Security Audit — Lovable/Supabase SaaS App (Travel Advisor Platform)
Orçamento: $500.0
FIXED /
⭐ 0.00 (0)
United States
web-application-security, react-js, node.js, api-development
I'm the founder of Cultural Passport, a live SaaS platform for travel advisors built on Lovable (React/Vite) with a Supabase backend (Postgres, Auth, Storage, Edge Functions), Stripe for subscription billing, and Resend for transactional email. The platform was built using AI-assisted tools and is preparing to onboard its first paying subscribers in approximately three weeks.
I need an experienced developer to conduct a focused security and stability audit before live subscribers are onboarded. This is not a rebuild — it's a one-time review with a written report, ideally leading to an ongoing relationship I can call on for future fixes as needed.
Scope of the audit:
- Row Level Security (RLS) policies across all tables, specifically confirm that advisor-to-advisor data isolation is airtight. One advisor should never be able to see another advisor's clients, campaigns, or analytics under any circumstance
- Stripe webhook handler (subscription created/updated/deleted, payment failed) — review for correctness, idempotency, and edge cases
- Edge Functions - particularly the scheduled job that permanently deletes advisor data 6 months after cancellation, and the campaign sending logic
- SECURITY DEFINER functions - review for privilege escalation risk
- General stability review - flag anything that looks fragile or likely to break as advisor signups grow
- Resend email integration - review API key storage, sender domain configuration, and the campaign email sending logic for security and reliability issues
Deliverable:
A written report ranked by severity, with each finding explained in plain language alongside the specific recommended fix. I need to understand what's wrong and why it matters, not just receive a list of technical terms. Timeline for the report is important - I need findings back within one week of granting access.
Ideal candidate:
- Direct experience auditing or hardening apps built with Lovable, Bolt, Replit, or similar AI builders - you understand the patterns these tools produce and where they typically fall short
- Strong Supabase/Postgres background, specifically RLS policy design and Edge Functions
- Experience with Stripe webhook integrations
- Comfortable explaining technical findings clearly to a non-technical founder
- Available to start within the next few days
- Open to an ongoing as-needed relationship after the audit for future fixes
Budget: Fixed price preferred. Please include your estimate and timeline in your proposal. For a focused review and written report of this scope, I'm expecting proposals in the $300–$600 range, but open to discussion based on experience.
Note: Initial access will be read-only or limited to a staging environment. Full credentials will only be shared once trust is established.
Abrir na Upwork