Kahukai (HACC)

What is Kahukai?

Kahukai (named for Guardian of the Sea) is a web application that was built by me and my team mates (Jacob Hardy, Kylie Higashionna, Kelly Hwang, Kiana Walters) for the Hawaii Annual Code Challenge (HACC) 2021. We were Team Bloombugs and placed second in the competition. See our DevPost for the competition. It is a marine animal sighting and distress reporting application for Hawaii Marine Animal Response (HMAR) - the largest Hawaii-based nonprofit marine species conservation and rescue/response organization. It is tailored to record reports of Hawaiian marine animals including birds, seals and turtles (the three groups of animals that HMAR handles). Users can enter in sighting reports (general reports of one of Hawaii’s marine animals) or enter in distress reports, notifying HMAR of urgent situations. The forms for the sighting reports are tailored for the different groups of animals: there is a different sighting form for Hawaiian seabirds, Turtles and Hawaiian Monk Seals. Users are not required to sign up for the app and can enter these types of reports as an anonymous user. Users can also sign up for the app to be able to see records of reports they made previously. Administrative users (i.e. HMAR staff) can log into Kahukai to view all reports by all users. Admins can edit the information in each report, as they deem necessary. Admins can also delete distress reports as HMAR volunteers take care of those situations. There is a filtering capability in the records tables, allowing Admins to search through records with key words (e.g. finding all reports at a given “location”; finding reports of the same “animal”).

In addition to meeting the requirements HMAR made for the HACC challenge, we focused on improving the usability of the app by the mobile user. The user interface is designed so that it is easy to login reports (e.g. clickable images to fill out parts of the forms, select fields that allow for scrolling through options).

Security

While users are not required to be logged in to submit reports, to protect the public user info, users can register and log in with a password that they submitted if they so wish. So, no one can get to any other user’s info except for the administrators (HMAR). The public user’s account(s) do not store info about the user. Logging in does not give the user any other special privileges, besides having their information being protected. But, having the user sign in with a password reduces the chance of people trying to attack the data by making spurious entries.

Our Mongo database that stores the data resides on the servers that Digital Ocean provides. Unauthorized users cannot see the database because it is protected by Digital Ocean’s password system. Since the underlying database is a NoSQL database, the application is not susceptible to SQL injection. Since we are only storing JSON data, then there is a low risk of any kind of JavaScript injection.

Since each registered general user can only see their reports (that contain user name and contact information), Kahukai maintains user privacy. Only Admins can see the user information for all users.

How the Program Works

A walkthrough, including screenshots, of Kahukai can be found at bloombugs.github.io.

Accessing Kahukai

Kahukai is currently hosted on https://kahukai-bloombugs.cloud. (Note: Since our most recent deployment 12/16/21, the SSH certificate doesn’t recognize the site and so actually, the current access link is http://kahukai-bloombugs.cloud. We are working with Digital Ocean (the host of our application) to remedy this issue).