Missing Routes & Endpoints

Features and endpoints that need to be built or are currently incomplete

What Are Missing Routes?

These are features that users might expect or that would complete the platform functionality. Some are actively used by other parts of the app, while others would enhance the overall experience.

Currently Disabled Features

NHS Login Integration

Status: Temporarily Disabled

The NHS Login feature (using NHS OAuth) is currently disabled because it requires an external package that hasn't been installed yet. This allows users to authenticate using their NHS credentials instead of creating a separate password.

What needs to happen: Install the OAuth2 package and set up NHS Login credentials from the NHS identity service.

NHS Login Endpoints:

  • GET /api/nhs/login - Initiates NHS Login flow
  • GET /api/nhs/login/callback - Handles NHS OAuth callback
  • POST /api/nhs/logout - Logs out NHS users
  • POST /api/nhs/update-suborg - Updates user's sub-organisation after NHS login

Incomplete Features

📸 Image Upload & Media Handling

The upload endpoint exists but is currently unable to process images because the PHP GD extension (image processing library) is not installed on the server.

  • Affected endpoint: POST /api/upload
  • What's blocked: User avatar uploads, profile pictures
  • Fix needed: Install PHP GD extension

📱 Device Management

The device tracking system expects a devices table for managing user devices and sessions, but this table doesn't exist in the testing database yet.

  • Affected endpoint: POST /api/register-fcm-token
  • Purpose: Track which devices users log in from
  • Fix needed: Create database table and migration

🔐 Temporary Password Feature

Some endpoints reference a temp_password column for admin-reset scenarios, but this column doesn't exist in the users table.

  • Purpose: Allow admins to reset user passwords and send temporary ones
  • Status: Feature not yet implemented
  • Fix needed: Add column to users table and implement logic

💌 Letter Updates

The endpoint /api/updateletter doesn't exist. There's a replacement endpoint for updating skipped webform letters, but a general letter update endpoint may be needed.

  • Current endpoint: POST /api/updateLetterSkippedWebform
  • Possible future endpoint: POST /api/updateletter

Priority Matrix

Feature Impact Difficulty Priority
Image Upload (GD Extension) High - Users need avatars Easy High
NHS Login Medium - Nice to have Hard Medium
Device Management Medium - Useful for tracking Medium Medium
Temp Password System Low - Admin feature Easy Low

Quick Wins (Easy Fixes)

  • ✅ Install PHP GD extension - 5 minutes, solves image uploads immediately
  • ✅ Add temp_password column - straightforward database change
  • ✅ Create devices table - basic database schema