[Closes #231] Ensure UUID search returns full patient info and add DB verification test (#251)

* Fix: Ensure UUID search returns full patient info and add DB verification test

* feat: add patient UUID search and update related API/tests

* Fixed Merge conflicts and updated test cases

Author: justin123yu

server/prisma/client.js

@@ -20,6 +20,34 @@ const prisma = new PrismaClient({
         return { records, total };
       },
     },
+    patient: {
+      async uuidSearch (uuid, page = 1, perPage = 25) {
+        const offset = (parseInt(page) - 1) * parseInt(perPage);
+        const limit = parseInt(perPage);
+        const likeValue = uuid.trim() + '%';
+        // Use the Prisma client directly for raw queries
+        const [records, totalResult] = await Promise.all([
+          prisma.$queryRaw`
+            SELECT
+              p.*,
+              to_jsonb(cb) AS "createdBy",
+              to_jsonb(ub) AS "updatedBy"
+            FROM "Patient" p
+            LEFT JOIN "User" cb ON p."createdById" = cb.id
+            LEFT JOIN "User" ub ON p."updatedById" = ub.id
+            WHERE p."id"::TEXT ILIKE ${likeValue}
+            ORDER BY p."updatedAt" DESC
+            LIMIT ${limit} OFFSET ${offset}
+          `,
+          prisma.$queryRaw`
+            SELECT COUNT(*) as total FROM "Patient"
+            WHERE "id"::TEXT ILIKE ${likeValue}
+          `
+        ]);
+        const total = parseInt(totalResult[0].total);
+        return { records, total };
+      }
+    }
   },
 });
 

server/routes/api/v1/patients/list.js

@@ -25,70 +25,45 @@ export default async function (fastify) {
     async (request, reply) => {
       const { page = '1', perPage = '25', patient = '', physicianId, hospitalId } = request.query;
 
-      const splitQuery = patient.trim().split(' ');
+      const whereClause = {};
 
-      let whereClause = {};
+      const uuidSearch = process.env.VITE_FEATURE_COLLECT_PHI === 'false';
 
-      if (splitQuery.length > 1) {
-        whereClause = {
-          AND: [
+      if (uuidSearch) {
+        const { records, total } = await fastify.prisma.patient.uuidSearch(patient, page, perPage);
+        records.forEach((record) => {
+          record.dateOfBirth = record.dateOfBirth?.toISOString().split('T')[0];
+        });
+        reply.setPaginationHeaders(page, perPage, total).send(records);
+        return;
+      } else {
+        // Handle name search (if not a UUID)
+        // Split the patient string by spaces to support full name searches
+        const splitQuery = patient.trim().split(' ').filter(part => part.length > 0);
+
+        if (splitQuery.length > 1) {
+          // Full name search: e.g., "John Smith" - look for first name containing "John" AND last name containing "Smith"
+          whereClause.AND = [
             {
-              OR: [
-                {
-                  firstName: {
-                    contains: splitQuery[0].trim(),
-                    mode: 'insensitive',
-                  },
-                },
-                { firstName: null },
-              ],
+              firstName: {
+                contains: splitQuery[0],
+                mode: 'insensitive',
+              },
             },
             {
-              OR: [
-                {
-                  lastName: {
-                    contains: splitQuery[1].trim(),
-                    mode: 'insensitive',
-                  },
-                },
-                { lastName: null },
-              ],
+              lastName: {
+                contains: splitQuery[splitQuery.length - 1],
+                mode: 'insensitive',
+              },
             },
-          ],
-        };
-      } else {
-        whereClause = {
-          OR: [
+          ];
+        } else {
+          // Single name search: e.g., "John" or "Smith" - look in both first and last names
+          whereClause.OR = [
             { firstName: { contains: patient.trim(), mode: 'insensitive' } },
             { lastName: { contains: patient.trim(), mode: 'insensitive' } },
-            {
-              AND: [
-                {
-                  OR: [
-                    {
-                      firstName: {
-                        contains: patient.trim(),
-                        mode: 'insensitive',
-                      },
-                    },
-                    { firstName: null },
-                  ],
-                },
-                {
-                  OR: [
-                    {
-                      lastName: {
-                        contains: patient.trim(),
-                        mode: 'insensitive',
-                      },
-                    },
-                    { lastName: null },
-                  ],
-                },
-              ],
-            },
-          ],
-        };
+          ];
+        }
       }
 
       if (physicianId) {
@@ -111,9 +86,11 @@ export default async function (fastify) {
       };
 
       const { records, total } = await fastify.prisma.patient.paginate(options);
+
       records.forEach((record) => {
         record.dateOfBirth = record.dateOfBirth?.toISOString().split('T')[0];
       });
+
       reply.setPaginationHeaders(page, perPage, total).send(records);
     }
   );

server/test/routes/api/v1/patients.test.js

@@ -1,4 +1,4 @@
-import { describe, it } from 'node:test';
+import { describe, it, beforeEach } from 'node:test';
 import * as assert from 'node:assert';
 import { StatusCodes } from 'http-status-codes';
 
@@ -168,7 +168,62 @@ describe('/api/v1/patients', () => {
         .headers(headers);
 
       assert.deepStrictEqual(reply.statusCode, StatusCodes.OK);
-      assert.deepStrictEqual(JSON.parse(reply.payload).length, 4);
+      assert.deepStrictEqual(JSON.parse(reply.payload).length, 3);
+    });
+
+    describe('GET / with PHI disabled', () => {
+      beforeEach(() => {
+        process.env.VITE_FEATURE_COLLECT_PHI = 'false';
+      });
+
+      it('should return a patient by full UUID and match all DB fields', async (t) => {
+        const app = await build(t);
+        await t.loadFixtures();
+        const headers = await t.authenticate('[email protected]', 'test');
+        // Use a known UUID from your fixtures
+        const uuid = '27963f68-ebc1-408a-8bb5-8fbe54671064';
+        const reply = await app
+          .inject()
+          .get(`/api/v1/patients?patient=${uuid}`)
+          .headers(headers);
+
+        // Fetch the patient record from the database, including relations
+        const record = await t.prisma.patient.findUnique({
+          where: { id: uuid },
+          include: {
+            createdBy: true,
+            updatedBy: true,
+          },
+        });
+        assert.deepStrictEqual(reply.statusCode, StatusCodes.OK);
+        const results = JSON.parse(reply.payload);
+        assert.deepStrictEqual(results.length, 1);
+        const apiPatient = results[0];
+        // Compare all relevant fields
+        assert.deepStrictEqual(apiPatient.id, record.id);
+        // Compare createdBy and updatedBy objects
+        assert.deepStrictEqual(apiPatient.createdBy.id, record.createdBy.id);
+        assert.deepStrictEqual(apiPatient.updatedBy.id, record.updatedBy.id);
+      });
+
+      it('should return patients by partial UUID (prefix match)', async (t) => {
+        const app = await build(t);
+        await t.loadFixtures();
+        const headers = await t.authenticate('[email protected]', 'test');
+        // Use a known UUID prefix from your fixtures
+        const uuidPrefix = '27963f68';
+        const reply = await app
+          .inject()
+          .get(`/api/v1/patients?patient=${uuidPrefix}`)
+          .headers(headers);
+
+        assert.deepStrictEqual(reply.statusCode, StatusCodes.OK);
+        const results = JSON.parse(reply.payload);
+        assert.ok(results.length >= 1);
+        assert.ok(results[0].id.startsWith(uuidPrefix));
+        assert.ok(results[0].createdBy);
+        assert.ok(results[0].updatedBy);
+      });
     });
   });