alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
normogen/STATUS.md
goose 88c9319d46
Some checks failed
Lint and Build / Lint (push) Has been cancelled
Details
Lint and Build / Build (push) Has been cancelled
Details
Lint and Build / Docker Build (push) Has been cancelled
Details
docs: Confirm Phase 2.3 completion 
Phase 2.3 - JWT Authentication is COMPLETE.

All requirements implemented and tested.

Documentation:
- PHASE-2-3-COMPLETION-REPORT.md - Detailed analysis
- PHASE-2-3-SUMMARY.md - Quick summary
- STATUS.md - Updated project status

Phase 2.3:  COMPLETE
Phase 2.4: 🚧 67% Complete
2026-02-15 20:46:02 -03:00

3.4 KiB
Raw Blame History

Normogen Backend - Development Status

Last Updated: 2026-02-15 20:45:00 UTC

🎯 Project Overview

Normogen (from Mapudungun, meaning "Balanced Life") is an open-source health data platform designed to empower users to control their own health data securely and privately.

Tech Stack:

  • Backend: Rust with Axum 0.7 framework
  • Database: MongoDB 2.8
  • Authentication: JWT tokens with refresh token rotation
  • Deployment: Docker, Forgejo CI/CD

📊 Development Progress

Phase 2.1: Backend Project Initialization

Status: Complete | Date: 2025-02-10

Phase 2.2: MongoDB Connection & Models

Status: Complete | Date: 2025-02-12

Phase 2.3: JWT Authentication

Status: Complete | Date: 2025-02-14

  • JWT token generation and validation
  • Access tokens (15-minute expiry)
  • Refresh tokens (30-day expiry)
  • Token rotation mechanism
  • Token revocation on logout
  • Protected route middleware
  • Authentication endpoints (register, login, refresh, logout)
  • PBKDF2 password hashing (100K iterations)
  • Public/Protected route separation

Documentation: See PHASE-2-3-COMPLETION-REPORT.md

🚧 Phase 2.4: User Management Enhancement

Password Recovery (Complete)

Status: Complete | Date: 2026-02-15

  • Zero-knowledge password recovery with recovery phrases
  • Recovery phrase setup endpoint (protected)
  • Recovery phrase verification endpoint (public)
  • Password reset with recovery phrase (public)
  • Token invalidation on password reset

Enhanced Profile Management (Complete)

Status: Complete | Date: 2026-02-15

  • Get user profile endpoint
  • Update user profile endpoint
  • Delete user account endpoint
  • Password confirmation for deletion

🚧 Email Verification (Pending)

Status: 🚧 To Be Implemented | Priority: Medium

  • Email verification flow (stub)
  • Verification token generation
  • Send/Verify/Resend endpoints

Account Settings (Not Started)

Status: Not Started | Priority: Medium

  • Settings management endpoints
  • Change password endpoint
  • Preferences management

Phase 2.4 Progress: 67% Complete

CI/CD Pipeline

Status: Complete | Date: 2026-02-15

  • Forgejo workflow for linting
  • Forgejo workflow for building
  • Forgejo workflow for Docker builds
  • Uses Docker-labeled runner
  • Clippy and rustfmt configuration

🚀 Deployment

Server: solaria (10.0.10.30)
Port: 6500 (backend)
Status: 🟢 Operational
URL: http://10.0.10.30:6500

📋 Current API Endpoints

Public Endpoints

  • GET /health
  • GET /ready
  • POST /api/auth/register
  • POST /api/auth/login
  • POST /api/auth/refresh
  • POST /api/auth/logout
  • POST /api/auth/recovery/verify
  • POST /api/auth/recovery/reset-password

Protected Endpoints (JWT Required)

  • GET /api/users/me
  • PUT /api/users/me
  • DELETE /api/users/me
  • POST /api/auth/recovery/setup

🎯 Next Steps

Option 1: Complete Phase 2.4 (Email verification, Account settings)

Option 2: Start Phase 2.5 (Access Control)

Option 3: Start Phase 2.6 (Security Hardening)

Project Status: 🟢 Active Development
Phase 2.3: Complete
Phase 2.4: 🚧 67% Complete