Back to Projects
legaltech.future-law.at
Networking Event Platform
Case Study

Networking Event Platform

ReactConvexTypeScriptPasswordless AuthSPA

A private networking platform for professional events: passwordless email login, server-side access control, attendee profiles, QR-based contact exchange, and a low-maintenance React and Convex setup. Used at two Future-Law events with about 300 total app registrations.

Demo video coming soon
A short walkthrough of the attendee and admin flows.

What It Is

A networking platform for professional events. An attendee opens a join link, signs in by email, becomes a member of that event, views the agenda and event pages, downloads their attendance certificate, and exchanges contacts with other attendees. Admins use a separate area to create events, manage content, upload assets, and share invite links.

It started as a small event tool for Future-Law and grew into a reusable product with login, access control, an admin area, and a multilingual UI, while staying cheap to run between events.

So far, it has been used at the Legal Tech Konferenz 2025 and the Tax Tech Konferenz 2026, with roughly 160 registrations in the app for each event.

What I Built

  • Onboarding: Email login, join links, automatic event membership, and a profile step
  • Event pages: Member-only event pages, embedded content, mobile navigation, and certificate downloads
  • Networking: QR-based contact exchange between attendees of the same event
  • Admin area: Create events, manage pages, upload assets, see members, and handle invite links

Key Decisions

  • Data model first: Built around events, members, pages and connections
  • Passwordless auth: Email one-time codes instead of passwords. SMTP provider sends the codes, and a Captcha check has to pass before a code can be requested
  • Authorization on the backend: Four checks (authenticated user, admin, event owner, event member) live in the backend. Client-side roles only shape the UI; they never grant access
  • Convex as the backend: Access rules sit in typed queries and mutations, share the same authorization helpers, and can be tested directly

Security

The backend tests cover the cases that matter for a live event:

  • Profile updates can’t write role fields or escalate into admin operations
  • Members can’t read other events, and admins can’t manage ones they don’t own
  • Networking connections only form between members of the same event
  • Join tokens are high-entropy and stored as hashes; responses never leak internal fields like token hashes or storage IDs
  • Admin URLs and profile links reject non-HTTP schemes before they’re stored

Architecture

The static frontend runs on Cloudflare Pages, with all state and auth functions in Convex. That split suits event traffic, which is mostly idle with occasional spikes, and keeps the production setup small enough to need little maintenance between event dates.

Architecture diagram. A React and Vite client on Cloudflare Pages talks to a Convex backend over typed queries and mutations. The Convex backend holds auth functions, authorization, and the data model, and connects out to Brevo for one-time login codes and Turnstile for login request checks.
How the platform fits together: a static React client, a Convex backend that owns the data and every access check, and Brevo and Turnstile handling login.
Next project LegalTech & TaxTech Conferences