Building HariPrabodham Live Streaming Platform
A Custom Secure Live Streaming Platform for Exclusive Events
Overview
HariPrabodham Live is a complete invitation-only live streaming platform designed for exclusive religious events. This is not a wrapper around an existing platform - this is a fully custom system I architected and built entirely using Cursor AI, from database schema to real-time WebSocket infrastructure to mobile-optimized video players to admin dashboards. The platform handles 10,000+ concurrent viewers, enforces strict security measures, and provides real-time analytics.
The Problem
The organization needed a secure streaming solution that existing platforms (YouTube Live, Zoom, Vimeo) could not provide. Custom development was the only option.
- Prevents unauthorized access - Only invited users with valid codes can watch
- Enforces security - Prevents recording, screen capture, and code sharing
- Scales reliably - Handles thousands of concurrent viewers without buffering
- Provides real-time insights - Admins need to know who is watching, when they joined, and detect issues immediately
- Works flawlessly on mobile - 90% of viewers watch on phones in portrait mode
- Manages invitations efficiently - Bulk SMS, regeneration, tracking
My Approach
1. Architecture Decision: Build Custom, Integrate Smart
Amazon IVS for video delivery (low-latency, scalable CDN). Custom playback authorization tokens (JWT-based, per-session). Backend: Node.js + Express + Prisma ORM + PostgreSQL + WebSocket server. Frontend: Next.js 15 (App Router) + Tailwind CSS + Amazon IVS Player SDK.
2. Authentication & Session Management
Phone-based invitation system with JWT tokens. One active session per access code. Takeover modal for new device login. Code regeneration immediately terminates old sessions. Geolocation validation (allowed countries only).
3. Advanced Security Implementation
DevTools protection (disabled right-click, blocked F12, window dimension monitoring). Watermark tamper detection (dynamic positioning, MutationObserver, CSS manipulation detection, off-screen movement detection). Session security with admin-initiated kick and WebSocket notifications. Environment-controlled security with debug mode for development.
4. Real-Time Admin Dashboard
Live statistics (viewer count, redemption rate, active sessions). Viewer management table with live indicators, contact details, message history, code regeneration, session control, CSV export. Admin live preview with embedded IVS player and auto-restart detection. Bulk operations for CSV import and messaging with progress tracking.
5. SMS Notification System
Integrated Twilio for bulk SMS with rate limiting (1 msg/sec). Custom message templates with auto-formatted phone numbers (E.164). Audit logging for all messages. Support for access code delivery, code regeneration notifications, and custom admin broadcasts.
6. Mobile-First Video Player
Resolution dropdown optimized for mobile screens. Watermark positioning with portrait/landscape fullscreen mapping. Dynamic calculation to stay within video bounds. Auto-quality switching, muted autoplay, retry logic for network errors, error recovery with exponential backoff.
7. WebSocket Infrastructure
Viewer WebSocket with authentication, 30-second heartbeat, kick message handling, stream ended notifications, takeover request/response flow. Admin WebSocket with real-time viewer join/leave events, active viewer list updates, stream statistics broadcasting. Polling fallback every 10 seconds if WebSocket fails.
8. Deployment & DevOps
Frontend on Vercel with automatic deployments and Edge CDN. Backend on Render with auto-scaling and WebSocket support. PostgreSQL with Prisma schema management and automated migrations. Structured logging with severity levels and audit trail for critical actions.
Outcome
- Seamless viewing experience across all devices for users
- Complete visibility into who is watching for admins
- Real-time monitoring with live preview
- Efficient invite management with bulk operations
- Security enforcement without user friction
- First successful exclusive live event with 10,000+ viewers
- Zero unauthorized access incidents
- 98%+ uptime during critical events
- Scalable foundation for future events
Technical Highlights
Session Takeover Modal
User A is watching, User B tries to login. User A receives takeover request with device/location info. 60-second timeout for response. Approve: B connects, A disconnects. Decline: B sees rejection, A continues.
Code Regeneration Security
Admin clicks regenerate. Backend finds all active sessions with old codes. Updates sessions to "ended" status. Sends WebSocket KICK message to active clients. Logs audit events. New codes generated and optionally sent via SMS.
Admin Live Preview Auto-Restart
IVS player monitors stream state. Detects IDLE or ENDED state. Polling (10s interval) fetches latest stream status. If broadcasting resumes, player automatically reloads without manual refresh.
Real-Time Viewer Indicators
WebSocket sends viewer join/leave events to admin. Admin UI updates activeViewers Set immediately. Pulsing green dot appears/disappears in table. Live count updates without polling delay.
The Cursor AI Advantage
- Discussed trade-offs between streaming providers and designed database schema collaboratively
- Built authentication flow in hours, not days with rapid prototyping
- Debugged watermark positioning, WebSocket timing issues, IVS player flickering through token caching
- Maintained TypeScript type safety and followed Next.js 15 best practices throughout
- Designed multi-layered tamper detection, session management, obfuscated API routes
- Removed debug logging before deployment with environment-based configuration
Technical Stats
Why This Matters
This project proves that AI-assisted development is production-ready for enterprise systems. It demonstrates full-stack systems thinking from database schema to WebSocket protocols to mobile UI optimization to security enforcement. Building real-time systems that handle thousands of clients requires disciplined system design, and this platform was architected with a QA mindset - error handling, edge cases, fallback mechanisms, and production monitoring built in from day one.