Yasser.
Hire me ↗
← Selected work
Solo full-stack2026

BEIMUN '26

A full-stack platform for the Beirut Model United Nations: an automated, end-to-end delegate pipeline from registration through admin approval to a personal portal, built for the conference's fourth edition.

BEIMUN '26

The problem

Most Lebanese school MUNs run on a Google Form and a WhatsApp group. BEIMUN needed the opposite: a platform that felt legitimate and serious, matching the ambition of a two-day conference for 200+ students across 7 committees at the Beirut Digital District. Opening the site should make a student feel this is something worth applying to.

That meant a real registration pipeline, a real delegate portal, and real committee pages with background guides, not a form and a spreadsheet. The design language is editorial and formal, drawn from diplomatic institutions and print media rather than typical event websites.

Registration: editorial, formal, deliberately unlike a Google Form
Registration: editorial, formal, deliberately unlike a Google Form

The approach

I built a single end-to-end delegate pipeline with no manual hand-offs. A student fills out the registration form; the data lands in Supabase; an admin reviews and approves from a dashboard; and a single Edge Function call atomically sets the delegate to accepted-and-paid, creates their auth account, links it to their delegate row, and sends an invite email via Resend. The delegate sets a password and, from then on, logs into a portal showing their assignment, materials, and schedule.

  • One-click approval that runs the whole accept → account → link → email chain atomically.
  • Delegate portal protected by Supabase RLS, so a delegate can only ever see their own row.
  • Seven committee pages, each a self-contained research document: topic overviews, chair bios, country matrices, agenda breakdowns, difficulty tiers.
  • Live Google Sheets sync that mirrors every registration to a 22-column sheet via a DB webhook and Edge Function, HMAC-secured, giving the organizing team a live read-only view of the database.
  • Bot-protected registration with Cloudflare Turnstile, verified server-side before any insert.
Admin dashboard: review, filter, approve in one click
Admin dashboard: review, filter, approve in one click

Two problems took real iteration. The Supabase JS client blocks on getSession(), which hangs on a public form where no one is logged in, so I bypassed the client for anonymous operations and called PostgREST and the Edge Functions with raw fetch(), eliminating the hang. And the delegate auth flow is non-obvious: delegates don't self-register, they're invited after approval, which meant implementing Supabase's PKCE invite flow: detecting the invite code, forcing a password-set step, then linking the new auth.uid() back to the existing delegate row by email.

A security pass also caught a public storage bucket exposing a delegate CSV. I locked it down, tightened RLS so delegates can only update their own additional_comments and nothing else, and secured the sync function with HMAC verification.

The outcome

The entire manual conference workflow (applications by email, approvals by spreadsheet, communications by WhatsApp) is now one automated system. A student clicks Apply, fills a form, gets reviewed, receives a professional email, sets a password, and logs into a portal with their assignment, and that whole chain runs without a human touching a keyboard. Built and live ahead of the July 25–26 2026 conference, on infrastructure that costs essentially nothing to operate.

Next case study

The Spiral Corner