Building Terp Notes: A Student-Driven Study Platform

How I built a full-stack note-sharing platform serving 150+ University of Maryland students, solving real accessibility problems in study material sharing.

PSMParamraj Singh Machre
12 min read

The Problem

As a student at the University of Maryland, I experienced firsthand the fragmented nature of study material sharing. Quality notes were scattered across dozens of GroupMe chats, Google Drives, and personal folders. Finding the right materials for a specific class often meant digging through multiple platforms, and many students missed out on valuable resources simply because they weren't in the right chat or didn't know the right person.

💡

The Vision

I wanted to create a centralized platform where Terps could easily share and discover study materials, built specifically for our community by someone who understood our needs.

The result is Terp Notes - a free, student-driven platform that now serves over 150 active users and hosts more than 600 files. It's become the go-to resource for study materials across campus, proving that sometimes the best solutions come from solving problems you experience yourself.

Architecture & Tech Stack

Backend

  • • Node.js 18+ with Express.js
  • • MongoDB Atlas (M0 free tier)
  • • AWS S3 for file storage
  • • Vercel for serverless deployment
  • • bcrypt for password hashing

Frontend

  • • EJS templating for SSR
  • • Vanilla JavaScript (no framework bloat)
  • • Custom CSS with UMD theme
  • • Mobile-first responsive design
  • • Three view modes (Grid, List, Grouped)

🛠️Tech Stack

Node.jsExpress.jsMongoDBAWS S3EJSJavaScriptVercelVirusTotal APIbcryptHelmet.js

Key Technical Decisions

Client-Side Filtering for Performance

Instead of server-side queries that took 200-500ms, I implemented client-side filtering that provides instant results in ~10ms. While this increases initial load time, the trade-off is worth it for the user experience.

Impact: 5ms response time vs 200-500ms server queries

File Deduplication for Cost Optimization

Using SHA-256 hashing, I implemented automatic file deduplication. When 100 students upload the same PDF, only one copy is stored in S3, saving approximately 60% on storage costs.

Impact: 60% reduction in storage costs in first semester

Direct S3 Uploads for Scalability

Pre-signed URLs allow clients to upload directly to S3, bypassing server bottlenecks and easily handling 100MB files. The server never touches the actual file data.

Impact: Can handle large files without server timeout issues

Serverless Architecture for Cost & Maintenance

Vercel's serverless functions provide automatic scaling and zero maintenance, perfect for a student project with unpredictable traffic patterns.

Impact: $0 hosting cost, no server maintenance, auto-scaling

Technical Challenges & Solutions

Challenge 1: Virus Scanning in Serverless Environment

Problem: Vercel has a 10-second execution timeout, but VirusTotal scans take 30-60 seconds.

Solution: Implemented background scanning with cron jobs. Files are marked as "pending" immediately after upload, and a Vercel cron job runs every 5 minutes to scan up to 5 pending files. Students can download while pending but see a warning badge.

⚠️

Learning

Serverless requires async thinking - you can't block the main flow for long-running operations.

Challenge 2: Database Query Performance

Problem: As files grew from 50 to 500+, dashboard loaded slowly (2-3 seconds).

Solution: Strategic indexing with compound indexes on (classCode, semester, year) and (uploadedBy, uploadDate) for user-specific queries.

Result: Query time dropped from 800ms to 50ms (94% improvement)

Challenge 3: Icon Asset Optimization

Problem: 35+ custom icons totaling 12MB caused slow page loads on mobile.

Solution: Aggressive PNG optimization using Python/PIL - quantized colors to 256 while preserving transparency and compressed with level 9 optimization.

Result: 93% reduction (12.31 MB → 0.87 MB)

Challenge 4: Rate Limiting Strategy

Problem: Potential abuse from spam uploads and brute force login attempts.

Solution: Tiered rate limiting - 10 login attempts per 15 minutes, 20 uploads per hour per user, 100 API calls per 15 minutes.

💡

Learning

Rate limits need to be user-friendly but secure. Too strict frustrates legitimate users, too loose enables abuse.

Security Implementation

Virus Scanning

Every uploaded file is scanned by VirusTotal's 70+ antivirus engines

Email Verification

100% email verification rate with UMD domain validation

Rate Limiting

Multi-tier rate limiting prevents abuse and DDoS attacks

Role-Based Access

Three permission levels: Admin, Contributor, and Viewer

Performance & Impact

150+
Active Users
600+
Files Shared
2,000+
Downloads
99.9%
Uptime

Zero-Cost Operation

The entire platform runs on free tiers - Vercel hosting, MongoDB Atlas M0, and AWS S3 free tier. Careful architecture and optimization keep us under all limits while serving the entire campus community.

Lessons Learned

Start with the simplest solution: I initially planned a React frontend but wasted 2 days. Switching to EJS had a working prototype in 3 hours.
Free tiers can go far: With careful architecture, I stayed under all free tier limits while serving 150+ users and 600+ files.
Security first: Implementing virus scanning and rate limiting from day 1 saved me from multiple bot attacks and security issues.
Performance matters: The initial 5-second dashboard load lost users during beta testing. Fixing performance with indexing and client-side filtering was crucial for retention.

Future Roadmap

Short-term (3 months)

  • • File preview functionality
  • • Study group matching
  • • Dark mode support
  • • Mobile app (React Native)

Medium-term (6-12 months)

  • • Expand to other universities
  • • Collaborative annotations
  • • AI-powered content suggestions
  • • Advanced analytics dashboard

Long-term Vision

  • • Official UMD partnership
  • • Self-sustaining platform
  • • Open-source core
  • • Community governance

Technical Highlights

  • Full-stack development: Backend (Node/Express), Frontend (EJS/JS), Database (MongoDB)
  • Cloud architecture: S3, serverless functions, CDN with automatic scaling
  • Security: Virus scanning, rate limiting, email verification, input validation
  • Performance: Client-side filtering, database indexing, 93% asset optimization
  • Real-world impact: 150+ users, 600+ files, solving actual student problems
  • Production experience: Deployed, monitored, iterated based on user feedback

Conclusion

Terp Notes taught me more than any tutorial could. Dealing with real users, real bugs, and real constraints forced me to think critically about every decision. The satisfaction of seeing classmates use something I built to actually help them succeed is what makes software engineering fulfilling.

Most importantly, I learned that perfect code doesn't exist - shipped code does. I iterated based on feedback, fixed bugs as they came, and continuously improved. That's the reality of software development, and I'm ready for it.

💡

Try It Out

Visit terp-notes.org to see the platform in action, or check out the source code on GitHub.