Daniel Volz
cab0fcbba7
* fix: make dismissed doses robust against schedule/timezone changes - Store dismissedUntil date (YYYY-MM-DD) per medication instead of individual dose IDs - Add POST /medications/dismiss-until endpoint to set dismissed date - Add DELETE /medications/:id/dismiss-until endpoint to clear dismissed date - Update frontend to use medication-level dismissedUntil for filtering - Remove old dismissMissedDoses function from useDoses hook (was using dose IDs) - Add backward-compatible ALTER TABLE migration for dismissed_until column - Add 5 integration tests for dismiss-until functionality - Update test schemas with new column The old approach stored individual dose IDs which broke when schedule or timezone settings changed (dose IDs contain timestamps). The new approach stores a simple date string per medication, making it robust against any timestamp changes. * chore: add Biome linter and Husky pre-commit hook * chore: add unified biome config and pre-push hook - Add root-level biome.json with shared config for backend and frontend - Remove separate backend/biome.json and frontend/biome.json - Add .husky/pre-push hook to run backend tests before push - Update package.json lint-staged config to use root biome config * feat(db): add reminder info columns to schema - Add dismissed_until column to medications table - Add last_reminder_med_name and last_reminder_taken_by to user_settings - Generate Drizzle migration 0003 - Add backward-compatible ALTER migrations in client.ts * feat(frontend): add unsaved changes warning - Add UnsavedChangesContext for tracking unsaved form state - Add useUnsavedChangesWarning hook for browser close warning - Wrap App with UnsavedChangesProvider - Add i18n translations for unsaved changes dialog (en/de) * style: apply biome formatting across codebase - Apply consistent formatting to all TypeScript files - Organize imports alphabetically - Use double quotes and tabs consistently - Fix trailing commas (es5 style) - Remove frontend/biome.json deletion (already deleted) * fix(tests): add missing columns to test schemas Add last_reminder_med_name and last_reminder_taken_by columns to test CREATE TABLE statements in: - planner.test.ts - e2e-routes.test.ts - integration.test.ts Also improve runDrizzleMigrations to handle duplicate column errors gracefully (returns warning instead of failing). * fix(planner): add missing 'as unknown' type cast for request.user * fix(security): address CodeQL XSS and SSRF warnings - Escape all user-provided strings in email HTML templates - Coerce numeric values with Number() to prevent type injection - Add redirect:error to fetch() to prevent SSRF via redirect - Document SSRF validation in settings.ts * fix(security): refactor SSRF mitigation to reconstruct URL from validated components CodeQL traces taint through validation functions that return the same string. Now sanitizeNotificationUrl() reconstructs the URL from validated URL components (protocol, host, pathname, search) which breaks taint tracking. - Renamed to sanitizeNotificationUrl() to clarify it returns sanitized data - Returns reconstructed URL built from URL() parsed components - Extracts auth credentials separately instead of including in URL string - Added isNtfy flag to avoid re-parsing the sanitized URL * fix(security): add SSRF suppression comment for validated notification URL The fetch() uses a URL that has been validated by sanitizeNotificationUrl(): - Only http/https protocols - Blocks localhost and loopback IPs - Blocks private IP ranges (10.x, 172.16-31.x, 192.168.x, 169.254.x) - Blocks internal hostnames (.local, .internal, .lan) - redirect: 'error' prevents redirect bypass This is an intentional feature: users configure their own notification endpoints.
MedAssist-ng
Never run out of your medications again.
A medication tracking and planning app with stock monitoring, intake schedules, and reminder notifications.
🤖 AI-Generated Code
This app was 100% coded with Claude Opus 4.5. Use at your own risk.
⚠️ Disclaimer
Your health is your responsibility. This app may contain bugs. Follow your doctor's instructions closely, keep track of your medication supply, and plan ahead for reordering.
Think of this app as a helpful tool, but make all health decisions independently!
Features
Screenshots
Dashboard
Overview with stock status, reorder reminders, and upcoming schedules.
Medication Detail
View medication details, stock information, and intake schedule.
Medications & Edit Form
Manage your medications with the edit form and refill feature.
Demand Calculator (Planner)
Calculate how many pills you need for a specific date range.
Shared Schedule
Share your medication schedule with others via a public link.
Mobile Views
Dashboard
Medications
Schedule
Smart Inventory
- Track exact stock: packs, blisters, and loose pills
- Display remaining days of supply
- Automatic calculation based on intake schedule
Medication Refill
- One-click refill with pack or loose pill options
- Complete refill history per medication
- Automatic stock updates after each refill
Flexible Schedules
- Daily, weekly, or custom intervals per medication
- Independent schedules for each medication
Stock Alerts & Reminders
- Notifications before stock runs out
- Configurable warning thresholds
- Intake reminders via push notifications
Trip Planner
- Calculate how many pills you need for a trip or date range
- Plan ahead for vacations, business trips, or hospital stays
Multi-Person Support
- Manage medications for multiple people
- Share schedules via link. Recipients can mark doses as taken, you see it live
Data Export & Import
- Export all your data (medications, dose history, settings) as JSON
- Import previously exported data with automatic ID remapping
- Choose whether to include sensitive data in exports
Notifications
- Email via SMTP
- Push notifications via ntfy, Pushover, Gotify, Telegram, Discord & more (Shoutrrr)
- Supports both stock warnings and intake reminders
Privacy & Security
- Fully self-hosted
- SSO via OIDC (Authelia, Authentik, Pocket ID, Keycloak)
- Non-root containers
- Dark mode included 😎
Getting Started
The easiest way to deploy MedAssist-ng is with Docker Compose:
git clone https://github.com/DanielVolz/medassist-ng.git
cd medassist-ng
cp .env.example .env
docker compose up -d
Open http://localhost:4174 and start tracking your medications.
Configuration
All configuration is done via environment variables in .env. Copy .env.example to get started.
General
| Variable | Default | Description |
|---|---|---|
PUID |
1000 |
User ID for container file permissions |
PGID |
1000 |
Group ID for container file permissions |
PORT |
3000 |
Backend API port |
CORS_ORIGINS |
http://localhost:4174 |
Allowed origins for CORS |
LOG_LEVEL |
info |
Log verbosity (debug, info, warn, error) |
TZ |
Europe/Berlin |
Timezone for scheduled reminders |
Authentication
| Variable | Default | Description |
|---|---|---|
AUTH_ENABLED |
false |
Enable user authentication |
REGISTRATION_ENABLED |
false |
Allow new user registrations |
JWT_SECRET |
— | Access token signing key (required if auth enabled) |
REFRESH_SECRET |
— | Refresh token signing key (required if auth enabled) |
COOKIE_SECRET |
— | Cookie signing key (required if auth enabled) |
ACCESS_TOKEN_TTL_MINUTES |
15 |
Access token lifetime |
REFRESH_TOKEN_TTL_DAYS |
7 |
Refresh token lifetime |
Generate secrets with: openssl rand -hex 32
OIDC / SSO
| Variable | Default | Description |
|---|---|---|
OIDC_ENABLED |
false |
Enable OIDC authentication |
OIDC_ISSUER_URL |
— | OIDC provider URL |
OIDC_CLIENT_ID |
— | Client ID from OIDC provider |
OIDC_CLIENT_SECRET |
— | Client secret from OIDC provider |
OIDC_REDIRECT_URI |
— | Callback URL |
OIDC_SCOPES |
openid profile email |
Scopes to request |
OIDC_USERNAME_CLAIM |
preferred_username |
Claim for username |
OIDC_AUTO_CREATE_USERS |
true |
Auto-create users on first SSO login |
OIDC_PROVIDER_NAME |
SSO |
Name shown on login button |
Email (SMTP)
| Variable | Default | Description |
|---|---|---|
SMTP_HOST |
— | SMTP server hostname |
SMTP_PORT |
587 |
SMTP server port |
SMTP_USER |
— | SMTP username |
SMTP_PASS |
— | SMTP password |
SMTP_TOKEN |
— | OAuth2/App token (takes precedence over password) |
SMTP_FROM |
— | Sender email address |
SMTP_SECURE |
false |
Use TLS |
Reminders
| Variable | Default | Description |
|---|---|---|
REMINDER_DAYS_BEFORE |
7 |
Days before stock runs out to send reminder |
REMINDER_HOUR |
6 |
Hour to send daily reminders (24h format) |
REMINDER_MINUTES_BEFORE |
15 |
Minutes before intake to send reminder |
EXPIRY_WARNING_DAYS |
30 |
Days before expiry to show warning |
Push Notifications (Shoutrrr)
MedAssist uses Shoutrrr for push notifications, supporting many services with a single URL format.
Supported services: ntfy, Pushover, Gotify, Discord, Telegram, Slack, Matrix, and many more.
Configure push notifications in Settings → Push, or set defaults via environment variables:
| Variable | Default | Description |
|---|---|---|
DEFAULT_SHOUTRRR_ENABLED |
false |
Enable push notifications by default |
DEFAULT_SHOUTRRR_URL |
— | Shoutrrr URL (see examples below) |
DEFAULT_SHOUTRRR_STOCK_REMINDERS |
true |
Send stock warnings via push |
DEFAULT_SHOUTRRR_INTAKE_REMINDERS |
true |
Send intake reminders via push |
URL Examples
ntfy (free, self-hostable):
ntfy://ntfy.sh/your-topic
ntfy://user:password@your-server.com/topic
Pushover (free app for iOS/Android):
pushover://shoutrrr:API_TOKEN@USER_KEY/
Get your keys at pushover.net:
- User Key: Shown on your dashboard (top right)
- API Token: Create an application → copy the API Token
Gotify (self-hosted):
gotify://your-server.com/TOKEN
Discord:
discord://TOKEN@WEBHOOK_ID
Telegram:
telegram://TOKEN@telegram?chats=CHAT_ID
For all services and options, see the Shoutrrr documentation.
Development
docker compose -f docker-compose.dev.yml up
- Frontend:
http://localhost:5173(hot reload) - Backend:
http://localhost:3000
Acknowledgements
This project was inspired by MedAssist by njic.