Patient Authentication Backend

[Archna-1]

Status:

🚧 In development

Description

Authenticates patients using Passport.js utilizing patient id's as usernames and secure, randomly generated node-2fa tokens as passwords. Also includes some structural changes to the project, such as:

• Conditional middleware which determines whether to use AWS or Passport for authentication based on whether there is a session
• Switches and Routes in AllRoutes instead of AppContent

Fixes #457 #442 #465

Todos

• Finish up my commented TODOs to clean up code
• Clean up routing if possible
• Clean up redirects in patient portal (stretch goal)
• Clean up navigation to the patient portal without hard coding it
• Standardize route file naming with other components (?)
• Change cookie time-out to // null (until the user exits the tab) // Decided on 10 minutes due to shared iPads
• Confirm cookie timeout after 1 minute again
• Fix patient portal briefly rendering while checking auth status

Need to Address/Verify Before Merging:

• Is the current secret for cookies okay?
• Are we planning on implementing backend translations? It causes Twilio messages to not be sent in Arabic
• How do I handle only dispatch being used in AWS routes?

Screenshots

None at the moment, but you can pull and try it out yourself! You will need to:

1. Log out of your account as an admin
2. Add your phone number to a user in the database
3. Navigate to localhost:3000/patient-2fa/[patient id of chosen user]
4. Enter the code you receive from Twilio
5. Attempt to navigate to localhost:3000/patients or localhost:3000/[restricted route]/[patient id of chosen user]

You should not be able to access anything other than the patient login page and patient portal.

FIXED AS OF 1/2: The patient portal will now redirect if you try to directly access it.

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/hack4impact/3dp4me/2AkdFRLEHMJY99J9umPpDjC7Pp4t
✅ Preview: https://3dp4me-git-patient-2fa-backend-hack4impact1.vercel.app

[mattwalo32]

Nice work, this is an amazing amount of progress

[mattwalo32]

Do you need the origin property for this to work? If so, then we need to make origin part of the env vars so that the production environment doesn't have localhost as origin

[mattwalo32]

Same issue with domain as with origin ^^

[mattwalo32]

Probably don't need this line anymore. I'd try without it

[mattwalo32]

Many console.logs that could be removed

[mattwalo32]

We already have a route for getting a patient by id. It seems like this route would be redundant then. The only difference would be the authentication... I.e. If a volunteer is authenticated, they can view any patient. If a patient is authenticated, they can only view their own data.

So I would just reuse the existing patient endpoint but change the auth middleware on that endpoint so that it allows either type of user to access it.

[mattwalo32]

But now that I'm looking at this more, it seems like you were just using this endpoint for testing right?

[mattwalo32]

Looks like this is a duplicate file. You have a file named allRoutes and one named AllRoutes and they appear to be the same.

[mattwalo32]

It seems you also have duplicate AWSRoutes

[mattwalo32]

I'm a little confused at what this does. It seems like authenticatePatient is the one that actually sends the 2FA code.

[mattwalo32]

Is this the endpoint that requests a 2FA code?

[mattwalo32]

You could just replace this with
onClick={onTokenSend}

[mattwalo32]

Same thing with the onChange and onClick below this

[mattwalo32]

Should probably make the useState default to something, like false