nexus-scribe-web

HTTP server, handlers, and middleware using Axum.

Overview

Main web server crate providing:

  • REST API endpoints
  • WebSocket handlers
  • Authentication middleware
  • CORS configuration
  • Service layer (email, storage, webhooks)

CORS Configuration

Secure allowlist-based CORS:

use nexus_scribe_web::build_cors_layer;
use nexus_scribe_core::CorsConfig;

let config = CorsConfig {
    allowed_origins: vec![
        "https://app.example.com".to_string(),
        "https://api.example.com".to_string(),
    ],
    allowed_methods: vec!["GET".to_string(), "POST".to_string()],
    allowed_headers: vec!["Content-Type".to_string(), "Authorization".to_string()],
    allow_credentials: true,
    max_age: 3600,
};

let cors = build_cors_layer(&config);

Security features:

  • Empty origins = reject all cross-origin requests
  • Wildcard * logs warning (dev only)
  • Credentials only with specific origins

Handler Modules

Module Path Purpose
auth /api/v1/auth/* Login, register, MFA
users /api/v1/users/* Profile management
meetings /api/v1/meetings/* Meeting CRUD
transcripts /api/v1/transcripts/* Transcript access
search /api/v1/search Full-text search
webhooks /api/v1/webhooks/* Webhook management
privacy /api/v1/privacy/* GDPR/CCPA compliance

WebSocket Handlers

Transcription WebSocket

Real-time audio streaming and transcription:

ws://localhost:8080/ws/meeting/<meeting_id>

Collaboration WebSocket

Multi-user editing and presence:

ws://localhost:8080/ws/collaborate/<meeting_id>

Services

Email Service

Resend integration for transactional emails:

use nexus_scribe_web::services::EmailService;

let email_service = EmailService::new(
    "re_xxx".to_string(),
    "noreply@example.com".to_string(),
);

email_service.send_verification_email(
    "user@example.com",
    "John",
    "https://app.example.com/verify?token=xxx"
).await?;

Storage Service

File upload and management:

use nexus_scribe_web::services::StorageService;

let storage = StorageService::new("/data/uploads")?;

// Upload recording
let path = storage.save_recording(&meeting_id, &audio_data).await?;

// Export transcript
let export_path = storage.export_transcript(
    &meeting_id,
    ExportFormat::Pdf,
).await?;

Webhook Service

Event delivery to external systems:

use nexus_scribe_web::services::WebhookService;

webhook_service.dispatch(WebhookEvent::MeetingEnded {
    meeting_id,
    duration_seconds,
}).await?;

Audit Service

Security event logging:

use nexus_scribe_web::services::AuditService;

audit_service.log(AuditEvent::LoginSuccess {
    user_id,
    ip_address,
}).await?;

Feature Flags

Feature Description
vault HashiCorp Vault integration
tls Native TLS termination
saml SSO/SAML authentication
compliance Full compliance suite

Usage 

[dependencies]
nexus-scribe-web = { path = "../nexus-scribe-web", features = ["compliance"] }

Running the Server 

# Development
cargo run -p nexus-scribe-web

# Production
cargo build --release -p nexus-scribe-web
./target/release/nexus-scribe-web

Environment variables:

  • DATABASE_URL - Aegis-DB connection string
  • JWT_SECRET - Secret for token signing
  • RESEND_API_KEY - Email service API key
  • OLLAMA_URL - Ollama AI service URL