news-backend 0.1.0

📄 news‑backend

Regulatory-First Design: Contextual Ads-Free News Portal for Privacy-Driven User Experience

Building privacy‑by‑law systems from day 1. Start with the law, end with trust.

In today's data-protection landscape, regulations like GDPR, CCPA, HIPAA, and DPDPA should form the foundation of product architecture.

Demo-Project Concepts

1. Personal Data Vault ("My Privacy Locker") A self-hosted, encrypted vault with immutable consent receipts for documents.
2. Contextual Ads-Free News Portal Personalized article recommendations without profiling or cookies.
3. Health Check-In App A secure daily wellness check-in for handling Protected Health Information (PHI).

Table of Contents

1. What it does
2. Architecture – Contextual‑Ads‑Free News Portal

• Components
• Data Flow

3. Installation
4. Quick start / usage example
5. Features
6. Contributing
7. License

What it does

news‑backend provides a privacy‑first news aggregation service that:

• Eliminates profiling – No user‑profile database, no cookies, and no IP‑address logging beyond essential host logs.
• Keeps personalization client‑side – A deterministic hash‑based interest vector is generated and stored encrypted in the browser’s localStorage, rotating daily.
• Offers transparency – The /privacy-summary endpoint returns a machine‑readable SPDX‑2.2 privacy policy describing data collection (none) and user rights (right to object, right to access).
• Supports opt‑out – The /opt-out endpoint clears any possible server‑side session and signals the UI to stop any residual personalization.
• Enforces strong security defaults – CSP, X‑Content‑Type‑Options, Permissions‑Policy, and X‑Frame‑Options are applied globally via the Shield fairing.

In short, the backend merely serves static assets and a privacy policy; all recommendation logic lives in the browser, guaranteeing a cookie‑less, zero‑profiling news experience.

Architecture – Contextual‑Ads‑Free News Portal

A zero‑profiling, cookie‑less news aggregator whose personalization runs entirely in the browser.

graph LR
    subgraph Backend
        B1[Rocket (Rust)] --> B2[Static‑file server]
        B1 --> B3[/privacy-summary (JSON SPDX‑2.2)]
        B1 --> B4[/opt-out (POST)]
        B1 -->|Shield fairing| S1[X‑Content‑Type‑Options]
        B1 -->|Shield fairing| S2[Permissions‑Policy]
        B1 -->|Shield fairing| S3[X‑Frame‑Options]
    end

    subgraph Frontend
        F1[Next.js (React) SPA] --> F2[Service Worker (offline cache)]
        F2 --> F3[IndexedDB (cached articles)]
        F3 --> F4[Deterministic hash‑based recommendation engine]
        F4 -->|stores encrypted vector| LS[localStorage (rotated daily)]
    end

    B2 -->|serves| F1
    B3 -->|fetched by| F1
    B4 -->|called by| F1
    style Backend fill:#f0f8ff,stroke:#333,stroke-width:2px
    style Frontend fill:#fff8dc,stroke:#333,stroke-width:2px

Note: All recommendation logic stays in the browser; the backend merely serves static assets and a machine‑readable privacy‑policy.

Components

Data Flow

1. User visits http:/// → Rocket serves the Next.js SPA.
2. SPA loads static assets → Service worker caches them.
3. Browser fetches /privacy-summary → Receives SPDX‑2.2 JSON, displays it in the “Privacy Dashboard”.
4. User reads articles → Interactions feed the client‑side engine, which updates the encrypted vector in localStorage.
5. User clicks “Opt‑out” → SPA POSTs to /opt-out; server clears any session data (none in practice) and returns confirmation.

All personalisation data stays on the client, ensuring a truly contextual‑ads‑free experience.

Installation

# Clone the repo
git clone https://github.com/sumanjangili/regulatory-first.git
cd regulatory-first
git checkout news-aggregator

# Add the crate to your Cargo.toml
cargo add news-backend

# Or edit Cargo.toml manually
[dependencies]
news-backend = "0.1.0"
rocket       = { version = "0.5.0-rc.3", features = ["json"] }
serde        = { version = "1", features = ["derive"] }
serde_json   = "1"
dotenvy      = "0.15"

Build the binary:

cargo build --release

The executable will appear at target/release/news-backend.

Quick start / usage example

// src/main.rs
#[macro_use] extern crate rocket;

use rocket::{get, routes, Build, Rocket};
use rocket::serde::json::Json;
use serde::Serialize;

#[derive(Serialize)]
struct PrivacyPolicy {
    policy: &'static str,
    description: &'static str,
    data_collected: Vec<&'static str>,
    rights: [&'static str; 2],
}

#[get("/privacy-summary")]
fn privacy_summary() -> Json<PrivacyPolicy> {
    Json(PrivacyPolicy {
        policy: "SPDX-2.2",
        description: "Zero‑profiling news aggregator – no cookies, no IP logs.",
        data_collected: vec![],
        rights: ["right to object", "right to access"],
    })
}

#[launch]
fn rocket() -> Rocket<Build> {
    rocket::build()
        .mount("/", routes![privacy_summary])
        .attach(news_backend::shield::Shield) // adds security headers
}

Run the server:

ROCKET_ADDRESS=0.0.0.0 ROCKET_PORT=8000 cargo run --release

Visit http://127.0.0.1:8000/privacy-summary – you’ll receive the JSON policy shown above.

Features

• Purpose limitation – Backend only serves static files; no user‑profile database.
• Data minimisation – No IP logging beyond host‑level logs; respects navigator.doNotTrack.
• Transparency – /privacy-summary returns an SPDX‑style machine‑readable policy.
• Cookie‑less tracking – Personalisation data stays encrypted in localStorage, rotated daily.
• Right‑to‑object – /opt-out endpoint clears any possible server‑side session.
• Strong defaults – CSP, X‑Content‑Type‑Options, Permissions‑Policy, X‑Frame‑Options.
• Lightweight – Single‑binary Rust server, minimal runtime dependencies.

Contributing

We welcome contributions! Please read our CONTRIBUTING.md for guidelines on how to submit issues, pull requests, and coding standards.

License

news-backend is released under the MIT license. See the LICENSE file for details.

• https://github.com/sumanjangili/regulatory-first/blob/news-aggregator/LICENSE