Merge Release-3.8.0 (3.6.1) to Main (#379)

* Move code to 3.6.1 to 3.8.0 (#372)

* fix: cors spell fixes and import of packages updates

* fix: deployment issue fix

* feat: amm-1959 dhis token for cho report re-direction

* fix: beneficiary history on revisit (#320)

* fix: call type mapper (#322)

* Elasticsearch implementation for Beneficiary Search (#324)

* fix: implement functionality to search beneficiaries with Elasticsearch

* fix: remove unwanted import

* fix: update pom.xml

* fix: change the response code

* variable added

* Elastic Search Implementation for Advanced Search (#327)

* fix: cherry-pick commits for advanced search

* fix: cherry-pick commit for token issue - mobile application

* fix: add the missing properties

* fix: add function to retrieve userid

* fix: move the fetch Userid to jwtUtil

* fix:signature check for mmu

* fix: retrive any user without deleted

* fix: update KM filepath

* FLW-713 Remove All File Upload Options (#350)

* FLW-713 Remove All File Upload Options

* Fix UserServiceRoleRepo dependency issue and codeRabit comment

* fixed coderabit comment

* fix userMappingId issue

* Add SMS functionality in release-3.6.1 (#358)

* Enable SMS Functionality in MMU App to Send Prescriptions  (#325)

* fix: sms template save and map mmu (#306)

* Vb/sms (#307)

* fix: sms template save and map mmu

* fix: enable mms for mmu prescription

* Enable SMS Functionality in MMU App to Send Prescriptions  (#325)

* fix: sms template save and map mmu (#306)

* Vb/sms (#307)

* fix: sms template save and map mmu

* fix: enable mms for mmu prescription

---------

Co-authored-by: Vishwanath Balkur <118195001+vishwab1@users.noreply.github.com>

---------

Co-authored-by: 5Amogh <amoghavarsh@navadhiti.com>
Co-authored-by: Vanitha S <116701245+vanitha1822@users.noreply.github.com>
Co-authored-by: Sachin Kadam <152252767+sac2kadam@users.noreply.github.com>
Co-authored-by: vanitha1822 <vanitha@navadhiti.com>
Co-authored-by: Saurav Mishra <80103738+SauravBizbRolly@users.noreply.github.com>

* fix: add OTP rate limiting to prevent OTP flooding on sendConsent endpoint (#373)

- Add OtpRateLimiterService with Redis-backed per-mobile rate limits (3/min, 10/hr, 20/day)
- Add OtpRateLimitException for 429 responses
- Integrate rate limiter in BeneficiaryOTPHandlerImpl and BeneficiaryConsentController
- Add otp.ratelimit.* properties to common_ci and common_docker profiles
- Update common_example.properties with new OTP rate limit config

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

* Health api (#376)

* Cherry-pick health and version API enhancements to release-3.6.1 (#371)

* feat(health,version): update version and health endpoints and add advance check for database

* fix(health): normalize severity and fix slow query false positives

* fix(health): avoid false CRITICAL on single long-running MySQL transaction

* fix(health): enforce 3s DB connection timeout via HikariCP

* Release 3.6.1 (#374)

* feat(health,version): update version and health endpoints and add advance check for database

* fix(health): normalize severity and fix slow query false positives

* fix(health): avoid false CRITICAL on single long-running MySQL transaction

* fix(health): enforce 3s DB connection timeout via HikariCP

* feat(health): add healthcontroller and fix versioncontroller issues

* fix: build error (#375)

---------

Co-authored-by: KOPPIREDDY DURGA PRASAD <144464542+DurgaPrasad-54@users.noreply.github.com>
Co-authored-by: Vanitha S <116701245+vanitha1822@users.noreply.github.com>

---------

Co-authored-by: Vishwanath Balkur <118195001+vishwab1@users.noreply.github.com>
Co-authored-by: 5Amogh <amoghavarsh@navadhiti.com>
Co-authored-by: Sachin Kadam <152252767+sac2kadam@users.noreply.github.com>
Co-authored-by: Saurav Mishra <80103738+SauravBizbRolly@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: KOPPIREDDY DURGA PRASAD <144464542+DurgaPrasad-54@users.noreply.github.com>

Author: 7 people

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "java.compile.nullAnalysis.mode": "automatic"
+}

pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>com.iemr.common-API</groupId>
 	<artifactId>common-api</artifactId>
-	<version>3.6.0</version>
+	<version>3.8.0</version>
 	<packaging>war</packaging>
 
 	<name>Common-API</name>

src/main/environment/common_ci.properties

@@ -19,6 +19,7 @@ km-base-path=@env.KM_API_BASE_PATH@
 km-root-path=/okm:personal/users/
 km-guest-user=@env.KM_GUEST_USER@
 km-guest-password=@env.KM_GUEST_PASSWORD@
+tempFilePath=@env.TEMP_FILE_PATH@
 
 # CTI Config
 cti-server-ip=@env.CTI_SERVER_IP@
@@ -202,5 +203,9 @@ platform.feedback.ratelimit.day-limit=@env.PLATFORM_FEEDBACK_RATELIMIT_DAY_LIMIT
 platform.feedback.ratelimit.user-day-limit=@env.PLATFORM_FEEDBACK_RATELIMIT_USER_DAY_LIMIT@
 platform.feedback.ratelimit.fail-window-minutes=@env.PLATFORM_FEEDBACK_RATELIMIT_FAIL_WINDOW_MINUTES@
 platform.feedback.ratelimit.backoff-minutes=@env.PLATFORM_FEEDBACK_RATELIMIT_BACKOFF_MINUTES@
+otp.ratelimit.enabled=@env.OTP_RATELIMIT_ENABLED@
+otp.ratelimit.minute-limit=@env.OTP_RATELIMIT_MINUTE_LIMIT@
+otp.ratelimit.hour-limit=@env.OTP_RATELIMIT_HOUR_LIMIT@
+otp.ratelimit.day-limit=@env.OTP_RATELIMIT_DAY_LIMIT@
 generateBeneficiaryIDs-api-url=@env.GEN_BENEFICIARY_IDS_API_URL@
 

src/main/environment/common_docker.properties

@@ -126,7 +126,7 @@ everwellRegisterBenficiary = ${COMMON_API_BASE_URL}/beneficiary/create
 ## LungAssessment credentials
 lungAssessmentEmail = ${SWAASA_EMAIL}
 lungAssessmentPassword =${SWAASA_PASSWORD}
-
+tempFilePath=${TEMP_FILE_PATH}
 
 ## SWASSA APIs
 lungAssessmentAdminLogin = ${SWAASA_BASE_URL}/api/adminLogin
@@ -206,4 +206,8 @@ platform.feedback.ratelimit.day-limit=${PLATFORM_FEEDBACK_RATELIMIT_DAY_LIMIT}
 platform.feedback.ratelimit.user-day-limit=${PLATFORM_FEEDBACK_RATELIMIT_USER_DAY_LIMIT}
 platform.feedback.ratelimit.fail-window-minutes=${PLATFORM_FEEDBACK_RATELIMIT_FAIL_WINDOW_MINUTES}
 platform.feedback.ratelimit.backoff-minutes=${PLATFORM_FEEDBACK_RATELIMIT_BACKOFF_MINUTES}
+otp.ratelimit.enabled=${OTP_RATELIMIT_ENABLED}
+otp.ratelimit.minute-limit=${OTP_RATELIMIT_MINUTE_LIMIT}
+otp.ratelimit.hour-limit=${OTP_RATELIMIT_HOUR_LIMIT}
+otp.ratelimit.day-limit=${OTP_RATELIMIT_DAY_LIMIT}
 generateBeneficiaryIDs-api-url={GEN_BENEFICIARY_IDS_API_URL}

src/main/environment/common_example.properties

@@ -25,6 +25,8 @@ km-root-path=/okm:personal/users/
 km-guest-user=guest
 km-guest-password=guest
 
+tempFilePath=/opt/openkm
+
 # CTI Config
 cti-server-ip=10.208.122.99
 cti-logger_base_url=http://10.208.122.99/logger
@@ -224,5 +226,10 @@ platform.feedback.ratelimit.user-day-limit=50
 platform.feedback.ratelimit.fail-window-minutes=5
 platform.feedback.ratelimit.backoff-minutes=15
 
+# --- OTP Rate Limiting (per mobile number) ---
+otp.ratelimit.minute-limit=3
+otp.ratelimit.hour-limit=10
+otp.ratelimit.day-limit=20
+
 ### generate Beneficiary IDs URL
 generateBeneficiaryIDs-api-url=/generateBeneficiaryController/generateBeneficiaryIDs

src/main/java/com/iemr/common/controller/beneficiary/BeneficiaryRegistrationController.java

@@ -36,6 +36,7 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
@@ -71,6 +72,8 @@
 import com.iemr.common.service.userbeneficiarydata.MaritalStatusService;
 import com.iemr.common.service.userbeneficiarydata.StatusService;
 import com.iemr.common.service.userbeneficiarydata.TitleService;
+import com.iemr.common.utils.CookieUtil;
+import com.iemr.common.utils.JwtUtil;
 import com.iemr.common.utils.mapper.InputMapper;
 import com.iemr.common.utils.mapper.OutputMapper;
 import com.iemr.common.utils.response.OutputResponse;
@@ -105,6 +108,8 @@ public class BeneficiaryRegistrationController {
 	private BeneficiaryOccupationService beneficiaryOccupationService;
 	private GovtIdentityTypeService govtIdentityTypeService;
 
+	@Autowired
+	private JwtUtil jwtUtil;
 
 	@Autowired
 	public void setBenRelationshipTypeService(BenRelationshipTypeService benRelationshipTypeService) {
@@ -344,6 +349,54 @@ public String searchUserByPhone(
 		return response.toString();
 	}
 
+	@Operation(summary = "Provide the list of beneficiaries using Elasticsearch")
+	@RequestMapping(value = "/searchUser", method = RequestMethod.POST, headers = "Authorization")
+	public String searchUser(@RequestBody String request, HttpServletRequest httpRequest) {
+		OutputResponse response = new OutputResponse();
+		try {
+			logger.info("Universal search request received");
+
+			JsonParser parser = new JsonParser();
+			JsonObject requestObj = parser.parse(request).getAsJsonObject();
+
+			String searchQuery = null;
+			if (requestObj.has("search") && !requestObj.get("search").isJsonNull()) {
+				searchQuery = requestObj.get("search").getAsString();
+			}
+
+			if (searchQuery == null || searchQuery.trim().isEmpty()) {
+				response.setError(400, "Search query is required");
+				return response.toString();
+			}
+
+			String auth = httpRequest.getHeader("Authorization");
+
+			Integer userID = jwtUtil.getUserIdFromRequest(httpRequest);
+
+			logger.info("ES search for userId: {}", userID);
+
+			Boolean is1097 = false;
+			if (requestObj.has("is1097") && !requestObj.get("is1097").isJsonNull()) {
+				is1097 = requestObj.get("is1097").getAsBoolean();
+			}
+
+			logger.info("Searching with query: {}, userId: {}, is1097: {}", searchQuery, userID, is1097);
+			String result = iemrSearchUserService.searchUser(searchQuery, userID, auth, is1097);
+
+			if (result == null || result.trim().isEmpty()) {
+				response.setError(200, "No beneficiaries found");
+				return response.toString();
+			}
+
+			return result;
+
+		} catch (Exception e) {
+			logger.error("Error in universal search: {}", e.getMessage(), e);
+			response.setError(400, "Error searching beneficiaries: " + e.getMessage());
+			return response.toString();
+		}
+	}
+
 	@Operation(summary = "Provide the list of beneficiaries based on search criteria")
 	@RequestMapping(value = "/searchBeneficiary", method = RequestMethod.POST, headers = "Authorization")
 	public String searchBeneficiary(
@@ -366,6 +419,41 @@ public String searchBeneficiary(
 		return output.toString();
 	}
 
+	/**
+	 * Elasticsearch-based advanced search endpoint
+	 */
+	@Operation(summary = "Advanced search beneficiaries using Elasticsearch")
+	@RequestMapping(value = "/searchBeneficiaryES", method = RequestMethod.POST, headers = "Authorization")
+	public String searchBeneficiaryES(
+			@RequestBody BeneficiaryModel request,
+			HttpServletRequest httpRequest) {
+
+		logger.info("searchBeneficiaryES request: {}", request);
+		OutputResponse output = new OutputResponse();
+
+		try {
+
+			String auth = httpRequest.getHeader("Authorization");
+
+			Integer userID = jwtUtil.getUserIdFromRequest(httpRequest);
+
+			logger.info("ES Advanced search for userId: {}", userID);
+
+			String result = iemrSearchUserService.findBeneficiaryES(request, userID, auth);
+
+			return result;
+
+		} catch (NumberFormatException ne) {
+			logger.error("searchBeneficiaryES failed with number format error: {}", ne.getMessage(), ne);
+			output.setError(400, "Invalid number format in search criteria");
+			return output.toString();
+		} catch (Exception e) {
+			logger.error("searchBeneficiaryES failed with error: {}", e.getMessage(), e);
+			output.setError(500, "Error searching beneficiaries: " + e.getMessage());
+			return output.toString();
+		}
+	}
+
 	@Operation(summary = "Provide all common data list needed for beneficiary registration")
 	@RequestMapping(value = "/getRegistrationData", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON, headers = "Authorization")
 	public String getRegistrationData() {

src/main/java/com/iemr/common/controller/beneficiaryConsent/BeneficiaryConsentController.java

@@ -22,6 +22,7 @@
 package com.iemr.common.controller.beneficiaryConsent;
 
 import com.iemr.common.data.beneficiaryConsent.BeneficiaryConsentRequest;
+import com.iemr.common.exception.OtpRateLimitException;
 import com.iemr.common.service.beneficiaryOTPHandler.BeneficiaryOTPHandler;
 import com.iemr.common.utils.mapper.InputMapper;
 import com.iemr.common.utils.response.OutputResponse;
@@ -58,7 +59,9 @@ public String sendConsent(@Param(value = "{\"mobNo\":\"String\"}") @RequestBody
             logger.info(success.toString());
             response.setResponse(success);
 
-
+        } catch (OtpRateLimitException e) {
+            logger.warn("OTP rate limit hit for sendConsent: " + e.getMessage());
+            response.setError(429, e.getMessage());
         } catch (Exception e) {
             response.setError(500, "error : " + e);
         }
@@ -105,6 +108,9 @@ public String resendConsent(@Param(value = "{\"mobNo\":\"String\"}") @RequestBod
             else
                 response.setError(500, "failure");
 
+        } catch (OtpRateLimitException e) {
+            logger.warn("OTP rate limit hit for resendConsent: " + e.getMessage());
+            response.setError(429, e.getMessage());
         } catch (Exception e) {
             logger.error("error in re-sending Consent : " + e);
             response.setError(500, "error : " + e);

src/main/java/com/iemr/common/controller/dynamicForm/DynamicFormController.java

@@ -84,9 +84,9 @@ public ResponseEntity<ApiResponse<?>> deleteField(@PathVariable Long fieldId) {
     }
 
     @GetMapping(value = "form/{formId}/fields")
-    public ResponseEntity<ApiResponse<?>> getStructuredForm(@PathVariable String formId, @RequestParam(name = "lang", defaultValue = "en") String lang) {
+    public ResponseEntity<ApiResponse<?>> getStructuredForm(@PathVariable String formId, @RequestParam(name = "lang", defaultValue = "en") String lang,@RequestHeader(value = "jwttoken") String token) {
         try {
-            Object result = formMasterService.getStructuredFormByFormId(formId,lang);
+            Object result = formMasterService.getStructuredFormByFormId(formId,lang,token);
             return ResponseEntity.status(HttpStatus.OK)
                     .body(ApiResponse.success("Form structure fetched successfully", HttpStatus.OK.value(), result));
         } catch (Exception e) {

src/main/java/com/iemr/common/controller/users/IEMRAdminController.java

@@ -1224,7 +1224,25 @@ public ResponseEntity<?> getUserDetails(@PathVariable("userName") String userNam
 				return new ResponseEntity<>(Map.of("error", "UserName Not Found"), HttpStatus.NOT_FOUND);
 			}
 			User user = users.get(0);
-			return new ResponseEntity<>(Map.of("userName", user.getUserName(), "userId", user.getUserID()), HttpStatus.OK);
+			return new ResponseEntity<>(Map.of("userName", user.getUserName(), "userId", user.getUserID()),
+					HttpStatus.OK);
+		} catch (Exception e) {
+			return new ResponseEntity<>(Map.of("error", "Internal server error"), HttpStatus.INTERNAL_SERVER_ERROR);
+		}
+
+	}
+
+	@Operation(summary = "Get UserId based on userName")
+	@GetMapping(value = "/checkUserName/{userName}", produces = MediaType.APPLICATION_JSON, headers = "Authorization")
+	public ResponseEntity<?> checkUserDetails(@PathVariable("userName") String userName) {
+		try {
+			List<User> users = iemrAdminUserServiceImpl.findUserIdByUserName(userName);
+			if (users.isEmpty()) {
+				return new ResponseEntity<>(Map.of("error", "UserName Not Found"), HttpStatus.NOT_FOUND);
+			}
+			User user = users.get(0);
+			return new ResponseEntity<>(Map.of("userName", user.getUserName(), "userId", user.getUserID()),
+					HttpStatus.OK);
 		} catch (Exception e) {
 			return new ResponseEntity<>(Map.of("error", "Internal server error"), HttpStatus.INTERNAL_SERVER_ERROR);
 		}

src/main/java/com/iemr/common/controller/version/VersionController.java

@@ -85,4 +85,4 @@ private Properties loadGitProperties() throws IOException {
 		}
 		return properties;
 	}
-}
+}