alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
normogen/STATUS.md
goose 378703bf1c
Some checks failed
Lint and Build / Lint (push) Failing after 13m48s
Details
Lint and Build / Build (push) Has been skipped
Details
Lint and Build / Docker Build (push) Has been skipped
Details
docs(phase-2.5): Complete access control implementation
2026-02-15 21:15:17 -03:00

2.9 KiB
Raw Blame History

Normogen Project Status

Project Overview

Project Name: Normogen (Balanced Life in Mapudungun) Goal: Open-source health data platform for private, secure health data management Current Phase: Phase 2 - Backend Development

Phase Progress

Phase 1: Project Planning COMPLETE

  • Project documentation
  • Architecture design
  • Technology stack selection

Phase 2: Backend Development 🚧 75% COMPLETE

Phase 2.1: Backend Project Initialization COMPLETE

  • Cargo project setup
  • Dependency configuration
  • Basic project structure
  • Docker configuration

Phase 2.2: MongoDB Connection & Models COMPLETE

  • MongoDB connection setup
  • User model
  • Health data models
  • Repository pattern implementation

Phase 2.3: JWT Authentication COMPLETE

  • JWT token generation
  • Access tokens (15 min expiry)
  • Refresh tokens (30 day expiry)
  • Token rotation
  • Login/register/logout endpoints
  • Password hashing (PBKDF2)
  • Auth middleware

Phase 2.4: User Management Enhancement COMPLETE

  • Password recovery (zero-knowledge phrases)
  • Recovery phrase verification
  • Password reset with token invalidation
  • Enhanced profile management
  • Account deletion with confirmation
  • Email verification (stub)
  • Account settings management
  • Change password endpoint

Phase 2.5: Access Control COMPLETE

  • Permission model (Read, Write, Admin)
  • Share model for resource sharing
  • Permission middleware
  • Share management API
  • Permission check endpoints

Phase 2.6: Security Hardening PENDING

  • Rate limiting implementation
  • Account lockout policies
  • Security audit logging
  • Session management

Phase 2.7: Health Data Features PENDING

  • Lab results storage
  • Medication tracking
  • Health statistics
  • Appointment scheduling

Current Status

Last Updated: 2026-02-15 21:14:00 UTC Active Phase: Phase 2.5 - Access Control (COMPLETE) Next Phase: Phase 2.6 - Security Hardening

Recent Updates

Phase 2.5 Complete (2026-02-15)

  • Implemented permission-based access control
  • Created share management system
  • Added permission middleware
  • Full API for permission checking

Phase 2.4 Complete (2026-02-15)

  • Password recovery with zero-knowledge phrases
  • Enhanced profile management
  • Email verification stub
  • Account settings management

Tech Stack

Backend: Rust 1.93, Axum 0.7 Database: MongoDB 6.0 Authentication: JWT (jsonwebtoken 9) Password Security: PBKDF2 (100K iterations) Deployment: Docker, Docker Compose CI/CD: Forgejo Actions

Next Milestones

  1. Phase 2.5 - Access Control (COMPLETE)
  2. Phase 2.6 - Security Hardening
  3. Phase 2.7 - Health Data Features
  4. Phase 2.8 - API Documentation
  5. Phase 3 - Frontend Development