numde / compass-numapp-backend Goto Github PK

Describe the problem with the Documentation
In https://github.com/NUMde/compass-numapp-backend/tree/main/db
the prerequisites say: DB runs on default port (5432)
However, output (and default value in flyway.js) is documented as:
Database: jdbc:database://localhost:15432/compass (PostgreSQL 12.1)

[Optional] Suggest information, that might be helpful
change 15432 to 5432

It must be possible to end a study. This should be achievable by the following options:

1. Participation ends when study end is reached
2. Participation ends when personal study end is reached
3. Participation ends because participation is ended manually by update to subject in database

Since #21 the firebase cloud messaging service is used for push notification, therefore the setup/deployment process for openshift has slightly changed. Hence, the parameters

• PUSH_CLIENT_SECRET
• PUSH_API_KEY
• PUSH_APP_ID

are not relevant anymore; all the information needed for the setup of push notifications now comes from google-services.

These parameters can be removed from the template.

Implement changes necessary for this issue.

Describe the problem with the Documentation
you need to add the keys in the .env file, so these must be generated first

[Optional] Suggest information, that might be helpful
Swap the two paragraphs: "Generating RSA key pair" and "Create .env file"

Currently, the ClassErrorMiddle for the ApiController is never invoked because even when an error or an exception occurs, it is not passed to the errorMiddleware via a call of 'next()' but directly handled and a response with the respective code is sent back.
So i suggest we either remove the ClassErrorMiddleWare or don't directly return an error message in the controllers.

I this process we might as well add some more details (without disclosing sensitive data), explaining why the request has failed (no credentials/invalid credentials/outdated credentials...).

Currently, when executing the downloader script, all available questionnaire responses that were successfully downloaded and decrypted are deleted from the queue. For several reasons this is or might be problematic - or at least unwanted.
Admittedly, the 'delete' step in the downloader script could easily removed but that just leads to the problem, but in that way consecutive executions of the script lead to redundant downloads/decryptions.

From my point of view the following things should be implemented:

• update the queue table and add columns that indicate, whether the respective response object has been downloaded and decrypted, as well as timestamp, when the last download occurred
• update the download api to allow download of
  • entries that haven't been downloaded yet (basically, whats currently implemented)
  • all entries
  • downloaded and encrypted entries
  • (optional) entries identified by timestamp (referring to [last?] download) (maybe even range)

Consequently, the downloader script would need to be updated so that the usage of the api can be configured (e.g. with environment variables)

The NUM-App mobile backend should offer multi-language support for questionnaires. This implies that questionnaires can be stored and delivered in n languages. A fallback language must be configurable in case not questionnaire exists in the requested language. Given this, an adaptation of the client application is not mandatory.
The preferred language of a user should be stored in the corresponding participant object in the database.

This issue is linked to the required change in the mobile app.

The implementation should follow the specification given in the following sequence diagram:

Is your feature request related to a problem? Please describe.
The push notifications are not localized, i.e. they are not translated.

Describe the solution you'd like
-/-

Describe alternatives you've considered
-/-

Additional context
-/-

Describe the bug
Currently, a user can theoretically submit the same instance twice when using the web app and the mobile app at the same time

To Reproduce

1. Login on web app & trigger download of questionnaire
2. Login on mobile app & trigger download of questionnaire
3. Submit completed questionnaire on either platform
4. It is possible to submit the same instance on the other platform

Expected behavior
The user should be notified, that he already answered this instance on another device/platform

Description

The field name "study_id" which is used for identification of study participants is misleading and should be renamed. It sould indicate that this value represents a subject identifier.

Study systems usually reference the following terms:

• SubjectID (integer) as database reference for table relations
• SubjectNumber (text) for a generated or assigned identifier for study participants that is used to identify subjects within a study center

ToDo

The name of the field should be updated in the code and all relating documentation.

When a user tries to use both apps there will be an error "questionnaire_not_found"
Steps to reproduce the behavior:

1. Open the mobile app. Answer some questions. Don't submit the questionnaire.
2. Now use the webapp with the same user. Answer the questions and send the questionnaire.
3. refresh in mobile app or in Webapp.
4. See the error: !!! DB might be inconsistent. Check DB !!!
   Error: questionnaire_not_found

Tracking issue for:

• https://github.com/NUMde/compass-numapp-backend/security/code-scanning/17

During the deployment in the cluster no secret for the environment variable COMPASS_RECIPIENT_CERTIFICATE is created and needs to be done manually. Please add it to the OpenShift template.

Describe the bug
Even comparably small (140 kb) encrypted cannot be submitted, transmission is capped after 1,72 kb and a 413 kb is returned

To Reproduce
Steps to reproduce the behavior:

1. Load the GECCO Questionnaire from the Implementation Guide into the backend
2. Open Data4Life WebApp
3. Enter data
4. Try to submit Questionnaire
5. See in Browser console and server terminal the error message: "PayloadTooLargeError: request entity too large"

Expected behavior
The Questionnaire can be submitted

Smartphone (please complete the following information):

• Windows 10, Firefox

Solution
Adding lmiit to the bodyParsers in ExpressServer.ts seems to fix this issue, even though I'm not sure this is the optimal solution:
this.app.use(bodyParser.json({ limit: '50mb' }));
this.app.use(bodyParser.urlencoded({ extended: true, limit: '50mb' }));

Selected request was successfull after adding the limit parameter to bodyParser.

The way i see it, the file 'google-services-secret.yaml' should be added to gitignore so the base64-encoded secret does not get leaked.

Describe the problem with the Documentation
A clear and concise description of what the problem is.
When you follow the readme, npm install results in an error, as it is not mentioned that it needs to be executed within the repo directory

git ...
npm install

[Optional] Suggest information, that might be helpful

add cd compass-numapp-backend/

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• Replace dependency npm-run-all with npm-run-all2 5.0.0
• Update dependency @types/request to v2.48.12
• Update dependency @types/swagger-ui-express to v4.1.6
• Update dependency cron to v2.4.4 (cron, @types/cron)
• Update dependency rimraf to v5.0.7
• Update dependency ts-jest to v29.1.3
• Update dependency ts-node to v10.9.2
• Update dependency dotenv to v16.4.5
• Update dependency env-var to v7.5.0
• Update dependency eslint to v8.57.0
• Update dependency eslint-config-prettier to v9.1.0
• Update dependency eslint-plugin-prettier to v5.1.3
• Update dependency nodemon to v3.1.1
• Update dependency prettier to v3.2.5
• Update dependency typescript to v5.4.5
• Update actions/cache action to v4
• Update actions/setup-node action to v4
• Update dependency @types/express-jwt to v7
• Update dependency @types/node to v20
• Update dependency cpx2 to v7
• Update dependency cron to v3
• Update dependency eslint to v9
• Update dependency eslint-plugin-jest to v28
• Update dependency firebase-admin to v12
• Update dependency husky to v9
• Update github/codeql-action action to v3
• Update typescript-eslint monorepo to v7 (major) (@typescript-eslint/eslint-plugin, @typescript-eslint/parser)
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update dependency express to v4.19.2 [SECURITY]
• Update dependency @types/express to v4.17.21
• Update dependency @types/jsonwebtoken to v9.0.6
• Update dependency @types/jws to v3.2.10
• Update dependency pg to v8.11.5 (pg, @types/pg)
• Update dependency uuid to v9.0.1 (uuid, @types/uuid)
• Update jest monorepo (@types/jest, jest)
• Update dependency @types/node to v18.19.33
• Update dependency eslint-plugin-jest to v27.9.0
• Update typescript-eslint monorepo to v6.21.0 (@typescript-eslint/eslint-plugin, @typescript-eslint/parser)
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository