Report a cybercrime / Signalez un crime informatique
Exploring a service that makes it easier for Canadians and businesses to report when they encounter or are victims of a cybercrime and that helps police analyze and investigate reports.
Explorer la possibilité de mettre en place un service permettant aux Canadiens et aux entreprises de signaler plus aisément les crimes informatiques et facilitant le travail d'analyse et d'enquête de la police.
cd f2 npm install
A number of environment variables are used to configure different parts of the back end. These can be set locally in a
.env file. As in
.env.example we have the following.
As our app is currently running in Microsoft Azure, we are using storing the reports in Azure CosmosDB (using a mongodb api) and uploaded files in Azure Blob Storage. Set the following environment variables:
# database for reports COSMOSDB_NAME= COSMOSDB_KEY= # Blob Storage for files BLOB_STORAGE_NAME= BLOB_STORAGE_KEY=
Self harm words
We use a comma separated list of keywords to attempt to detect any user in serious crisis.
# self harm words SELF_HARM_WORDS=
Files are scanned with Clam AV, an open source virus scanner we are running in the cloud. We also use Azure Content Moderator to detect adult images.
# file scanning CLAM_URL= CONTENT_MODERATOR_SERVICE_KEY=
Encrypting the reports for the RCMP analysts
Currently the reports are sent to the RCMP via encrypted email. We use the HERMIS IDs of the RCMP staff to fetch their public key certificates.
# encrypting email to intake analyst LDAP_URL= LDAP_UID=
Sending the encrypted reports to RCMP analysts
We use an SMTP server directly to send out reports.
# sending encrypted emails MAIL_HOST= MAIL_USER= MAIL_PASS= MAIL_FROM=
We are using the Government of Canada's Notify tool to send confirmation emails to users as well as to send feedback to the team developing the app.
# Notify configuration NOTIFY_API_BASE_URL= NOTIFY_API_KEY= NOTIFY_ENGLISH_CONFIRMATION_TEMPLATE_ID= NOTIFY_FRENCH_CONFIRMATION_TEMPLATE_ID= NOTIFY_FEEDBACK_TEMPLATE_ID= FEEDBACK_EMAIL=
Google Analytics is being used to help us get insight into how the different parts of the app are being used.
# Google Analytics GOOGLE_ANALYTICS_ID= REACT_APP_GOOGLE_GTM_ID=
Finally, we are currently soft launching the app and so are rate limiting how many reports it generates.
# rate limiting SUBMISSIONS_PER_DAY= SECONDS_BETWEEN_REQUESTS=
Note that you must be in the
f2 directory to run the code.
Just the frontend
npm run dev
Frontend and backend
npm run prod
Run project with Docker
docker build -t rac . docker run -p 3000:3000 rac
Getting the analyst email yourself
It is often useful to quickly see what the analyst email looks like. If the
LDAP_UID environment variable is not set and the user provides their email address on the contact info screen then the server will send the analyst email unencrypted to the user. This is solely for development purposes. Note that the review apps are configured this way.
To do this locally:
- ensure that
LDAP_UIDis not set in your terminal environment nor in your
npm run prod
- fill out the report and include your email address on http://localhost:3000/contactinfo
- you should receive the generated report email
Load testing the frontend
There are simple scripts to load test the frontend. They use the k6 package, which must first be installed (see (https://docs.k6.io/docs/installation)
To run the tests, set the environment variable
LOAD_TESTING_BASE_URL to the url of the website, for example
and then from the root repo directory run
k6 run -vu 150 -d10s utils/loadTesting.js
http_req_durationline shows how long the requests took (from sending request to receiving response)
iterationsline shows the number of requests per second (should be approximately 100/s bor both)