- How to start
- Purpose of EPMS-Service
- Auth Module
- Employee Module
- Patient Module
- Error Responses
- Authorization
The service runs on localhost:3000. Ensure that Port 3000 is free and nothing else is running on it
Have Nodejs and NPM installed. Once installed pull the repo and run:
$ npm installOnce packages have been installed run:
$ npm runYou will need the environment variable DB_URI to connect to the database
EPMS-Service is the backend to the Employee Patient Management Service
Deployed Link: https://epms-service-api-q8l3e.ondigitalocean.app/
The Auth module handles the following actions:
- Logging in
- Changing password
- Is Authorized
The routes:
| HTTP | Route | Description |
|---|---|---|
| PATCH | /auth/password | Change the password of a user |
| POST | /auth/login | Log a user of the system in |
| POST | /auth | Checks to see if a user is authorized |
{
password: string,
newpassword: string
}
In the request header, the Authorization header must be set with a bearer token given during login.
{
userid: string,
password: string
}
Response on a successful login:
{
token: string
}
This route allows the client to see if a user currently using the system is authorized to perform an action.
A Token must be provided in the Authorization Header
Please refer to Authorization to understand how to set up the header
The following is what should be sent in the request body:
{
authorization: [
'PERMISSION'
]
}
Authorization is an array of string values that can only be the following: nurse, doctor, administrator, receptionist, vendor
If you are using angular, you can create a Permissions.ts file and enter the following into the file:
export const PERMISSIONS = {
ADMIN: 'administrator',
NURSE: 'nurse',
DOCTOR: 'doctor',
VENDOR: 'vendor',
RECEPTIONIST: 'receptionist'
}You can put multiple of these permissions into one request. If one matches what permissions to the token, true is returned.
The following is what the response will look like:
{
isAuthorized: boolean
}
The Employee Module handles the following actions:
- Creating a new employee
- Update an employee
- Get an Employee
- Get all Employees
- Search Employees
| HTTP | Route | Description |
|---|---|---|
| GET | /employees | Get a list of all the employees |
| GET | /employess/search | Search for a specific employee |
| GET | /employees/:id | Get an employee by their id |
| POST | /employees | Create a new employee |
| PATCH | /employees/:id | Update an employee |
Note: All these requests require a bearer token and administrator authorization
Get a list of all the employees. No request body needed. Authorization required Response:
{
employees: employee[]
}
Get a list of employees based on a query.
| Query Params | Description | Optional? |
|---|---|---|
| employeeid | The employee id of an employee | Yes |
| dateofbirth | The date of birth of an employee | Yes |
| lastname | The last name or portion of | Yes |
| page | The current page of the list | No |
| limit | The amount of employees to show. Default is 20 | Yes |
| sort | Sort by last name. -1 Z-A; 1 A-Z; 0 is no sort | Yes |
Examples:
- GET /employees/search?page=1&sort=1
- GET /employees/search?page=3&lastname=Mor&limit=5
Request body is not required for this route
Response:
{
employees: [
{
employeeid: string,
lastname: string,
dateofbirth: date
},
...
],
count: number
}
Get an employee by id
Response:
{
employee: {
employeeid: string,
firstname: string,
middleinitial: string,
lastname: string,
gender: string | null,
dateofbirth: date,
startdate: date,
homephone: string | null,
mobilephone: string | null,
workphone: string | null,
email: string,
position: string,
userid: string,
streetname1: string | null,
streetname2: string | null,
zipcode: string | null,
city: string | null,
state: string | null,
country: string | null
}
}
Create a new employee
Request: Note: ? means an optional
{
userid: string,
password: string,
firstname: string,
middleinitial?: string,
lastname: string,
dateofbirth: date,
position: string,
email: string,
gender?: string,
homephone?: string,
mobilephone?: string,
workphone?: string,
streetname1?: string,
streetname2?: string,
zipcode?: string,
city?: string,
state?: string,
country?: string
}
Update an Employee
Request:
{
userid?: string,
password?: string
firstname?: string,
middleinitial?: string,
lastname?: string,
dateofbirth?: date,
position?: string,
email?: string,
gender?: string,
homephone?: string,
mobilephone?: string,
workphone?: string,
streetname1?: string,
streetname2?: string,
zipcode?: string,
city?: string,
state?: string,
country?: string
}
The Patient Module handles the following actions:
- Creating a new patient
- Update a new patient
- Get an patient
- Get all patients
- Search patients
| HTTP | Route | Description |
|---|---|---|
| GET | /patients | Get a list of all the patients |
| GET | /patients/search | Search for a specific patient |
| GET | /patients/:id | Get a patient by their id |
| POST | /patients | Create a new patient |
| PATCH | /patients/:id | Update a patient |
Note: All these requests require a bearer token and proper authorization
Get a list of all the patients. No request body needed. Authorization required Response:
{
patients: patient[]
}
Get a list of patients based on a query.
| Query Params | Description | Optional? |
|---|---|---|
| patientid | The patientid of an patient | Yes |
| dateofbirth | The date of birth of an patient | Yes |
| lastname | The last name or portion of | Yes |
| page | The current page of the list | No |
| limit | The amount of employees to show. Default is 20 | Yes |
| sort | Sort by last name. -1 Z-A; 1 A-Z; 0 is no sort | Yes |
Request body is not required for this route
Examples:
- GET /patients/search?page=1&sort=1
- GET /patients/search?page=3&lastname=Mor&limit=5
Response:
{
patients: [
{
patientid: string,
lastname: string,
dateofbirth: date
},
...
],
count: number
}
Get a patient by id
Response:
{
patientid: string,
firstname: string,
middleinitial: string | null
lastname: string,
gender: string | null,
dateofbirth: date | null,
outpatient: true,
height: number | null,
weight: number | null,
homephone: string | null,
mobilephone: string | null,
workphone: string | null,
email: string | null,
streetname1: string | null,
streetname2: string | null,
zipcode: string | null,
city: string | null,
state: string | null,
nok_firstname: string | null,
nok_lastname: string | null,
nok_mobilephone: string | null,
insurance_companyname: string | null,
insurance_memberid: string | null,
insurance_groupnumber: string | null
}
Create a patient
Request:
{
firstname: string,
lastname: string,
dateofbirth: date,
email: string,
height?: number,
weight?: number,
middleinitial?: string,
gender?: string,
homephone?: string,
mobilephone?: string,
workphone?: string,
streetname1?: string,
streetname2?: string,
zipcode?: string,
city?: string,
state?: string,
country?: string,
insurance_companyname?: string,
insurance_memberid?: string,
insurance_groupnumber?: string,
nok_mobilephone?: string,
nok_firstname?: string,
nok_lastname?: string
}
Update a patient
Request:
{
firstname?: string,
middleinitial?: string,
lastname?: string,
dateofbirth?: date,
height?: number,
weight?: number,
email?: string,
gender?: string,
homephone?: string,
mobilephone?: string,
workphone?: string,
streetname1?: string,
streetname2?: string,
zipcode?: string,
city?: string,
state?: string,
country?: string,
insurance_companyname?: string,
insurance_memberid?: string,
insurance_groupnumber?: string,
nok_mobilephone?: string,
nok_firstname?: string,
nok_lastname?: string
}
Errors can occur for many different reasons.
The following is how the error response will be formatted:
{
code: number,
message: string
}
Authorization in EHRS will be done with JWTs
The decrypted token will have the following format:
{
employeeid: string,
permission: administrator | nurse | vendor | receptionist | doctor
...
}
Tokens will expire after 8 hours of creation.
When a successful login happens, a hashed token will be sent, this token can be used in the Authorization header of every request. All request require some form of authorization.
Your Authorization header should be formatted in the following way: Authorization: Bearer {TOKEN}
If you are using Angular with the httpclient module for http request, use this code snippet for your authorization headers:
headers: HttpHeaders = new HttpHeaders();
function foo() {
this.headers = this.headers.set('Authorization', `Bearer ${Token}`);
}