SensitiveMinds Backend 🧠

SensitiveMinds Backend is a dedicated API server created for the needs of a research project conducted by psychology students. Its purpose is to provide a secure and efficient backend infrastructure for the SensitiveMinds mobile application, enabling streamlined data collection about patients and conducted visits.

The backend was designed as a secure API for internal use among project participants. It provides comprehensive authentication, patient management, visit tracking, and data export capabilities while ensuring complete security and confidentiality of collected data.

🌟 Features

• Modern Architecture: Built with NestJS 11.0.1 and TypeScript
• Secure Authentication: JWT-based authentication with role-based access control
• Database Management: PostgreSQL with TypeORM for efficient data handling
• API Documentation: Comprehensive Swagger/OpenAPI documentation
• Patient Management: Complete patient tracking and management system
• Visit Management: Therapeutic visit management with exercise tracking
• Role-Based Access: Manager and Researcher role system
• Data Export: Secure data export functionality
• Center Grouping: Organization of patients by therapeutic centers

🛠️ Tech Stack

• Framework: NestJS 11.0.1
• Language: TypeScript 5.7.3
• Database: PostgreSQL 8.13.3 with TypeORM 0.3.21
• Authentication: JWT 9.0.2, Passport, bcrypt 5.1.1
• API Documentation: Swagger/OpenAPI 11.0.6
• Validation: class-validator 0.14.1
• Testing: Jest 29.7.0, Supertest 7.0.0
• Linting: ESLint 9.18.0 with TypeScript support
• Formatting: Prettier 3.4.2
• Development: NestJS CLI 11.0.0

📁 Project Structure

├── src/                    # Source code
│   ├── auth/              # Authentication module
│   │   ├── auth.controller.ts    # Auth endpoints
│   │   ├── auth.service.ts       # Auth business logic
│   │   ├── auth.module.ts        # Auth module configuration
│   │   ├── jwt-auth.guard.ts     # JWT authentication guard
│   │   └── dto/                  # Auth data transfer objects
│   ├── users/             # User management module
│   │   ├── users.controller.ts   # User endpoints
│   │   ├── users.service.ts      # User business logic
│   │   ├── users.entity.ts       # User database entity
│   │   ├── users.module.ts       # User module configuration
│   │   └── roles.guard.ts        # Role-based access guard
│   ├── patients/          # Patient management module
│   │   ├── patients.controller.ts # Patient endpoints
│   │   ├── patients.service.ts    # Patient business logic
│   │   ├── patients.entity.ts     # Patient database entity
│   │   ├── center.entity.ts       # Center database entity
│   │   ├── patients.module.ts     # Patient module configuration
│   │   └── dto/                   # Patient data transfer objects
│   ├── visits/            # Visit management module
│   │   ├── visit.controller.ts    # Visit endpoints
│   │   ├── visit.service.ts       # Visit business logic
│   │   ├── visits.entity.ts       # Visit database entity
│   │   ├── visit.module.ts        # Visit module configuration
│   │   └── dto/                   # Visit data transfer objects
│   ├── center/            # Center management module
│   │   ├── center.controller.ts   # Center endpoints
│   │   ├── center.service.ts      # Center business logic
│   │   └── center.module.ts       # Center module configuration
│   ├── export/            # Data export functionality
│   ├── app.module.ts      # Main application module
│   ├── main.ts           # Application entry point
│   ├── app.controller.ts  # Main application controller
│   └── app.service.ts     # Main application service
├── test/                  # Test files
├── dist/                  # Compiled JavaScript output
├── package.json           # Dependencies and scripts
├── tsconfig.json          # TypeScript configuration
├── nest-cli.json          # NestJS CLI configuration
└── .env                   # Environment variables (not in repo)

🚀 Getting Started

Prerequisites

• Node.js >= 18
• PostgreSQL >= 12
• npm or yarn package manager

Installation

1. Clone the repository

   git clone <repository-url>
   cd sensitive-minds-backend

2. Install dependencies

   npm install

3. Set up environment variables

   Create a .env file in the root directory with the following variables:

   # JWT Configuration
   JWT_SECRET=your-super-secret-jwt-key-here
   
   # Database Configuration
   PGHOST=localhost
   PGPORT=5432
   PGUSER=your-database-user
   PGPASSWORD=your-database-password
   PGDATABASE=sensitive_minds
   
   # Application Configuration
   PORT=3000
   EXPORT_ALL_PASSWORD=your-export-password

   ⚠️ IMPORTANT: Never commit the .env file to the repository - it contains sensitive data!

4. Set up the database

   Create a PostgreSQL database and update the connection details in your .env file.

🔧 Configuration

Environment Variables

The application uses the following environment variables:

• JWT_SECRET: Secret key for JWT token signing
• PGHOST: PostgreSQL host address
• PGPORT: PostgreSQL port (default: 5432)
• PGUSER: PostgreSQL username
• PGPASSWORD: PostgreSQL password
• PGDATABASE: PostgreSQL database name
• PORT: Application port (default: 3000)
• EXPORT_ALL_PASSWORD: Password for data export functionality

Database Configuration

The application uses TypeORM with PostgreSQL. The database connection is configured in src/app.module.ts:

TypeOrmModule.forRoot({
  type: 'postgres',
  host: process.env.PGHOST,
  port: parseInt(process.env.PGPORT, 10) || 5432,
  username: process.env.PGUSER,
  password: process.env.PGPASSWORD,
  database: process.env.PGDATABASE,
  entities: [__dirname + '/**/*.entity{.ts,.js}'],
  synchronize: true, // Use migrations in production
});

📝 Available Scripts

• npm run start - Start the application in production mode
• npm run start:dev - Start the application in development mode with hot reload
• npm run start:debug - Start the application in debug mode
• npm run build - Build the application for production
• npm run test - Run unit tests
• npm run test:e2e - Run end-to-end tests
• npm run test:cov - Run tests with coverage report
• npm run lint - Run ESLint for code quality
• npm run format - Format code with Prettier

🔌 API Endpoints

The API provides the following main endpoints:

Authentication

• POST /auth/login - User login
• POST /auth/register - User registration (admin only)

Users

• GET /users - Get all users (admin only)
• GET /users/:id - Get user by ID
• PUT /users/:id - Update user
• DELETE /users/:id - Delete user

Patients

• GET /patients - Get all patients
• GET /patients/:id - Get patient by ID
• POST /patients - Create new patient
• PUT /patients/:id - Update patient
• DELETE /patients/:id - Delete patient

Visits

• GET /visits - Get all visits
• GET /visits/:id - Get visit by ID
• POST /visits - Create new visit
• PUT /visits/:id - Update visit
• DELETE /visits/:id - Delete visit

Centers

• GET /centers - Get all centers

📊 Data Models

User Entity

• id: Unique identifier
• fullName: User's full name
• username: Unique username
• password: Hashed password
• role: User role (MANAGER or RESEARCHER)
• patients: Associated patients
• researchers: Associated researchers (for managers)
• manager: Associated manager (for researchers)

Patient Entity

• id: Unique identifier
• name: Patient name
• age: Patient age
• bedNumber: Bed number
• gender: Patient gender
• center: Associated therapeutic center
• roomNumber: Room number
• user: Associated researcher
• visits: Patient's visits

Visit Entity

• id: Unique identifier
• date: Visit date
• consentGiven: Consent status
• exercises: Exercise completion data
  • pastMemory: Memory exercise completion
  • arithmetic: Arithmetic exercise data
  • reading: Reading exercise completion
  • stroopTest: Stroop test data
• notes: Visit notes
• patient: Associated patient
• createdBy: User who created the visit

🔒 Security Features

• JWT Authentication: Secure token-based authentication
• Password Hashing: bcrypt for password security
• Role-Based Access Control: Manager and Researcher roles
• Input Validation: Comprehensive data validation
• SQL Injection Protection: TypeORM parameterized queries
• Environment Variable Protection: Sensitive data isolation

📚 API Documentation

The API documentation is automatically generated using Swagger/OpenAPI and is available at:

http://localhost:3000/api

The documentation includes:

• All available endpoints
• Request/response schemas
• Authentication requirements
• Interactive testing interface

🧪 Testing

The project includes comprehensive testing setup:

# Run unit tests
npm run test

# Run tests in watch mode
npm run test:watch

# Run tests with coverage
npm run test:cov

# Run end-to-end tests
npm run test:e2e

🚀 Deployment

Production Deployment

1. Build the application

   npm run build

2. Set up production environment variables

3. Configure database migrations (recommended for production)

4. Deploy using your preferred method:

   • Docker containers
   • Cloud platforms (AWS, Google Cloud, Azure)
   • Traditional servers

Docker Deployment

FROM node:18-alpine

WORKDIR /app

COPY package*.json ./
RUN npm ci --only=production

COPY dist ./dist

EXPOSE 3000

CMD ["node", "dist/main"]

🔧 Development

Code Quality

The project uses ESLint and Prettier for code quality and formatting:

# Check for linting errors
npm run lint

# Format code
npm run format

Database Migrations

For production environments, it's recommended to use TypeORM migrations instead of synchronize: true:

# Generate migration
npm run typeorm migration:generate -- -n MigrationName

# Run migrations
npm run typeorm migration:run

📄 License

This project is private and proprietary. All rights reserved.

📞 Contact

SensitiveMinds Backend

• Author: Daniel Śledź
• Frontend Repository: SensitiveMinds
• Backend Repository: SensitiveMinds Backend

---

Built with ❤️ for efficient therapy management

Secure backend solutions for modern healthcare