ICWVCD Conference Serverless API
Event
This project utilizes Google Apps Script to automate data processing and integrate with
Google Sheets for dispatching confirmation emails, both with and
without QR codes.
These QR codes streamline the check-in process for
conference attendees. The solution is built on a serverless API
architecture and incorporates a straightforward admin passcode mechanism
to efficiently manage check-in operations.
Client: ICWVCD Conference Committee
Client: ICWVCD Conference Committee
_
Tech Stack
_
- Nextjs 14
- Typescript
- PostgreSQL
- Drizzle ORM
- Neno Serverless DB
- Zod
- Upstash Redis/Ratelimts
- Vercel Hosting
- Cloudflare DNS & Analysis
- Better Stack Logs
- Vitest
- Github Actions
_
Features
_
Google Sheets + Apps Script
- Batch Processing: Efficiently processes data.
- Conditional Email Sending: Sends different email contents based on participants' attendance responses.
- API Bearer Authentication: Secures API access using bearer tokens.
Middleware
- Security Headers: Implements necessary security headers to protect the application.
- Check Admin cookie:
- Verifies the presence of an admin cookie in the request.
- If the admin cookie is missing, the middleware redirects the user to the
/loginpage. - Uses a callback URL mechanism to enhance user experience by redirecting from
/loginback to/checkinafter successful login. - Ensures proper error handling throughout the redirection process.
Check-in Process
- Server Availability: The check-in server is accessible only within a specific timespan.
- QR Code Scanning:
- Scans QR codes and only successfully logged in to be able to retrieve obscured participant data cookies that stored in browser.
- Deletes the cookie immediately upon successful check-in.
- In any situation, the participant cookie expires in 5 minutes.
- Login Security:
- Requires a passcode for login.
- Generates a random session token, saved in the admin cookie and the Redis server.
- Admin cookie expires in 5 hours.
- Limits login attempts to 10 requests per 10 seconds, with IP addresses cached.
_
Github
_
Codebase is private due to client confidentiality.