This is the proxy server for the o-RDS web app client. This server is meant to provide integrity and confidentiality to both user data and to the API secrets.
This server uses admin and survey taker data as a way of signing and verifying JWTs (JSON web tokens), so we can be sure the people trying to access our endpoints are properly authorized/verified users. For admins we save their email and password (salted and hashed), while for survey takers we save their phone number and the 6-digit code that was texted to them (hashed with SHA256).
The current version of o-RDS utilizes two services for this process: Tremendous for incentive payments, and Twilio for phone verification. It will require anyone who wants their own version of o-RDS to create accounts with these services, and configure their API keys to work with this server.
Use our separate docs on how to set up these accounts, then return here.
A .env file contains a list of key-value pairs which can be used as variables within the code, in order to prevent the use of API secrets as plaintext. We have provided a .env.development file with only keys, so you can fill them out with your own specific values.
Be sure to add .env.development to your .gitignore (or simply rename it to '.env'), so your keys are not visible on your own repository.
How to start this server
npm start
This is an ExpressJS application, so there are many ways it can be hosted and publicly accessible by the admin client. The o-RDS team used Railway and we followed this tutorial.
There may be a number of settings/variables in the .envf file that are set a specific way during development/testing. Use the checklist below once you're ready to move to a production envrionment.
- TESTING=false
- TREMENDOUS_BEARER_TOKEN and TREMENDOUS_SERVER shoud not be using the testflight environment
- If you were using a free Twilio account, switch over keys and phone number to the paid account
- Though not necessary, it is a good idea to generate a new JWT_API_SECRET