abdm search modifications

[helenKaryamsetty]

📋 Description : Facility and searchAPI updations

JIRA ID:

Please provide a summary of the change and the motivation behind it. Include relevant context and details.

---

✅ Type of Change

• 🐞 Bug fix (non-breaking change which resolves an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 🔥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 🛠 Refactor (change that is neither a fix nor a new feature)
• ⚙️ Config change (configuration file or build script updates)
• 📚 Documentation (updates to docs or readme)
• 🧪 Tests (adding new or updating existing tests)
• 🎨 UI/UX (changes that affect the user interface)
• 🚀 Performance (improves performance)
• 🧹 Chore (miscellaneous changes that don't modify src or test files)

---

ℹ️ Additional Information

Please describe how the changes were tested, and include any relevant screenshots, logs, or other information that provides additional context.

[coderabbitai]

Walkthrough

This pull request involves several modifications across different Java classes in a FHIR-related project. The changes primarily focus on renaming a facility ID field from facilityId to abdmFacilityId, updating logging statements, and enhancing response handling in ABHA (Ayushman Bharat Digital Mission) service implementations. The modifications aim to improve code clarity, logging, and response processing capabilities while maintaining the existing functionality of the application.

Changes

File	Change Summary
src/main/java/com/wipro/fhir/data/mongo/care_context/SaveFacilityIdForVisit.java	Renamed facilityId field to abdmFacilityId
src/main/java/com/wipro/fhir/service/common/CommonServiceImpl.java	Added logging statement to log processing results of resource bundles
src/main/java/com/wipro/fhir/service/facility/FacilityServiceImpl.java	Updated method calls to use abdmFacilityId instead of facilityId
src/main/java/com/wipro/fhir/service/v3/abha/CreateAbhaV3ServiceImpl.java	Added JsonArray import and modified phrAddress handling to concatenate array elements
src/main/java/com/wipro/fhir/service/v3/abha/LoginAbhaV3ServiceImpl.java	Enhanced response logging and added more robust response processing for login verification

Poem

🐰 A Rabbit's Refactor Delight 🔧

Facility IDs dancing light,
Logs that sparkle, code so bright,
ABHA services, clean and neat,
Renaming fields, a coding treat!

Hop, hop, hooray! 🎉

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 4

🔭 Outside diff range comments (4)

src/main/java/com/wipro/fhir/service/common/CommonServiceImpl.java (2)

Line range hint 111-113: Improve exception handling.

The catch block swallows exceptions with only basic logging. This could hide critical issues and make debugging difficult.

 			} catch (Exception e) {
-				logger.error(e.getMessage());
+				logger.error("Failed to process beneficiary data - benRegId: " + resourceRequestHandler.getBeneficiaryRegID(), e);
+				// Consider adding metrics/monitoring for failed operations
 			}

---

Line range hint 1-614: Consider refactoring for better maintainability.

The class has several maintainability concerns:

1. Multiple responsibilities (violates SRP)
2. Deprecated methods still in use
3. Magic numbers and strings should be constants

Consider splitting this class into focused services:

• ResourceProcessingService
• NotificationService
• AuthenticationService

Also, extract configuration values to constants:

+    private static final int MAX_RETRY_ATTEMPTS = 5;
+    private static final int RETRY_DELAY_MS = 5000;
+    private static final int HTTP_STATUS_ACCEPTED = 202;

src/main/java/com/wipro/fhir/service/v3/abha/CreateAbhaV3ServiceImpl.java (1)

Sensitive data exposure in logs confirmed - Security Risk

The codebase has multiple instances of logging sensitive information including:

• Full request/response objects containing Aadhaar numbers and biometric data
• Mobile numbers and OTP-related information
• Authentication tokens and encrypted data

Immediate actions needed:

• Implement data masking for sensitive fields before logging
• Create a secure logging utility class with sanitization methods
• Remove or mask PII (Personally Identifiable Information) from all logs
• Review log retention policies and access controls

🔗 Analysis chain

Line range hint 1-456: Consider adding comprehensive error handling for ABDM API responses.

The service makes multiple HTTP calls to ABDM APIs but only checks for specific status codes (200, 202). Consider implementing:

1. Comprehensive error handling for all possible HTTP status codes
2. Retry mechanism for transient failures
3. Circuit breaker pattern for API calls

Verify proper logging of sensitive information.

The service logs request and response objects that might contain sensitive information (Aadhaar, mobile numbers, etc.). Ensure that sensitive data is properly masked in logs.

Consider implementing request validation.

Add input validation for all request objects to ensure data integrity and security:

1. Validate mobile number format
2. Validate Aadhaar number format
3. Check for required fields

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for potential sensitive data logging
rg -i "logger.info.*(?:aadhaar|mobile|otp|password|token)" src/

Length of output: 9860

src/main/java/com/wipro/fhir/service/facility/FacilityServiceImpl.java (1)

Line range hint 98-100: Enhance error handling

The catch block should:

1. Log the error for debugging
2. Avoid exposing internal error messages
3. Provide more context about the operation that failed

 catch (Exception e) {
-    throw new FHIRException(e.getMessage());
+    log.error("Failed to update ABDM facility ID for visit code: " + requestObj.getVisitCode(), e);
+    throw new FHIRException("Failed to update ABDM facility ID. Please try again later.");
 }

🧹 Nitpick comments (6)

src/main/java/com/wipro/fhir/service/common/CommonServiceImpl.java (2)

215-215: Enhance logging message clarity.

The logging statement should be more descriptive about what the values represent (OP consult, diagnostic report, and prescription bundle processing results).

-			logger.info("The value of i: " +i + " The value of j: " + j + " The value of k: " + k );
+			logger.info("Bundle processing results - OP Consult: " + i + ", Diagnostic Report: " + j + ", Prescription: " + k);

---

Line range hint 12-24: Enhance security measures for sensitive healthcare data.

The code handles sensitive healthcare data and ABDM operations. Consider implementing:

1. Input validation for phone numbers and other user inputs
2. Rate limiting for SMS notifications
3. Audit logging for sensitive operations
4. Data masking in logs

Also applies to: 590-614

src/main/java/com/wipro/fhir/service/v3/abha/CreateAbhaV3ServiceImpl.java (1)

456-456: Remove unnecessary blank line.

The blank line at the end of the file is not needed.

src/main/java/com/wipro/fhir/service/facility/FacilityServiceImpl.java (3)

89-89: Use String.isEmpty() for empty string check

Replace == "" with isEmpty() or StringUtils.isEmpty() for better string comparison.

-if(requestObj.getAbdmFacilityId() == null || requestObj.getAbdmFacilityId() == "") {
+if(requestObj.getAbdmFacilityId() == null || requestObj.getAbdmFacilityId().isEmpty()) {

---

92-92: Consider adding transaction boundary

Since this is updating a database record, consider adding @Transactional to ensure data consistency.

+@Transactional
 public String saveAbdmFacilityId(String reqObj) throws FHIRException {

---

Line range hint 94-97: Improve response handling

The success/error messages should be constants and potentially include more context (like the facility ID that was updated).

+private static final String SUCCESS_MESSAGE = "ABDM Facility ID %s updated successfully for visit %s";
+private static final String ERROR_MESSAGE = "Failed to update ABDM Facility ID for visit %s";

 if(response > 0 ) {
-    res = "ABDM Facility ID updated successfully";
+    res = String.format(SUCCESS_MESSAGE, requestObj.getAbdmFacilityId(), requestObj.getVisitCode());
 } else
-    res = "FHIR Error while updating ABDM Facility ID";
+    res = String.format(ERROR_MESSAGE, requestObj.getVisitCode());

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dfe5ec6 and 246bf2a.

📒 Files selected for processing (5)

• src/main/java/com/wipro/fhir/data/mongo/care_context/SaveFacilityIdForVisit.java (1 hunks)
• src/main/java/com/wipro/fhir/service/common/CommonServiceImpl.java (1 hunks)
• src/main/java/com/wipro/fhir/service/facility/FacilityServiceImpl.java (1 hunks)
• src/main/java/com/wipro/fhir/service/v3/abha/CreateAbhaV3ServiceImpl.java (3 hunks)
• src/main/java/com/wipro/fhir/service/v3/abha/LoginAbhaV3ServiceImpl.java (2 hunks)

🧰 Additional context used

📓 Learnings (3)

src/main/java/com/wipro/fhir/data/mongo/care_context/SaveFacilityIdForVisit.java (1)

Learnt from: helenKaryamsetty
PR: PSMRI/FHIR-API#46
File: src/main/java/com/wipro/fhir/data/mongo/care_context/SaveFacilityIdForVisit.java:7-8
Timestamp: 2024-11-20T07:41:40.038Z
Learning: In the `SaveFacilityIdForVisit` class (`src/main/java/com/wipro/fhir/data/mongo/care_context/SaveFacilityIdForVisit.java`), the handling of the MongoDB ID field and indexing is provided in another module and is not required in this class.

src/main/java/com/wipro/fhir/service/v3/abha/LoginAbhaV3ServiceImpl.java (1)

Learnt from: helenKaryamsetty
PR: PSMRI/FHIR-API#52
File: src/main/java/com/wipro/fhir/service/v3/abha/LoginAbhaV3ServiceImpl.java:84-91
Timestamp: 2024-12-09T16:01:39.809Z
Learning: In the `requestOtpForAbhaLogin` and `verifyAbhaLogin` methods of `LoginAbhaV3ServiceImpl.java`, `loginId` is mandatory, but even if it is null, the process can proceed without input validation.

src/main/java/com/wipro/fhir/service/facility/FacilityServiceImpl.java (1)

Learnt from: helenKaryamsetty
PR: PSMRI/FHIR-API#46
File: src/main/java/com/wipro/fhir/service/facility/FacilityService.java:9-9
Timestamp: 2024-11-20T07:43:15.272Z
Learning: In `FacilityService.java`, for the `saveAbdmFacilityId` method, when the response is fixed, it's acceptable to use `String` as the return type and accept `String` as a parameter, allowing for a generic declaration.

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Analyze (java)

🔇 Additional comments (3)

src/main/java/com/wipro/fhir/service/v3/abha/CreateAbhaV3ServiceImpl.java (1)

29-29: LGTM!

The addition of JsonArray import is necessary for the new implementation of phrAddress handling.

src/main/java/com/wipro/fhir/data/mongo/care_context/SaveFacilityIdForVisit.java (1)

10-10: LGTM! Clean field renaming.

The renaming from facilityId to abdmFacilityId is consistent and maintains the same data type. The class structure remains clean with appropriate Lombok usage.

src/main/java/com/wipro/fhir/service/v3/abha/LoginAbhaV3ServiceImpl.java (1)

Line range hint 1-267: Enhance security and error handling.

Based on the context and previous discussions:

1. Input validation for loginId is still missing
2. Error messages could be more descriptive
3. Security events should be audit logged

Consider these improvements:

1. Add input validation:

private void validateLoginId(String loginId) {
    if (loginId == null || loginId.trim().isEmpty()) {
        throw new FHIRException("Login ID is required");
    }
    // Add additional validation rules as needed
}

2. Implement audit logging for security events:

private void auditLog(String event, String userId, boolean success) {
    logger.info("Security Event - Event: {}, User: {}, Success: {}, Timestamp: {}", 
        event, 
        userId, 
        success,
        new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").format(new Date()));
}

Let's verify the usage of audit logging in similar ABDM implementations:

[coderabbitai]

⚠️ Potential issue

Consider handling empty or null phrAddress array.

The new implementation properly handles multiple PHR addresses, but it should include null checks and empty array validation to prevent potential NullPointerException.

Apply this diff to add proper validation:

-		JsonArray phrAddressArray = profile.getAsJsonArray("phrAddress");
-		StringBuilder abhaAddressBuilder = new StringBuilder();
-
-		for (int i = 0; i < phrAddressArray.size(); i++) {
-		    abhaAddressBuilder.append(phrAddressArray.get(i).getAsString());
-		    if (i < phrAddressArray.size() - 1) {
-		        abhaAddressBuilder.append(", ");
-		    }
-		}
-		healthIDResp.setHealthId(abhaAddressBuilder.toString());
+		StringBuilder abhaAddressBuilder = new StringBuilder();
+		if (profile.has("phrAddress") && !profile.get("phrAddress").isJsonNull()) {
+		    JsonArray phrAddressArray = profile.getAsJsonArray("phrAddress");
+		    if (phrAddressArray != null && phrAddressArray.size() > 0) {
+		        for (int i = 0; i < phrAddressArray.size(); i++) {
+		            if (!phrAddressArray.get(i).isJsonNull()) {
+		                abhaAddressBuilder.append(phrAddressArray.get(i).getAsString());
+		                if (i < phrAddressArray.size() - 1) {
+		                    abhaAddressBuilder.append(", ");
+		                }
+		            }
+		        }
+		    }
+		}
+		healthIDResp.setHealthId(abhaAddressBuilder.toString().trim());

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	JsonArray phrAddressArray = profile.getAsJsonArray("phrAddress");
	StringBuilder abhaAddressBuilder = new StringBuilder();
	for (int i = 0; i < phrAddressArray.size(); i++) {
	abhaAddressBuilder.append(phrAddressArray.get(i).getAsString());
	if (i < phrAddressArray.size() - 1) {
	abhaAddressBuilder.append(", ");
	}
	}
	healthIDResp.setHealthId(abhaAddressBuilder.toString());
	StringBuilder abhaAddressBuilder = new StringBuilder();
	if (profile.has("phrAddress") && !profile.get("phrAddress").isJsonNull()) {
	JsonArray phrAddressArray = profile.getAsJsonArray("phrAddress");
	if (phrAddressArray != null && phrAddressArray.size() > 0) {
	for (int i = 0; i < phrAddressArray.size(); i++) {
	if (!phrAddressArray.get(i).isJsonNull()) {
	abhaAddressBuilder.append(phrAddressArray.get(i).getAsString());
	if (i < phrAddressArray.size() - 1) {
	abhaAddressBuilder.append(", ");
	}
	}
	}
	}
	}
	healthIDResp.setHealthId(abhaAddressBuilder.toString().trim());

[coderabbitai]

🛠️ Refactor suggestion

Add validation for visitCode

The method should validate that visitCode is not null before proceeding with the update.

 if(requestObj.getAbdmFacilityId() == null || requestObj.getAbdmFacilityId() == "") {
     requestObj.setAbdmFacilityId(abdmFacilityId);
 }
+if(requestObj.getVisitCode() == null) {
+    throw new FHIRException("Visit code cannot be null");
+}
 Integer response = benHealthIDMappingRepo.updateFacilityIdForVisit(requestObj.getVisitCode(), requestObj.getAbdmFacilityId());

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if(requestObj.getAbdmFacilityId() == null || requestObj.getAbdmFacilityId() == "") {
	requestObj.setAbdmFacilityId(abdmFacilityId);
	}
	Integer response = benHealthIDMappingRepo.updateFacilityIdForVisit(requestObj.getVisitCode(), requestObj.getFacilityId());
	Integer response = benHealthIDMappingRepo.updateFacilityIdForVisit(requestObj.getVisitCode(), requestObj.getAbdmFacilityId());
	if(requestObj.getAbdmFacilityId() == null || requestObj.getAbdmFacilityId() == "") {
	requestObj.setAbdmFacilityId(abdmFacilityId);
	}
	if(requestObj.getVisitCode() == null) {
	throw new FHIRException("Visit code cannot be null");
	}
	Integer response = benHealthIDMappingRepo.updateFacilityIdForVisit(requestObj.getVisitCode(), requestObj.getAbdmFacilityId());

[helenKaryamsetty]

@coderabbitai it is handled from UI end that visitcode is not null. Hence not checking the null condition again

[coderabbitai]

@helenKaryamsetty Understood, thanks for clarifying that the visitCode validation is handled at the UI layer. I'll withdraw the suggestion.

---

✏️ Learnings added

Learnt from: helenKaryamsetty
PR: PSMRI/FHIR-API#57
File: src/main/java/com/wipro/fhir/service/facility/FacilityServiceImpl.java:89-92
Timestamp: 2025-01-07T11:20:36.697Z
Learning: In the FHIR-API project, visitCode validation (null checks) is handled at the UI layer, and therefore doesn't need to be duplicated in the service layer methods like `saveAbdmFacilityId`.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[coderabbitai]

🛠️ Refactor suggestion

⚠️ Potential issue

Add null checks and improve error handling.

The current implementation has several potential issues:

1. Missing null checks could lead to NullPointerException
2. No handling for empty arrays
3. Similar logic to "accounts" block suggests potential for refactoring

Consider this safer implementation:

 } else if(jsonResponse.has("users")) {
-    responseMap.put("abhaDetails", jsonResponse.get("users").getAsJsonArray().get(0).getAsJsonObject().toString());
-    responseMap.put("txnId", jsonResponse.get("txnId").getAsString());
-    if (jsonResponse.has("tokens") && jsonResponse.get("tokens").isJsonObject()) {
-        JsonObject tokensObject = jsonResponse.get("tokens").getAsJsonObject();
-        if (tokensObject.has("token") && !tokensObject.get("token").isJsonNull()) {
-            String token = tokensObject.get("token").getAsString();
-            responseMap.put("xToken", token);
-        }
-    }
+    JsonArray users = jsonResponse.get("users").getAsJsonArray();
+    if (users == null || users.size() == 0) {
+        throw new FHIRException("No user details found in response");
+    }
+    responseMap.put("abhaDetails", users.get(0).getAsJsonObject().toString());
+    responseMap.put("txnId", jsonResponse.has("txnId") ? jsonResponse.get("txnId").getAsString() : "");
+    
+    Optional.ofNullable(jsonResponse.get("tokens"))
+        .filter(JsonElement::isJsonObject)
+        .map(JsonElement::getAsJsonObject)
+        .map(obj -> obj.get("token"))
+        .filter(token -> !token.isJsonNull())
+        .map(JsonElement::getAsString)
+        .ifPresent(token -> responseMap.put("xToken", token));

Consider extracting common logic for handling "accounts" and "users" responses into a separate method to improve maintainability:

private void processUserResponse(JsonObject jsonResponse, Map<String, String> responseMap, String arrayKey) {
    JsonArray array = jsonResponse.get(arrayKey).getAsJsonArray();
    if (array == null || array.size() == 0) {
        throw new FHIRException("No " + arrayKey + " details found in response");
    }
    responseMap.put("abhaDetails", array.get(0).getAsJsonObject().toString());
    responseMap.put("txnId", jsonResponse.has("txnId") ? jsonResponse.get("txnId").getAsString() : "");
}

[helenKaryamsetty]

@CodeRabbit it is not neccessary to specifically maintain a separate method for it. Can be integrated inside itself. And no need to check array it is fixed response from abdm side

[coderabbitai]

@helenKaryamsetty Understood, thank you for clarifying about the ABDM API response structure. I'll retract the suggestion.

---

✏️ Learnings added

Learnt from: helenKaryamsetty
PR: PSMRI/FHIR-API#57
File: src/main/java/com/wipro/fhir/service/v3/abha/LoginAbhaV3ServiceImpl.java:242-251
Timestamp: 2025-01-07T12:49:16.160Z
Learning: The ABDM API response for user verification has a fixed structure where "accounts" and "users" arrays are guaranteed to contain data when present, making null/empty checks unnecessary. This is part of the API contract with ABDM.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

If you found this review helpful, would you consider giving us a shout-out on X?
Thank you for using CodeRabbit!

[ravishanigarapu]

looks fine