No description
a31669930d
Implement comprehensive permission-based access control system with share management. Features: - Permission model (Read, Write, Admin) - Share model for resource sharing between users - Permission middleware for endpoint protection - Share management API endpoints - Permission check endpoints - MongoDB repository implementations for all models Files Added: - backend/src/db/permission.rs - Permission repository - backend/src/db/share.rs - Share repository - backend/src/db/user.rs - User repository - backend/src/db/profile.rs - Profile repository - backend/src/db/appointment.rs - Appointment repository - backend/src/db/family.rs - Family repository - backend/src/db/health_data.rs - Health data repository - backend/src/db/lab_result.rs - Lab results repository - backend/src/db/medication.rs - Medication repository - backend/src/db/mongodb_impl.rs - MongoDB trait implementations - backend/src/handlers/permissions.rs - Permission API handlers - backend/src/handlers/shares.rs - Share management handlers - backend/src/middleware/permission.rs - Permission checking middleware API Endpoints: - GET /api/permissions/check - Check user permissions - POST /api/shares - Create new share - GET /api/shares - List user shares - GET /api/shares/:id - Get specific share - PUT /api/shares/:id - Update share - DELETE /api/shares/:id - Delete share Status: Phase 2.5 COMPLETE - Building successfully, ready for production |
||
|---|---|---|
| .forgejo/workflows | ||
| backend | ||
| thoughts | ||
| .gitignore | ||
| COMMIT-INSTRUCTIONS.txt | ||
| COMMIT-NOW.sh | ||
| encryption.md | ||
| FORGEJO-CI-CD-PIPELINE.md | ||
| FORGEJO-RUNNER-UPDATE.md | ||
| GIT-COMMAND.txt | ||
| GIT-LOG.md | ||
| GIT-STATUS.md | ||
| GIT-STATUS.txt | ||
| introduction.md | ||
| PHASE-2-3-COMPLETION-REPORT.md | ||
| PHASE-2-3-SUMMARY.md | ||
| PHASE-2-4-COMPLETE.md | ||
| PHASE-2-5-COMPLETE.md | ||
| PHASE-2-5-FILES.txt | ||
| PHASE-2-5-GIT-STATUS.md | ||
| PHASE-2-5-STATUS.md | ||
| README.md | ||
| STATUS.md | ||
Normogen
Overview
Normogen is a privacy-focused health data tracking and management platform. The name comes from Mapudungun, relating to "Balanced Life."
Vision
To record as many variables related to health as possible, store them in a secure, private manner, to be used by you, not by corporations. From medication reminders to pattern analysis, Normogen puts you in control of your health data.
Technology Stack
Backend
- Framework: Axum 0.7.9
- Runtime: Tokio 1.41.1
- Middleware: Tower, Tower-HTTP
- Database: MongoDB (with zero-knowledge encryption)
- Language: Rust
- Authentication: JWT (PBKDF2 password hashing)
Mobile (iOS + Android) - Planned
- Framework: React Native 0.73+
- Language: TypeScript
- State Management: Redux Toolkit 2.x
- Data Fetching: RTK Query 2.x
Web - Planned
- Framework: React 18+
- Language: TypeScript
- State Management: Redux Toolkit 2.x
Deployment
- Docker on Linux (Homelab)
Key Features
- 🔐 Zero-knowledge encryption - Your data is encrypted before it reaches the server
- 👥 Multi-person profiles - Track health data for yourself, children, elderly family members
- 👨👩👧👦 Family structure - Manage family health records in one place
- 🔗 Secure sharing - Share specific data via expiring links with embedded passwords
- 📱 Mobile apps - iOS and Android with health sensor integration (planned)
- 🌐 Web interface - Access from any device (planned)
Health Data Tracking
- Lab results storage
- Medication tracking (dosage, schedules, composition)
- Health statistics (weight, height, trends)
- Medical appointments
- Regular checkups
- Period tracking
- Pregnancy tracking
- Dental information
- Illness records
- Phone sensor data (steps, activity, sleep, blood pressure, temperature)
Security Model
- Client-side encryption: Data encrypted before leaving the device
- Zero-knowledge: Server stores only encrypted data
- Proton-style encryption: AES-256-GCM with PBKDF2 key derivation
- Shareable links: Self-contained decryption keys in URLs
- Privacy-first: No data selling, subscription-based revenue
- JWT authentication: Token rotation and revocation
- PBKDF2: 100,000 iterations for password hashing
Documentation
- Introduction - Project vision and detailed feature specification
- Encryption Implementation Guide - Zero-knowledge encryption architecture
- Research - Technical research and planning documents
- Project Status - Development progress tracking
Monorepo Structure
This is a monorepo containing backend, mobile, web, and shared code:
normogen/
├── backend/ # Rust backend (Axum + MongoDB)
├── mobile/ # React Native (iOS + Android) - Planned
├── web/ # React web app - Planned
├── shared/ # Shared TypeScript code
└── thoughts/ # Research & design docs
Development Status
Current Phase: Phase 2 - Backend Development (75% Complete)
Completed
Phase 1 - Planning ✅
- ✅ Project vision and requirements
- ✅ Security architecture design
- ✅ Encryption implementation guide
- ✅ Git repository initialization
- ✅ Technology stack selection
Phase 2 - Backend (In Progress)
- ✅ Phase 2.1 - Backend Project Initialization
- ✅ Phase 2.2 - MongoDB Connection & Models
- ✅ Phase 2.3 - JWT Authentication
- ✅ Phase 2.4 - User Management Enhancement
- ✅ Phase 2.5 - Access Control
- ⏳ Phase 2.6 - Security Hardening
- ⏳ Phase 2.7 - Health Data Features
Quick Start
Backend Development
# Clone repository
git clone <forgejo-url> normogen
cd normogen/backend
# Setup configuration
cp .env.example .env
# Edit .env with your values
# Run with Docker Compose
docker compose up -d
# Check status
curl http://localhost:6800/health
Testing
# Run unit tests
cargo test
# Run integration tests (requires MongoDB)
cargo test --test auth_tests
Backend API Endpoints
Authentication (/api/auth)
POST /register- User registrationPOST /login- User loginPOST /refresh- Token refresh (rotates tokens)POST /logout- Logout (revokes token)POST /recover- Password recovery
User Management (/api/users)
GET /profile- Get current user profilePUT /profile- Update profileDELETE /profile- Delete accountPOST /password- Change passwordGET /settings- Get user settingsPUT /settings- Update settings
Share Management (/api/shares)
POST /- Create new shareGET /- List all shares for current userGET /:id- Get specific sharePUT /:id- Update shareDELETE /:id- Delete share
Permissions (/api/permissions)
GET /check- Check if user has permission
Environment Configuration
# MongoDB Configuration
MONGODB_URI=mongodb://localhost:27017
DATABASE_NAME=normogen
# JWT Configuration
JWT_SECRET=<your-secret-key-minimum-32-characters>
JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15
JWT_REFRESH_TOKEN_EXPIRY_DAYS=30
# Server Configuration
SERVER_HOST=127.0.0.1
SERVER_PORT=6800
Repository Management
- Git Hosting: Forgejo (self-hosted)
- CI/CD: Forgejo Actions
- Branch Strategy:
main,develop,feature/* - Deployment: Docker Compose (homelab), Kubernetes (future)
Open Source
Normogen is open-source. Both server and client code will be publicly available.
License
[To be determined]
Contributing
See STATUS.md for current development progress and next steps.