A modern, secure web application for managing college attendance with QR code-based sessions and comprehensive admin controls.
- Secure Authentication: Multi-provider auth with Firebase and NextAuth.js
- Profile Management: Complete student profile system with validation
- Admin Dashboard: Comprehensive admin controls and reporting
- Attendance Tracking: QR code-based attendance system
- Email Verification: OTP-based email verification system
- Responsive Design: Mobile-first responsive UI with dark mode
- Security First: Built with security best practices
- Frontend: Next.js 14, React 18, TypeScript, Tailwind CSS
- Authentication: NextAuth.js, Firebase Auth
- Database: Firebase Firestore
- Email: Nodemailer with SMTP
- Styling: Tailwind CSS with custom design system
- Deployment: Vercel-ready
- Node.js 18+
- Firebase project with Firestore and Authentication enabled
- SMTP email service (Gmail, SendGrid, etc.)
- Google OAuth credentials (optional)
-
Clone the repository
git clone <repository-url> cd stuvia-web
-
Install dependencies
npm install
-
Set up environment variables
cp .env.example .env.local
Fill in all the required environment variables in
.env.local:# Generate with: openssl rand -base64 32 NEXTAUTH_SECRET=your-secure-secret-here NEXTAUTH_URL=http://localhost:3000 # Firebase configuration NEXT_PUBLIC_FIREBASE_API_KEY=your-api-key NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN=your-project.firebaseapp.com NEXT_PUBLIC_FIREBASE_PROJECT_ID=your-project-id # Firebase Admin SDK FIREBASE_PROJECT_ID=your-project-id FIREBASE_CLIENT_EMAIL=firebase-adminsdk-xxx@your-project.iam.gserviceaccount.com FIREBASE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n" # SMTP Configuration SMTP_HOST=smtp.gmail.com SMTP_PORT=587 SMTP_USER=your-email@gmail.com SMTP_PASS=your-app-password SMTP_FROM=noreply@yourdomain.com # Admin emails (comma-separated) ADMIN_EMAILS=admin@rajagiri.edu.in
-
Set up Firebase
- Create a Firebase project
- Enable Authentication with Email/Password and Google providers
- Enable Firestore Database
- Download service account key and add to environment variables
-
Run the development server
npm run dev
Add these Firestore security rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Users can only read/write their own profile
match /users/{email} {
allow read, write: if request.auth != null && request.auth.token.email == email;
}
// Admin-only collections
match /templates/{document=**} {
allow read, write: if request.auth != null && request.auth.token.role == 'admin';
}
// OTP collection (system use only)
match /emailOtps/{document=**} {
allow read, write: if false; // Server-side only
}
}
}- Never commit
.env.localto version control - Use strong, randomly generated secrets
- Enable Firebase App Check in production
- Use HTTPS in production
- Implement proper CORS policies
stuvia-web/
βββ app/ # Next.js app directory
β βββ (auth)/ # Authentication pages
β βββ admin/ # Admin dashboard
β βββ api/ # API routes
β βββ dashboard/ # User dashboard
β βββ settings/ # User settings
βββ components/ # Reusable components
β βββ ui/ # UI components
β βββ attendance/ # Attendance-specific components
βββ lib/ # Utility libraries
β βββ firebase/ # Firebase configuration
β βββ attendance/ # Attendance logic
β βββ auth.ts # NextAuth configuration
βββ public/ # Static assets
βββ docs/ # Documentation
-
Push to GitHub
git add . git commit -m "Initial commit" git push origin main
-
Deploy to Vercel
- Connect your GitHub repository to Vercel
- Add all environment variables in Vercel dashboard
- Deploy
-
Configure production settings
- Update
NEXTAUTH_URLto your production domain - Enable HTTPS
- Configure custom domain (optional)
- Update
Ensure all environment variables are set in your deployment platform:
NEXTAUTH_SECRET- Strong random secretNEXTAUTH_URL- Your production URL- Firebase configuration variables
- SMTP configuration
- Admin email addresses
# Run tests
npm test
# Run linting
npm run lint
# Type checking
npm run type-checkThe application includes comprehensive logging for:
- Authentication events
- Security incidents
- API errors
- Database operations
Consider integrating with:
- Sentry for error tracking
- LogRocket for session replay
- Firebase Analytics for usage metrics
-
Authentication
- Strong password requirements
- Rate limiting on auth endpoints
- Secure session management
-
Authorization
- Role-based access control
- Proper middleware protection
- Admin access logging
-
Data Protection
- Input validation and sanitization
- SQL injection prevention
- XSS protection
-
Infrastructure
- HTTPS enforcement
- Secure headers
- CORS configuration
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
For support and questions:
- Documentation: Explore our Architecture Guide, Database Schema, and API Reference.
- Setup: Follow the Deployment Guide for production configuration.
- Contributing: Read our Contributing Guidelines and Style Guide.
- Security: Review security guidelines in
SECURITY.md. - Issues: Create an issue on GitHub.
- Initial release
- Basic authentication system
- Profile management
- Admin dashboard
- Security improvements
SECURITY.md file for security guidelines and best practices before deploying to production.
cfc6863e68e0f2a7daca62137ace86deec5278f8