Tech Stack - What Sikkimese Want

💡 Simple Explanation (For Everyone)

Think of this webapp like a digital suggestion box that works 24/7:

🌐 Frontend (What You See)

Like the form you fill out at a government office - built with HTML, CSS, and JavaScript

⚙️ Backend (The Processing Office)

Like government clerks who receive and process your applications - powered by Node.js

🗄️ Database (The Filing Cabinet)

Where all requests are stored safely - PostgreSQL on Render.com

📧 Email Service (The Postal System)

Sends confirmation letters to your email - powered by SendGrid

📱 Telegram Bot (The Town Crier)

Announces new requests in district community groups instantly

🏢 Hosting (The Building)

The place where all this happens, running 24/7 - on Railway.app

🔧 Technical Stack Overview

Frontend (Client-Side)

HTML5, CSS3, Vanilla JavaScript - No frameworks, pure web technologies
Responsive Design - Mobile-first approach
Client-side Validation - HTML5 patterns + custom JS
Key Files: index.html, admin.html, styles.css, script.js, admin-script.js

Backend (Server-Side)

Runtime: Node.js v18+
Framework: Express.js v4.18.2
Architecture: RESTful API
Security: Rate limiting, input validation, parameterized queries, session tokens
Key Dependencies: express, pg, express-validator, express-rate-limit, @sendgrid/mail, node-telegram-bot-api

Database

System: PostgreSQL 15+
Hosting: Render.com (managed)
Features: Daily backups, SSL/TLS encryption, parameterized queries
Tables: requests, feedback, admins

Email Service

Provider: SendGrid (Web API)
Free Tier: 100 emails/day
Features: HTML templates, delivery tracking, verified sender
Sender: whatsikkimesewant@tutamail.com

Telegram Integration

API: Telegram Bot API (official)
Library: node-telegram-bot-api v0.67.0
Setup: 6 district groups, bot posts new requests automatically
Privacy: Phone numbers masked, first names only

Hosting & Deployment

Web Server: Railway.app (PaaS)
Database: Render.com
CI/CD: Auto-deploy from GitHub
SSL/HTTPS: Automatic via Railway
Domain: whatsikkimesewant.com

📡 API Endpoints

Method	Endpoint	Purpose	Auth
POST	/api/requests	Submit new amenity request	No
GET	/api/requests	List all requests (with filters)	Admin
GET	/api/requests/:id	Get single request details	Admin
PUT	/api/requests/:id	Update request status	Admin
DELETE	/api/requests/:id	Delete request	Admin
GET	/api/track/:referenceId	Track request by reference ID	No
POST	/api/feedback	Submit feedback	No
GET	/api/feedback	List all feedback	Admin
POST	/api/admin/login	Admin authentication	No
POST	/api/admin/logout	Admin logout	Admin
GET	/api/stats	Dashboard statistics	Admin

🔄 How It All Works Together

When a User Submits a Request:

User fills form on website ↓ JavaScript validates input ↓ fetch() sends POST request to /api/requests ↓ Railway.app receives HTTPS request ↓ Express.js checks rate limit (20 per 15 min) ↓ Express-Validator validates all fields ↓ Generate unique reference ID (SKM123456789) ↓ Save to PostgreSQL database on Render.com ↓ Send JSON response to user (1-2 seconds) ↓ User sees success message with reference ID ↓ Background (async): ↓ SendGrid API sends confirmation email (30-60 sec) ↓ Telegram Bot posts to district group (instant)

When Admin Updates Status:

Admin logs in with username/password ↓ Backend generates secure session token ↓ Token stored in sessionStorage ↓ Admin views requests, clicks "View" button ↓ Modal shows full details ↓ Admin changes status (Pending → In Progress) ↓ Adds admin notes ↓ Clicks "Save Changes" ↓ PUT /api/requests/:id with auth token ↓ Backend validates token ↓ Updates database with new status ↓ Detects status change ↓ Sends status update email to user ↓ User receives email notification

🔐 Security Architecture

Current Security Measures:

Layer	Protection	Implementation
Network	HTTPS/SSL	Automatic (Railway)
Network	CORS	Configured in Express
API	Rate Limiting	20 req/15min (submissions), 100 req/min (general)
API	Input Validation	Express-validator on all endpoints
Database	SQL Injection Prevention	Parameterized queries (pg library)
Database	Encrypted Connection	SSL/TLS (Render.com)
Admin Auth	Session Tokens	Crypto.randomBytes (64-char hex)
Data Privacy	Phone Masking	Partial in public views (98XX XXX XXX)

💰 Cost Breakdown

Monthly Operating Costs: ~$5-10

Service	Plan	Cost	Usage
Railway.app	Hobby	$5 + usage	Web hosting
Render.com PostgreSQL	Free	$0	Database (up to 1GB)
SendGrid	Free	$0	Email (up to 100/day)
Telegram Bot API	Free	$0	Unlimited messages
Domain (whatsikkimesewant.com)	—	~$12/year	DNS registration

Total: Very affordable for a community project! The system can handle thousands of requests with current infrastructure.

📈 Scalability & Performance

Current Capacity:

~100 concurrent users
20 request submissions per 15 minutes per IP
100 emails per day (SendGrid free tier)
Unlimited Telegram messages
Database: 1GB storage (thousands of requests)

If Traffic Grows:

Railway auto-scales (pay for usage)
SendGrid: Upgrade to $15/month for 40,000 emails
Render: Upgrade database for more storage
Can add caching (Redis) if needed
Can add CDN for static files

🚀 Future Enhancements

Phase 1 (Current) ✅

Request submission & tracking
Admin dashboard
Email notifications
Telegram integration
District filtering
Reference ID tracking

Phase 2 (Planned) 🔜

Email verification (OTP)
Phone verification (SMS)
CAPTCHA integration
Admin password hashing
Request analytics dashboard
Public request maps (geolocation)

Phase 3 (Future) 💡

Mobile app (React Native)
Aadhaar verification
AI-powered duplicate detection
Request priority algorithm
Citizen voting on requests

🎯 Summary for Different Audiences

For Government Officials:

This is a modern, secure, cloud-based platform that allows citizens to submit amenity requests 24/7. All data is safely stored, backed up daily, and accessible through an admin dashboard. The system automatically notifies users via email and posts requests to community groups on Telegram for transparency.

For Technical Developers:

Standard MERN-like stack without React - Node.js/Express backend with PostgreSQL, vanilla JS frontend. RESTful API, parameterized queries for security, rate limiting for spam prevention, SendGrid for transactional emails, Telegram Bot API for community notifications. Deployed on Railway (web) and Render (database) with automatic CI/CD from GitHub.

For Citizens:

This is a website where you can submit requests for things your area needs (parks, street lights, toilets, etc.). You get a reference number to track your request, receive email updates when status changes, and your district's Telegram group is notified so the community can discuss and support your request.

For Investors/Stakeholders:

Low-cost (~$5-10/month), scalable, modern web application with automated workflows. Built with proven technologies, industry-standard security practices, and designed for transparency and citizen engagement. Can handle thousands of requests with current infrastructure, easily scalable to millions with minimal cost increase.

🚀 Tech Stack & Architecture