A production-grade MERN application for managing events with secure authentication and safe RSVP concurrency handling.
- Frontend:https://rsvp-omega-ecru.vercel.app/
- Backend: https://rsvp-u5nz.onrender.com
- API Base URL: https://rsvp-u5nz.onrender.com/api
- Frontend: React (Vite), Context API, Vanilla CSS (Responsive), Lucide Icons
- Backend: Node.js, Express.js
- Database: MongoDB Atlas (Mongoose)
- Authentication: JWT, BCrypt
- Images: Cloudinary (Multer generic upload)
- Deployment: Vercel (Client), Render (Server)
-
Clone the repository
git clone https://github.com/Manoj-APJ/RSVP.git cd RSVP -
Backend Setup
cd server npm install # Create .env file based on .env.example npm start
Env Variables (
server/.env):PORT=5000 MONGO_URI=your_mongodb_connection_string JWT_SECRET=your_jwt_secret CLOUDINARY_CLOUD_NAME=your_cloud_name CLOUDINARY_API_KEY=your_key CLOUDINARY_API_SECRET=your_secret -
Frontend Setup
cd client npm install npm run dev -
Access the App Open http://localhost:5173 in your browser.
The application uses strict concurrency control to prevent overbooking, ensuring that event capacity is never exceeded even under heavy load.
-
Atomic Updates: We do not rely on reading the
attendeesCountand then updating it in two separate steps. -
Constraint Query: The update operation uses a query filter that strictly checks capacity at the moment of update:
Event.findOneAndUpdate( { _id: eventId, $expr: { $lt: ['$attendeesCount', '$capacity'] } }, { $inc: { attendeesCount: 1 } } )
If
attendeesCountmatchescapacityat the DB level, this operation fails to match any document, returningnull. This prevents race conditions where two users read "49/50" and both write "50/50". -
Unique Compound Index: A generic unique index on
RSVPcollection{ userId: 1, eventId: 1 }prevents the same user from spamming RSVPs.
- JWT Auth: Stateless authentication with bearer tokens.
- Password Hashing: Bcrypt with salt.
- Input Sanitization: Express-validator to check inputs.
- Protected Routes: Middleware verifies token before access.
- Authorization: Only event creators can edit/delete their specific events.
- Secure Uploads: Images are processed and stored in Cloudinary, not the server file system.
- User Registration & Login
- Create, Read, Update, Delete Events
- Image Upload via Cloudinary
- Real-time Capacity Enforcement (RSVP)
- "Sold Out" Indicators
- Responsive Mobile-First Design