removed legacy files
This commit is contained in:
@ -315,7 +315,7 @@ Android should apply this map while a questionnaire is open (overlay on top of a
|
||||
4. Re-fetch app UI translations optionally after login (same public endpoint, or authenticated refresh).
|
||||
6. For each list item, fetch details with `GET /api/app_questionnaires?id=<id>` (includes per-questionnaire `translations`).
|
||||
7. Cache the client list, app translations, the questionnaire list, and questionnaire details (with embedded translations) locally for offline use.
|
||||
8. When a questionnaire is completed, upload answers with `POST /api/app_questionnaires` (plaintext JSON over HTTPS; server stores answers in the database — not the app's local ciphertext).
|
||||
8. When a questionnaire is completed, upload answers with `POST /api/app_questionnaires` using an **encrypted** JSON envelope (see above).
|
||||
|
||||
There is currently no version or `updatedAt` field in the app fetch response, so the safest refresh strategy is to re-fetch translations, list, and details at login or app start when network is available.
|
||||
|
||||
@ -327,7 +327,31 @@ The Android app encrypts sensitive data **at rest on the device**:
|
||||
- **Assigned client list** cache and **session token** use the same encryption / EncryptedSharedPreferences respectively.
|
||||
- **Questionnaire definitions** and UI translations cached from this API are not encrypted (no user answers).
|
||||
|
||||
After a successful `POST /api/app_questionnaires`, answer data is readable on the **server** (normal database storage, RBAC-protected). The upload body is **decrypted plaintext** (AES-GCM applies only to the on-device Room database). The app keeps encrypted local copies so coaches can review, edit, and re-upload work offline.
|
||||
Sensitive mobile traffic uses **two layers**:
|
||||
|
||||
1. **HTTPS** (TLS) for transport.
|
||||
2. **Application payload encryption** for patient-related fields: AES-256-CBC with a per-session key derived from the Bearer token via HKDF-SHA256 (`info` = `qdb-aes`), matching the legacy QDB mobile crypto helpers.
|
||||
|
||||
Encrypted wire format (request or response `data`):
|
||||
|
||||
```json
|
||||
{
|
||||
"encrypted": true,
|
||||
"payload": "<base64( IV16 || ciphertext )>"
|
||||
}
|
||||
```
|
||||
|
||||
Endpoints using encrypted payloads:
|
||||
|
||||
| Endpoint | Direction |
|
||||
|----------|-----------|
|
||||
| `POST /api/auth/login` | Response: `clientsPayload` (when coach has clients) |
|
||||
| `GET /api/app_questionnaires?clients=1` | Response: entire `data` object encrypted |
|
||||
| `POST /api/app_questionnaires` | Request body must be encrypted |
|
||||
|
||||
Plain JSON (no app-layer encryption): `GET ?translations=1`, questionnaire list, questionnaire detail.
|
||||
|
||||
The server decrypts uploads before writing to the database. The web dashboard reads **server-side** plaintext (RBAC). The Android app also keeps **AES-GCM at rest** on device via Android Keystore (separate from wire encryption).
|
||||
|
||||
Re-uploading the same `clientCode` + `questionnaireID` updates server rows in place (see upload behavior below). This matches upcoming editable flows on web and mobile.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user