JagWell Wellness App Documentation

Overview

JagWell is a lightweight, secure wellness tracking application built with Node.js, Express, and SQLite. It helps users log and monitor their daily wellness habits with privacy and security in mind, designed specifically for student wellness tracking at educational institutions.

Tech Stack

  • Backend: Node.js + Express
  • Database: SQLite
  • Authentication: JWT + bcrypt for password hashing
  • Security: Helmet, CORS, environment variables
  • Frontend: HTML, CSS, JavaScript

Features

  • Multi-role system: Supports Admin, Doctor, and Student user roles with appropriate permissions
  • Wellness tracking: Students can log daily wellness data (mood, sleep, heart rate, etc.)
  • Medical oversight: Doctors can view anonymous wellness trends and add medical data
  • Student ID integration: Doctors can associate school-generated student IDs with patient records for linking to school records
  • Secure authentication: JWT-based authentication with bcrypt password hashing
  • Data privacy: All sensitive data stored locally in SQLite database

Setup Instructions

Prerequisites

  • Node.js installed
  • SQLite CLI (for Windows users: winget install SQLite.SQLite)

Installation Steps

  1. Install dependencies: npm install
  2. Create database: sqlite3 db/jagwell.db < jagwell.sql
  3. Create first user: node scripts/create-user.js
  4. Configure environment in .env file: 
    PORT=3000
JWT_SECRET=jagwell-secret-2025-do-not-use-in-prod
  5. Start the app: npm run dev

User Guides

Admin Guide

Learn how to manage users, patients, and wellness records as an administrator.

View Guide

Doctor Guide

Instructions for doctors on patient management, wellness logging, and treatment tracking.

View Guide

Student Guide

How students can log their wellness information and access their health records.

View Guide

API Documentation

The JagWell app provides a comprehensive API for managing wellness data:

  • Authentication API: Login, logout, and user information retrieval
  • Doctor API: Patient management, wellness records, and treatment tracking
  • Admin API: User and data management capabilities
View Full API Reference

Security Features

JagWell implements multiple layers of security to protect user data and maintain privacy:

  • Passwords hashed with bcrypt
  • JWT tokens with 1-day expiry stored in httpOnly cookies
  • Helmet middleware for hardened HTTP headers
  • Content Security Policy (CSP) with strict directives to prevent XSS attacks
  • CORS enabled with proper configuration
  • Secrets stored in .env file
  • Server-side validation using authenticated user ID from token
View Detailed Security Guide