alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
13 commits 1 branch 0 tags 572 KiB
Find a file
goose 02b24a3ac1 Phase 2.3: Complete JWT Authentication with token rotation and revocation 
- Fixed DateTime timestamp issues (use timestamp_millis instead of to_millis)
- Implemented token rotation: old refresh tokens revoked on refresh
- Implemented logout revocation: tokens immediately marked as revoked
- Removed rate limiting (deferred to Phase 2.6)
- Created comprehensive verification report
- Updated STATUS.md

All Phase 2.3 objectives complete:
 JWT Access Tokens (15 min expiry)
 JWT Refresh Tokens (30 day expiry)
 Token Rotation
 Token Revocation
 PBKDF2 Password Hashing
 Auth endpoints (register, login, refresh, logout)
 Protected routes with JWT middleware
 Health check endpoints

Compiles successfully with only unused code warnings.
2026-02-15 09:05:34 -03:00
backend Phase 2.3: Complete JWT Authentication with token rotation and revocation 2026-02-15 09:05:34 -03:00
thoughts Phase 2.3: Complete JWT Authentication with token rotation and revocation 2026-02-15 09:05:34 -03:00
.gitignore Phase 2.1: Backend project initialized with Docker configuration 2026-02-14 15:30:06 -03:00
encryption.md Initial commit: Project setup and documentation 2026-02-14 11:11:06 -03:00
introduction.md Initial commit: Project setup and documentation 2026-02-14 11:11:06 -03:00
README.md Docs: Add backend deployment constraints and monorepo structure 2026-02-14 15:30:13 -03:00

README.md

/home/asoliver/desarrollo/normogen/README.md

1: # Normogen
2: 
3: ## Overview
4: 
5: Normogen is a privacy-focused health data tracking and management platform. The name comes from Mapudungun, relating to Balanced Life.
6: 
7: ## Vision
8: 
9: To record as many variables related to health as possible, store them in a secure, private manner, to be used by you, not by corporations. From medication reminders to pattern analysis, Normogen puts you in control of your health data.
10: 
11: ## Technology Stack
12: 
13: ### Backend
14: - **Framework**: Axum 0.7.x
15: - **Runtime**: Tokio 1.x
16: - **Middleware**: Tower, Tower-HTTP
17: - **Database**: MongoDB (with zero-knowledge encryption)
18: - **Language**: Rust
19: 
20: ### Mobile (iOS + Android)
21: - **Framework**: React Native 0.73+
22: - **Language**: TypeScript
23: - **State Management**: Redux Toolkit 2.x
24: - **Data Fetching**: RTK Query 2.x
25: - **Health Sensors**: react-native-health, react-native-google-fit
26: - **Encryption**: react-native-quick-crypto
27: 
28: ### Web
29: - **Framework**: React 18+
30: - **Language**: TypeScript
31: - **State Management**: Redux Toolkit 2.x
32: - **Data Fetching**: RTK Query 2.x
33: - **Charts**: Recharts
34: 
35: ### Deployment
36: - Docker on Linux
37: 
38: ## Platform Strategy
39: 
40: **Primary: Mobile Apps** - Daily health tracking, sensor integration, QR scanning, push notifications
41: 
42: **Secondary: Web Browser** - Extensive reporting, visualization, profile management
43: 
44: ## Key Features
45: 
46: - Zero-knowledge encryption
47: - Multi-person profiles
48: - Family structure management
49: - Secure sharing with expiring links
50: - Mobile apps with health sensor integration
51: - Web interface for complex visualizations
52: 
53: ## Security Model
54: 
55: - Client-side encryption: Data encrypted before leaving device
56: - Zero-knowledge: Server stores only encrypted data
57: - Proton-style encryption: AES-256-GCM with PBKDF2 key derivation
58: - Shareable links: Self-contained decryption keys in URLs
59: - Privacy-first: No data selling, subscription-based revenue
60: 
61: ## Documentation
62: 
63: - [Introduction](./introduction.md) - Project vision and detailed feature specification
64: - [Encryption Implementation Guide](./encryption.md) - Zero-knowledge encryption architecture
65: - [Research](./thoughts/research/) - Technical research and planning documents
66: 
67: ## Development Status
68: 
69: Phase: Planning/Documentation
70: 
71: ### Completed
72: - Project vision and requirements
73: - Security architecture design
74: - Encryption implementation guide
75: - Git repository initialization
76: - **Rust framework selection: Axum**
77: - **Mobile/Web framework selection: React Native + React**
78: - **State management selection: Redux Toolkit 2.x**
79: 
80: ### Next Steps
81: - Authentication system design (JWT with recovery phrases)
82: - Database schema design
83: - Create proof-of-concept with Axum
84: - Implement basic CRUD API
85: - Build mobile apps with health sensor integration
86: - Build web companion app
87: - Add encryption layer
88: - Implement sharing functionality
89: 
90: ## Open Source
91: 
92: Normogen is open-source. Both server and client code will be publicly available.
93: 
94: Note: This project is currently in the planning phase. No implementation code has been written yet.

Monorepo Structure

This is a monorepo containing backend, mobile, web, and shared code:

normogen/
├── backend/    # Rust backend (Axum + MongoDB)
├── mobile/     # React Native (iOS + Android)
├── web/        # React web app
├── shared/     # Shared TypeScript code
└── thoughts/   # Research & design docs

Each platform has its own src/ directory to keep codebases separate while sharing common code through the shared/ directory.

Repository Management

  • Git Hosting: Forgejo (self-hosted)
  • CI/CD: Forgejo Actions
  • Branch Strategy: main, develop, feature/*
  • Deployment: Docker Compose (homelab), Kubernetes (future)

Deployment

Backend Deployment

# Clone repository
git clone <forgejo-url> normogen
cd normogen/backend

# Setup configuration
cp config/.env.example config/.env
# Edit config/.env

# Build and run
docker compose build
docker compose up -d

# Check status
curl http://localhost:6000/health

Resource Limits (Homelab):

  • CPU: 1000m (1 core)
  • Memory: 1000Mi (1GB RAM)

Ports:

  • Backend API: 6000 (host) → 8000 (container)
  • MongoDB: 27017 (standard port)