create-steve-rogers 1.0.0

package/apps/HMSR/backend/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "hms-backend",
+  "version": "1.0.0",
+  "description": "King Faisal Hospital Rwanda - Appointment & Medical Report API",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js",
+    "dev": "node --watch server.js",
+    "seed": "node database/seed.js"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "cors": "^2.8.5",
+    "dotenv": "^16.4.5",
+    "express": "^4.21.0",
+    "jsonwebtoken": "^9.0.2",
+    "mysql2": "^3.11.0"
+  }
+}

package/apps/HMSR/backend/routes/appointments.js

@@ -0,0 +1,157 @@
+const express = require('express');
+const pool = require('../config/db');
+const { authenticate, authorize } = require('../middleware/auth');
+
+const router = express.Router();
+
+const appointmentSelect = `
+  SELECT a.*,
+    p.full_name AS patient_name,
+    u.full_name AS doctor_name
+  FROM appointments a
+  JOIN patients p ON a.patient_id = p.id
+  JOIN users u ON a.doctor_id = u.id
+`;
+
+router.use(authenticate);
+
+router.get('/', async (req, res) => {
+  try {
+    let query = appointmentSelect;
+    const params = [];
+
+    if (req.user.role === 'doctor') {
+      query += ' WHERE a.doctor_id = ?';
+      params.push(req.user.id);
+    }
+
+    query += ' ORDER BY a.appointment_date DESC, a.appointment_time DESC';
+
+    const [appointments] = await pool.query(query, params);
+    res.json(appointments);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to fetch appointments.' });
+  }
+});
+
+router.get('/assigned', authorize('doctor'), async (req, res) => {
+  try {
+    const [appointments] = await pool.query(
+      `${appointmentSelect}
+       WHERE a.doctor_id = ? AND a.status = 'scheduled'
+       ORDER BY a.appointment_date ASC, a.appointment_time ASC`,
+      [req.user.id]
+    );
+    res.json(appointments);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to fetch assigned appointments.' });
+  }
+});
+
+router.post('/', authorize('receptionist'), async (req, res) => {
+  try {
+    const { patient_id, doctor_id, appointment_date, appointment_time, status } =
+      req.body;
+
+    if (!patient_id || !doctor_id || !appointment_date || !appointment_time) {
+      return res.status(400).json({ message: 'Required appointment fields missing.' });
+    }
+
+    const [result] = await pool.query(
+      `INSERT INTO appointments (patient_id, doctor_id, appointment_date, appointment_time, status)
+       VALUES (?, ?, ?, ?, ?)`,
+      [
+        patient_id,
+        doctor_id,
+        appointment_date,
+        appointment_time,
+        status || 'scheduled',
+      ]
+    );
+
+    const [appointment] = await pool.query(
+      `${appointmentSelect} WHERE a.id = ?`,
+      [result.insertId]
+    );
+    res.status(201).json(appointment[0]);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to create appointment.' });
+  }
+});
+
+router.put('/:id', authorize('receptionist'), async (req, res) => {
+  try {
+    const { patient_id, doctor_id, appointment_date, appointment_time, status } =
+      req.body;
+
+    const [existing] = await pool.query('SELECT id FROM appointments WHERE id = ?', [
+      req.params.id,
+    ]);
+    if (existing.length === 0) {
+      return res.status(404).json({ message: 'Appointment not found.' });
+    }
+
+    await pool.query(
+      `UPDATE appointments SET patient_id = ?, doctor_id = ?, appointment_date = ?,
+       appointment_time = ?, status = ? WHERE id = ?`,
+      [
+        patient_id,
+        doctor_id,
+        appointment_date,
+        appointment_time,
+        status,
+        req.params.id,
+      ]
+    );
+
+    const [appointment] = await pool.query(
+      `${appointmentSelect} WHERE a.id = ?`,
+      [req.params.id]
+    );
+    res.json(appointment[0]);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to update appointment.' });
+  }
+});
+
+router.patch('/:id/cancel', authorize('receptionist'), async (req, res) => {
+  try {
+    const [result] = await pool.query(
+      "UPDATE appointments SET status = 'cancelled' WHERE id = ?",
+      [req.params.id]
+    );
+    if (result.affectedRows === 0) {
+      return res.status(404).json({ message: 'Appointment not found.' });
+    }
+
+    const [appointment] = await pool.query(
+      `${appointmentSelect} WHERE a.id = ?`,
+      [req.params.id]
+    );
+    res.json(appointment[0]);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to cancel appointment.' });
+  }
+});
+
+router.delete('/:id', authorize('receptionist'), async (req, res) => {
+  try {
+    const [result] = await pool.query('DELETE FROM appointments WHERE id = ?', [
+      req.params.id,
+    ]);
+    if (result.affectedRows === 0) {
+      return res.status(404).json({ message: 'Appointment not found.' });
+    }
+    res.json({ message: 'Appointment deleted successfully.' });
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to delete appointment.' });
+  }
+});
+
+module.exports = router;

package/apps/HMSR/backend/routes/auth.js

@@ -0,0 +1,115 @@
+const express = require('express');
+const bcrypt = require('bcryptjs');
+const jwt = require('jsonwebtoken');
+const pool = require('../config/db');
+const { authenticate } = require('../middleware/auth');
+
+const router = express.Router();
+
+router.post('/register', async (req, res) => {
+  try {
+    const { full_name, email, password, role } = req.body;
+
+    if (!full_name || !email || !password || !role) {
+      return res.status(400).json({ message: 'All fields are required.' });
+    }
+
+    if (!['receptionist', 'doctor'].includes(role)) {
+      return res.status(400).json({ message: 'Role must be receptionist or doctor.' });
+    }
+
+    const [existing] = await pool.query('SELECT id FROM users WHERE email = ?', [email]);
+    if (existing.length > 0) {
+      return res.status(400).json({ message: 'Email already registered.' });
+    }
+
+    const hashed = await bcrypt.hash(password, 10);
+    const [result] = await pool.query(
+      'INSERT INTO users (full_name, email, password, role) VALUES (?, ?, ?, ?)',
+      [full_name, email, hashed, role]
+    );
+
+    res.status(201).json({
+      message: 'Registration successful.',
+      user: { id: result.insertId, full_name, email, role },
+    });
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Server error during registration.' });
+  }
+});
+
+router.post('/login', async (req, res) => {
+  try {
+    const { email, password } = req.body;
+
+    if (!email || !password) {
+      return res.status(400).json({ message: 'Email and password are required.' });
+    }
+
+    const [users] = await pool.query(
+      'SELECT id, full_name, email, password, role FROM users WHERE email = ?',
+      [email]
+    );
+
+    if (users.length === 0) {
+      return res.status(401).json({ message: 'Invalid email or password.' });
+    }
+
+    const user = users[0];
+    const valid = await bcrypt.compare(password, user.password);
+    if (!valid) {
+      return res.status(401).json({ message: 'Invalid email or password.' });
+    }
+
+    const token = jwt.sign(
+      { id: user.id, email: user.email, role: user.role, full_name: user.full_name },
+      process.env.JWT_SECRET,
+      { expiresIn: '24h' }
+    );
+
+    res.json({
+      message: 'Login successful.',
+      token,
+      user: {
+        id: user.id,
+        full_name: user.full_name,
+        email: user.email,
+        role: user.role,
+      },
+    });
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Server error during login.' });
+  }
+});
+
+router.get('/me', authenticate, async (req, res) => {
+  try {
+    const [users] = await pool.query(
+      'SELECT id, full_name, email, role FROM users WHERE id = ?',
+      [req.user.id]
+    );
+    if (users.length === 0) {
+      return res.status(404).json({ message: 'User not found.' });
+    }
+    res.json(users[0]);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Server error.' });
+  }
+});
+
+router.get('/doctors', authenticate, async (req, res) => {
+  try {
+    const [doctors] = await pool.query(
+      "SELECT id, full_name, email FROM users WHERE role = 'doctor' ORDER BY full_name"
+    );
+    res.json(doctors);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Server error.' });
+  }
+});
+
+module.exports = router;

package/apps/HMSR/backend/routes/medicalReports.js

@@ -0,0 +1,126 @@
+const express = require('express');
+const pool = require('../config/db');
+const { authenticate, authorize } = require('../middleware/auth');
+
+const router = express.Router();
+
+const reportSelect = `
+  SELECT mr.*,
+    p.full_name AS patient_name,
+    u.full_name AS doctor_name
+  FROM medical_reports mr
+  JOIN patients p ON mr.patient_id = p.id
+  JOIN users u ON mr.doctor_id = u.id
+`;
+
+router.use(authenticate);
+
+router.get('/', async (req, res) => {
+  try {
+    let query = reportSelect;
+    const params = [];
+
+    if (req.user.role === 'doctor') {
+      query += ' WHERE mr.doctor_id = ?';
+      params.push(req.user.id);
+    }
+
+    query += ' ORDER BY mr.report_date DESC';
+
+    const [reports] = await pool.query(query, params);
+    res.json(reports);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to fetch medical reports.' });
+  }
+});
+
+router.post('/', authorize('doctor'), async (req, res) => {
+  try {
+    const { appointment_id, diagnosis, prescription, report_date } = req.body;
+
+    if (!appointment_id || !diagnosis || !prescription) {
+      return res.status(400).json({ message: 'Appointment, diagnosis, and prescription are required.' });
+    }
+
+    const [appointments] = await pool.query(
+      'SELECT * FROM appointments WHERE id = ? AND doctor_id = ?',
+      [appointment_id, req.user.id]
+    );
+
+    if (appointments.length === 0) {
+      return res.status(404).json({ message: 'Appointment not found or not assigned to you.' });
+    }
+
+    const appointment = appointments[0];
+
+    if (appointment.status === 'cancelled') {
+      return res.status(400).json({ message: 'Cannot create report for cancelled appointment.' });
+    }
+
+    const [existingReport] = await pool.query(
+      'SELECT id FROM medical_reports WHERE appointment_id = ?',
+      [appointment_id]
+    );
+    if (existingReport.length > 0) {
+      return res.status(400).json({ message: 'Medical report already exists for this appointment.' });
+    }
+
+    const date = report_date || new Date().toISOString().split('T')[0];
+
+    const [result] = await pool.query(
+      `INSERT INTO medical_reports (appointment_id, patient_id, doctor_id, diagnosis, prescription, report_date)
+       VALUES (?, ?, ?, ?, ?, ?)`,
+      [
+        appointment_id,
+        appointment.patient_id,
+        req.user.id,
+        diagnosis,
+        prescription,
+        date,
+      ]
+    );
+
+    await pool.query(
+      "UPDATE appointments SET status = 'completed' WHERE id = ?",
+      [appointment_id]
+    );
+
+    const [report] = await pool.query(`${reportSelect} WHERE mr.id = ?`, [
+      result.insertId,
+    ]);
+    res.status(201).json(report[0]);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to save medical report.' });
+  }
+});
+
+router.put('/:id', authorize('doctor'), async (req, res) => {
+  try {
+    const { diagnosis, prescription, report_date } = req.body;
+
+    const [existing] = await pool.query(
+      'SELECT id FROM medical_reports WHERE id = ? AND doctor_id = ?',
+      [req.params.id, req.user.id]
+    );
+    if (existing.length === 0) {
+      return res.status(404).json({ message: 'Medical report not found.' });
+    }
+
+    await pool.query(
+      'UPDATE medical_reports SET diagnosis = ?, prescription = ?, report_date = ? WHERE id = ?',
+      [diagnosis, prescription, report_date, req.params.id]
+    );
+
+    const [report] = await pool.query(`${reportSelect} WHERE mr.id = ?`, [
+      req.params.id,
+    ]);
+    res.json(report[0]);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to update medical report.' });
+  }
+});
+
+module.exports = router;

package/apps/HMSR/backend/routes/patients.js

@@ -0,0 +1,103 @@
+const express = require('express');
+const pool = require('../config/db');
+const { authenticate, authorize } = require('../middleware/auth');
+
+const router = express.Router();
+
+router.use(authenticate);
+router.use(authorize('receptionist'));
+
+router.get('/', async (req, res) => {
+  try {
+    const [patients] = await pool.query(
+      'SELECT * FROM patients ORDER BY full_name ASC'
+    );
+    res.json(patients);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to fetch patients.' });
+  }
+});
+
+router.get('/:id', async (req, res) => {
+  try {
+    const [patients] = await pool.query('SELECT * FROM patients WHERE id = ?', [
+      req.params.id,
+    ]);
+    if (patients.length === 0) {
+      return res.status(404).json({ message: 'Patient not found.' });
+    }
+    res.json(patients[0]);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to fetch patient.' });
+  }
+});
+
+router.post('/', async (req, res) => {
+  try {
+    const { full_name, gender, date_of_birth, phone_number, address } = req.body;
+
+    if (!full_name || !gender || !date_of_birth || !phone_number || !address) {
+      return res.status(400).json({ message: 'All patient fields are required.' });
+    }
+
+    const [result] = await pool.query(
+      `INSERT INTO patients (full_name, gender, date_of_birth, phone_number, address)
+       VALUES (?, ?, ?, ?, ?)`,
+      [full_name, gender, date_of_birth, phone_number, address]
+    );
+
+    const [patient] = await pool.query('SELECT * FROM patients WHERE id = ?', [
+      result.insertId,
+    ]);
+    res.status(201).json(patient[0]);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to create patient.' });
+  }
+});
+
+router.put('/:id', async (req, res) => {
+  try {
+    const { full_name, gender, date_of_birth, phone_number, address } = req.body;
+
+    const [existing] = await pool.query('SELECT id FROM patients WHERE id = ?', [
+      req.params.id,
+    ]);
+    if (existing.length === 0) {
+      return res.status(404).json({ message: 'Patient not found.' });
+    }
+
+    await pool.query(
+      `UPDATE patients SET full_name = ?, gender = ?, date_of_birth = ?,
+       phone_number = ?, address = ? WHERE id = ?`,
+      [full_name, gender, date_of_birth, phone_number, address, req.params.id]
+    );
+
+    const [patient] = await pool.query('SELECT * FROM patients WHERE id = ?', [
+      req.params.id,
+    ]);
+    res.json(patient[0]);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to update patient.' });
+  }
+});
+
+router.delete('/:id', async (req, res) => {
+  try {
+    const [result] = await pool.query('DELETE FROM patients WHERE id = ?', [
+      req.params.id,
+    ]);
+    if (result.affectedRows === 0) {
+      return res.status(404).json({ message: 'Patient not found.' });
+    }
+    res.json({ message: 'Patient deleted successfully.' });
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to delete patient.' });
+  }
+});
+
+module.exports = router;

package/apps/HMSR/backend/routes/reports.js

@@ -0,0 +1,60 @@
+const express = require('express');
+const pool = require('../config/db');
+const { authenticate } = require('../middleware/auth');
+
+const router = express.Router();
+
+router.use(authenticate);
+
+router.get('/summary', async (req, res) => {
+  try {
+    const { start_date, end_date } = req.query;
+
+    if (!start_date || !end_date) {
+      return res.status(400).json({ message: 'Start date and end date are required.' });
+    }
+
+    const [appointments] = await pool.query(
+      `SELECT a.*,
+        p.full_name AS patient_name,
+        u.full_name AS doctor_name
+       FROM appointments a
+       JOIN patients p ON a.patient_id = p.id
+       JOIN users u ON a.doctor_id = u.id
+       WHERE a.appointment_date BETWEEN ? AND ?
+       ORDER BY a.appointment_date DESC`,
+      [start_date, end_date]
+    );
+
+    const [attendedPatients] = await pool.query(
+      `SELECT DISTINCT p.id, p.full_name, p.gender, p.date_of_birth,
+        p.phone_number, p.address, mr.report_date
+       FROM medical_reports mr
+       JOIN patients p ON mr.patient_id = p.id
+       WHERE mr.report_date BETWEEN ? AND ?
+       ORDER BY p.full_name`,
+      [start_date, end_date]
+    );
+
+    const total = appointments.length;
+    const completed = appointments.filter((a) => a.status === 'completed').length;
+    const cancelled = appointments.filter((a) => a.status === 'cancelled').length;
+    const scheduled = appointments.filter((a) => a.status === 'scheduled').length;
+
+    res.json({
+      start_date,
+      end_date,
+      total_appointments: total,
+      total_completed: completed,
+      total_cancelled: cancelled,
+      total_scheduled: scheduled,
+      patients_attended: attendedPatients,
+      appointments,
+    });
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ message: 'Failed to generate report.' });
+  }
+});
+
+module.exports = router;

package/apps/HMSR/backend/server.js

@@ -0,0 +1,38 @@
+const express = require('express');
+const cors = require('cors');
+require('dotenv').config();
+
+const authRoutes = require('./routes/auth');
+const patientRoutes = require('./routes/patients');
+const appointmentRoutes = require('./routes/appointments');
+const medicalReportRoutes = require('./routes/medicalReports');
+const reportRoutes = require('./routes/reports');
+
+const app = express();
+const PORT = process.env.PORT || 5000;
+
+app.use(cors());
+app.use(express.json());
+
+app.get('/api/health', (req, res) => {
+  res.json({ status: 'ok', message: 'HMS API is running' });
+});
+
+app.use('/api/auth', authRoutes);
+app.use('/api/patients', patientRoutes);
+app.use('/api/appointments', appointmentRoutes);
+app.use('/api/medical-reports', medicalReportRoutes);
+app.use('/api/reports', reportRoutes);
+
+app.use((req, res) => {
+  res.status(404).json({ message: 'Route not found.' });
+});
+
+app.use((err, req, res, next) => {
+  console.error(err);
+  res.status(500).json({ message: 'Internal server error.' });
+});
+
+app.listen(PORT, () => {
+  console.log(`Server running on http://localhost:${PORT}`);
+});