HendX
commented
4 years ago Thanks for setting this up! I've linked to this from the main project README.
Closed tatey closed 4 years ago
HendX
commented
4 years ago Thanks for setting this up! I've linked to this from the main project README.
tatey
commented
4 years ago FYI I have added a "Deploy to Heroku" button so you can run the Key Server for free on Heroku with a one-click setup.
HendX
commented
4 years ago Oh very nice, looking forward to trying this.
tatey
commented
4 years ago Let me know if you run into any problems and I'd be happy to help.
HendX
commented
4 years ago @tatey Very cool, that was super easy to setup. I've got the auth and infected endpoints working, but the submit endpoint is giving me:
["error": Unprocessable Entity, "status": 422]
I thought it was because of the extra data (form and l), but removing them didn't seem to help.
Also separate to that, I updated the spec for how errors should be return (HTTP status code, then status value of "ERROR" and "message" key with a string message).
tatey
commented
4 years ago Thanks for giving it a try. I'm sorry POST /api/submit isn't working. I have an issue tracking returning the right errors. https://github.com/tatey/trace_privately/issues/22.
I've just built 9641de1 and I've had a look at the logs and I can see why it's failing. The keys that are being submitted have the same data signature. I was working on the assumption that the signature would be different for each key. Is that not actually the case? If so, I can relax this restriction.
On another note I'm trying to work out the best way you can update your server. It's probably easier to delete it and use the button again.
If you did want to update you'll need to:
Do one time setup:
$ git clone git@github.com:tatey/trace_privately.git
$ cd trace_privately
$ heroku git:remote -a
Pull, push, and migrate for each change:
$ git pull $ git push heroku master $ heroku run ./bin/db rails db:migrate
HendX
commented
4 years ago Ohh right. For development I'm using the same keys across days (it's just the device ID) so it can easily be mapped back to the submitting device.
I'm using the rollingStartNumber to differentiate, then use the rollingStartNumber to figure out which day it belongs to. I guess theoretically each key should be unique on its own (I'm sure this is documented somewhere, but I haven't looked).
tatey
commented
4 years ago Fair enough. I've gone ahead and removed the uniqueness constraint in https://github.com/tatey/trace_privately/commit/67d5d6b25b5c487d33b0beadd85a21deaba270f9. If you update (or re-deploy) the key server you should be able to make submissions.
There's a limit of 21 keys per submissions and I think that protection will go a long way to preventing any sort of spam/abuse.
I've made the Ruby implementation of the key server available on a demo server. You can point the
BaseUrlinKeyServer.plisttohttps://trace-privately-demo.herokuapp.com/api. Here's a GIF of it in action built against 21323284a722ae2ce4d8a7f39049e9eb077d1520.There's currently no authentication or ~protection~ on the server. It's using a free tier on Heroku. It's limited to 10,000 rows in the database and the server "sleeps" after not being used for 30 minutes (Delay when booting up, but completely automatic). It will be locked down a little more after https://github.com/tatey/trace_privately/issues/12 and https://github.com/tatey/trace_privately/issues/4 are implemented.
You can access the admin section yourself by going to https://trace-privately-demo.herokuapp.com/.
Update: Server is now rate limiting API clients to 10 requests per minute. You'll get a 429 if you make too many requests.