alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
normogen/thoughts/research/2026-02-14-tech-stack-decision.md
goose 203c0b4331 Research: JWT authentication selected 
- Comprehensive JWT research completed
- JWT with refresh tokens selected (9.5/10 score)
- Token revocation strategies (blacklist + versioning)
- Refresh token pattern (token rotation)
- Zero-knowledge password recovery integration
- Family member access control (permissions in JWT)

Key decisions:
- Access tokens: 15 minutes (short-lived)
- Refresh tokens: 30 days (long-lived, stored in MongoDB)
- Token rotation: Prevents reuse of stolen tokens
- Token versioning: Invalidate all tokens on password change
- Recovery phrases: Zero-knowledge password recovery from encryption.md
- Family permissions: parent, child, elderly roles

Updated tech stack decisions

Next: Database schema design (MongoDB collections)
2026-02-14 12:44:33 -03:00

197 lines
6.4 KiB
Markdown
Raw Blame History

# Technology Stack Decisions
**Last Updated**: 2026-02-14
---
## Decisions Made
### 1. Rust Web Framework: Axum
**Decision**: Axum 0.7.x
**Rationale**:
- Superior I/O performance for encrypted data transfer
- Better streaming support for large encrypted responses
- Lower memory usage for concurrent connections
- Tower middleware ecosystem
- Excellent async patterns for lazy loading
**Reference**: [2026-02-14-performance-findings.md](./2026-02-14-performance-findings.md)
---
### 2. Mobile Framework: React Native
**Decision**: React Native 0.73+ for iOS + Android
**Platform Strategy**:
- **Primary**: Mobile apps (iOS + Android) - Daily health tracking, sensor integration
- **Secondary**: Web browser - Extensive reporting, visualization, profile management
**Rationale**:
- **70-80% code sharing** between mobile and web (single language: TypeScript)
- **Health sensor integration**: react-native-health (HealthKit), react-native-google-fit (Health Connect)
- **QR code scanning**: react-native-camera
- **Encryption**: react-native-quick-crypto (AES-256-GCM, PBKDF2)
- **Web charts**: Recharts for React (beautiful visualizations)
- **Team skills**: Single language (JavaScript/TypeScript) reduces development cost
- **Time to market**: Faster than native or Flutter
**Reference**: [2026-02-14-frontend-mobile-research.md](./2026-02-14-frontend-mobile-research.md)
---
### 3. Web Framework: React
**Decision**: React 18+ for web companion app
**Rationale**:
- **70-80% code sharing** with React Native (business logic, state, API, encryption)
- **Charts**: Recharts for beautiful health data visualizations
- **Ecosystem**: Largest npm ecosystem
- **Team skills**: Single language (TypeScript)
---
### 4. State Management: Redux Toolkit
**Decision**: Redux Toolkit 2.x for React Native + React
**Score**: 9.2/10
**Rationale**:
- **Best for complex state**: Family structure, multi-person profiles, permissions
- **Built-in normalization**: createEntityAdapter for efficient data management
- **Best for offline sync**: RTK Query for server state, optimistic updates, background sync
- **Largest ecosystem**: Most resources, tutorials, examples, production deployments
- **Best developer experience**: Time-travel debugging, predictable state updates
- **TypeScript**: Excellent support, full type safety
- **Code sharing**: 100% between React Native and React
**Trade-offs**:
- More boilerplate: More code, but clearer structure
- Steeper learning curve: More concepts, but better patterns
- Larger bundle: 60KB vs 3KB (negligible impact on 50-100MB app)
**Reference**: [2026-02-14-state-management-research.md](./2026-02-14-state-management-research.md)
---
### 5. Authentication: JWT with Refresh Tokens
**Decision**: JWT (JSON Web Tokens) with Refresh Tokens + Recovery Phrases
**Score**: 9.5/10
**Rationale**:
- **Stateless design**: Scales to 1000+ concurrent connections (no session storage)
- **Mobile-friendly**: Works perfectly with React Native (AsyncStorage)
- **Zero-knowledge compatible**: Integrates with recovery phrases from encryption.md
- **Token revocation**: Refresh token blacklist (MongoDB) + token versioning
- **Token rotation**: Prevents reuse of stolen refresh tokens
- **Family access control**: Permissions in JWT claims (parent, child, elderly)
- **Security best practices**: Short-lived access tokens (15 min), long-lived refresh tokens (30 days)
**Trade-offs**:
- Revocation requires storage (MongoDB for refresh tokens, optional Redis for access tokens)
- More complex than sessions (but better for scaling)
**Reference**: [2026-02-14-jwt-authentication-research.md](./2026-02-14-jwt-authentication-research.md)
---
## Technology Stack Summary
### Backend
- **Framework**: Axum 0.7.x
- **Runtime**: Tokio 1.x
- **Middleware**: Tower, Tower-HTTP
- **Authentication**: JWT with refresh tokens
- **Database**: MongoDB (with zero-knowledge encryption)
- **Language**: Rust
### Mobile (iOS + Android)
- **Framework**: React Native 0.73+
- **Language**: TypeScript
- **State Management**: Redux Toolkit 2.x
- **Data Fetching**: RTK Query 2.x
- **Authentication**: JWT with AsyncStorage
- **Navigation**: React Navigation
- **Health Sensors**:
- react-native-health (iOS HealthKit)
- react-native-google-fit (Android Health Connect)
- **QR Scanning**: react-native-camera
- **Encryption**: react-native-quick-crypto
- **Persistence**: Redux Persist 6.x (AsyncStorage)
- **HTTP**: Axios
### Web
- **Framework**: React 18+
- **Language**: TypeScript
- **State Management**: Redux Toolkit 2.x
- **Data Fetching**: RTK Query 2.x
- **Authentication**: JWT with localStorage (or httpOnly cookies)
- **Routing**: React Router
- **Charts**: Recharts
- **Persistence**: Redux Persist 6.x (localStorage)
- **HTTP**: Axios
### Shared (Monorepo)
- **Language**: TypeScript
- **State Management**: Redux Toolkit 2.x
- **Reducers**: Shared reducers (user, family, encryption)
- **Selectors**: Shared selectors (Reselect 5.x)
- **API**: Axios
- **Encryption**: AES-256-GCM, PBKDF2
- **Validation**: Zod
- **Date**: date-fns
- **Utilities**: Shared package
---
## Still To Be Decided
### 1. Database Schema (Priority: High)
**Collections to Design**:
- Users (authentication, profiles)
- Families (family structure)
- Health Data (encrypted health records)
- Lab Results (encrypted lab data)
- Medications (encrypted medication data)
- Appointments (encrypted appointment data)
- Shared Links (time-limited access tokens)
- Refresh Tokens (JWT refresh token storage)
---
### 2. API Architecture (Priority: Medium)
**Options**:
- REST (current plan)
- GraphQL (alternative)
- gRPC (for microservices)
---
## Recommended Order
1. Rust Framework: Axum (COMPLETED)
2. Mobile/Web Framework: React Native + React (COMPLETED)
3. State Management: Redux Toolkit 2.x (COMPLETED)
4. Authentication: JWT with refresh tokens (COMPLETED)
5. Database Schema: Design MongoDB collections (NEXT)
6. Create POC: Health sensor integration test
7. Implement Core Features: Authentication, encryption, CRUD
---
## Next Research Priority
**Research Question**: What should the MongoDB schema look like for Normogen's encrypted health data platform?
**Considerations**:
- Zero-knowledge encryption (all sensitive data encrypted)
- Family structure (parents, children, elderly)
- Health data types (lab results, medications, appointments)
- Refresh tokens (JWT storage)
- Shared links (time-limited access)
- Permissions (family member access control)
**Estimated Research Time**: 3-4 hours
Reference in a new issue View git blame Copy permalink