETURNS TRIGGER AS $$
+      BEGIN
+        RAISE EXCEPTION 'Audit logs are immutable. DELETE and UPDATE are prohibited.';
+        RETURN NULL;
+      END;
+      $$ LANGUAGE plpgsql;
+
+      CREATE TRIGGER audit_logs_no_update
+        BEFORE UPDATE ON audit_logs
+        FOR EACH ROW EXECUTE FUNCTION prevent_audit_modification();
+
+      CREATE TRIGGER audit_logs_no_delete
+        BEFORE DELETE ON audit_logs
+        FOR EACH ROW EXECUTE FUNCTION prevent_audit_modification();
+    `);
+    logger.info("  ✅ Created: audit_logs (immutable, with triggers)");
+  }
+
+  logger.info("✅ All migrations complete");
+}
+
+export async function rollbackMigrations() {
+  const tables = [
+    "audit_logs", "consent_records", "health_reports", "shared_data",
+    "appointments", "provider_contacts", "cardiovascular_risks",
+    "journal_entries", "mood_entries", "symptoms", "ecg_data",
+    "health_metrics", "wearable_devices", "refresh_tokens", "sessions", "users",
+  ];
+
+  // Drop triggers first
+  await db.raw("DROP TRIGGER IF EXISTS audit_logs_no_update ON audit_logs");
+  await db.raw("DROP TRIGGER IF EXISTS audit_logs_no_delete ON audit_logs");
+  await db.raw("DROP FUNCTION IF EXISTS prevent_audit_modification()");
+
+  for (const table of tables) {
+    await db.schema.dropTableIfExists(table);
+    logger.info(`  🗑️ Dropped: ${table}`);
+  }
+  logger.info("✅ Rollback complete");
+}

package/src/migrations/seed.ts

@@ -0,0 +1,159 @@
+import { v4 as uuidv4 } from "uuid";
+import bcrypt from "bcryptjs";
+import { testConnection, closeConnection, db } from "../config/database.js";
+import { encrypt, encryptJSON, hmacHash } from "../services/encryption.js";
+import { logger } from "../utils/logger.js";
+
+/**
+ * Seed the database with demo data matching the original Lovable frontend mock data.
+ * This lets you run the app immediately with realistic data.
+ */
+async function seed() {
+  await testConnection();
+  logger.info("Seeding database...");
+
+  const userId = uuidv4();
+  const passwordHash = await bcrypt.hash("SecureDemo123!", 12);
+
+  // ── User (Sarah Johnson from mock data) ────────────────
+  await db("users").insert({
+    id: userId,
+    email_encrypted: encrypt("sarah.johnson@example.com"),
+    email_hash: hmacHash("sarah.johnson@example.com"),
+    password_hash: passwordHash,
+    full_name_encrypted: encrypt("Sarah Johnson"),
+    date_of_birth_encrypted: encrypt("1993-06-15"),
+    phone_encrypted: encrypt("+1-555-0192"),
+    pregnancy_week: 24,
+    role: "patient",
+    is_active: true,
+    login_attempts: 0,
+  });
+  logger.info("  ✅ Seeded user: Sarah Johnson (sarah.johnson@example.com / SecureDemo123!)");
+
+  // ── Wearable Device ────────────────────────────────────
+  const deviceId = uuidv4();
+  await db("wearable_devices").insert({
+    id: deviceId,
+    user_id: userId,
+    name: "Allyve Maternal Monitor",
+    device_type: "maternal_monitor",
+    battery_level: 68,
+    is_connected: true,
+    last_synced: new Date(Date.now() - 15 * 60 * 1000),
+  });
+
+  // ── Health Metrics ─────────────────────────────────────
+  const metrics = [
+    { name: "Heart Rate", value: "92", unit: "bpm", status: "warning", trend: "rising" },
+    { name: "Blood Pressure", value: "142/88", unit: "mmHg", status: "warning", trend: "rising" },
+    { name: "Blood Glucose", value: "115", unit: "mg/dL", status: "warning", trend: "rising" },
+    { name: "Oxygen Saturation", value: "94", unit: "%", status: "warning", trend: "falling" },
+    { name: "ECG", value: "Ventricular Fibrillation detected", unit: "", status: "critical", trend: "fluctuating" },
+    { name: "PPG", value: "Reduced perfusion", unit: "", status: "warning", trend: "fluctuating" },
+    { name: "Sleep", value: "5.8", unit: "hours", status: "warning", trend: "falling" },
+  ];
+
+  for (const m of metrics) {
+    await db("health_metrics").insert({
+      id: uuidv4(),
+      user_id: userId,
+      metric_name: m.name,
+      value_encrypted: encrypt(m.value),
+      unit: m.unit,
+      status: m.status,
+      trend: m.trend,
+      device_id: deviceId,
+      recorded_at: new Date(),
+    });
+  }
+  logger.info(`  ✅ Seeded ${metrics.length} health metrics`);
+
+  // ── Symptoms ───────────────────────────────────────────
+  const symptoms = [
+    { name: "Shortness of breath", severity: 3, cv: true, daysAgo: 2 },
+    { name: "Heart palpitations", severity: 2, cv: true, daysAgo: 3, notes: "Occurred after climbing stairs" },
+    { name: "Heartburn", severity: 4, cv: true, daysAgo: 1, notes: "After dinner" },
+  ];
+
+  for (const s of symptoms) {
+    await db("symptoms").insert({
+      id: uuidv4(),
+      user_id: userId,
+      name: s.name,
+      severity: s.severity,
+      notes_encrypted: s.notes ? encrypt(s.notes) : null,
+      is_cardiovascular_related: s.cv,
+      recorded_at: new Date(Date.now() - s.daysAgo * 24 * 60 * 60 * 1000),
+    });
+  }
+  logger.info(`  ✅ Seeded ${symptoms.length} symptoms`);
+
+  // ── Mood Entries ───────────────────────────────────────
+  const moods = [
+    { mood: "happy", daysAgo: 1, notes: "Had a good prenatal appointment" },
+    { mood: "neutral", daysAgo: 2 },
+    { mood: "sad", daysAgo: 4, notes: "Feeling anxious about upcoming tests" },
+  ];
+
+  for (const m of moods) {
+    await db("mood_entries").insert({
+      id: uuidv4(),
+      user_id: userId,
+      mood: m.mood,
+      notes_encrypted: m.notes ? encrypt(m.notes) : null,
+      recorded_at: new Date(Date.now() - m.daysAgo * 24 * 60 * 60 * 1000),
+    });
+  }
+  logger.info(`  ✅ Seeded ${moods.length} mood entries`);
+
+  // ── Cardiovascular Risk ────────────────────────────────
+  await db("cardiovascular_risks").insert({
+    id: uuidv4(),
+    user_id: userId,
+    overall_score: 48,
+    factors_encrypted: encryptJSON([
+      { name: "Blood Pressure", contribution: 65, description: "Elevated and trending upward." },
+      { name: "Heart Rate", contribution: 45, description: "Higher than expected for pregnancy stage." },
+      { name: "Symptoms", contribution: 55, description: "Shortness of breath and palpitations are concerning." },
+      { name: "Sleep Pattern", contribution: 40, description: "Sleep disturbances and reduced quality." },
+    ]),
+    trend: "worsening",
+    recommendations_encrypted: encryptJSON([
+      "Contact your cardiologist within 24 hours",
+      "Reduce sodium intake immediately",
+      "Monitor blood pressure three times daily",
+      "Increase rest periods throughout the day",
+      "Report any new symptoms immediately",
+    ]),
+    assessed_at: new Date(),
+  });
+  logger.info("  ✅ Seeded cardiovascular risk assessment");
+
+  // ── Journal Entries ────────────────────────────────────
+  await db("journal_entries").insert({
+    id: uuidv4(),
+    user_id: userId,
+    content_encrypted: encrypt("Feeling the baby kick more today. Had some back pain but otherwise feeling good."),
+    tags: ["movement", "pain", "backache"],
+    recorded_at: new Date(Date.now() - 1 * 24 * 60 * 60 * 1000),
+  });
+
+  await db("journal_entries").insert({
+    id: uuidv4(),
+    user_id: userId,
+    content_encrypted: encrypt("Spoke with my doctor about my last test results. Everything looks normal with the baby. Need to monitor my blood pressure more closely."),
+    tags: ["appointment", "tests", "blood pressure"],
+    recorded_at: new Date(Date.now() - 3 * 24 * 60 * 60 * 1000),
+  });
+  logger.info("  ✅ Seeded 2 journal entries");
+
+  logger.info("\n✅ Seed complete! Demo login: sarah.johnson@example.com / SecureDemo123!");
+
+  await closeConnection();
+}
+
+seed().catch((err) => {
+  logger.error("Seed failed:", err);
+  process.exit(1);
+});