-
Notifications
You must be signed in to change notification settings - Fork 7
Home
Welcome to the CovidCode-Service wiki!
Introduction
This documentation describes the CovidCode-Service API and its purpose.
The CovidCode-Service is part of the backend system of the proximity tracing app. The PT-app has a main data backend and an authorization code generation backend (this service) with an associated user interface.
Physicians can use the UI to generate a 12-digit authorization code for their infected patients. A patient can enter the code in his app to notify other app users, who were close enough for a possible transmission of the virus in the past few days since the first symptoms of the infection occurred.
The 12-digit authorization code serves as security to ensure no other person than the infected patient can notify other app users.
Installation
Clone the repository with the provided github-url or download zip-File and make an import into your favorite IDE. Set up Maven project. Download all dependencies by running Maven lifecycle goals ‘clean install’. Make sure in advance that all required plugins are available i.e. Lombok, Docker, etc.
Running the Application
To start the service you can either configure a run configuration in your IDE or use the command line:
mvn spring-boot:run -Dspring-boot.run.profiles=local
The service connects to a Postgres database on startup. It is possible to run a Postgres database service on a docker container. To do so the project source provides a docker-compose.yml file with a basic setup. In addition, CovidCode-Service uses Keycloak as identity and access management service. Keycloak can also be configured and run on a docker container or even be mocked for testing.
API
The CovidCode-Service provides two REST API-Endpoints:
- /v1/authcode
- /v1/onset
/v1/authcode
generates a 12-digit authorization code with the symptom date as input. To notify other affected users, the PT-app user has to enter the code in the app. Then the system verifies the code and on success immediately sends notification messages.
/v1/onset
verifies the authorization code. It queries the database and checks for existence. For security reasons it is only possible to use the verification request for a specific code once. Therefore, on subsequent requests the same code will be invalid.