Closed tatey closed 4 years ago
Thanks for setting this up! I've linked to this from the main project README.
FYI I have added a "Deploy to Heroku" button so you can run the Key Server for free on Heroku with a one-click setup.
Oh very nice, looking forward to trying this.
Let me know if you run into any problems and I'd be happy to help.
@tatey Very cool, that was super easy to setup. I've got the auth and infected endpoints working, but the submit
endpoint is giving me:
["error": Unprocessable Entity, "status": 422]
I thought it was because of the extra data (form
and l
), but removing them didn't seem to help.
Also separate to that, I updated the spec for how errors should be return (HTTP status code, then status value of "ERROR" and "message" key with a string message).
Thanks for giving it a try. I'm sorry POST /api/submit
isn't working. I have an issue tracking returning the right errors. https://github.com/tatey/trace_privately/issues/22.
I've just built 9641de1 and I've had a look at the logs and I can see why it's failing. The keys that are being submitted have the same data signature. I was working on the assumption that the signature would be different for each key. Is that not actually the case? If so, I can relax this restriction.
On another note I'm trying to work out the best way you can update your server. It's probably easier to delete it and use the button again.
If you did want to update you'll need to:
Do one time setup:
$ git clone git@github.com:tatey/trace_privately.git
$ cd trace_privately
$ heroku git:remote -a
Pull, push, and migrate for each change:
$ git pull $ git push heroku master $ heroku run ./bin/db rails db:migrate
Ohh right. For development I'm using the same keys across days (it's just the device ID) so it can easily be mapped back to the submitting device.
I'm using the rollingStartNumber to differentiate, then use the rollingStartNumber to figure out which day it belongs to. I guess theoretically each key should be unique on its own (I'm sure this is documented somewhere, but I haven't looked).
Fair enough. I've gone ahead and removed the uniqueness constraint in https://github.com/tatey/trace_privately/commit/67d5d6b25b5c487d33b0beadd85a21deaba270f9. If you update (or re-deploy) the key server you should be able to make submissions.
There's a limit of 21 keys per submissions and I think that protection will go a long way to preventing any sort of spam/abuse.
I've made the Ruby implementation of the key server available on a demo server. You can point the
BaseUrl
inKeyServer.plist
tohttps://trace-privately-demo.herokuapp.com/api
. Here's a GIF of it in action built against 21323284a722ae2ce4d8a7f39049e9eb077d1520.There's currently no authentication or ~protection~ on the server. It's using a free tier on Heroku. It's limited to 10,000 rows in the database and the server "sleeps" after not being used for 30 minutes (Delay when booting up, but completely automatic). It will be locked down a little more after https://github.com/tatey/trace_privately/issues/12 and https://github.com/tatey/trace_privately/issues/4 are implemented.
You can access the admin section yourself by going to https://trace-privately-demo.herokuapp.com/.
Update: Server is now rate limiting API clients to 10 requests per minute. You'll get a 429 if you make too many requests.