← Back to Projects
Badar Uddin Welfare

Badar Uddin Welfare

Production charity system — live deployment for a real Bangladeshi NGO.

Live Code

Overview

Deployed for active organizational use by the Badar Uddin Bepari Welfare Organization in Feni, Bangladesh. Handles the full donation lifecycle: member requests, three-tier admin review (superAdmin / admin / member), fund disbursement tracking, and beneficiary records. All role checks are enforced at the API route level — frontend guards are UI only. Cloudinary manages signed document uploads (receipts, ID files), keeping sensitive assets off the application server. OTP email verification via Brevo gates new registrations. The entire UI is in Bengali (Hind Siliguri), requiring deliberate font loading and spacing decisions.

Key Features

  • Three-tier RBAC enforced server-side: superAdmin → admin → member with scoped API permissions
  • Donation request workflow with status transitions: pending → under review → approved/rejected
  • Cloudinary signed upload presets for receipts and supporting documents
  • OTP email verification at registration via Brevo API to reduce fraudulent accounts
  • Full Bengali-language UI with Hind Siliguri font loading and consistent rendering across Android browsers
  • Admin dashboard with fund summary, pending actions queue, and member activity log

Tech Stack

Frontend: React, Vite

Backend: Node.js, Express

Database: MongoDB

Auth: JWT

Challenges

  • Brevo sender verification required multiple iterations due to SPF/DKIM setup on a shared hosting environment
  • Bengali font rendering inconsistency across Android browsers — some weights failed to load correctly
  • Role enforcement needed to be airtight at the API layer — frontend-only guards are insufficient for a live organization

Solutions

  • Configured a verified Brevo sender domain with full SPF and DKIM records; OTP emails now pass spam filters consistently
  • Standardized on Hind Siliguri with explicit font-weight declarations and a CSS fallback stack that degrades cleanly on older devices
  • All protected routes validate the decoded JWT role server-side before processing the request; frontend route guards handle UX only

Future Improvements

  • Annual fund report generation as a downloadable PDF
  • SMS notification fallback for beneficiaries without email access
  • Audit log export for organizational accountability and external reporting