The figures below illustrate our data storage design for two primary collections: Users and Carpools. Since our system uses MongoDB instead of SQL, we adopted a document-database model, making it easier to structure and query our data efficiently. Each box represents a document with its respective attributes, while arrows denote relationships between documents.

Figures:

  • Figure 2.1 - Data Storage Diagram
  • Figure 2.2 - User JSON Document
  • Figure 2.3 - Carpool JSON Document
  • Figure 2.4 - User Carpool Data JSON Document

Collections & Data Structure

Users Collection

The User document stores profile-related and static information about each user.

  • Includes a unique user ID.
  • Contains an object with user details such as:
    • Children’s information
    • Location
    • Registration form completion status
  • Editable attributes include address changes and adding children to the profile.

Carpools Collection

The Carpool document contains all details related to a carpool organization.

  • Includes a unique carpool ID.
  • Stores metadata such as:
    • Carpool organization creator’s name & ID
    • Location & schedule (time/days)
    • List of members (user IDs stored in an array)
  • The members array is updated as users join the carpool.

User Carpool Data Collection

The User Carpool Data document links a user to their associated carpools.

  • Contains the user ID and location.
  • Stores an array of carpool objects, each containing:
    • Carpool ID
    • Rider information
    • Driving availability
    • Notes regarding the carpool
  • Updates dynamically when a user joins or creates a carpool.

Protocols & Security

Data Exchange & Encryption

  • The application does not handle file storage but uses JSON for data exchange between the client and server.
  • MongoDB’s built-in encryption ensures secure storage of sensitive information.
  • All data exchange is secured using HTTPS, encrypting communication between users and the server.

User Authentication & Access Control

  • Google OAuth 2.0 is used for authentication, leveraging Google’s high-security infrastructure.
  • No passwords are stored in the application.
  • User email addresses and names are non-editable to maintain integrity.
  • Location data is only accessible to authorized carpool members and is not stored beyond its necessary usage period.

Role-Based Access Control (RBAC)

  • Access to Personally Identifiable Information (PII) is restricted using RBAC, ensuring that only authorized users can view their respective data.
  • The main PII stored includes:
    • Email addresses
    • Location details (restricted visibility)
  • The application does not process or store financial information, significantly reducing potential security vulnerabilities.

By implementing MongoDB encryption, OAuth authentication, and HTTPS, our system ensures data integrity, privacy, and security while maintaining efficient and scalable storage.