Open Pryv.io

Personal Data & Privacy Management Software

A ready-to-use solution for personal data and consent management.

Pryv.io is a solid foundation on which you build your own digital health solution, so you can collect, store, share and rightfully use personal data.

Maintained and developed by Pryv.

Features

• Provides latest Pryv.io core system ready for production
• User registration and authentication
• Granular consent-based access control rights
• Data model made for privacy, aggregation and sharing Data in Pryv
• Full data life-cycle: collect - store - change - delete
• REST & Socket.io API
• Ease of software integration and configuration
• Seamless connectivity and interoperability

Documentation

• API Documentation & Guides: api.pryv.com
• Support: support.pryv.com
• More information about Pryv : Pryv Home

Summary

1. Choose your setup
2. Download the required files / Run the installation scripts
3. Edit the configuration files
4. Start the services
5. Try the API
6. Customize your platform

Setup

Pryv.io is designed to be exposed by a third party SSL termination such as NGINX.

Choose your Set-up

• Discover Open Pryv.io on your local environment, this will only allow localhost apps to connect to your platform.
  • Download docker images without SSL (quick start)
  • Download docker images with SSL
  • Native installation
• Launch Pryv.io on a server exposed to the Internet with built-in SSL, this requires to have a hostname pointing to the public IP of your server.
  • Download docker images (quick start)
  • Launch image with Open Pryv.io installed on Exoscale hosting provider: link to guide (quick start including hosting)
  • Native installation
• Launch Pryv.io on a server with an external SSL termination. You know what you are doing.
  • Download docker images
  • Native installation

Docker

The dockerized versions and their instructions are available at this link: Download link.

If you wish to build the images yourself, refer to the following README: docker/README-build.md.

Once it is running, you can continue with the tutorials.

Native

Prerequisites:

• Node v12.13.1 Node.js home page
• Yarn v1 npm install -g yarn

The installation script has been tested on Linux Ubuntu 18.04 LTS and MacOSX.

• yarn setup: (see scripts/ for details)
  • Fetch dependencies
  • Install mongodb
  • Install service mail
  • Install assets & app-web-auth3
  • Generate random alpha-numeric adminKey
• yarn release create distribution for release

Native setup with external SSL

setup the environment

• yarn pryv - mail and database logs will be kept in var-pryv/logs/local-*.log

Each service independently - logs will be displayed on the console

• yarn database start mongodb
• yarn api start the API server on port 3000 (default)
• yarn mail start the mail service

Local native setup

setup the environment

• yarn local is the equivalent of running yarn pryv + yarn proxy using configs/rec-la.yml. This setup is useful to test Open Pryv.io locally.

• yarn proxy based on rec-la, it will expose the server running on http://localhost:3000 with an SSL certificate on https://my-computer.rec.la:4443 in this case you need to edit configs/rec-la.yml.

Native Server setup with built-in SSL

setup the environment

1. Run yarn pryv to start the API
2. Configure NGINX and certificate

You can find a NGINX configuration that you can include in your sites-enabled/ in configs/site.conf.

You must change ${HOSTNAME} to match the hostname of the public URL.

SSL certificate

Using certbot, you can generate a SSL certificate for your platform using sudo certbot --nginx -d ${HOSTNAME}.

To set an automatic renewal, run crontab -e and append the following line:

0 12 * * * /usr/bin/certbot renew --quiet

Config

For the native installation, edit config.yml, otherwise docker/local/dockerized-config.yml:

dnsLess:
  publicUrl: http://localhost:3000
http:
  port: 3000
  ip: 127.0.0.1
auth:
  adminAccessKey: iuahwd0ba87hw0bd7a8hwd
  trustedApps: "*@https://pryv.github.io*, *@https://*.rec.la*"
eventFiles:
  attachmentsDirPath: var-pryv/attachment-files
service:
  name: Open-Pryv.io
  support: https://pryv.com/open-pryv-non-configured-page/
  terms: https://pryv.com/open-pryv-non-configured-page/
  home: https://pryv.com/open-pryv-non-configured-page/
  eventTypes: https://api.pryv.com/event-types/flat.json
services:
  email:
    enabled:
      welcome: true
      resetPassword: true

• publicUrl Is the "Public" URL to reach the service, usually exposed in https by a third party SSL service such as NGNIX.
• http
  • port The local port to listen
  • ip The IP adress to use. Keep it 127.0.0.1 unless you explicitely want to expose the service in http to another network.
• auth
  • adminAccesskey key to use for system calls such as /reg/admin/users. A random key should be generated on setup.
  • trustedApps list of web apps that can be trusted-app functionalities API for trusted apps: API reference see: SETUP Guide - customize authentication
• eventFiles
  • attachmentsDirPath Directory where event attachment files will be stored on the file system.
• service API documentation on Service Information
• services:email see Options & Customization below

Start

At this moment you should have your application running on the public URL you defined.

• Create an account and launch the authentication process on App-Web-Access: https://api.pryv.com/app-web-access/?pryvServiceInfoUrl=https://my-computer.rec.la:4443/reg/service/info.
• The service info URL to your platform is: https://my-computer.rec.la:4443/reg/service/info

If you are using another public URL, replace https://my-computer.rec.la:4443 by it in the link above.

Design your Data Model

Data in Pryv is stored in streams and events. We provide you with all necessary information to design your own data model in our Data Modelling Guide through a broad range of use cases and scenarios you might encounter.

Try the API

After this process, you should have an account on your Open Pryv.io platform with a valid authorization token in the form of an API endpoint, you can try various API requests using Postman following this guide https://api.pryv.com/open-api/.

You can also try our example apps with guides and tutorials.

Options & Customization

Authentication & Registration web app.

Open Pryv.io comes packaged with app-web-auth3, the default web pages for app authentication, user registration and password reset.

During the set-up process it has been built and published in public_html/access/. To customize it, refer to its README in app-web-auth3/.

To use a new build, simply copy the contents of the generated files from app-web-auth3/dist/ to public_html/access/

Event types

Open Pryv.io comes with default event types. The default ones are fetched at boot from the URL defined in service:eventTypes in the .yml config file, set to https://api.pryv.com/event-types/flat.json.

To customize your own, clone the Data Types repository and follow the guide there.

MongoDB data folder

By default the MongoDB data are stored in var-pryv/mongodb-data. If you want to modify the folder where the MongoDB data files are stored, you can modify in scripts/setup-mongodb.bash the variable MONGO_DATA_FOLDER.

Visual assets and icons

Your platforms visuals can be customized in public_html/assets/, please refer to the README inside. These assets are a clone of the assets-open-pryv.io.

E-Mails

Pryv.io can send e-mails at registration and password reset request.

The emails can be sent either by local sendmail (default) or SMTP.

This service, its documentation and mail templates can be found in service-mail/.

Backup

Prerequisites:

• rsync

To make a backup of your data:

Backup: native

Run ./scripts/backup-database-native.sh ${BACKUP_FOLDER} to generate a dump of the current database contents Run ./scripts/backup-attachments-native.sh ${BACKUP_FOLDER} to copy the current attachment files.

To restore the database, run ./scripts/restore-database-native.sh ${BACKUP_FOLDER} to restore data from the provided backup folder. To restore attachments, run ./scripts/restore-attachments-native.sh ${BACKUP_FOLDER} to restore data from the provided backup folder. Depending on your setup, you may need additional access rights.

Backup: dockerized

Follow the guide in the docker package.

Contributing

Contributions are welcome. Get in touch with the Pryv team or submit a PR with your changes or adaptation.

License

Copyright (C) 2020-2021 Pryv S.A. https://pryv.com

This file is part of Open-Pryv.io and released under BSD-Clause-3 License

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

SPDX-License-Identifier: BSD-3-Clause