oro-sdk 3.13.0 → 3.16.0

package/dist/sdk-revision/client.d.ts

@@ -1,21 +1,12 @@
-import { Grant, VaultIndex } from 'oro-sdk-apis';
+import { Grant } from 'oro-sdk-apis';
 import { OroClient, Uuid } from '..';
 /**
  * @name filterGrantsWithLockboxMetadata
- * @description searches for the applied filters in the vault index
+ * @description searches for the existance of a consult uuid in each granted lockbox
  * @param oroClient
- * @param filter: the metadata filter applied to each the lockboxes
- * @param vaultIndex: the index to which the filter will be applied
- * @param forceRefresh
- * @returns the filtered grants
+ * @param filter: the consult uuid
+ * @returns the grants containing the consult uuid
  */
-export declare function filterGrantsWithLockboxMetadata(oroClient: OroClient, filter?: {
+export declare function filterGrantsWithLockboxMetadata(oroClient: OroClient, filter: {
     consultationId: Uuid;
-}, vaultIndex?: VaultIndex, forceRefresh?: boolean): Promise<Grant[]>;
-/** Finds all grants for the logged user
- *  requests a list of unique consultation ids for each lockbox the user has access to
- *  builds and sets the index of consultations
- * @param oroClient
- * @returns the constructed vaultIndex
- */
-export declare function buildLegacyVaultIndex(oroClient: OroClient): Promise<VaultIndex>;
+}): Promise<Grant[]>;

package/package.json

@@ -1,5 +1,5 @@
 {
-    "version": "3.13.0",
+    "version": "3.16.0",
     "main": "dist/index.js",
     "typings": "dist/index.d.ts",
     "files": [
@@ -54,7 +54,7 @@
         "form-data": "^4.0.0",
         "formdata-node": "^4.3.1",
         "idb-keyval": "^5.0.6",
-        "oro-sdk-apis": "1.48.0",
+        "oro-sdk-apis": "1.50.0",
         "oro-toolbox": "0.0.6",
         "uuid": "^8.3.2"
     }

package/src/client.ts

@@ -1,4 +1,5 @@
 import {
+    AllRoleType,
     AuthTokenRequest,
     Consult,
     ConsultRequest,
@@ -23,12 +24,15 @@ import {
     Meta,
     Metadata,
     MetadataCategory,
+    OtherRoleType,
     PersonalMeta,
     PopulatedWorkflowData,
     Practice,
     PracticeService,
+    PractitionnerRoleType,
     PreferenceMeta,
     RecoveryMeta,
+    RoleBasedScopes,
     SearchService,
     SecretShard,
     TellerService,
@@ -48,13 +52,14 @@ import {
     IncompleteAuthentication,
     LocalEncryptedData,
     MissingGrant,
+    MissingGrantFilter,
     MissingLockbox,
     MissingLockboxOwner,
     RecoveryData,
     RegisterPatientOutput,
     UserPreference,
 } from './models'
-import { buildLegacyVaultIndex, filterGrantsWithLockboxMetadata } from './sdk-revision'
+import { filterGrantsWithLockboxMetadata } from './sdk-revision'
 
 export class OroClient {
     private rsa?: CryptoRSA
@@ -83,13 +88,12 @@ export class OroClient {
         public workflowClient: WorkflowService,
         public diagnosisClient: DiagnosisService,
         private authenticationCallback?: (err: Error) => void
-    ) {}
+    ) { }
 
     /**
      * clears the vaultIndex and cached metadata grants
      */
     public async cleanIndex() {
-        this.vaultIndex = undefined
         this.cachedMetadataGrants = {}
         this.cachedManifest = {}
     }
@@ -297,28 +301,6 @@ export class OroClient {
         return registerPatient(patientUuid, consult, workflow, this, this.toolbox.uuid(), recoveryQA, indexSearch)
     }
 
-    /**
-     * Builds the vault index for the logged user
-     *
-     * Steps:
-     * 1. Retrieves, decrypts and sets the lockbox IndexSnapshot
-     * 2. Retrieves, decrypts and adds all other index entries starting at the snapshot timestamp
-     * 3. Updates the IndexSnapshot if changed
-     * @deprecated
-     * @returns the latest vault index
-     */
-    public async buildVaultIndex(forceRefresh: boolean = false) {
-        if (!this.vaultIndex || forceRefresh) await buildLegacyVaultIndex(this)
-    }
-
-    /**
-     * Setter for the vault index
-     * @param index
-     */
-    public setVaultIndex(index: VaultIndex) {
-        this.vaultIndex = index
-    }
-
     /**
      * Fetches all grants, and consultations that exist in each lockbox
      * Then updates the index for the current user with the lockbox consult relationship
@@ -393,91 +375,25 @@ export class OroClient {
                         }))
                         .map(
                             (e: IndexConsultLockbox) =>
-                                ({
-                                    uuid: e.uuid,
-                                    timestamp: e.timestamp,
-                                    uniqueHash: e.uniqueHash,
-                                    encryptedIndexEntry: CryptoRSA.jsonWithPubEncryptToBase64(
-                                        {
-                                            consultationId: e.consultationId,
-                                            grant: e.grant,
-                                        },
-                                        rsaPub
-                                    ),
-                                } as EncryptedIndexEntry)
+                            ({
+                                uuid: e.uuid,
+                                timestamp: e.timestamp,
+                                uniqueHash: e.uniqueHash,
+                                encryptedIndexEntry: CryptoRSA.jsonWithPubEncryptToBase64(
+                                    {
+                                        consultationId: e.consultationId,
+                                        grant: e.grant,
+                                    },
+                                    rsaPub
+                                ),
+                            } as EncryptedIndexEntry)
                         )
                     break
-                //// DEPRECATED : REMOVE ME : BEGIN ///////////////////////////////////////////
-                case IndexKey.Consultation:
-                    encryptedIndex[key] = (entries[key] as IndexConsultLockbox[])
-                        .map((e) => ({
-                            ...e,
-                            uniqueHash: this.toolbox.hashStringToBase64(
-                                JSON.stringify({
-                                    consultationId: e.consultationId,
-                                    grant: e.grant,
-                                })
-                            ),
-                        }))
-                        .filter(
-                            (e) =>
-                                !this.vaultIndex ||
-                                !this.vaultIndex[IndexKey.Consultation]?.find((v) => v.uniqueHash === e.uniqueHash)
-                        )
-                        .map(
-                            (e: IndexConsultLockbox) =>
-                                ({
-                                    uuid: e.uuid,
-                                    timestamp: e.timestamp,
-                                    uniqueHash: e.uniqueHash,
-                                    encryptedIndexEntry: CryptoRSA.jsonWithPubEncryptToBase64(
-                                        {
-                                            consultationId: e.consultationId,
-                                            grant: e.grant,
-                                        },
-                                        rsaPub
-                                    ),
-                                } as EncryptedIndexEntry)
-                        )
-                    break
-                //// DEPRECATED : REMOVE ME : END ///////////////////////////////////////////
             }
         }
         await this.vaultClient.vaultIndexPut(encryptedIndex, indexOwnerUuid)
     }
 
-    /**
-     * adds or updates the index snapshot for the logged user
-     * @param index
-     */
-    public async indexSnapshotAdd(index: VaultIndex) {
-        if (!this.rsa) throw IncompleteAuthentication
-        let rsaPub: Uint8Array = this.rsa.public()
-
-        let cleanedIndex: VaultIndex = {
-            [IndexKey.Consultation]: index[IndexKey.Consultation]
-                ?.filter((c) => c)
-                .map((c) => {
-                    return {
-                        grant: c.grant,
-                        consultationId: c.consultationId,
-                    }
-                }),
-        }
-
-        // the data of the snapshot should not contain the `IndexEntry` data
-        // (will create conflicts while updating)
-        let encryptedIndexEntry = CryptoRSA.jsonWithPubEncryptToBase64(cleanedIndex, rsaPub)
-
-        // The encryptedIndexEntry can have the uuid and timstamp (for updating)
-        let encryptedIndex: EncryptedIndexEntry = {
-            uuid: index.uuid,
-            timestamp: index.timestamp,
-            encryptedIndexEntry,
-        }
-        this.vaultClient.vaultIndexSnapshotPut(encryptedIndex)
-    }
-
     /**
      * @name grantLockbox
      * @description Grants a lockbox by retrieving the shared secret of the lockbox and encrypting it with the grantees public key
@@ -777,44 +693,60 @@ export class OroClient {
      * @param filter: the consultationId in which the grant exists
      * @returns decrypted lockboxes granted to user
      */
-    public async getGrants(filter?: { consultationId: Uuid }, forceRefresh: boolean = false): Promise<Grant[]> {
+    public async getGrants(filter?: { consultationId: Uuid }): Promise<Grant[]> {
         if (!this.rsa) throw IncompleteAuthentication
 
         let filterString = JSON.stringify(filter)
         // retrieves cached grants
-        // Note: if filters is set to empty, it will be stored in the `undefined` key
-        if (!forceRefresh && this.cachedMetadataGrants[filterString]) return this.cachedMetadataGrants[filterString]
-
-        // if there is a filter to apply, then the grant can be retrieved from the vault index, otherwise, all grants are fetched
+        if (this.cachedMetadataGrants[filterString]) return this.cachedMetadataGrants[filterString]
+
+        // We're using the account role to determine the way a grant is accessed
+        let currentAccountRole = await this.getAccountRole()
+
+        if ([OtherRoleType.Patient, OtherRoleType.User].every(requiredRole => currentAccountRole.includes(requiredRole))) {
+            let encryptedGrants
+            // if there are no grants with the applied filter from index, attempt for naive filter with backwards compatibility
+            if (filter) {
+                encryptedGrants = await filterGrantsWithLockboxMetadata(this, filter)
+            } else {
+                encryptedGrants = (await this.vaultClient.grantsGet()).grants
+            }
+            const decryptedGrants = await decryptGrants(encryptedGrants, this.rsa)
+            // sets the cached grant
+            this.cachedMetadataGrants[filterString] = decryptedGrants
+            console.info('[sdk:grant] Found grant for patient')
+            return decryptedGrants
+        }
+        // if not a patient, then a practitioner is trying to retrieve a grant, it **Must** contain a filter, otherwise too many grants are possible
+        if (!filter)
+            throw MissingGrantFilter
         // Note: will work only if the filter being applied is exclusively a consult id
-        const grantsByConsultLockbox = filter
-            ? await this.vaultClient
-                  .vaultIndexGet([IndexKey.ConsultationLockbox], [filter.consultationId])
-                  .then((res) => res[IndexKey.ConsultationLockbox])
-                  .catch((e) => {
-                      console.error(e)
-                      return []
-                  })
-            : undefined
+        const grantsByConsultLockbox = await this.vaultClient
+            .vaultIndexGet([IndexKey.ConsultationLockbox], [filter.consultationId])
+            .then((res) => res[IndexKey.ConsultationLockbox])
+            .catch((e) => {
+                console.error(e)
+                return []
+            })
+
         const decryptedConsults = decryptConsultLockboxGrants(grantsByConsultLockbox ?? [], this.rsa)
         if (decryptedConsults.length > 0) {
             console.info('[sdk:index] Grants found in user`s constant time secure index')
-            this.cachedMetadataGrants[JSON.stringify(filter)] = decryptedConsults
+            this.cachedMetadataGrants[filterString] = decryptedConsults
             return this.cachedMetadataGrants[filterString]
         }
 
-        let encryptedGrants
-        // if there are no grants with the applied filter from index, attempt for naive filter with backwards compatibility
-        if (filter) {
-            encryptedGrants = await filterGrantsWithLockboxMetadata(this, filter, this.vaultIndex, forceRefresh)
-        } else {
-            encryptedGrants = (await this.vaultClient.grantsGet()).grants
-        }
+        // if we have no valid grants, then return nothing
+        return []
+    }
 
-        const decryptedGrants = await decryptGrants(encryptedGrants, this.rsa)
-        // sets the cached grant
-        this.cachedMetadataGrants[filterString] = decryptedGrants
-        return decryptedGrants
+    /**
+     * Fetches the role of the account that is logged in
+     * 
+     * @returns the role based scopes defined by the whoami
+     */
+    async getAccountRole(): Promise<RoleBasedScopes[]> {
+        return (await this.guardClient.whoAmI()).scope.split(' ') as RoleBasedScopes[]
     }
 
     /**
@@ -1206,9 +1138,9 @@ export class OroClient {
      *  @param practiceUuid the uuid of the practice to look consult into
      * @returns the list of consults
      */
-    public async getAssignedConsultations(practiceUuid: Uuid, forceRefresh: boolean = false): Promise<Consult[]> {
+    public async getAssignedConsultations(practiceUuid: Uuid): Promise<Consult[]> {
         return Promise.all(
-            (await this.getGrants(undefined, forceRefresh)).map((grant) =>
+            (await this.getGrants()).map((grant) =>
                 this.getLockboxManifest(
                     grant.lockboxUuid!,
                     {
@@ -1216,8 +1148,7 @@ export class OroClient {
                         documentType: DocumentType.PopulatedWorkflowData,
                     },
                     true,
-                    undefined,
-                    forceRefresh
+                    undefined
                 ).then((manifest) =>
                     Promise.all(
                         manifest.map(
@@ -1278,7 +1209,7 @@ export class OroClient {
     ): Promise<PopulatedWorkflowData[]> {
         //TODO: make use of getPatientDocumentsList instead of doing it manually here
         return Promise.all(
-            (await this.getGrants({ consultationId }, forceRefresh))
+            (await this.getGrants({ consultationId }))
                 .map((grant) =>
                     this.getLockboxManifest(
                         grant.lockboxUuid!,

package/src/helpers/patient-registration.ts

@@ -194,7 +194,7 @@ export async function registerPatient(
             await Promise.all([...grantPromises, ...consultIndexPromises])
 
 
-            if(indexSearch) {
+            if (indexSearch) {
                 await buildConsultSearchIndex(consult, workflow, oroClient).catch((err) => {
                     console.error(
                         '[SDK: registration] personal information not found or another error occured during search indexing',
@@ -265,7 +265,7 @@ async function getOrCreatePatientConsultationUuid(consult: ConsultRequest, oroCl
  * @returns the lockbox Uuid
  */
 async function getOrCreatePatientLockbox(oroClient: OroClient): Promise<Uuid> {
-    let grants = await oroClient.getGrants(undefined, true)
+    let grants = await oroClient.getGrants()
     if (grants.length > 0) {
         console.log('The grant has already been created, skipping lockbox create step')
         return grants[0].lockboxUuid!

package/src/models/error.ts

@@ -1,6 +1,7 @@
-export class IncompleteAuthentication extends Error {}
-export class MissingGrant extends Error {}
-export class MissingLockbox extends Error {}
-export class MissingLockboxOwner extends Error {}
-export class AssociatedLockboxNotFound extends Error {}
-export class WorkflowAnswersMissingError extends Error {}
+export class IncompleteAuthentication extends Error { }
+export class MissingGrant extends Error { }
+export class MissingGrantFilter extends Error { }
+export class MissingLockbox extends Error { }
+export class MissingLockboxOwner extends Error { }
+export class AssociatedLockboxNotFound extends Error { }
+export class WorkflowAnswersMissingError extends Error { }

package/src/sdk-revision/client.ts

@@ -3,65 +3,27 @@ import { OroClient, Uuid } from '..'
 
 /**
  * @name filterGrantsWithLockboxMetadata
- * @description searches for the applied filters in the vault index
+ * @description searches for the existance of a consult uuid in each granted lockbox
  * @param oroClient
- * @param filter: the metadata filter applied to each the lockboxes
- * @param vaultIndex: the index to which the filter will be applied
- * @param forceRefresh
- * @returns the filtered grants
+ * @param filter: the consult uuid
+ * @returns the grants containing the consult uuid
  */
 export async function filterGrantsWithLockboxMetadata(
     oroClient: OroClient,
-    filter?: { consultationId: Uuid },
-    vaultIndex?: VaultIndex,
-    forceRefresh = false
+    filter: { consultationId: Uuid },
 ): Promise<Grant[]> {
-    if (!vaultIndex || forceRefresh) {
-        vaultIndex = await buildLegacyVaultIndex(oroClient)
-    }
-    if (vaultIndex[IndexKey.Consultation] && filter) {
-        let indexConsults = (vaultIndex[IndexKey.Consultation] ?? [])
-            .filter((consultGrant: { consultationId: Uuid }) => consultGrant.consultationId === filter.consultationId)
-            .map((consultGrant: { consultationId: Uuid; grant: Grant }) => consultGrant.grant as Grant)
-        return indexConsults as Grant[]
-    } else {
-        // No grants exist and the index has already been built
-        return []
-    }
-}
-
-/** Finds all grants for the logged user
- *  requests a list of unique consultation ids for each lockbox the user has access to
- *  builds and sets the index of consultations
- * @param oroClient
- * @returns the constructed vaultIndex
- */
-export async function buildLegacyVaultIndex(oroClient: OroClient): Promise<VaultIndex> {
     let grants = await oroClient.getGrants()
-    let consultGrants: IndexConsultLockbox[] = []
+    let filteredGrants = []
     for (let grant of grants) {
-        let consults = (
-            await oroClient.vaultClient.lockboxMetadataGet(grant.lockboxUuid!, ['consultationId'], [], {
-                category: MetadataCategory.Consultation,
-            })
-        )[0] as Uuid[]
-
-        consultGrants = [
-            ...consultGrants,
-            ...consults.map((consult: any) => ({
-                ...consult,
-                grant: {
-                    lockboxOwnerUuid: grant.lockboxOwnerUuid,
-                    lockboxUuid: grant.lockboxUuid,
-                },
-            })),
-        ]
+        // Fetches in each lockbox the existance of a given consult id
+        let consultationIdExistsInMetadata = await oroClient.vaultClient.lockboxMetadataGet(grant.lockboxUuid!, ['consultationId'], [], {
+            category: MetadataCategory.Consultation,
+            consultationId: filter.consultationId
+        })
+        // If there are entries in the metadata, it means that the consult exists in the lockbox
+        if (consultationIdExistsInMetadata[0].length >= 0)
+            filteredGrants.push(grant)
     }
 
-    let vaultIndex = {
-        [IndexKey.Consultation]: consultGrants,
-    }
-    oroClient.setVaultIndex(vaultIndex)
-    console.info('[sdk:index] Successfully Built Vault Index')
-    return vaultIndex
+    return filteredGrants
 }