A premium, high-fidelity academic resources and study roadmaps portal specifically engineered for Sir Padampat Singhania University (SPSU). Standardized for GSOC/Open-Source communities.
Key Features β’ Quick Start β’ System Workflows β’ Architectural Decisions β’ Contributing
CampusCore is an advanced open-source student portal that streamlines access to academic materials like Previous Year Questions (PYQs), lecture notes, and curriculum syllabus, while offering a robust management suite for administrators.
Unlike traditional file-sharing hubs, CampusCore is built around privacy-first CDN delivery, zero-trust link-sharing security, and a fully responsive, dark-mode-first visual experience that guarantees zero clutter and maximum speed.
- Student Resources Panel: Search, filter, and discover files by academic branch (CS, IT, ME, EC, CE, EE) and semester (1-8).
- Secure Inline PDF Viewer: Custom sandboxed iframe that securely streams
application/pdfstreams directly inside the application, disabling raw links to prevent downloads. - Non-Blocking Background Downloads: Triggered via native HTML
target="_blank"anchor tags to fetch attachment headers in background threads, keeping the dashboard's active state undisturbed. - Role-Based Auth Console: Fine-grained access control separating student dashboards from administrative database CRUD tables (users, announcements, roadmaps, and subjects).
- Double-Barrier Privacy Indexing: Double protection matching strict edge-level metadata (noindex/nofollow layouts) with a localized
robots.txtconfiguration, ensuring auth dashboards are shielded from crawlers while maintaining high SEO rankings for landing portals.
The diagram below details the operational boundaries and secure network integrations between the Next.js edge runtime, Supabase databases, Cloudinary secure asset storage, and monitoring layers:
graph TD
Client[Student/Admin Browser] <-->|HTTPS / Dynamic Routes| Vercel[Vercel Serverless Edge]
Vercel <-->|Auth Session & RLS Checks| Supabase[Supabase PostgreSQL]
Vercel <-->|Signed Attachment Tokens| Cloudinary[Cloudinary Secure Bucket]
Vercel -.->|Error Instrumentation| Sentry[Sentry Tracking]
Vercel -.->|Real-User Metrics| VerAn[Vercel Web Analytics]
subgraph Supabase Security Boundary
Supabase -.->|Row-Level Security RLS| AuthUsers[auth.users]
Supabase -.->|Cascaded Profile Purge| Profiles[public.profiles]
Supabase -.->|Relation Schemas| DataTables[resources, roadmaps, announcements, subjects]
end
subgraph Cloudinary Asset CDN
Cloudinary -.->|Raw PDF Isolation| PDF[Study Handouts & PYQ Files]
end
Clone the repository and install dependencies:
git clone https://github.com/Sparkyyy45/campus-core.git
cd campus-core
npm installCreate a .env.local in the project root. The project's .gitignore is pre-configured to keep your variables private and secure:
# Supabase Configuration
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-public-key
SUPABASE_SERVICE_ROLE_KEY=your-service-role-secret-key
# Cloudinary Configuration
CLOUDINARY_CLOUD_NAME=your-cloud-name
CLOUDINARY_API_KEY=your-api-key
CLOUDINARY_API_SECRET=your-api-secret
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME=your-cloud-name
# App Configuration
NEXT_PUBLIC_APP_URL=http://localhost:3000Copy the SQL scripts in supabase/schema.sql and run them inside your Supabase SQL Editor to configure all tables, relational links, and Row-Level Security (RLS) policies.
npm run devOpen http://localhost:3000 in your browser.
When a user requests a route, Next.js Middleware intercepts the request, validates the Supabase session, and handles role authorization before serving any content.
graph TD
User([Student or Admin]) -->|Request /admin/resources| Mid{Next.js Middleware}
Mid -->|Invalid Session| Login[Redirect to /login]
Mid -->|Valid Session| DB[(Verify Role in DB)]
DB -->|Role is STUDENT| Denied[Redirect to /dashboard]
DB -->|Role is ADMIN| Allow[Serve Admin Portal - 200 OK]
To prevent hotlinking, direct public URLs are strictly blocked (401 Unauthorized). The system generates time-limited signed URLs that expire after exactly 1 hour in two different modes.
graph TD
Click[Student Clicks Resource Card] --> Action{Action Type}
Action -->|View| SignView[API signs URL without Attachment parameter]
SignView -->|Serve 200 OK| Iframe[Browser Iframe streams PDF Inline]
Action -->|Get| SignGet[API signs URL with attachment: true]
SignGet -->|Redirect| Download[New Tab downloads file directly to PC]
- Decision: We completely removed external Google OAuth buttons and routes to provide an localized authentication wall.
- Implementation: Login, signup, and reset forms were migrated to client components inside static server layouts. This lets us export server-rendered SEO metadata while keeping form interactions highly responsive.
- Decision: The
subjectstable lacks acodecolumn. Instead of performing complex database alterations, we dynamically derive codes on-the-fly. - Implementation: We query only the
namecolumn and use a fast string parser to generate abbreviations (e.g. "Data Structures" -> "DS", "C Programming" -> "CP") directly inside Next.js Server Components. This keeps the database lightweight and ensures zero query faults.
- Decision: Next.js client-side
<Link>tags intercept file-download redirects, which forces the active browser tab to navigate to the Cloudinary URL. - Implementation: We wrapped download buttons in standard HTML
<a>tags withtarget="_blank"andrel="noopener noreferrer". This triggers downloads in independent browser threads, leaving the active student dashboard open and completely undisturbed.
We welcome open-source contributions from the global developer community and GSoC candidates!
- Fork the Project.
- Create your Feature Branch (
git checkout -b feature/AmazingFeature). - Commit your Changes (
git commit -m 'feat: add amazing feature'). - Push to the Branch (
git push origin feature/AmazingFeature). - Open a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.