first commit

2026-03-16 00:02:58 +06:00
commit c11f0bd5bc
36 changed files with 11938 additions and 0 deletions
--- a/env.example
+++ b/env.example
@@ -0,0 +1,172 @@
+# =============================================================================
+# BD FHIR National — Environment Variables
+#
+# INSTRUCTIONS:
+#   cp .env.example .env
+#   Fill in all values marked <CHANGE_ME>
+#   chmod 600 .env
+#   NEVER commit .env to version control
+#   Store the filled .env in your secrets vault
+#
+# PASSWORD REQUIREMENTS:
+#   All passwords minimum 32 characters.
+#   Generate with: openssl rand -base64 32
+#   Each password must be unique — never reuse across services.
+#   Rotate every 90 days per DGHS security policy.
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# HAPI Docker Image
+# Format: your-registry.dghs.gov.bd/bd-fhir-hapi:{version}
+# Update this value to deploy a new image version.
+# -----------------------------------------------------------------------------
+HAPI_IMAGE=your-registry.dghs.gov.bd/bd-fhir-hapi:1.0.0
+
+# -----------------------------------------------------------------------------
+# FHIR Database (postgres-fhir)
+#
+# SUPERUSER: used by Flyway migrations only.
+#   Connects directly to postgres-fhir (bypasses pgBouncer).
+#   Must have CREATE TABLE, CREATE INDEX, CREATE SEQUENCE privileges.
+#
+# APP USER: used by HAPI JPA at runtime.
+#   Connects via pgBouncer (session mode).
+#   Granted SELECT, INSERT, UPDATE, DELETE on all HAPI JPA tables.
+#   Created by postgres/fhir/init.sh on first container start.
+# -----------------------------------------------------------------------------
+FHIR_DB_NAME=fhirdb
+FHIR_DB_SUPERUSER=postgres
+FHIR_DB_SUPERUSER_PASSWORD=<CHANGE_ME>
+
+FHIR_DB_APP_USER=hapi_app
+FHIR_DB_APP_PASSWORD=<CHANGE_ME>
+
+# -----------------------------------------------------------------------------
+# Audit Database (postgres-audit)
+#
+# SUPERUSER: used by Flyway audit migrations only.
+#   Connects directly to postgres-audit (bypasses pgBouncer).
+#   Must have CREATE TABLE, CREATE SCHEMA, CREATE FUNCTION privileges.
+#
+# WRITER: used by HAPI audit datasource at runtime.
+#   Connects via pgBouncer (session mode).
+#   INSERT only on audit schema — no SELECT, UPDATE, DELETE, TRUNCATE.
+#   Created by postgres/audit/init.sh on first container start.
+#
+# MAINTAINER: used by monthly partition maintenance cron job only.
+#   EXECUTE on audit.create_next_month_partitions() function only.
+#   Never used by the HAPI JVM.
+#   Created by postgres/audit/init.sh on first container start.
+# -----------------------------------------------------------------------------
+AUDIT_DB_NAME=auditdb
+AUDIT_DB_SUPERUSER=postgres
+AUDIT_DB_SUPERUSER_PASSWORD=<CHANGE_ME>
+
+AUDIT_DB_WRITER_USER=audit_writer_login
+AUDIT_DB_WRITER_PASSWORD=<CHANGE_ME>
+
+AUDIT_DB_MAINTAINER_USER=audit_maintainer_login
+AUDIT_DB_MAINTAINER_PASSWORD=<CHANGE_ME>
+
+# -----------------------------------------------------------------------------
+# Flyway — FHIR schema migrations
+# Connects DIRECTLY to postgres-fhir (not pgBouncer) using superuser.
+# URL must point to the postgres-fhir container, not pgbouncer-fhir.
+# -----------------------------------------------------------------------------
+SPRING_FLYWAY_URL=jdbc:postgresql://postgres-fhir:5432/fhirdb
+SPRING_FLYWAY_USER=<CHANGE_ME_same_as_FHIR_DB_SUPERUSER>
+SPRING_FLYWAY_PASSWORD=<CHANGE_ME_same_as_FHIR_DB_SUPERUSER_PASSWORD>
+
+# -----------------------------------------------------------------------------
+# Flyway — Audit schema migrations
+# Connects DIRECTLY to postgres-audit (not pgBouncer) using superuser.
+# -----------------------------------------------------------------------------
+AUDIT_FLYWAY_URL=jdbc:postgresql://postgres-audit:5432/auditdb
+AUDIT_FLYWAY_USER=<CHANGE_ME_same_as_AUDIT_DB_SUPERUSER>
+AUDIT_FLYWAY_PASSWORD=<CHANGE_ME_same_as_AUDIT_DB_SUPERUSER_PASSWORD>
+
+# -----------------------------------------------------------------------------
+# HAPI FHIR datasource — runtime connection via pgBouncer
+# -----------------------------------------------------------------------------
+SPRING_DATASOURCE_URL=jdbc:postgresql://pgbouncer-fhir:5432/fhirdb
+SPRING_DATASOURCE_USERNAME=<CHANGE_ME_same_as_FHIR_DB_APP_USER>
+SPRING_DATASOURCE_PASSWORD=<CHANGE_ME_same_as_FHIR_DB_APP_PASSWORD>
+
+# HikariCP pool — FHIR datasource
+# 5 connections per replica. At 3 replicas: 15 total PostgreSQL connections.
+# pgBouncer pool_size=20 — 5 headroom. Do not exceed without updating pgBouncer.
+SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE=5
+SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE=2
+SPRING_DATASOURCE_HIKARI_POOL_NAME=fhir-pool
+
+# -----------------------------------------------------------------------------
+# Audit datasource — runtime connection via pgBouncer (INSERT-only)
+# -----------------------------------------------------------------------------
+AUDIT_DATASOURCE_URL=jdbc:postgresql://pgbouncer-audit:5432/auditdb
+AUDIT_DATASOURCE_USERNAME=<CHANGE_ME_same_as_AUDIT_DB_WRITER_USER>
+AUDIT_DATASOURCE_PASSWORD=<CHANGE_ME_same_as_AUDIT_DB_WRITER_PASSWORD>
+
+# HikariCP pool — audit datasource
+# Small pool — audit writes are async and low-volume.
+AUDIT_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE=2
+AUDIT_DATASOURCE_HIKARI_MINIMUM_IDLE=1
+AUDIT_DATASOURCE_HIKARI_POOL_NAME=audit-pool
+
+# -----------------------------------------------------------------------------
+# HAPI FHIR server
+# -----------------------------------------------------------------------------
+HAPI_FHIR_SERVER_ADDRESS=https://fhir.dghs.gov.bd/fhir
+HAPI_FHIR_FHIR_VERSION=R4
+
+# BD Core IG — must match the .tgz filename in src/main/resources/packages/
+HAPI_IG_PACKAGE_CLASSPATH=classpath:packages/bd.gov.dghs.core-0.2.1.tgz
+HAPI_IG_VERSION=0.2.1
+
+# Terminology cache TTL — 24 hours in seconds.
+# Flush via DELETE /admin/terminology/cache after ICD-11 version upgrade.
+HAPI_TERMINOLOGY_CACHE_TTL_SECONDS=86400
+
+# -----------------------------------------------------------------------------
+# OCL — national terminology server
+# -----------------------------------------------------------------------------
+HAPI_OCL_BASE_URL=https://tr.ocl.dghs.gov.bd/api/fhir
+HAPI_OCL_TIMEOUT_SECONDS=10
+HAPI_OCL_RETRY_ATTEMPTS=2
+
+# -----------------------------------------------------------------------------
+# Cluster validator middleware
+# -----------------------------------------------------------------------------
+HAPI_CLUSTER_VALIDATOR_URL=https://icd11.dghs.gov.bd/cluster/validate
+HAPI_CLUSTER_VALIDATOR_TIMEOUT_SECONDS=10
+
+# -----------------------------------------------------------------------------
+# Keycloak — national identity provider
+# Realm: hris
+# Do not change these URLs unless the Keycloak deployment changes.
+# -----------------------------------------------------------------------------
+KEYCLOAK_ISSUER=https://auth.dghs.gov.bd/realms/hris
+KEYCLOAK_JWKS_URL=https://auth.dghs.gov.bd/realms/hris/protocol/openid-connect/certs
+KEYCLOAK_REQUIRED_ROLE=mci-api
+KEYCLOAK_ADMIN_ROLE=fhir-admin
+
+# JWKS cache TTL in seconds (1 hour).
+# Keys are re-fetched immediately on unknown kid regardless of TTL.
+KEYCLOAK_JWKS_CACHE_TTL_SECONDS=3600
+
+# -----------------------------------------------------------------------------
+# Spring Boot
+# -----------------------------------------------------------------------------
+SPRING_PROFILES_ACTIVE=prod
+
+# -----------------------------------------------------------------------------
+# Logging
+# Set individual levels to DEBUG temporarily during initial deployment only.
+# Never leave DEBUG enabled in production — FHIR resources contain patient data.
+# -----------------------------------------------------------------------------
+LOGGING_LEVEL_ROOT=WARN
+LOGGING_LEVEL_BD_GOV_DGHS=INFO
+LOGGING_LEVEL_BD_GOV_DGHS_FHIR_INTERCEPTOR=INFO
+LOGGING_LEVEL_BD_GOV_DGHS_FHIR_TERMINOLOGY=INFO
+LOGGING_LEVEL_BD_GOV_DGHS_FHIR_VALIDATOR=INFO
+LOGGING_LEVEL_CA_UHN_HAPI=WARN
+LOGGING_LEVEL_ORG_SPRINGFRAMEWORK=WARN