This document describes how to contribute to the Zenith Event Management System, including backend APIs, authentication, business logic, database design, and evaluation workflows.
Contributions may include backend features, API improvements, documentation, tests, performance fixes, or security hardening.
- Overview
- System Architecture
- Authentication
- Core Features
- API Endpoints
- Database Schemas
- Business Logic
- Error Handling
- Implementation Checklist
The Zenith Event Management System is a comprehensive platform for managing hackathons or competitions with three primary components:
- Main Website: Participant registration, team formation, and submission
- Admin Portal: Participant, team, and evaluator management
- Evaluator Portal: Team evaluation and scoring
- Individual and team registration
- Dynamic team formation with unique team codes
- Team discovery and matchmaking
- Submission handling (YouTube video + PDF)
- Multi-stage evaluation workflow
- RSVP confirmation for shortlisted teams
- Backend: Node.js with Express
- Database: MongoDB
- Authentication: Firebase Authentication
- File Storage: Cloudinary
- Video Hosting: YouTube (validated links only)
- Submission deadline enforced globally
- RSVP requires confirmation from all team members
- Participant
- Admin
- Evaluator
All endpoints except registration and login require a Firebase authentication token.
Authorization: Bearer <firebase_token>
- User registers with Firebase
- User data is stored in MongoDB
- Token is verified on every request
- Role-based access control is enforced
async function authenticateUser(req, res, next) {
try {
const token = req.headers.authorization?.split('Bearer ')[1];
if (!token) return res.status(401).json({ error: 'AUTH_REQUIRED' });
const decodedToken = await admin.auth().verifyIdToken(token);
const user = await User.findOne({ uid: decodedToken.uid });
if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' });
req.user = user;
next();
} catch {
return res.status(401).json({ error: 'AUTH_INVALID' });
}
}requireAdminrequireEvaluatorrequireTeamLeadrequireTeamMember
These middlewares enforce strict access control for every protected endpoint.
- View and filter participants
- Manage teams and evaluators
- Assign evaluators
- Finalize selections
- Export data
- Profile management
- Team creation and joining
- Submission uploads
- RSVP confirmation
- View assigned teams
- Review submissions
- Submit and update evaluations
https://api.zenith.example.com/v1
{
"success": true,
"message": "Operation successful",
"data": {},
"error": null,
"timestamp": "ISO-8601"
}{
uid: String,
email: String,
name: String,
phone: String,
age: Number,
organisation: String,
bio: String,
isLooking: Boolean,
teamCode: String,
createdAt: Date,
updatedAt: Date
}{
teamCode: String,
teamName: String,
teamLead: String,
teamMembers: [],
teamStatus: String,
appliedFor: String,
isEvaluated: Boolean,
isShortlisted: Boolean,
scores: {},
createdAt: Date
}{
uid: String,
email: String,
assignedTeams: [],
stats: {}
}{
title: String,
description: String,
isActive: Boolean,
teamCount: Number
}function generateTeamCode() {
const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
const len = Math.floor(Math.random() * 3) + 6;
return Array.from({ length: len }, () =>
chars[Math.floor(Math.random() * chars.length)]
).join('');
}function calculateTotalScore({ tech, ux, presentation }) {
return tech + ux + presentation;
}function validateYouTubeURL(url) {
return /youtube\.com\/watch\?v=|youtu\.be\//.test(url);
}{
"success": false,
"message": "Error description",
"error": {
"code": "ERROR_CODE",
"details": "Optional details"
},
"timestamp": "ISO-8601"
}- Keep PRs focused and small
- Add tests for new features
- Follow consistent API response formats
- Do not break authentication or RBAC
- Document any business logic changes clearly