azmaeenmahtab/Khujo-backend

# 📵 KHUJO — Backend A document-verified stolen mobile phone reporting and IMEI lookup system built for Bangladesh. Users report stolen phones with a Police GD copy, which goes through a multi-stage automated verification pipeline before the phone's IMEI is indexed in the stolen device database. ## 🔍 What It Does - Accepts theft reports with a **Police GD copy**, IMEI number, theft location, and optional phone box photo - Runs the GD document through a **multi-stage verification pipeline** (EXIF → ELA → Vision LLM → OCR → IMEI match → duplicate check) - Routes low-confidence cases to an **admin review queue** - Indexes verified stolen IMEIs in the database - Exposes a **public IMEI lookup API** so buyers can check secondhand phones before purchasing ## 🧰 Tech Stack ### Core Backend    ### Database   ### Document Verification Pipeline    ### AI / ML    ### Storage & Infrastructure   ## 🏗️ Verification Pipeline Every theft report passes through 8 sequential stages before being approved: Report Submitted │ ▼ ┌─────────────────────────────────────────────┐ │ Stage 1 — EXIF Metadata Check │ │ GPS coords, timestamp, device model │ │ Tool: ExifRead (Python) │ └──────────────────────┬──────────────────────┘ │ pass ▼ ┌─────────────────────────────────────────────┐ │ Stage 2 — ELA Tamper Detection │ │ JPEG re-compression artifact analysis │ │ Tool: Pillow / OpenCV │ └──────────────────────┬──────────────────────┘ │ pass ▼ ┌─────────────────────────────────────────────┐ │ Stage 3 — Vision LLM Structure Check │ │ GD header, seal, station format validation │ │ Model: GPT-4o Vision / Claude │ └──────────────────────┬──────────────────────┘ │ pass ▼ ┌─────────────────────────────────────────────┐ │ Stage 4 — OCR Text Extraction │ │ Extract IMEI, GD number, date from doc │ │ Tool: EasyOCR (Bengali + English) │ └──────────────────────┬──────────────────────┘ │ ▼ ┌─────────────────────────────────────────────┐ │ Stage 5 — IMEI Match │ │ OCR-extracted IMEI == submitted IMEI │ └──────────────────────┬──────────────────────┘ │ match ▼ ┌─────────────────────────────────────────────┐ │ Stage 6 — Duplicate / Spam Check │ │ Same IMEI, GD number, or user fingerprint │ │ Tool: PostgreSQL query │ └──────────────────────┬──────────────────────┘ │ unique ▼ ┌─────────────────────────────────────────────┐ │ Stage 7 — Confidence Score Routing │ │ High confidence → auto approve │ │ Low confidence → admin review queue │ └──────────────────────┬──────────────────────┘ │ approved ▼ ┌─────────────────────────────────────────────┐ │ Stage 8 — Verified & Indexed │ │ IMEI stored in stolen device database │ │ User notified, public lookup enabled │ └─────────────────────────────────────────────┘ ## 📡 API Endpoints ### Report Submission POST /api/v1/reports Content-Type: multipart/form-data Fields: gd_copy File (required) — scanned GD document image imei String (required) — 15-digit IMEI number theft_location String (required) — district / area phone_box File (optional) — photo of phone box ### Report Status GET /api/v1/reports/:reportId/status ### Public IMEI Lookup GET /api/v1/lookup?imei=<15-digit-imei> Response: { "imei": "358765000000000", "status": "stolen" | "clear", "reported_at": "2025-03-12T09:40:00Z", // only if stolen "theft_location": "Dhaka, Mirpur" // only if stolen } ### Admin Review Queue GET /api/v1/admin/queue POST /api/v1/admin/queue/:reportId/approve POST /api/v1/admin/queue/:reportId/reject ## 📁 Project Structure mobilesentry-backend/ ├── src/ │ ├── routes/ │ │ ├── reports.ts # Submission and status endpoints │ │ ├── lookup.ts # Public IMEI lookup │ │ └── admin.ts # Admin review queue │ ├── pipeline/ │ │ ├── exifCheck.ts # Stage 1 — EXIF metadata │ │ ├── elaDetection.py # Stage 2 — ELA tamper detection │ │ ├── visionLLM.ts # Stage 3 — GPT-4o structure check │ │ ├── ocrExtract.py # Stage 4 — EasyOCR extraction │ │ ├── imeiMatch.ts # Stage 5 — IMEI comparison │ │ ├── duplicateCheck.ts # Stage 6 — Duplicate detection │ │ └── confidenceRouter.ts # Stage 7 — Routing logic │ ├── models/ │ │ ├── Report.ts │ │ └── StolenDevice.ts │ ├── services/ │ │ ├── storage.ts # S3 file uploads │ │ ├── notify.ts # User notifications │ │ └── queue.ts # Admin queue management │ ├── middleware/ │ │ ├── auth.ts │ │ └── upload.ts # Multer config │ └── app.ts ├── python/ │ ├── ela_detect.py │ └── ocr_extract.py ├── prisma/ │ └── schema.prisma ├── docker-compose.yml ├── Dockerfile └── .env.example ## ⚙️ Environment Variables # Server PORT=3000 NODE_ENV=development # Database DATABASE_URL=postgresql://user:password@localhost:5432/mobilesentry # Redis REDIS_URL=redis://localhost:6379 # AI / Vision OPENAI_API_KEY=your_openai_key # AWS S3 AWS_ACCESS_KEY_ID=your_key AWS_SECRET_ACCESS_KEY=your_secret AWS_S3_BUCKET=mobilesentry-uploads AWS_REGION=ap-south-1 # Admin ADMIN_SECRET=your_admin_secret ## 🚀 Getting Started ### Prerequisites - Node.js v20+ - Python 3.10+ - PostgreSQL 15+ - Docker (optional but recommended) ### With Docker git clone https://github.com/your-username/mobilesentry-backend.git cd mobilesentry-backend cp .env.example .env docker-compose up --build ### Manual Setup # Install Node dependencies npm install # Install Python dependencies pip install pillow easyocr exifread opencv-python # Run database migrations npx prisma migrate dev # Start the server npm run dev ## 🛡️ Security Notes ## 🗺️ Roadmap - [ ] Bangladesh Police GD format fine-tuned classifier (HuggingFace ViT) - [ ] SMS notification for report status updates - [ ] Mobile app (Android first — React Native) - [ ] BTRC IMEI database cross-reference integration - [ ] Multi-language support (বাংলা interface) ## 📄 License MIT License — see [LICENSE](./LICENSE) for details.

标签：自动化攻击