203c0b4331
- Comprehensive JWT research completed - JWT with refresh tokens selected (9.5/10 score) - Token revocation strategies (blacklist + versioning) - Refresh token pattern (token rotation) - Zero-knowledge password recovery integration - Family member access control (permissions in JWT) Key decisions: - Access tokens: 15 minutes (short-lived) - Refresh tokens: 30 days (long-lived, stored in MongoDB) - Token rotation: Prevents reuse of stolen tokens - Token versioning: Invalidate all tokens on password change - Recovery phrases: Zero-knowledge password recovery from encryption.md - Family permissions: parent, child, elderly roles Updated tech stack decisions Next: Database schema design (MongoDB collections) |
||
|---|---|---|
| thoughts/research | ||
| .gitignore | ||
| encryption.md | ||
| introduction.md | ||
| README.md | ||
Normogen
Overview
Normogen is a privacy-focused health data tracking and management platform. The name comes from Mapudungun, relating to Balanced Life.
Vision
To record as many variables related to health as possible, store them in a secure, private manner, to be used by you, not by corporations. From medication reminders to pattern analysis, Normogen puts you in control of your health data.
Technology Stack
Backend
- Framework: Axum 0.7.x
- Runtime: Tokio 1.x
- Middleware: Tower, Tower-HTTP
- Database: MongoDB (with zero-knowledge encryption)
- Language: Rust
Mobile (iOS + Android)
- Framework: React Native 0.73+
- Language: TypeScript
- State Management: Redux Toolkit 2.x
- Data Fetching: RTK Query 2.x
- Health Sensors: react-native-health, react-native-google-fit
- Encryption: react-native-quick-crypto
Web
- Framework: React 18+
- Language: TypeScript
- State Management: Redux Toolkit 2.x
- Data Fetching: RTK Query 2.x
- Charts: Recharts
Deployment
- Docker on Linux
Platform Strategy
Primary: Mobile Apps - Daily health tracking, sensor integration, QR scanning, push notifications
Secondary: Web Browser - Extensive reporting, visualization, profile management
Key Features
- Zero-knowledge encryption
- Multi-person profiles
- Family structure management
- Secure sharing with expiring links
- Mobile apps with health sensor integration
- Web interface for complex visualizations
Security Model
- Client-side encryption: Data encrypted before leaving device
- Zero-knowledge: Server stores only encrypted data
- Proton-style encryption: AES-256-GCM with PBKDF2 key derivation
- Shareable links: Self-contained decryption keys in URLs
- Privacy-first: No data selling, subscription-based revenue
Documentation
- Introduction - Project vision and detailed feature specification
- Encryption Implementation Guide - Zero-knowledge encryption architecture
- Research - Technical research and planning documents
Development Status
Phase: Planning/Documentation
Completed
- Project vision and requirements
- Security architecture design
- Encryption implementation guide
- Git repository initialization
- Rust framework selection: Axum
- Mobile/Web framework selection: React Native + React
- State management selection: Redux Toolkit 2.x
Next Steps
- Authentication system design (JWT with recovery phrases)
- Database schema design
- Create proof-of-concept with Axum
- Implement basic CRUD API
- Build mobile apps with health sensor integration
- Build web companion app
- Add encryption layer
- Implement sharing functionality
Open Source
Normogen is open-source. Both server and client code will be publicly available.
Note: This project is currently in the planning phase. No implementation code has been written yet.