Guys, I’ve been grinding. Added a ton of auth/security features, full profile management, interactive maps, task collaboration, and proper role-based dashboards.

What’s new:

Backend:

• 2FA: Full TOTP implementation with speakeasy + QR codes, backup codes, enable/disable/regenerate
• Session Management: Multi-device tracking (browser, OS, IP, location), view all sessions, logout specific devices or all devices, activity tracking
• Profile Management: Change email, change password, delete account (sets accountStatus to DELETED)
• Task Collaboration: Comments system, activity log tracking every field change (who changed what when), notifications for assignments/comments
• Notifications Service: Real-time polling, unread counter, mark read/unread, mark all read, supports task/sprint/approval events
• Dashboard Endpoints: Role-specific (admin sees pending approvals + user stats, coordinators see their sprints + status breakdown, volunteers see assigned tasks)
• Account Status: ACTIVE/SUSPENDED/DELETED enum, blocks login for deleted/suspended accounts

Frontend (huge UI improvements):

• Interactive Maps: LocationSelector with MapLibre GL + reverse geocoding (click map → get address), SprintLocationsMap showing all sprints with markers
• Profile Page: Tabbed interface (profile/email/password/sessions/2fa/delete), 2FA setup with QR code + stepper
• Task Collaboration: TaskComments + TaskActivityLog components showing full audit trail
• NotificationCenter: Bell icon, unread badge, 5s polling, toast notifications
• Dashboard Pages: Custom for each role (admin/coordinator/volunteer) with stats + recent activity
• Auth Flow: SignupStepper, TwoFactorVerify, ProtectedRoute wrapper

Database (8 migrations):

Email verification, password reset, task comments/activities, account status, notifications, volunteer-user relation, two-factor auth

Guys, little update time. Backend is basically complete now (for the basic features), went from skeleton NestJS to fully working API.

The flow works end-to-end:
Sign up → Email verification → Login → Dashboard → Create/join sprints → Manage tasks → Request approval → Admin reviews

What I built since last time:

Backend (where most time went):

• Full auth with session tokens + email verification (6-digit codes, 15min expiry, can’t login until verified)
• Mailer service with nodemailer + SMTP + HTML templates (verification, welcome, approval notifications)
• Sprint/Task CRUD with proper role checks (coordinators only edit their own sprints, admins do everything)
• Approval workflow: coordinators request → sprint goes “under-review” → admin approves/rejects → notifications sent
• Search endpoint (queries sprints/tasks by title/description/location)
• Volunteer endpoints for profiles
• Switched PostgreSQL to MySQL, added email verification migration

Frontend:

• /verify-email page with token handling, auto-login, resend button
• /showcase public landing page with stats
• /admin/approvals page for reviewing requests

Still needs work:

• No pagination yet. Admin approval UI is basic. No real-time notifications or image uploads. Haven’t deployed, still local on 3000/3001.

But the core works – sign up, verify, create sprints, assign tasks, request approvals, admins approve. All three roles functional end-to-end.

Guys, things moved fast and the project is growing up even if I have been quite busy lately. TogetherToGo is turning into a real full-stack app: a platform where people create short community “sprints” (cleanups, city guides, pop-up cultural events) and others join as volunteers.

The user flow now is:
User -> Log-in -> Choose role (Admin / Coordinator / Volunteer) -> Create or join sprints -> Manage tasks / Request approvals

What I’ve done since the last update:

• Frontend: finished role-based UI and guards, create/edit controls now appear only for coordinators/admins; volunteers get a read-only experience. Protected pages (dashboard, sprint details, volunteers) redirect unauthenticated users to /login.
• Auth fix: resolved a local-Dev 401 by removing the Secure cookie flag and adding a localStorage fallback + Authorization header support for sessions.
• Backend (started): scaffolded a separate NestJS service at togethertogo-backend.
  • Installed NestJS and Prisma, added PrismaService and PrismaModule.
  • Added Prisma schema (User, Session, Sprint, Task, Volunteer, ApprovalHistory) and .env for a local PostgreSQL connection.

What’s next (short term):

• Implement core services & controllers: login/register (JWT), sprint CRUD, volunteer endpoints, approval request/approve flows
• Add CORS and connect frontend to backend (API on port 3001)
• Seed minimal demo data and test end-to-end flows for all roles

The idea is still evolving, but the foundations are in place. For now I’ve focused on secure auth, role-based UI, and a proper backend skeleton.

Have a look and tell me what you think!

Guys, I’m so excited that I can finally start working on a real-world project such as TogetherToGo. It’s basically a platform that allows user to create small “sprints” to improve the environment, to advertise a unique aspect of their city, to promote a cultural event etc.
The ideal user flow that works for me is:
User -> Log-in -> Choose your role (Organizer, Volounteer) -> Organize events/Apply for events
The idea is still a bit raw, but I’m sure it will improve as soon as I run into the first issues. For now, I’ve worked on a basic client-side UI to add and edit Sprints. Have a look and tell me what you think!