Merge remote-tracking branch 'origin/master' into jfuqian/BB2-896-Responsive-Design-Node-Js-Sample

Author: James Fuqian

client/src/components/records.tsx

@@ -50,7 +50,9 @@ export default function Records({ }) {
                     setRecords(records);
                 }
                 else {
-                    setMessage({"type": "error", "content": eobData?.message || "Unknown"})
+                    if (eobData.message) {
+                        setMessage({"type": "error", "content": eobData.message || "Unknown"})
+                    }
                 }
             });
     }, [])

server/package.json

@@ -70,6 +70,7 @@
     "jet-logger": "^1.0.4",
     "jsonfile": "^6.1.0",
     "module-alias": "^2.2.2",
+    "moment": "^2.29.1",
     "morgan": "^1.10.0"
   },
   "devDependencies": {

server/spec/nodemon.json

@@ -2,5 +2,5 @@
   "watch": ["spec"],
   "ext": "spec.ts",
   "ignore": ["spec/support"],
-  "exec": "./node_modules/.bin/ts-node --inspect -r tsconfig-paths/register ./spec"
+  "exec": "./node_modules/.bin/ts-node -r tsconfig-paths/register ./spec"
 }

server/src/entities/AuthorizationToken.ts

@@ -1,11 +1,13 @@
+import moment from "moment";
+
 export interface IAuthorizationToken {
     access_token: string,
     expires_in: number,
     token_type: string,
     scope: [string],
     refresh_token: string,
     patient: string,
-    expires_at: number
+    expires_at?: number
 }
 
 export default class AuthorizationToken implements IAuthorizationToken {
@@ -22,7 +24,7 @@ export default class AuthorizationToken implements IAuthorizationToken {
     constructor(authToken: IAuthorizationToken) {
         this.access_token = authToken.access_token;
         this.expires_in = authToken.expires_in;
-        this.expires_at = authToken.expires_at;
+        this.expires_at = authToken.expires_at ? authToken.expires_at : moment().add(this.expires_in).valueOf();
         this.patient = authToken.patient;
         this.refresh_token = authToken.refresh_token;
         this.scope = authToken.scope;

server/src/routes/Authorize.ts

@@ -4,11 +4,22 @@ import Settings from '../entities/Settings';
 import db from '../utils/db';
 import { getAccessToken, generateAuthorizeUrl } from '../utils/bb2';
 import { getBenefitData } from './Data';
-import { getLoggedInUser } from 'src/utils/user';
 import logger from '@shared/Logger';
+import { clearBB2Data, getLoggedInUser } from 'src/utils/user';
+
+const BENE_DENIED_ACCESS = 'access_denied';
+
 
 export async function authorizationCallback(req: Request, res: Response) {
     try {
+
+        if (req.query.error === BENE_DENIED_ACCESS) {
+            const loggedInUser = getLoggedInUser(db);
+            // clear all saved claims data since the bene has denied access for the application
+            clearBB2Data(loggedInUser);
+            loggedInUser.errors.push(BENE_DENIED_ACCESS);
+            throw new Error('Beneficiary denied application access to their data');
+        }
 
         if (!req.query.code) {
             throw new Error('Response was missing access code');
@@ -19,31 +30,39 @@ export async function authorizationCallback(req: Request, res: Response) {
 
         // this gets the token from Medicare.gov once the 'user' authenticates their Medicare.gov account
         const response = await getAccessToken(req.query.code?.toString(), req.query.state?.toString());
-        const authToken = new AuthorizationToken(response.data);
-
-        /* DEVELOPER NOTES:
-        * This is where you would most likely place some type of
-        * persistence service/functionality to store the token along with
-        * the application user identifiers
-         */        
-    
-        // Here we are grabbing the mocked 'user' for our application
-        // to be able to store the access token for that user
-        // thereby linking the 'user' of our sample applicaiton with their Medicare.gov account
-        // providing access to their Medicare data to our sample application
-        const loggedInUser = getLoggedInUser(db);
-        loggedInUser.authToken = authToken;
 
+        const loggedInUser = getLoggedInUser(db);
 
-        /* DEVELOPER NOTES:
-        * Here we will use the token to get the EoB data for the mocked 'user' of the sample application
-        * then to save trips to the BB2 API we will store it in the mocked db with the mocked 'user'
-        *
-        * You could also request data for the Patient endpoint and/or the Coverage endpoint here
-        * using similar functionality
-        */
-        const eobData = await getBenefitData( req, res);
-        loggedInUser.eobData = eobData;
+        if (response.status === 200) {
+            const authToken = new AuthorizationToken(response.data);
+
+            /* DEVELOPER NOTES:
+            * This is where you would most likely place some type of
+            * persistence service/functionality to store the token along with
+            * the application user identifiers
+             */        
+        
+            // Here we are grabbing the mocked 'user' for our application
+            // to be able to store the access token for that user
+            // thereby linking the 'user' of our sample applicaiton with their Medicare.gov account
+            // providing access to their Medicare data to our sample application
+            loggedInUser.authToken = authToken;
+            
+    
+            /* DEVELOPER NOTES:
+            * Here we will use the token to get the EoB data for the mocked 'user' of the sample application
+            * then to save trips to the BB2 API we will store it in the mocked db with the mocked 'user'
+            *
+            * You could also request data for the Patient endpoint and/or the Coverage endpoint here
+            * using similar functionality
+            */
+            const eobData = await getBenefitData( req, res);
+            loggedInUser.eobData = eobData;
+        }
+        else {
+            // send generic error message to FE
+            loggedInUser.eobData = JSON.parse('{"message": "Unable to load EOB Data - authorization failed."}');
+        }
 
     } catch (e) {
         /* DEVELOPER NOTES:

server/src/routes/Data.ts

@@ -3,6 +3,8 @@ import config from '../configs/config';
 import db from '../utils/db';
 import { getLoggedInUser } from 'src/utils/user';
 import { get } from '../utils/request'
+import moment from 'moment';
+import { refreshAccessToken } from 'src/utils/bb2';
 
 /* DEVELOPER NOTES:
 * This is our mocked Data Service layer for both the BB2 API
@@ -15,9 +17,29 @@ import { get } from '../utils/request'
 export async function getBenefitData(req: Request, res: Response) {
     const loggedInUser = getLoggedInUser(db);
     const envConfig = config[db.settings.env];
-    // get EOB end point
-    const response = await get(`${envConfig.bb2BaseUrl}/${db.settings.version}/fhir/ExplanationOfBenefit/`, req.query, `${loggedInUser.authToken?.access_token}`);
-    return (response) ? response.data : null;
+    const BB2_BENEFIT_URL = envConfig.bb2BaseUrl + '/' + db.settings.version + '/fhir/ExplanationOfBenefit/';
+
+    if (!loggedInUser.authToken || !loggedInUser.authToken.access_token) {
+        return {};
+    }
+
+    /*
+    * If the access token is expired, use the refresh token to generate a new one
+    */
+    if (moment(loggedInUser.authToken.expires_at).isBefore(moment())) {
+        const newAuthToken = await refreshAccessToken(loggedInUser.authToken.refresh_token)
+        loggedInUser.authToken = newAuthToken;
+    }
+
+    const response = await get(BB2_BENEFIT_URL, req.query, `${loggedInUser.authToken?.access_token}`);
+
+    if (response.status === 200) {
+        return response.data;
+    }
+    else {
+        // send generic error to client
+        return JSON.parse('{"message": "Unable to load EOB Data - fetch FHIR resource error."}');
+    }
 }
 
 /* 
@@ -30,12 +52,9 @@ export async function getBenefitData(req: Request, res: Response) {
 export async function getBenefitDataEndPoint(req: Request, res: Response) {
     const loggedInUser = getLoggedInUser(db);
     const data = loggedInUser.eobData;
-    if ( data && data.entry ) {
+    if ( data ) {
         res.json(data)
     }
-    else {
-        res.json({message: "Unable to load EOB Data."});
-    }
 }
 
 export async function getPatientData(req: Request, res: Response) {

server/src/utils/bb2.ts

@@ -3,7 +3,8 @@ import FormData from 'form-data';
 import db from './db';
 import config from '../configs/config';
 import { generateCodeChallenge, generateRandomState } from './generatePKCE';
-import { post } from './request'
+import { post, post_w_config } from './request'
+import AuthorizationToken from '@entities/AuthorizationToken';
 
 export function generateAuthorizeUrl(): string {
     const envConfig = config[db.settings.env];
@@ -46,6 +47,27 @@ export async function getAccessToken(code: string, state: string | undefined) {
         form.append('code_verifier', codeChallenge.verifier);
         form.append('code_challenge', codeChallenge.codeChallenge);
     }
+    return await post(BB2_ACCESS_TOKEN_URL, form, form.getHeaders());
+}
+
+export async function refreshAccessToken(refreshToken: string) {
+    const envConfig = config[db.settings.env];
+
+    const BB2_ACCESS_TOKEN_URL = envConfig.bb2BaseUrl + '/' + db.settings.version + '/o/token/';
+
+    const tokenResponse = await post_w_config({
+        method: 'post',
+        url: BB2_ACCESS_TOKEN_URL,
+        auth: {
+            username: envConfig.bb2ClientId,
+            password: envConfig.bb2ClientSecret
+        },
+        params: {
+            'grant_type': 'refresh_token',
+            'client_id': envConfig.bb2ClientId,
+            'refresh_token': refreshToken
+        }
+    });
 
-    return await post(BB2_ACCESS_TOKEN_URL, form, form.getHeaders());    
+    return new AuthorizationToken(tokenResponse.data);
 }

server/src/utils/db.ts

@@ -16,7 +16,8 @@ export interface UserInfo {
 export interface User {
     authToken?: AuthorizationToken,
     userInfo: UserInfo,
-    eobData?: any
+    eobData?: any,
+    errors: string[]
 }
 export interface DB {
     patients: object,
@@ -51,7 +52,8 @@ const db: DB = {
             userName: 'jdoe29999',
             pcp: 'Dr. Hibbert',
             primaryFacility: 'Springfield General Hospital'
-        }
+        },
+        errors: []
     }],
     codeChallenges: {},
     codeChallenge: {

server/src/utils/request.ts

@@ -1,12 +1,16 @@
 import axios from 'axios';
 import FormData from 'form-data';
 
-export async function post(endpoint_url: string, data: FormData, extra: any) {
+export async function post(endpoint_url: string, data: FormData, headers: any) {
     return await request({ 
         method: 'post',
         url: endpoint_url,
         data: data,
-        headers: extra}, true);
+        headers: headers}, true);
+}
+
+export async function post_w_config(config: any) {
+    return await request(config, false);
 }
 
 export async function get(endpointUrl: string, params: any, authToken: string) {

server/src/utils/user.ts

@@ -1,4 +1,4 @@
-import { DB } from "./db";
+import { DB, User } from "./db";
 
 /* DEVELOPER NOTES:
 * Here we are literally just grabbing the first user 
@@ -9,4 +9,9 @@ import { DB } from "./db";
 */
 export function getLoggedInUser(db : DB) {
     return db.users[0];
+}
+
+export function clearBB2Data(user: User) {
+    user.authToken = undefined;
+    user.eobData = undefined;
 }