feat: add billing transaction and staff CRUD operations

Author: rohitbytecode

src/app.js

@@ -12,6 +12,7 @@ import adminRoutes from './routes/adminroutes.js';
 
 import doctorRoutes from './routes/doctor.routes.js';
 import receptionRoutes from './routes/reception.routes.js';
+import billingRoutes from './routes/billing.routes.js';
 
 import patientRoutes from './routes/patient.js';
 import deptRoutes from './routes/dept.js';
@@ -56,6 +57,7 @@ app.use('/api/admin', adminRoutes);
 
 app.use('/api/users/doctors', doctorRoutes);
 app.use('/api/users/receptionist', receptionRoutes);
+app.use('/api/billing', billingRoutes);
 
 app.use('/api/patients', patientRoutes);
 app.use('/api/departments', deptRoutes);

src/controllers/billing.controller.js

@@ -0,0 +1,194 @@
+import Billing from '../models/billing.js';
+import billingService from '../services/billing.service.js';
+
+const createBilling = async (req, res, next) => {
+  try {
+    const { patient, appointment, amount } = req.body;
+
+    if (!patient || !amount) {
+      return res.status(400).json({
+      success: false,
+      message: "Patient and amount are required",
+      });
+    }
+
+    const billing = await Billing.create({
+      patient,
+      appointment,
+      amount,
+      createdBy: req.user.id,
+    });
+
+    res.status(201).json({
+      success: true,
+      data: billing,
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+const getAllBilling = async (req, res, next) => {
+  try {
+    const page = parseInt(req.query.page) || 1;
+    const limit = parseInt(req.query.limit) || 10;
+    const skip = (page - 1) * limit;
+
+    const bills = await Billing.find()
+      .populate("patient", "name email")
+      .sort({ createdAt: -1 })
+      .skip(skip)
+      .limit(limit);
+
+    const total = await Billing.countDocuments();
+
+    res.status(200).json({
+      success: true,
+      data: {
+        bills,
+        total,
+        page,
+        pages: Math.ceil(total / limit),
+      },
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+const updateBillingStatus = async (req, res, next) => {
+  try {
+    const { status, paymentMethod, transactionId } = req.body;
+
+    const bill = await Billing.findById(req.params.id);
+
+    if (!bill) {
+      return res.status(404).json({
+        success: false,
+        message: "Billing record not found",
+      });
+    }
+
+    if (!["pending", "paid"].includes(status)) {
+      return res.status(400).json({
+        success: false,
+        message: "Invalid status value",
+      });
+    }
+
+    if (bill.status === "paid" && status === "pending") {
+      return res.status(400).json({
+        success: false,
+        message: "Cannot revert paid billing to pending",
+      });
+    }
+
+    bill.status = status;
+
+    if (status === "paid") {
+      bill.paymentMethod = paymentMethod;
+      bill.transactionId = transactionId;
+      bill.paidAt = new Date();
+    }
+
+    await bill.save();
+
+    res.status(200).json({
+      success: true,
+      data: bill,
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+const deleteBilling = async (req, res, next) => {
+  try {
+    const bill = await Billing.findById(req.params.id);
+
+    if (!bill) {
+      return res.status(404).json({
+        success: false,
+        message: "Billing record not found",
+      });
+    }
+
+    await bill.deleteOne();
+
+    res.status(200).json({
+      success: true,
+      message: "Billing deleted",
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+// Staff CRUD for admin
+
+const createBillingStaff = async (req, res, next) => {
+  try {
+    const billing = await billingService.createBillingStaff(req.body);
+    res.status(201).json(billing);
+  } catch (error) {
+    next(error)  
+  }
+};
+
+const changePassword = async (req, res, next) => {
+  try {
+    const { oldPassword, newPassword } = req.body;
+    const result = await billingService.changePassword(
+      req.user.id, 
+      oldPassword, 
+      newPassword);
+    res.status(200).json(result);
+  } catch (err) {
+    next(err)
+  }
+};
+
+const getAllBillingStaff = async (req, res, next) => {
+  try {
+    const billing = await billingService.getAllBillingStaff();
+    res.json(billing);
+  } catch (err) {
+    next(err)
+  }
+};
+
+const updateBillingStaff = async (req, res, next) => {
+  try {
+    const { id } = req.params;
+    const billing = await billingService.updateBillingStaff(id, req.body);
+    res.json(billing);
+  } catch (err) {
+    next(err)
+  }
+};
+
+const deleteBillingStaff = async (req, res, next) => {
+  try {
+    const { id } = req.params;
+    const result = await billingService.deleteBillingStaff(id);
+    res.json(result);
+  } catch (err) {
+    next(err)
+  }
+};
+
+export {
+  // Billing operations
+  createBilling,
+  getAllBilling,
+  updateBillingStatus,
+  deleteBilling,
+
+  // Staff CRUD for admin
+
+  createBillingStaff,
+  changePassword,
+  getAllBillingStaff,
+  updateBillingStaff,
+  deleteBillingStaff
+}

src/models/User.js

@@ -12,7 +12,7 @@ const userSchema = new mongoose.Schema({
   role: { 
     type: String, 
     required: true, 
-    enum: ['admin', 'doctor','receptionist'] 
+    enum: ['admin', 'doctor','receptionist','billing'] 
   },
 
 

src/models/billing.js

@@ -45,4 +45,9 @@ const billingSchema = new mongoose.Schema(
   { timestamps: true }
 );
 
-export default mongoose.model("Billing", billingSchema);
+billingSchema.index({ status: 1 });
+billingSchema.index({ patient: 1 });
+billingSchema.index({ createdAt: -1 });
+billingSchema.index({ status: 1, createdAt: -1 });
+
+export default mongoose.model("Billing", billingSchema);

src/routes/billing.routes.js

@@ -0,0 +1,76 @@
+import express from 'express';
+import { protect, authorize } from '../middleware/authmiddleware.js';
+import * as billingController from '../controllers/billing.controller.js';
+
+const router = express.Router();
+
+//BILLING TRANSACTIONS
+
+router.post(
+  "/",
+  protect,
+  authorize(["admin"]),
+  billingController.createBilling
+);
+
+router.get(
+  "/",
+  protect,
+  authorize(["admin", "billing"]),
+  billingController.getAllBilling
+);
+
+router.patch(
+  "/:id/status",
+  protect,
+  authorize(["admin", "billing"]),
+  billingController.updateBillingStatus
+);
+
+router.delete(
+  "/:id",
+  protect,
+  authorize(["admin"]),
+  billingController.deleteBilling
+);
+
+
+//BILLING STAFF MANAGEMENT
+
+
+router.post(
+  "/staff",
+  protect,
+  authorize(["admin"]),
+  billingController.createBillingStaff
+);
+
+router.get(
+  "/staff",
+  protect,
+  authorize(["admin"]),
+  billingController.getAllBillingStaff
+);
+
+router.put(
+  "/staff/:id",
+  protect,
+  authorize(["admin"]),
+  billingController.updateBillingStaff
+);
+
+router.delete(
+  "/staff/:id",
+  protect,
+  authorize(["admin"]),
+  billingController.deleteBillingStaff
+);
+
+router.put(
+  "/staff/change-password",
+  protect,
+  authorize(["billing"]),
+  billingController.changePassword
+);
+
+export default router;

src/services/billing.service.js

@@ -0,0 +1,70 @@
+import billing from '../models/billing.js';
+import User from '../models/User.js';
+import bcrypt from 'bcrypt';
+
+const createBillingStaff = async (data) => {
+    const password = data.password || 'billing@123';
+    const hashedPassword = await bcrypt.hash(password, 10);
+
+    const billing = new User({
+        ...data,
+        password: hashedPassword,
+        role: 'billing',
+    });
+
+    await billing.save();
+
+    return {
+        success: true,
+        message: 'Billing staff created successfully',
+    };
+};
+
+
+const changePassword = async (userId, oldPassword, newPassword) => {
+    const billing = await User.findById(userId);
+    if(!billing) throw new Error('Billing staff not found');
+
+    const isMatch = await bcrypt.compare(oldPassword, billing.password);
+    if(!isMatch) throw new Error('Old password is incorrect');
+
+    billing.password = await bcrypt.hash(newPassword, 10);
+    await billing.save();
+
+    return { message: 'Password changed successfully' };
+};
+
+const getAllBillingStaff = async () => {
+    return await User.find({ role: 'billing' });
+};
+
+const updateBillingStaff = async (id, data) => {
+    if(data.password) {
+        data.password = await bcrypt.hash(data.password, 10);
+    }
+
+    const billing = await User.findOneAndUpdate(
+        { _id: id, role: 'billing' },
+        data,
+        { new: true, runvalidators: true }
+    );
+
+    if(!billing) throw new Error('Billing staff not found');
+
+    return billing;
+};
+
+const deleteBillingStaff = async (id) => {
+    const billing = await User.findOneAndDelete({ _id: id, role: 'billing' });
+    if(!billing) throw new Error('Billing staff not found');
+
+    return { message: 'Billing staff deleted successfully' };
+};
+
+export default{
+  createBillingStaff,
+  changePassword,
+  getAllBillingStaff,
+  updateBillingStaff,
+  deleteBillingStaff
+}