feat(family-health): add family member health management with CRUD API and profile UI (Closes #142)#185
Conversation
…I and profile UI (Closes vallabhatech#142)
|
@SakethSumanBathini is attempting to deploy a commit to the vallabhatech's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
Warning Review limit reached
More reviews will be available in 40 minutes and 29 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughAdds a complete Family Health Management feature: a ChangesFamily Health Management
Sequence Diagram(s)sequenceDiagram
participant User
participant FamilyMembers
participant API as /api/family
participant MongoDB
User->>FamilyMembers: opens Profile page
FamilyMembers->>API: GET /api/family
API->>MongoDB: find({ user }) sorted by createdAt desc
MongoDB-->>API: member documents
API-->>FamilyMembers: JSON array
FamilyMembers-->>User: renders member cards
User->>FamilyMembers: clicks Add / Edit
FamilyMembers-->>User: opens MUI dialog with form
User->>FamilyMembers: submits form (name required)
FamilyMembers->>API: POST /api/family or PUT /api/family/:id
API->>MongoDB: count check then save / findById + ownership + save
MongoDB-->>API: saved document
API-->>FamilyMembers: 200 JSON
FamilyMembers-->>User: closes dialog, refreshes list
User->>FamilyMembers: clicks Delete
FamilyMembers-->>User: opens confirmation dialog
User->>FamilyMembers: confirms
FamilyMembers->>API: DELETE /api/family/:id
API->>MongoDB: findById + ownership + findByIdAndDelete
MongoDB-->>API: deleted
API-->>FamilyMembers: 200 JSON
FamilyMembers-->>User: refreshes list
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@server/routes/family.js`:
- Around line 32-34: The dateOfBirth field assignment on line 33 accepts any
parseable input and creates a Date object, but does not validate whether the
resulting Date is actually valid. When an invalid date string is passed,
JavaScript creates an Invalid Date object which later fails during Mongoose save
with a 500 error instead of a 400 validation error. Add validation after
creating the Date object from body.dateOfBirth to check if it is a valid date
using isNaN() on the getTime() method, and if invalid, return a 400 status
response with an appropriate error message before the save attempt. Apply this
same validation pattern to the other date field assignments mentioned in lines
58-79 and 97-104.
- Around line 89-95: The code currently performs ownership verification and
mutation as separate database operations, creating a race condition where the
document could change between the check and the update/delete. To fix this,
combine the ownership check directly into the update and delete queries using a
compound query condition that includes both the document ID and the ownership
predicate. This makes the authorization and mutation atomic in a single database
operation. Apply this pattern to all PUT and DELETE handlers that currently use
the findById pattern followed by ownership verification.
- Around line 66-75: The countDocuments check on line 66 and the member.save()
call on line 73 create a race condition where concurrent requests can bypass the
MAX_FAMILY_MEMBERS limit. Make this operation atomic by wrapping both the count
check and the member creation in a database transaction, or alternatively use
MongoDB's atomic operations such as findOneAndUpdate with a condition that
enforces the limit atomically. This ensures that only one request can
successfully create a member when the limit is reached.
In `@src/components/FamilyMembers.jsx`:
- Around line 147-156: The confirmDelete function lacks protection against
duplicate submissions when users click rapidly, which can trigger multiple
DELETE requests and display false errors. Add an in-flight state flag (such as
an isDeleting state variable) that is set to true when the delete request begins
and false when it completes (in both the try and catch blocks). Use this flag to
guard the beginning of the confirmDelete function to prevent execution if a
delete operation is already in progress, and also disable the delete button in
the UI while isDeleting is true to prevent multiple rapid clicks from reaching
the confirmDelete function.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 8ac09ade-a0d0-4ff8-89e7-33ec9e144a8e
📒 Files selected for processing (16)
server/index.jsserver/models/FamilyMember.jsserver/routes/family.jssrc/components/FamilyMembers.jsxsrc/i18n.jssrc/i18n/locales/ar.jsonsrc/i18n/locales/de.jsonsrc/i18n/locales/en.jsonsrc/i18n/locales/es.jsonsrc/i18n/locales/fr.jsonsrc/i18n/locales/hi.jsonsrc/i18n/locales/ja.jsonsrc/i18n/locales/pt.jsonsrc/i18n/locales/ru.jsonsrc/i18n/locales/zh.jsonsrc/pages/Profile.jsx
|
Hi @vallabhatech — follow-up commit (4d82ed9) addresses the CodeRabbit review: dateOfBirth validation returns 400 on invalid input, PUT/DELETE ownership checks are now atomic (single DB op each), and the delete button has a double-submit guard. One comment (MAX_FAMILY_MEMBERS transaction) is deferred — MongoDB transactions require a replica set and would break the route on the current deployment setup. CI still passes 30/30. Ready for review! |
|
1 participant
Pushed cleanly — 16 files, 1008 insertions, 3 new files confirmed. Now open the PR:
Go to: https://github.com/SakethSumanBathini/CareSync/pull/new/feat/family-health-management
Use this PR body:
Title: feat(family-health): add family member health management with CRUD API and profile UI (Closes #142)
Base branch: vallabhatech:main
Body:
Summary
Implements full family member health management — users can add up to 20 family members, record their health profile (relationship, date of birth, gender, blood group, allergies, chronic conditions, notes), and edit or remove them from their profile page.
Closes #142
What was built
New files (3)
server/models/FamilyMember.jsuserref for per-user scoping,name/relationship/dateOfBirth/gender/bloodGroup/allergies/conditions/notes/linkedUserId, compound index{user:1, createdAt:-1}server/routes/family.js/api/family— ownership-checked, field-whitelisted (blocksuser/_idinjection), ObjectId-guarded, max-20 enforcedsrc/components/FamilyMembers.jsxModified files (3 backend + 3 frontend)
server/index.js/api/familyafter/api/health-metrics(line 73)src/i18n.js"family"to ns arraysrc/pages/Profile.jsx<FamilyMembers />after the profile cardsrc/i18n/locales/*.json(×10)familynamespace (36 keys) in all 10 languagesAPI endpoints
All routes require
Authorization: Bearer <token>(existingauthMiddleware)./api/family/api/family/api/family/:id/api/family/:idFrontend features
PR isolation from open PRs #183 and #184
This PR is fully disjoint from #183 (auth.js — untouched). For #184:
FamilyMembermodel (not User subdoc) —User.jsuntouchedfamilynamespace to locale files — does not touch theprofilenamespace edited by feat(emergency-contacts): add emergency contact management with CRUD, primary contact, and quick-access actions (Closes #143) #184server/index.jsmount is on line 73 (4 lines from feat(emergency-contacts): add emergency contact management with CRUD, primary contact, and quick-access actions (Closes #143) #184's hunk) — git auto-mergesi18n.jsns array — feat(emergency-contacts): add emergency contact management with CRUD, primary contact, and quick-access actions (Closes #143) #184 does not touch this file — no conflictVerification
node --checkon all 3 backend filesFamilyMembers.jsxesbuild compileen.jsonfamily keys (no missing/extra)CI=true npm test→ 30/30 pass (incl. i18n key-structure test)npm run build→ Compiled successfully (311 KB)Checklist
mainSummary by CodeRabbit