Education
Onupom Shopno
Scholarship access and donor matching with anonymized fundraising and admin threat detection.
Overview
Education platform enabling Bangladeshi students to access scholarships and donor matching through an anonymized fundraising system. Features a dual-key identity system (public anonymous_id + internal student_id) for privacy, CSRF protection across SPA domain boundaries, and SSOT enforcement across 141 PHP files using dedicated resolver classes.
Hard Problems
Challenge
Student identity privacy while enabling donor-student matching.
Solution
Dual-key system with anonymous_id for public-facing, curated fields only exposed to donors.
Challenge
CSRF token validation failing across SPA and API on different ports.
Solution
Vite proxy routing /api/* through localhost:5173 to achieve same-origin cookie handling.
Key Decisions
| Decision | Chose | Over | Because |
|---|---|---|---|
| Auth system | Laravel Sanctum | JWT/Passport | Native SPA cookie workflow, simpler than refresh token rotation, built-in CSRF protection. |