SafeTrace icon indicating copy to clipboard operation
SafeTrace copied to clipboard

Published 20 hours ago verified publisher icon scrtlabs

Backend for managing User IDs

Open ainsleys opened this issue 4 years ago • 15 comments

This server should store userID, email, and password, and enable users to log-in to their userID in the front-end application. It should also enable the front-end to submit the userID along with other user-submitted data via the SafeTrace API

ainsleys avatar Mar 27 '20 17:03 ainsleys

Hi @ainsleys , What architecture we should use here? I think would be good a nodejs + MongoDB working as Rest-API.

Questions:

  • It is possible that we use the Google sign-in service or we want to avoid using any external service that identifies the user?
  • I think we need to save more data like: createDate, agreeToBeNotified, typeOfUser? (reporter vs observer), testResults, testDate
  • User can report more that one test results?
  • Should save a log of every time that user report or upload positions?

cmalfesi avatar Mar 30 '20 12:03 cmalfesi

Hey @cmalfesi

That architecture seems reasonable to me!

re: questions

  1. I think I fall on the side of using google sign-in for the following reasons:
  • account recovery is simpler
  • bar for security for password management is higher (i.e., account security supports 2fa and authenticator apps) But, I would like to consult with @lacabra on the risks of this approach.

  1. can you let me know what each of these i.e. what data is expected (just to ensure 100% we're on the same page)?

  2. we think yes-- they can report with no test, and then update if they receive a positive or negative yes. Right now the utility isn't 100% clear, but i think makes the app more re-usable and generalizable for different interventions.

  3. probably. This can help us reduce spam or load on the system if required. Any reason not to @lacabra ?

Thanks @cmalfesi !

ainsleys avatar Mar 30 '20 13:03 ainsleys

@cmalfesi I think a google sign in is OK also happy to do MongoDB + node js

Regarding other data fields:

  • createDate (time + date) makes sense
  • agreeToBeNotified (0, 1) makes sense
  • type of user -> in the future we are planning to add symptoms as well so we may want to create a status for the user like 0 = not tested, no symptons, 1 positive, 2 high risk symptoms (no need to worry about 2 now)
  • test date (i.e 3/22/2020) yes. We can either add submission date for all other users

cankisagun avatar Mar 30 '20 15:03 cankisagun

@cankisagun @ainsleys I will create an MVP of this issue during the day, I hope I can have something tomorrow.

cmalfesi avatar Mar 31 '20 13:03 cmalfesi

FYI: I have forked this project and added a backend subfolder for add the User API endpoints. I have pushed the first changes. I will be adding more endpoints today. https://github.com/cmalfesi/SafeTrace/tree/be-express-mongodb-docker/backend

cmalfesi avatar Apr 02 '20 11:04 cmalfesi

Wait, why nosql for this? this seems like a classic case for relationality, maybe postgres?

FishmanL avatar Apr 03 '20 15:04 FishmanL

@FishmanL a request for more context in your comment please, many people need to follow this (please note what advantages postgres would confer over current mongoDB solution). We're unlikely to modify anything for the MVP unless the case is really compelling, and afaik mongoDB works fine for this. Appreciate the input & the clarification!

ainsleys avatar Apr 03 '20 15:04 ainsleys

Sure -- so, mongo (and similar nosql solutions) are good when you have unstructured data, that you might need to modify within DB, and that doesn't need to scale to lots of users quickly.

In this case, you have very structured data, it's static once posted (all you're doing is adding new rows) and it needs to scale to lots of rows quickly. All 3 of these point to using SQL/a similar structured RDBMS, and with postgres it takes like 3 min to stand up a normalized schema for something like this (user table mapping user info to IDs, location table mapping user IDs to lat,long,time)

FishmanL avatar Apr 03 '20 16:04 FishmanL

@FishmanL Just to be really clear, this server is only managing unique userID -> email, password . It should never deal with lat/long/time, that needs to be passed directly from client to the SafeTrace server running code in the TEE.

I'll let @cmalfesi make the call on what approach is sufficient for MVP, but I think we can optimize down the road. At the end of the day, this setup (database + loginAPI + frontend) is all part of the client app, which for our purposes is a prototype that demonstrates the SafeTrace API, so optimization is probably out of scope for the time being. Open to other perspectives, tho.

ainsleys avatar Apr 03 '20 16:04 ainsleys

Ah, aight, then it's still best to have it as postgres/another sql install but it's less necessary.

On Fri, Apr 3, 2020, 12:22 PM ainsleys [email protected] wrote:

@FishmanL https://github.com/FishmanL Just to be really clear, this server is only managing unique userID -> email, password . It should never deal with lat/long/time, that needs to be passed directly from client to the SafeTrace server running code in the TEE.

I'll let @cmalfesi https://github.com/cmalfesi make the call on what approach is sufficient for MVP, but I think we can optimize down the road. At the end of the day, this setup (database + loginAPI + frontend) is all part of the client app, which for our purposes is a prototype that demonstrates the SafeTrace API, so optimization is probably out of scope for the time being. Open to other perspectives, tho.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/enigmampc/SafeTrace/issues/22#issuecomment-608533945, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE32NMED53S2XBCSJHKISGTRKYELBANCNFSM4LVFUKMA .

FishmanL avatar Apr 03 '20 16:04 FishmanL

I concur with @FishmanL's assessment.

lacabra avatar Apr 03 '20 18:04 lacabra

Hey @FishmanL , thanks for your feedback! You are totally right, I agree with you. I have proposed just a quick solution for start asap the MVP without having the perfect analysis of the data structure and how it will change in the path. In general, I like to use MongoDB for things that are not 100% defined and we can always change with fewer efforts, different the case that we have exhaustive analysis about how the data will be used.

cmalfesi avatar Apr 04 '20 12:04 cmalfesi

@ainsleys @cankisagun I have uploaded the last changes on my Github on this branch: https://github.com/cmalfesi/SafeTrace/tree/be-express-mongodb-docker/backend Alaa will work with this and I will continue later.

cmalfesi avatar Apr 04 '20 16:04 cmalfesi

Hi @ainsleys , @cankisagun

This PR includes:

  • Docker-compose to run MongoDB+NodeJS
  • API rest endpoints
  • Signup, login, user info
  • Support for login with Google sign up
  • Report test result

In the readme, you can find the instructions to run it locally. Let me know if you need that I let it run in a test server somewhere.

cmalfesi avatar Apr 06 '20 16:04 cmalfesi

Hi, I have fixed an issue in the PR. This is the new PR. https://github.com/enigmampc/SafeTrace/pull/52

cmalfesi avatar Apr 06 '20 19:04 cmalfesi