Express.js backend for VacciChain, a blockchain-based vaccination record platform on Stellar Network using Soroban smart contracts.
- SEP-10 Web Authentication: Challenge-response based authentication with Stellar keypairs
- JWT Token Generation: Role-based access control (issuer vs patient)
- Soroban Integration: Direct smart contract interaction for vaccination NFT minting and verification
- RESTful API: Clean, documented endpoints for vaccination operations
┌─────────────────────────────────────────────────────────────┐
│ VacciChain Backend │
├─────────────────────────────────────────────────────────────┤
│ Express.js Application │
│ ├── SEP-10 Auth Middleware (Challenge/Response) │
│ ├── JWT Authentication Middleware │
│ ├── Issuer Role Verification (Soroban Read) │
│ └── API Routes │
├─────────────────────────────────────────────────────────────┤
│ Stellar Integration │
│ ├── Soroban RPC Client (Contract Reads & Writes) │
│ ├── TransactionBuilder (Envelope Construction) │
│ └── Keypair Management (SEP-10 Signing) │
└─────────────────────────────────────────────────────────────┘
POST /v1/auth/sep10
Content-Type: application/json
{
"publicKey": "GXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
Response:
{
"success": true,
"challengeXdr": "AAAAAgAAAAB...",
"nonce": "a1b2c3d4e5f6g7h8"
}
POST /v1/auth/verify
Content-Type: application/json
{
"signedXdr": "AAAAAgAAAAB...",
"publicKey": "GXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
Response:
{
"success": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"role": "issuer|patient",
"publicKey": "GXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
POST /v1/vaccination/issue
Authorization: Bearer <JWT_TOKEN>
Content-Type: application/json
{
"patientAddress": "GXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"vaccineName": "COVID-19 Pfizer",
"dateAdministered": "2024-01-15T10:30:00Z"
}
Response:
{
"success": true,
"txHash": "0x1234567890abcdef...",
"message": "Vaccination record minting transaction submitted successfully."
}
GET /v1/verify/:wallet
Response:
{
"success": true,
"walletAddress": "GXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"isVerified": true,
"recordCount": 3,
"verifiedAt": "2024-07-10T12:30:00.000Z"
}
- Node.js 18+ and npm
- Stellar Testnet keypair (for testing)
- Soroban contract ID
- Clone the repository:
git clone https://github.com/Vacci-chain/vacchain-backend.git
cd vacchain-backend- Install dependencies:
npm install- Configure environment:
cp .env.example .env
# Edit .env with your values- Start the server:
npm start
# Or for development with auto-reload:
npm run devThe server will listen on http://localhost:4000 by default.
| Variable | Description | Example |
|---|---|---|
PORT |
Server port | 4000 |
JWT_SECRET |
Secret for JWT signing | your-secret-key |
STELLAR_NETWORK |
Network selection | TESTNET or MAINNET |
HORIZON_URL |
Horizon API endpoint | https://horizon-testnet.stellar.org |
SOROBAN_RPC_URL |
Soroban RPC endpoint | https://soroban-testnet.stellar.org |
VACCINATIONS_CONTRACT_ID |
Soroban contract ID | CDW... |
SEP10_SERVER_KEY |
Server secret key for SEP-10 | SA... |
- SEP-10 Replay Protection: Nonces are stored and validated to prevent replay attacks
- JWT Expiration: Tokens expire after 1 hour
- Issuer Authorization: Verified on-chain before allowing mint operations
- CORS: Configured for specified origins
- Environment Variables: Sensitive data stored in
.env(not in repository)
Run tests with:
npm testRestart on file changes:
npm run devLint code:
npm run lintThe backend interacts with a Soroban smart contract exposing:
pub fn mint_vaccination(
patient: Address,
vaccine_name: String,
date_administered: u64,
issuer: Address
) -> Result<(), Error>
pub fn verify_vaccination(patient: Address) -> Result<Vec<VaccinationRecord>, Error>
pub fn is_authorized_issuer(issuer: Address) -> booldocker build -t vaccichain-backend .
docker run -p 4000:4000 --env-file .env vaccichain-backend- Set strong
JWT_SECRETin environment - Configure
SEP10_SERVER_KEYwith mainnet keypair - Use
STELLAR_NETWORK=MAINNETwith mainnet RPC endpoints - Enable HTTPS
- Set up proper logging and monitoring
- Configure database for challenge storage (instead of in-memory)
- Set up rate limiting for production
MIT
For issues, questions, or contributions, please visit: https://github.com/Vacci-chain/vacchain-backend
VacciChain Team