Visit the Deployment at https://indiaforex.vercel.app/
Visit the Repo at https://github.com/indiaforex/indiaforex/
A high-performance financial intelligence platform bridging institutional-grade market data with community-driven insights.
The project adopts a Serverless Hybrid Architecture, leveraging Next.js 15 (App Router) for the frontend and Supabase (PostgreSQL) for the backend. It prioritizes "Zero-Click Latency" and real-time data synchronization.
- Frontend: Next.js 15.1, React 19, Tailwind CSS v4, Framer Motion.
- Database: PostgreSQL 15 (Supabase) with
uuid-osspextension. - Auth: Supabase Auth (JWT + RLS) with Google/GitHub/Twitter OAuth providers.
- State Management: Server Actions for mutations,
unstable_cache(ISR) for data fetching, and optimistic UI updates.
The application actively utilizes Supabase Realtime (WebSockets) to broadcast state changes instantly to connected clients.
- Pub/Sub Model: The PostgreSQL database acts as the single source of truth, broadcasting
INSERT,UPDATE, andDELETEevents via thesupabase_realtimepublication. - Active Channels:
notifications: Users receive instant alerts (toast + bell badge) when mentioned or replied to, without refreshing.forum_comments: Thread discussions update live as new comments are posted by other users.forum_categories: Category structure updates propagate instantly (metadata sync).
- Client-Side Subscription: Implemented via
supabase.channel().on('postgres_changes', ...)hooks in React components (NotificationBell.tsx,CommentSection.tsx).
The application employs a dual-pipeline strategy for data delivery:
-
Cold Storage (CMS/Editorial): Using Google Sheets via SheetDB as a headless CMS for the Economic Calendar.
- Dual-Write Workflow:
- Direct: Admins can edit the Google Sheet directly.
- Application: Users with the specialized
event_analystrole can use the Admin Panel > Events form to append rows to the sheet via API.
- Direct: Admins can edit the Google Sheet directly.
- Read Path: Data is cached at the edge using Next.js ISR tags (
revalidate: 60), ensuring site resilience even if the SheetDB API is rate-limited.
- Dual-Write Workflow:
-
Hot Storage (Market Data): Real-time fetching via
yahoo-finance2on the server, protected by a 15-second deduplication cache (unstable_cache) to prevent rate-limiting while serving thousands of concurrent users.
- Global Market Watch: Aggregates real-time indices (NIFTY, SENSEX, NASDAQ) using server-side fetching.
- Algorithmic Scanner: "Live Market Scanner" component runs simple heuristics (Gap Up, Volume Shock) on fetched payloads to surface opportunities instantly.
- Sector Heatmap: Visualizes relative performance of top 10 constituents using color scales effectively.
A from-scratch social platform built directly on Postgres.
- Recursive Threading: Supports infinite nesting for deep discussions.
- Reputation System:
- Logic: Implemented via PostgreSQL Triggers, ensuring atomicity. Every
LikeorCommentfires a database function to update the user'sreputation_points. - Security: Users cannot "game" the system; points are managed entirely by DB constraints, invalidating points if content is deleted.
- Logic: Implemented via PostgreSQL Triggers, ensuring atomicity. Every
- Role-Based Access Control (RBAC):
- Hierarchy:
Guest>User>High Level>Steward>Event Analyst>Admin>Super Admin. - Stewards: Can moderate only specific categories (e.g., "Crypto Steward" cannot moderate "Forex").
- Hierarchy:
Problem: Supabase Auth handles authentication (identity), but our application relies on complex authorization (roles like super_admin) stored in a public profiles table.
Solution:
- We use a Trigger-based Sync (
handle_new_user) to auto-create a profile row upon signup. - Hybrid RLS Policies: Policies don't just check
auth.uid(); they perform efficient sub-queries to theprofilestable to check roles.-- Example Policy: Admins can update any thread create policy "Admins can update any thread" on forum_threads for update using ( exists (select 1 from profiles where id = auth.uid() and role in ('admin', 'super_admin')) );
- Fix Implemented: We had to explicitly
DROPand recreate policies to ensure Admin overrides took precedence over standard "User can edit own post" policies, solving a "Forbidden" error for admins.
Problem: The TradingView "Advanced Chart" widget relies on strictly imperative script injection and often throws iframe contentWindow errors when unmounted rapidly (e.g., during React Fast Refresh or tab switching).
Solution:
- Wrapped the widget in a
memoized component with strictly controlled dependency arrays. - Implemented a ref-based cleanup specifically targeting the script element to ensure clean unmounting.
- Used a specific container
idgeneration strategy to avoid DOM collisions during re-renders.
Problem: Operations team needed to update "Economic Events" faster than a database admin panel could be built/deployed. Solution:
- Implemented
sheetdb.tsadapter. - Optimization: Configured Next.js to cache the SheetDB response for 60 seconds (
revalidate: 60). This prevents hitting Google's strict API quotas while keeping the calendar "fresh enough" for macro news. - Resilience: The adapter includes specific error handling for non-array responses, preventing the dashboard from crashing if the Sheet format is temporarily broken by a human editor.
- Row Level Security (RLS): 100% of database access is protected by RLS. No server-side "service role" bypass is used for standard user actions.
- XSS Protection: Comments are sanitized using
rehype-sanitizebefore rendering to prevent script injection in the rich text editor.
- Migration of
sheetdbto a proper Postgres Table once the schema stabilizes or the operators get technically sound. - Implementation of WebSocket subscriptions for "Live Ticker" pushing (currently polling/cached).