Saltar a contenido

Hub Platform

The central identity and authentication hub for the CyberEco ecosystem.

The Hub is the gateway to every CyberEco application. It provides single sign-on, privacy controls, data management, and a unified dashboard for navigating the entire ecosystem. Every CyberEco app authenticates through the Hub, and every user manages their digital identity from this central point.

Status: Live Application

The Hub is available now at hub.cybere.co


What It Does

The Hub serves three primary functions: identity management, privacy control, and ecosystem navigation.

Single Sign-On (SSO)

One account, every CyberEco application. Users sign in once through the Hub and are automatically authenticated across JustSplit, Somos, Demos, and every future application in the ecosystem.

Feature Description
Email/Password Auth Standard credential-based authentication with secure password handling
Password Reset Self-service password recovery via email
Session Management httpOnly cookie-based sessions with automatic 45-minute refresh
Cross-App SSO Firebase Auth tokens validated across all CyberEco applications
Sign-Out Clean session termination across all active applications

Privacy Controls

The Hub is where users exercise sovereignty over their data. Granular privacy settings apply across the entire ecosystem.

Control Description
Data Sharing Choose exactly which data is shared with which applications
Cookie Preferences Fine-grained cookie consent management
Retention Settings Control how long your data is stored
Visibility Settings Manage who can see your profile and activity
Data Export Export all your data in standard formats (GDPR compliance)
Account Deletion Full right to erasure -- delete your account and all associated data

Ecosystem Dashboard

A unified control center for managing your CyberEco experience.

  • App Launcher -- Quick access to all CyberEco applications from a single dashboard
  • Activity Overview -- See recent activity across all connected applications
  • Profile Management -- Manage your identity, display name, and preferences
  • Billing & Subscription -- Manage payments and subscription status
  • Security Settings -- Two-factor authentication, active sessions, login history
  • Audit Logs -- Review access logs and permission changes

Technical Architecture

The Hub is built with a modern, performance-focused stack that prioritizes server-side rendering for security-sensitive pages.

Technology Stack

Layer Technology Purpose
Framework Astro 5 Server-rendered pages with selective client hydration
UI React Islands Interactive components hydrated with client:load
SSR @astrojs/node Node.js server-side rendering adapter
Styling CSS Modules + Custom Properties Scoped styles with theme support (no Tailwind)
i18n Custom system EN + ES translations, server-side createT() + client-side LanguageProvider

Application Structure

The Hub is a substantial application with 122+ source files.

Layer Count Details
Pages 17 .astro Landing, coming-soon, 3 auth pages, 12 protected pages
Islands 15 .tsx + CSS SignIn, SignUp, Reset, Dashboard, Apps, MyData, Profile, Privacy, Settings, Billing, Security, AuditLogs
API Routes 8 .ts login, set-cookie, generate-token, refresh, export, privacy/settings, privacy/consent, csp-report
Components 20 .tsx ui/ (10 reusable), dashboard/ (3), hub/ (7)
Providers 4 HubAuthContext, ThemeProvider, LanguageProvider, HubProviders

Authentication Flow

The Hub implements a secure, cookie-based authentication flow.

sequenceDiagram
    participant User
    participant Browser
    participant Hub API
    participant Firebase Auth

    User->>Browser: Submit email/password
    Browser->>Firebase Auth: signInWithEmailAndPassword()
    Firebase Auth-->>Browser: Firebase UID + token
    Browser->>Hub API: POST /api/auth/set-cookie (UID)
    Hub API-->>Browser: Set httpOnly cookie
    Browser->>Browser: window.location.href = '/dashboard'
    Note over Browser,Hub API: Middleware reads cookie on every request
    Browser->>Hub API: GET /dashboard (with cookie)
    Hub API-->>Browser: Render protected page

Key security properties:

  • Cookies are httpOnly -- inaccessible to JavaScript, preventing XSS attacks
  • Cookies refresh automatically every 45 minutes
  • onAuthStateChanged listener provides background session sync
  • Sign-out clears cookies via DELETE /api/auth/refresh
  • CSRF protection in middleware for all state-changing requests

Middleware

The Hub middleware handles multiple security and routing concerns.

Responsibility Description
Auth Gating Reads cybereco-auth-token cookie and blocks unauthorized access to protected routes
Security Headers CSP (Content Security Policy), HSTS, X-Frame-Options, X-Content-Type-Options
CORS Cross-origin request handling for API routes
CSRF Cross-site request forgery protection for POST/PUT/DELETE
Locale Detection Auto-detect user language from Accept-Language header
Prerender Skip Bypass header access for statically prerendered pages

API Routes

Eight API endpoints power the Hub's server-side functionality.

Endpoint Method Purpose
/api/auth/login POST Authenticate user credentials
/api/auth/set-cookie POST Set httpOnly session cookie after Firebase auth
/api/auth/generate-token POST Generate JWT for cross-app SSO
/api/auth/refresh GET/DELETE Refresh session cookie / clear on sign-out
/api/export GET Export user data in standard formats (GDPR)
/api/privacy/settings GET/PUT Read and update privacy preferences
/api/privacy/consent POST Record user consent for data processing
/api/csp-report POST Receive Content Security Policy violation reports

Islands Pattern

The Hub uses Astro's islands architecture to keep security-sensitive pages server-rendered while providing rich interactivity where needed.

Each protected page follows this pattern:

  1. .astro shell -- Server-rendered page that checks authentication via middleware
  2. React island -- Interactive component hydrated on the client with client:load
  3. <HubProviders> wrapper -- Provides Auth, Theme, and Language contexts to the island
---
// dashboard.astro -- server-rendered shell
import DashboardIsland from '../islands/DashboardIsland';
---
<Layout title="Dashboard">
  <DashboardIsland client:load />
</Layout>

This pattern ensures that:

  • Authentication is validated on the server before any page content is sent
  • JavaScript-heavy interactions (forms, state management) run as client-side React
  • The initial page load is fast because only the interactive parts are hydrated

Environment Configuration

The Hub requires Firebase credentials and a JWT secret for server-side token operations.

PUBLIC_HUB_URL=http://localhost:4321
PUBLIC_FIREBASE_API_KEY=...
PUBLIC_FIREBASE_AUTH_DOMAIN=...
PUBLIC_FIREBASE_PROJECT_ID=...
PUBLIC_FIREBASE_STORAGE_BUCKET=...
PUBLIC_FIREBASE_MESSAGING_SENDER_ID=...
PUBLIC_FIREBASE_APP_ID=...
JWT_SECRET=...  # Server-only, never exposed to client

Security Note

Variables prefixed with PUBLIC_ are exposed to the client bundle. The JWT_SECRET is server-only and must never be prefixed with PUBLIC_. Access environment variables via import.meta.env.PUBLIC_* in Astro.


Feature Roadmap

Feature Timeline Description
Enhanced dashboard 2025 Richer activity feed with cross-app data aggregation
Two-factor authentication 2025 TOTP-based 2FA for enhanced account security
OAuth providers 2025-2026 Google, GitHub, and Apple sign-in options
App permissions manager 2026 Fine-grained control over which apps can access which data
DID integration 2027+ Decentralized Identifier support for self-sovereign identity
P2P auth 2030+ Peer-to-peer authentication without central servers

Getting Started

  1. Visit hub.cybere.co
  2. Create an account with your email and password
  3. Configure your privacy settings
  4. Launch CyberEco applications from the dashboard
  1. Clone the repository: git clone https://github.com/cyber-eco/cybereco-hub.git
  2. Copy .env.example to .env in apps/hub/ and fill in Firebase credentials
  3. Install dependencies: npm ci
  4. Start the dev server: npm run dev
git clone https://github.com/cyber-eco/cybereco-hub.git
cd cybereco-hub
cp apps/hub/.env.example apps/hub/.env
# Edit apps/hub/.env with your Firebase credentials
npm ci
npm run dev

Visit the Hub View Solutions Overview