Backend for the recoverapp.de. You can find the client app here github.com/railslove/rcvr-app – a product by Railslove
Due to COVID-19, many localities, like bars and restaurants, must keep track of their guest. So, in the case of infection, the public health department can trace contact persons using this data.
The German government suggested a very old-school way on how to achieve this. Owners should put a printed document on each table, and guests have to write down their data with a pen, visible to everyone.
We know we can do better. Those lists are annoying for everyone, and especially a big privacy concern.
With recover, guests scan a QR Code with their phone and enter their contact details, which will be encrypted on their device and stored on our server. Only the business owner can decrypt this data, and only when the public health department requests it.
When an owner signs up, a key pair will be generated on their device. The owner needs to safely store the private key by saving it inside a password manager or writing it on a piece of paper and putting it in a physical safe. This private key is required to decrypt the data of the guests.
The public part of this key pair is embedded inside the QR Code, together with a unique identifier for each table.
When the public health department requests data for a specific time range from an owner, we will send them the guest's encrypted data from this period. The owner can then decrypt this data using his private key and send it to the public health department.
When a guest checks in, a random ID will be saved on the guest's device. recover will provide a public feed of all check-in IDs in danger of a COVID-19 infection. The IDs can be public because they cannot be traced back to a person. Only the guest's device knows if one of the stored IDs is also inside this public feed. If this is the case, we can notify the guest of the potential infection.
recover was initially developed during one weekend. We noticed the urgency and needs of business owners and wanted to provide a solution. A special thanks goes to everyone who helped and consulted us to achieve our goal in this short amount of time.
To get a development environment up and running ensure your development system has the following components:
- docker
- docker-compose
- ruby 2.7
- bundler (for ruby)
- basic C build tools (base-devel, build-essential or whatever your system calls these)
- eventually: postgres development headers
Then execute:
bundler
echo "DATABASE_URL=postgres://postgres:mysecretpassword@127.0.0.1:5432/rcvr_api_development" >> .env.local
docker-compose up -d # will start database in the background
rails db:setup RAILS_ENV=development
rails server
The example above uses a docker-compose file to locally run redis and postgres, but it is not required. Alternatively use your own setup.
Install rcvr-app frontend: https://github.com/railslove/rcvr-app
Create a frontend entry in your postgres database:
docker-compose exec postgres psql -U postgres
postgres=# \connect rcvr_api_development
rcvr_api_development=# insert into frontends (name, url) values('App-Local', 'http://localhost:3333');
Your port might vary depending on your set up (see rcvr-app README).
You should also update the frontend .env.local to match your backends local url:
NEXT_PUBLIC_API_BASE=http://api.localhost:3000
for local development the http://api. prefix is mandatory
origin/masterdeploys to production on push- All pushed branches will create a preview deployment
We do not use rails credentials in favor of dotenv. You can find the variables that you might want to set in the .env file.
Dont forget to set all four stripe related environment variables (see .env).
For trying out payment related things you might want to setup webhooks to work locally with stripe (similar to ngrok), if your server runs on localhost:3000:
stripe listen --forward-to localhost:3000/stripe-webhooks
And to trigger test events:
stripe trigger customer.subscription.updated
In the process some models primary keys were changed to type :uuid. As a result the foreign key relation for active storage (record_id) was changed accordingly.
When we added another active storage relation to a non uuid model (Affiliate), we ran into a runtime exception in Rails Admin because we were trying to link a bigint to a uuid.
This means models with active storage relations must use :uuid as id (Example: Affiliate).
rcvr.api is open-source and free software released under the GNU AGPL (GNU Affero General Public License v3.0). We, Railslove GmbH, are committed to ensuring that it will remain a free and open-source project.
Made with 💚 in Cologne