A secure, decentralized healthcare records management system built with Next.js frontend, Django REST API backend, and Quai Network smart contracts for tamper-proof medical record storage.
- Overview
- Features
- Tech Stack
- Project Structure
- Quick Start
- Deployment
- Environment Variables
- API Reference
- Contributing
HealthSecure addresses critical challenges in medical data management:
| Challenge | Solution |
|---|---|
| Data Ownership | Patients control who views their records via visibility toggles |
| Immutability | Records hashed on Quai Network blockchain for verification |
| Interoperability | Doctors search patients by unique Health ID |
| Security | SHA256-based blockchain IDs + JWT authentication |
- Patients register β receive unique Health ID (e.g.,
HID-E364-FA82) - Doctors register with medical license β search patients by Health ID
- Records created by doctors β stored on-chain via smart contracts
- Verification achieved through blockchain hashing + IPFS
- π Unique Health ID generation
- π Personal dashboard with medical history
- ποΈ Control record visibility (hide/show from doctors)
- π Blockchain-based identity verification
- π Search patients by Health ID
- π Create medical records (prescriptions, diagnoses, lab reports)
- π€ Upload certificates to IPFS
- β Verified doctor badge system
- π Quai Network smart contracts for immutable records
- π IPFS Integration via Pinata for document storage
- π JWT Authentication with role-based access
- π Vercel-ready deployment structure
| Layer | Technology |
|---|---|
| Frontend | Next.js 16, React 19, TypeScript, Tailwind CSS |
| UI Components | shadcn/ui, Radix UI, Lucide Icons |
| Backend | Django 5.x, Django REST Framework |
| Authentication | JWT (Simple JWT) |
| Database | SQLite (dev) / PostgreSQL (prod) |
| Blockchain | Quai Network (Orchard Testnet) |
| Storage | IPFS via Pinata |
healthsecure/
βββ frontend/ # Next.js application (deploy to Vercel)
β βββ app/ # Next.js app router pages
β β βββ dashboard/ # Patient & Doctor dashboards
β β βββ login/ # Authentication
β β βββ signup/ # Registration
β βββ components/ # React components
β β βββ dashboard/ # Dashboard-specific
β β βββ ui/ # shadcn/ui components
β βββ lib/ # Utilities & API client
β β βββ api.ts # Backend API functions
β βββ hooks/ # Custom React hooks
β βββ public/ # Static assets
β βββ package.json # Node dependencies
β βββ vercel.json # Vercel configuration
β
βββ backend/ # Django REST API (deploy separately)
β βββ healthsecure/ # Django project config
β β βββ settings.py # Main settings
β βββ users/ # User management
β β βββ models.py # User, Patient, Doctor models
β β βββ views.py # API endpoints
β β βββ ipfs_service.py # Pinata/IPFS integration
β βββ records/ # Medical records app
β βββ requirements.txt # Python dependencies
β βββ manage.py # Django CLI
β
βββ contracts/ # Quai Network smart contracts
β βββ contracts/ # Solidity files
β β βββ MedicalRecordRegistry.sol
β βββ scripts/ # Deployment scripts
β βββ hardhat.config.js # Hardhat configuration
β βββ package.json # Node dependencies
β
βββ README.md # This file
| Tool | Version | Purpose |
|---|---|---|
| Node.js | v20+ | Frontend & Contracts |
| Python | 3.10+ | Backend |
| npm | 8+ | Package management |
# Navigate to frontend
cd frontend
# Install dependencies
npm install
# Create environment file
cp .env.example .env.local
# Edit .env.local with your backend URL
# NEXT_PUBLIC_API_URL=http://localhost:8000/api
# Start development server
npm run devFrontend runs at: http://localhost:3000
# Navigate to backend
cd backend
# Create virtual environment
python3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Create environment file
cat > .env << EOF
SECRET_KEY=your-secret-key-change-in-production
DEBUG=True
ALLOWED_HOSTS=localhost,127.0.0.1
FRONTEND_URL=http://localhost:3000
PINATA_API_KEY=your_pinata_api_key
PINATA_SECRET_KEY=your_pinata_secret_key
EOF
# Run database migrations
python manage.py migrate
# Create admin user (optional)
python manage.py createsuperuser
# Start server
python manage.py runserver 0.0.0.0:8000Backend API runs at: http://localhost:8000/api
# Navigate to contracts
cd contracts
# Install dependencies
npm install
# Create environment file
cp .env.example .env
# Edit .env with your private key and RPC URL
# Compile contracts
npx hardhat compile
# Run tests
npx hardhat test
# Deploy to Quai Orchard Testnet
npx hardhat run scripts/deployQuai.js --network quaiOrchardContract Addresses: Saved to contracts/deployments.json
-
Import to Vercel
- Go to vercel.com/new
- Import your repository
- Set Root Directory to
frontend
-
Configure Environment Variables
Variable Value NEXT_PUBLIC_API_URLhttps://your-backend-url.com/api -
Deploy - Vercel auto-detects Next.js and builds
Choose your platform:
# Install Railway CLI
npm install -g @railway/cli
# Login and deploy
railway login
cd backend
railway init
railway up- Create new Web Service on render.com
- Connect repository, set Root Directory to
backend - Build Command:
pip install -r requirements.txt - Start Command:
gunicorn healthsecure.wsgi:application
- Create new App on cloud.digitalocean.com
- Select repository, set source to
backend/ - Configure environment variables
- Deploy
Important: Update Django settings for production:
# backend/healthsecure/settings.py
DEBUG = False
ALLOWED_HOSTS = ['your-backend-url.com']
CORS_ALLOWED_ORIGINS = ['https://your-frontend-url.vercel.app']| Variable | Description | Example |
|---|---|---|
NEXT_PUBLIC_API_URL |
Backend API URL | https://api.yoursite.com/api |
| Variable | Description | Required |
|---|---|---|
SECRET_KEY |
Django secret key | β |
DEBUG |
Debug mode | Default: False |
ALLOWED_HOSTS |
Comma-separated hosts | β |
FRONTEND_URL |
Frontend URL for CORS | β |
PINATA_API_KEY |
Pinata API key | For IPFS |
PINATA_SECRET_KEY |
Pinata secret | For IPFS |
| Variable | Description | Required |
|---|---|---|
PRIVATE_KEY |
Wallet private key | β |
QUAI_RPC_URL |
Quai Network RPC | β |
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/auth/login/ |
Login, returns JWT tokens |
POST |
/api/auth/token/refresh/ |
Refresh access token |
POST |
/api/auth/register/patient/ |
Register patient |
POST |
/api/auth/register/doctor/ |
Register doctor |
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/auth/profile/ |
Get current user profile |
PUT |
/api/auth/profile/ |
Update profile |
GET |
/api/auth/stats/ |
Dashboard statistics |
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/records/ |
List user's records |
POST |
/api/records/ |
Create record (doctors) |
GET |
/api/records/{id}/ |
Get record details |
PATCH |
/api/records/{id}/visibility/ |
Toggle visibility |
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/auth/access/ |
List access requests |
POST |
/api/auth/access/ |
Create access request |
POST |
/api/auth/access/{id}/revoke/ |
Revoke access |
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/auth/patients/{health_id}/ |
Search by Health ID |
GET |
/api/patients/{health_id}/records/ |
Get patient records |
| Role | Capabilities |
|---|---|
| Patient | View own records, toggle visibility, receive Health ID |
| Doctor | Search patients, create records, upload to IPFS |
# Backend tests
cd backend
python manage.py test
# Contract tests
cd contracts
npx hardhat test
# Frontend (if configured)
cd frontend
npm test- Fork the repository
- Create feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
MIT License - see LICENSE file for details.
Made with β€οΈ for better healthcare data management