Skill Workshop Management System
My flagship solo project — a full-stack educational platform with RBAC, payments, observability, and 95+ Lighthouse scores.

Overview
Skill Workshop Management System is my flagship solo project — a comprehensive educational platform that connects workshop experts with seekers. The system handles the full lifecycle: discovery, OTP-verified registration, secure payments via SSLCommerz with PDF invoice generation, learning dashboards with certificates, and admin analytics.
The backend follows a component-based modular architecture (interfaces → models → services → controllers → routes → validations per module) with 9 modules: auth, category, enrollment, otp, payment, sslCommerz, stats, user, and workshop. It ships with JWT + Google OAuth 2.0 authentication, Redis-backed OTP, rate limiting, background jobs via BullMQ, soft deletes, audit trails, Prometheus metrics at /metrics, API versioning (v1 stable + v2 beta), Swagger/OpenAPI 3.0 docs, and CSRF protection (double-CSRF pattern).
The frontend achieves 95+ Lighthouse Performance scores and ships with 282 unit tests (Vitest) + 80 E2E tests (Playwright) across 5 browsers. The CI/CD pipeline includes 7 GitHub Actions workflows: lint, type-check, unit tests, E2E tests, bundle analysis, Vercel preview/production deploys, secret scanning (TruffleHog), and security audit (bun audit + CodeQL).
Highlights
- 01Solo full-stack build — 9 backend modules, RBAC (STUDENT/ADMIN/SUPER_ADMIN), OTP-verified registration backed by Redis, and SSLCommerz payments with PDF invoices.
- 0295+ Lighthouse Performance scores on the frontend, with 282 unit tests + 80 E2E tests across 5 browsers (Chromium, Firefox, WebKit, Mobile Chrome, Mobile Safari).
- 03Production-grade security: JWT + Google OAuth 2.0, token blacklisting with jti claims, CSRF protection (double-CSRF), rate limiting, helmet, and audit trails.
- 04Observability + DevOps: Prometheus metrics at /metrics, 7 GitHub Actions workflows (lint → typecheck → test → build → deploy), secret scanning (TruffleHog), and CodeQL security audit.
Key Features
- Multi-role authentication: STUDENT / ADMIN / SUPER_ADMIN with granular RBAC
- OTP-verified registration backed by Redis
- SSLCommerz payment gateway with PDF invoice generation (pdfkit)
- Cloudinary asset pipeline (multer-storage-cloudinary)
- Role-based dashboards with middleware-enforced route protection
- Admin consolidated /api/v1/stats/dashboard endpoint (replaces 7 calls, 6× faster)
- Real-time analytics with trend charts (Recharts)
- Audit trails + soft deletes for data recovery
- Prometheus metrics at /metrics (HTTP, DB latency, Redis, queue lengths)
- API versioning (v1 stable + v2 beta) via URL path + X-API-Version header
- Swagger/OpenAPI 3.0 documentation
- CSRF protection (double-CSRF pattern via csrf-csrf)
- Token blacklisting with jti claims + dedicated reset-password secret
- Snapshot isolation for enrollment transactions
- 282 unit tests + 80 E2E tests across 5 browsers
- 95+ Lighthouse Performance scores
Challenges Faced
Future Improvements & Plans
- Add WebSocket-based real-time notifications for enrollment confirmations and workshop updates.
- Implement a recommendation engine for workshops based on user behavior and category affinity.
- Add video streaming for workshop content with HLS + DASH support.
- Migrate to a microservices architecture as the platform scales beyond a single workshop type.
- Add multi-language support (i18n) starting with Bengali and English.
- Implement in-app certificate verification via QR codes.
Interested in this project?
Check out the code, try the live demo, or get in touch to discuss similar work.