Skip to main content
All Projects

Control Center

web-appFeatured

Control Center is a construction management system built for a real Miami Duplex Remodel project. It provides separate interfaces for administrators and contractors, with Firebase Authentication enforcing granular role-based access through custom claims.

Loading live preview...

0
Dashboards
0 RBAC
Auth Model
0 nn
Automation
0 Docker
Deployment
Source Code

Supported App Ecosystem

User Apps

Contractor Portal

Focused interface for task viewing, bid submission, and deliverables

Admin Tools

Admin Dashboard

Full project oversight with RFP, bid, and contractor management

RFP Module

Request for Proposal creation and bid comparison workflow

Infrastructure

n8n Workflows

Gmail notifications, Calendar sync, and event-driven automation

Faxas Hub auto-categorizes 89 services across 4 groups using Docker labels and a curated service registry.

Architecture

Route groups with Firebase Auth and PostgreSQL

The application uses Next.js App Router with route groups separating admin, contractor, RFP, bid, and auth concerns. Firebase Auth with custom claims provides RBAC at the middleware level, protecting routes before page rendering.

1

Admin Dashboard

Full project oversight with RFP management, bid comparison, contractor invitations, and file management.

React 19shadcn/uiRadix UIFullCalendar
2

Contractor Portal

Focused interface for assigned tasks, bid submissions, deliverable uploads, and timeline tracking.

React 19shadcn/uiReact Hook Form
3

API & Auth Layer

Firebase Auth with custom claims for RBAC, middleware route protection, and API routes for data operations.

Next.js 15 App RouterFirebase AuthMiddleware
4

Data & Storage

PostgreSQL via Prisma ORM for structured data, Firebase Storage for file uploads with signed URLs.

PrismaPostgreSQL/NeonFirebase Storage

Security Boundaries

Credentials Server-Side

Upstream API keys never reach the browser. All credentials are managed in the BFF layer.

SSRF Protection

RFC 1918 blocklist prevents server-side requests to private network ranges.

HMAC Enablement Gates

SHA-256 HMAC gates validate adapter connectivity before exposing data paths.

Integration Intelligence

Firebase, n8n, and PostgreSQL working together

Firebase provides the authentication and storage backbone — custom claims for RBAC, signed URLs for secure file access, and Google/email providers for login flexibility. PostgreSQL via Neon handles relational data.

Firebase Auth

Authentication

Google and email/password authentication with custom claims for role-based access control.

Failure mode:

Auth redirect to login page; protected routes return 401

Normalization:

Firebase token → custom claims with role and module permissions

Firebase Storage

File Storage

Secure file uploads for documents, deliverables, and project assets with signed URL access.

Failure mode:

Upload shows error state; existing files served from cache

Normalization:

Firebase Storage refs → signed URLs with configurable expiration

n8n

Automation

Workflow automation handling Gmail notifications, Google Calendar sync, and event-driven alerts.

Failure mode:

Webhook delivery queued for retry; core app unaffected

Normalization:

Internal events → n8n webhook triggers → external service actions

PostgreSQL

Database

Relational database via Neon serverless PostgreSQL with Prisma ORM for schema management.

Failure mode:

Database errors surface as user-facing error messages; no data loss

Normalization:

Prisma ORM → typed queries with transaction support

Docker

Deployment

Containerized deployment with Caddy reverse proxy for production hosting.

Failure mode:

Container restart via Docker Compose; health checks monitor availability

Normalization:

Dockerfile → multi-stage build with Caddy routing

Operational Readiness

Role-based security and containerized deployment

Security is enforced at multiple layers: Firebase Auth custom claims for RBAC, middleware route protection, module-based access control per contractor per project, and webhook secret validation for internal APIs.

2
Dashboards
Admin and Contractor with separate layouts
RBAC
Auth Model
Firebase custom claims + module permissions
5
Route Groups
admin, contractor, rfp, bid, auth
n8n
Automation
Gmail, Calendar, and notification workflows
Docker
Deployment
Caddy reverse proxy + Vercel
PostgreSQL
Database
Prisma ORM with Neon serverless

Security Hardening

  • SSRF protection with RFC 1918 blocklist
  • HMAC-SHA256 enablement gates
  • Rate-limited authentication endpoints
  • Encrypted session cookies (iron-session)
  • Docker socket proxy isolation

Live Preview

Explore the public-facing interface

Why no live demo?

Live deployment available — iframe shows authentication and public pages; dashboard features require role-based login.

Live iframe preview shows the authentication experience; full admin and contractor capabilities are documented in the L1-L4 narrative sections.

Source Code