diff --git a/pom.xml b/pom.xml
index cd3a8f6d..530d60e7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
com.iemr.tm
tm-api
- 3.4.0
+ 3.6.1
war
TM-API
diff --git a/src/main/java/com/iemr/tm/controller/common/main/WorklistController.java b/src/main/java/com/iemr/tm/controller/common/main/WorklistController.java
index 36217a88..308ecf81 100644
--- a/src/main/java/com/iemr/tm/controller/common/main/WorklistController.java
+++ b/src/main/java/com/iemr/tm/controller/common/main/WorklistController.java
@@ -41,11 +41,14 @@
import com.iemr.tm.service.common.transaction.CommonDoctorServiceImpl;
import com.iemr.tm.service.common.transaction.CommonNurseServiceImpl;
import com.iemr.tm.service.common.transaction.CommonServiceImpl;
+import com.iemr.tm.utils.CookieUtil;
+import com.iemr.tm.utils.JwtUtil;
import com.iemr.tm.utils.mapper.InputMapper;
import com.iemr.tm.utils.response.OutputResponse;
import io.lettuce.core.dynamic.annotation.Param;
import io.swagger.v3.oas.annotations.Operation;
+import jakarta.servlet.http.HttpServletRequest;
@RestController
@RequestMapping(value = "/common", headers = "Authorization", consumes = "application/json", produces = "application/json")
@@ -57,6 +60,9 @@ public class WorklistController {
private CommonServiceImpl commonServiceImpl;
private InputMapper inputMapper = new InputMapper();
+ @Autowired
+ private JwtUtil jwtUtil;
+
@Autowired
public void setCommonServiceImpl(CommonServiceImpl commonServiceImpl) {
this.commonServiceImpl = commonServiceImpl;
@@ -676,20 +682,24 @@ public String getBeneficiaryCaseSheetHistory(
// TC specialist worklist new
@Operation(summary = "Get teleconsultation specialist worklist")
- @GetMapping(value = { "/getTCSpecialistWorklist/{providerServiceMapID}/{serviceID}/{userID}" })
+ @GetMapping(value = { "/getTCSpecialistWorklist/{providerServiceMapID}/{serviceID}" })
public String getTCSpecialistWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
- @PathVariable("userID") Integer userID, @PathVariable("serviceID") Integer serviceID) {
+ @PathVariable("serviceID") Integer serviceID, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
- if (providerServiceMapID != null && userID != null) {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
+ if (providerServiceMapID != null && userId != null ) {
String s = commonDoctorServiceImpl.getTCSpecialistWorkListNewForTM(providerServiceMapID, userID,
serviceID);
if (s != null)
response.setResponse(s);
+ } else if(userId == null || jwtToken == null) {
+ response.setError(403, "Unauthorized access!");
} else {
- logger.error("Invalid request, either ProviderServiceMapID or userID is invalid. PSMID = "
- + providerServiceMapID + " SID = " + userID);
- response.setError(5000, "Invalid request, either ProviderServiceMapID or userID is invalid");
+ logger.error("Invalid request");
+ response.setError(5000, "Invalid request");
}
} catch (Exception e) {
@@ -702,21 +712,25 @@ public String getTCSpecialistWorkListNew(@PathVariable("providerServiceMapID") I
// TC specialist worklist new, patient App, 14-08-2020
@Operation(summary = "Get teleconsultation specialist worklist for patient app")
@GetMapping(value = {
- "/getTCSpecialistWorklistPatientApp/{providerServiceMapID}/{serviceID}/{userID}/{vanID}" })
+ "/getTCSpecialistWorklistPatientApp/{providerServiceMapID}/{serviceID}/{vanID}" })
public String getTCSpecialistWorkListNewPatientApp(
- @PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("userID") Integer userID,
- @PathVariable("serviceID") Integer serviceID, @PathVariable("vanID") Integer vanID) {
+ @PathVariable("providerServiceMapID") Integer providerServiceMapID,
+ @PathVariable("serviceID") Integer serviceID, @PathVariable("vanID") Integer vanID, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
if (providerServiceMapID != null && userID != null) {
String s = commonDoctorServiceImpl.getTCSpecialistWorkListNewForTMPatientApp(providerServiceMapID,
userID, serviceID, vanID);
if (s != null)
response.setResponse(s);
+ } else if(userId == null || jwtToken == null) {
+ response.setError(403, "Unauthorized access!");
} else {
- logger.error("Invalid request, either ProviderServiceMapID or userID is invalid. PSMID = "
- + providerServiceMapID + " SID = " + userID);
- response.setError(5000, "Invalid request, either ProviderServiceMapID or userID is invalid");
+ logger.error("Invalid request");
+ response.setError(5000, "Invalid request");
}
} catch (Exception e) {
@@ -729,21 +743,26 @@ public String getTCSpecialistWorkListNewPatientApp(
// TC specialist worklist new future scheduled
@Operation(summary = "Get teleconsultation specialist future scheduled")
@GetMapping(value = {
- "/getTCSpecialistWorklistFutureScheduled/{providerServiceMapID}/{serviceID}/{userID}" })
+ "/getTCSpecialistWorklistFutureScheduled/{providerServiceMapID}/{serviceID}" })
public String getTCSpecialistWorklistFutureScheduled(
- @PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("userID") Integer userID,
- @PathVariable("serviceID") Integer serviceID) {
+ @PathVariable("providerServiceMapID") Integer providerServiceMapID,
+ @PathVariable("serviceID") Integer serviceID, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
- if (providerServiceMapID != null && userID != null) {
+
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
+ if (providerServiceMapID != null && userID != null ) {
String s = commonDoctorServiceImpl.getTCSpecialistWorkListNewFutureScheduledForTM(providerServiceMapID,
userID, serviceID);
if (s != null)
response.setResponse(s);
+ } else if(userId == null || jwtToken == null) {
+ response.setError(403, "Unauthorized access!");
} else {
- logger.error("Invalid request, either ProviderServiceMapID or userID is invalid. PSMID = "
- + providerServiceMapID + " UserID = " + userID);
- response.setError(5000, "Invalid request, either ProviderServiceMapID or userID is invalid");
+ logger.error("Invalid request");
+ response.setError(5000, "Invalid request");
}
} catch (Exception e) {
diff --git a/src/main/java/com/iemr/tm/controller/login/IemrMmuLoginController.java b/src/main/java/com/iemr/tm/controller/login/IemrMmuLoginController.java
index 6d2c06f7..de8c36f5 100644
--- a/src/main/java/com/iemr/tm/controller/login/IemrMmuLoginController.java
+++ b/src/main/java/com/iemr/tm/controller/login/IemrMmuLoginController.java
@@ -35,10 +35,13 @@
import com.iemr.tm.controller.registrar.main.RegistrarController;
import com.iemr.tm.service.login.IemrMmuLoginServiceImpl;
+import com.iemr.tm.utils.CookieUtil;
+import com.iemr.tm.utils.JwtUtil;
import com.iemr.tm.utils.mapper.InputMapper;
import com.iemr.tm.utils.response.OutputResponse;
import io.swagger.v3.oas.annotations.Operation;
+import jakarta.servlet.http.HttpServletRequest;
@RestController
@RequestMapping(value = "/user", headers = "Authorization", consumes = "application/json", produces = "application/json")
@@ -49,6 +52,10 @@ public class IemrMmuLoginController {
private IemrMmuLoginServiceImpl iemrMmuLoginServiceImpl;
+
+ @Autowired
+ private JwtUtil jwtUtil;
+
@Autowired
public void setIemrMmuLoginServiceImpl(IemrMmuLoginServiceImpl iemrMmuLoginServiceImpl) {
this.iemrMmuLoginServiceImpl = iemrMmuLoginServiceImpl;
@@ -57,13 +64,21 @@ public void setIemrMmuLoginServiceImpl(IemrMmuLoginServiceImpl iemrMmuLoginServi
@Operation(summary = "Get user service point van details")
@PostMapping(value = "/getUserServicePointVanDetails", produces = {
"application/json" })
- public String getUserServicePointVanDetails(@RequestBody String comingRequest) {
+ public String getUserServicePointVanDetails(@RequestBody String comingRequest, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
+
JSONObject obj = new JSONObject(comingRequest);
logger.info("getUserServicePointVanDetails request " + comingRequest);
- String responseData = iemrMmuLoginServiceImpl.getUserServicePointVanDetails(obj.getInt("userID"));
+ if (userId == null || jwtToken ==null) {
+ response.setError(403, "Unauthorized access: Missing or invalid token");
+ return response.toString();
+ }
+ String responseData = iemrMmuLoginServiceImpl.getUserServicePointVanDetails(userID);
response.setResponse(responseData);
} catch (Exception e) {
// e.printStackTrace();
@@ -97,17 +112,23 @@ public String getServicepointVillages(@RequestBody String comingRequest) {
@Operation(summary = "Get user service point van details")
@PostMapping(value = "/getUserVanSpDetails", produces = { "application/json" })
- public String getUserVanSpDetails(@RequestBody String comingRequest) {
+ public String getUserVanSpDetails(@RequestBody String comingRequest, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
JSONObject obj = new JSONObject(comingRequest);
logger.info("getServicepointVillages request " + comingRequest);
- if (obj.has("userID") && obj.has("providerServiceMapID")) {
- String responseData = iemrMmuLoginServiceImpl.getUserVanSpDetails(obj.getInt("userID"),
- obj.getInt("providerServiceMapID"));
- response.setResponse(responseData);
- } else {
+
+ if (userId !=null && obj.has("providerServiceMapID")) {
+ String responseData = iemrMmuLoginServiceImpl.getUserVanSpDetails(userID,
+ obj.getInt("providerServiceMapID"));
+ response.setResponse(responseData);
+ } else if(userId == null || jwtToken ==null) {
+ response.setError(403, "Unauthorized access : Missing or invalid token");
+ } else {
response.setError(5000, "Invalid request");
}
} catch (Exception e) {
diff --git a/src/main/java/com/iemr/tm/controller/teleconsultation/TeleConsultationController.java b/src/main/java/com/iemr/tm/controller/teleconsultation/TeleConsultationController.java
index 92e95b44..390d05c7 100644
--- a/src/main/java/com/iemr/tm/controller/teleconsultation/TeleConsultationController.java
+++ b/src/main/java/com/iemr/tm/controller/teleconsultation/TeleConsultationController.java
@@ -30,6 +30,9 @@
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
+import jakarta.servlet.http.HttpServletRequest;
+import com.iemr.tm.utils.CookieUtil;
+import com.iemr.tm.utils.JwtUtil;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
@@ -47,6 +50,9 @@ public class TeleConsultationController {
@Autowired
private TeleConsultationServiceImpl teleConsultationServiceImpl;
+ @Autowired
+ private JwtUtil jwtUtil;
+
@Operation(summary = "Update beneficiary arrival status based on request")
@PostMapping(value = { "/update/benArrivalStatus" })
public String benArrivalStatusUpdater(@RequestBody String requestOBJ) {
@@ -137,24 +143,30 @@ public String createTCRequestForBeneficiary(@RequestBody String requestOBJ, @Req
// TC request List
@Operation(summary = "Get teleconsultation request list for a specialist")
@PostMapping(value = { "/getTCRequestList" })
- public String getTCSpecialistWorkListNew(@RequestBody String requestOBJ) {
+ public String getTCSpecialistWorkListNew(@RequestBody String requestOBJ, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
+
if (requestOBJ != null) {
JsonObject jsnOBJ = new JsonObject();
JsonParser jsnParser = new JsonParser();
JsonElement jsnElmnt = jsnParser.parse(requestOBJ);
jsnOBJ = jsnElmnt.getAsJsonObject();
-
+ if (userId != null) {
String s = teleConsultationServiceImpl.getTCRequestListBySpecialistIdAndDate(
- jsnOBJ.get("psmID").getAsInt(), jsnOBJ.get("userID").getAsInt(),
+ jsnOBJ.get("psmID").getAsInt(), userID,
jsnOBJ.get("date").getAsString());
if (s != null)
response.setResponse(s);
} else {
- logger.error("Invalid request, either ProviderServiceMapID or userID or reqDate is invalid");
+ response.setError(403, "Unauthorized access!");
+ } } else {
+ logger.error("Invalid request, either ProviderServiceMapID or reqDate is invalid");
response.setError(5000,
- "Invalid request, either ProviderServiceMapID or UserID or RequestDate is invalid");
+ "Invalid request, either ProviderServiceMapID or RequestDate is invalid");
}
} catch (Exception e) {
diff --git a/src/main/java/com/iemr/tm/controller/videoconsultationcontroller/VideoConsultationController.java b/src/main/java/com/iemr/tm/controller/videoconsultationcontroller/VideoConsultationController.java
index aca8405a..90243696 100644
--- a/src/main/java/com/iemr/tm/controller/videoconsultationcontroller/VideoConsultationController.java
+++ b/src/main/java/com/iemr/tm/controller/videoconsultationcontroller/VideoConsultationController.java
@@ -32,6 +32,9 @@
import com.iemr.tm.service.videoconsultation.VideoConsultationService;
import com.iemr.tm.utils.response.OutputResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import com.iemr.tm.utils.CookieUtil;
+import com.iemr.tm.utils.JwtUtil;
import io.swagger.v3.oas.annotations.Operation;
@@ -44,19 +47,26 @@ public class VideoConsultationController {
@Autowired
private VideoConsultationService videoConsultationService;
+ @Autowired
+ private JwtUtil jwtUtil;
+
@Operation(summary = "Login to video consultation service")
@GetMapping(value = "/login/{userID}", headers = "Authorization", produces = {
"application/json" })
- public String login(@PathVariable("userID") Long userID) {
+ public String login(@PathVariable("userID") Long userID, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
-
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
- String createdData = videoConsultationService.login(userID);
-
- response.setResponse(createdData.toString());
+ if(userID.toString().equals(userId)) {
+ String createdData = videoConsultationService.login(userID);
+ response.setResponse(createdData.toString());
+ } else {
+ response.setError(403, "Unauthorized access!");
+ }
} catch (Exception e) {
logger.error(e.getMessage());
response.setError(e);
diff --git a/src/main/java/com/iemr/tm/utils/JwtUtil.java b/src/main/java/com/iemr/tm/utils/JwtUtil.java
index 2639896e..e0576c71 100644
--- a/src/main/java/com/iemr/tm/utils/JwtUtil.java
+++ b/src/main/java/com/iemr/tm/utils/JwtUtil.java
@@ -66,4 +66,13 @@ private Claims extractAllClaims(String token) {
.parseSignedClaims(token)
.getPayload();
}
+
+ public String getUserIdFromToken(String token) {
+ Claims claims = validateToken(token);
+ if (claims == null) {
+ return null;
+ }
+ return claims.get("userId", String.class);
+ }
}
+