fix(generalopd): return correct HTTP status codes and remove PII from logs

[PragyaTripathi990]

Problem

Three separate but related issues in the GeneralOPD module:

1. All API endpoints always returned HTTP 200, even on errors. GeneralOPDController was calling response.toString() instead of the existing response.toStringWithHttpStatus() method — making it impossible for clients to distinguish success from failure without parsing the response body.

2. Patient PII (vitals, prescriptions, history) was logged at INFO level via raw request-body string concatenation (logger.info("Request object for ... :" + requestObj)). This violates HIPAA/data-protection principles and would appear in any log aggregation system.

3. OutputResponse had two constant bugs that caused the above to go unnoticed:

   • BAD_REQUEST = 404 (should be 400)
   • TM_EXCEPTION = 5010 (duplicate of SWYMED_EXCEPTION; should be 5011)

Relates to #153, #115

Changes

OutputResponse.java

• Fixed BAD_REQUEST constant: 404 → 400
• Fixed TM_EXCEPTION constant: 5010 → 5011 (now distinct from SWYMED_EXCEPTION)
• Improved toStringWithHttpStatus() switch to correctly map all status codes to HTTP responses (400, 401, 403, 500)

GeneralOPDController.java

• Changed all 8 method return types from String to ResponseEntity<String>
• Changed all return response.toString() to return response.toStringWithHttpStatus()
• Removed all PII-leaking logger.info("Request object for ... :" + requestObj) lines
• Changed response.setError(5000, "Invalid request") to response.setError(OutputResponse.BAD_REQUEST, "Invalid request")
• Changed error logging to SLF4J parameterized form: logger.error("...: {}", e.getMessage())

GlobalExceptionHandler.java (new file)

• Added @RestControllerAdvice to catch any exceptions that escape individual controller try-catch blocks
• Handles IEMRException → HTTP 401 with structured error body
• Handles generic Exception → HTTP 500 with structured error body
• Ensures the API never returns an unstructured 500 or a misleading 200

Test plan

• POST /generalOPD/save/nurseData with invalid JSON → returns HTTP 400
• POST /generalOPD/save/nurseData with valid data → returns HTTP 200
• POST /generalOPD/getBenVisitDetailsFrmNurseGOPD with missing fields → returns HTTP 400
• Check application logs after a nurse-data save — no request body content in logs
• Verify OutputResponse.BAD_REQUEST is 400 in unit tests
• Trigger an unhandled exception → verify GlobalExceptionHandler returns HTTP 500

🤖 Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@PragyaTripathi990 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 44 minutes and 52 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 90f93c82-4dbb-4c25-a48c-71f1018d696c

📥 Commits

Reviewing files that changed from the base of the PR and between 3861dd1 and f286fad.

📒 Files selected for processing (3)

• src/main/java/com/iemr/hwc/controller/GlobalExceptionHandler.java
• src/main/java/com/iemr/hwc/controller/generalOPD/GeneralOPDController.java
• src/main/java/com/iemr/hwc/utils/response/OutputResponse.java

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate failed

Failed conditions
10.4% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud