Skip to main content

<DM />

Back to work

Web

SaaS

Lands Authority Platform

Full Stack Engineer — frontend, API routes, auth, Prisma models, and Aspire-local delivery

Enterprise employee time tracking and admin platform for a government / corporate client: Azure AD B2C SSO, punch in/out APIs, RBAC, SQL Server via Prisma, Web Worker timers, and .NET Aspire orchestration.

Lands Authority Platform preview

Overview

Lands Authority is a secure time-tracking and employee management system. Admins manage employees, departments, flags, and reports. Employees punch in/out from a self-service dashboard with an accurate session timer. Identity is Azure AD B2C (government e-ID capable). Data lives in SQL Server through Prisma. Local services run under .NET Aspire.

Problem

The client needed auditable punch in/out, department-level admin controls, and SSO that fits a government identity stack—not a generic timesheet SaaS with weak auth.

Solution

Shipped a Next.js 15 App Router product with authenticated admin and employee areas, NextAuth v4 + Azure AD B2C, Prisma against SQL Server, punch and configuration APIs, cron-driven missed-punch flags, Web Workers for the active timer, and Aspire for container orchestration.

Frontend

Next.js 15 + React 19 App Router UI with separate admin and employee shells, 25+ Tailwind components, and a Web Worker–backed session timer.

Next.js 15

React 19

TypeScript

Tailwind CSS 4

Web Workers

Jest + RTL

  • App Router split: (authenticated)/admin for employees, departments, reports, settings; (authenticated)/employee/dashboard for punch and history
  • Design system around teal primary (#00A997) with Inter typography and reusable modals, tables, headers, and layouts
  • SessionTimer uses a Web Worker so punch duration stays accurate without blocking the main thread
  • Client services (adminApiService, punchHistoryService, reportService, etc.) call typed API routes
  • Middleware + route-guards.ts enforce admin vs employee access before render

Backend

Next.js API routes + server cron tasks on Prisma/SQL Server, with NextAuth JWT validation on every endpoint.

Next.js Route Handlers

Prisma (SQL Server)

NextAuth.js v4

Azure AD B2C

Cron service

.NET Aspire

  • POST /api/punch for punch in/out; configuration, employees, flags, and reports routes for admin operations
  • Prisma models: Employee, Role, Department, PunchHistory, WorkingHours, DailyWorkingHours, Configuration, FlagConfiguration, EmployeeFlag, plus NextAuth Account/User
  • cronService + tasks auto-flag employees who miss punch confirmations
  • DAL under lib/dal and server operations keep query logic out of UI
  • Aspire AppHost orchestrates Dockerized SQL Server and the web app for local parity

Modules

Admin · Employees

CRUD for staff profiles, roles, and department assignment

Admin · Departments & flags

Org units plus lateness/absence flag rules and applied flags

Employee · Punch dashboard

Punch in/out, live timer, and punch history

Reports & configuration

Exports/analytics and grace-period / alert configuration

API & integration highlights

  • POST /api/punch — punch in/out with session timing
  • GET/POST /api/employees — admin employee list and create
  • GET/PUT /api/configuration — alert and grace settings
  • GET/POST /api/flags — flag configuration
  • GET /api/reports — report generation

Challenges

  • Wiring NextAuth v4 to Azure AD B2C across admin and employee roles with server route guards
  • Punch API design plus accurate client timers via Web Workers
  • Cron flags for missed confirmations without blocking interactive UI
  • Keeping Prisma SQL Server models aligned with Aspire-local services

Impact

  • Enterprise SSO for time tracking and admin operations

  • Clear RBAC separating admin and employee workflows

  • Reliable punch sessions with isolated timer work

  • Typed Next.js surface ready to grow with Aspire-backed services

Architecture

Next.js 15 App Router (admin + employee)
NextAuth v4 + Azure AD B2C
API routes + cronService
Prisma → SQL Server
Web Worker SessionTimer
.NET Aspire + Docker

Tech

React

Next.js 15

TypeScript

Tailwind CSS 4

Prisma

SQL Server

NextAuth.js v4

Azure AD B2C

Web Workers

.NET Aspire

Jest

Docker