Hochfrequenz · hf-krechan · Apr 25, 2025 · Apr 15, 2025 · Apr 15, 2025 · Apr 15, 2025
diff --git a/.dockerignore b/.dockerignore
@@ -5,7 +5,6 @@ node_modules
 /.vscode
 /.nx
 /.angular
-.drone.yml
 .editorconfig
 .eslintrc.json
 .git
@@ -25,4 +24,3 @@ README.md
 .idea
 .octopus
 azure-mock
-node_modules
diff --git a/.example.env b/.example.env
@@ -5,3 +5,5 @@ AZURE_BLOB_STORAGE_CONNECTION_STRING=DefaultEndpointsProtocol='http;AccountName=
 FORMAT_VERSION_CONTAINER_NAME=format-versions
 
 OH_DEAR_HEALTH_CHECK_SECRET=my-secret-oh-dear-health-check-secret
+
+DB_7Z_ARCHIVE_PASSWORD=my-secret-db-7z-archive-password
diff --git a/.github/workflows/action_pull_request.yml b/.github/workflows/action_pull_request.yml
@@ -15,7 +15,6 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           fetch-depth: 0
-
       - uses: actions/setup-node@v4
         with:
           node-version: '20.13'
@@ -35,6 +34,10 @@ jobs:
 
       - name: Unit tests
         run: npm test
+        env:
+          # secret is set in organization settings
+          # https://github.com/organizations/Hochfrequenz/settings/secrets/actions/SQLITE_AHB_DB_7Z_ARCHIVE_PASSWORD
+          DB_7Z_ARCHIVE_PASSWORD: ${{ secrets.SQLITE_AHB_DB_7Z_ARCHIVE_PASSWORD }}
 
       - name: Build frontend
         run: npm run ng:build

diff --git a/.gitignore b/.gitignore
@@ -45,3 +45,5 @@ Thumbs.db
 .nx/cache
 .nx/workspace-data
 
+
+src/server/data/ahb.db
diff --git a/.nvmrc b/.nvmrc
@@ -1,2 +1 @@
-v20.13
-
+v23.11
diff --git a/Dockerfile b/Dockerfile
@@ -17,20 +17,30 @@ WORKDIR /service
 RUN addgroup --system --gid 1001 nodejs && \
   adduser --system --uid 1001 nodejs
 
-# Copy all necessary files into the image
+# Copy package files first for better caching
+COPY package*.json ./
+COPY tailwind.config.js ./
+
+# Install dependencies
+RUN npm ci --no-scripts
+
+# Copy the rest of the application
 COPY . .
 
+# Install p7zip for 7z archive handling
+RUN apk add --no-cache p7zip
+
+# Make scripts executable
+RUN chmod +x ./start.sh ./decrypt-db.sh
+
 # Change ownership of the service folder and all copied files to the nodejs user
 RUN chown -R nodejs:nodejs /service
 
-# Install dependencies
-RUN npm ci --no-scripts
-
 # Switch to non-root user
 USER nodejs
 
 # Expose port for the server
 EXPOSE 3000
 
 # Start the application via start.sh script
-CMD ["sh", "./start.sh"]
+CMD ["sh", "./start.sh"]
diff --git a/README.md b/README.md
@@ -74,6 +74,18 @@ $ npm install -g @angular/cli
 
 Create an `.env` file in the root directory and paste the contents of the `.example.env` file.
 
+> [!IMPORTANT]
+> The application requires a SQLite database to function.
+> This database is stored in an encrypted 7z archive at `src/server/data/ahb.db.encrypted.7z`.
+> You will need the password to decrypt this archive, which can be found in the Hochfrequenz 1Password vault at [this link](https://start.1password.com/open/i?a=F35NURJ4PFGOPBA77PR66C5P4I&v=vjgfwz7dg5wg656rfpvadetrqy&i=grnjb4hn6ipcau4bqe43rkuwnq&h=hochfrequenz.1password.com).
+>
+> If you don't have access to the 1Password vault, please ask your teamates how to get the password.
+>
+> To work locally, you need to decrypt the archive and store the decrypted file in at `src/server/data/ahb.db`.
+>
+> If you want to start the application with Docker, you need to set the `DB_7Z_ARCHIVE_PASSWORD` environment variable in the `docker-compose.yaml` file either by setting it directly or by using the `.env` file.
+> We recommend the latter to keep the `docker-compose.yaml` file clean and readable.
+
 While having [Docker Desktop](https://www.docker.com/products/docker-desktop/) up and running, start the docker container using
 
 ```bash

diff --git a/angular.json b/angular.json
@@ -46,6 +46,15 @@
                 }
               ]
             },
+            "docker": {
+              "outputHashing": "all",
+              "fileReplacements": [
+                {
+                  "replace": "src/app/environments/environment.ts",
+                  "with": "src/app/environments/environment.docker.ts"
+                }
+              ]
+            },
             "development": {
               "optimization": false,
               "extractLicenses": false,

diff --git a/bruno/Get AHB.bru b/bruno/Get AHB.bru
@@ -0,0 +1,11 @@
+meta {
+  name: Get AHB
+  type: http
+  seq: 5
+}
+
+get {
+  url: {{host}}/api/format-versions/FV2504/pruefis
+  body: none
+  auth: none
+}
diff --git a/bruno/environments/docker.bru b/bruno/environments/docker.bru
@@ -0,0 +1,3 @@
+vars {
+  host: http://localhost:4000
+}
diff --git a/decrypt-db.sh b/decrypt-db.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# Exit immediately if a command exits with a non-zero status
+set -e
+
+echo "Checking if database needs to be decrypted..."
+
+ARCHIVE_PATH="/service/src/server/data/ahb.db.encrypted.7z"
+DB_PATH="/service/src/server/data/ahb.db"
+
+if [ ! -f "$ARCHIVE_PATH" ]; then
+    echo "Error: 7z archive not found at $ARCHIVE_PATH"
+    exit 1
+fi
+
+# Only decrypt if the database doesn't exist or if the archive is newer
+if [ ! -f "$DB_PATH" ] || [ "$ARCHIVE_PATH" -nt "$DB_PATH" ]; then
+    echo "Decrypting database from 7z archive..."
+    if [ -z "$DB_7Z_ARCHIVE_PASSWORD" ]; then
+        echo "Error: DB_7Z_ARCHIVE_PASSWORD environment variable is not set"
+        exit 1
+    fi
+
+    7z x -y -p"$DB_7Z_ARCHIVE_PASSWORD" -o"$(dirname "$DB_PATH")" "$ARCHIVE_PATH"
+
+    if [ $? -eq 0 ]; then
+        echo "Database decrypted successfully"
+    else
+        echo "Error: Failed to decrypt database"
+        exit 1
+    fi
+else
+    echo "Database is up to date, no decryption needed"
+fi
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -30,7 +30,8 @@ services:
       - AZURE_BLOB_STORAGE_CONNECTION_STRING=DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://host.docker.internal:10000/devstoreaccount1;
       - AHB_CONTAINER_NAME=uploaded-files
       - FORMAT_VERSION_CONTAINER_NAME=format-versions
-      - ENVIRONMENT=stage
+      - DB_7Z_ARCHIVE_PASSWORD=${DB_7Z_ARCHIVE_PASSWORD}
+      - ENVIRONMENT=docker
     depends_on:
       - upload-documents
       - azurite
diff --git a/openapi.yml b/openapi.yml
@@ -168,6 +168,9 @@ components:
               value_pool_entry:
                 type: string
                 example: 'Entry1'
+              line_type:
+                type: string
+                example: 'segment'
             required:
               - ahb_expression
               - data_element
@@ -178,6 +181,7 @@ components:
               - segment_code
               - segment_group_key
               - value_pool_entry
+              - line_type
         meta:
           type: object
           properties:
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,3 +5,5 @@ AZURE_BLOB_STORAGE_CONNECTION_STRING=DefaultEndpointsProtocol='http;AccountName=
		FORMAT_VERSION_CONTAINER_NAME=format-versions

		OH_DEAR_HEALTH_CHECK_SECRET=my-secret-oh-dear-health-check-secret

		DB_7Z_ARCHIVE_PASSWORD=my-secret-db-7z-archive-password
Original file line number	Diff line number	Diff line change
Expand Up		@@ -45,3 +45,5 @@ Thumbs.db
		.nx/cache
		.nx/workspace-data


		src/server/data/ahb.db