A progressive web app architected to aid Medical Oncology trainees and rotation directors.
Important
This app is only meant for trainees. If that is not you, then please do not try using this service as it will place unnecassary load on the webserver and illegitimate accounts will be removed.
Note
A flutter client is in development to facilitate a mobile app and possibly replace the web client in the future so that the client code lives on a single code base.
- Features
- Security Measures
- API Testing
- Deployment Details
- Building
- Environment Variables
- Screenshots
- Straightforward user registration and authentication
- Management dashboard for administrative users
- Responsive and dark themed front end user interface
- Caching and memoization of frequently accessed data to reduce server and database load
- Role based authentication for admins and regular users
- Password hashing with BCRYPT combined with 64-bit integer nonce used as a salt
- Simple rate limiter on sensitive API routes
- HTTPS connection in production with appropriate cookies and CORS policies
- REGEX patterns that filter every user input to prevent XSS attacks as well as SQL injection but the backend already uses prepared statements anyway
- Writing the backend in Rust is a security feature in itself
Warning
While the security measures in place are sufficient for the data sensitivity of this app, be smart with choosing passwords. Use one that is unique to this service.
- There is a seperate Rust crate in this repository that handles integration testing for the API endpoint of this web app
- The integration tests send automated requests to the API and assert the expected responses (as if to simulate a real user)
- These tests are executed by orchestrating 3 containers via Docker Compose
- Database container running a PostgreSQL instance
- This serves as a disposable database for pure testing purposes
- It is easily instantiated and destroyed since it is running in a container
- Endpoint container running an instance of the backend server
- Penetration/Integration container
- This is the container that sends requests to the endpoint
- Database container running a PostgreSQL instance
- This web app is deployed for users on AWS via Elastic Container Service
- An Application Load Balancer as well as Route 53 DNS services are employed to route users to the registered domain name
cargo build --release --features "production"
When building for production, it is essential to enable the production feature as that will enable the specialized cookie and CORS policies as well as the rate limiter.
Additionally, for single container monolith use with the API also serving the static frontend files, use the monolith feature.
cargo build --release --features "production monolith"
Next, to containerize the compiled binary run:
docker build -t oncology-quest-api:latest .
in the oncology-quest-api
directory.
If the frontend is to be run as a seperate NGINX webserver, build the front end with:
docker build -t oncology-quest-web:latest .
in the oncology-quest-web
directory.
To containerize as a monolith (assuming API was compiled with monolith feature) run:
docker build -t oncology-quest-monolith:latest . -f monolith.dockerfile
in the root project directory.
.env
file sample for backend
HOST_IP=127.0.0.1
HOST_PORT=8080
DATABASE_URL=postgres://admin:password@localhost:5432/bqdev
JWT_SECRET=...