BACK_TO_PORTFOLIO
// SYS.ID: 003
FULL-STACK

DOCTOR
APPOINTMENT SYS_

A production-ready MERN stack platform enabling patients to book appointments and doctors to manage their schedules, secured with JWT authentication and role-based access control.

VIEW_ON_GITHUB
3
User Roles
JWT
Auth
MERN
Stack
REST
API
// OVERVIEW

This platform was designed to solve the inefficiency of manual appointment booking in healthcare settings. It provides separate, fully functional portals for patients, doctors, and admins — each with a tailored dashboard and permission set.

The backend exposes a RESTful Node.js + Express API, secured with JWT tokens (access + refresh token strategy) stored in HTTP-only cookies. MongoDB is used for flexible document storage, with Mongoose schemas enforcing data integrity.

// TECH_STACK
Frontend
  • → React.js (SPA)
  • → React Router v6
  • → Context API
  • → Axios for HTTP
  • → Tailwind CSS
Backend
  • → Node.js + Express.js
  • → JWT (RS256 signed)
  • → Bcrypt password hashing
  • → Role-based middleware
  • → Express-validator
Database
  • → MongoDB Atlas
  • → Mongoose ODM
  • → Appointment model
  • → User / Doctor models
  • → Indexed queries
// APPOINTMENT_LIFECYCLE
PENDING — Patient submits booking request
CONFIRMED — Doctor accepts the appointment slot
COMPLETED — Doctor marks consultation as done
CANCELLED — Either party cancels (reason logged)
// CHALLENGES & SOLUTIONS
01.
Role Isolation — Ensuring doctors cannot see other doctors' patients, and patients cannot access admin routes. Solved with granular middleware guards on every protected endpoint.
02.
Slot Double-Booking — Race condition when two patients book the same slot simultaneously. Used MongoDB transactions with optimistic locking on slot documents.
03.
Session Security — Storing JWTs in localStorage is vulnerable to XSS. Migrated to HTTP-only cookies with SameSite=Strict and CSRF token validation.
MERN Stack JWT MongoDB React.js Node.js Express.js REST API RBAC