← Back to projects
MRM360: Centralized Automation Backend for a Large Student Organization featured image

MRM360: Centralized Automation Backend for a Large Student Organization

Engineered the core backend for the CCSO's management suite, featuring OIDC auth, role-based permissions, and an asynchronous task queue to automate organizational operations.

Contributors: Aiden Johnson

Overview

MRM360 is the centralized backend system architected to automate and unify operations for the Penn State Competitive Cyber Security Organization (CCSO), a large and active student group. The project was born from the need to replace a fragmented collection of disparate tools with a single, cohesive platform. This system serves as the authoritative source of truth, managing everything from member and team data to event attendance. It deeply integrates with third-party services to automate the provisioning of resources for both competition teams and our custom cyber range platform, Wiretap.

The backend is built on a modern, scalable stack using Next.js and TypeScript, designed with a "security-first" principle. It provides a comprehensive REST API that handles all core organizational functions. By leveraging a robust authentication system with OpenID Connect (OIDC) and a fine-grained, role-based permission model, MRM360 ensures that data is both accessible and secure. Its asynchronous task processing architecture allows it to handle long-running operations like email notifications, group synchronization, and complex, multi-service provisioning jobs without compromising API responsiveness.

Key Features

  • Unified Identity & Access Management: Integrates with Authentik via OIDC for secure single sign-on (SSO). A CASL-based authorization layer provides granular, role-based permissions (Admin, Exec-Board, Member), ensuring users can only access and modify data appropriate to their role.

  • Automated Team Environment Provisioning: Eliminates significant manual overhead by automatically provisioning a complete digital ecosystem for teams. When a member is added to a team, MRM360 orchestrates actions across multiple platforms to create dedicated resources, including private Discord channels, Nextcloud group folders, calendars, and task boards, and team-specific documentation pages in Wiki.js.

  • Asynchronous Job Processing: Utilizes BullMQ and Redis to manage a powerful background task queue. This offloads time-consuming operations like sending bulk emails via ListMonk, provisioning team resources across multiple services, and syncing user groups, ensuring the API remains fast and responsive.

  • Comprehensive API for Organization Management: Exposes a full suite of RESTful endpoints for CRUD operations on all core entities, including users, teams, events, and groups. The entire API is automatically documented and interactive via a built-in Swagger UI.

Technologies & Implementation

I architected the backend with a focus on type safety, scalability, and maintainability. The core principle was a strict separation of concerns, where API routes are thin controllers and all business logic resides in dedicated manager classes.

  • Framework: Next.js 13+ with TypeScript was chosen for its robust API routing capabilities and the end-to-end type safety it provides.

  • Database & ORM: PostgreSQL provides a reliable, relational data store, while Prisma ORM accelerates development with auto-generated types and a fluent query API, ensuring database interactions are safe and efficient.

  • Authentication & Authorization: Authentik OIDC integration handles authentication, providing a secure SSO experience. CASL was selected for its declarative, ability-based authorization, allowing for complex permission rules that are easy to define and maintain.

  • Background Tasks: BullMQ and Redis were implemented to create a resilient background job processing system, essential for handling asynchronous tasks like third-party API integrations and notifications without blocking user requests.

  • Validation & Documentation: Zod is used for schema validation on all API inputs, preventing invalid data from entering the system. API endpoints are documented using OpenAPI 3, with a Swagger UI automatically generated for developers and consumers.

graph TD
    A["Client Request"] --> B["Next.js API Route"];
    B --> C["Auth & Validation Middleware (Zod)"];
    C --> D{"Business Logic Layer (Manager Classes)"};
    D --> E["Prisma ORM"];
    E --> F["PostgreSQL Database"];
    D --> G["BullMQ Queue"];
    G --> H["Redis"];
    I["Background Worker"] --> H;
    I --> D;

Challenges & Solutions

The primary challenge was designing a system that could handle a wide variety of unrelated, long-running tasks—from sending Discord notifications to provisioning cloud infrastructure—without degrading the performance of the core user-facing API. A naive, synchronous approach would lead to slow response times and timeouts.

To solve this, I architected an asynchronous task processing system using BullMQ. When a user action triggers a long-running process (e.g., "provision team resources"), the API endpoint immediately enqueues a job with the necessary data and returns a success response to the user. A separate, dedicated worker process picks up jobs from the Redis queue and executes them independently. This decoupling ensures the API remains highly responsive and creates a resilient system where tasks can be retried automatically upon failure, providing a robust foundation for all organizational automation.

Results & Impact

The MRM360 backend successfully centralized the CCSO's core operations, transforming administrative efficiency and member experience.

  • Reduced Administrative Overhead: Automated processes have saved the executive board an estimated 5-10 hours of manual work per week. The system completely eliminates the tedious process of manually creating team-specific Discord channels, Nextcloud folders, calendars, and Wiki.js pages, and managing their memberships.

  • Single Source of Truth: By consolidating member, team, and event data, the platform has eliminated data inconsistencies and provides reliable analytics for organizational leadership.

  • Proven Scalability & Integration: The asynchronous architecture provides a robust foundation for automation. The platform has successfully integrated with numerous third-party services, including Discord for community management, ListMonk for newsletters, Nextcloud for file sharing, and Wiki.js for knowledge management.

  • Improved Developer Experience: The auto-generated Swagger documentation and strict type-safety have made it simple for other members to contribute to the platform and build new features.

{TODO: Add screenshot of the Swagger API documentation UI}

  • View on GitHub