search

bluehalo / node-fhir-server-core

An Open Source secure REST implementation for the HL7 FHIR Specification. For API documentation, please see https://github.com/Asymmetrik/node-fhir-server-core/wiki.
https://asymmetrik.com/healthcare
MIT License
391 stars 119 forks source link

Use 'id' in sanitized arguments for post requests #300

Closed mgramigna closed 2 years ago

mgramigna commented 2 years ago

There is a bug in the operations controller for POST requests where it can never resolve a parameter in the request url. This is a largely blocking issue, as all FHIR operations need to support POST requests.

Example Scenario

The following scenario exposed this issue:

// config for server
{
  profiles: {
    patient: {
      service: 'path/to/my/patient.service.js',
      versions: [VERSIONS['4_0_0']],
      operation: [
            {
              name: 'myOperation',
              route: '/:id/$my-operation',
              method: 'POST'
            }
      ]
    }
  }
}
// patient.service.js
module.exports.myOperation = async (args) => {
  console.log(args.id)
}

POST http://server_base/4_0_0/Patient/123/$my-operation logs undefined

Hypothesized Cause

In the code for adding a custom operation route, routeArgs.ID is passed in to the list of valid specific params to look for when doing the sanitizeMiddleware call. We can see that routeArgs.ID is defined here with name id.

Therefore, the operations controller code for accessing this will always result in undefined since resource_id is not a thing.

My solution changes this part of the controller to access the property by its proper name, id. There should also probably be documentation to reflect this.

Let me know if you have any questions, or have a different solution in mind, and thanks for a great framework!

mgramigna commented 2 years ago

@zeevo unable to explicitly request your review, but bringing this to your attention since you seem to have responded to updates on this repo most recently