Skip to content

Ovalvoi/GroundShare

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

321 Commits
.github
.github
 
 
.vscode
.vscode
 
 
docs
docs
 
 
src
src
 
 
tools
tools
 
 
.gitignore
.gitignore
 
 
.gitleaks.toml
.gitleaks.toml
 
 
README.md
README.md
 
 

Repository files navigation

GroundShare · גראונד‑שר

Urban‑planning transparency for Israel — see what's happening on your street before you sign the lease.

A Hebrew‑first (RTL), mobile‑first PWA & native app. Look up any address and get official municipal disruptions, planning status, community reports, and AI‑powered address comparisons — all on a live map.

CI  ·  ASP.NET Core 8  ·  React 19  ·  Azure  ·  PWA + Capacitor

Live app · Setup · Deploy · Security · Features

What it does

A resident searches an address and immediately sees the things that actually affect daily life there:

  • 🏗️ Official municipal disruptions — construction sites, building permits, night‑work, road‑work, and city plans, pulled live from Tel Aviv GIS and the national iplan/MAVAT registry.
  • 🗺️ A live map with satellite imagery, neighborhood overlays, and clustering.
  • 💬 Community reports — neighbors crowdsource noise, blockages, and local events, with voting and comment threads.
  • ⚖️ Address comparison — score 2–3 addresses 0–100 on disruption + community signals, with a Gemini‑generated plain‑language summary of which to pick and why.
  • 🧠 Neighborhood clustering — daily unsupervised K‑Means (auto‑K via silhouette) ranks neighborhoods good/medium/bad.
  • 🔔 Push notifications — web, Android, and iOS (FCM): new nearby events, GPS‑proximity alerts, and 3‑day "is this still happening?" relevance check‑ins.
  • 🎮 Gamification — XP, levels, badges, weekly missions, and streaks for contributing.
  • 🛡️ Content safety — every user‑generated text and image is screened (Hebrew blocklist + Azure AI Content Safety).

Full feature list: docs/featureslist.md · endpoint‑by‑endpoint technical breakdown: docs/features.md.

Architecture

A three‑layer monorepo, deployed on Azure (Israel Central).

┌─────────────────────────────────────────────────────────────────┐
│  src/03-client  —  React 19 + Vite 7 PWA  ·  Capacitor iOS/Android│
│  Context + useAsync · @vis.gl/react-google-maps · httpOnly auth   │
└───────────────────────────────┬─────────────────────────────────┘
                                 │  JSON over HTTPS · JWT + refresh cookie
┌───────────────────────────────▼─────────────────────────────────┐
│  src/02-server  —  ASP.NET Core 8 Web API                         │
│  Controllers → Services → DAL (ADO.NET, stored procs)             │
│  Auth · scoring · K-Means clustering · FCM · content safety       │
└───────┬───────────────────────┬───────────────────────┬─────────┘
        │                       │                       │
┌───────▼────────┐   ┌──────────▼─────────┐   ┌─────────▼──────────┐
│  Azure SQL     │   │  External services │   │  Israeli GIS       │
│  (01-database) │   │  Maps · Gemini ·   │   │  Tel Aviv ArcGIS · │
│  stored procs  │   │  FCM · Resend ·    │   │  iplan / MAVAT     │
│                │   │  KeyVault · Blob · │   │  (legacy-TLS)      │
│                │   │  Content Safety    │   │                    │
└────────────────┘   └────────────────────┘   └────────────────────┘
Layer Path Responsibility
Database src/01-database SQL Server schema + stored procedures (GroundShareDB.sql, single source of truth)
Backend src/02-server ASP.NET Core 8 Web API — 22 controllers, ADO.NET DAL layer, 3 background services
Frontend src/03-client React 19 PWA + Capacitor native shell
CI/CD .github/workflows Build, test, secret‑scan, deploy, and daily job triggers

Tech stack

Area Technologies
Frontend React 19 · TypeScript · Vite 7 · Tailwind CSS 4 · React Router 7 · Motion · @vis.gl/react-google-maps · vite-plugin-pwa (Workbox) · Lucide + Tabler icons
Mobile Capacitor 8 (iOS + Android) · Camera · Geolocation · Push · Filesystem
Backend ASP.NET Core 8 (C#) · pure ADO.NET (no EF Core) · FluentValidation · Serilog
Database Microsoft SQL Server (Azure SQL) · stored procedures
Auth JWT (15‑min access / 7‑day rotating refresh) · httpOnly refresh cookie (web) · Google OAuth · BCrypt
Cloud Azure App Service · Azure SQL · Blob Storage · Key Vault · Application Insights
AI / ML Google Gemini (summaries + Q&A) · Azure AI Content Safety (moderation) · K‑Means w/ silhouette (clustering)
Messaging Firebase Cloud Messaging (web + Android + iOS) · Resend (transactional email)
Testing Vitest · Testing Library

Prerequisites

Tool Version
Node.js 18+ https://nodejs.org
.NET SDK 8.0 https://dotnet.microsoft.com/download/dotnet/8.0
SQL Server Express 2019+ https://www.microsoft.com/sql-server/sql-server-downloads
SSMS latest for running the schema script
gitleaks latest (recommended) winget install Gitleaks.Gitleaks — powers the pre‑commit secret guard

Quick start

Full, step‑by‑step instructions (including how to obtain shared secrets) are in docs/SETUP.md. This is the condensed path.

git clone https://github.com/Ovalvoi/GroundShare.git
cd GroundShare
./tools/install-git-hooks.sh          # installs the gitleaks pre-commit guard

1. Database — in SSMS, run src/01-database/GroundShareDB.sql against local SQL Express. It's re‑runnable and starts empty (you create the first user via the app).

2. Backend (http://localhost:5227)

cd src/02-server
# Create appsettings.Development.json (gitignored) — see docs/SETUP.md §Step 4
dotnet run

The API fails fast if Jwt:Key or Google:MapsApiKey are missing — that's intentional. Swagger is at /swagger, health at /api/health (dev only).

3. Frontend (http://localhost:5173)

cd src/03-client
cp .env.example .env.local            # then set VITE_API_BASE_URL (required)
npm install
npm run dev

Open in Chrome and switch DevTools to a phone profile (e.g. Pixel 7, 412×915) — the app is mobile‑first and Hebrew RTL.

Useful scripts (src/03-client)

Command Action
npm run dev Vite dev server
npm run build Production build (dist/)
npm test Vitest (run once)
npm run build:android Build + cap sync android
npm run run:android Build, sync, and launch on Android

Configuration

Secrets are never committed. Config resolves in this order (later overrides earlier):

appsettings.json (placeholders) → appsettings.Development.json (local, git‑ignored) → environment variables → Azure Key Vault (production, via Managed Identity).

Backend — src/02-server/appsettings.Development.json (git‑ignored)

Key Purpose
ConnectionStrings:DefaultConnection Local SQL Server connection
Jwt:Key 32+‑char signing key (generate: openssl rand -base64 48)
Google:MapsApiKey / GeminiApiKey / ClientId Maps, AI summaries, OAuth
Resend:ApiKey Password‑reset email (any non‑empty value if you don't test reset)
Storage:Provider Local for dev (no Azure Blob needed)

Frontend — src/03-client/.env.local (git‑ignored, copy from .env.example)

Var Purpose
VITE_API_BASE_URL Required — API base (e.g. http://localhost:5227/api). The app throws on boot if unset.
VITE_DEV_API_PROXY Optional — proxy /api to a remote backend (keeps the refresh cookie first‑party)
VITE_FIREBASE_* Optional — web push config; web push is silently disabled without it

Native Android/iOS push read google-services.json / GoogleService-Info.plist directly from the platform folders.

Project layout

.github/workflows/   CI, CD, CodeQL, and daily job-trigger workflows
docs/                SETUP · DEPLOY · SECURITY · CLAUDE · features · featureslist
src/
  01-database/       GroundShareDB.sql (schema + stored procs) · ResetData.sql
  02-server/         ASP.NET Core 8 API — Controllers / Services / DAL / BL /
                     Extensions / Middleware / Filters / Validators
  03-client/         React 19 + Vite PWA — app/{features,components/shared,context,
                     hooks,services/api,types} + Capacitor iOS/Android
tools/               gitleaks pre-commit hook + installer

Security highlights

  • Secrets live in Azure Key Vault in production (Managed Identity, no plaintext env vars). The tracked appsettings.json holds only placeholders.
  • Defense‑in‑depth secret scanning — gitleaks runs at both pre‑commit and CI; CodeQL + dependency audits gate every PR.
  • Auth hardening — access token in memory only, refresh token in an httpOnly SameSite=Lax cookie (web), constant‑time login, token rotation, account‑enumeration defenses, CSRF header on the cookie path.
  • Input & content safety — FluentValidation at the boundary; all user text/images screened by a Hebrew blocklist + Azure AI Content Safety; file uploads gated by extension + content‑type + magic‑byte sniffing with GUID filenames.
  • Logging — Serilog with a PII‑redaction enricher; auth headers, bodies, and cookies are never logged.

See docs/SECURITY.md for the full security architecture.

Documentation

Doc Contents
docs/SETUP.md Local dev setup + live‑environment testing
docs/DEPLOY.md Azure deployment guide
docs/SECURITY.md Security architecture and policy
docs/featureslist.md Full, grouped feature list
docs/features.md Exhaustive technical feature inventory
docs/CLAUDE.md Architecture patterns & conventions (AI/agent context)

License

Private project. All rights reserved.

About

Final Project

Resources

Readme

Security policy

Security policy
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages