The forum is a self hostable, modular and secure backend and frontend application that supports authenticated anomymous interactions.
It implements fine-grained access control using a policy-based system.
- Authentication (Authn): "you are a user that meets some requirements" (owns a particular email address, or pass another kind of verification)
- Authorization (Authz): "Based on your authentication, you are allowed to do something" (can create a post, can join a group, can delete a post)
- Modular verification layer (JWT, ZKP, Verifiable Credential...).
- Policy-based access control.
- Groups management
- LateX and Markdown support
- User authentication and session management (JWT).
- Authorization middleware for role-based and group-based access control.
- Support for unauthenticated, authenticated, and anonymous-authenticated interactions.
- Cryptographic verification layer for JWTs, ZKPs, and VCs.
- CRUD operations for users, posts, comments, and groups.
- Modular policy system to define access rules dynamically.
- Efficient querying for related data (e.g., fetching posts within a group).
- Users should be able to interact with the forum without compromising anonymity.
- E.g ZKPs allows for actions without revealing the user's full identity.
Postgres with heavy use of psql triggers (ex).
- Runtime: Rust
- ORM: prisma-client-rust
- Web Framework: rspc, axum
- Validation: validator, nutype
- Mailer library: lettre
- Cryptography:
- JWT: jsonwebtoken
- password hashing/salting: ring
- ZK:
- semaphore: semapore-rs-backend
- monitoring: grafana loki
- Runtime: Bun
- Build Tool: Vite
- Routing: tanstack/react-router
- Form validation: tanstack/react-form
- State management: jotai
- Styling: shadcn, tailwind