From f6a52032e818270048ba0acbb21594363eb2f317 Mon Sep 17 00:00:00 2001
From: shani <mshaniasadulhaq@gmail.com>
Date: Sun, 19 May 2024 16:48:15 +0700
Subject: [PATCH 1/3] fixx

---
 src/handler/auth_handler.go        | 6 ++++++
 src/handler/nurse_handler.go       | 6 ++++++
 src/repository/nurse_repository.go | 3 ++-
 src/repository/user_repository.go  | 5 +++--
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/handler/auth_handler.go b/src/handler/auth_handler.go
index 553cd71..719e267 100644
--- a/src/handler/auth_handler.go
+++ b/src/handler/auth_handler.go
@@ -132,6 +132,12 @@ func (h *AuthHandler) LoginNurse(c *gin.Context) {
 		return
 	}
 
+	if request.Nip == 0 {
+		log.Println("Register bad request > invalid IdentityCardScanImg")
+		c.JSON(400, gin.H{"status": "bad request", "message": "invalid IdentityCardScanImg"})
+		return
+	}
+	
 	nStr := strconv.FormatInt(request.Nip, 10)
 	if !strings.HasPrefix(nStr, "303") {
 		c.JSON(404, gin.H{"status": "bad request", "message": "user not found"})
diff --git a/src/handler/nurse_handler.go b/src/handler/nurse_handler.go
index 0938c64..e363408 100644
--- a/src/handler/nurse_handler.go
+++ b/src/handler/nurse_handler.go
@@ -38,6 +38,12 @@ func (h *NurseHandler) RegisterNurse(c *gin.Context) {
 		return
 	}
 
+	if request.IdentityCardScanImg == "" {
+		log.Println("Register bad request > invalid IdentityCardScanImg")
+		c.JSON(400, gin.H{"status": "bad request", "message": "invalid IdentityCardScanImg"})
+		return
+	}
+
 	// Check if email already exists
 	exists, _ := h.iNurseUsecase.GetNurseByNIP(request.Nip)
 	if exists {
diff --git a/src/repository/nurse_repository.go b/src/repository/nurse_repository.go
index c8db7d9..99851fe 100644
--- a/src/repository/nurse_repository.go
+++ b/src/repository/nurse_repository.go
@@ -11,6 +11,7 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/docker/distribution/uuid"
 	"golang.org/x/crypto/bcrypt"
 )
 
@@ -40,7 +41,7 @@ func (repo *NurseRepository) CreateNurse(ctx context.Context, nurse dto.RequestC
 	// Prepare the SQL query to insert the new nurse with the hashed password
 	const query = `INSERT INTO users (user_id, nip, name, role, identity_card_scan_img, password, created_at) VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING user_id`
 	var userId string
-	err = repo.db.QueryRowContext(ctx, query, time.Now().UTC().Format("2006-01-02 15:04:05") + strconv.Itoa(randomInt(1, 100000)), nurse.Nip, nurse.Name, "nurse", nurse.IdentityCardScanImg, hashedPassword, time.Now()).Scan(&userId)
+	err = repo.db.QueryRowContext(ctx, query, uuid.Generate().String(), nurse.Nip, nurse.Name, "nurse", nurse.IdentityCardScanImg, hashedPassword, time.Now()).Scan(&userId)
 	if err != nil {
 			return "", err
 	}
diff --git a/src/repository/user_repository.go b/src/repository/user_repository.go
index e1b5a0d..6e556b7 100644
--- a/src/repository/user_repository.go
+++ b/src/repository/user_repository.go
@@ -6,8 +6,9 @@ import (
 	"fmt"
 	"health-record/model/database"
 	"math/rand"
-	"strconv"
 	"time"
+
+	"github.com/docker/distribution/uuid"
 )
 
 type UserRepository struct {
@@ -40,7 +41,7 @@ func (r *UserRepository) CreateUser(ctx context.Context, data database.User) (er
 	_, err = r.db.ExecContext(
 		ctx,
 		query,
-		time.Now().UTC().Format("2006-01-02 15:04:05") + strconv.Itoa(randomInt(1, 100000)),
+		uuid.Generate().String(),
 		data.Nip,
 		data.Name,
 		data.Password,

From 61e20038fb3e3e0cb1f276a8aa3fe98d3b64d789 Mon Sep 17 00:00:00 2001
From: shani <mshaniasadulhaq@gmail.com>
Date: Sun, 19 May 2024 17:07:51 +0700
Subject: [PATCH 2/3] fix url validation

---
 main.go                        |  2 +-
 src/handler/nurse_handler.go   |  9 +++++++++
 src/handler/patient_handler.go | 25 ++++++++++++++++++++-----
 3 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/main.go b/main.go
index 28b42b5..78a846b 100644
--- a/main.go
+++ b/main.go
@@ -104,7 +104,7 @@ func main() {
 	itAuthorized.GET("/v1/user", nurseHandler.GetUsers)
 	itAuthorized.PUT("/v1/user/nurse/:userId", nurseHandler.UpdateNurse)
 	itAuthorized.DELETE("/v1/user/nurse/:userId", nurseHandler.DeleteNurse)
-	itAuthorized.PUT("/v1/user/nurse/:userId/access", nurseHandler.AddAccess)
+	itAuthorized.POST("/v1/user/nurse/:userId/access", nurseHandler.AddAccess)
 
 	// Manage medical records
 	authorized.POST("/v1/medical/patient", patientHandler.CreatePatient)
diff --git a/src/handler/nurse_handler.go b/src/handler/nurse_handler.go
index 72b6887..f93964e 100644
--- a/src/handler/nurse_handler.go
+++ b/src/handler/nurse_handler.go
@@ -22,6 +22,7 @@ func NewNurseHandler(iNurseUsecase usecase.NurseUsecaseInterface) NurseHandlerIn
 	return &NurseHandler{iNurseUsecase}
 }
 
+
 func (h *NurseHandler) RegisterNurse(c *gin.Context) {
 	var request dto.RequestCreateNurse
 	err := c.ShouldBindJSON(&request)
@@ -30,6 +31,14 @@ func (h *NurseHandler) RegisterNurse(c *gin.Context) {
 		c.JSON(400, gin.H{"status": "bad request", "message": err})
 		return
 	}
+	
+	fmt.Println("request.IdentityCardScanImg>>>>>>>>>>>>>>", request.IdentityCardScanImg)
+	fmt.Println("isValidURL(request.IdentityCardScanImg)>>>>>>>>>>>>>>", isValidURL(request.IdentityCardScanImg))
+	if !isValidURL(request.IdentityCardScanImg) {
+		log.Println("Register bad request > invalid IdentityCardScanImg", err)
+		c.JSON(400, gin.H{"status": "bad request", "message": "invalid IdentityCardScanImg"})
+		return
+	}
 
 	// Validate request payload
 	err = ValidateRegisterNurseRequest(request.Nip, request.Name)
diff --git a/src/handler/patient_handler.go b/src/handler/patient_handler.go
index 4cdff47..b9c1e38 100644
--- a/src/handler/patient_handler.go
+++ b/src/handler/patient_handler.go
@@ -8,6 +8,7 @@ import (
 	"log"
 	"net/http"
 	"net/url"
+	"regexp"
 	"strconv"
 	"strings"
 
@@ -297,10 +298,24 @@ func validateGender(gender string) bool {
 	return gender == "male" || gender == "female"
 }
 
-func isValidURL(str string) bool {
-	u, err := url.Parse(str)
-	if err != nil || u.Scheme == "" || (u.Scheme != "http" && u.Scheme != "https") {
+// func isValidURL(str string) bool {
+// 	u, err := url.Parse(str)
+// 	if err != nil || u.Scheme == "" || (u.Scheme != "http" && u.Scheme != "https") {
+// 		return false
+// 	}
+// 	return true
+// }
+
+func isValidURL(input string) bool {
+	// Parse the URL to check for basic URL structure
+	parsedURL, err := url.ParseRequestURI(input)
+	if err != nil {
 		return false
 	}
-	return true
-}
+
+	// Regex to check for a valid domain in the URL
+	domainRegex := regexp.MustCompile(`^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`)
+
+	// Check if the host part of the URL matches the domain regex
+	return domainRegex.MatchString(parsedURL.Host)
+}
\ No newline at end of file

From a50f849cf82359ef4e415dd492a2c153103519dd Mon Sep 17 00:00:00 2001
From: shani <mshaniasadulhaq@gmail.com>
Date: Sun, 19 May 2024 17:15:44 +0700
Subject: [PATCH 3/3] remove commentc

---
 src/handler/patient_handler.go | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/src/handler/patient_handler.go b/src/handler/patient_handler.go
index b9c1e38..4b259ea 100644
--- a/src/handler/patient_handler.go
+++ b/src/handler/patient_handler.go
@@ -298,14 +298,6 @@ func validateGender(gender string) bool {
 	return gender == "male" || gender == "female"
 }
 
-// func isValidURL(str string) bool {
-// 	u, err := url.Parse(str)
-// 	if err != nil || u.Scheme == "" || (u.Scheme != "http" && u.Scheme != "https") {
-// 		return false
-// 	}
-// 	return true
-// }
-
 func isValidURL(input string) bool {
 	// Parse the URL to check for basic URL structure
 	parsedURL, err := url.ParseRequestURI(input)