Accessible healthcare made simple. A smart, modular web application for medicine tracking, symptom checking, and clinic discovery.
π https://care-sync-iota.vercel.app/
CareSync empowers individuals to take control of their health management. Built to be accessible and intuitive, it solves the problem of scattered healthcare information by centralizing medicine reminders, symptom analysis, and local medical resource discovery into one cohesive platform.
Whether you are managing a chronic condition or just need a quick check-up on symptoms, CareSync acts as your personal health companion.
- Add, edit, and manage daily prescriptions
- Set custom reminders so you never miss a dose
- Input symptoms to receive possible conditions
- Basic risk assessment and suggested treatments
- Find nearby hospitals and clinics using geolocation
- Interactive map integration using OpenStreetMap
- Optimized for mobile, tablet, and desktop
- Built using Material UI and Bootstrap
Whether you're a first-time contributor or an experienced developer, there are many ways to contribute to CareSync.
- Check the open Issues for bugs, enhancements, and feature requests.
- Read the FUTURE_ROADMAP.md file to explore planned features.
- Review CONTRIBUTING.md for contribution guidelines.
- Look for issues labeled:
- good first issue
- enhancement
- bug
- documentation
If you would like to work on a new feature that is not currently listed, open a discussion or create a feature request issue before starting development.
We welcome contributions of all sizes, including:
- Bug fixes
- UI/UX improvements
- Documentation updates
- Performance optimizations
- New features
- React 18 β Component-based UI
- Material UI (MUI) β Modern, accessible UI components
- Bootstrap β Grid system and layout utilities
- OpenStreetMap (Nominatim) β Geocoding and location services
- Vercel β Deployment and hosting
Follow these instructions to set up the project locally.
- Node.js v16 or higher
- npm v8 or higher
- Clone the repository
git clone https://github.com/vallabhatech/CareSync.git
cd CareSync- Install dependencies
npm install- Configure environment variables
Copy the example environment file and adjust the values as needed:
cp .env.example .envCareSync is a Create React App project, so
all environment variables must be prefixed with REACT_APP_ to be exposed
to the browser, are embedded at build time (you must restart npm start
after changing them), and are read via process.env.REACT_APP_*. See the
Environment Variables reference below for what each
one does.
- Start the development server
npm startThe app will open automatically at: π http://localhost:3000
CareSync reads configuration from a .env file at the project root. Start by
copying the template:
cp .env.example .envBecause this is a Create React App project, every variable must begin with
REACT_APP_. Variables are inlined into the build at compile time, so after
editing .env you must stop and restart the dev server (npm start) for
changes to take effect. Never commit your real .env file β only
.env.example (with empty or placeholder values) belongs in version control.
| Variable | Required | Default | Description |
|---|---|---|---|
REACT_APP_MAP_API_KEY |
No | (empty) | API key for a maps provider (e.g. Google Maps), reserved for future paid map integrations. The current Clinic Locator uses the free OpenStreetMap/Nominatim API and does not require this key, so it can be left blank for local development. |
REACT_APP_API_BASE_URL |
No | http://localhost:5000 |
Base URL of the backend API, used as a prefix for backend requests if/when a backend is integrated. CareSync is currently a frontend-only app, so this is a forward-looking placeholder. |
REACT_APP_ENABLE_ANALYTICS |
No | false |
Feature flag to toggle analytics. Set to true to enable analytics-related behavior; left false by default for local development and privacy. |
Note: All three variables are currently optional β CareSync runs locally with an unmodified
.env(or no.envat all). They exist to document the configuration surface and to support planned backend, paid-maps, and analytics integrations.
Deploy your own instance instantly using Vercel:
- User authentication (Login / Signup)
- Backend integration for persistent user data
- Push notifications for medicine reminders
- Telemedicine appointment booking
- Multi-language support
Contributions are what make the open-source community grow and thrive. Any contribution you make is greatly appreciated.
- Fork the project
- Create your feature branch
git checkout -b feature/AmazingFeature- Server body limit: configured via
server/config/limits.js(default5mb). Override withBODY_LIMITorBODY_LIMIT_BYTESenvironment variables. - Client axios limits: configured via
src/utils/httpConfig.js(REACT_APP_MAX_CONTENT_LENGTHandREACT_APP_MAX_BODY_LENGTH, defaults5MB).
Requests rejected due to oversized payloads are logged on the server with IP, URL, method and Content-Length.
This project includes a set of defensive controls and tests to mitigate common web application security issues. The following sections summarize requirements, protections implemented, and how to run the security test-suite.
- Axios version requirements
- We require
axios>= 1.18.0 inpackage.json. Keepaxiosup-to-date to receive security fixes. Monitor advisories and update promptly. Tests insrc/utils/api.test.jsassert configured limits are present.
- Security risks addressed
- Oversized payload (DoS) attacks: server and client limits are configured and tested.
- Header injection (CRLF): server sanitizes response headers; the client and server validate header names/values and reject CRLF/control characters.
- Prototype pollution: request bodies are sanitized (server-side middleware strips
__proto__,constructor, andprototype). - Regular expression Denial of Service (ReDoS): complex regexes were replaced with ReDoS-resistant logic and length checks.
- Server-Side Request Forgery (SSRF): URL validation normalizes/inspects hostnames, rejects private/loopback and cloud metadata addresses.
- SSRF protections
- All outbound URLs validated in
src/utils/sanitize.jsviavalidateUrl():- Enforces allowed protocols (
http,https). - Blocks cloud metadata hostnames (e.g.
169.254.169.254). - Normalizes IPv4/IPv6 encodings to detect hex/decimal/octal encodings and mapped IPv6 forms.
- Rejects loopback, private, link-local, APIPA and reserved ranges.
- Enforces allowed protocols (
- Header validation
- Header names validated against RFC-like token regex and limited to 256 characters in
src/utils/sanitize.js. - Header values are trimmed, disallow control characters (0x00-0x1F, 0x7F), CR/LF, and limited to 4096 characters.
- Payload size limits
- Server body limit: configured in
server/config/limits.js(default5mb). Express body-parser uses this limit and oversized payloads return413 Payload Too Large(or400in some environments). Logs include IP, URL, method, and Content-Length. - Client axios limits:
src/utils/httpConfig.jsdefinesDEFAULT_MAX_CONTENT_LENGTHandDEFAULT_MAX_BODY_LENGTH(default5MB). The axios instance insrc/utils/api.jsappliesmaxContentLengthandmaxBodyLength.
- Prototype pollution prevention
- Server middleware
server/utils/requestSanitize.jsstrips dangerous object keys recursively before route handlers run. sanitizeConfig()insrc/utils/sanitize.jsalso removes prototype keys from client-side config data where applicable.
- Testing strategy
- Server tests (Jest + Supertest) are located under
server/tests/. - Frontend tests (Jest + react-testing-library) are located under
src/utils/. - To run server tests:
cd server
npm install
npm testRun frontend tests from repo root:
npm install
npm testIf you'd like, I can open a PR with these security changes and the test-suite, or wire these tests into CI (GitHub Actions) so they run automatically on each push.
- Commit your changes
git commit -m "Add AmazingFeature"- Push to the branch
git push origin feature/AmazingFeature- Open a Pull Request
- Surishetty Harivallabha Sai β @vallabhatech
- Hazari Thanusree β @HazariThanusree-2005
Distributed under the MIT License.
See the LICENSE file for more information.
β If you like this project, donβt forget to star the repo!