W-management

A corporate operations PWA I designed, built, and run in production — workforce attendance with on-device face recognition, expense management, and async reporting, for a company operating across several countries.

Visit live site

Overview

W-management started as a simple cash/expense tracker and grew into a full corporate management tool. It is a single product I own end-to-end — from database schema and API design to the React front end, the computer-vision attendance pipeline, and the infrastructure that keeps it online. It runs in production today at www.w-peopleops.fr and is used daily on both desktops and shared tablets.

Key features

Attendance with face recognition. Employees clock in and out from the web app or from a shared tablet kiosk. Recognition runs on-device: a presence detector opens the camera, a descriptor is extracted, and the server matches it against enrolled employees. Low-confidence events are routed to a manager for validation; high-confidence ones clock automatically.

Roles & manager hierarchy. Five roles (admin, manager, employee, tablet, desktop) with strict access control. Managers see and manage only their own assigned employees; admins get the full picture.

Expenses & withdrawals. Cash and other payment types in the local currency, with photo capture, drafts, and an offline queue so submissions survive a dropped connection and sync when back online.

Async reporting. Excel and PDF reports (with optional embedded photos) are generated in the background and can be emailed directly, with progress surfaced in the UI.

Admin insights. A dashboard combining business metrics with live server-health telemetry.

Internationalization. Full French, Italian, and Romanian translations.

Architecture & stack

Front end. React (Vite) built as an installable Progressive Web App — a Workbox service worker for caching and update prompts, an offline-first IndexedDB queue, and Zustand for state. The same PWA powers the employee app and the locked-down tablet kiosk.

Back end. A Node.js / Express API with JWT access and refresh tokens and a role-aware rate limiter. Data lives in SQLite (better-sqlite3). Face-descriptor extraction is CPU-heavy, so it runs in a worker pool (TensorFlow / Human) that is prewarmed on startup to avoid cold-start latency on the first clock-in.

Infrastructure. The site is served through a Cloudflare Tunnel — the server dials out to Cloudflare's edge, so there are zero open inbound ports and the public internet never connects to the origin directly. Behind the tunnel, an nginx reverse proxy fronts the backend, and everything runs as systemd services on Linux. TLS terminates at the edge.

Visit the live site →