Cab Connect is a secure, real-time ride-sharing platform built specifically for college students to coordinate shared cab rides (e.g., airport travel).
It replaces messy WhatsApp groups with a structured, secure, and moderated system.
- College emailβrestricted OTP login
- JWT-based session management
- No password storage
- Rate-limited OTP requests
- Role-based access control (RBAC)
- Create, join, and leave rides
- Max 4 participants per ride
- Creator auto-joins ride
- Ride auto-expires after travel time
- Expired rides cleaned automatically
- Creator can lock a ride to prevent new users from joining (useful for luggage/comfort)
- Ride can be locked only when it has at least 2 participants
- Locked rides remain active but are not joinable until unlocked
- Lock/unlock updates propagate in real-time via Socket.IO
- Locking is race-condition safe (atomic MongoDB update)
- New Join Flow: users enter destination + preferred departure time
- Backend suggests rides in a strict window: Β±15 minutes
- Only
openrides suggested - Sorted by: closest departure time + seats availability
- Suggestions cached using Redis
- Locked rides are automatically excluded from recommendations/suggestions
- Socket.IO powered chat per ride
- Only ride participants can chat
- Messages stored in database
- Chat auto-disabled if ride is deleted/expired
- Secure admin escalation (OTP + admin password)
- Admin can:
- View all rides
- Delete any ride
- Temporarily ban users (7 days)
- Permanently ban users after 3 strikes
- Unban temporarily banned users
- Banned users:
- β Cannot chat
- β Cannot create rides
- β Can still join rides
- Persistent notifications stored in DB
- Real-time socket notifications
- Used for admin actions (ride deletion, bans)
- Ride-scoped user reporting system
- Structured report submission (no free-text abuse)
- One report per user per ride per target (anti-spam)
- Context-aware validation (only ride participants can report)
- Admin review pipeline with report statuses
Redis is used for:
- OTP storage with TTL (5 min expiry)
- OTP cooldown tracking + retry attempts
- Caching heavy ride APIs (ride list / ride details / ride chat messages)
- Cache invalidation on ride updates (create/join/leave/delete)
- Caching ride suggestions API (matchmaking)
- Cache invalidation also triggers on ride lock/unlock to prevent stale UI state
- Ride creator can lock/unlock rides to stop further joining even if seats are available
- Lock requires minimum 2 participants
- Lock state displayed on ride cards + enforced in backend join logic
- Fully synced across clients using Socket.IO events
- Ride expiry handled via BullMQ delayed jobs
- Each ride schedules an expiry job at creation time
- Jobs persist in Redis (restart-safe)
- On expiry:
- ride marked
expired - realtime socket updates sent
- caches invalidated
- ride marked
Client (React)
|
| REST APIs (JWT Auth)
|
Express.js Backend
βββ Auth Service (OTP + Admin Escalation)
βββ Ride Service
βββ Admin Moderation Service
βββ Notification Service
βββ Cleanup Jobs (Cron)
βββ Socket.IO (Chat + Realtime Events)
|
MongoDB Atlas
Redis (OTP + Cache)Cab_Connect/
β
βββ Cab_Connect-Frontend/
β βββ src/
β β βββ components/
β β βββ pages/
β β βββ contexts/
β β βββ services/
β βββ package.json
β
βββ Cab_Connect-Backend/
β βββ models/
β βββ controllers/
β βββ routes/
β βββ middleware/
β βββ utils/
β βββ jobs/
β βββ server.js
β βββ package.json
β
βββ README.md- Admin password stored only in
.env - No hardcoded emails
- No magic tokens
| Role | Permissions |
|---|---|
| User | Create / Join rides, Chat |
| Admin | All user permissions + moderation |
RBAC is enforced using centralized middleware.
- Duration: 7 days
- Triggered by admin
- Blocks:
- Chat
- Ride creation
- Triggered after 3 bans
- No auto-unban
- Still allowed:
- Joining rides
Note: Banned users are restricted from chatting and creating rides but can still join rides (policy decision).
Note: The moderation system uses a strike-based enforcement model where repeated violations lead to permanent bans.
- BullMQ worker automatically expires rides at departure time
- Cleans ride data (messages, caches)
- Notifies connected users in real time via Socket.IO
- Optional cron fallback can be kept for legacy cleanup
Backend
- Node.js
- Express.js
- MongoDB (Atlas)
- Mongoose
- Socket.IO
- JWT
- bcrypt
- express-rate-limit
- Redis (OTP + caching)
- Typescript
- Tailwind CSS
- Context API
- Bun
git clone https://github.com/your-username/cab_connect.git
cd cab_connectcd Cab_Connect/Cab-Connect-Backend
npm installcd Cab_Connect/Cab-Connect-Frontend
npm installInput your values :)
Working on Test Keys to Provide with Rate Limits
Redis Setup (Docker)
docker run -d --name redis -p 6379:6379 redisRedis is required for OTP storage, caching, and BullMQ queues.
docker exec -it redis redis-cli ping
# Expected: PONGnpm run dev
This project includes unit, integration, and advanced concurrency tests to ensure backend reliability and race-condition safety.
- Vitest β Test runner
- Supertest β API endpoint testing
- MongoDB (local) β Isolated test database
-
Make sure MongoDB is running locally.
-
Create a test database (auto-created on first run):
mongodb://127.0.0.1:27017/cabconnect_test -
Add test variables to your
.env(or.env.testif separated):envJWT_ACCESS_SECRET=testsecretkey -
Run All Tests
npx vitest run
This backend provides interactive API documentation using Swagger UI.
npm install
node src/server.js
visit localhost:5000/docsDivyansh Garg
Built as a real-world, security-focused system for college students.