Production-oriented Node.js backend for a Hospital Management System (HMS), built with structured role-based access control and real operational workflows in mind.
This repository contains only the backend API layer built using Express and MongoDB.
The system supports:
- Authentication with JWT
- Role-Based Access Control (RBAC)
- Doctor, Patient, Appointment management
- Billing and Payment lifecycle
- Admin analytics dashboard
- Role-based reporting
- Docker-based deployment
The architecture follows a layered approach:
Routes → Controllers → Services → Models → MongoDB
The system supports the following roles:
- Admin (Superuser)
- Doctor
- Receptionist
- Billing Staff
Access control is enforced at middleware level.
Detailed RBAC specification is available in:
RBAC_SPEC.md
- Authentication
- User Management
- Doctors
- Patients
- Departments
- Appointments (with conflict prevention)
- Billing (pending → paid lifecycle)
- Payments
- Admin Dashboard
- Reports
- Node.js
- Express
- MongoDB (Mongoose)
- JWT Authentication
- express-validator
- Razorpay integration
- Docker & Docker Compose
src/
├── config/
├── controllers/
├── services/
├── routes/
├── models/
├── middleware/
├── utils/
└── app.js
- JWT-based authentication
- Bearer token authorization
- Role enforcement middleware
- Double-booking prevention
- Status lifecycle enforcement
- Amount tracking
- Payment status (pending / paid)
- Revenue aggregation
- Financial reporting
Provides:
- Total doctors
- Total patients
- Total appointments
- Total revenue
- Pending revenue
- Today’s appointments
git clone https://github.com/hms-int/hms-backend-node.git
cd hms-backend-node
npm install
cp .env.example .env
node server.jsServer runs at:
http://localhost:5000
docker compose up --buildThis starts:
- Node.js backend
- MongoDB
To stop:
docker compose down- REST-based
- Stateless
- Structured response format
- Centralized error handling
- Role-based route protection
GET /health
Open-source.
Ensure compliance with medical data regulations before production deployment.