Full-stack medical clinic management platform
Case Study
·
API Reference
·
Architecture
·
Français
MediSync is a comprehensive medical clinic management platform designed to streamline interactions between patients, doctors, secretaries, and administrators. The system centralizes appointment scheduling, medical records, document management, billing, and audit logging into a unified, secure platform.
- Multi-layer Authentication — JWT tokens, two-factor authentication (TOTP), Google OAuth 2.0, and mobile biometric login
- Role-Based Access Control — 4 distinct roles (Patient, Doctor, Secretary, Admin) with fine-grained permissions
- Medical Document Management — Secure upload, download, and storage with file validation (PDF, JPG, PNG, DICOM)
- PDF Prescription Generation — Automatic PDF generation for medical records using OpenPDF
- Push Notifications — Appointment reminders (24h and 1h before) and daily medication reminders
- Audit Logging — Comprehensive action logging for compliance and traceability
- Email Billing System — Invoice and care sheet delivery via email
- Real-time Availability — Appointment booking with doctor availability slot calculation
MediSync follows a three-tier client-server architecture with a centralized REST API. All business logic, security, and data validation are handled server-side.
flowchart LR
subgraph Clients
Mobile["Mobile App\n(React Native)"]
Web["Web App\n(Angular)"]
end
subgraph Backend
API["REST API\n(Spring Boot)"]
Security["JWT + 2FA\nSecurity Layer"]
end
subgraph Data
DB[(MySQL)]
Files["Document\nStorage"]
Mail["Email\nService"]
end
Mobile -->|HTTPS + JWT| Security
Web -->|HTTPS + JWT| Security
Security --> API
API --> DB
API --> Files
API --> Mail
For detailed diagrams (authentication flow, data model, upload/download sequences), see the Architecture Documentation.
| Layer | Technology | Version |
|---|---|---|
| Backend | Spring Boot | 3.3.6 |
| Language | Java | 17 |
| Database | MySQL | 8.0+ |
| ORM | Hibernate / Spring Data JPA | 6.x |
| Security | Spring Security + JWT (jjwt) | 0.12.6 |
| 2FA | TOTP (dev.samstevens.totp) | — |
| OpenPDF | 1.3.30 | |
| Web Frontend | Angular | 21 |
| UI Components | Angular Material | 21.x |
| Charts | Chart.js + ng2-charts | 4.5 |
| Mobile App | React Native (Expo) | SDK 56 |
| Mobile UI | React Native Paper | 5.15 |
| Navigation | React Navigation | 7.x |
| HTTP Client | Axios | 1.16 |
- Login with email/password, Google OAuth, or biometric authentication
- Book appointments with a 3-step wizard (doctor > date/time > details)
- View and cancel appointments
- Access medical records and download prescription PDFs
- Upload and manage personal medical documents
- Set daily medication reminders with push notifications
- Submit post-appointment feedback and ratings
- View daily schedule and upcoming consultations
- Access patient medical history
- Create medical records with diagnosis and prescriptions
- Generate downloadable prescription PDFs
- Manage appointment scheduling for all patients
- Confirm, reschedule, or cancel appointments
- Generate and send invoices and care sheets via email
- Dashboard with statistics and analytics (Chart.js)
- User management (CRUD operations for all roles)
- Audit log viewer for compliance monitoring
- Two-factor authentication management
- Establishment and financial management
| Login | Establishment Management | Staff Management |
|---|---|---|
![]() |
![]() |
![]() |
| Doctor Planning | Doctor Consultations |
|---|---|
![]() |
![]() |
| Patient Dashboard |
|---|
![]() |
| Tool | Version |
|---|---|
| Java JDK | 17+ |
| Maven | 3.8+ |
| Node.js | 18+ |
| npm | 9+ |
| MySQL | 8.0+ |
| Expo CLI | Latest |
git clone https://github.com/EZ-web998/medisync.git
cd medisynccp .env.example .env
# Edit .env with your MySQL credentials, JWT secret, and Google Client IDcd backend
# Set Spring profile for seed data
export SPRING_PROFILES_ACTIVE=dev # Linux/Mac
set SPRING_PROFILES_ACTIVE=dev # Windows
./mvnw spring-boot:run
# API available at http://localhost:8080/apicd frontend
npm install
npm start
# App available at http://localhost:4200cd mobile
npm install
npx expo start
# Scan QR code with Expo Go or press 'a' for Android emulator| Role | Password | |
|---|---|---|
| Admin | admin@medisync.local | Admin@1234 |
| Doctor | doctor@medisync.local | Doctor@1234 |
| Patient | patient@medisync.local | Patient@1234 |
| Module | Endpoints | Auth | Description |
|---|---|---|---|
| Auth | POST /api/auth/login, register, google |
Public | Authentication & registration |
| 2FA | POST /api/auth/2fa/* |
Bearer | Two-factor authentication setup |
| Doctors | GET /api/doctors |
Public | Doctor search & listing |
| Appointments | CRUD /api/appointments/* |
Bearer | Scheduling & availability |
| Medical Records | GET/POST /api/medical-records/* |
Bearer | Patient medical history |
| Documents | CRUD /api/documents/* |
Bearer (Patient) | Document upload & storage |
| Admin | CRUD /api/admin/* |
Bearer (Admin) | User & system management |
| Billing | POST /api/billing/* |
Bearer (Secretary) | Invoice & care sheet emails |
| Audit | GET /api/admin/audit |
Bearer (Admin) | Action logs |
Full endpoint details: API Reference
medisync/
├── backend/ # Spring Boot REST API
│ ├── src/main/java/com/medisync/
│ │ ├── auth/ # Authentication & registration
│ │ ├── security/ # JWT filter, Spring Security config
│ │ ├── user/ # User entity & repository
│ │ ├── doctor/ # Doctor profiles & search
│ │ ├── appointment/ # Scheduling & availability
│ │ ├── medical/ # Medical records & PDF generation
│ │ ├── document/ # Document upload/download
│ │ ├── billing/ # Invoice email delivery
│ │ ├── admin/ # User management & stats
│ │ ├── audit/ # Action logging
│ │ └── config/ # Data seeder & app config
│ └── src/main/resources/
│ └── application.yml # Externalized configuration
│
├── frontend/ # Angular web application
│ └── src/app/
│ ├── core/ # Guards, interceptors, services
│ ├── features/ # Role-based feature modules
│ │ ├── admin/ # Dashboard, users, audit, finance
│ │ ├── doctor/ # Consultations, patient records
│ │ ├── patient/ # Appointments, documents
│ │ └── secretary/ # Scheduling, billing
│ ├── layouts/ # App shell & navigation
│ └── shared/ # Reusable components
│
├── mobile/ # React Native patient app
│ └── src/
│ ├── screens/ # 10 screen components
│ ├── services/ # API service modules
│ ├── navigation/ # Stack & tab navigators
│ ├── components/ # Reusable UI components
│ ├── context/ # AuthContext state management
│ ├── constants/ # Colors & configuration
│ └── utils/ # Storage & date helpers
│
├── docs/ # Documentation
├── architecture/ # Architecture diagrams
└── archive/ # Deprecated Flutter prototype
- Stateless JWT Authentication — No server-side sessions; every request carries a signed token
- BCrypt Password Hashing — Industry-standard password encryption
- Two-Factor Authentication — TOTP-based 2FA with QR code enrollment
- Google OAuth 2.0 — Federated identity via Google accounts
- Biometric Authentication — Fingerprint/Face ID on mobile devices
- Role-Based Access Control — Endpoint-level authorization with
@PreAuthorize - CORS Configuration — Restricted to configured origins only
- File Upload Validation — Type checking, size limits (20MB), UUID-based storage names
- Audit Logging — Records authentication events and admin actions
- Externalized Secrets — All credentials loaded from environment variables
See the full Improvement Roadmap for planned enhancements.
Next priorities:
- Add unit and integration tests (JUnit, Vitest, Jest)
- Dockerize all services with Docker Compose
- Add database migrations with Flyway
- Implement API versioning (
/api/v1/) - Add Swagger/OpenAPI documentation
- Move document storage to cloud (AWS S3 / Azure Blob)
This project is licensed under the MIT License. See LICENSE for details.
EZZAOUI NASR EDDINE
Software Engineering Student





