Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/flexycode/healthcare-management-system

๐Ÿค– Heathcare Management System
https://github.com/flexycode/healthcare-management-system

express information-security javascript mern-stack mongodb nodejs software-engineering

Last synced: 16 days ago
JSON representation

๐Ÿค– Heathcare Management System

Awesome Lists containing this project

README 

          
# ๐Ÿฅ Healthcare Management System





  React

  Node.js

  Express

  MongoDB

  Vite

  TailwindCSS






  A comprehensive, full-stack platform for managing patient records, appointments, and medical billing โ€” built with modern web technologies and enterprise-grade security features.




---



## ๐Ÿ“‘ Table of Contents



- [Features](#-features)

- [Screenshots](#-screenshots)

  - [Frontend UI](#-frontend-ui)

  - [Backend โ€” Data Management](#-backend--data-management)

  - [Database โ€” MongoDB Atlas](#-database--mongodb-atlas)

- [Tech Stack](#๏ธ-tech-stack)

- [Getting Started](#-getting-started)

  - [Prerequisites](#-prerequisites)

  - [Installation](#-installation)

  - [Environment Setup](#๏ธ-environment-setup)

  - [Seed Database](#-seed-database)

  - [Run Application](#๏ธ-run-application)

  - [Access Points](#-access-points)

- [Default Login Credentials](#-default-login-credentials)

- [MongoDB Atlas Setup](#๏ธ-mongodb-atlas-setup)

- [API Documentation](#-api-documentation)

  - [Authentication](#-authentication)

  - [Patients](#-patients)

  - [Appointments](#-appointments)

  - [Billing](#-billing)

- [Security Features](#-security-features)

- [Project Structure](#-project-structure)

- [Troubleshooting](#-troubleshooting)

- [Changelog](#-changelog)

- [Contributing](#-contributing)

- [Contributors](#-contributors)

- [License](#-license)



---



## โœจ Features



| Feature | Description |

|---------|-------------|

| ๐Ÿ‘ฅ **Patient Management** | Full CRUD operations for patient records with search and filtering |

| ๐Ÿ“… **Appointment Scheduling** | Schedule, manage, and track appointments with doctor assignment |

| ๐Ÿ’ฐ **Billing & Invoices** | Generate invoices with line items, track payment status (Pending/Paid) |

| ๐Ÿ”’ **Role-Based Access Control** | Granular permissions for Admin, Doctor, and Staff roles |

| ๐ŸŽซ **JWT Authentication** | Secure token-based authentication with session management |

| ๐Ÿ›ก๏ธ **Admin Token Gate** | Registration requires a valid admin token to prevent unauthorized signups |

| โฑ๏ธ **Rate Limiting** | Brute-force protection on login and registration endpoints |

| โœ… **Input Validation** | Server-side validation with detailed error messages on all endpoints |

| ๐ŸŒ **Environment Config** | Centralized API URL management via environment variables |

| ๐ŸŽจ **Modern Dark UI** | Responsive dark sidebar with teal accents and smooth animations |



---



## ๐Ÿ“ธ Screenshots



### ๐Ÿ–ฅ๏ธ Frontend UI



#### Login Page

*Clean, minimal authentication interface with username/password fields and registration link.*





  Login Page




#### Dashboard Overview

*Admin dashboard displaying real-time statistics, quick actions, upcoming appointments, and recent patients.*





  Dashboard with Data




#### Appointments Management

*View all scheduled appointments with patient details, dates, status badges, and inline edit/delete actions.*





  Appointments List




---



### ๐Ÿ“Š Backend โ€” Data Management



#### Patient Management

*Tabular patient records with search by name/contact. Supports full CRUD with add, edit, and delete actions.*





  Patient Management โ€” List View




#### Add New Patient Modal

*Detailed patient registration form capturing full name, age, gender, contact, address, and medical history.*





  Add Patient Modal




#### Schedule Appointment Modal

*Appointment booking with patient/doctor dropdowns, date-time picker, and reason field.*





  Schedule Appointment Modal




#### Create Invoice Modal

*Invoice creation with dynamic line items, auto-calculated total, and patient selection.*





  Create Invoice Modal




#### Billing & Invoices โ€” List View

*Invoice management dashboard with summary cards (Total, Pending, Paid) and status tracking per patient.*





  Billing List View




---



### ๐Ÿ—„๏ธ Database โ€” MongoDB Atlas



#### Billing Record (Single Invoice)

*Individual invoice record showing patient name, amount, status badge, date, and action buttons.*





  Single Invoice Record




#### Patient Records (2 Entries)

*Patient collection with structured columns: Name, Age, Gender, Contact, and CRUD actions.*





  Patient Records Table




#### Appointments List (Full Data)

*Complete appointments view with all scheduled check-ups, dates, and status badges.*





  Appointments Full Data




#### Dashboard (Initial State)

*Fresh dashboard with single patient record and no appointments โ€” demonstrating clean initial state.*





  Dashboard Initial State




---



## ๐Ÿ› ๏ธ Tech Stack



| Layer | Technologies |  

|-------|-------------|

| **Frontend** | React, Vite, TailwindCSS, Framer Motion |

| **Backend** | Node.js, Express, MongoDB, Mongoose ODM |

| **Auth** | JWT, bcrypt, RBAC (Admin, Doctor, Staff) |

| **Security** | express-rate-limit, express-validator, Admin Token Gate |

| **Dev Tools** | nodemon, dotenv, cors |



---



## ๐Ÿš€ Getting Started



### ๐Ÿ“‹ Prerequisites



- Node.js (v18+)

- MongoDB Atlas account (or local MongoDB)

- npm or yarn



### ๐Ÿ“ฆ Installation



```bash

# Clone repository

git clone 

cd Healthcare-management-system



# Install server dependencies

cd server && npm install



# Install client dependencies

cd ../client && npm install

```



### โš™๏ธ Environment Setup



Create `server/.env`:

```env

PORT=5000

MONGO_URI=mongodb+srv://:@cluster0.xxxxx.mongodb.net/hms_db?appName=Cluster0

JWT_SECRET=your_jwt_secret_key_here

ADMIN_REGISTER_TOKEN=hms_admin_register_2024_!@#

```



Create `client/.env`:

```env

VITE_API_URL=http://localhost:5000/api

```



> โš ๏ธ **Important:** Both `.env` files are excluded from version control via `.gitignore`.



### ๐ŸŒฑ Seed Database



```bash

cd server

node seed.js

```



### โ–ถ๏ธ Run Application



| Terminal | Command | Directory |

|----------|---------|-----------|

| 1๏ธโƒฃ Server | `npm run dev` | `/server` |

| 2๏ธโƒฃ Client | `npm run dev` | `/client` |



### ๐ŸŒ Access Points



| Service | URL |

|---------|-----|

| ๐Ÿ–ฅ๏ธ Frontend | http://localhost:5173 |

| โšก Backend API | http://localhost:5000 |



---



## ๐Ÿ” Default Login Credentials



| Username | Password | Role |

|----------|----------|------|

| `admin` | `password123` | ๐Ÿ‘‘ Admin |

| `doctor` | `password123` | ๐Ÿฉบ Doctor |

| `staff` | `password123` | ๐Ÿ‘ค Staff |



> ๐Ÿ’ก Run `node seed.js` in the server folder to create these users.



---



## โ˜๏ธ MongoDB Atlas Setup



1. ๐ŸŒ Create account at [mongodb.com/cloud/atlas](https://www.mongodb.com/cloud/atlas)

2. ๐Ÿ—„๏ธ Create a free M0 cluster

3. ๐Ÿ‘ค **Database Access**: Add a database user with read/write permissions

4. ๐ŸŒ **Network Access**: Whitelist your IP (or `0.0.0.0/0` for development)

5. ๐Ÿ”— **Connect**: Get connection string and update `server/.env`



> โš ๏ธ **Important:** Add `/hms_db` to the connection string before the `?` to specify the database name.



---



## ๐Ÿ“ก API Documentation



### ๐Ÿ” Authentication

| Method | Endpoint | Description |

|--------|----------|-------------|

| POST | `/api/auth/register` | Register new user *(requires `x-admin-token` header)* |

| POST | `/api/auth/login` | Login user *(rate-limited: 10 req/15 min)* |



### ๐Ÿ‘ฅ Patients

| Method | Endpoint | Description |

|--------|----------|-------------|

| GET | `/api/patients` | Get all patients |

| POST | `/api/patients` | Create patient *(validated: name, age, gender, contact)* |

| PUT | `/api/patients/:id` | Update patient |

| DELETE | `/api/patients/:id` | Delete patient |



### ๐Ÿ“… Appointments

| Method | Endpoint | Description |

|--------|----------|-------------|

| GET | `/api/appointments` | Get all appointments |

| POST | `/api/appointments` | Create appointment *(validated: patient, doctor, date)* |

| PUT | `/api/appointments/:id` | Update appointment |

| DELETE | `/api/appointments/:id` | Delete appointment |



### ๐Ÿ’ณ Billing

| Method | Endpoint | Description |

|--------|----------|-------------|

| GET | `/api/billing` | Get all invoices |

| POST | `/api/billing` | Create invoice *(validated: patient, amount, status)* |

| PUT | `/api/billing/:id` | Update invoice |

| DELETE | `/api/billing/:id` | Delete invoice |



---



## ๐Ÿ›ก๏ธ Security Features



| Feature | Description |

|---------|-------------|

| **Admin Token Registration** | User registration requires a valid `x-admin-token` header (configured in `server/.env`) |

| **Rate Limiting** | Login: 10 req/15 min ยท Registration: 5 req/15 min per IP |

| **Input Validation** | `express-validator` schemas on all endpoints with detailed error messages |

| **JWT Authentication** | Secure token-based auth with expiration |

| **Role-Based Access** | 3 roles (Admin, Doctor, Staff) with granular permissions |

| **Password Hashing** | bcrypt with salt rounds for secure password storage |

| **Environment Variables** | All secrets isolated in `.env` files (not committed to repo) |



> ๐Ÿ’ก **Admin Token:** Share the `ADMIN_REGISTER_TOKEN` only with authorized personnel who need to create new user accounts.



---



## ๐Ÿ“ Project Structure



```

Healthcare-management-system/

โ”œโ”€โ”€ client/                     # React + Vite frontend

โ”‚   โ”œโ”€โ”€ src/

โ”‚   โ”‚   โ”œโ”€โ”€ components/         # Reusable UI components (Sidebar, Layout)

โ”‚   โ”‚   โ”œโ”€โ”€ config/             # API URL configuration

โ”‚   โ”‚   โ”œโ”€โ”€ context/            # Auth context (login, register, token)

โ”‚   โ”‚   โ””โ”€โ”€ pages/              # Page components (Dashboard, Patients, etc.)

โ”‚   โ”œโ”€โ”€ .env                    # Client environment variables

โ”‚   โ””โ”€โ”€ package.json

โ”œโ”€โ”€ server/                     # Node.js + Express backend

โ”‚   โ”œโ”€โ”€ controllers/            # Route handlers (auth, patients, etc.)

โ”‚   โ”œโ”€โ”€ middleware/              # Auth, rate limiting, validation

โ”‚   โ”œโ”€โ”€ models/                 # Mongoose schemas (User, Patient, etc.)

โ”‚   โ”œโ”€โ”€ routes/                 # API route definitions

โ”‚   โ”œโ”€โ”€ seed.js                 # Database seeder for default users

โ”‚   โ”œโ”€โ”€ .env                    # Server environment variables

โ”‚   โ””โ”€โ”€ package.json

โ”œโ”€โ”€ assets/                     # Screenshots and design references

โ”‚   โ””โ”€โ”€ Web Application Screen Designs/

โ”‚       โ”œโ”€โ”€ Web Application UI/

โ”‚       โ””โ”€โ”€ Database Development/

โ””โ”€โ”€ README.md

```



---



## ๐Ÿ”ง Troubleshooting



| Error | Solution |

|-------|----------|

| `ECONNREFUSED` | MongoDB not running. Check Atlas connection or start local MongoDB |

| `Authentication failed` | Verify username/password in `server/.env` |

| `IP not whitelisted` | Add your IP in Atlas โ†’ Network Access |

| `User not found` | Run `node seed.js` to create default users |

| `403 - Registration requires admin token` | Provide valid `ADMIN_REGISTER_TOKEN` in the registration form |

| `429 - Too many requests` | Rate limit reached. Wait 15 minutes before retrying |

| `400 - Validation errors` | Check request body matches required field formats |



---



## ๐Ÿ“ Changelog



### v1.2.0 (2026-02-16) โ€” Security Hardening & Input Validation

- **๐Ÿ”’ Security**

    - Implemented admin token authentication gate for user registration (`x-admin-token` header)

    - Added `express-rate-limit` for login (10 req/15 min) and registration (5 req/15 min)  

    - Created comprehensive input validation with `express-validator` for all API endpoints

- **โœจ Features**  

    - Environment-based API URL configuration with `VITE_API_URL`

    - Centralized API config module at `client/src/config/api.js`

    - Admin Token field added to the registration UI form

- **๐Ÿ”ง Middleware**

    - New: `rateLimiter.js` โ€” Rate limiting middleware for auth routes

    - New: `validators.js` โ€” Schema validation for auth, patients, appointments, billing

    - New: `handleValidation.js` โ€” Unified validation error response handler

- **๐Ÿ“ Configuration**

    - Added `ADMIN_REGISTER_TOKEN` to server environment variables

    - Added `VITE_API_URL` to client environment variables



---



### v1.1.0 (2026-01-30) โ€” Database Integration & Full UI Implementation

- **๐Ÿ—„๏ธ Database**

    - Connected MongoDB Atlas with production cluster configuration

    - Implemented 4 core collections: Users, Patients, Appointments, Invoices

    - Added seed script (`seed.js`) for default user accounts

- **๐Ÿ“ธ Documentation**

    - Captured frontend UI screenshots (Login, Dashboard, Appointments)

    - Captured database/backend screenshots (Patient Management, Billing, Modals)

    - Documented MongoDB Atlas setup process

- **๐ŸŽจ UI Enhancements**

    - Finalized responsive design across all dashboard views

    - Implemented patient search functionality with real-time filtering

    - Enhanced billing invoice management with dynamic line items

    - Added appointment scheduling modal with doctor/patient dropdowns



---



### v1.0.1 (2026-01-12) โ€” UI/UX Modernization

- **๐Ÿ’„ Design**

    - Implemented modern dark sidebar theme (`Slate-900`) to reduce eye strain

    - Added `Teal-400` accents for active navigation states

    - Updated main content background to `Slate-50` for better contrast

- **๐Ÿ”ง Fixes**

    - Resolved UI brightness uniformity issues

    - Improved navigation link visibility and hover states

    - Reference: *User Feedback โ€” "Left side is too bright"*



---



### v1.0.0 (2026-01-05) โ€” Initial Release

- **๐ŸŽ‰ Core Features**

    - Patient management with full CRUD operations

    - Appointment scheduling system with date/time and doctor assignment

    - Billing and invoice generation with line items

    - JWT-based authentication with token management

    - Role-based access control (Admin, Doctor, Staff)

- **๐Ÿ—๏ธ Architecture**

    - React frontend with Vite build tool and hot module replacement

    - Express backend with RESTful API design

    - MongoDB database with Mongoose ODM

    - TailwindCSS + Framer Motion for responsive UI animations

- **๐Ÿ“ฆ Initial Setup**

    - Project structure, dependencies, and scripts

    - Development server with nodemon auto-restart

    - Basic README documentation



---



## โœจ Screenshots



---



## ๐Ÿค Contributing



Contributions are welcome! 



1. ๐Ÿด Fork the repository

2. ๐ŸŒฟ Create a feature branch (`git checkout -b feature/AmazingFeature`)

3. ๐Ÿ’พ Commit your changes (`git commit -m 'Add AmazingFeature'`)

4. ๐Ÿ“ค Push to the branch (`git push origin feature/AmazingFeature`)

5. ๐Ÿ”ƒ Open a Pull Request



### ๐Ÿ‘‹ Contributors

### Special thanks to all my groupmates: 

 * ####  ๐Ÿ˜Ž [Jay Arre Talosig](https://github.com/flexycode) - Machine Learning Engineer | Blockchain Developer | Bioinformatics Scientist    

 * ####  ๐Ÿ•ต๏ธ [Alexander Castilo](https://github.com/xandercastillo0305-dev) - Penetration Tester | Software Engineer | Threat Researcher

 * ####  ๐Ÿง‘โ€๐Ÿ’ป [Mark Jhoshua Taberna](https://github.com/MjTaberna) - Digital Forensics Analyst | UI Specialist | Full Stack Engineer 

 * ####  ๐Ÿง‘โ€๐Ÿ’ป [Charles Medio](https://github.com/charles41onlyy) - Machine Learning Engineer | Software Engineer

 * ####  ๐Ÿ•ต๏ธ [Tristan Jhay Salamat](https://github.com/tristanjhay) - Full Stack Engineer | Forensics Analyst | QA Engineer



 * ####  ๐Ÿ•ต๏ธโ€โ™€๏ธ [Rinoah Venedict Dela Rama](https://github.com/Noah-dev2217) - Forensic Analyst | QA Engineer | Data Engineer 

 * ####  ๐Ÿฅท [Nicko Nehcterg Dalida](https://github.com/nicknicndin) - Digital Forensics Analyst | QA Engineer | Smart Contract Auditor

---



## ๐Ÿ“„ License



This project is licensed under the **[MIT License](LICENSE)**.



> The MIT License is a permissive license that is short and to the point. It lets people do anything they want with your code as long as they provide attribution back to you and don't hold you liable.



**Permissions**: โœ… Commercial use, โœ… Modification, โœ… Distribution, โœ… Private use

**Limitations**: โŒ Liability, โŒ Warranty



#### Git Commit Message: ๐Ÿฅ Healthcare Management System

---





  Made with โค๏ธ by flexycode




---



mystreak















mystreak