Full-Stack Developer Needed: Next.js, Supabase, Stripe — Finalize AI Finance SaaS

Posted 2 weeks ago

Worldwide

Summary

Job Title Suggestion Senior Full-Stack Next.js & Supabase Developer – Security Fixes & Feature Integration for AI SaaS Job Description Overview We are looking for a Senior Full-Stack Developer to help us finalize and secure Fineloia, an "AI-powered CFO" SaaS. The platform connects to an SME's financial transactions to deliver real-time KPIs, cash flow risk alerts, and AI-generated reports. ⚠️ Non-negotiable Product Rule: The platform only analyzes data and recommends actions. The application DOES NOT move money or execute payments (no banking license required). The application is already built end-to-end (Authentication, Database, Stripe, and the AI engine are 100% operational). A large part of the post-login user interface (UI) is already designed (several buttons, selectors, and menus are already visible on screen), but these elements are currently "static" or disconnected. We need an expert to fix security vulnerabilities identified in a recent audit, connect this existing UI and its buttons to the backend logic, configure our domain, and finalize the project for public launch. Technical Stack Frontend/Backend: Next.js 14 (App Router), TypeScript, Tailwind CSS, shadcn/ui-style components Database & Auth: Supabase (PostgreSQL, Row Level Security - RLS) AI Integration: Anthropic Claude via Vercel AI SDK Payments: Stripe (Subscriptions, Webhooks, Customer Portal) Email & i18n: Resend, next-intl (5 languages supported) Scope of Work 1. Security Fixes (Highest Priority) Fix RLS policies on the members table to prevent users with an "admin" role from self-promoting to "owner". Restrict direct access via Supabase's REST API to the organizations table (plan/billing_cycle columns) to prevent billing system bypasses. Update RLS on transactions, accounts, and kpis to ensure the "viewer" role is strictly read-only. Sanitize internal error messages (error.message) across all API routes to avoid leaking backend details. Fix the authentication bypass risk associated with the NEXT_PUBLIC_DEMO_MODE=1 flag in login and registration forms. Implement rate-limiting on authenticated API routes (/api/kpis, /api/transactions, /api/alerts, /api/stripe/*). Resolve minor security issues (minimum length validation on password resets, missing HTTP security headers like CSP/X-Frame-Options, and input sanitization in AI prompts). 2. Feature Integration & UI Activation (Connecting Existing Buttons) General Activation of Static Elements: Map the buttons, menus, and actions already visible on the dashboard post-login and connect them to their respective functions, API routes, and React states. Anomaly Detection: Connect the existing backend module (lib/alerts/anomaly.ts) to the main alert generation route (/api/alerts/generate) and activate the corresponding flag/alert in the UI. Multi-Currency Consolidation: Connect the pre-coded consolidation engine (lib/consolidation.ts) to a new /api/kpis/consolidated endpoint and activate the organization selector (which is already designed on the dashboard). Settings Page: Implement the actual logic for the 6 placeholders under the /dashboard/settings route (Company, Team, Plan & Billing, Integrations, Notifications, GDPR). Team Invitations: Develop the complete invitation workflow for new organization members. GDPR Compliance: Implement user data export and account deletion functionalities. 3. Testing, Deployment & Launch Domain Integration: Configure and point our custom domain (which we have already purchased and have available) to the production environment. Create automated tests for the core engines (lib/kpis.ts, lib/alerts/rules.ts, lib/alerts/anomaly.ts) and authentication/permissions workflows. Update the Anthropic production model ID to the latest recommended version. Set up a basic CI/CD pipeline (lint, typecheck, tests) and a staging environment with test keys. Conduct final QA across the 5 supported languages (including Arabic RTL layout support) and test Stripe billing flows end-to-end. Required Skills & Experience Proven experience with Next.js 14 (App Router) and TypeScript. Deep understanding of Supabase and complex Row Level Security (RLS) policy architecture in PostgreSQL. Experience integrating Stripe Billing (subscriptions and webhooks). Experience with the Vercel AI SDK and prompt engineering for LLMs. Mastery of clean code principles and writing automated tests. Experience with DNS, domain management, and deployments on platforms like Vercel/Supabase. Project Type & Availability Project Type: One-time project with strong potential for ongoing maintenance and future roadmap development. Communication: Fluency or clear communication in English or Portuguese. To apply, please briefly describe your experience with Supabase RLS and Next.js 14, and indicate your estimated availability to start.

  • $75.00

    Fixed-price
  • Intermediate
    Experience Level
  • Remote Job
  • Ongoing project
    Project Type
Skills and Expertise
Mandatory skills
SaaS
Full-Stack Development
Activity on this job
  • Proposals:20 to 50
  • Last viewed by client:last week
  • Interviewing:
    4
  • Invites sent:
    4
  • Unanswered invites:
    0
About the client
Member since Apr 17, 2025
  • Portugal
    6:45 AM
  • Legal
    Individual client

Explore similar jobs on Upwork

Software DeveloperHourly‐ Posted 7 months ago
ASP.NET MVC
Django
Python
AngularJS
JavaScript
jQuery
WordPress
Google Chrome Extension
React
CRM Development
Microsoft Dynamics 365
Microsoft Dynamics CRM
Microsoft Dynamics Development
Microsoft PowerApps
Single Sign-On
Three.js
JavaScript
WordPress
AR Plugin
WooCommerce
3D Modeling

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo