🚀 Feature: Production-Ready Member Creation & Onboarding System

[abhishek-nexgen-dev]

Overview

Implement a complete member creation and onboarding system for CommDesk that supports:

• Dashboard member creation
• External onboarding via API key
• Secure activation workflow
• Bulk member import
• Role & permission management
• Audit logging
• Email-based activation

The goal is to make CommDesk the central identity and onboarding system for communities.

---

🎯 Goals

Create a single, unified member onboarding pipeline that allows communities to:

• Add members manually from the desktop dashboard
• Onboard members from external websites or hackathon portals
• Invite volunteers, mentors, judges, and sponsors
• Activate accounts securely
• Manage member roles and permissions
• Track onboarding analytics

---

🧩 Core Concepts

User vs Member

CommDesk separates authentication and community membership.

User

• Login account
• Email + password
• Can belong to multiple communities

Member

• Represents a user's role inside a specific community

Example:

User
 email: john@example.com

Member
 community: Apex Circle
 role: Mentor

---

🔄 Member Status Lifecycle

On Boarding
      ↓
Active
      ↓
Inactive
      ↓
Suspended
      ↓
Banned

Default status when created:

On Boarding

Meaning the member must activate their account before access.

---

🛠 API Design

Unified Member Creation API

POST /api/v1/members

This API supports two authentication methods:

1️⃣ Dashboard Creation

Used by:

• Community owner
• Organizers
• Admins

Authentication:

Authorization: Bearer JWT

---

2️⃣ External Onboarding

Used by:

• Community websites
• Hackathon registration systems
• Event landing pages

Authentication:

Authorization: Bearer API_KEY

Example:

Authorization: Bearer cd_live_abc123

---

📥 Request Payload

Example:

{
  "firstName": "John",
  "lastName": "Doe",
  "email": "john@example.com",
  "primaryRole": "Mentor",
  "location": "Berlin",
  "skills": ["React", "Node"],
  "areaOfInterest": ["MENTORSHIP"],
  "internalNotes": "Speaker for React workshops",
  "accessLevel": {
    "internalDashboard": true,
    "comunityForum": true,
    "adminControls": false,
    "superAdmin": false
  }
}

---

⚙ Backend Workflow

validate request
identify community
check duplicate email
create user account if needed
create member record
set membershipStatus = On Boarding
generate activation token
send onboarding email
log audit event

---

🔐 Account Activation

Members must activate their account before becoming active.

Activation email example:

https://commdesk.app/activate?token=xxxxx

---

Activation API

POST /api/v1/auth/activate-member

Request:

{
  "token": "activation_token",
  "password": "NewSecurePassword"
}

Flow:

verify token
hash password
activate account
membershipStatus → Active

---

📦 Bulk Import

Support CSV onboarding for large communities.

Endpoint:

POST /api/v1/members/import

Example CSV:

firstName,lastName,email,role
John,Doe,john@email.com,Volunteer
Alice,Lee,alice@email.com,Mentor

---

🔑 API Key System

Communities can generate API keys for integrations.

Example key:

cd_live_93hf93hf

Schema:

ApiKey
{
  keyHash
  communityId
  permissions
  createdBy
  active
}

Example permissions:

member:create
member:read
event:create
hackathon:register

---

🧾 Member Schema

Member
{
  _id
  communityId
  userId

  firstName
  lastName
  email

  primaryRole
  location

  skills
  areaOfInterest

  internalNotes

  membershipStatus

  accessLevel

  profilePhotoUrl

  onboardingSource

  createdBy
  createdAt
}

---

👤 User Schema

User
{
  _id
  email
  passwordHash
  emailVerified
  createdAt
}

---

📊 Analytics

Track onboarding metrics.

Example metrics:

• Members added
• Members activated
• API onboarding
• Bulk imports

Endpoint:

GET /analytics/members

---

🔒 Security Requirements

Implement:

• Rate limiting (100 onboarding requests/hour per API key)
• Input validation using Zod
• Duplicate email prevention
• API key permission checks
• Audit logging

---

📜 Audit Logging

Track actions:

member_created
member_invited
member_activated
member_role_changed
member_removed

Schema:

AuditLog
{
 actorId
 action
 communityId
 metadata
 createdAt
}

---

🖥 Desktop Integration (Tauri)

Member system will power the following screens:

• Add Member page
• Member List
• Invitation Tracking
• Role Management

---

📧 Email Templates

Required templates:

member_invitation
account_activation
password_reset
member_role_update

Recommended providers:

• Resend
• SendGrid
• Amazon SES

---

✅ Acceptance Criteria

• Unified POST /api/v1/members endpoint implemented
• Dashboard onboarding supported
• API key onboarding supported
• Activation email flow working
• Member activation endpoint implemented
• Bulk import implemented
• Role and permission system enforced
• Audit logging implemented
• Onboarding analytics endpoint created

[Sritamsarkar-2028]

@abhishek-nexgen-dev
as a contributor in NSoc 26 I want to contribute in this issue assign it to me

[abhishek-nexgen-dev]

@abhishek-nexgen-dev
as a contributor in NSoc 26 I want to contribute in this issue assign it to me

Okay go ahead

[Sritamsarkar-2028]

@abhishek-nexgen-dev
Thank you sir
for giving me the chance.
start working

[abhishek-nexgen-dev]

@Sritamsarkar-2028 lots of things already created just update it make everything functional validate data , make it responsive

[Sritamsarkar-2028]

@abhishek-nexgen-dev ok sir

[avanithumballi]

Hi @abhishek-nexgen-dev, i am participating in NSoC 2026. I see the previous contributor was unassigned. I'd like to take over this issue and complete it.

My understanding of remaining work:

• Review existing code (API endpoints, schemas, email templates)

• Add missing validation (Zod) for request payloads

• Ensure activation flow works end‑to‑end (token generation, email sending, status update)

• Implement bulk import (CSV) if not done

• Add audit logging for member actions

• Create onboarding analytics endpoint

• Ensure dashboard UI is responsive (Tauri frontend)

  My approach:

1. Fork and clone the repo, set up locally.
2. Run existing code, identify what's incomplete/broken.
3. Work incrementally: core member creation API → activation flow → bulk import → audit logs → analytics → UI responsiveness.
4. Write tests for critical paths.
5. Open a draft PR early for feedback.

Please assign me. I'll start immediately.

[abhishek-nexgen-dev]

Hi @abhishek-nexgen-dev, i am participating in NSoC 2026. I see the previous contributor was unassigned. I'd like to take over this issue and complete it.

My understanding of remaining work:

• Review existing code (API endpoints, schemas, email templates)

• Add missing validation (Zod) for request payloads

• Ensure activation flow works end‑to‑end (token generation, email sending, status update)

• Implement bulk import (CSV) if not done

• Add audit logging for member actions

• Create onboarding analytics endpoint

• Ensure dashboard UI is responsive (Tauri frontend)

  My approach:

1. Fork and clone the repo, set up locally.
2. Run existing code, identify what's incomplete/broken.
3. Work incrementally: core member creation API → activation flow → bulk import → audit logs → analytics → UI responsiveness.
4. Write tests for critical paths.
5. Open a draft PR early for feedback.

Please assign me. I'll start immediately.

Okay go ahead make sure complete this on time

[avanithumballi]

@abhishek-nexgen-dev - Thanks for assigning me. I'm setting up locally. Could you please point me to the existing files? Also, what's the database (MongoDB/PostgreSQL) and do you have a test API key I can use? I'll plan my work around the deadline – could you share the exact date?

[abhishek-nexgen-dev]

@avanithumballi i already created the backend please check the code once set .env locally and run the backend,

Based on the backend api integration backed with front-end

https://github.com/NexGenStudioDev/CommDesk-Backend