The backend for Borderless Health, a cross-border telemedicine platform. Built with Express and MongoDB (Mongoose), with JWT auth and Cloudinary for image/document uploads.
🔗 Client repo / demo: https://borderless-app-client.vercel.app/
- Auth — register (patient / physician), login, and a
/auth/meendpoint that returns the user and their profile. - Users — patient and physician profiles with image (and document, for patients) uploads via Cloudinary.
- Departments — CRUD-ish endpoints with images, specialties, and reviews.
- Reviews — patients review departments (rating + comment).
- Connections — patient ↔ physician consultation requests with accept / decline.
- Express + Mongoose (MongoDB)
- JWT (
jsonwebtoken) + bcrypt for auth - Multer + Cloudinary for file uploads
- CORS, morgan
- Node.js 18+
- A MongoDB database (local or Atlas)
- A Cloudinary account (for uploads)
npm installCreate a .env file in the project root:
PORT=5005
ORIGIN=http://localhost:5173 # client URL, for CORS
MONGODB_URI=mongodb://127.0.0.1:27017/borderless
TOKEN_SECRET=your-jwt-secret
CLOUDINARY_NAME=your-cloud-name
CLOUDINARY_KEY=your-api-key
CLOUDINARY_SECRET=your-api-secret
npm run dev # start with --watch (auto-restart on changes)
npm start # start normallyServer runs at http://localhost:5005, with all routes mounted under /api.
| Method | Endpoint | Notes |
|---|---|---|
| POST | /api/auth/login |
returns { authToken } |
| GET | /api/auth/me |
current user + profile (auth) |
| POST | /api/users/patient |
register patient (multipart) |
| POST | /api/users/physician |
register physician (multipart) |
| GET | /api/users/physicians |
list/filter physicians (auth) |
| GET | /api/users/patients |
list patients (physician only) |
| GET/POST | /api/departments /api/department |
list / create departments |
| PATCH | /api/department/:id |
update a department (auth) |
| GET/POST | /api/reviews |
list / create reviews |
| GET/POST/PATCH | /api/connections |
manage connection requests (auth) |
Protected routes expect an Authorization: Bearer <token> header.
GET /departmentsandGET /reviewsare public so the client can show them before login.- The
ORIGINvalue must match the deployed/local client URL, or requests are blocked by CORS.