FindIt is a comprehensive campus-wide lost & found platform for VIT students. It enables users to securely report, search, and claim lost items, with robust authentication, image moderation, and QR-based claim verification.
-
Google-based Authentication (VIT Email Only):
- Only VIT students can access the platform, ensuring a secure and exclusive environment.
- Seamless login and registration via Firebase.
-
Post, Search, and Filter Lost/Found Items:
- Users can post lost or found items with detailed descriptions, categories, and images.
- Advanced search and filter options by category, status, and keywords.
- Pagination support for efficient browsing.
-
Image Upload & Moderation:
- Images are uploaded to Cloudinary for scalable and reliable storage.
- Every image is automatically checked for inappropriate content using TensorFlow.js and NSFWJS.
- Unsafe images are blocked, ensuring a safe community experience.
-
QR Code-Based Item Claiming:
- Item owners can generate a secure, time-limited QR code for each item.
- Claimers scan the QR code to initiate a secure, verifiable handover.
- JWT-secured tokens ensure authenticity and prevent misuse.
-
User-Specific Item Management:
- View all items posted or claimed by the logged-in user.
- Delete items (if owner and not claimed) or as an admin.
-
Robust Security:
- API key validation, rate limiting, and admin-only access for sensitive operations.
- All endpoints protected by authentication middleware.
-
Admin Controls:
- Special endpoints for moderation, including item deletion and version management.
- Backend: Node.js, Express.js
- Database: MongoDB (Mongoose)
- Authentication: Firebase (Google Auth)
- Image Storage: Cloudinary
- Image Moderation: TensorFlow.js, NSFWJS
- Android Client: Kotlin
-
Image Moderation Pipeline:
- Node.js worker threads run TensorFlow.js & NSFWJS to analyze uploads for inappropriate content.
- Custom logic blocks unsafe images, ensuring platform safety.
- High concurrency via distributed moderation tasks.
-
QR Code Claiming:
- JWT-secured, time-limited tokens for secure, verifiable handovers.
- QR codes generated by item owners, scanned by claimers.
-
Security:
- API key validation, rate limiting, admin-only access for sensitive operations.
Note: All endpoints require the
x-api-keyheader in addition to authentication (if applicable).
| Method | Path | Description | Auth |
|---|---|---|---|
| POST | /login |
Login/register user (Google Auth) | Firebase |
| GET | / |
Get user details | Firebase |
| GET | /admin/test |
Test admin-only access | Admin+Firebase |
| Method | Path | Description | Auth |
|---|---|---|---|
| POST | / |
Post a new item (with image, NSFW check) | Firebase |
| GET | / |
List/search items (pagination, filters) | Firebase |
| GET | /:id |
Get item by ID | Firebase |
| DELETE | /:itemId |
Delete item (if owner, not claimed) | Firebase |
| GET | /user/posts |
Get user's posted items | Firebase |
| GET | /user/claims |
Get user's claimed items | Firebase |
| DELETE | /admin/:itemId |
Admin: Delete any item | Admin+Firebase |
| Method | Path | Description | Auth |
|---|---|---|---|
| POST | /generate-qr/:itemId |
Generate QR for item (owner only) | Firebase |
| POST | /claim-item |
Claim item via QR (claimer) | Firebase |
| GET | /status/:itemId |
Check claim status of item | Firebase |
| Method | Path | Description | Auth |
|---|---|---|---|
| GET | /version |
Get current backend version | Public |
| POST | /admin/version |
Update backend version (admin) | Admin+Firebase |
POST /item
Headers:
Authorization: Bearer <Firebase Token>
x-api-key: <your-api-key>
Body: { title, description, contact, category, location, dateFound, image }- Owner generates QR:
POST /claim/generate-qr/:itemId(withx-api-keyheader) - Claimer scans QR, submits:
POST /claim/claim-itemwith token (withx-api-keyheader)
- API Key Required: All endpoints require a valid API key to be sent in the
x-api-keyheader. Requests without a valid key will be rejected with a 403 error. - Google Auth: Only VIT emails allowed
- Image Moderation: All uploads checked for NSFW content
- Rate Limiting: Prevents abuse on sensitive/admin endpoints
- Admin Controls: Special endpoints for moderation
How to use:
- Obtain your API key from the project admin.
- Add it to every request header:
x-api-key: <your-api-key>
- Clone the repository:
git clone https://github.com/your-repo/finditBackend.git cd finditBackend - Install dependencies:
npm install
- Configure environment variables:
- Set up Firebase, MongoDB, and Cloudinary credentials in a
.envfile.
- Set up Firebase, MongoDB, and Cloudinary credentials in a
- Run the server:
npm start
- Fork the repo
- Clone and install dependencies
- Set up
.envfor Firebase, MongoDB, Cloudinary - Run with
npm start
Developed for VIT students to make campus life safer and more convenient.
- Pratham Khanduja – Backend & Android
- Rudra Gupta – Android, Web, UI/UX