← İşler

Security Audit — Lovable/Supabase SaaS App (Travel Advisor Platform)

Bütçe: $500.0 FIXED / ⭐ 0.00 (0) United States

web-application-security, react-js, node.js, api-development

I'm the founder of Cultural Passport, a live SaaS platform for travel advisors built on Lovable (React/Vite) with a Supabase backend (Postgres, Auth, Storage, Edge Functions), Stripe for subscription billing, and Resend for transactional email. The platform was built using AI-assisted tools and is preparing to onboard its first paying subscribers in approximately three weeks. I need an experienced developer to conduct a focused security and stability audit before live subscribers are onboarded. This is not a rebuild — it's a one-time review with a written report, ideally leading to an ongoing relationship I can call on for future fixes as needed. Scope of the audit: - Row Level Security (RLS) policies across all tables, specifically confirm that advisor-to-advisor data isolation is airtight. One advisor should never be able to see another advisor's clients, campaigns, or analytics under any circumstance - Stripe webhook handler (subscription created/updated/deleted, payment failed) — review for correctness, idempotency, and edge cases - Edge Functions - particularly the scheduled job that permanently deletes advisor data 6 months after cancellation, and the campaign sending logic - SECURITY DEFINER functions - review for privilege escalation risk - General stability review - flag anything that looks fragile or likely to break as advisor signups grow - Resend email integration - review API key storage, sender domain configuration, and the campaign email sending logic for security and reliability issues Deliverable: A written report ranked by severity, with each finding explained in plain language alongside the specific recommended fix. I need to understand what's wrong and why it matters, not just receive a list of technical terms. Timeline for the report is important - I need findings back within one week of granting access. Ideal candidate: - Direct experience auditing or hardening apps built with Lovable, Bolt, Replit, or similar AI builders - you understand the patterns these tools produce and where they typically fall short - Strong Supabase/Postgres background, specifically RLS policy design and Edge Functions - Experience with Stripe webhook integrations - Comfortable explaining technical findings clearly to a non-technical founder - Available to start within the next few days - Open to an ongoing as-needed relationship after the audit for future fixes Budget: Fixed price preferred. Please include your estimate and timeline in your proposal. For a focused review and written report of this scope, I'm expecting proposals in the $300–$600 range, but open to discussion based on experience. Note: Initial access will be read-only or limited to a staging environment. Full credentials will only be shared once trust is established.
Upwork'te aç