https://github.com/nash87/parkhub-rust
Modern parking management platform built in Rust β Axum, redb, React 19. 64 feature flags, 10 languages, 1685 tests. Self-hosted, modular, AI-driven.
https://github.com/nash87/parkhub-rust
2fa axum demo dsgvo gdpr germany glass-morphism iot management-system modular on-premise open-source parking parking-management react rust self-hosted smart-parking tailwindcss
Last synced: 2 months ago
JSON representation
Modern parking management platform built in Rust β Axum, redb, React 19. 64 feature flags, 10 languages, 1685 tests. Self-hosted, modular, AI-driven.
- Host: GitHub
- URL: https://github.com/nash87/parkhub-rust
- Owner: nash87
- License: mit
- Created: 2026-02-28T00:53:23.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2026-03-28T08:14:12.000Z (3 months ago)
- Last Synced: 2026-03-28T12:49:58.548Z (3 months ago)
- Topics: 2fa, axum, demo, dsgvo, gdpr, germany, glass-morphism, iot, management-system, modular, on-premise, open-source, parking, parking-management, react, rust, self-hosted, smart-parking, tailwindcss
- Language: Rust
- Homepage: https://parkhub-rust-demo.onrender.com
- Size: 11.1 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY-AUDIT.md
- Agents: AGENTS.md
Awesome Lists containing this project
README
ParkHub β Self-Hosted Parking Management
Ihre Daten. Ihr Server. Ihre Kontrolle.
The on-premise parking management runtime for the canonical ParkHub product.
Ships as a single binary with zero external dependencies. Zero cloud. Zero tracking.
100% GDPR compliant by design.
π Try the Live Demo Β Β·Β
Installation Β Β·Β
API Docs Β Β·Β
GDPR Guide Β Β·Β
Compliance Β Β·Β
Security Β Β·Β
Changelog
---
## What's New in v4.13.0
| Feature | Description |
|---------|-------------|
| **Modular UX Platform** | 72-module registry with admin dashboard at `/admin/modules`, runtime enable/disable toggle for safe modules, per-module JSON Schema config editor, and Command Palette (`Cmd+K` / `Ctrl+K` / `/`). See [docs/FEATURES.md Β§ Modular UX Platform](docs/FEATURES.md#4-modular-ux-platform) |
| **Backend refactors** | `db.rs` (4528 LOC), `api/mod.rs` router, and `api/modules.rs` (3066 LOC) split into focused sub-modules; `main.rs` bootstrap helpers extracted for testability |
| **Security hardening** | Cross-tenant admin write guards on user updates; async lock scopes tightened under load |
| **Testing depth** | `cargo-fuzz` harnesses for JWT + HMAC (nightly), `proptest` on `parkhub-common` validators, `cargo-mutants` weekly, `insta` snapshot tests |
| **OpenAPI coverage closed** | Pass 1 + pass 2 wired 280 of 282 annotated handlers (99.3 %) into `ApiDoc`; spec at [`docs/openapi/rust.json`](docs/openapi/rust.json) now exposes **229 paths** and regenerates on every schema change |
| **Runtime toolchain refresh** | Rust builder bumped to `rust:1.95-slim`; distroless runtime base pinned to `cc-debian13@sha256:56aaf20β¦` |
---
## Product Model
ParkHub is one product with multiple runtimes. This Rust edition shares the same core product model as the PHP edition, while keeping a Rust-first deployment story: single binary, embedded storage, and local-first operation.
Not every advanced module is equally hardened or equally enabled by default across runtimes. Treat the shared booking, admin, compliance, and theme surfaces as the core product line; treat advanced integrations and enterprise modules as optional and runtime-sensitive.
---
## π‘ Why Self-Hosted?
Most parking management SaaS costs 200β2,000 EUR/month, stores your data on US cloud infrastructure, and requires a data processing agreement just to get started.
ParkHub is different. It runs on your server β a Raspberry Pi, a VPS, or your company network. Your data never leaves your premises, which means **no GDPR processor agreement needed**, no CLOUD Act exposure, and no monthly fees. The entire source code is MIT-licensed and auditable.
---
## π Quick Start
### π³ Docker (recommended)
```bash
git clone https://github.com/nash87/parkhub-rust.git && cd parkhub-rust
docker compose up -d
# Open http://localhost:8080 β admin password is in the logs
```
The first build takes 5β10 minutes (compiles Rust + React from source). After that, starts are instant.
### π¦ Pre-built binary
Download the latest release binary from [GitHub Releases](https://github.com/nash87/parkhub-rust/releases/latest) (built automatically by CI on every tagged release):
```bash
# Linux x86_64
curl -Lo parkhub-server https://github.com/nash87/parkhub-rust/releases/latest/download/parkhub-server-linux-x86_64
chmod +x parkhub-server
./parkhub-server --headless --unattended --port 8080
```
### π¨ Build from source
```bash
git clone https://github.com/nash87/parkhub-rust.git && cd parkhub-rust
# Default build is pure MIT and headless (no GUI):
cargo build --release --package parkhub-server
./target/release/parkhub-server --headless --unattended --port 8080
```
To build the optional desktop GUI (pulls Slint, which is GPL-3.0 β see [LICENSES.md](LICENSES.md)):
```bash
cargo build --release --package parkhub-server --features gui
```
**[Live Demo](https://parkhub-rust-demo.onrender.com)** | Login: `admin@parkhub.test` / `demo` | (auto-resets every 6 hours)
---
## β¨ Feature Highlights
### π’ Core Platform
- **Full booking lifecycle** β one-tap quick booking, recurring reservations, guest bookings, swap requests, waitlists, automatic no-show release
- **Visual lot editor** β per-floor interactive grid with drag-and-drop, real-time occupancy, color-coded availability
- **4-tier RBAC** β user, premium, admin, superadmin with JWT session auth and token refresh
- **Credits system** β monthly quotas with per-booking deduction
- **Absence tracking** β homeoffice, vacation, sick leave with team overview and iCal import
- **Admin dashboard** β occupancy stats, 7-day booking charts, weekday/hour heatmaps, CSV export, announcements
### π Localization & Accessibility
- **10 languages** β EN, DE, FR, ES, IT, PT, TR, PL, JA, ZH with runtime hot-loading
- **12 switchable themes** β theme switching is part of the product contract, but the exact runtime theme set is still being pulled onto a shared semantic registry and parity gate
- **Accessible parking** β `is_accessible` slots with 30-min priority booking, admin toggle, stats
### π¨ Theme Contract
- **Shared product surface** β themes are a core ParkHub surface, not decorative runtime extras
- **Semantic parity first** β theme switching must preserve state clarity, hierarchy, contrast, and critical controls across runtimes
- **Registry alignment in progress** β Rust and PHP currently expose different concrete theme inventories, so public naming is gated until both runtimes match the shared registry
### π Integrations & Extensions
- **Webhooks v2** β HMAC-SHA256 signed event delivery with retry logic and delivery logs
- **iCal Calendar Sync** β subscribe to bookings from Google Calendar, Outlook, or Apple Calendar
- **Web Push notifications** β VAPID-based push with action buttons and service worker handler
- **Stripe payments** β checkout sessions, webhook handler, payment history, self-service config
- **OAuth/Social login** β self-service Google + GitHub OAuth
- **Enterprise identity (optional)** β SAML/SSO and other advanced identity flows are runtime-sensitive and should be treated as optional enterprise modules, not as baseline auth
- **GraphQL API** β full schema alongside REST with interactive GraphiQL playground
- **Plugin/extension system** β trait-based plugin architecture with event hooks
### π Analytics & Operations
- **Admin analytics dashboard** β daily bookings/revenue charts, peak hours heatmap, top lots, user growth
- **COβ tracking** β per-booking COβ estimates via `FuelType` enum + `/api/v1/bookings/co2-summary` (carpool detection, dashboard KPI tile, 10-locale copy)
- **Prometheus metrics** β `/metrics` endpoint for Grafana/K8s monitoring
- **Audit log** β full audit trail with UI, filtering, and multi-format export (PDF, CSV, JSON)
- **Scheduled reports** β automated daily/weekly/monthly email digests
- **k6 load tests** β smoke, load, stress, and spike test scripts in `tests/load/`
- **Lighthouse CI** β accessibility β₯ 95, performance β₯ 90, SEO β₯ 95 gates
### π Notification Contract
- **Core notifications** β in-app notifications plus transactional email
- **Advanced notifications** β Web Push via VAPID where configured
- **Gated channels** β SMS/WhatsApp-style channels should be treated as gated unless explicitly proven operational in the active runtime
### ποΈ Guest and Pass Contract
- **Core guest flow** β guest bookings and host-visible guest handling
- **Advanced pass flow** β digital passes, QR generation, visitor pre-registration, and check-in surfaces
- **Runtime-sensitive surfaces** β QR/check-in/public verification flows should be treated as advanced and runtime-sensitive, not as unconditional baseline behavior
### π Security
- **httpOnly cookie auth** with SameSite=Lax (XSS-proof, Bearer fallback for APIs)
- **Argon2id** password hashing (wrapped in spawn_blocking)
- **Optional AES-256-GCM** database encryption at rest
- **Auto-generated TLS 1.3** certificates (rustls, no OpenSSL)
- **Constant-time token comparison** (subtle crate)
- **IP-based rate limiting** β 5 login/min, 100 req/s global
- **Nonce-based CSP + HSTS** + security headers
- **2FA/TOTP** β QR code enrollment, backup codes, per-account enable/disable
- **Session management** β list and revoke active tokens, login history with IP/user-agent
- **Complete audit log** β every write operation recorded
### π Auth Contract
- **Core auth** β login, registration, password reset, RBAC, 2FA/TOTP, session management
- **Integration auth** β OAuth providers such as Google and GitHub
- **Enterprise identity** β SAML/SSO and similar flows remain optional and runtime-sensitive
### 𧩠Modularity
**72 modules** across 11 categories in a single declarative registry, all exposed in the admin dashboard at `/admin/modules`. 15 are safe to flip on/off at runtime via `PATCH /api/v1/admin/modules/{name}`; 5 ship JSON Schema config editors at `PATCH /api/v1/admin/modules/{name}/config`. Every toggle and config write lands in the audit log. A Command Palette (`Cmd+K` / `Ctrl+K` / `/`) auto-seeds "Go toβ¦" entries for every active module with a UI route. Compile-time: build only what you need via `--features "headless,mod-..."`. See [ARCHITECTURE.md Β§ Module System](ARCHITECTURE.md#module-system) and [docs/FEATURES.md Β§ Modular UX Platform](docs/FEATURES.md#4-modular-ux-platform).
---
## πΈ Screenshots
| | |
|---|---|
|  |  |
| Dashboard with occupancy stats | Interactive booking flow |
|  |  |
| Admin panel with layout editor | Full dark mode support |
|  |  |
| Clean login screen | Vehicle registry |
|  |  |
| Admin Modules Dashboard β toggle plugins + edit JSON-schema config without redeploying (v4.13.0) | Command Palette (Cmd+K) β navigate + run actions from one search bar |
---
## π οΈ Tech Stack
| Layer | Technology |
|-------|-----------|
| **Language** | [Rust](https://www.rust-lang.org/) 1.94+ (edition 2024) |
| **HTTP Framework** | [Axum](https://github.com/tokio-rs/axum) 0.8 + [Tokio](https://tokio.rs/) async runtime |
| **Database** | [redb](https://github.com/cberner/redb) 2 β embedded pure-Rust key-value store |
| **Encryption** | AES-256-GCM at rest Β· Argon2id passwords Β· rustls TLS 1.3 |
| **Frontend** | [React](https://react.dev/) 19 + [TypeScript](https://www.typescriptlang.org/) + [Astro](https://astro.build/) 6 |
| **Styling** | [Tailwind CSS](https://tailwindcss.com/) 4 β 12 switchable themes |
| **API Docs** | [utoipa](https://github.com/juhaku/utoipa) + Swagger UI β full OpenAPI 3.0 spec at [`docs/openapi/rust.json`](docs/openapi/rust.json), 229 paths, drift-gated in CI |
| **Desktop Client** | [Slint](https://slint.dev/) GUI with system tray (Windows/macOS) |
| **Service Discovery** | [mdns-sd](https://github.com/keepsimple1/mdns-sd) β zero-config LAN autodiscovery |
| **Deployment** | Single binary Β· Docker Β· Helm chart Β· Render/Koyeb PaaS |
---
## βοΈ How ParkHub Compares
| Feature | **ParkHub** | Parkeon | ParkMobile | SpotHero |
|---------|-------------|---------|------------|---------|
| **Self-hosted / On-premise** | β
Yes | β No | β No | β No |
| **Open source** | β
MIT | β No | β No | β No |
| **Monthly SaaS fee** | π Free | π° High | π° High | π° High |
| **GDPR compliant by default** | β
Yes | β οΈ Contract needed | β οΈ Contract needed | β οΈ Contract needed |
| **Data leaves your premises** | β
Never | β Always | β Always | β Always |
| **Single binary deployment** | β
Yes | β No | β No | β No |
| **Customizable / Extensible** | β
72 modules Β· runtime toggles Β· JSON Schema config | β No | β No | β No |
| **Multi-language UI** | β
10 languages | β οΈ Limited | β οΈ Limited | β οΈ Limited |
| **API access** | β
Full REST + GraphQL | β οΈ Enterprise only | β οΈ Limited | β οΈ Limited |
| **Air-gapped deployment** | β
Yes | β No | β No | β No |
> *ParkHub is designed for organizations that need full data sovereignty. SaaS tools are optimized for consumer/enterprise cloud use cases.*
---
## ποΈ Architecture
```
βββββββββββββββββββββββββββββββββββ
β React 19 + Astro 6 SPA β
β TypeScript Β· Tailwind CSS 4 β
βββββββββββββββββ¬ββββββββββββββββββ
β httpOnly Cookie + Bearer Token
βββββββββββββββββΌββββββββββββββββββ
β Axum 0.8 HTTP Server β
β /api/v1/* Β· /swagger-ui β
β /metrics Β· /health β
βββββββββββββββββββββββββββββββββββ€
β redb (embedded key-value DB) β
β Optional AES-256-GCM at rest β
βββββββββββββββββββββββββββββββββββ
Single Rust binary (~15 MB)
```
The entire stack β API server, database, and frontend β compiles into a **single binary**. No PostgreSQL, no Redis, no nginx. Just download and run. The React frontend is embedded via `rust-embed` and served as static files.
For LAN deployments, mDNS autodiscovery lets clients find the server without any DNS configuration. A desktop client (Slint UI) with system tray integration is available for Windows and macOS.
For a deep dive into code structure, database design, and key design decisions, see **[ARCHITECTURE.md](ARCHITECTURE.md)**.
---
## π’ Deployment
ParkHub runs anywhere β from a Raspberry Pi to Kubernetes.
| Method | Complexity | Best For |
|--------|------------|----------|
| **Docker Compose** | Low | Standard deployment β `docker compose up -d` |
| **Kubernetes / Helm** | Medium | Enterprise β full chart with HPA, PVC, all module flags, TLS ingress |
| **Bare Metal** | Low | Single binary, zero dependencies, x86_64 + ARM64 |
| **Windows** | Low | Desktop GUI with system tray and setup wizard |
| **PaaS** (Render) | Low | Quick demos β [Live Demo](https://parkhub-rust-demo.onrender.com) |
- **Container images**: `ghcr.io/nash87/parkhub-rust:latest` (linux/amd64, distroless β ~25 MB)
- **Helm chart**: `helm/parkhub/` β see [helm/README.md](helm/README.md)
See [docs/INSTALLATION.md](docs/INSTALLATION.md) for detailed guides.
---
## π§ͺ Testing
**1,785 Rust unit + integration tests** (`cargo test --workspace`) plus Vitest frontend and 29 Playwright E2E specs. Clippy runs in pedantic + nursery mode with zero warnings. Lighthouse CI enforces accessibility β₯ 95, performance β₯ 90.
```bash
cargo test --workspace # Rust backend
cd parkhub-web && npx vitest run # Frontend unit tests
npx playwright test # E2E tests
```
Supplementary safety nets (all CI-enforced):
- **`cargo-fuzz`** β nightly fuzz harnesses on JWT decoding + HMAC verification (`fuzz/`)
- **`proptest`** β property tests on `parkhub-common` validators
- **`cargo-mutants`** β weekly mutation testing, survivors fail the workflow
- **`insta`** β snapshot tests for router + OpenAPI output
- **Lighthouse CI** β a11y β₯ 95, perf β₯ 90, SEO β₯ 95 gates
- **CodeQL + Trivy** β SAST + container CVE scanning on every push
- **SBOM + cosign** β every release image attested with Syft SBOM and cosign signature
- **cargo-deny** β advisories, licenses, bans, sources on every PR
---
## π API Documentation
Interactive API docs at `/swagger-ui` when the server is running. The full OpenAPI 3.0 spec β snapshotted at [`docs/openapi/rust.json`](docs/openapi/rust.json) and regenerated on every schema change β covers **229 paths** and 280 documented operations across auth, bookings, lots, vehicles, admin, modules, GDPR, and more. A CI drift gate (`make drift`) blocks any handler change that forgets to update the spec. The OpenAPI coverage work landed in v4.13.0 and wired 280 of 282 annotated handlers (99.3 %) into `ApiDoc`.
**[Live API Docs β](https://parkhub-rust-demo.onrender.com/swagger-ui)**
A ready-made Postman collection is available at `docs/postman/` β see [ARCHITECTURE.md](ARCHITECTURE.md#postman-collection) for import instructions.
---
## βοΈ Configuration
All configuration is via environment variables or `config.toml`. Key variables:
| Variable | Purpose |
|----------|---------|
| `PARKHUB_DB_PASSPHRASE` | Enable AES-256-GCM database encryption |
| `SMTP_HOST` / `SMTP_USER` / `SMTP_PASS` | Email notifications |
| `PARKHUB_ADMIN_PASSWORD` | Set admin password (auto-generated if omitted) |
| `DEMO_MODE=true` | Enable demo overlay with 6-hour auto-reset |
| `OAUTH_GOOGLE_CLIENT_ID` | Google OAuth client ID |
| `OAUTH_GITHUB_CLIENT_ID` | GitHub OAuth client ID |
| `RUST_LOG=info` | Log level |
Full reference: [docs/CONFIGURATION.md](docs/CONFIGURATION.md)
---
## π PHP Edition
A feature-equivalent **PHP edition** (Laravel 12 + MySQL/SQLite/PostgreSQL) exists for environments where shared hosting compatibility matters. Both editions share the same React frontend and REST API surface, so they're fully interchangeable.
**[nash87/parkhub-php β](https://github.com/nash87/parkhub-php)**
---
## π Legal Compliance
ParkHub is built for GDPR/DSGVO compliance by design. Audited against **9 regulatory frameworks**:
**GDPR** (EU) | **DSGVO** (DE) | **TTDSG** (DE) | **DDG** (DE) | **BDSG** (DE) | **NIS2** (EU) | **CCPA** (US) | **UK GDPR** | **nDSG** (CH)
| Document | Scope |
|----------|-------|
| [GDPR Guide](docs/GDPR.md) | Data inventory, user rights (Art. 15β22), retention, TOMs |
| [Compliance Matrix](docs/COMPLIANCE.md) | DSGVO, TTDSG, DDG, BDSG, GoBD, NIS2, UK GDPR, CCPA, nDSG, LGPD |
| [Compliance Report](COMPLIANCE-REPORT.md) | Automated compliance checks with scoring |
| [Security Model](docs/SECURITY.md) | Auth, encryption, OWASP Top 10, vulnerability disclosure |
| [Privacy Template](docs/PRIVACY-TEMPLATE.md) | Ready-to-use DatenschutzerklΓ€rung (German) |
| [Impressum Template](docs/IMPRESSUM-TEMPLATE.md) | DDG Β§5 provider identification (German) |
| [BFSG Accessibility Template](legal/bfsg-barrierefreiheit-template.md) | German Accessibility Improvement Act (BFSG) statement β required for most commercial deployments from 2025-06-28 |
| [EU AI Act Transparency Template](legal/ai-act-transparency-template.md) | Art. 50 transparency notice β required if the operator enables AI/ML features |
| [Third-Party Licenses](LICENSE-THIRD-PARTY.md) | All Rust crate and npm dependency licenses |
See [`legal/`](legal/) for the full template set β all documents are operator-customizable, not binding legal texts.
**Key compliance features:** Argon2id passwords, AES-256-GCM encryption at rest, TLS 1.3, audit logging, data export (Art. 15/20), account erasure (Art. 17), no cookies, no tracking, no third-party data processors by default.
---
## π€ Contributing
Contributions are very welcome! Here's how to get started:
1. **Fork** the repository and create a feature branch
2. **Read** [DEVELOPMENT.md](DEVELOPMENT.md) for the local dev loop, and [docs/CONTRIBUTING.md](docs/CONTRIBUTING.md) for code style, commit conventions, and PR process
3. **Install pre-commit hooks** (config already in `.pre-commit-config.yaml`):
```bash
pre-commit install
```
4. **Run the pre-push gate** before opening a PR β `make ci` mirrors the GitHub Actions pipeline (fmt + clippy + check + test + frontend + OpenAPI drift):
```bash
make ci # full local CI mirror β required before push
make act # optional: run the actual workflows locally via nektos/act (.actrc preconfigured)
```
5. **Open a PR** β CI will run automatically. The [OpenAPI parity contract](docs/openapi-parity.md) ensures the REST surface stays aligned with the [PHP edition](https://github.com/nash87/parkhub-php).
**Bug reports and feature requests:** [GitHub Issues](https://github.com/nash87/parkhub-rust/issues)
**Security vulnerabilities:** please follow the [responsible disclosure policy](SECURITY.md) β do not open a public issue.
---
## π License
MIT β see [LICENSE](LICENSE).
The **default build** (`cargo build`) is pure MIT and uses the `headless` feature β no GPL dependencies. Server/Docker images and the binaries published to GitHub Releases are all built this way.
The **optional `gui` feature** (`cargo build --features gui`) pulls [Slint](https://slint.dev/) (GPL-3.0 community edition or commercial license) for the desktop tray client. Binaries built with this feature are GPL-3.0.
See [LICENSES.md](LICENSES.md) and [LICENSE-THIRD-PARTY.md](LICENSE-THIRD-PARTY.md) for the full dependency license inventory.