PRO Hub Abu Dhabi
UAE business setup and PRO services platform for international entrepreneurs launching in the Gulf.
The Challenge
The core challenge was building a platform that functions simultaneously as a marketing website, a CMS, a lead generation machine, and a compliance-sensitive content system — all with zero backend server (serverless-only). Every form submission needed to reliably reach a human via email, even when primary SMTP providers failed, which led to a dual-provider email architecture with automatic failover. Content compliance added a layer of real-world complexity. Google Ads policies restrict advertising alongside certain visa-related content, so Golden Visa pages had to be surgically hidden from navigation and review snippets without removing the underlying pages entirely. The naive approach would have been a static site or a WordPress install — both insufficient for the dynamic review aggregation, admin-managed blog publishing, and real-time lead routing that the business required.
Architectural Decisions
Serverless PostgreSQL with Neon for CMS-grade blog management
Rather than using a headless CMS or static MDX files, blogs are stored in a Neon serverless PostgreSQL database with a custom admin panel. This enabled draft/publish workflows, slug-based routing, category filtering, and tag management — all without paying for a third-party CMS.
Dual-provider email failover (SMTP + Resend)
Lead forms and contact submissions are business-critical. The solution was an environment-variable-driven provider switcher that routes through Hostinger SMTP as primary and Resend as fallback, with a shared template system.
JWT authentication with Edge Middleware for admin protection
The admin panel is protected via Next.js middleware running at the edge, verifying JWT tokens from HTTP-only secure cookies before any admin route resolves. Bcrypt handles password hashing with timing-attack resistance.
Three-tier review fallback (Google Places API to Legacy API to hardcoded)
Google reviews are a trust signal critical to conversion. The implementation cascades through: Google Places v1 API, legacy Maps API, and curated hardcoded testimonials — with ISR caching (1-hour revalidation) to minimize live API calls.
Compliance-aware content governance without page deletion
Google Ads policy restricts advertising alongside Golden Visa content. The solution was removing Golden Visa from the navigation data structure and filtering related keywords from dynamically-fetched review text — surgical content governance at the data layer.
ImageKit for admin-managed media with direct upload API
Blog featured images are uploaded directly to ImageKit via a dedicated /api/upload route, which authenticates with server-side credentials before returning a signed upload token. This keeps private API keys off the client.