This is Yeovil District Hospital NHSFT's contextual link obfuscation service, a Node.js application using the Fastify web framework and Black Pear's obfuscated-querystring.
This service was created out of a need for query strings parameters containing personal identifiable data to be obfuscated when users click on the SIDeR contextual link within Yeovil District Hospital NHSFT's Patient Administration System (PAS), InterSystems' TrakCare.
Single sign-on for a user using access tokens from a Keycloak server instance can be enabled using environment variables found in .env.template
.
- Navigate to the repo
- Run
yarn install --production
to install dependencies - Make a copy of
.env.template
in the root directory and rename to.env
- Configure the application using the environment variables in
.env
- Run
yarn start
The service should now be up and running on the port set in the config. You should see the following output in stdout or the log file specified using the LOG_ROTATION_FILENAME
environment variable:
{
"level": "info",
"time": "2020-12-01T09:48:08.612Z",
"pid": 41896,
"hostname": "MYCOMPUTER",
"msg": "Server listening at https://127.0.0.1:8204"
}
To quickly test it open a browser of your choice or, if using a request builder (i.e. Insomnia or Postman) create a new GET request, and input the following URL:
Replace the organization code and email address in the location
and practitioner
query string parameters respectively with your own if you have already been set up with an account in SIDeR.
In stdout or the log file you will see something similar to the following returned:
{
"level": "info",
"time": "2020-12-01T10:37:32.133Z",
"pid": 30700,
"hostname": "MYCOMPUTER",
"reqId": 3,
"req": {
"id": 3,
"method": "GET",
"url": "/redirect?patient=https%3A%2F%2Ffhir.nhs.uk%2FId%2Fnhs-number%7C9449304513&birthdate=1934-10-23&location=https%3A%2F%2Ffhir.nhs.uk%2FId%2Fods-organization-code%7CRA4&practitioner=https%3A%2F%2Fsider.nhs.uk%2Fauth%7Cfrazer.smith%40ydh.nhs.uk",
"headers": {
"host": "127.0.0.1:8204",
"user-agent": "insomnia/2020.4.2",
"accept": "*/*"
},
"remoteAddress": "127.0.0.1",
"remotePort": 63213
},
"msg": "incoming request"
}
{
"level": "info",
"time": "2020-12-01T10:37:32.135Z",
"pid": 30700,
"hostname": "MYCOMPUTER",
"reqId": 3,
"res": {
"statusCode": 302,
"headers": {
"content-security-policy": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests",
"x-dns-prefetch-control": "off",
"expect-ct": "max-age=0",
"x-frame-options": "SAMEORIGIN",
"strict-transport-security": "max-age=15552000; includeSubDomains",
"x-download-options": "noopen",
"x-content-type-options": "nosniff",
"x-permitted-cross-domain-policies": "none",
"referrer-policy": "no-referrer",
"x-xss-protection": "0",
"location": "https://pyrusapps.blackpear.com/esp/#!/launch?location=https%3A%2F%2Ffhir.nhs.uk%2FId%2Fods-organization-code%7CRA4&practitioner=https%3A%2F%2Fsider.nhs.uk%2Fauth%7Cfrazer.smith%40ydh.nhs.uk&enc=k01%7Ca6c12e7c5969ab5829a3f91ba02c302a0b4f598ad6c03709fbeeb52686a007c99f8b13add1472176b06f1471a0343f2d904d6f41c5776fa6d340834c8ebef92d41dcc164c6c8273854f404fd24b1ec8d4e6829c4a9b76aa08d8a5b63d806fb01",
"content-length": "0"
}
},
"responseTime": 1.764799952507019,
"msg": "request completed"
}
Both the patient
and birthdate
query string parameters of the URL have been obfuscated in the generated redirect URL in res.headers.location
.
The web browser or request builder used should be redirected to Black Pear's ESP site, and once logged in will provide the patient notes for the test patient with NHS Number 9449304513, success!
If the patient
, birthdate
, location
or practitioner
query string parameters are removed from the original URL the obfuscation process and redirect will not occur, and a 400 HTTP status code will be returned with the message similar to the following:
{
"statusCode": 400,
"error": "Bad Request",
"message": "querystring should have required property 'practitioner'"
}
Likewise, if the previously mentioned query string parameters do not adhere to the types expected, an error will also be returned.
As an example, providing birthdate
in an invalid date format will return the following:
{
"statusCode": 400,
"error": "Bad Request",
"message": "querystring.birthdate should match format \"date\""
}
This requires Docker installed.
- Make a copy of
.env.template
in the root directory and rename to.env
- Configure the application using the global variables in
.env
- Run
docker-compose up
It is recommended that you use a process manager such as PM2 when deploying Fastify applications like this into production.
- Navigate to the repo
- Run
yarn install --production
to install dependencies - Make a copy of
.env.template
in the root directory and rename to.env
- Configure the application using the global variables in
.env
- Run
yarn global add pm2
to install pm2 globally - Launch application with
pm2 start .pm2.config.js --env production
- Check the application has been deployed using
pm2 list
orpm2 monit
Yeovil District Hospital NHSFT is heavily invested in Microsoft's ecosystem; utilise pm2-installer to easily install PM2 as a Windows service.
Note: PM2 has been configured to automatically restart the application if modifications are made to .env
.
Please see CONTRIBUTING.md for more details regarding contributing to this project.
- Mark Hunt - Keycloak single sign-on access tokens integration and testing
- Will Jehring - Query string obfuscation, redirect testing, and Keycloak testing
ydh-sider-obfuscation-service
is licensed under the MIT license.