Ukrainian version available: README українською

TechTutor

Modern LMS platform for creating, selling, and consuming online courses.

---

Overview

TechTutor is a full-stack learning platform built with a scalable architecture.
It supports course management, payments, quizzes, and progress tracking.

---

Tech Stack

Layer	Technology
Backend	Laravel (PHP)
Frontend	React (SPA + SSR)
Database	PostgreSQL
Search	MeiliSearch
API	REST

Additional packages

Frontend

• Vite
• Tailwind CSS
• shadcn/ui
• Radix UI
• class-variance-authority
• clsx
• tailwind-merge
• tw-animate-css
• lucide-react
• @fontsource-variable/geist
• axios
• @dnd-kit/core
• @dnd-kit/sortable
• @dnd-kit/utilities
• ESLint
• eslint-plugin-react-hooks
• eslint-plugin-react-refresh
• @types/react
• @types/react-dom
• globals

Porject tooling

• laravel-vite-plugin
• concurrently
• dompdf

---

Features

Students

• Sign up / login with email
• Email verification and password reset
• OAuth login
• Purchase courses
• Watch lessons (video, text, files)
• Pass quizzes & get results
• Track learning progress
• Leave reviews & comments

---

Instructors/Teachers

• Create & manage courses
• Upload lessons & materials
• Build quizzes
• Track student progress
• View course analytics

---

Admin

• Manage users & roles
• Moderate content
• Monitor platform activity
• Manage payments

---

Authentication & Security

• Sanctum token authentication
• Email/password login
• Email verification and password reset
• OAuth login
• 2FA (optional)
• Rate limiting on auth endpoints
• CAPTCHA on registration/login
• Input validation and sanitization audit
• Protection against XSS / SQL Injection
• Profile picture upload, profile update (nickname, bio, email notification pref), and account-delete endpoint implemented on the backend

---

Core Capabilities

• Course search & filtering
• Responsive UI
• Notifications (Email / Push)
• Payment integration (LiqPay / Stripe)
• Analytics integration

---

Data Model

User
Course
Module
Lesson
LessonRevision
Quiz
QuizRevision
QuizQuestion
QuizAttempt
Enrollment
Progress
Review
Comment
Payment
CourseCertificate
PublishRequest
EmailVerificationCode
PasswordResetToken
PersonalAccessToken
UserInvite
Tag
course_tag (pivot)
ContactMessage
Job

---

API

RESTful API for all core features.

---

Architecture Notes

• Role-based access control (RBAC)
• SSR for performance & SEO
• Modular structure (Courses → Modules → Lessons)
• Scalable service integrations

---

Local Security Scan (ZAP)

This project includes zap.yaml for local OWASP ZAP baseline automation.

Run from the project root:

docker run -t -v ${PWD}:/zap/wrk:rw ghcr.io/zaproxy/zaproxy:stable zap.sh -cmd -autorun /zap/wrk/zap.yaml

Notes:

• The scan target is currently set to http://host.docker.internal:8000 in zap.yaml.
• This setup is intended for local testing and development hardening.

---

Roadmap

Infrastructure & Auth

• Project setup (Laravel + React + PostgreSQL + Docker)
• Sanctum token authentication
• Email/password login
• Registration flow
• Current-user profile endpoint
• Logout / token revocation
• Email verification
• 6-digit email verification code flow
• Password reset flow
• OAuth login with Google
• 2FA (optional)
• Rate limiting on auth endpoints
• CAPTCHA on registration/login
• Input validation and sanitization audit
• Production security hardening
• Role-based access control (student, instructor, admin)
• Ban enforcement for protected API routes

Core Course Structure

• Course CRUD (instructor)
• Module CRUD (instructor)
• Lesson CRUD (instructor)
• Lesson content fields for text/video/file metadata
• Production-ready lesson file upload/storage pipeline
• Course publish / draft logic
• Course thumbnail & metadata
• Modular structure (Course → Modules → Lessons)

Student Experience

• Course catalog with database-backed search & filtering
• MeiliSearch-powered catalog indexing/search
• Course detail / preview page
• Enrollment flow
• Lesson viewer (video player, text renderer, file downloads)
• Progress tracking (per lesson, per module, per course)
• Course completion certificates

Quizzes

• Quiz CRUD (instructor)
• Question types (single choice, multiple choice)
• Quiz attempts & backend-calculated scoring
• Pass threshold logic
• Attempt history for students
• Quiz analytics for instructors

Payments

• Internal payment records
• Course pricing for free/paid courses
• Instructor/admin revenue reporting from internal paid records
• Admin payment monitoring dashboard
• Verified purchase state and paid-course access gating
• Purchase flow
• Receipts
• Stripe checkout session creation
• Stripe webhook verification and paid access activation
• LiqPay checkout integration (optional)
• LiqPay webhook verification (optional)
• Refund handling
• Instructor payouts
• Subscription pricing

Reviews & Community

• Course reviews & star ratings
• Lesson comments
• Comment moderation (admin)
• Review moderation (admin)

Notifications

• Email notifications (enrollment, quiz results, certificates, publish requests)
• Auth email notifications (verification, password reset)
• New content email notifications
• Toast notifications (event triggered)
• In-app notifications (optional)
• Push notifications (optional)

Instructor Dashboard

• Course management overview
• Student progress per course
• Revenue & enrollment analytics
• Content upload & management

Admin Panel

• User management (view, ban, role change)
• Content moderation queue
• Platform activity monitor
• Payment & revenue overview

Analytics

• Student engagement metrics
• Course completion rates in instructor dashboard
• Revenue reports
• Search analytics (popular queries, zero results)

SSR & Performance

• SSR setup for public pages (catalog, course detail)
• SEO meta tags & Open Graph
• Image optimization & CDN
• Lazy loading & pagination

Polish & Extras

• Responsive UI across all pages
• Dark / light mode
• Multi-language support
• Accessibility (WCAG compliance)
• API documentation
• Tests (unit + feature)
• Seed / mock data
• CI/CD pipeline

Additional

Design Template