alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
normogen/STATUS.md
goose 378703bf1c
Some checks failed
Lint and Build / Lint (push) Failing after 13m48s
Details
Lint and Build / Build (push) Has been skipped
Details
Lint and Build / Docker Build (push) Has been skipped
Details
docs(phase-2.5): Complete access control implementation
2026-02-15 21:15:17 -03:00

102 lines
2.9 KiB
Markdown
Raw Permalink Blame History

# Normogen Project Status
## Project Overview
**Project Name**: Normogen (Balanced Life in Mapudungun)
**Goal**: Open-source health data platform for private, secure health data management
**Current Phase**: Phase 2 - Backend Development
## Phase Progress
### Phase 1: Project Planning ✅ COMPLETE
- [x] Project documentation
- [x] Architecture design
- [x] Technology stack selection
### Phase 2: Backend Development 🚧 75% COMPLETE
#### Phase 2.1: Backend Project Initialization ✅ COMPLETE
- [x] Cargo project setup
- [x] Dependency configuration
- [x] Basic project structure
- [x] Docker configuration
#### Phase 2.2: MongoDB Connection & Models ✅ COMPLETE
- [x] MongoDB connection setup
- [x] User model
- [x] Health data models
- [x] Repository pattern implementation
#### Phase 2.3: JWT Authentication ✅ COMPLETE
- [x] JWT token generation
- [x] Access tokens (15 min expiry)
- [x] Refresh tokens (30 day expiry)
- [x] Token rotation
- [x] Login/register/logout endpoints
- [x] Password hashing (PBKDF2)
- [x] Auth middleware
#### Phase 2.4: User Management Enhancement ✅ COMPLETE
- [x] Password recovery (zero-knowledge phrases)
- [x] Recovery phrase verification
- [x] Password reset with token invalidation
- [x] Enhanced profile management
- [x] Account deletion with confirmation
- [x] Email verification (stub)
- [x] Account settings management
- [x] Change password endpoint
#### Phase 2.5: Access Control ✅ COMPLETE
- [x] Permission model (Read, Write, Admin)
- [x] Share model for resource sharing
- [x] Permission middleware
- [x] Share management API
- [x] Permission check endpoints
#### Phase 2.6: Security Hardening ⏳ PENDING
- [ ] Rate limiting implementation
- [ ] Account lockout policies
- [ ] Security audit logging
- [ ] Session management
#### Phase 2.7: Health Data Features ⏳ PENDING
- [ ] Lab results storage
- [ ] Medication tracking
- [ ] Health statistics
- [ ] Appointment scheduling
## Current Status
**Last Updated**: 2026-02-15 21:14:00 UTC
**Active Phase**: Phase 2.5 - Access Control (COMPLETE)
**Next Phase**: Phase 2.6 - Security Hardening
## Recent Updates
### Phase 2.5 Complete (2026-02-15)
- ✅ Implemented permission-based access control
- ✅ Created share management system
- ✅ Added permission middleware
- ✅ Full API for permission checking
### Phase 2.4 Complete (2026-02-15)
- ✅ Password recovery with zero-knowledge phrases
- ✅ Enhanced profile management
- ✅ Email verification stub
- ✅ Account settings management
## Tech Stack
**Backend**: Rust 1.93, Axum 0.7
**Database**: MongoDB 6.0
**Authentication**: JWT (jsonwebtoken 9)
**Password Security**: PBKDF2 (100K iterations)
**Deployment**: Docker, Docker Compose
**CI/CD**: Forgejo Actions
## Next Milestones
1. ✅ Phase 2.5 - Access Control (COMPLETE)
2. ⏳ Phase 2.6 - Security Hardening
3. ⏳ Phase 2.7 - Health Data Features
4. ⏳ Phase 2.8 - API Documentation
5. ⏳ Phase 3 - Frontend Development
Reference in a new issue View git blame Copy permalink