- Fix DNS resolution: Removed invalid dns_search configuration
- Add graceful MongoDB connection error handling
- Set restart policy to 'unless-stopped' for both services
- Add development helper scripts (start-dev.sh, stop-dev.sh)
- Update Docker Compose configurations for development
- Restore main.rs from git history
- Backend now logs MongoDB errors without crashing
All containers now start successfully with proper DNS resolution
on the dedicated normogen-network.
Updated all jobs in the lint-and-build workflow to use the
Docker-labeled runner instead of ubuntu-latest.
Changes:
- lint job: runs-on: docker
- build job: runs-on: docker
- docker-build job: runs-on: docker
Benefits:
- Native Docker support
- Faster builds
- Better performance on local infrastructure
- Consistent with server setup
Phase 2.4 - Enhanced Profile Management
Features implemented:
- Get user profile endpoint
- Update user profile endpoint
- Delete user account endpoint with password confirmation
- Input validation on all profile fields
- Security: Password required for account deletion
- Security: All tokens revoked on deletion
New API endpoints:
- GET /api/users/me (protected)
- PUT /api/users/me (protected)
- DELETE /api/users/me (protected)
Security features:
- JWT token required for all operations
- Password confirmation required for deletion
- All tokens revoked on account deletion
- User data removed from database
- Input validation on all fields
Files modified:
- backend/src/handlers/users.rs
- backend/src/main.rs
Testing:
- backend/test-profile-management.sh
- backend/PROFILE-MANAGEMENT-IMPLEMENTED.md
Fixed issues:
- PasswordService has no new() method, use static methods directly
- Updated User model to use PasswordService::hash_password() directly
- Updated handlers to import verify_password function
- Fixed all password hashing and verification calls
Compilation errors resolved:
- error[E0599]: PasswordService::new() not found
- error[E0277]: Handler trait not implemented for setup_recovery
Files modified:
- backend/src/models/user.rs
- backend/src/handlers/auth.rs
- backend/src/auth/jwt.rs
Phase 2.4 - Password Recovery Feature
Features implemented:
- Zero-knowledge password recovery using recovery phrases
- Recovery phrases hashed with PBKDF2 (same as passwords)
- Setup recovery phrase endpoint (protected)
- Verify recovery phrase endpoint (public)
- Reset password with recovery phrase endpoint (public)
- Token invalidation on password reset
- Email verification stub fields added to User model
New API endpoints:
- POST /api/auth/recovery/setup (protected)
- POST /api/auth/recovery/verify (public)
- POST /api/auth/recovery/reset-password (public)
User model updates:
- recovery_phrase_hash field
- recovery_enabled field
- email_verified field (stub)
- verification_token field (stub)
- verification_expires field (stub)
Security features:
- Zero-knowledge proof (server never sees plaintext)
- Current password required to set/update phrase
- All tokens invalidated on password reset
- Token version incremented on password change
Files modified:
- backend/src/models/user.rs
- backend/src/handlers/auth.rs
- backend/src/main.rs
- backend/src/auth/jwt.rs
Documentation:
- backend/PASSWORD-RECOVERY-IMPLEMENTED.md
- backend/test-password-recovery.sh
- backend/PHASE-2.4-TODO.md (updated progress)
- Remove 28+ temporary debugging documentation files
- Remove temporary test scripts and log files
- Keep only essential files (quick-test.sh, EDITION2024-FIX.md)
- Create PHASE-2.4-SPEC.md with complete feature specifications
- Update STATUS.md with current progress and recent issues
- Ready to begin Phase 2.4 implementation
Our dependencies (time-core, getrandom, uuid, etc.) now require
Rust 1.85+ for edition2024 support.
Changes:
- Dockerfile.dev: Updated to rust:latest
- Dockerfile.prod: Updated to rust:latest for builder stage
This resolves the edition2024 compilation errors.
cargo-watch dependencies require Rust 1.85+ and edition2024.
For development, we can simply use 'cargo run' which works fine.
The server can be restarted with docker compose restart.
This script automates the Docker build and testing process:
- Stops and removes old containers
- Removes old images to force rebuild
- Builds without cache
- Starts services
- Shows logs
- Waits for server to be ready
- Tests health endpoints
Problem:
- cargo-watch v8.5.3 requires Rust edition2024 which is not stable yet
- Even Rust 1.83 doesn't support edition2024
- Build fails with: feature 'edition2024' is required
Solution:
- Pin cargo-watch to version 8.4.0
- This version works perfectly with stable Rust 1.83
- No functional difference for development purposes
Change:
RUN cargo install cargo-watch
→ RUN cargo install cargo-watch --version 8.4.0
Added pull_policy: build to prevent Docker from using cached images
with old Rust version. This ensures the build uses Rust 1.83 as specified
in Dockerfile.dev.
