← All projects
Web App2026

Farid Codeshttps://www.faridcodes.com

A self-updating developer portfolio built as a headless CMS — projects, case studies, skills, experience, and testimonials are all editable from a secure admin panel, with static-fast pages, strong SEO, and production-grade security.

Role
Designer & Full-Stack Developer
Timeline
2026
Client
Personal project
↗ Live URL◈ Source

The Problem

For a senior full-stack developer and solution architect targeting US/EU clients, a portfolio has to do more than list work — it has to be proof of the engineering itself, stay effortless to keep current, and load fast while ranking well. Most portfolios hardcode their content, which means a redeploy for every edit and no demonstration of real product skills. The goal was a site that is itself a code sample: editable without touching the codebase, secure enough to be production software, and fast enough to impress on first paint.

The Approach

I built it as a headless, CMS-backed application rather than a static site. Every piece of content — projects, case studies, skills, experience, testimonials, and the hero/about/contact copy — lives in MongoDB and is editable from a protected admin panel. Public pages are statically optimized with ISR and bust their cache instantly on each edit via revalidatePath, so the site is both fast and always current. I then hardened it like a real product: defense-in-depth auth, validated and rate-limited APIs, and magic-byte upload checks — so the portfolio stands on its own as an engineering sample.

Architecture

A Next.js 16 App Router front end renders Server Components that read from MongoDB through a thin data-access layer. The protected admin CMS is guarded two ways — proxy.ts (the Next.js 16 middleware replacement) does a cheap edge redirect, and the admin layout independently re-checks the session server-side with Auth.js v5, the recommended post-CVE-2025-29927 pattern. Route Handlers validate every write with Zod; the contact endpoint adds rate limiting, a honeypot, and HTML escaping; uploads are validated by magic bytes (not filename) before going to DigitalOcean Spaces, with only the CDN URL stored. SEO is handled with a dynamic sitemap, JSON-LD, and OG metadata, and the type fonts are self-hosted to avoid third-party requests.

Public Site (Next.js 16)
Server Components
ISR + revalidate
Project Cards
/projects
Case Study Pages
/projects/[slug]
Admin CMS (protected)
Auth.js v5
JWT session
proxy.ts + layout guard
defense-in-depth
API Layer (Route Handlers)
Zod validation
every write
Rate limit + honeypot
contact
Magic-byte check
uploads
Data & Media
MongoDB
Mongoose 9
DigitalOcean Spaces
images

Outcome

A portfolio that updates itself — projects, case studies, skills, experience, and testimonials all editable from the admin with zero redeploys. Public pages are static-fast via ISR with strong SEO (dynamic sitemap, JSON-LD Person schema, Open Graph), and the admin is production-secure (session-gated and Zod-validated APIs, double-guarded auth, magic-byte uploads). The codebase is strict-TypeScript and passes type-check, lint, and production build clean — so the site itself demonstrates the standards it describes.

Tech Stack

Next.js 16TypeScriptReact 19MongoDBAuth.jsTailwind CSS v4MongooseZod

Have a project like this?

I build multi-tenant SaaS, real-time systems, and mobile apps end-to-end.

Get in touch →
Farid Codes — Case Study · Faridul · Faridul