def addMedicalHistory(current_user):
if current_user.rol != 3:
return make_response('Forbidden: Access is denied', 403)
doctor = Doctor.query\
.filter_by(id_user = current_user.id)\
.first()
if not doctor:
return jsonify({"message" : "Forbidde: Access denid, sign up incomplete"})
if doctor.password_changed == 0:
return make_response('Forbidden: Change your password for get access', 403)
data = request.json
id_patient = data['id_patient']
id_doctor = doctor.id
id_patientstatus = data['id_patientstatus']
id_medicalspecialty = doctor.id_medicalspecialty
observation = data['observation']
if not data or not id_patientstatus or not observation:
return make_response('Medical History information incomplete', 422)
new_medicalhistory = MedicalHistory(id_patient, id_doctor, id_patientstatus, id_medicalspecialty, observation)
db.session.add(new_medicalhistory)
db.session.commit()
return jsonify({"message" : "Medical History registered succesfully"}), 201
def signUpDoctor(current_user):
if current_user.account_verified == 0:
return make_response('Forbidden: First confirm your account', 403)
if current_user.rol != 2:
return make_response('Forbidden: Access is denied', 403)
hospital = Hospital.query\
.filter_by(id_user = current_user.id)\
.first()
data = request.json
#USER TABLE INFORMATION TO INSERT
num_doc = data['num_doc']
email = data['email']
password = data['password']
telphone = data['telphone']
uuidunique = uuid.uuid4()
account_verified = 1
rol = 3
new_user = User(
num_doc,
email,
telphone,
generate_password_hash(password, method='sha256'),
uuidunique, account_verified,
rol)
# GO INSERT USER
db.session.add(new_user)
db.session.commit()
hospital = Hospital.query\
.filter_by(id_user = current_user.id)\
.first()
print(hospital)
#FIND NEW USER
user = User.query\
.filter_by(num_doc = num_doc)\
.first()
#DOCTOR TABLE INFORMATION TO INSERT
name = data['name']
address = data['address']
password_changed = 0
id_medicalspecialty = data['id_medicalspecialty']
birthdate = datetime.strptime(data['birthdate'], '%d/%m/%y')
id_user = user.id
id_hospital = hospital.id
if not data or not name or not address or not id_medicalspecialty or not birthdate:
return make_response('Doctor information incomplete', 422)
new_doctor = Doctor(name, address, birthdate, password_changed, id_medicalspecialty, id_user, id_hospital)
db.session.add(new_doctor)
db.session.commit()
return jsonify({'message' : 'Doctor registered and verified successfully'}), 201
def getMedicalHistoriesByDoctorID(current_user, id_doctor):
if current_user.account_verified == 0:
return make_response('Forbidden: First confirm your account', 403)
if current_user.rol != 2:
return make_response('Forbidden: Access is denied', 403)
result = medical_histories.dump(MedicalHistory.query\
.filter_by(id_doctor = id_doctor)
.all())
if result:
return jsonify({"All medical histories" : result })
else:
return jsonify({"message" : "Not medical histories found"})
def completeSignUp(current_user):
if current_user.account_verified == 0:
return make_response('Forbidden: First confirm your account', 403)
auth = request.json
patient = Patient.query\
.filter_by(id_user = current_user.id)\
.first()
hospital = Hospital.query\
.filter_by(id_user = current_user.id)\
.first()
if patient or hospital or current_user.rol == 3:
return jsonify({"message" : "Sign up have been completed yet"}), 409
#PATIENT
if current_user.rol == 1:
name = auth['name']
address = auth['address']
birthdate = datetime.strptime(auth['birthdate'], '%d/%m/%y')
id_user = current_user.id
complete_signup = Patient(name, address, birthdate, id_user)
if not name or not address or not birthdate:
return make_response('Patient information incomplete', 422)
else:
db.session.add(complete_signup)
db.session.commit()
return jsonify({'message' : 'Sign Up Completed Successfully'}), 200
#HOSPITAL
if current_user.rol == 2:
name = auth['name']
address = auth['address']
id_medicalservice = auth['id_medicalservice']
id_user = current_user.id
complete_signup = Hospital(name, address, id_medicalservice, id_user)
if not name or not address or not id_medicalservice:
return make_response('Hospital information incomplete', 422)
else:
db.session.add(complete_signup)
db.session.commit()
return jsonify({'message' : 'Sign Up Completed Successfully'}), 200
def access(token):
if not token:
return make_response(jsonify({'operation': 'failed'}), 401)
try:
token = token['data']
user_t = jwt.decode(token, config.get('JWT_KEY'))
except:
return make_response(jsonify({'operation': 'failed'}), 401)
join_room('notification-{}'.format(user_t['id']))
user = UserModel.query.filter_by(id=user_t['id']).first()
user.status = 'Online'
user.status_color = '#00c413'
db.session.commit()
def validateReg():
if request.method == "POST":
try:
uniqueTag = request.form["tag"]
uname = request.form["uname"]
pwd = request.form["pwd"]
READY = False
if int(uniqueTag) < 10_000 or int(uniqueTag) > 100_000:
READY = False
elif len(uname) < 5:
READY = False
elif len(pwd) < 6:
READY = False
else:
READY = True
if READY:
encodePwd = hashlib.md5(pwd.encode("utf-8"))
token = hashlib.md5((pwd + uname).encode("utf-8"))
con = sqlite3.connect("app/db/users.db")
curs = con.cursor()
SQL = "INSERT INTO users ('tag', 'uname', 'pwd', 'token') VALUES (?, ? , ? , ?)"
curs.execute(SQL, (uniqueTag, uname, encodePwd.hexdigest(),
token.hexdigest()))
con.commit()
con.close()
resp = make_response(redirect("/"))
resp.set_cookie("token", token.hexdigest())
# resp.set_cookie("user", uniqueTag)
return resp, 200
else:
return "failed", 400
def charge_merchant():
merchant_code = request.args.get('merchant_code')
amount = float(request.args.get('amount'))
merchant = Merchant.query.filter_by(code=merchant_code).first()
if merchant:
float_balance = FloatBalance.query.filter_by(
merchant_id=merchant.id).first()
if float_balance.amount > 0:
if float_balance.amount >= amount:
balance = float_balance.amount - amount
float_balance.amount = balance
# update the locked balance
# code missing....
resp = make_response(
jsonify(
message="Float available.",
status=True,
), 200)
return resp
else:
topup = amount - float_balance.amount
resp = make_response(
jsonify(
message="Float not sufficient. Top up Ksh " +
str(topup) + " or more.",
status=False,
), 400)
return resp
else:
topup = float_balance.amount - amount
resp = make_response(
jsonify(
message="Float not sufficient. Top up Ksh " + str(topup) +
" or more.",
status=False,
), 400)
return resp
else:
resp = make_response(
jsonify(message="Unauthorized merchant.", error=True), 401)
return resp
def login():
# creates dictionary of form data
auth = request.json
if not auth or not auth['email'] or not auth['password']:
# returns 401 if any email or / and password is missing
return make_response(
'Could not verify',
401,
{'WWW-Authenticate' : 'Basic realm ="Login required"'}
)
user = User.query\
.filter_by(email = auth['email'])\
.first()
#CODE FOR CONFIRM USER VERIFIED
#if user.account_verified == 0:
#return jsonify({"message":"You have to confirm your account"})
if not user:
# returns 401 if user does not exist
return make_response(
'Could not verify',
401,
{'WWW-Authenticate' : 'Basic realm ="User does not exist"'},
)
if check_password_hash(user.password, auth['password']):
# generates the JWT Token
token = jwt.encode({
'public_id': user.uuid,
'exp' : datetime.utcnow() + timedelta(minutes = 120)
}, app.config['SECRET_KEY'])
return make_response(jsonify({'token' : token}), 200)
# returns 403 if password is wrong
return make_response(
'Could not verify',
403,
{'WWW-Authenticate' : 'Basic realm ="Wrong Password !!"'}
)
def getMedicalHistories(current_user):
if current_user.rol != 3:
return make_response('Forbidden: Access is denied', 403)
doctor = Doctor.query\
.filter_by(id_user = current_user.id)\
.first()
if not doctor:
return jsonify({"message" : "Forbidde: Access denid, sign up incomplete"})
if doctor.password_changed == 0:
return make_response('Forbidden: Change your password for get access', 403)
result = medical_histories.dump(MedicalHistory.query\
.filter_by(id_doctor = doctor.id)
.all())
if result:
return jsonify({"All medical histories" : result })
else:
return jsonify({"message" : "Not medical histories found"})
def validateLogin():
if request.method == "POST":
try:
uname = request.form["uname"]
pwd = request.form["pwd"]
token = hashlib.md5((pwd+uname).encode("utf-8"))
con = sqlite3.connect("app/db/users.db")
curs = con.cursor()
curs.execute(f"SELECT * FROM users WHERE token = '{token.hexdigest()}'")
row = curs.fetchall()
con.close()
if len(row) == 1:
resp = make_response(redirect("/"))
resp.set_cookie("token", token.hexdigest())
return resp , 200
else:
return make_response(redirect("/login?err=true")), 400
# return str(row)
except Exception as e:
return str(e), 400
def getMedicalHistory(current_user):
if current_user.account_verified == 0:
return make_response('Forbidden: First confirm your account', 403)
if current_user.rol != 1:
return make_response('Forbidden: Access is denied', 403)
patient = Patient.query\
.filter_by(id_user = current_user.id)\
.first()
if not patient:
return jsonify({"message" : "Forbidden: Access is denied, Sign up incomplete"})
result = medical_histories.dump(MedicalHistory.query\
.filter_by(id_patient = patient.id)\
.all())
if result:
return jsonify({"All medical histories" : result })
else:
return jsonify({"message" : "Not medical histories found"})
def f_login():
if request.method == "GET":
return render_template("login.html")
elif request.method == "POST":
username = request.form["username"]
password = request.form["password"]
user = users.User()
status = user.login(username, password)
if status == 0:
session["logged_in"] = True
response = make_response(redirect('/panel'))
response.set_cookie('username', username)
return response
else:
print("Status:", status)
message = "Check Username and Password."
return render_template("login.html", login_status=message)
else:
abort(405)
def signup():
auth = request.json
num_doc = auth['num_doc']
email = auth['email']
password = auth['password']
telphone = auth['telphone']
uuidunique = uuid.uuid4()
account_verified = 0
rol = auth['rol']
if not num_doc or not email or not password or not telphone or not rol:
return jsonify({"message" : "User information incomplete"}), 422
if rol > 2 or rol <= 0:
return jsonify({"message" : "Just 2 types of users allowed by this sign up",
"types" : "USER, 1 for PATIENT, 2 for HOSPITAL"}), 422
#CHECKING FOR EXISTING USER
user = user = User.query\
.filter_by(num_doc = auth['num_doc'])\
.first()
if not user:
new_user = User(
num_doc,
email,
telphone,
generate_password_hash(password, method='sha256'),
uuidunique, account_verified,
rol)
# GO INSERT USER
db.session.add(new_user)
db.session.commit()
confirmation_code_msg = Message('Codigo de confirmación [SISGESMEDHIS]', sender = '*****@*****.**', recipients = [email])
confirmation_code_msg.body = "Codigo de confirmación de tu cuenta : " + str(uuidunique)
mail.send(confirmation_code_msg)
return jsonify({'message' : 'Successfully registered',
'important' : 'Confirmation code was sent to your email'}), 201
else:
return make_response('User already exists. Please Log in.', 409)
def validateReg():
if request.method == "POST":
try:
fname = request.form["fname"]
uname = request.form["uname"]
pwd = request.form["pwd"]
email = request.form["email"]
credentials = {
"fname": fname,
"uname": uname,
"pwd": pwd,
"email": email,
}
userToken = hashlib.md5((uname+pwd).encode())
resp = make_response(addUser(credentials))
resp.set_cookie("user-token", userToken.hexdigest())
return resp, 200
except:
return "Bad Request as well", 400
def validateLogin():
if request.method == "POST":
try:
uname = request.form["uname"]
pwd = request.form["pwd"]
userToken = hashlib.md5((uname + pwd).encode())
credentials = {
"uname": uname,
"pwd": pwd,
}
isValidLogin = isLoginValid(credentials)
if isValidLogin:
resp = make_response("success")
resp.set_cookie("user-token", userToken.hexdigest())
return resp, 200
else:
return "wrongcrd", 400
except Exception as e:
return str(e), 500
def make_login():
username = request.form['username']
password = request.form['password']
if not username or not password:
return redirect('/auth/login')
user = PortalUser.query.filter_by(username=username).first()
print user.password
if user:
password_isvalid = bcrypt.checkpw(password.encode('utf8'),
user.password.encode('utf8'))
print password_isvalid
if password_isvalid:
resp = make_response(redirect('/'))
resp.set_cookie('user', user.username)
return resp
else:
return redirect('/auth/login')
else:
return redirect('/auth/login')
def config_():
res = make_response(json.dumps(config.get()))
res.mimetype = 'application/json'
return res
def api_error(message, status_code=400):
return app.make_response(json.dumps(message), status_code)
def not_found(error):
return make_response(jsonify({'error': 'Bad request'}), 400)
def not_found(error):
return make_response(jsonify({'error': 'Not found'}), 404)
