This is a service used within the NHS for managing and recording school-aged vaccinations.
Name | URL | Purpose | Care Identity login | Code | RAILS_ENV |
---|---|---|---|---|---|
Heroku | mavis-pr-xxxx.herokuapp.com | PR review apps | ❌ | latest | staging |
Test | test.mavistesting.com | Internal testing (manual) | âś… | latest | staging |
QA | qa.mavistesting.com | Internal testing (automated) | ❌ | latest | staging |
Preview | preview.mavistesting.com | External testing | ❌ | release | staging |
Training | training.manage-vaccinations-in-schools.nhs.uk | External training | ❌ | release | staging |
Production | www.manage-vaccinations-in-schools.nhs.uk | Live service | âś… | release | production |
This project depends on:
The instructions below assume you are using mise
to manage the necessary
versions of the above.
We keep track of architecture decisions in Architecture Decision Records (ADRs).
We use rladr
to generate the boilerplate for new records:
bin/bundle exec rladr new title
This project uses mise
. Use the following to set up (replace brew
and
package names depending on your platform):
# Dependencies for ruby
brew install libyaml
# Dependencies for postgres
brew install gcc readline zlib curl ossp-uuid icu4c pkg-config
# Env vars for postgres
export OPENSSL_PATH=$(brew --prefix openssl)
export CMAKE_PREFIX_PATH=$(brew --prefix icu4c)
export PATH="$OPENSSL_PATH/bin:$CMAKE_PREFIX_PATH/bin:$PATH"
export LDFLAGS="-L$OPENSSL_PATH/lib $LDFLAGS"
export CPPFLAGS="-I$OPENSSL_PATH/include $CPPFLAGS"
export PKG_CONFIG_PATH="$CMAKE_PREFIX_PATH/lib/pkgconfig"
# Version manager
brew install mise
# Yarn via brew as this skips installing `gpg`
brew install yarn
Then to install the required tools (or update, following a change to
.tool-versions
):
mise install
After installing Postgres via mise
, run the database in the background, and
connect to it to create a user:
pg_ctl start
psql -U postgres -c "CREATE USER $(whoami); ALTER USER $(whoami) WITH SUPERUSER;"
To run the project locally:
bin/setup
To run the linters:
bin/lint
solargraph is bundled as part of the development dependencies. You need to set it up for your editor, and then run this command to index your local bundle (re-run if/when we install new dependencies and you want completion):
bin/bundle exec yard gems
You'll also need to configure your editor's solargraph
plugin to
useBundler
:
+ "solargraph.useBundler": true,
The script bin/db
is included to start up PostgreSQL for setups that don't use
system-started services. Note that this is meant to be a handy script to manage
PostgreSQL, not run a console like rails db
does.
$ bin/db
pg_ctl: no server running
$ bin/db start
waiting for server to start.... done
server started
$ bin/db
pg_ctl: server is running (PID: 79113)
This script attempts to be installation agnostic by relying on pg_config
to
determine postgres's installation directory and setting up logging accordingly.
This application comes with a Procfile.dev
for use with foreman
in
development environments. Use the script bin/dev
to run it:
$ bin/dev
13:07:31 web.1 | started with pid 73965
13:07:31 css.1 | started with pid 73966
13:07:31 js.1 | started with pid 73967
...
TTY echo can get mangled when using binding.pry
in bin/dev
. To work around
this, you can run rails s
directly if you're not working with any JS or CSS
assets.
Alternatively, you can install tmux
and
overmind
which
is compatible with our Procfile.dev
:
overmind start -f Procfile.dev
overmind connect web
To run the Rails tests:
bin/bundle exec rspec
To run the JS unit tests:
yarn test
To run the Playwright end-to-end tests use:
yarn test:e2e
To generate tests interactively by clicking in a live browser:
yarn playwright codegen http://localhost:4000
Install artillery:
yarn global add artillery
We don't package it alongside the other devDependencies because it's quite heavy and used infrequently.
To run the load tests:
USERNAME=username PASSWORD=password SESSION=slug artillery run tests/load.yml --target=http://test.mavistesting.com
You can generate an example programme with a few sessions in development by visiting /reset
.
You can add a new user to an environment using the users:create
rake task:
rails users:create['user@example.com','password123','John Doe',1]
ViewComponent previews are enabled in development and test environments. In development, they are here:
http://localhost:4000/rails/view_components
The previews are defined in spec/components/previews
.
This app can be deployed to AWS using AWS Copilot. Once authenticated, you can run:
bin/deploy test
See docs/aws-copilot.md for more information.
When developing locally, emails are sent using the :file
delivery method, and
logged to STDOUT
.
If you want to use Notify, you'll need to set up a test API key, and then set
up a config/settings/development.local.yml
file:
govuk_notify:
enabled: true
test_key: YOUR_KEY_HERE
You should set it to enabled: false
when you're done testing Notify locally,
because it's easier to work offline without it.
GOV.UK Notify can store reply-to email addresses and use them when sending mail. Once you've added the reply-to email in GOV.UK Notify, get the UUID and add it to the organisation.
This service uses NHS's CIS2 Care Identity Authentication service to perform OIDC authentication for users.
You can retrieve the issuer URL from the appropriate endpoint listed on [CIS2 Guidance Discovery page] (https://digital.nhs.uk/services/care-identity-service/applications-and-services/cis2-authentication/guidance-for-developers/detailed-guidance/discovery) (note: the dev env is being deprecated and will be removed):
curl -s https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/.well-known/openid-configuration | jq .issuer "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare"
Clients in the INT environment can be configured via CIS2 Connection Manager, please contact other organisation members to get the details for that. Mavis can use either a client secret or a private key JWT when authenticating requests to CIS2, these are configured via the Connection Manager.
To configure Mavis, put non-secret configuration into Settings:
cis2:
enabled: true
issuer: https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcareopenam/oauth2/realms/root/realms/oidc"
And once you have your client secrets, either via the Connection Manager or from
NHS support, put the client_id
and secret
/private_key
into the Rails
credentials file for the environment you are configuring.
cis2:
client_id: # Client ID, as provided by NHS
secret: # Client secret, as provided by NHS
private_key: # ... or RSA private key in PEM format
The private_key
will automatically be used to generate a JWK on the
/oidc/jwks
endpoint, which is used by CIS2 to validate the JWT we use to
request the access token from CIS2.
Keys should be rotated regularly. When a new key is introduced it's JWK will
automatically be added to the JWKS generated for /oidc/jwks
, but the old
public key can also be added to JWKSController::EXTRA_JWK
to ensure a smooth
roll-over.
access_log:for_patient[id]
access_log:for_user[id]
clinics:create[name,address,town,postcode,ods_code,organisation_ods_code]
schools:add_to_organisation[ods_code,team_name,urn,...]
teams:create[ods_code,name,email,phone]
users:create[email,password,given_name,family_name,organisation_ods_code]
vaccines:seed[type]
See the Rake tasks documentation for more information.
To quickly take the service offline (for client users) there is a basic_auth
feature flag which can be added and enabled. In production the credentials for this are secret and therefore this acts as a quick way of preventing users from accessing the service.
- Visit https://manage-vaccinations-in-schools.nhs.uk/flipper
- Add the
basic_auth
feature flag if it doesn't exist already - Enable the
basic_auth
feature flag
Flipper.enable(:basic_auth)
Mavis connects to the NHS MESH (Message Exchange for Social Care and Health) to send data to DPS for upstream reporting of vaccination records.
See the MESH documentation for more information.
Mavis is also configured to connect to PDS to retrieve patient information such as NHS numbers.
See the PDS documentation for more information.
MIT.