All of us have considered journalling or keeping a diary at some point or another. However, most of us have never gotten over the initial barrier to entry of journalling - that is, actualling putting pen on paper.
At the same time, with businesses opening, and travel restrictions being lifted, people are going starting to go out again, while the COVID-19 pandemic remains as widespread as it has ever been.
What if there was a chill, easily accessible way to journal, AND keep you informed about the pandemic?
What it does
Snapary is a diary that stores a simplified snapshot of where your life. It stores location history (Only when you want it to!), an emoji representing that visit, and a timestamp. Creating a Snapary entry is as easy as opening our webapp, optionally selecting an emoji, and clicking on "Write to diary"! Our app and backend handle everything else for you, saving your diary entry safely on the cloud, and cross referencing your location history with our crowd-sourced database of COVID-19 sightings, alerting you of potential exposure if any exists.
In this way, it cuts 30 minutes of journalling down to less than 30 seconds, all while keeping you safer while outside!
How we built it
The backend is built on Google Cloud Platform's App Engine, using flask running on Python 3.7. We used Google Firestore as our database, storing user and COVID tracking info. Communication between the frontend and backend is done through POST requests, with data being exchanged as JSON in the request body. Passwords are salted then encryped using the bcrypt algorithm, and stored securely on Firestore. With the geopy python module, we are able to determine the city, neighborhood, and sometimes even building that the user is located at, with just a latitude and longitude.
Challenges we ran into
- Because our frontend is entirely separate from our backend, we ran into Cross Source Resource Sharing limitations during development. This was espcially prevalent while we were developing without a domain, as the frontend and backend were on separate domains. We originally planned on hosting our frontend on Google Cloud Storage, but because of it's lack of SSL support, and the fact that it would need to be on a different subdomain than our backend, we ended up hosting our frontend alongside our backend on Google App Engine. We used app.yaml to differntiate between frontend and backend URLs, serving either the Flask API endpoints or static React page depending on the URL.
- We had extreme difficulty actually obtaining a domain. Domain.com would not give us a domain after checkout because our payment method had issues, and we had to verify our identites by emailing them a drivers license, despite the payment being for $0. Domain.com support was difficult to work with, taking minutes to respond to chats, and disconnecting entirely from chats without resolving anything. We eventually gave up on obtaining a domain.com domain, and used a subdomain from one of our team member's personal domains. Because of this, unfortunately the website listed on this post will not be working for long.
Accomplishments that we're proud of
- Our authentication system is extremely secure, making use of the bcrypt algorithm to encrypt passwords multiple times over, meaning that the resulting base64 hash stored in our database is impossible to reverse engineer on a human timescale. Furthermore, each of our passwords are salted, meaning users with the same passwords won't have the same stored hash. Even if our database is breached, it will be practically impossible to obtain user passwords.
- Our frontend works seemlessly with our backend, syncing journal entries and COVID alert status across devices and users.
- Our app's frontend is built entirely on the React framework, so everything is dynamically loaded, making it very responsive and easy to use.
What we learned
As we choose to keep our backend and frontend relatively separate, we learned a lot about communication between the two. Many of our struggles were centered around getting the front and back to accept each other in marriage, and that process was tedious and not at all trivial.
We also learned a lot about the Google Cloud Platform. As the host for both ends of our project, as well as our database, and many of our APIs, we learned a lot about implementation of cloud applications on Google's cloud platform. While we were doing our project, we had the goal of keeping the entire project within the free limits of Google cloud's offerings, and were pleasently surprised at the extent of what GCP could offer, even completely free of charge. Our entire app is hosted within the GCP free teir, and we are certain we can continue to develop it even further without crossing the free threshold.
What's next for Snapary
- We believe that this app CAN be used in the fight against COVID. We would make contact with local hospitals to attempt to obtain more COVID hotspot information, to supplement our COVID hotspot database crowd-sourced from our users.
- Security is increasingly important for the world, as computers become more and more interconnected. In addition to encrypting our user passwords, we would aim to encrypt their entire profile as well, using asymmetric keys derived from the user password.