An API gateway to securely access to your personal health records
The backend aims for a Clean Architecture pattern with API Gateway design, serving as the entry point for all client applications (frontend, mobile apps, external integrators). Key architectural components:
- API Gateway: Central request router with authentication and authorization
- FHIR Integration: Blaze FHIR server for healthcare data storage (FHIR R4 compliant)
- Authentication: SuperTokens with magic link authentication
- Authorization: Role-based access control (RBAC) using Casbin
- Payment Processing: OY! Indonesia payment gateway integration
- Session Management: Redis-based session storage
- Psychological Instruments: Access to various psychometric tools and assessments
- Digital Interventions: Evidence-based exercises for self-compassion, mindfulness, and mental health
- Appointment Management: Schedule and manage appointments with psychologists
- Payment Gateway: Secure payment processing for healthcare services
- FHIR-Compliant Health Records: Comprehensive health record management using FHIR R4 standards
- Role-Based Access Control: Fine-grained permissions system with multiple user roles
- Language: Go 1.22.3
- HTTP Router: Chi v5
- Architecture: Clean Architecture with API Gateway pattern
- Primary Data: Blaze FHIR Server (FHIR R4 compliant)
- Sessions & Cache: Redis
- Authentication Database: PostgreSQL (SuperTokens only)
- Authentication: SuperTokens (passwordless magic link)
- Authorization: Casbin RBAC
- Session Management: Redis-based sessions
- API Keys: Custom implementation for superadmin access
- Payment Gateway: OY! Indonesia
- Messaging: RabbitMQ (email, WhatsApp notifications)
- Go 1.22.3 or later
- Docker & Docker Compose
- Git
git clone https://github.com/yourusername/be-konsulin.git
cd be-konsulingo mod tidyCreate a .env file in the root directory using .env.example as a template:
cp .env.example .envAsk fellow Engineers for .env credentials
Start the required services (PostgreSQL for SuperTokens, Redis, Blaze FHIR server, SuperTokens):
docker-compose up -dThis will start:
postgres-core-konsulin: PostgreSQL database for SuperTokens (port 7500)redis-core-konsulin: Redis for sessions and caching (port 6379)blaze-core-konsulin: Blaze FHIR server for healthcare data (port 8080)supertokens-core-konsulin: SuperTokens authentication service (port 3567)
go run cmd/http/main.goThe API Gateway will be available at the configured port (default: check your .env file).
Client Request → API Gateway → Authentication → Authorization → Service Routing → Response
/auth/*- Authentication and user management (SuperTokens)/fhir/*- FHIR resources (proxied to Blaze server with RBAC filtering)/pay/*- Payment processing (OY! Indonesia integration)/hook/*- Webhook handling (internal and external)
The system uses SuperTokens for authentication with magic link login. Authorization is handled through Casbin RBAC with the following roles:
- Guest: Unauthenticated users with limited access
- Patient: Healthcare consumers
- Practitioner: Healthcare providers
- Clinic Admin: Healthcare facility administrators
- Researcher: Data analysts with access to anonymized datasets
- Superadmin: System administrators with full access
For detailed role permissions, see resources/rbac_policy.csv.
The platform supports service-based pricing through OY! Indonesia payment gateway:
analyze: Patient data analysis (min quantity: 10)report: Practitioner reports (min quantity: 1)performance-report: Performance analytics (min quantity: 1)access-dataset: Research dataset access (min quantity: 1)
analyze→ patient rolereport→ practitioner roleperformance-report→ clinic_admin roleaccess-dataset→ researcher role- All services → superadmin role
{
"total_item": 3,
"service": "analyze",
"body": {
"email": "user@email.com",
"additional_data": "..."
}
}bash build-vendor.sh# Basic build
bash build.sh -a 'Your Name'
# Complete build with all parameters
bash build.sh -a 'Your Full Name' -e your.email@example.com -v developParameters:
-a: Author name-e: Author email-v: Deployment version (develop,staging, orproduction)
# Comment out ENTRYPOINT in Dockerfile, then:
docker run --rm -it konsulin/api-service:0.0.1 bashPlease see the /docs directory for Postman collections and API documentation, or contact the development team for access.
The service provides health check endpoints for monitoring:
- Redis connectivity
- FHIR server availability
- Service status
The project follows Clean Architecture principles:
cmd/: Application entry pointsinternal/app/delivery/: HTTP handlers and middlewareinternal/app/services/: Business logic and use casesinternal/app/contracts/: Interface definitionsinternal/app/drivers/: External service drivers
Request processing follows this middleware order:
- Request ID generation
- Structured logging
- Body buffering
- CORS handling
- SuperTokens authentication
- API key validation
- Session management
- Rate limiting
- Error handling
We welcome contributions from team members. Please follow the established coding standards and architecture patterns.
Konsulin is distributed under the AGPL-3.0 License. You may not use Konsulin's logo for other projects. Commercial licenses are available for organizations that wish to use this software without AGPL obligations. Contact hello@konsulin.care to obtain a commercial license.