From 061fd45efdc25ce1ba2dea781045765485638b4a Mon Sep 17 00:00:00 2001
From: Potenz <vishnu10kumar11@gmail.com>
Date: Fri, 15 Aug 2025 18:32:36 +0530
Subject: [PATCH] validation added in route

---
 apps/Backend/src/routes/payments.ts | 38 ++++++++++++++++++++++++-----
 apps/Backend/src/storage/index.ts   | 18 ++++----------
 2 files changed, 37 insertions(+), 19 deletions(-)

diff --git a/apps/Backend/src/routes/payments.ts b/apps/Backend/src/routes/payments.ts
index 14ea08a..3ff57ab 100644
--- a/apps/Backend/src/routes/payments.ts
+++ b/apps/Backend/src/routes/payments.ts
@@ -74,10 +74,7 @@ router.get(
 
       const parsedClaimId = parseIntOrError(req.params.claimId, "Claim ID");
 
-      const payments = await storage.getPaymentsByClaimId(
-        parsedClaimId,
-        userId
-      );
+      const payments = await storage.getPaymentsByClaimId(parsedClaimId);
       if (!payments)
         return res.status(404).json({ message: "No payments found for claim" });
 
@@ -138,7 +135,6 @@ router.get("/filter", async (req: Request, res: Response): Promise<any> => {
 
     const { from, to } = validated.data;
     const payments = await storage.getPaymentsByDateRange(
-      userId,
       new Date(from),
       new Date(to)
     );
@@ -157,7 +153,7 @@ router.get("/:id", async (req: Request, res: Response): Promise<any> => {
 
     const id = parseIntOrError(req.params.id, "Payment ID");
 
-    const payment = await storage.getPaymentById(id, userId);
+    const payment = await storage.getPaymentById(id);
     if (!payment) return res.status(404).json({ message: "Payment not found" });
 
     res.status(200).json(payment);
@@ -205,6 +201,9 @@ router.put("/:id", async (req: Request, res: Response): Promise<any> => {
     if (!userId) return res.status(401).json({ message: "Unauthorized" });
 
     const paymentId = parseIntOrError(req.params.id, "Payment ID");
+    const paymentRecord = await storage.getPaymentById(paymentId);
+    if (!paymentRecord)
+      return res.status(404).json({ message: "Payment not found" });
 
     const validated = newTransactionPayloadSchema.safeParse(
       req.body.data as NewTransactionPayload
@@ -218,6 +217,33 @@ router.put("/:id", async (req: Request, res: Response): Promise<any> => {
 
     const { status, serviceLineTransactions } = validated.data;
 
+    // validation if req is valid
+    for (const txn of serviceLineTransactions) {
+      const line = paymentRecord.claim.serviceLines.find(
+        (sl) => sl.id === txn.serviceLineId
+      );
+      if (!line)
+        return res
+          .status(400)
+          .json({ message: `Invalid service line: ${txn.serviceLineId}` });
+
+      const paidAmount = new Decimal(txn.paidAmount ?? 0);
+      const adjustedAmount = new Decimal(txn.adjustedAmount ?? 0);
+      if (paidAmount.lt(0) || adjustedAmount.lt(0)) {
+        return res.status(400).json({ message: "Amounts cannot be negative" });
+      }
+      if (paidAmount.eq(0) && adjustedAmount.eq(0)) {
+        return res
+          .status(400)
+          .json({ message: "Must provide a payment or adjustment" });
+      }
+      if (paidAmount.gt(line.totalDue)) {
+        return res.status(400).json({
+          message: `Paid amount exceeds due for service line ${txn.serviceLineId}`,
+        });
+      }
+    }
+
     // Wrap everything in a transaction
     const result = await prisma.$transaction(async (tx) => {
       // 1. Create all new service line transactions
diff --git a/apps/Backend/src/storage/index.ts b/apps/Backend/src/storage/index.ts
index d47f688..3d16563 100644
--- a/apps/Backend/src/storage/index.ts
+++ b/apps/Backend/src/storage/index.ts
@@ -179,10 +179,9 @@ export interface IStorage {
   updatePayment(
     id: number,
     updates: UpdatePayment,
-    userId: number
   ): Promise<Payment>;
   deletePayment(id: number, userId: number): Promise<void>;
-  getPaymentById(id: number, userId: number): Promise<PaymentWithExtras | null>;
+  getPaymentById(id: number): Promise<PaymentWithExtras | null>;
   getRecentPaymentsByPatientId(
     patientId: number,
     limit: number,
@@ -191,7 +190,6 @@ export interface IStorage {
   getTotalPaymentCountByPatient(patientId: number): Promise<number>;
   getPaymentsByClaimId(
     claimId: number,
-    userId: number
   ): Promise<PaymentWithExtras | null>;
   getRecentPaymentsByUser(
     userId: number,
@@ -199,7 +197,6 @@ export interface IStorage {
     offset: number
   ): Promise<PaymentWithExtras[]>;
   getPaymentsByDateRange(
-    userId: number,
     from: Date,
     to: Date
   ): Promise<PaymentWithExtras[]>;
@@ -742,11 +739,10 @@ export const storage: IStorage = {
   async updatePayment(
     id: number,
     updates: UpdatePayment,
-    userId: number
   ): Promise<Payment> {
-    const existing = await db.payment.findFirst({ where: { id, userId } });
+    const existing = await db.payment.findFirst({ where: { id } });
     if (!existing) {
-      throw new Error("Not authorized or payment not found");
+      throw new Error("Payment not found");
     }
 
     return db.payment.update({
@@ -805,10 +801,9 @@ export const storage: IStorage = {
 
   async getPaymentById(
     id: number,
-    userId: number
   ): Promise<PaymentWithExtras | null> {
     const payment = await db.payment.findFirst({
-      where: { id, userId },
+      where: { id },
       include: {
         claim: {
           include: {
@@ -836,10 +831,9 @@ export const storage: IStorage = {
 
   async getPaymentsByClaimId(
     claimId: number,
-    userId: number
   ): Promise<PaymentWithExtras | null> {
     const payment = await db.payment.findFirst({
-      where: { claimId, userId },
+      where: { claimId },
       include: {
         claim: {
           include: {
@@ -899,13 +893,11 @@ export const storage: IStorage = {
   },
 
   async getPaymentsByDateRange(
-    userId: number,
     from: Date,
     to: Date
   ): Promise<PaymentWithExtras[]> {
     const payments = await db.payment.findMany({
       where: {
-        userId,
         createdAt: {
           gte: from,
           lte: to,