Deleting Patients (#540)

* Added button for deleting patient in ManagePatientModal.js.
* Wrote DELETE patients/:id for deleting a patient's data from MongoDB and AWS S3.
* Updated DELETE patients/:id/files/:stepKey/:fieldKey/:fileName by adding code for deleting a file from AWS.
* Added SweetAlert Warning to the buttons for deleting files and audio recordings on the Patient Detail page.
* Resolved bug where clicking on the delete button for audio recordings threw an error.
* Added tests for DELETE patients/:id and updated tests for DELETE patients/:id/files/:stepKey/:fieldKey/:fileName.

Author: ashayp22

backend/__tests__/routes/patients/test-delete-patients-id-files-stepKey-fieldKey-fileName.js

@@ -10,6 +10,7 @@ const {
     setCurrentUser,
     withAuthentication,
     getCurrentAuthenticatedUserAttribute,
+    initS3DeleteObjectMocker,
 } = require('../../utils/auth');
 
 describe('DELETE /patients/:id/files/:stepKey/:fieldKey/:fileName #214', () => {
@@ -23,6 +24,7 @@ describe('DELETE /patients/:id/files/:stepKey/:fieldKey/:fileName #214', () => {
         await db.connect();
         initAuthMocker(AWS);
         setCurrentUser(AWS);
+        initS3DeleteObjectMocker(AWS);
     });
 
     beforeEach(() => {

backend/__tests__/routes/patients/test-delete-patients-id.js

@@ -0,0 +1,80 @@
+const _ = require('lodash');
+const request = require('supertest');
+const AWS = require('aws-sdk-mock');
+const mongoose = require('mongoose');
+
+let server = require('../../../app');
+const db = require('../../utils/db');
+const {
+    initAuthMocker,
+    setCurrentUser,
+    initIdentityServiceMocker,
+    withAuthentication,
+    initS3ListObjectsV2Mocker,
+    initS3DeleteObjectsMocker,
+} = require('../../utils/auth');
+
+describe('DELETE /patients/:id', () => {
+    const PATIENT_ID_WITH_ONE_FILE = '60944e084f4c0d4330cc258b';
+    const BAD_PATIENT_ID = 'badid';
+
+    afterAll(async () => await db.closeDatabase());
+    afterEach(async () => await db.resetDatabase());
+    beforeAll(async () => {
+        await db.connect();
+        initAuthMocker(AWS);
+        initIdentityServiceMocker(AWS);
+        setCurrentUser(AWS);
+        initS3DeleteObjectsMocker(AWS);
+        initS3ListObjectsV2Mocker(AWS);
+    });
+
+    beforeEach(() => {
+        server = require('../../../app');
+    });
+
+    it('returns 404 when given patient ID that does not exist', (done) => {
+        withAuthentication(
+            request(server).delete(
+                `/api/patients/${BAD_PATIENT_ID}`,
+            ),
+        ).expect(404, done);
+    });
+
+    it('deletes patient data when given existing patient ID', async () => {
+        const res = await withAuthentication(
+            request(server).delete(
+                `/api/patients/${PATIENT_ID_WITH_ONE_FILE}`,
+            ),
+        );
+        expect(res.status).toBe(200);
+
+        /* Check if the patient has been deleted from the Patient collection */
+        const actual_patient = await mongoose
+            .model('Patient')
+            .findById(PATIENT_ID_WITH_ONE_FILE);
+        const expected_patient = null;
+
+        expect(actual_patient).toBe(expected_patient);
+
+        /* Check if the patient has been deleted from each Step's collection */
+        const stepsToCheck = ['medicalInfo', 'survey', 'example'];
+
+        const testPromiseArray = stepsToCheck.map(async (stepKey) => {
+            let Model;
+            try {
+                Model = mongoose.model(stepKey);
+                // eslint-disable-next-line no-await-in-loop
+                const actual_patient_step_data = await Model.findOne({ patientId: PATIENT_ID_WITH_ONE_FILE });
+                const expected_patient_step_data = null;
+                expect(actual_patient_step_data).toBe(expected_patient_step_data);
+            } catch (error) {
+                console.error(`test-delete-patients-id - step ${stepKey} not found`);
+                return false;
+            }
+            return true;
+        });
+
+        await Promise.all(testPromiseArray);
+    });
+});

backend/__tests__/utils/auth.js

@@ -80,6 +80,26 @@ module.exports.initS3GetMocker = (AWS) => {
     );
 };
 
+module.exports.initS3DeleteObjectMocker = (AWS) => {
+    AWS.mock('S3', 'deleteObject', (params) => {
+        return Promise.resolve();
+    });
+};
+
+module.exports.initS3ListObjectsV2Mocker = (AWS) => {
+    AWS.mock('S3', 'listObjectsV2', (params) => {
+        return Promise.resolve({
+            Contents: []
+        });
+    });
+};
+
+module.exports.initS3DeleteObjectsMocker = (AWS) => {
+    AWS.mock('S3', 'deleteObjects', (params) => {
+        return Promise.resolve();
+    });
+};
+
 /**
  * Mocks the Cognito Identity Service Provider so that whenever the server queries for the current user, a static
  * user is returned.

backend/routes/api/patients.js

@@ -6,11 +6,9 @@ const _ = require('lodash');
 
 const { errorWrap } = require('../../utils');
 const { models } = require('../../models');
-const { uploadFile, downloadFile } = require('../../utils/aws/awsS3Helpers');
 const {
-    ACCESS_KEY_ID,
-    SECRET_ACCESS_KEY,
-} = require('../../utils/aws/awsExports');
+    uploadFile, downloadFile, deleteFile, deleteFolder,
+} = require('../../utils/aws/awsS3Helpers');
 const { removeRequestAttributes } = require('../../middleware/requests');
 const {
     STEP_IMMUTABLE_ATTRIBUTES,
@@ -162,10 +160,6 @@ router.get(
         // Open a stream from the S3 bucket
         const s3Stream = downloadFile(
             `${id}/${stepKey}/${fieldKey}/${fileName}`,
-            {
-                accessKeyId: ACCESS_KEY_ID,
-                secretAccessKey: SECRET_ACCESS_KEY,
-            },
         ).createReadStream();
 
         // Setup callbacks for stream error and stream close
@@ -223,8 +217,6 @@ router.delete(
             return sendResponse(res, 404, `File "${fileName}" does not exist`);
         }
 
-        // TODO: Remove this file from AWS as well once we have
-        // a "do you want to remove this" on the frontend
         // Remove the file from Mongo tracking
         stepData[fieldKey].splice(index, 1);
 
@@ -238,6 +230,11 @@ router.delete(
         patient.lastEditedBy = req.user.name;
         await patient.save();
 
+        // Remove this file from AWS as well
+        await deleteFile(
+            `${id}/${stepKey}/${fieldKey}/${fileName}`,
+        );
+
         return sendResponse(res, 200, 'File deleted');
     }),
 );
@@ -283,10 +280,6 @@ router.post(
         await uploadFile(
             file.data,
             `${id}/${stepKey}/${fieldKey}/${fileName}`,
-            {
-                accessKeyId: ACCESS_KEY_ID,
-                secretAccessKey: SECRET_ACCESS_KEY,
-            },
         );
 
         // Record this file in the DB
@@ -362,6 +355,55 @@ router.post(
     }),
 );
 
+/**
+ * Deletes all of the patient's data from the database.
+ */
+router.delete(
+    '/:id',
+    errorWrap(async (req, res) => {
+        const { id } = req.params;
+
+        // Makes sure patient exists
+        let patient;
+        try {
+            patient = await models.Patient.findById(id);
+        } catch {
+            return sendResponse(res, 404, `${id} is not a valid patient id`);
+        }
+
+        if (!patient) return sendResponse(res, 404, `Patient "${id}" not found`);
+
+        // Deletes the patient from the Patient Collection
+        await models.Patient.findOneAndDelete({ _id: mongoose.Types.ObjectId(id) });
+
+        const allStepKeys = await models.Step.find({}, 'key');
+
+        // Create array of promises to speed this up a bit
+        const lookups = allStepKeys.map(async (stepKeyData) => {
+            let Model;
+            const stepKey = stepKeyData.key;
+            try {
+                Model = mongoose.model(stepKey);
+                // eslint-disable-next-line no-await-in-loop
+                await Model.findOneAndDelete({ patientId: id });
+            } catch (error) {
+                // eslint-disable-next-line no-console
+                console.error(`DELETE /patients/:id - step ${stepKey} not found`);
+                return false;
+            }
+            return true;
+        });
+
+        // Deletes the patient from each Steps's Collection
+        await Promise.all(lookups);
+
+        // Deletes the patient's files from the AWS S3 bucket
+        await deleteFolder(id);
+
+        return sendResponse(res, 200, 'Deleted patient');
+    }),
+);
+
 const updatePatientStepData = async (patientId, StepModel, data) => {
     let patientStepData = await StepModel.findOne({ patientId });
 

backend/utils/aws/awsS3Helpers.js

@@ -1,6 +1,14 @@
 const AWS = require('aws-sdk');
 
-const { S3_BUCKET_NAME, S3_REGION } = require('./awsExports');
+const {
+    S3_BUCKET_NAME, S3_REGION, ACCESS_KEY_ID, SECRET_ACCESS_KEY,
+} = require('./awsExports');
+
+// S3 Credential Object created with access id and secret key
+const S3_CREDENTIALS = {
+    accessKeyId: ACCESS_KEY_ID,
+    secretAccessKey: SECRET_ACCESS_KEY,
+};
 
 /**
  * Uploads a file to the S3 bucket
@@ -9,14 +17,14 @@ const { S3_BUCKET_NAME, S3_REGION } = require('./awsExports');
  * @param credentials The temporary credentials of the end user. Frontend should provide this.
  * @param onUploaded Callback after finished uploading. Params are (err, data).
  */
-const uploadFile = async (content, remoteFileName, credentials) => {
+const uploadFile = async (content, remoteFileName) => {
     const params = {
         Body: content,
         Bucket: S3_BUCKET_NAME,
         Key: remoteFileName,
     };
 
-    const s3 = getS3(credentials);
+    const s3 = getS3(S3_CREDENTIALS);
     await s3.putObject(params).promise();
 };
 
@@ -26,18 +34,62 @@ const uploadFile = async (content, remoteFileName, credentials) => {
  * @param credentials The temporary credentials of the end user. Frontend should provide this.
  * @param onDownloaded Callback after finished downloading. Params are (err, data).
  */
-const downloadFile = (objectKey, credentials) => {
+const downloadFile = (objectKey) => {
     const params = {
         Bucket: S3_BUCKET_NAME,
         Key: objectKey,
     };
 
-    const s3 = getS3(credentials);
+    const s3 = getS3(S3_CREDENTIALS);
     const object = s3.getObject(params);
 
     return object;
 };
 
+const deleteFile = async (filePath) => {
+    const params = {
+        Bucket: S3_BUCKET_NAME,
+        Key: filePath,
+    };
+
+    const s3 = getS3(S3_CREDENTIALS);
+    await s3.deleteObject(params).promise();
+};
+
+/**
+ * Delete's all of the files in a folder
+ * @param {String} folderName The id of the patient
+ * Source: https://stackoverflow.com/questions/20207063/how-can-i-delete-folder-on-s3-with-node-js
+ */
+const deleteFolder = async (folderName) => {
+    const params = {
+        Bucket: S3_BUCKET_NAME,
+        Prefix: `${folderName}/`,
+    };
+
+    const s3 = getS3(S3_CREDENTIALS);
+
+    // Gets up to 1000 files that need to be deleted
+    const listedObjects = await s3.listObjectsV2(params).promise();
+    if (listedObjects.Contents.length === 0) return;
+
+    const deleteParams = {
+        Bucket: S3_BUCKET_NAME,
+        Delete: { Objects: [] },
+    };
+
+    // Builds a list of the files to delete
+    listedObjects.Contents.forEach(({ Key }) => {
+        deleteParams.Delete.Objects.push({ Key });
+    });
+
+    // Deletes the files from S3
+    await s3.deleteObjects(deleteParams).promise();
+
+    // If there are more than 1000 objects that need to be deleted from the folder
+    if (listedObjects.IsTruncated) await deleteFolder(folderName, S3_CREDENTIALS);
+};
+
 function getS3(credentials) {
     const s3 = new AWS.S3({
         accessKeyId: credentials.accessKeyId,
@@ -51,3 +103,5 @@ function getS3(credentials) {
 
 exports.uploadFile = uploadFile;
 exports.downloadFile = downloadFile;
+exports.deleteFolder = deleteFolder;
+exports.deleteFile = deleteFile;

frontend/src/api/api.js

@@ -71,6 +71,15 @@ export const updatePatient = async (patientId, updatedData) => {
     return res.data;
 };
 
+export const deletePatientById = async (patientId) => {
+    const requestString = `/patients/${patientId}`;
+    const res = await instance.delete(requestString);
+
+    if (!res?.data?.success) throw new Error(res?.data?.message);
+
+    return res.data;
+};
+
 export const getAllStepsMetadata = async (showHiddenFieldsAndSteps = false) => {
     const requestString = `/metadata/steps?showHiddenFields=${showHiddenFieldsAndSteps}&showHiddenSteps=${showHiddenFieldsAndSteps}`;