📄 `news‑backend`
## Regulatory-First Design: Contextual Ads-Free News Portal for Privacy-Driven User Experience
[](LICENSE)
[](Rust)
**Building privacy‑by‑law systems from day 1. Start with the law, end with trust.**
> In today's data-protection landscape, regulations like GDPR, CCPA, HIPAA, and DPDPA should form the foundation of product architecture.
#### Demo-Project Concepts
1. **Personal Data Vault ("My Privacy Locker")**
A self-hosted, encrypted vault with immutable consent receipts for documents.
2. **Contextual Ads-Free News Portal**
Personalized article recommendations without profiling or cookies.
3. **Health Check-In App**
A secure daily wellness check-in for handling Protected Health Information (PHI).
---
### Table of Contents
1. [What it does](#what-it-does)
2. [Architecture – Contextual‑Ads‑Free News Portal](#architecture-–contextual‑ads‑free-news-portal)
- Components
- Data Flow
3. [Installation](#installation)
4. [Quick start / usage example](#quick-start--usage-example)
5. [Features](#features)
6. [Contributing](#contributing)
7. [License](#license)
---
### What it does
**news‑backend** provides a privacy‑first news aggregation service that:
- **Eliminates profiling** – No user‑profile database, no cookies, and no IP‑address logging beyond essential host logs.
- **Keeps personalization client‑side** – A deterministic hash‑based interest vector is generated and stored encrypted in the browser’s localStorage, rotating daily.
- **Offers transparency** – The /privacy-summary endpoint returns a machine‑readable SPDX‑2.2 privacy policy describing data collection (none) and user rights (right to object, right to access).
- **Supports opt‑out** – The /opt-out endpoint clears any possible server‑side session and signals the UI to stop any residual personalization.
- **Enforces strong security defaults** – CSP, X‑Content‑Type‑Options, Permissions‑Policy, and X‑Frame‑Options are applied globally via the Shield fairing.
> In short, the backend merely serves static assets and a privacy policy; all recommendation logic lives in the browser, guaranteeing a **cookie‑less, zero‑profiling news experience**.
---
### Architecture – Contextual‑Ads‑Free News Portal
> A zero‑profiling, cookie‑less news aggregator whose personalization runs entirely in the browser.
```js
graph LR
subgraph Backend
B1[Rocket (Rust)] B2[Static‑file server]
B1 B3[/privacy-summary (JSON SPDX‑2.2)]
B1 --> B4[/opt-out (POST)]
B1 -->|Shield fairing| S1[X‑Content‑Type‑Options]
B1 -->|Shield fairing| S2[Permissions‑Policy]
B1 -->|Shield fairing| S3[X‑Frame‑Options]
end
subgraph Frontend
F1[Next.js (React) SPA] --> F2[Service Worker (offline cache)]
F2 --> F3[IndexedDB (cached articles)]
F3 --> F4[Deterministic hash‑based recommendation engine]
F4 -->|stores encrypted vector| LS[localStorage (rotated daily)]
end
B2 -->|serves| F1
B3 -->|fetched by| F1
B4 -->|called by| F1
style Backend fill:#f0f8ff,stroke:#333,stroke-width:2px
style Frontend fill:#fff8dc,stroke:#333,stroke-width:2px
```
> **Note:** All recommendation logic stays in the browser; the backend merely serves static assets and a machine‑readable privacy‑policy.
#### Components
| **Backend** | **Rocket(Rust)** | Minimal HTTP server, serves static assets, provides privacy‑summary and opt‑out endpoints. |
| | **Shield Fairing** | Injects security headers (nosniff, interest‑cohort=(), SAMEORIGIN). |
| | **Static‑file CDN** | Delivers pre‑built Next.js assets (HTML, JS, CSS). |
| **Frontend** | **React SPA(Next.js)** | UI for browsing articles, displaying privacy dashboard, handling opt‑out. |
| | **Service Worker** | Caches articles for offline reading, reduces network chatter. |
| | **Browser IndexedDB** | Stores fetched articles locally for fast retrieval. |
| | **Client‑side Recommendation Engine** | Generates a deterministic interest vector from user interactions; never sends data to the server. |
| | **Encrypted localStorage** | Persists the interest vector, rotates daily to limit exposure. |
---
### Data Flow
1. **User visits** http://<host>/ → Rocket serves the Next.js SPA.
2. **SPA loads** static assets → Service worker caches them.
3. **Browser fetches** /privacy-summary → Receives SPDX‑2.2 JSON, displays it in the “Privacy Dashboard”.
4. **User reads articles** → Interactions feed the client‑side engine, which updates the encrypted vector in localStorage.
5. **User clicks “Opt‑out”** → SPA POSTs to /opt-out; server clears any session data (none in practice) and returns confirmation.
> All personalisation data stays on the client, ensuring a truly contextual‑ads‑free experience.
---
### Installation
```bash
# Clone the repo
git clone https://github.com/sumanjangili/regulatory-first.git
cd regulatory-first
git checkout news-aggregator
```
```js
# Add the crate to your Cargo.toml
cargo add news-backend
# Or edit Cargo.toml manually
[dependencies]
news-backend = "0.1.0"
rocket = { version = "0.5.0-rc.3", features = ["json"] }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
dotenvy = "0.15"
```
Build the binary:
```bash
cargo build --release
```
The executable will appear at `target/release/news-backend`.
---
### Quick start / usage example
```js
// src/main.rs
#[macro_use] extern crate rocket;
use rocket::{get, routes, Build, Rocket};
use rocket::serde::json::Json;
use serde::Serialize;
#[derive(Serialize)]
struct PrivacyPolicy {
policy: &'static str,
description: &'static str,
data_collected: Vec<&'static str>,
rights: [&'static str; 2],
}
#[get("/privacy-summary")]
fn privacy_summary() -> Json<PrivacyPolicy> {
Json(PrivacyPolicy {
policy: "SPDX-2.2",
description: "Zero‑profiling news aggregator – no cookies, no IP logs.",
data_collected: vec![],
rights: ["right to object", "right to access"],
})
}
#[launch]
fn rocket() -> Rocket<Build> {
rocket::build()
.mount("/", routes![privacy_summary])
.attach(news_backend::shield::Shield) // adds security headers
}
```
Run the server:
```bash
ROCKET_ADDRESS=0.0.0.0 ROCKET_PORT=8000 cargo run --release
```
Visit `http://127.0.0.1:8000/privacy-summary` – you’ll receive the JSON policy shown above.
---
### Features
- **Purpose limitation** – Backend only serves static files; no user‑profile database.
- **Data minimisation** – No IP logging beyond host‑level logs; respects navigator.doNotTrack.
- **Transparency** – /privacy-summary returns an SPDX‑style machine‑readable policy.
- **Cookie‑less tracking** – Personalisation data stays encrypted in localStorage, rotated daily.
- **Right‑to‑object** – /opt-out endpoint clears any possible server‑side session.
- **Strong defaults** – CSP, X‑Content‑Type‑Options, Permissions‑Policy, X‑Frame‑Options.
- **Lightweight** – Single‑binary Rust server, minimal runtime dependencies.
---
### Contributing
We welcome contributions! Please read our `CONTRIBUTING.md` for guidelines on how to submit issues, pull requests, and coding standards.
---
### License
`news-backend` is released under the **MIT** license. See the `LICENSE` file for details.
- [https://github.com/sumanjangili/regulatory-first/blob/news-aggregator/LICENSE](https://github.com/sumanjangili/regulatory-first/blob/news-aggregator/LICENSE)