A robust Django REST Framework-based backend system for managing large-scale events and workshops. This platform was successfully deployed on octenium.com via cPanel and handled 1000+ applications, serving both React Native mobile and React web applications.
The Event Management Platform Backend is a comprehensive solution designed to streamline event management operations, including:
- Workshop scheduling and management
- Participant registration and attendance tracking
- Certificate generation and distribution
- Speaker and partner management
- Real-time notifications and confirmations
- Attendance tracking and reporting
- Workshop Management: Create, update, and manage multiple workshops with details like title, description, date, duration, and sessions
- Speaker Management: Manage speaker profiles with bio, images, and partner associations
- Partner Integration: Track and manage event partners
- Registration System: Handle workshop registrations with automatic email confirmations
- Advanced Rate Limiting: Implemented throttling mechanisms to prevent abuse:
- Registration throttling (minute, hour, and day-based limits)
- Login and authentication throttling
- Email confirmation throttling
- JWT Authentication: Secure token-based authentication using djangorestframework-simplejwt
- CORS Support: Configured CORS headers for cross-origin requests
- CSRF Protection: Cross-site request forgery protection enabled
- reCAPTCHA Integration: Google reCAPTCHA for form protection
- OTP Authentication: Two-factor authentication via django-otp
- Attendance Tracking: Track participant attendance during events
- Certificate Generation: Auto-generate certificates for successful participants
- Cloudinary Integration: Cloud-based file storage for images and certificates
- Swagger/OpenAPI: Auto-generated API documentation using drf-spectacular
- RESTful Design: Standard REST API endpoints for all operations
Due to security challenges encountered during the event, the following security measures were implemented:
- Rate Limiting: Multi-level throttling on registration, login, and email confirmation endpoints
- Input Validation: Comprehensive validation for all user inputs
- Email Verification: Confirmation-based email validation for registrations
- Token Management: JWT-based authentication with refresh token rotation
- Cloudinary Security: Secure file upload and storage with validation
This backend API serves:
- React Native Mobile Application: Native mobile app for attandens scanning
- React Web Application: Full-featured web interface for desktop users
core/ # Django project settings and configuration
├── settings.py # Main configuration file
├── urls.py # URL routing
├── wsgi.py # WSGI application entry point
└── asgi.py # ASGI application entry point
app_models/ # Data models and business logic
├── models.py # Workshop, Registration, Certificate, etc.
├── signals.py # Django signals for event handling
└── migrations/ # Database migrations
apis/ # REST API endpoints
├── views.py # API view handlers
├── serializers.py # Data serialization
├── urls.py # API routing
├── throttles.py # Rate limiting configurations
└── utils.py # Utility functions
otp_admin/ # OTP-based admin authentication
├── models.py # OTP models
├── signals.py # OTP signal handlers
└── views.py # OTP views
- Workshop: Event/workshop information with scheduling details
- Registration: User registration for workshops with attendance type (online/on-site)
- Speaker: Speaker profiles associated with workshops
- Partner: Event partners and sponsors
- Certificate: Issued certificates for participants
- Attendance: Attendance records for tracking
- Notification: Email notifications and confirmations
- Django 5.2.6: Web framework
- Django REST Framework 3.16.1: API framework
- Gunicorn 23.0.0: Production WSGI server
- djangorestframework-simplejwt 5.5.1: JWT authentication
- django-otp 1.6.1: One-time password authentication
- django-recaptcha 4.1.0: reCAPTCHA integration
- django-cors-headers 4.8.0: CORS handling
- cryptography 45.0.7: Cryptographic functions
- SQLite3: Development database
- psycopg2-binary 2.9.10: PostgreSQL adapter (production)
- PyMySQL 1.1.2: MySQL support
- Cloudinary 1.44.1 & django-cloudinary-storage 0.3.0: Cloud file storage
- drf-spectacular 0.28.0: OpenAPI/Swagger documentation
- django-filter 25.1: Advanced filtering capabilities
- pandas 2.3.2: Data analysis and manipulation
- openpyxl 3.1.5: Excel file handling
- numpy 2.3.3: Numerical computing
- qrcode 8.8: QR code generation (for certificates)
- Pillow 11.3.0: Image processing
- PyJWT 2.10.1: JSON Web Token handling
- requests 2.32.5: HTTP library
- python-decouple 3.8: Environment configuration
- whitenoise 6.10.0: Static file serving
- pytz 2025.2: Timezone support
- Platform: Octenium.com via cPanel
- Server: Production-ready deployment with Gunicorn + Nginx/Apache
- Handled Applications: 1000+
- Security Events: Mitigated mid-event attack with enhanced security measures
- Active Users: Supports both mobile and web clients simultaneously
- Python 3.8+
- pip
- Virtual environment
-
Clone the repository
git clone <repository-url> cd Event_management_platform_backend -
Create virtual environment
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate -
Install dependencies
pip install -r requirements.txt -
Configure environment variables Create a
.envfile in the root directory:SECRET_KEY=your-secret-key DEBUG=False ALLOWED_HOSTS=your-domain.com DATABASE_URL=your-database-url CLOUDINARY_CLOUD_NAME=your-cloud-name CLOUDINARY_API_KEY=your-api-key CLOUDINARY_API_SECRET=your-api-secret RECAPTCHA_PUBLIC_KEY=your-public-key RECAPTCHA_PRIVATE_KEY=your-private-key -
Run migrations
python manage.py migrate -
Create superuser
python manage.py createsuperuser -
Run development server
python manage.py runserver
GET /api/workshops/- List active workshops for current weekGET /api/workshops/all/- List all workshopsGET /api/workshops/<id>/- Get workshop details
POST /api/registrations/- Register for a workshop (rate-limited)POST /api/registrations/confirm-email/- Confirm registration email
GET /api/speakers/- List all speakersGET /api/speakers/<id>/- Get speaker details
GET /api/partners/- List all partnersGET /api/partners/<id>/- Get partner details
GET /api/certificates/<id>/- Get certificate details
POST /api/token/- Obtain JWT token (rate-limited)POST /api/token/refresh/- Refresh JWT token
GET /api/health/- Health check endpoint
-
Rate Limiting: Prevents brute force attacks
- Registration: Limited to prevent spam applications
- Login: Protected with LoginThrottle
- Email Confirmation: Limited to prevent abuse
-
Input Validation: All inputs validated before processing
- Email format validation
- Phone number length validation
- Data type validation via serializers
-
Token Security: JWT with secure expiration
-
HTTPS Enforcement: Production deployments use HTTPS only
-
CORS Restrictions: Only whitelisted origins allowed
-
Database Security: Sensitive data encrypted where necessary
- Workshop → Speaker (Many-to-Many)
- Workshop → Partner (Foreign Key)
- Workshop → Registration (One-to-Many)
- Registration → Certificate (One-to-One)
- Registration → Attendance (One-to-Many)
Run tests with:
python manage.py test
Full API documentation available at:
http://localhost:8000/api/docs/
Guidelines for contributors:
- Create a feature branch
- Make your changes
- Write/update tests
- Submit a pull request
For issues, questions, or suggestions, please contact the development team or visit the project repository.
Last Updated: December 10, 2025
Version: 1.0.0
Status: Production-Ready