editreadme.md

pratham-developer · pratham-developer · commit f9def7bf042c · 2025-07-25T13:00:13.000+05:30
diff --git a/README.md b/README.md
@@ -1,27 +1,195 @@
-# FindIT Backend
-
-This is the backend API for FindIT, a lost and found platform for VIT students. It provides RESTful endpoints for user authentication, posting and searching lost/found items, and secure item claiming using QR codes.
-
-## Features
-- User authentication via Google (Firebase)
-- Post, search, and filter lost/found items
-- Image upload support (Cloudinary)
-- Secure item claiming with QR codes
-
-## Tech Stack
-- Node.js, Express.js
-- MongoDB (Mongoose)
-- Firebase (Google Auth)
-- Cloudinary (image storage)
-
-## API Endpoints (Summary)
-- `POST /user/login` — Login/register user
-- `GET /user` — Get user details
-- `POST /item` — Post a new item (with image)
-- `GET /item` — List/search items
-- `GET /item/:id` — Get item by ID
-- `GET /item/user/posts` — Get user's posted items
-- `GET /item/user/claims` — Get user's claimed items
-- `POST /claim/generate-qr/:itemId` — Generate QR for item
-- `POST /claim/claim-item` — Claim item via QR
-- `GET /claim/status/:itemId` — Check claim status
+# <img src="https://img.icons8.com/color/48/000000/search--v1.png" width="36" style="vertical-align:middle;"/> FindIt – Lost & Found App for VIT
+
+<p align="center">
+  <img src="https://img.shields.io/badge/Institute-VIT%20Vellore-blueviolet" alt="Institute"/>
+  <img src="https://img.shields.io/badge/Backend-Node.js-green" alt="Node.js"/>
+  <img src="https://img.shields.io/badge/Android%20Client-Kotlin-pink" alt="Kotlin"/>
+  <img src="https://img.shields.io/badge/Database-MongoDB-brightgreen" alt="MongoDB"/>
+  <img src="https://img.shields.io/badge/Auth-Firebase-orange" alt="Firebase"/>
+  <img src="https://img.shields.io/badge/Images-Cloudinary-blue" alt="Cloudinary"/>
+  <img src="https://img.shields.io/badge/Moderation-TensorFlow.js-yellow" alt="TensorFlow.js"/>
+
+</p>
+
+
+## 🚀 Overview
+
+**FindIt** is a comprehensive campus-wide lost & found platform for VIT students. It enables users to securely report, search, and claim lost items, with robust authentication, image moderation, and QR-based claim verification.
+
+---
+
+## ✨ Features
+
+- **Google-based Authentication (VIT Email Only):**
+  - Only VIT students can access the platform, ensuring a secure and exclusive environment.
+  - Seamless login and registration via Firebase.
+
+- **Post, Search, and Filter Lost/Found Items:**
+  - Users can post lost or found items with detailed descriptions, categories, and images.
+  - Advanced search and filter options by category, status, and keywords.
+  - Pagination support for efficient browsing.
+
+- **Image Upload & Moderation:**
+  - Images are uploaded to Cloudinary for scalable and reliable storage.
+  - Every image is automatically checked for inappropriate content using TensorFlow.js and NSFWJS.
+  - Unsafe images are blocked, ensuring a safe community experience.
+
+- **QR Code-Based Item Claiming:**
+  - Item owners can generate a secure, time-limited QR code for each item.
+  - Claimers scan the QR code to initiate a secure, verifiable handover.
+  - JWT-secured tokens ensure authenticity and prevent misuse.
+
+- **User-Specific Item Management:**
+  - View all items posted or claimed by the logged-in user.
+  - Delete items (if owner and not claimed) or as an admin.
+
+- **Robust Security:**
+  - API key validation, rate limiting, and admin-only access for sensitive operations.
+  - All endpoints protected by authentication middleware.
+
+- **Admin Controls:**
+  - Special endpoints for moderation, including item deletion and version management.
+
+---
+
+## 🛠️ Tech Stack
+
+- **Backend:** Node.js, Express.js
+- **Database:** MongoDB (Mongoose)
+- **Authentication:** Firebase (Google Auth)
+- **Image Storage:** Cloudinary
+- **Image Moderation:** TensorFlow.js, NSFWJS
+- **Android Client:** Kotlin
+
+---
+
+## 🧩 Architecture Highlights
+
+- **Image Moderation Pipeline:**
+  - Node.js worker threads run TensorFlow.js & NSFWJS to analyze uploads for inappropriate content.
+  - Custom logic blocks unsafe images, ensuring platform safety.
+  - High concurrency via distributed moderation tasks.
+
+- **QR Code Claiming:**
+  - JWT-secured, time-limited tokens for secure, verifiable handovers.
+  - QR codes generated by item owners, scanned by claimers.
+
+- **Security:**
+  - API key validation, rate limiting, admin-only access for sensitive operations.
+
+---
+
+## 📚 API Endpoints
+
+> **Note:** All endpoints require the `x-api-key` header in addition to authentication (if applicable).
+
+### User Routes (`/user`)
+| Method | Path                | Description                        | Auth         |
+|--------|---------------------|------------------------------------|--------------|
+| POST   | `/login`            | Login/register user (Google Auth)  | Firebase     |
+| GET    | `/`                 | Get user details                   | Firebase     |
+| GET    | `/admin/test`       | Test admin-only access             | Admin+Firebase|
+
+### Item Routes (`/item`)
+| Method | Path                    | Description                                 | Auth         |
+|--------|-------------------------|---------------------------------------------|--------------|
+| POST   | `/`                     | Post a new item (with image, NSFW check)    | Firebase     |
+| GET    | `/`                     | List/search items (pagination, filters)     | Firebase     |
+| GET    | `/:id`                  | Get item by ID                              | Firebase     |
+| DELETE | `/:itemId`              | Delete item (if owner, not claimed)         | Firebase     |
+| GET    | `/user/posts`           | Get user's posted items                     | Firebase     |
+| GET    | `/user/claims`          | Get user's claimed items                    | Firebase     |
+| DELETE | `/admin/:itemId`        | Admin: Delete any item                      | Admin+Firebase|
+
+### Claim Routes (`/claim`)
+| Method | Path                        | Description                                 | Auth         |
+|--------|-----------------------------|---------------------------------------------|--------------|
+| POST   | `/generate-qr/:itemId`      | Generate QR for item (owner only)           | Firebase     |
+| POST   | `/claim-item`               | Claim item via QR (claimer)                 | Firebase     |
+| GET    | `/status/:itemId`           | Check claim status of item                  | Firebase     |
+
+### Version Routes (`/version`)
+| Method | Path                | Description                        | Auth         |
+|--------|---------------------|------------------------------------|--------------|
+| GET    | `/version`          | Get current backend version        | Public       |
+| POST   | `/admin/version`    | Update backend version (admin)     | Admin+Firebase|
+
+---
+
+## 📝 Example Usage
+
+### 1. Post a Lost/Found Item
+```http
+POST /item
+Headers:
+  Authorization: Bearer <Firebase Token>
+  x-api-key: <your-api-key>
+Body: { title, description, contact, category, location, dateFound, image }
+```
+
+### 2. Claim an Item via QR
+- Owner generates QR: `POST /claim/generate-qr/:itemId` (with `x-api-key` header)
+- Claimer scans QR, submits: `POST /claim/claim-item` with token (with `x-api-key` header)
+
+---
+
+## 🛡️ Security & API Key
+
+- **API Key Required:** All endpoints require a valid API key to be sent in the `x-api-key` header. Requests without a valid key will be rejected with a 403 error.
+- **Google Auth:** Only VIT emails allowed
+- **Image Moderation:** All uploads checked for NSFW content
+- **Rate Limiting:** Prevents abuse on sensitive/admin endpoints
+- **Admin Controls:** Special endpoints for moderation
+
+> **How to use:**
+> - Obtain your API key from the project admin.
+> - Add it to every request header: `x-api-key: <your-api-key>`
+
+---
+
+## ⚙️ Setup & Installation
+
+1. **Clone the repository:**
+   ```bash
+   git clone https://github.com/your-repo/finditBackend.git
+   cd finditBackend
+   ```
+2. **Install dependencies:**
+   ```bash
+   npm install
+   ```
+3. **Configure environment variables:**
+   - Set up Firebase, MongoDB, and Cloudinary credentials in a `.env` file.
+4. **Run the server:**
+   ```bash
+   npm start
+   ```
+
+---
+
+## 👨‍💻 Contributing
+
+1. Fork the repo
+2. Clone and install dependencies
+3. Set up `.env` for Firebase, MongoDB, Cloudinary
+4. Run with `npm start`
+
+---
+
+## 🏫 About
+
+Developed for VIT students to make campus life safer and more convenient.
+
+---
+
+## 👨‍💻 𝗧𝗲𝗮𝗺
+
+- [Pratham Khanduja](https://github.com/pratham-developer) – Backend & Android
+- [Rudra Gupta](https://github.com/Rudragupta8777) – Android, Web, UI/UX
+
+---
+
+## 📲 Download
+
+- [Official Website & Download](https://www.finditapp.me/)
+- [Android App Source Code](https://github.com/pratham-developer/FindIT)
