feat: add indexes, validations at some points and final polishing before production

Author: rohitbytecode

seedadmin.js

@@ -10,7 +10,7 @@ async function seedAdmin() {
 
     const existingAdmin = await User.findOne({ role: 'admin' });
     if (existingAdmin) {
-      console.log('⚠️ Admin user already exists:', existingAdmin.email);
+      console.log('Admin user already exists:', existingAdmin.email);
       return process.exit(0);
     }
 

src/app.js

@@ -10,7 +10,9 @@ import paymentRoutes from './routes/payment.routes.js';
 import signupRoutes from './routes/signup.js';
 import adminRoutes from './routes/adminroutes.js';
 
+import reportRoutes from './routes/report.routes.js';
 import dashboardRoutes from './routes/dashboard.routes.js';
+
 import doctorRoutes from './routes/doctor.routes.js';
 import receptionRoutes from './routes/reception.routes.js';
 import billingRoutes from './routes/billing.routes.js';
@@ -57,6 +59,8 @@ app.use('/api/signup', signupRoutes);
 app.use('/api/admin', adminRoutes);
 
 app.use('/api/admin/dashboard', dashboardRoutes);
+app.use('/api/reports', reportRoutes);
+
 app.use('/api/users/doctors', doctorRoutes);
 app.use('/api/users/receptionist', receptionRoutes);
 app.use('/api/billing', billingRoutes);

src/controllers/aptcontrol.js

@@ -64,35 +64,83 @@ const getAppointmentById = async (req, res) => {
   }
 };
 
-const updateAppointment = async (req, res) => {
+const updateAppointment = async (req, res, next) => {
   try {
-    const { patient, dept, doctor } = req.body;
+    const { patient, dept, doctor, status } = req.body;
+
+    const appointment = await Appointment.findById(req.params.id);
+
+    if (!appointment) {
+      return res.status(404).json({
+        success: false,
+        message: "Appointment not found"
+      });
+    }
+
+    if (
+      req.user.role === "doctor" &&
+      appointment.doctor.toString() !== req.user.id
+    ) {
+      return res.status(403).json({
+        success: false,
+        message: "Not authorized to modify this appointment",
+      });
+    }
+
+    if (req.user.role === "doctor" && (doctor || dept)) {
+      return res.status(403).json({
+        success: false,
+        message: "Doctor cannot reassign appointment",
+      });
+    }
 
     if (patient || dept || doctor) {
       const checks = [];
       if (patient) checks.push(mongoose.model('Patient').findById(patient));
       if (dept) checks.push(mongoose.model('Department').findById(dept));
-      if (doctor) checks.push(mongoose.model('User').findOne({ _id: doctor, role: 'doctor' }));
+      if (doctor) checks.push(
+        mongoose.model('User').findOne({ _id: doctor, role: 'doctor' })
+      );
+
+      const results = await Promise.all(checks);
 
-      const [patientDoc, deptDoc, doctorDoc] = await Promise.all(checks);
+      if (patient && !results[0])
+        return res.status(400).json({ success: false, message: 'Invalid patient ID' });
 
-      if (patient && !patientDoc) return res.status(400).json({ message: 'Invalid patient ID' });
-      if (dept && !deptDoc) return res.status(400).json({ message: 'Invalid department ID' });
-      if (doctor && !doctorDoc) return res.status(400).json({ message: 'Invalid doctor ID or user is not a doctor' });
     }
 
-    const updatedAppointment = await Appointment.findByIdAndUpdate(
-      req.params.id,
-      req.body,
-      { new: true, runValidators: true }
-    );
+    if (status) {
+      const validTransitions = {
+        scheduled: ["completed", "cancelled"],
+        completed: [],
+        cancelled: []
+      };
 
-    if (!updatedAppointment) return res.status(404).json({ message: 'Appointment not found' });
+      const allowed = validTransitions[appointment.status] || [];
+
+      if (!allowed.includes(status)) {
+        return res.status(400).json({
+          success: false,
+          message: "Invalid status transition"
+        });
+      }
+
+      appointment.status = status;
+    }
+
+    if (patient) appointment.patient = patient;
+    if (dept) appointment.dept = dept;
+    if (doctor) appointment.doctor = doctor;
+
+    await appointment.save();
+
+    res.status(200).json({
+      success: true,
+      data: appointment
+    });
 
-    res.json(updatedAppointment);
   } catch (err) {
-    console.error('Error updating appointment:', err);
-    res.status(400).json({ message: err.message });
+    next(err);
   }
 };
 

src/controllers/report.controller.js

@@ -0,0 +1,92 @@
+import Billing from "../models/billing.js";
+import Appointment from "../models/appointment.js";
+
+export const getRevenueReport = async (req, res, next) => {
+  try {
+    const { startDate, endDate } = req.query;
+
+    const match = { status: "paid" };
+
+    if (startDate && endDate) {
+      match.createdAt = {
+        $gte: new Date(startDate),
+        $lte: new Date(endDate)
+      };
+    }
+
+    const result = await Billing.aggregate([
+      { $match: match },
+      {
+        $group: {
+          _id: null,
+          totalRevenue: { $sum: "$amount" },
+          totalTransactions: { $sum: 1 }
+        }
+      }
+    ]);
+
+    res.status(200).json({
+      success: true,
+      data: result[0] || { totalRevenue: 0, totalTransactions: 0 }
+    });
+
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const getAppointmentReport = async (req, res, next) => {
+  try {
+    const { status, doctorId, startDate, endDate } = req.query;
+
+    const filter = {};
+
+    if (status) filter.status = status;
+    if (doctorId) filter.doctor = doctorId;
+
+    if (startDate && endDate) {
+      filter.createdAt = {
+        $gte: new Date(startDate),
+        $lte: new Date(endDate)
+      };
+    }
+
+    const totalAppointments = await Appointment.countDocuments(filter);
+
+    res.status(200).json({
+      success: true,
+      data: {
+        totalAppointments
+      }
+    });
+
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const getDoctorSummary = async (req, res, next) => {
+  try {
+    const doctorId = req.user.id;
+
+    const totalAppointments = await Appointment.countDocuments({
+      doctor: doctorId
+    });
+
+    const completedAppointments = await Appointment.countDocuments({
+      doctor: doctorId,
+      status: "completed"
+    });
+
+    res.status(200).json({
+      success: true,
+      data: {
+        totalAppointments,
+        completedAppointments
+      }
+    });
+
+  } catch (error) {
+    next(error);
+  }
+};

src/models/appointment.js

@@ -22,8 +22,8 @@ const appointmentSchema = new mongoose.Schema(
     },
     status: {
       type: String,
-      enum: ['Scheduled', 'Completed', 'Cancelled'],
-      default: 'Scheduled',
+      enum: ['scheduled', 'completed', 'cancelled'],
+      default: 'scheduled',
       index: true
     },
     date: {
@@ -52,5 +52,7 @@ const appointmentSchema = new mongoose.Schema(
 
 appointmentSchema.index({ doctor: 1, date: 1 });
 appointmentSchema.index({ doctor: 1, date: 1, time: 1 }, { unique: true });
+appointmentSchema.index({ patient: 1});
+appointmentSchema.index({ status: 1});
 
 export default mongoose.model('Appointment', appointmentSchema);

src/routes/report.routes.js

@@ -0,0 +1,32 @@
+import express from "express";
+import { protect, authorize } from "../middleware/authmiddleware.js";
+import {
+  getRevenueReport,
+  getAppointmentReport,
+  getDoctorSummary
+} from "../controllers/report.controller.js";
+
+const router = express.Router();
+
+router.get(
+  "/revenue",
+  protect,
+  authorize(["admin", "billing"]),
+  getRevenueReport
+);
+
+router.get(
+  "/appointments",
+  protect,
+  authorize(["admin"]),
+  getAppointmentReport
+);
+
+router.get(
+  "/my-summary",
+  protect,
+  authorize(["doctor"]),
+  getDoctorSummary
+);
+
+export default router;