Merge pull request #98 from medizininformatik-initiative/release/v5.0…

….0-alpha

Release/v5.0.0 alpha

CHANGELOG.md

@@ -14,7 +14,27 @@ Please refer to the respective repositories for a more in depth changelog of sin
 |Backend|<https://github.com/medizininformatik-initiative/feasibility-backend>|
 |DSF Feasibility Plugin|<https://github.com/medizininformatik-initiative/feasibility-dsf-process>|
 |FLARE|<https://github.com/medizininformatik-initiative/flare>|
-|Blaze FHIR server|<https://github.com/medizininformatik-initiative/blaze>|
+|TORCH|<https://github.com/medizininformatik-initiative/torch|
+|Blaze FHIR server|<https://github.com/samply/blaze>|
+
+
+## [5.0.0-alpha] - 2024-10-21
+
+### Features
+
+| Feature | Affected Components |
+| -- | -- |
+|UI Re-Desig, Restructuring of Code|UI, Backend|
+|Extended Criteria Search (Elastic Search)|UI, Backend, Ontology Generation|
+|Add OAuth2 to triangle components|TORCH, FLARE|
+|Added Dataselection and Extraction |UI, Backend, Ontology Generation, TORCH|
+|Migrated from Mapping code system tree strcture to poly tree structure to support non strict hierarchical code systems like sct |UI, Backend, Ontology Generation, TORCH, FLARE|
+|Loading and displaying of criteria availability |UI, Backend, Ontology Generation|
+
+### Overall
+
+- Updated all components to new versions
+- Added TORCH component for data selection and extraction in the triangle
 
 
 ## [4.1.0] - 2024-07-16

README.md

@@ -1,6 +1,6 @@
 # Feasibility Deploy
 
-[![version](https://img.shields.io/badge/version-4.0.0-green.svg)](https://github.com/medizininformatik-initiative/feasibility-deploy/releases)
+[![version](https://img.shields.io/badge/version-5.0.0-green.svg)](https://github.com/medizininformatik-initiative/feasibility-deploy/releases)
 
 This feasibility deployment repository offers an example deployment repository using docker-compose and official images to set up a feasibility portal (central) as well as feasibility triangle (decentral - at site)
 

feasibility-portal/README.md

@@ -66,6 +66,39 @@ The portal is configured by default to start the following services:
 - UI
 - Keycloak
 
+For the reverse proxy you need to choose the configuration (variable `FEASIBILITY_PORTAL_PROXY_NGINX_CONFIG` in
+[proxy/.env](./proxy/.env)) which also decides what the changes to the `.env` files you have to make:
+
+- [./subdomains.nginx.conf](./proxy/subdomains.nginx.conf) with separate domains for the services (Backend, UI, Keycloak)
+  - All subdomains must point to the host machine the portal will run.
+
+  - Set the service hostnames (`BACKEND_HOSTNAME`, `KEYCLOAK_HOSTNAME` and `GUI_HOSTNAME`, depending on which services you need) in [proxy/.env](./proxy/.env).
+- Change the following variables in [keycloak/.env](./keycloak /.env):
+      - `FEASIBILITY_KC_HOSTNAME_URL`and `FEASIBILITY_KC_HOSTNAME_ADMIN_URL`: set the domain part to the value you set for `KEYCLOAK_HOSTNAME` before.
+      -` FEASIBILITY_KC_HTTP_RELATIVE_PATH`: set to `/auth`.
+- Change the values for the variables `FEASIBILITY_BACKEND_API_BASE_URL` in [backend/.env](./backend/.env) and `FEASIBILITY_BACKEND_ALLOWED_ORIGINS` in [backend /.env](./backend/.env)
+          to the base url of your feasibility portal backend. In the [backend/.env](./backend/.env) change the values for the variable `FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_ISSUER`	to the base url of your feasibility portal keycloak.
+- Change the following variables in [gui/deploy-config.json](./gui/deploy-config.json):
+      - `uiBackendApi > baseUrl`: set the domain part of the local feasibility portal backend.
+      -  `auth > baseUrl`: set the domain part of the local feasibility portal keycloak.
+- On the [proxy/.env] use this variable `FEASIBILITY_PORTAL_PROXY_NGINX_CONFIG=./subdomains.nginx.conf`.
+
+- [./context-paths.nginx.conf](./proxy/context-paths.nginx.conf) which requires only one domain and uses context paths (`/auth` for keycloak,`/api` for backend and `/`) for user interface.
+- The domain must point to the host machine the portal will run.
+- On the [proxy/.env] use this variable`FEASIBILITY_PORTAL_PROXY_NGINX_CONFIG=./context-paths.nginx.conf`
+-  Change the following variable `FEASIBILITY_KC_HOSTNAME_URL` and `FEASIBILITY_KC_HOSTNAME_ADMIN_URL` in [keycloak/.env]: set the domain part of your domain. The path must be set to /auth at the end of the url. For example, https://example.org/auth.
+- Add `/auth` in the following variable `FEASIBILITY_KC_HTTP_RELATIVE_PATH` in [keycloak/.env]
+- Change the following variable `FEASIBILITY_BACKEND_API_BASE_URL` in [backend/.env]: set the domain part of your domain. The path must be set to /api at the end of the url. For example, https://example.org/api.
+- Change the following variable `FEASIBILITY_BACKEND_ALLOWED_ORIGINS`  in [backend/.env]: set the domain part of your domain. For example, https://example.org.
+- Change the following variable`FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_ISSUER` in [backend/.env]: set the domain part of your domain. The path must be set to /api at the end of the url. For example, https://example.org/auth.
+- Add `/auth` in the following variable `FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_JWK` in [backend/.env]
+- Change the variable `FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_ISSUER_URL` when using the bundled keycloak in [backend/.env]replace the values with https://DOMAIN:REV_PROXY_PORT/auth/realms/blaze where DOMAIN is your domain and REV_PROXY_PORT is the port number set in rev-proxy/.env (default 444). For example, https://example.org:444/auth/realms/blaze.
+- On the [gui/deploy-config.json] change the following variables:
+  - `uiBackendApi > baseUrl`: set the domain part of the local feasibility portal backend with the context path `/api`. For example https://example.org/api.
+  -  `auth > baseUrl`: set the domain part of the local feasibility portal keycloak the context path `/auth`. For example https://example.org/auth.
+
+Please note that the keycloak provided here is an example setup, and we strongly recommend for each site to adjust the keycloak installation to their local security requirements or connect the local feasibility portal to a keycloak already provided at the site.
+
 For more details on the environment variables see the paragraph **Configurable environment variables** of this README.
 
 ### Step 6 - Start the feasibility portal

feasibility-portal/backend/.env.default

@@ -1,56 +1,57 @@
 # ----- app
-FEASIBILITY_BACKEND_CQL_TRANSLATE_ENABLED=true
-FEASIBILITY_BACKEND_FHIR_TRANSLATE_ENABLED=false
-FEASIBILITY_BACKEND_API_BASE_URL=https://api.datenportal.localhost
-FEASIBILITY_BACKEND_ALLOWED_ORIGINS=https://datenportal.localhost
-FEASIBILITY_BACKEND_ONTOLOGY_ORDER="Diagnose, Prozedur, Person, Laboruntersuchung, Medikamentenverabreichung, Bioprobe, Einwilligung"
-FEASIBILITY_BACKEND_MAX_SAVED_QUERIES_PER_USER=100
+DATAPORTAL_BACKEND_CQL_TRANSLATE_ENABLED=true
+DATAPORTAL_BACKEND_FHIR_TRANSLATE_ENABLED=false
+DATAPORTAL_BACKEND_API_BASE_URL=https://api.datenportal.localhost
+DATAPORTAL_BACKEND_ALLOWED_ORIGINS=https://datenportal.localhost
+DATAPORTAL_BACKEND_ONTOLOGY_ORDER="Diagnose, Prozedur, Person, Laboruntersuchung, Medikamentenverabreichung, Bioprobe, Einwilligung"
+DATAPORTAL_BACKEND_MAX_SAVED_QUERIES_PER_USER=100
 # ---- db config
-FEASIBILITY_BACKEND_DATASOURCE_HOST=feasibility-gui-backend-db
-FEASIBILITY_BACKEND_DATASOURCE_PORT=5432
-FEASIBILITY_BACKEND_DATASOURCE_USERNAME=guidbuser
-FEASIBILITY_BACKEND_DATASOURCE_PASSWORD=guidbpw
+DATAPORTAL_BACKEND_DATASOURCE_HOST=dataportal-postgres
+DATAPORTAL_BACKEND_DATASOURCE_PORT=5432
+DATAPORTAL_BACKEND_DATASOURCE_USERNAME=guidbuser
+DATAPORTAL_BACKEND_DATASOURCE_PASSWORD=guidbpw
 # ---- auth
-FEASIBILITY_BACKEND_KEYCLOAK_ENABLED=true
-FEASIBILITY_BACKEND_KEYCLOAK_ALLOWED_ROLE=FeasibilityUser
-FEASIBILITY_BACKEND_KEYCLOAK_POWER_ROLE=FeasibilityPowerUser
-FEASIBILITY_BACKEND_KEYCLOAK_ADMIN_ROLE=FeasibilityAdmin
-FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_ISSUER=https://auth.datenportal.localhost
-FEASIBILITY_BACKEND_KEYCLOAK_BASE_URL_JWK=http://auth:8080
-FEASIBILITY_BACKEND_KEYCLOAK_REALM=feasibility
+DATAPORTAL_BACKEND_KEYCLOAK_ENABLED=true
+DATAPORTAL_BACKEND_KEYCLOAK_ALLOWED_ROLE=FeasibilityUser
+DATAPORTAL_BACKEND_KEYCLOAK_POWER_ROLE=FeasibilityPowerUser
+DATAPORTAL_BACKEND_KEYCLOAK_ADMIN_ROLE=FeasibilityAdmin
+DATAPORTAL_BACKEND_KEYCLOAK_BASE_URL_ISSUER=https://auth.datenportal.localhost
+DATAPORTAL_BACKEND_KEYCLOAK_BASE_URL_JWK=http://auth:8080
+DATAPORTAL_BACKEND_KEYCLOAK_REALM=feasibility
 #---- Direct broker
-FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_ENABLED=true
-FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_USE_CQL=false
-FEASIBILITY_BACKEND_BROKER_CLIENT_OBFUSCATE_RESULT_COUNT=false
-FEASIBILITY_BACKEND_FLARE_WEBSERVICE_BASE_URL=http://flare:8080
-FEASIBILITY_BACKEND_CQL_SERVER_BASE_URL=http://fhir-server:8080/fhir
-FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_AUTH_BASIC_USERNAME=
-FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_AUTH_BASIC_PASSWORD=
-FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_ISSUER_URL=https://keycloak.localhost:444/realms/blaze
-FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_CLIENT_ID=account
-FEASIBILITY_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_CLIENT_SECRET=insecure
+DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_ENABLED=true
+DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_USE_CQL=false
+DATAPORTAL_BACKEND_BROKER_CLIENT_OBFUSCATE_RESULT_COUNT=false
+DATAPORTAL_BACKEND_FLARE_WEBSERVICE_BASE_URL=http://flare:8080
+DATAPORTAL_BACKEND_CQL_SERVER_BASE_URL=http://fhir-server:8080/fhir
+DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_BASIC_USERNAME=
+DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_BASIC_PASSWORD=
+DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_ISSUER_URL=https://keycloak.localhost:444/realms/blaze
+DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_CLIENT_ID=account
+DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_CLIENT_SECRET=insecure
 # ---- DSF  broker
-FEASIBILITY_BACKEND_DSF_ENABLED=false
-FEASIBILITY_BACKEND_DSF_CACERT=/opt/codex-feasibility-security/ca.pem
-FEASIBILITY_BACKEND_DSF_DSF_SECURITY_KEYSTORE_P12FILE=/opt/codex-feasibility-security/test-user.p12
-FEASIBILITY_BACKEND_DSF_SECURITY_KEYSTORE_PASSWORD=password
-FEASIBILITY_BACKEND_DSF_WEBSERVICE_BASE_URL=https://dsf-zars-fhir-proxy/fhir
-FEASIBILITY_BACKEND_DSF_WEBSOCKET_URL=wss://dsf-zars-fhir-proxy:443/fhir/ws
-FEASIBILITY_BACKEND_DSF_ORGANIZATION_ID=Test_ZARS
+DATAPORTAL_BACKEND_DSF_ENABLED=false
+DATAPORTAL_BACKEND_DSF_CACERT=/opt/dataportal-security/ca.pem
+DATAPORTAL_BACKEND_DSF_DSF_SECURITY_KEYSTORE_P12FILE=/opt/dataportal-security/test-user.p12
+DATAPORTAL_BACKEND_DSF_SECURITY_KEYSTORE_PASSWORD=password
+DATAPORTAL_BACKEND_DSF_WEBSERVICE_BASE_URL=https://dsf-zars-fhir-proxy/fhir
+DATAPORTAL_BACKEND_DSF_WEBSOCKET_URL=wss://dsf-zars-fhir-proxy:443/fhir/ws
+DATAPORTAL_BACKEND_DSF_ORGANIZATION_ID=Test_ZARS
 # ---- privacy
-FEASIBILITY_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_AMOUNT=3
-FEASIBILITY_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_INTERVALMINUTES=1
-FEASIBILITY_BACKEND_PRIVACY_QUOTA_HARD_CREATE_AMOUNT=50
-FEASIBILITY_BACKEND_PRIVACY_QUOTA_HARD_CREATE_INTERVALMINUTES=10080
-FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_SUMMARY_POLLINGINTERVALSECONDS=5
-FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_POLLINGINTERVALSECONDS=10
-FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_AMOUNT=10
-FEASIBILITY_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_INTERVALSECONDS=7200
-FEASIBILITY_BACKEND_PRIVACY_THRESHOLD_RESULTS=0
-FEASIBILITY_BACKEND_PRIVACY_THRESHOLD_SITES=1
-FEASIBILITY_BACKEND_QUERYRESULT_EXPIRY_MINUTES=5
+DATAPORTAL_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_AMOUNT=3
+DATAPORTAL_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_INTERVALMINUTES=1
+DATAPORTAL_BACKEND_PRIVACY_QUOTA_HARD_CREATE_AMOUNT=50
+DATAPORTAL_BACKEND_PRIVACY_QUOTA_HARD_CREATE_INTERVALMINUTES=10080
+DATAPORTAL_BACKEND_PRIVACY_QUOTA_READ_SUMMARY_POLLINGINTERVALSECONDS=5
+DATAPORTAL_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_POLLINGINTERVALSECONDS=10
+DATAPORTAL_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_AMOUNT=10
+DATAPORTAL_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_INTERVALSECONDS=7200
+DATAPORTAL_BACKEND_PRIVACY_THRESHOLD_RESULTS=0
+DATAPORTAL_BACKEND_PRIVACY_THRESHOLD_SITES=1
+DATAPORTAL_BACKEND_PRIVACY_THRESHOLD_SITES_RESULT=0
+DATAPORTAL_BACKEND_QUERYRESULT_EXPIRY_MINUTES=5
 # ---- logging
-FEASIBILITY_BACKEND_LOG_LEVEL_SQL=info
-FEASIBILITY_BACKEND_LOG_LEVEL=info
+DATAPORTAL_BACKEND_LOG_LEVEL_SQL=info
+DATAPORTAL_BACKEND_LOG_LEVEL=info