Information for IT teams

System architecture

The Culture Shift platform is built in TypeScript and consists of three major components: an API, sites, and an admin dashboard.

The API is built using the Serverless framework, using AWS Cognito for authentication, and exposes a GraphQL server using NodeJS on AWS Lambda. AWS RDS provides a PostgreSQL database which the API uses as a datastore. The API is used by the administrative interface, as well as select ‘super admin’ functions which are restricted to Culture Shift staff.

The Sites component is built using the Serverless framework using NodeJS on AWS Elastic Container Service with Express. It exists to serve the public-facing reporting websites. Each organisation is provisioned with a CloudFront distribution that corresponds to that organisation which is protected by a TLS certificate issued and managed by AWS to provide secure HTTPS communication under the organisation’s domain.

Emails are sent to administrators and case workers when a report is submitted or assigned, and this comes from a no-reply email address managed by Culture Shift and does not contain any personal information about the report.

The admin dashboard is shared between all organisations, and is a single-page web application written with React. It authenticates users with AWS Cognito and then communicates with the API using GraphQL.

The following types of data are stored in the database:

Branding information: This is managed by the API under a super-admin function. The Sites component reads this information when determining how to style a request to a user.

Reports: Reports are submitted through the Sites component. Further updates can be made to fields in a report through the admin interface redaction function. The admin interface can show report data, with the API enforcing access control to a particular report or reports query. Reports can be exported by a user, which is provided as a password-protected XLSX file.

Site content: These are created and updated through the administration interface, with access control applied in the API which the interface uses to access the data. The Sites component has read-only access to the site content to present this information publicly.
Uploaded images: Images can be uploaded by content editors to be used in articles. To upload an image, the API first generates a signed URL which the administrative interface uses to upload the image too. This uploaded image is then verified to check it is a well-formed image file, resized if it is too large, and then moved into a public location where it can be accessed by public users of a site.