Ihre Daten. Ihr Server. Ihre Kontrolle.
The on-premise parking management runtime for the canonical ParkHub product.
Ships as a single binary with zero external dependencies. Zero cloud. Zero tracking.
GDPR/DSGVO-ready building blocks; final compliance depends on deployment, contracts, and operator configuration.
🚀 Try the Live Demo · Installation · API Docs · GDPR Guide · Compliance · Security · Changelog
 |
 |
 |
 |
 |
 |
Live demo: parkhub-rust-demo.onrender.com · drücke ⌘K / Ctrl+K für die Command-Palette · ? blendet das Help-Overlay ein.
| Surface | Status |
|---|---|
| All navigation screens | 26 / 26 ported to src/design-v5/ — the <PlaceholderV5> fallback has been retired. |
| Themes | OKLCH tokens across marble_light, marble_dark, void — self-hosted Inter-Variable keeps the LCP budget green. |
| Command Palette | cmdk-powered, mounted globally, reachable from every route with ⌘K / Ctrl+K. |
| Realtime | Live cells hydrate from /api/v1/events/stream (SSE) with a polling fallback; charts render via uPlot. |
| Accessibility | axe-core runs in CI on every v5 route; keyboard-only nav verified for the full shell + Assistent panel. |
| Types | ts-rs generates src/generated/types/* from the Rust backend so Fleet events stay type-safe end-to-end. |
Live demo: https://parkhub-rust-demo.onrender.com.
| Feature | Description |
|---|---|
| Modular UX Platform | 72-module registry with admin dashboard at /admin/modules, runtime enable/disable toggle for safe modules, per-module JSON Schema config editor, and Command Palette (Cmd+K / Ctrl+K / /). See docs/FEATURES.md § Modular UX Platform |
| Backend refactors | db.rs (4528 LOC), api/mod.rs router, and api/modules.rs (3066 LOC) split into focused sub-modules; main.rs bootstrap helpers extracted for testability |
| Security hardening | Cross-tenant admin write guards on user updates; async lock scopes tightened under load |
| Testing depth | cargo-fuzz harnesses for JWT + HMAC (nightly), proptest on parkhub-common validators, cargo-mutants weekly, insta snapshot tests |
| OpenAPI coverage closed | Pass 1 + pass 2 wired 280 of 282 annotated handlers (99.3 %) into ApiDoc; spec at docs/openapi/rust.json now exposes 229 paths and regenerates on every schema change |
| Runtime toolchain refresh | Rust builder bumped to rust:1.95-slim; distroless runtime base pinned to cc-debian13@sha256:56aaf20… |
ParkHub is one product with multiple runtimes. This Rust edition shares the same core product model as the PHP edition, while keeping a Rust-first deployment story: single binary, embedded storage, and local-first operation.
Not every advanced module is equally hardened or equally enabled by default across runtimes. Treat the shared booking, admin, compliance, and theme surfaces as the core product line; treat advanced integrations and enterprise modules as optional and runtime-sensitive.
Cross-runtime ownership and release discipline live in docs/parity-governance.md and docs/release-checklist.md.
Most parking management SaaS costs 200–2,000 EUR/month, stores your data on US cloud infrastructure, and requires a data processing agreement just to get started.
ParkHub is different. It runs on your server — a Raspberry Pi, a VPS, or your company network. If you operate it entirely on infrastructure you control, the core product avoids a ParkHub platform processor relationship; external hosting, SMTP, payment, analytics, or support providers still need the operator's own processor and transfer review. The entire source code is MIT-licensed and auditable.
git clone https://github.com/nash87/parkhub-rust.git && cd parkhub-rust
cp .env.example .env
# Edit .env and set a strong PARKHUB_ADMIN_PASSWORD before first start
docker compose up -d
# Open http://localhost:8080The first build takes 5–10 minutes (compiles Rust + React from source). After that, starts are instant.
Download the latest release binary from GitHub Releases (built automatically by CI on every tagged release):
# Linux x86_64
curl -Lo parkhub-linux-x64.tar.gz https://github.com/nash87/parkhub-rust/releases/latest/download/parkhub-linux-x64.tar.gz
tar -xzf parkhub-linux-x64.tar.gz
./parkhub-linux-x64/parkhub-server --headless --unattended --port 8080git clone https://github.com/nash87/parkhub-rust.git && cd parkhub-rust
# Default build is pure MIT and headless (no GUI):
cargo build --release --package parkhub-server
./target/release/parkhub-server --headless --unattended --port 8080To build the optional desktop GUI (pulls Slint, which is GPL-3.0 — see LICENSES.md):
cargo build --release --package parkhub-server --features guiLive Demo | Login: admin@parkhub.test / demo | (auto-resets every 6 hours)
Headless/server release archives for v5.0.5 and newer are signed with cosign using GitHub's keyless OIDC flow — the signing identity is the release.yml workflow on this repo, so you can verify provenance without any pre-shared key. The matching *.cosign.bundle is published next to each signed archive on the Releases page.
curl -LO https://github.com/nash87/parkhub-rust/releases/latest/download/parkhub-linux-x64.tar.gz
curl -LO https://github.com/nash87/parkhub-rust/releases/latest/download/parkhub-linux-x64.tar.gz.cosign.bundle
cosign verify-blob \
--certificate-identity-regexp '^https://github\.com/nash87/parkhub-rust/\.github/workflows/release\.yml@refs/tags/v.*$' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--bundle parkhub-linux-x64.tar.gz.cosign.bundle \
parkhub-linux-x64.tar.gzparkhub-linux-arm64.tar.gz, parkhub-macos-universal.tar.gz, parkhub-windows-x64.zip, and checksums.txt each ship with their own *.cosign.bundle and verify the same way — just swap the filenames.
For software composition, each platform archive also publishes a SPDX SBOM (*.spdx.json) listing every dependency, version, and license.
cosign itself is Apache-2.0 licensed, so verification adds no proprietary dependencies to your toolchain.
- Full booking lifecycle — one-tap quick booking, recurring reservations, guest bookings, swap requests, waitlists, automatic no-show release
- Visual lot editor — per-floor interactive grid with drag-and-drop, real-time occupancy, color-coded availability
- 4-tier RBAC — user, premium, admin, superadmin with JWT session auth and token refresh
- Credits system — monthly quotas with per-booking deduction
- Absence tracking — homeoffice, vacation, sick leave with team overview and iCal import
- Admin dashboard — occupancy stats, 7-day booking charts, weekday/hour heatmaps, CSV export, announcements
- 10 languages — EN, DE, FR, ES, IT, PT, TR, PL, JA, ZH with runtime hot-loading
- 12 switchable themes — theme switching is part of the product contract, but the exact runtime theme set is still being pulled onto a shared semantic registry and parity gate
- Accessible parking —
is_accessibleslots with 30-min priority booking, admin toggle, stats
- Shared product surface — themes are a core ParkHub surface, not decorative runtime extras
- Semantic parity first — theme switching must preserve state clarity, hierarchy, contrast, and critical controls across runtimes
- Registry alignment in progress — Rust and PHP currently expose different concrete theme inventories, so public naming is gated until both runtimes match the shared registry
- Webhooks v2 — HMAC-SHA256 signed event delivery with retry logic and delivery logs
- iCal Calendar Sync — subscribe to bookings from Google Calendar, Outlook, or Apple Calendar
- Web Push notifications — VAPID-based push with action buttons and service worker handler
- Stripe payments — checkout sessions, webhook handler, payment history, self-service config
- OAuth/Social login — self-service Google + GitHub OAuth
- Enterprise identity (optional) — SAML/SSO and other advanced identity flows are runtime-sensitive and should be treated as optional enterprise modules, not as baseline auth
- GraphQL API — full schema alongside REST with interactive GraphiQL playground
- Plugin/extension system — trait-based plugin architecture with event hooks
- Admin analytics dashboard — daily bookings/revenue charts, peak hours heatmap, top lots, user growth
- CO₂ tracking — per-booking CO₂ estimates via
FuelTypeenum +/api/v1/bookings/co2-summary(carpool detection, dashboard KPI tile, 10-locale copy) - Prometheus metrics —
/metricsendpoint for Grafana/K8s monitoring - Audit log — full audit trail with UI, filtering, and multi-format export (PDF, CSV, JSON)
- Scheduled reports — automated daily/weekly/monthly email digests
- k6 load tests — smoke, load, stress, and spike test scripts in
tests/load/ - Lighthouse CI — accessibility ≥ 95, performance ≥ 90, SEO ≥ 95 gates
- Core notifications — in-app notifications plus transactional email
- Advanced notifications — Web Push via VAPID where configured
- Gated channels — SMS/WhatsApp-style channels should be treated as gated unless explicitly proven operational in the active runtime
- Core guest flow — guest bookings and host-visible guest handling
- Advanced pass flow — digital passes, QR generation, visitor pre-registration, and check-in surfaces
- Runtime-sensitive surfaces — QR/check-in/public verification flows should be treated as advanced and runtime-sensitive, not as unconditional baseline behavior
- httpOnly cookie auth with SameSite=Lax (XSS-proof, Bearer fallback for APIs)
- Argon2id password hashing (wrapped in spawn_blocking)
- Optional AES-256-GCM database encryption at rest
- Auto-generated TLS 1.3 certificates (rustls, no OpenSSL)
- Constant-time token comparison (subtle crate)
- IP-based rate limiting — 5 login/min, 100 req/s global
- Nonce-based CSP + HSTS + security headers
- 2FA/TOTP — QR code enrollment, backup codes, per-account enable/disable
- Session management — list and revoke active tokens, login history with IP/user-agent
- Complete audit log — every write operation recorded
- Core auth — login, registration, password reset, RBAC, 2FA/TOTP, session management
- Integration auth — OAuth providers such as Google and GitHub
- Enterprise identity — SAML/SSO and similar flows remain optional and runtime-sensitive
72 modules across 11 categories in a single declarative registry, all exposed in the admin dashboard at /admin/modules. 15 are safe to flip on/off at runtime via PATCH /api/v1/admin/modules/{name}; 5 ship JSON Schema config editors at PATCH /api/v1/admin/modules/{name}/config. Every toggle and config write lands in the audit log. A Command Palette (Cmd+K / Ctrl+K / /) auto-seeds "Go to…" entries for every active module with a UI route. Compile-time: build only what you need via --features "headless,mod-...". See ARCHITECTURE.md § Module System and docs/FEATURES.md § Modular UX Platform.
 |
 |
| Dashboard with occupancy stats | Interactive booking flow |
 |
 |
| Admin panel with layout editor | Full dark mode support |
 |
 |
| Clean login screen | Vehicle registry |
 |
 |
| Admin Modules Dashboard — toggle plugins + edit JSON-schema config without redeploying (v4.13.0) | Command Palette (Cmd+K) — navigate + run actions from one search bar |
| Layer | Technology |
|---|---|
| Language | Rust 1.94+ (edition 2024) |
| HTTP Framework | Axum 0.8 + Tokio async runtime |
| Database | redb 2 — embedded pure-Rust key-value store |
| Encryption | AES-256-GCM at rest · Argon2id passwords · rustls TLS 1.3 |
| Frontend | React 19 + TypeScript + Astro 6 |
| Styling | Tailwind CSS 4 — 12 switchable themes |
| API Docs | utoipa + Swagger UI — full OpenAPI 3.0 spec at docs/openapi/rust.json, 229 paths, drift-gated in CI |
| Desktop Client | Slint GUI with system tray (Windows/macOS) |
| Service Discovery | mdns-sd — zero-config LAN autodiscovery |
| Deployment | Single binary · Docker · Helm chart · Render/Koyeb PaaS |
| Feature | ParkHub | Parkeon | ParkMobile | SpotHero |
|---|---|---|---|---|
| Self-hosted / On-premise | ✅ Yes | ❌ No | ❌ No | ❌ No |
| Open source | ✅ MIT | ❌ No | ❌ No | ❌ No |
| Monthly SaaS fee | 🆓 Free | 💰 High | 💰 High | 💰 High |
| GDPR/DSGVO readiness controls | ✅ Self-hosted controls + templates | |||
| Data leaves your premises | ✅ Avoidable in operator-controlled deployments | ❌ Always | ❌ Always | ❌ Always |
| Single binary deployment | ✅ Yes | ❌ No | ❌ No | ❌ No |
| Customizable / Extensible | ✅ 72 modules · runtime toggles · JSON Schema config | ❌ No | ❌ No | ❌ No |
| Multi-language UI | ✅ 10 languages | |||
| API access | ✅ Full REST + GraphQL | |||
| Air-gapped deployment | ✅ Yes | ❌ No | ❌ No | ❌ No |
ParkHub is designed for organizations that need full data sovereignty. SaaS tools are optimized for consumer/enterprise cloud use cases.
┌─────────────────────────────────┐
│ React 19 + Astro 6 SPA │
│ TypeScript · Tailwind CSS 4 │
└───────────────┬─────────────────┘
│ httpOnly Cookie + Bearer Token
┌───────────────▼─────────────────┐
│ Axum 0.8 HTTP Server │
│ /api/v1/* · /swagger-ui │
│ /metrics · /health │
├─────────────────────────────────┤
│ redb (embedded key-value DB) │
│ Optional AES-256-GCM at rest │
└─────────────────────────────────┘
Single Rust binary (~15 MB)
The entire stack — API server, database, and frontend — compiles into a single binary. No PostgreSQL, no Redis, no nginx. Just download and run. The React frontend is embedded via rust-embed and served as static files.
For LAN deployments, mDNS autodiscovery lets clients find the server without any DNS configuration. A desktop client (Slint UI) with system tray integration is available for Windows and macOS.
For a deep dive into code structure, database design, and key design decisions, see ARCHITECTURE.md.
ParkHub runs anywhere — from a Raspberry Pi to Kubernetes.
| Method | Complexity | Best For |
|---|---|---|
| Docker Compose | Low | Standard deployment — docker compose up -d |
| Kubernetes / Helm | Medium | Enterprise — full chart with HPA, PVC, all module flags, TLS ingress |
| Bare Metal | Low | Single binary, zero dependencies, x86_64 + ARM64 |
| Windows | Low | Desktop GUI with system tray and setup wizard |
| PaaS (Render) | Low | Quick demos — Live Demo |
- Container images:
ghcr.io/nash87/parkhub-rust:latest(linux/amd64, distroless — ~25 MB) - Helm chart:
helm/parkhub/— see helm/README.md
See docs/INSTALLATION.md for detailed guides.
1,785 Rust unit + integration tests (cargo test --workspace) plus Vitest frontend and 29 Playwright E2E specs. Clippy runs in pedantic + nursery mode with zero warnings. Lighthouse CI enforces accessibility ≥ 95, performance ≥ 90.
cargo test --workspace # Rust backend
cd parkhub-web && npx vitest run # Frontend unit tests
npx playwright test # E2E testsSupplementary safety nets (all CI-enforced):
cargo-fuzz— nightly fuzz harnesses on JWT decoding + HMAC verification (fuzz/)proptest— property tests onparkhub-commonvalidatorscargo-mutants— weekly mutation testing, survivors fail the workflowinsta— snapshot tests for router + OpenAPI output- Lighthouse CI — a11y ≥ 95, perf ≥ 90, SEO ≥ 95 gates
- CodeQL + Trivy — SAST + container CVE scanning on every push
- SBOM + cosign — every release image attested with Syft SBOM and cosign signature
- cargo-deny — advisories, licenses, bans, sources on every PR
Interactive API docs at /swagger-ui when the server is running. The full OpenAPI 3.0 spec — snapshotted at docs/openapi/rust.json and regenerated on every schema change — covers 229 paths and 280 documented operations across auth, bookings, lots, vehicles, admin, modules, GDPR, and more. A CI drift gate (make drift) blocks any handler change that forgets to update the spec. The OpenAPI coverage work landed in v4.13.0 and wired 280 of 282 annotated handlers (99.3 %) into ApiDoc.
A ready-made Postman collection is available at docs/postman/ — see ARCHITECTURE.md for import instructions.
All configuration is via environment variables or config.toml. Key variables:
| Variable | Purpose |
|---|---|
PARKHUB_DB_PASSPHRASE |
Enable AES-256-GCM database encryption |
SMTP_HOST / SMTP_USER / SMTP_PASS |
Email notifications |
PARKHUB_ADMIN_PASSWORD |
Set admin password (auto-generated if omitted) |
DEMO_MODE=true |
Enable demo overlay with 6-hour auto-reset |
OAUTH_GOOGLE_CLIENT_ID |
Google OAuth client ID |
OAUTH_GITHUB_CLIENT_ID |
GitHub OAuth client ID |
RUST_LOG=info |
Log level |
Full reference: docs/CONFIGURATION.md
A feature-equivalent PHP edition (Laravel 13 + MySQL/SQLite/PostgreSQL) exists for environments where shared hosting compatibility matters. Both editions share the same React frontend and REST API surface, so they're fully interchangeable.
ParkHub ships privacy, security, and documentation features intended to support GDPR/DSGVO readiness. Compliance is deployment-dependent and must be verified by the operator. The docs map ParkHub features and templates against 9 regulatory frameworks:
GDPR (EU) | DSGVO (DE) | TTDSG (DE) | DDG (DE) | BDSG (DE) | NIS2 (EU) | CCPA (US) | UK GDPR | nDSG (CH)
| Document | Scope |
|---|---|
| Legal Readiness Hub | Operator-facing audit entry point for German, EU, and international legal-readiness obligations |
| Deployment Readiness Record | Per-deployment jurisdiction, module, processor, CI/CD evidence, and human signoff record |
| Legal Readiness Parity | Rust/PHP comparison for legal-readiness gates, module/plugin review, and operator boundaries |
| GDPR Guide | Data inventory, user rights (Art. 15–22), retention, TOMs |
| Compliance Matrix | DSGVO, TTDSG, DDG, BDSG, GoBD, NIS2, UK GDPR, CCPA, nDSG, LGPD |
| Compliance Report | Automated compliance checks with scoring |
| Security Model | Auth, encryption, OWASP Top 10, vulnerability disclosure |
| Privacy Template | Datenschutzerklärung starting point (German) |
| Impressum Template | DDG §5 provider identification starting point (German) |
| BFSG Accessibility Template | German Accessibility Improvement Act (BFSG) statement — required for most commercial deployments from 2025-06-28 |
| EU AI Act Transparency Template | Art. 50 transparency notice — required if the operator enables AI/ML features |
| Third-Party Licenses | All Rust crate and npm dependency licenses |
See docs/legal-readiness.md for the operator-facing audit hub and legal/ for the full template set. The Nido/fop legal catalog service (current CLI entrypoint: fop legal catalog --json; nido legal is not exposed by the installed Nido CLI yet) is reference-only and does not replace attorney review, citation verification, deployment-specific configuration review, human signoff, or final legal judgment. All documents are operator-customizable starting points, not binding legal texts or legal advice.
Key readiness features: Argon2id passwords, AES-256-GCM encryption at rest, TLS 1.3, audit logging, data export (Art. 15/20), account erasure (Art. 17), no tracking by default, and no bundled third-party data processor in the core self-hosted runtime. Operators remain responsible for the final privacy notice, Impressum, AVV/DPA coverage, VVT records, retention settings, accessibility assessment, AI transparency notices if AI features are enabled, and attorney review.
Contributions are very welcome! Here's how to get started:
- Fork the repository and create a feature branch
- Read DEVELOPMENT.md for the local dev loop, and docs/CONTRIBUTING.md for code style, commit conventions, and PR process
- Install pre-commit hooks (config already in
.pre-commit-config.yaml):pre-commit install
- Run the pre-push gate before opening a PR —
make cimirrors the GitHub Actions pipeline (fmt + clippy + check + test + frontend + OpenAPI drift):make ci # full local CI mirror — required before push make act # optional: run the actual workflows locally via nektos/act (.actrc preconfigured)
- Open a PR — CI will run automatically. The OpenAPI parity contract ensures the REST surface stays aligned with the PHP edition.
Bug reports and feature requests: GitHub Issues
Security vulnerabilities: please follow the responsible disclosure policy — do not open a public issue.
MIT — see LICENSE.
The default build (cargo build) is pure MIT and uses the headless feature — no GPL dependencies. Server/Docker images and the binaries published to GitHub Releases are all built this way.
The optional gui feature (cargo build --features gui) pulls Slint (GPL-3.0 community edition or commercial license) for the desktop tray client. Binaries built with this feature are GPL-3.0.
See LICENSES.md and LICENSE-THIRD-PARTY.md for the full dependency license inventory.