Secure, minimal role-based auth with three dashboards (patient/doctor/officer), Tailwind UI, and SQLite persistence.
- Security: bcrypt, sessions (SQLite store), CSRF, Helmet (with CSP), rate limiting, input validation (Zod)
- Views: EJS-driven pages, Tailwind-based dashboard (white/blue), fixed sidebar
- Roles: patient, doctor, officer; protected dashboards with role guards
- Patient: live vitals/telemetry, organ cards, appointments (create/delay/cancel), organ orders list
- Doctor: list of assigned patients (patients link to doctors via
users.assigned_doctor_id) - Signup: patient signup with optional doctor selection; login page branded “Biomorph”
- Node.js 20.x recommended (package.json engines >=20)
- npm
If you’re on a different Node version and see native module errors (better-sqlite3), switch to Node 20 or rebuild modules (see Troubleshooting).
-
Install dependencies
-
Create env
- Copy
.env.exampleto.envand customize values (especially SESSION_SECRET).
- Build CSS
- Tailwind is compiled locally into
public/styles.css.
- Run DB migrations and seed data
- Creates/updates tables and inserts sample users/data.
- Start the server
- Dev mode starts the Express server.
- Build CSS: runs Tailwind build
- npm: migrate: runs DB migrations
- npm: seed: seeds the database
- npm: dev: starts the server in dev mode (background)
- patient@ex.com / patientpass (role: patient)
- doctor@ex.com / doctorpass (role: doctor)
- officer@ex.com / officerpass (role: officer)
- npm run migrate
- npm run seed
- npm run build:css
- npm run dev
- npm start (production)
- users: id, name, email, role, password_hash, assigned_doctor_id
- organs: patient organ data (+ image/details)
- organ_orders: orders with status and timestamps
- appointments: scheduled appointments with doctor link
- better-sqlite3 binary mismatch
- Symptom: ERR_DLOPEN_FAILED mentioning NODE_MODULE_VERSION mismatch
- Fix A (recommended): use Node 20
- With nvm:
nvm install 20 && nvm use 20 - Then run:
npm install
- With nvm:
- Fix B: rebuild native module for your current Node
npm rebuild better-sqlite3
- CSP blocks inline scripts
- All scripts are served from
/publicand whitelisted via Helmet. Avoid adding inline JS.
- All scripts are served from
Copy .env.example to .env and set SESSION_SECRET. PORT defaults to 3000.