An open API service indexing awesome lists of open source software.

https://github.com/olubusade/emr-suite-backend

Production-ready backend for wiCare EMR demo built with Node.js, Express, Sequelize & PostgreSQL. Features JWT auth, RBAC, audit logging, Docker, and Jest tests. Secure, scalable, and cloud-ready to support multi-role workflows (Admin, Doctor, Nurse, Pharmacist, Biller, Lab Tech, Receptionist).
https://github.com/olubusade/emr-suite-backend

backend cicd docker emr express healthcare jwt nodejs postgresql rbac sequelize

Last synced: 3 months ago
JSON representation

Production-ready backend for wiCare EMR demo built with Node.js, Express, Sequelize & PostgreSQL. Features JWT auth, RBAC, audit logging, Docker, and Jest tests. Secure, scalable, and cloud-ready to support multi-role workflows (Admin, Doctor, Nurse, Pharmacist, Biller, Lab Tech, Receptionist).

Awesome Lists containing this project

README

          

# ๐Ÿฅ EMR-Suite Backend

**Production-Grade Electronic Medical Records (EMR) Backend (Demo)**

![Node.js](https://img.shields.io/badge/Node.js-20.x-green?style=flat-square)
![PostgreSQL](https://img.shields.io/badge/PostgreSQL-15-blue?style=flat-square)
![Sequelize](https://img.shields.io/badge/ORM-Sequelize-lightblue?style=flat-square)
![Jest](https://img.shields.io/badge/Testing-Jest-orange?style=flat-square)
![Docker](https://img.shields.io/badge/Docker-Ready-blue?style=flat-square)
![RBAC](https://img.shields.io/badge/Security-RBAC-red?style=flat-square)

---

## ๐Ÿ“Œ Overview

**EMR-Suite Backend** is a **production-grade Node.js backend** designed to power a modern **Electronic Medical Records (EMR)** platform.

> โš ๏ธ **Recruiter / Reviewer Note**
> This repository is a **backend demo extracted from a real EMR system** (wiCare EMR).
> It intentionally focuses on **architecture, security, scalability, and healthcare workflows**, not UI polish.
> The frontend (Angular + Ionic) lives in a separate repository.

This project demonstrates how I design **secure, auditable, role-aware APIs** suitable for **regulated healthcare environments**.

---

## ๐ŸŽฏ What This Project Demonstrates

โœ” Clean backend architecture
โœ” Secure authentication & authorization
โœ” Real-world healthcare workflows
โœ” Auditability & compliance thinking
โœ” Production readiness (Docker, CI, tests, monitoring)

This is **not** a CRUD demo โ€” it is a **system-level backend**.

---

## ๐Ÿง  Core Architectural Principles

* **Security-first design** (JWT, RBAC, rate limits)
* **Explicit role & permission modeling**
* **Auditability for healthcare compliance**
* **Separation of concerns** (controllers, services, middleware)
* **Observable & testable** by default
* **Container-ready** for modern deployments

---

## ๐Ÿ” Authentication & Security

### Authentication

* JWT **access & refresh tokens**
* Token expiration & revocation
* Secure password hashing
* Password change enforcement

### Security Hardening

* Rate limiting (global + route-level)
* Helmet security headers
* CORS configuration
* Centralized request logging

---

## ๐Ÿงฉ Role-Based Access Control (RBAC)

RBAC is **first-class**, not an afterthought.

### Roles

* `super_admin`
* `admin`
* `doctor`
* `nurse`
* `receptionist`
* `patient`

### Permission Model

* Fine-grained permissions (e.g. `appointment.create`, `vital.update`)
* Many-to-many relationships:

* `Users โ†” Roles`
* `Roles โ†” Permissions`
* Centralized `authorize()` middleware

```ts
router.post(
'/',
authRequired,
authorize(PERMISSIONS.CLINICALNOTE_CREATE),
clinicalController.create
);
```

โœ” Easily extensible
โœ” Prevents role leakage
โœ” Matches enterprise RBAC standards

---

## ๐Ÿฅ Domain Modules

Each module mirrors **real hospital workflows**:

### ๐Ÿง Patients

* Registration & demographic management
* Medical identifiers
* Emergency contacts

### ๐Ÿ“… Appointments

* Reception-driven scheduling
* Status lifecycle (today / past / upcoming)
* Role-aware visibility

### ๐Ÿฉบ Clinical Notes

* Doctor-only creation
* Immutable historical records
* Full audit trail

### ๐Ÿ’‰ Vitals

* Nurse-driven vitals capture
* Time-series friendly design

### ๐Ÿ’ณ Billing

* Paid vs pending bills
* Financial audit readiness

---

## ๐Ÿงพ Audit Logging

Every sensitive action is recorded.

**Audit captures:**

* Actor (who performed the action)
* Entity affected
* Action type
* Before & after state
* Timestamp

This is critical for:

* Healthcare compliance
* Internal investigations
* Debugging production incidents

---

## ๐Ÿ“Š Monitoring & Observability

* **Prometheus metrics** exposed at `/metrics`
* Tracks:

* Request count
* Latency
* Error rates
* Route-level performance

Ready for **Grafana integration**.

---

## ๐Ÿ“ System Architecture

```mermaid
flowchart TD
A[Client / Frontend] --> B[Express Middleware]
B -->|JWT Auth| C[Controllers]
B -->|RBAC Check| C
B -->|Audit Logging| C
C --> D[Service Layer]
D --> E[Sequelize ORM]
E --> F[(PostgreSQL)]
B --> G[Prometheus Metrics]

style A fill:#f9f
style B fill:#bbf
style C fill:#bfb
style D fill:#ffb
style E fill:#fbf
style F fill:#fbb
style G fill:#ccc
```

---
๐Ÿš€ Deployment
Zero-Cost Demo (Render)
For demo purposes, this backend is configured for Render.

Connect this GitHub repo to Render.

Add DATABASE_URL and JWT_SECRET to environment variables.

The render.yaml (Blueprint) will automatically provision the Web Service and Database.

## ๐Ÿ“ Project Structure

```bash
emr-suite-backend/
โ”œโ”€โ”€ src/
โ”‚ โ”œโ”€โ”€ config/ # env, db, jwt, swagger
โ”‚ โ”œโ”€โ”€ constants/ # roles, permissions, enums
โ”‚ โ”œโ”€โ”€ controllers/ # HTTP layer
โ”‚ โ”œโ”€โ”€ middlewares/ # auth, RBAC, audit, rateLimit
โ”‚ โ”œโ”€โ”€ models/ # Sequelize models
โ”‚ โ”œโ”€โ”€ routes/ # API definitions
โ”‚ โ”œโ”€โ”€ seed/ # roles, users, permissions
โ”‚ โ”œโ”€โ”€ services/ # SQL logic
โ”‚ โ”œโ”€โ”€ utils/ # logger, validators
โ”‚ โ”œโ”€โ”€ app.js
โ”‚ โ””โ”€โ”€ server.js
โ”œโ”€โ”€ tests/ # Jest + Supertest
โ”œโ”€โ”€ docker/ # Docker & compose configs
โ”œโ”€โ”€ .env.* # Environment configs
โ””โ”€โ”€ README.md
```

---

## ๐Ÿ“š API Documentation

* **Swagger UI:**
๐Ÿ‘‰ `http://localhost:5000/api-docs`

Includes:

* Request/response schemas
* Auth requirements
* RBAC notes per endpoint

---

## ๐Ÿงช Testing Strategy

* **Jest + Supertest**
* Covers:

* Appointments
* Clinical Notes
* Vitals
* RBAC enforcement
* Includes negative cases (permission denied, invalid input)

```bash
npm test
npm run test:watch
```

---

## ๐Ÿš€ Local Development

### Prerequisites

* Node.js โ‰ฅ 20
* PostgreSQL โ‰ฅ 15
* npm โ‰ฅ 9

```bash
git clone https://github.com/olubusade/emr-suite-backend.git
cd emr-suite-backend
npm install
cp .env.local.dev .env
npm run migrate
npm run seed
npm run dev
```

Server: `http://localhost:5000`

---

## ๐Ÿณ Docker Support

### Development

```bash
npm run docker:up:dev
npm run docker:seed:dev
```

### Production

```bash
npm run docker:up:prod
npm run docker:seed:prod
```

Multi-stage builds ensure:

* Small image size
* Faster deployments
* Production-only dependencies

---

## ๐Ÿ” CI/CD (GitHub Actions)

* Runs on every **push & PR**
* Pipeline:

1. Spin up PostgreSQL
2. Run migrations & seeds
3. Execute Jest test suite

โœ” Prevents broken deployments
โœ” Enforces discipline

---

## ๐Ÿ‘ค About the Author

**Busade Adedayo**
Senior Software Engineer (Healthcare Systems)

* 5+ years building production EMR systems
* Strong focus on backend architecture & security
* Experience with real hospital workflows
* Passionate about scalable, maintainable systems

---

## ๐Ÿ“œ License

MIT ยฉ 2025 โ€” Busade Adedayo

---