This document defines the complete Community Signup System for CommDesk.
The goal is to allow real communities and organizations to register on the platform, create their workspace, and start managing their members, events, and operations.
Only community owners / organizers can register a new community.
Individual users cannot create accounts without a community.
The community signup system must:
- allow legitimate communities to join CommDesk
- create the first Community Owner account
- create the community workspace
- verify identity using email and optional website
- prevent spam and fake registrations
- send the community for admin approval
- activate the workspace after approval
CommDesk uses a community-first architecture.
Instead of users registering first, the system works like this:
Community registers
↓
Community Owner account created
↓
Community verification
↓
Admin approval
↓
Community workspace activated
This ensures the platform is used only by real communities.
Complete signup process:
Organizer opens CommDesk
↓
Clicks "Register Community"
↓
Fills community information
↓
Creates owner account
↓
Submits signup request
↓
Email verification
↓
Community status = Pending
↓
Super Admin reviews
↓
Community approved
↓
Community workspace activated
Endpoint:
POST /api/v1/auth/signup-community
Purpose:
- create community
- create community owner account
- send verification email
- start admin approval process
Required fields:
- communityName
- communityBio
- communityLogo (optional)
- communityWebsite (recommended)
- country
- city
Example:
Community Name: Apex Circle
Bio: Developer community focused on open source and hackathons
Website: https://apexcircle.dev
Country: India
City: Ranchi
Required:
- officialEmail
- contactPhone
Example:
officialEmail: team@apexcircle.dev
contactPhone: +91XXXXXXXXXX
This email becomes the primary administrative contact.
These help verify real communities.
Possible fields:
- github
- discord
- youtube
Example:
github: https://github.com/apexcircle
discord: https://discord.gg/apexcircle
twitter: https://twitter.com/apexcircle
The organizer creating the community must create an account.
Fields:
- fullName
- password
Example:
Name: Abhishek Gupta
Email: abhishek@example.com
Password: securePassword
The first account automatically becomes:
Community Owner
When the signup API is called, the backend performs these steps:
validate request data
↓
check if community name already exists
↓
check if organizer email already exists
↓
create community record
↓
create organizer user account
↓
assign Community Owner role
↓
generate email verification token
↓
send verification email
↓
set community status = pending
↓
create audit log entry
Communities move through these states.
pending
↓
under_review
↓
approved
↓
active
Possible states:
- pending
- under_review
- approved
- rejected
- suspended
Only approved communities can access the platform.
After signup, the organizer must verify their email.
Verification link example:
https://commdesk.app/verify-email?token=abc123
Verification endpoint:
POST /api/v1/auth/verify-email
Request:
token
Once verified:
emailVerified = true
Example MongoDB structure:
Community
{
_id
name
slug
bio
logo
website
officialEmail
contactPhone
country
city
socialLinks
status
createdBy
createdAt
}
User
{
_id
fullName
email
passwordHash
emailVerified
role
communityId
createdAt
}
Role for first user:
CommunityOwner
Each community should have a unique slug.
Example:
apex-circle
gdg-ranchi
open-source-club
Used for:
commdesk.app/community/apex-circle
The signup system must include several protections.
Passwords must be hashed using:
bcrypt
All fields must be validated using:
Zod
Example checks:
- valid email
- minimum password length
- valid URL for website
Prevent signup spam.
Example rule:
5 signup attempts per IP per hour
Prevent duplicate communities.
Checks:
- community name
- official email
- domain
After signup, communities appear in the Admin Review Panel.
Admins can:
- approve community
- reject community
- request additional verification
- suspend community
Admin endpoint:
PATCH /api/v1/admin/communities/:id/status
Every signup action must be logged.
Examples:
community_signup
organizer_account_created
email_verified
community_approved
community_rejected
Audit log schema:
AuditLog
{
actorId
action
metadata
createdAt
}
Required templates:
- community_signup_confirmation
- email_verification
- community_approved
- community_rejected
Example email:
Subject: Welcome to CommDesk
Hello Abhishek,
Your community Apex Circle has been registered.
Please verify your email to continue.
Verification link:
https://commdesk.app/verify-email?token=abc123
After approval, the organizer can log in using the CommDesk desktop application.
Once logged in, the workspace will include:
- community dashboard
- member management
- role management
- event creation
- hackathon management
- API integrations
- analytics
Complete lifecycle:
Organizer registers community
↓
Email verification
↓
Community status = pending
↓
Admin reviews community
↓
Community approved
↓
Organizer logs into desktop app
↓
Community workspace created