Creative Projects Crowdfunding Website

Project Overview

Idea Hub is a web-based platform that allows authenticated users to submit ideas for review, track their status, and showcase approved ideas publicly. The platform includes a secure admin review workflow and enforces strict role-based permissions and data access rules.

The goal is to deliver a production-ready MVP with clean architecture, strong security, and a scalable foundation.

Core Requirements
1. Authentication & Roles

Implement user authentication with:

Signup (name, email, password)

Login / logout

Persistent sessions

Implement a role system with two roles:

user

admin

Roles must be assigned server-side only.

Users must never be able to select or modify their role from the client.

All role checks must be enforced server-side (UI checks alone are insufficient).

2. Authorization & Access Control

Users may only:

View their own ideas

Create new ideas

Edit/delete their own drafts

Users may not:

View or modify other users’ ideas

Approve or reject ideas

Change idea status directly

Admins may:

View all submitted ideas

Approve or reject ideas

Add optional admin feedback notes

All authorization must be enforced server-side with ownership checks to prevent ID-guessing attacks.

3. Idea Submission System

Each idea must include the following fields:

Title (required)

Summary (required, maximum 140 characters)

Description (required)

Category (required, fixed predefined list)

Tags (optional)

Images (optional, up to 6)

Users must be able to:

Save an idea as a draft

Submit an idea for admin review

All validation must occur server-side in addition to any client-side validation.

4. Idea Status Workflow

Ideas must follow a strict status flow:

draft

submitted

approved

rejected

Rules:

Users can transition:

draft → submitted

Admins can transition:

submitted → approved

submitted → rejected

Users cannot directly set or alter status values.

Invalid transitions must be blocked server-side.

5. User Dashboard (“My Ideas”)

Displays only the authenticated user’s ideas

Shows idea status using clear badges or labels

Allows filtering by:

All

Draft

Submitted

Approved

Rejected

Displays admin feedback notes when present

Includes proper loading and empty states

6. Admin Dashboard

(Admin access only)

Displays all submitted ideas

Provides statistics:

Total ideas

Pending (submitted)

Approved

Rejected

Allows admins to:

Review idea details

Approve or reject ideas

Add an optional admin note

All admin actions must be transactional and validated server-side

7. Public Gallery

Displays only approved ideas

Must never expose drafts, submitted, or rejected ideas

Filtering/search by:

Title

Category

Tags

Approved-only filtering must be enforced at the database query level

8. Image Upload System

Allow up to 6 images per idea

Accepted formats:

JPG / JPEG

PNG

WEBP

Enforce maximum file size per image (e.g., 5–10MB)

Images must be stored in object storage (not as database blobs)

Database should store:

Image metadata

Storage path or URL

Enforce ownership checks before allowing uploads

Sanitize filenames and generate unique paths

All upload limits must be enforced server-side.

9. Database & Data Integrity

Required entities:

Users

Ideas

Idea Images

Enforce:

Foreign key relationships

Indexes on frequently queried fields (user_id, status)

Enum or constrained values for idea status

Automatically manage timestamps (created_at, updated_at)

Prevent client-controlled queries that could bypass security

10. Security & Abuse Prevention

Implement basic rate limiting for:

Signup

Login

Idea submission

Enforce request size limits

Prevent exposure of sensitive server errors to the client

Ensure no secrets are exposed client-side

11. UX & Quality Expectations

Responsive design (mobile, tablet, desktop)

Clear loading, success, and error states

Consistent component structure and styling

Clean, maintainable, well-documented code

12. Testing & Verification

The following must be verifiable before delivery:

Non-admin users cannot access admin routes or actions

Users cannot access other users’ ideas via ID manipulation

Public gallery never shows non-approved ideas

Invalid uploads fail safely

Overlong summaries are rejected server-side

implement a Free + Pro subscription system using Stripe, enforce plan limits server-side, and add a Pro-exclusive 1:1 text chat with admins.
Must use Stripe Checkout (hosted) + Stripe Customer Portal and Stripe webhooks as the source of truth. No client-side plan gating alone; all permissions/limits must be enforced server-side.

Plans & limits

Free: 5 submissions/month, 3 images/idea

Pro (monthly subscription): higher/unlimited submissions (cap ok), 6 images/idea, access to Pro chat
(OR lifetime payment)

Payments

Implement: POST /billing/checkout, POST /billing/portal, POST /stripe/webhook (signature verified)

Webhooks: checkout.session.completed, customer.subscription.updated, customer.subscription.deleted, invoice.payment_failed

Store in DB: plan, stripe_customer_id, stripe_subscription_id, subscription_status, current_period_end

Usage enforcement

Enforce monthly submission limit server-side (recommended usage_monthly table or equivalent)

Enforce image limits server-side at upload time + ownership checks

Images must be stored in object storage (not DB blobs); store metadata + URL/path

Pro chat

MVP: text-only 1:1 thread per Pro user with admins

DB: chats (one per user), chat_messages (sender_role user/admin, message, timestamps)

Endpoints must deny access unless Pro subscription is active/trialing

Free users must not access chat even via direct API calls

Deliverables

Code changes + setup steps

Webhook testing notes

Quick QA checklist proving plan gating works Show More