A full-stack web application for reporting civic issues and enhancing women's safety through real-time crowd density mapping. Know where people are for safer navigation.
This project was developed by:
- Asmith Maramreddy - @asmith0713
- Niteesh Reddy Kancharla - niteesh206
A collaborative project for Hack This Fest 2025
- π₯ Real-time Crowd Heatmap - See where people are located for safer route planning
- π’ Safety Zones - Green areas indicate more people = safer areas
- π Location Broadcasting - Opt-in to share your location and help create safe zones
- π Active User Count - Know how many people are nearby in real-time
- π Privacy First - Location data auto-expires after 5 minutes
- π¨ Safety Reports - Report safety concerns and hazards with geolocation
Use Case: Women can check the crowd heatmap before walking alone. Green areas show where more people are present, indicating safer routes.
- πΊοΈ Interactive Map - Report issues by clicking on the map
- π₯ Issue Heat Maps - Visualize problem density
- π Clustering - View grouped reports for better overview
- π Community Upvoting - Validate important issues
- π‘οΈ Admin Panel - Moderate and track issue resolution
- π± Responsive Design - Works on all devices
- π User Authentication - Email/password + Google OAuth sign-in
- π Location Sharing - Share your location via link
- π Live Tracking - Real-time location tracking with "Find Me" feature
- β‘ Production Ready - Security hardened with rate limiting, HTTPS, and monitoring
Frontend:
- React 19.2
- React Router v6
- Leaflet & React-Leaflet (Maps)
- Leaflet.heat (Heatmaps)
- Leaflet.markercluster (Clustering)
- Bootstrap 5
- Axios
Backend:
- Node.js + Express
- MongoDB + Mongoose
- JWT Authentication
- Google OAuth 2.0
- Multer (File uploads)
- bcrypt (Password hashing)
- Rate limiting & Helmet (Security)
docker-compose up -d
The recommended way to run StreetSense (locally or on a VM) is via Docker Compose. Everythingβfrontend, backend, Caddy reverse proxyβis wired up for you.
- Git
- Docker Engine + Docker Compose plugin (or
docker composev2) - A MongoDB connection string (Atlas or self-hosted)
- Optional: A domain pointing to your VM so Caddy can issue HTTPS certificates automatically
git clone <repo-url>
cd streetsense
cp .env.example .envEdit .env with real values:
| Variable | Description |
|---|---|
MONGO_URI |
Atlas or self-hosted Mongo connection string |
JWT_SECRET |
Long random string for API auth |
ADMIN_PASSWORD |
Password for /admin panel |
GOOGLE_CLIENT_ID & REACT_APP_GOOGLE_CLIENT_ID |
Google OAuth client (same value) |
PUBLIC_HOST |
Public domain or IP served by Caddy (no protocol) |
BACKEND_PUBLIC_URL |
Full URL the backend advertises (e.g. https://street-sense.app) |
REACT_APP_BACKEND_URL |
Same URL for the React build |
CORS_ORIGIN |
Comma-separated origins allowed to call the API |
.envis gitignoredβkeep the real secrets here only.
docker compose pull # optional, grab latest images
docker compose up -d # start frontend, backend, Caddy
docker compose logs -f # tail logs during first boot- Backend health check:
curl https://<PUBLIC_HOST>/api/health - Frontend: visit
https://<PUBLIC_HOST>(orhttp://localhost:8080if testing locally)
- Point your domainβs A (and optional
www) record to the VMβs public IP. - Ensure ports 80/443 are open through the VM firewall and cloud firewall.
- Caddy reads
PUBLIC_HOSTand automatically issues Letβs Encrypt certificates on first request.
docker compose ps # show container status
docker compose logs -f backend # tail backend logs
docker compose restart frontend # restart a single service
docker compose down # stop/remove containers
docker compose down -v # stop and remove volumes (wipes uploads!)If you prefer the classic dev workflow (separate servers):
- Install dependencies under
server/andclient/vianpm install. - Start MongoDB locally.
- Run
npm startin bothserverandclientfolders. - Update
.envfiles accordingly (REACT_APP_BACKEND_URL=http://localhost:5000).
The Docker stack remains the authoritative way to deploy to test/prod.
Step 1: Enable Location
- Open the map at http://localhost:3000/map
- Click the "Find Me" button (π crosshair icon) or "Live Tracking"
- Allow browser location permission
Step 2: View Safety Heatmap
- Click the green "Show Safety Map" button (top controls)
- The map now shows crowd density with color coding:
- π’ Green: High crowd density = Safer areas
- π‘ Yellow: Medium crowd density
- π΅ Blue: Low crowd density = Less safe
- Check the legend for active user count
Step 3: Contribute to Safety (Optional)
- Click "Share Location" button (when location is enabled)
- Your anonymous location is broadcast to help others
- You're now contributing to the safety heatmap!
- Your location auto-expires after 5 minutes for privacy
Step 4: Plan Safe Routes
- Look for green zones when planning your walk
- Avoid dark/blue areas when alone
- Share your location with friends using the share button
- β Your location is anonymous (no personal data)
- β Data auto-deletes after 5 minutes
- β You can opt-out anytime
- β No tracking when you stop broadcasting
- β Works on HTTPS only for security
POST /api/auth/register- Register new userPOST /api/auth/login- Login user
GET /api/reports- Get all reports (with filters)POST /api/reports- Create new report (requires auth)POST /api/reports/:id/upvote- Upvote report (requires auth)PUT /api/reports/:id/status- Update status (requires auth)GET /api/reports/heat- Get heatmap data
POST /api/locations- Update user location for crowd heatmap (requires auth)GET /api/locations/heatmap- Get crowd density heatmap dataGET /api/locations/stats- Get active user statisticsDELETE /api/locations/mine- Remove your location from map (requires auth)
HEAD /api/reports/export- Check admin authPOST /api/reports/export- Export reports as CSV (requires admin password)
categories- Filter by category (comma-separated)since- Filter by timestamp (ISO date)limit- Limit results (max 2000)bbox- Bounding box filter:lng1,lat1,lng2,lat2
-
Create Account
- Navigate to
/auth - Register with email and password (min 6 chars)
- Navigate to
-
Report an Issue
- Go to
/map - Click on the map or use your location
- Fill out the form (title, category, description, photo)
- Submit
- Go to
-
View Reports
- Toggle between Pins, Heat, or Cluster views
- Filter by category and time range
- Click markers to see details and upvote
-
Access Admin Panel
- Navigate to
/admin - Enter admin password (from
.envfile)
- Navigate to
-
Moderate Reports
- View all submitted reports
- Update status: Open β Verified β Resolved
- Filter and export data as CSV
streetsense/
βββ client/ # React frontend
β βββ public/ # Static assets
β βββ src/
β β βββ api.js # Axios config
β β βββ constants.js # App constants
β β βββ components/ # Reusable components
β β βββ pages/ # Route pages
β β βββ utils/ # Utility functions
β βββ Dockerfile
β
βββ server/ # Express backend
β βββ models/ # Mongoose schemas
β βββ routes/ # API routes
β βββ middleware/ # Auth middleware
β βββ uploads/ # File uploads
β βββ index.js # Server entry
β βββ Dockerfile
β
βββ docker-compose.yml # Docker orchestration
1. MongoDB Connection Error
Error: connect ECONNREFUSED 127.0.0.1:27017
Solution: Make sure MongoDB is running. Start with mongod or check your connection string.
2. CORS Errors
Access to XMLHttpRequest blocked by CORS policy
Solution: Verify CORS_ORIGIN in server .env matches your client URL.
3. Authentication Fails
401 Unauthorized
Solution:
- Check JWT_SECRET is set in server
.env - Clear browser localStorage and re-login
- Verify token is being sent in Authorization header
4. Images Not Loading
404 on /uploads/...
Solution:
- Ensure
server/uploadsdirectory exists - Check file permissions
- Verify
photoUrlpaths in database
5. Port Already in Use
Error: listen EADDRINUSE :::5000
Solution: Kill the process using the port:
# Find process
lsof -i :5000
# Kill it
kill -9 <PID>- Use
console.login server routes to debug API calls - Check browser DevTools Network tab for failed requests
- MongoDB Compass is great for viewing database state
- Use React DevTools to inspect component state
For detailed production deployment instructions including:
- SSL/TLS configuration
- Nginx reverse proxy setup
- MongoDB Atlas configuration
- Docker Compose production settings
- Security hardening
- Monitoring & health checks
- β Use MongoDB Atlas or secure MongoDB instance
- β Enable HTTPS with Let's Encrypt
- β Set strong JWT_SECRET (32+ characters)
- β Configure CORS for production domain
- β Set up Google OAuth for production
- β Enable rate limiting (configured)
- β Set up automated backups
- β Configure monitoring (health endpoints included)
- β Use environment variables (never commit .env)
- β Helmet.js security headers
- β HTTPS enforcement (HSTS)
- β Content Security Policy
- β Rate limiting (100 requests/15min by default)
- β Input validation & sanitization
- β JWT authentication with secure secrets
- β Password hashing with bcrypt
- β MongoDB injection prevention
- β File upload restrictions (5MB, images only)
- β Geospatial data privacy (auto-expires after 5 min)
- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
MIT License - feel free to use for your projects!
For issues, questions, or contributions, please open an issue on the repository.
Built with β€οΈ for better civic engagement and women's safety
Empowering communities through technology. Know where people are, feel safer together.