Application Architecture feedback

Hi all,

Just looking for some feedback on the architecture I’m thinking of using for a new app. I have the restriction that the user only has a laptop and moves around to area’s with spotty internet connection.

I plan on coding it in NuxtJS for the front end, and an Express backend API.

The architecture will be as follows:

  1. User has the frontend app installed (hoping to use Electron) on the laptop
  2. User also has the express backend API on their laptop.
  3. The API will do authentication and store data in a PouchDB / CouchDB setup via Hoodie. Hoodie creates a new DB for each user.
  4. The database is then sync’d to an online CouchDB when the user is in internet range (Hoodie/PouchDB)
  5. The database is encrypted using crypto-pouch

Its important this thing is as secure as I can make it as the data will be medical type records, addresses, phone numbers etc.

Can anyone see any issues with what I’m proposing? I’m told that with the authentication, Hoodie hands off storing the passwords to CouchDB - which uses a PBKDF2 scheme to store it.

The plan is to use the user’s password as the secretkey to encrypt the database with crypto-pouch. That way it will only ever be stored in memory.