Git Product home page Git Product logo

tempus-cc-api's Introduction

tempus-cc-api

Design and Technical Decisions

Data modeling

Patient and Doctor extends from User Data model which possibly will have common columns such as username, password, email, phone number, created_at...

We also need many to many relationship in order to store doctors' patients or vice versa.

Since email, phone number and address are sensitive data and health care companies require HIPAA compliance, it is always good idea to encrypt these columns too along with encrypting entire DB (we can use AWS KMS for symmetric data encryption). This will provide us a solid enyrpyion at rest for HIPAA compliance. I skipped the encryption for now in order to save time.

Password hashing

I choosed bcrypt (with salt) in order to hash the password and validate the password for many safety reasons (Dictionary, Brute Force Attacks...). Great articles to read about bcrypt: https://auth0.com/blog/hashing-in-action-understanding-bcrypt/ https://codahale.com/how-to-safely-store-a-password/

We can also use rate limitter on sing-in endpoint (Ex: max 10 request per minute) to prevent and slow down attacks.

Authentication

I choosed signed JWT authentication for stateless sessions. I also choosed to store the token on localStorage. There are pros and cons storing in LocalStorage (XSS attacks: prevented by using frontend sanitization (Angular, Vue, React already does this.)) vs Cookie with httpOnly flag enabled (CSRF attacks). There are many great articles about JWT pros and cons and its safety.

https://dzone.com/articles/cookies-vs-tokens-the-definitive-guide

https://auth0.com/blog/stateless-auth-for-stateful-minds/

TODO

All of the backend req and res validations are missing. We cloud use swagger and automate many of these validations and have custom validations for email, phone number, zipcode... both at frontend and backend.

Dev Environment Setup

install homebrew on your Mac (https://brew.sh)

brew install [email protected]

Create database

psql --u postgres
create database tempus;

install dependencies

yarn

run migrations

node_modules/.bin/sequelize db:migrate

run application

yarn dev

run seeds

POST -> /users/seed

curl -X POST \
  http://localhost:3000/users/seed

Sample Users

Patients:

usernames: ayged_patient, ayged_patient2, ayged_patient3, ayged_patient4, ayged_patient5, ayged_patient6
password: tempus

Doctors:

username: ayged_doctor1, ayged_doctor2
password: tempus

tempus-cc-api's People

Contributors

aykutgk avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.