CouponHive - Udemy Free-Coupon Aggregator

CouponHive is a local-first Udemy free-coupon aggregator. It scrapes public coupon sites for Udemy courses that are temporarily free, stores the listings, and - this is the part most coupon sites get wrong - continuously re-verifies each coupon against Udemy's real price so the site never shows a false "free". Everything is served through a clean Next.js interface with a searchable feed, per-course detail pages, and a full password-gated admin panel, and the whole thing runs on a single machine with no Docker, no cloud, and no external services.

Free-coupon sites are notorious for dead links: you click through excited to learn something, and the coupon has already expired. The trouble is that an expired Udemy coupon stays in the URL but silently stops working, so checking the link itself tells you nothing. I built CouponHive around honesty - every listing carries a live status badge, and the feed only promises "free" when it has actually confirmed the price is zero.

The verification engine checks the price the coupon actually yields, not the URL. For a known course it calls Udemy's price API directly; on a first check it loads the landing page, reads the course id, and then queries the price; a course is only marked available when the discount genuinely makes it free, expired when the coupon no longer does, and broken when the course has been removed. Coupons sit in one of four states - available, expired, checking, or broken - and the public feed shows only what has been confirmed, hiding broken courses entirely. Crucially, when Udemy blocks the check, since it bot-blocks datacentre addresses behind Cloudflare, the validator treats the result as inconclusive and leaves the status untouched rather than guessing, because a stale "checking" is better than a false green or red. The client sends real-browser headers, bootstraps a session, and throttles itself, so from a residential connection every check resolves to a real verdict.

The platform runs itself. A background worker, spawned automatically when the app starts, scrapes the sources on a schedule, re-checks the stalest coupons every few minutes in small batches, and prunes old data nightly. Scraping is deliberately polite: roughly one request every couple of seconds per source, robots.txt honoured, a custom user agent, exponential backoff on rate-limit responses, and a short-lived URL cache so a single run never hammers a site.

Under the hood it is a Next.js App Router project in strict TypeScript that reads directly from the database inside React Server Components. Listings are stored in SQLite through the Prisma ORM, with indexes tuned for both the feed and the verification queue. The scrapers are pluggable: each source, one RSS feed and two HTML sites, implements a common scraper interface, runs through a normalizer and Zod validation, and is upserted with deduplication and a recorded scrape run, so adding a new source is a single new file. The scraping toolkit uses Cheerio for HTML, an RSS parser for feeds, a polite request queue for throttling, and node-cron for scheduling, and the correctness-critical paths are covered by a fast automated test suite.

The public side is a searchable, filterable feed with status chips, per-course detail pages with a status banner and countdown, category grids, and a trending page driven by the most-clicked courses over the last week. Click-throughs are logged and then redirect to Udemy, and the click counts feed the trending view, with visitor addresses stored only as salted hashes rather than in the raw.

Behind a password sits a full admin panel: a dashboard of status and click metrics with recent scrape runs, a searchable course list with row actions to edit, revalidate, re-status, or delete, a per-course editor, full scrape-run history with per-source triggers and expandable error logs, click activity, a manual URL-submission form, and cleanup tools to prune logs and bulk-remove broken courses.

Security is handled with care even for a local tool. The admin session is a server-side HMAC-signed, HttpOnly cookie that expires after eight hours, and protected pages never render their HTML to anonymous clients. Cookie-authenticated admin calls require a CSRF header, the click and login endpoints are rate-limited per address, the manual-scrape endpoint refuses to run concurrently with itself, and the worker shuts down cleanly on a termination signal.

CouponHive is a small but complete product: it aggregates, it verifies honestly, it runs and maintains itself, and it gives an operator full control through a real admin panel, all from a single, dependency-light machine. The guiding principle throughout was trust - never show a coupon as free unless it has been proven free.