docs

mjaquiery · mjaquiery · commit 5f1640208805 · 2025-06-17T12:49:52.000+01:00
diff --git a/README.md b/README.md
@@ -1 +1,7 @@
-# odk-central
+# IB ODK Central Wrapper
+
+This repository has two components:
+- [CDK](cdk/README.md): An AWS CDK stack to deploy a minimal ODK Central instance on AWS.
+- [Wrapper API](odk-wrapper/README.md): A TypeScript REST API for securely extracting and modifying ODK Central submission data.
+
+See the individual README files for each component for detailed instructions on setup and usage.
diff --git a/cdk/README.md b/cdk/README.md
@@ -1,14 +1,111 @@
-# Welcome to your CDK TypeScript project
+# ODK Central CDK Deployment
 
-This is a blank project for CDK development with TypeScript.
+This repository contains an AWS CDK stack to deploy a **minimal instance of [ODK Central](https://docs.getodk.org/central-install/)** on a single EC2 instance.
 
-The `cdk.json` file tells the CDK Toolkit how to execute your app.
+The stack provisions:
 
-## Useful commands
+- A public EC2 instance running Ubuntu with Docker and Docker Compose
+- Automatic installation and launch of ODK Central
+- Route 53 DNS record pointing to the instance
+- ACM certificate for HTTPS
+- Optional environment variable injection from AWS Secrets Manager
+- Configurable disk size and AMI
 
-* `npm run build`   compile typescript to js
-* `npm run watch`   watch for changes and compile
-* `npm run test`    perform the jest unit tests
-* `npx cdk deploy`  deploy this stack to your default AWS account/region
-* `npx cdk diff`    compare deployed stack with current state
-* `npx cdk synth`   emits the synthesized CloudFormation template
+Once the stack is running, you can access ODK Central via the provided domain name.
+You'll also need to connect to the instance via one of the AWS connection methods (SSH, SSM, etc.) to complete the setup.
+Follow the ODK Central guide on [setting up users](https://docs.getodk.org/central-install-digital-ocean/#logging-into-central) to set up an admin user.
+
+---
+
+## 📦 Prerequisites
+
+- Node.js (>= 16)
+- AWS CDK v2
+- AWS CLI with appropriate credentials (or use `--profile`)
+- A Route 53 public hosted zone
+- An EC2 key pair (to SSH in if needed)
+
+---
+
+## 🛠 Configuration
+
+Edit your `cdk.json` file to set the deployment context:
+
+```json
+{
+  "context": {
+    "domainName": "oxrse.uk",
+    "fullDomainName": "odk-central-test.oxrse.uk",
+    "secretName": "odk-central/env-vars",
+    "keyName": "your-keypair-name",
+    "instanceVolumeSize": 30,
+    "ubuntuAmiId": "ami-079b5e5b29763ec7c"
+  }
+}
+````
+
+| Key                  | Description                                                                   |
+| -------------------- | ----------------------------------------------------------------------------- |
+| `domainName`         | Root domain (must exist in Route 53)                                          |
+| `fullDomainName`     | Fully-qualified domain name (used in DNS and SSL cert)                        |
+| `secretName`         | (Optional) Name of an AWS Secrets Manager secret with env vars (JSON format)  |
+| `keyName`            | Name of your existing EC2 key pair                                            |
+| `instanceVolumeSize` | Root volume size in GB                                                        |
+| `ubuntuAmiId`        | AMI ID for a basic Ubuntu image (no LVM), recommended for clean disk resizing |
+
+---
+
+## 🚀 Deploy
+
+```bash
+cdk deploy --profile your-aws-profile
+```
+
+This will:
+
+1. Lookup your Route 53 zone
+2. Launch a t3.micro EC2 instance
+3. Install Docker, Docker Compose, and ODK Central
+4. Configure HTTPS via ACM
+5. Inject environment variables from Secrets Manager (if configured)
+6. Set up a DNS A record pointing your FQDN to the instance
+
+---
+
+## 🔐 Secrets Format
+
+If you use the `secretName` context key, the secret's value should be a **JSON object** of key-value pairs. For example:
+
+```json
+{
+  "DOMAIN": "odk-central-test.oxrse.uk",
+  "EMAIL": "admin@example.com",
+  "SSL_TYPE": "letsencrypt"
+}
+```
+
+These will be made available to the instance as shell environment variables and appended to ODK Central’s `.env`.
+
+---
+
+## 🧼 Cleanup
+
+To destroy all provisioned resources:
+
+```bash
+cdk destroy --profile your-aws-profile
+```
+
+---
+
+## 📝 Notes
+
+* This deployment is **not hardened for production** — it’s suitable for short-term testing and evaluation.
+* The EC2 instance is assigned a public IP and open security group (ports 22, 80, 443).
+* No NAT Gateway or private subnets are used — it’s a flat public deployment.
+
+---
+
+## 📎 License
+
+MIT — © University of Oxford, 2025
diff --git a/odk-wrapper/README.md b/odk-wrapper/README.md
@@ -0,0 +1,113 @@
+# ODK Central Wrapper API
+
+A lightweight TypeScript REST API for securely extracting, modifying, and returning encrypted submission data from an ODK Central instance. 
+Built with Express and Zod, and featuring OpenAPI/Swagger documentation for immediate testability.
+
+---
+
+## ✨ Features
+
+- Fetches and decrypts submission data from ODK Central
+- Normalizes `idFieldId` to use ODK Central’s internal UUID (`KEY`)
+- Removes unwanted fields from export
+- Returns a cleaned-up `.zip` archive of the submission CSV
+- OpenAPI (Swagger) docs with interactive "Try it out" support
+
+---
+
+## 🚀 Quick Start
+
+### Prerequisites
+
+- Node.js ≥ 16
+- npm
+
+### Installation
+
+```bash
+git clone https://github.com/OxfordRSE/ib-odk-wrapper.git
+cd odk-wrapper
+npm install
+````
+
+### Development Mode
+
+```bash
+npm run dev
+```
+
+### Production Build
+
+```bash
+npm run build
+npm start
+```
+
+---
+
+## 📡 API Usage
+
+### Endpoint
+
+```
+POST /
+```
+
+### Body Parameters (JSON)
+
+| Field            | Type                    | Required | Description                                             |
+|------------------|-------------------------|----------|---------------------------------------------------------|
+| `odkCentralUrl`  | `string (URL)`          | ✅        | The URL of your ODK Central instance                    |
+| `email`          | `string (email)`        | ✅        | Your ODK Central login email                            |
+| `password`       | `string`                | ✅        | Your ODK Central password                               |
+| `projectId`      | `number`                | ✅        | Project ID                                              |
+| `formName`       | `string`                | ✅        | The `xmlFormId` of the form                             |
+| `decryptionKeys` | `Record<number,string>` | ✅        | Map of encryption key IDs to passwords                  |
+| `idFieldId`      | `string`                | ✅        | Id of the field used to link submissions longitudinally |
+| `dropFieldIds`   | `string[]` (optional)   | ❌        | Ids of fields to omit from the returned dataset         |
+
+---
+
+## 📖 Documentation
+
+Interactive Swagger UI is available at:
+
+```
+http://localhost:3000/docs
+```
+
+Use this to explore and test the API directly from your browser using real values.
+
+---
+
+## 📦 What It Does Internally
+
+1. Authenticates with ODK Central and retrieves a session token
+2. Downloads a `.zip` of submission data for the given form
+3. Extracts the CSV and parses all submissions
+4. Normalizes the `idFieldId` using ODK Central’s `KEY` UUID
+5. Removes any specified fields (`dropFieldIds`)
+6. Re-zips the data and returns it in the response
+7. Cleans up temporary files
+
+---
+
+## 🔐 Security Notes
+
+* All decryption happens in memory; no credentials or secrets are persisted
+* Temporary files are deleted as soon as the response is complete
+
+---
+
+## 🛠 Troubleshooting
+
+Errors will return a JSON object with `error` and `parent` fields.
+The `error` field contains a human-readable message, while `parent` provides the original error object for debugging.
+Because this is a thin wrapper API, the full error stack can be returned to the client for easier debugging.
+
+---
+
+## 📄 License
+
+MIT — free to use, modify, and distribute.
+
diff --git a/odk-wrapper/package.json b/odk-wrapper/package.json
@@ -23,7 +23,7 @@
   "private": true,
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/OxfordRSE/odk-wrapper.git"
+    "url": "git+https://github.com/OxfordRSE/ib-odk-wrapper.git"
   },
   "keywords": [
     "ODK",
@@ -32,9 +32,9 @@
   "author": "Matt Jaquiery",
   "license": "MIT",
   "bugs": {
-    "url": "https://github.com/OxfordRSE/odk-wrapper/issues"
+    "url": "https://github.com/OxfordRSE/ib-odk-wrapper/issues"
   },
-  "homepage": "https://github.com/OxfordRSE/odk-wrapper#readme",
+  "homepage": "https://github.com/OxfordRSE/ib-odk-wrapper#readme",
   "dependencies": {
     "archiver": "^7.0.1",
     "axios": "^1.10.0",
