Sunanda M.

Event Schedule - MongoDB

Timeframe

- Present

Github

Objective

A robust event management API leveraging MongoDB and Mongoose for scalable scheduling, RSVP, waitlists, notifications, and RBAC.

Technologies

Node.jsExpress.jsMongoDBMongooseJWTHelmetexpress-rate-limit

Features

JWT-based authentication with access + refresh token flow

Admin/organizer/attendee roles with authorization middleware

Event creation and management routes

Embedded session management inside events

RSVP system with statuses: going/interested/not going

Waitlist functionality preventing duplicates (via compound indexes)

Feedback and ratings on events

Notification system with unread/read state and optional TTL cleanup

Pre-hooks for password hashing and plugin-based audit logging

Security middlewares (helmet, rate limiting, CORS)

Architecture The API uses robust Mongoose schema design: deep validation rules, embedded docs for sessions, virtual fields for analytics, and compound/TTL indexes for performance and token expiration control.

Backend

The backend API is structured with Express.js routing layered with middleware for authentication and RBAC. MongoDB is modeled via Mongoose, using schemas with embedded session subdocuments within events, virtuals for computed fields (e.g., total duration, session counts), compound indexes for uniqueness guarantees, and TTL indexes for token/session expiration. Authentication uses JWT access and refresh tokens.

Database

MongoDB with Mongoose for data modeling, indexes, and schema features

Hosting

Deployable on any Node.js capable environment (e.g., Heroku, Render, AWS EC2)

Insights

Modeling complex relationships and ensuring data consistency

Used Mongoose subdocuments and references; embedded session docs within events for natural hierarchical access; used compound indexes for RSVP/waitlist uniqueness and TTL indexes for token and notification expiration.

Securing endpoints with multiple roles and permissions

Implemented RBAC middleware to authorize based on user roles (admin/organizer/attendee), ensuring sensitive event operations are blocked from unauthorized users.

Tracking user actions and system history

Built a reusable audit logging plugin to capture before/after states of key operations without polluting core business logic.

Learnings

Designing a NoSQL schema that balances normalization and performance

Leveraging Mongoose schema features like virtuals and TTL indexes

Building layered security with JWT, RBAC, and Express middleware

Implementing audit trails with Mongoose plugins

Structuring a scalable backend API with clear separation of concerns

Mistakes

Early schema iterations struggled with flattening nested session data — resolved by Mongoose subdocs.

Initial auth logic was overly simplistic — strengthened with RBAC middleware and refresh token rotation.

Why Build Event Schedule?

The goal was to design a backend API that supports real-world event management needs — sessions, RSVPs, waitlists, notifications, and feedback — while demonstrating deep MongoDB modeling and secure access controls.

Future Improvements

Add REST API documentation (OpenAPI/Swagger)

Build an admin dashboard UI (React/Vue) to visualize events, RSVPs, and analytics

Add social login (OAuth) and email notifications

Implement WebSocket notifications for real-time updates

Next Project

Advanced Express CRUD