CSSU Rewards

React TypeScript Express.js Prisma SQLite JWT Jest QR Code
View on GitHub ↗ Live Demo ↗

Overview

Built as a competition entry, the brief was to design a points system for the University of Toronto's Computer Science Student Union. Students earn points by attending events, and can send points to each other by scanning a QR code or entering a user ID. There's a full admin hierarchy: cashiers process transactions at events, managers run reports and create promotions, and superusers control everything.

What I built

  • JWT authentication with refresh token rotation
  • Four-tier role system: Regular, Cashier, Manager, Superuser
  • QR code generation and scanning for peer-to-peer point transfers
  • Event management with RSVP, attendance tracking, and point awards
  • Promotion campaigns with spending thresholds and bonus multipliers
  • Suspicious transaction flagging for admin review
  • Jest test suite covering auth flows and core transaction logic

What I learned

  • Designing a multi-tier RBAC system from scratch, what belongs at each level
  • Building reliable QR code flows that work on mobile and desktop browsers
  • Structuring a monorepo with separate frontend and backend TypeScript codebases
  • Writing integration tests that actually catch real bugs

Architecture

flowchart TD
    subgraph Roles["Role Hierarchy"]
        SU["Superuser"]
        MGR["Manager"]
        CSH["Cashier"]
        STU["Student"]
    end

    subgraph API["Express.js API"]
        Auth["JWT Auth
& Middleware"]
        Points["Points Engine"]
        Events["Event Manager"]
        Promos["Promotions"]
        Flags["Fraud Flagging"]
    end

    DB[("SQLite
(Prisma)")]

    SU -->|"full control"| API
    MGR -->|"reports + promos"| API
    CSH -->|"process transactions"| API
    STU -->|"earn + send points"| API

    Auth --> Points
    Auth --> Events
    Auth --> Promos
    Points -->|"QR / manual"| DB
    Events --> DB
    Promos --> DB
    Points --> Flags
    Flags --> DB