Fixed-Scope Security Fix — React/Node App (2 issues)

I need a developer to fix two specific security issues in my live SaaS app (Worksparks — an AI-powered coaching platform). The codebase has already been assessed and the issues are identified. I need someone to fix them, test the fix, and document what was changed. **Issue 1: User data access** Logged-in users can potentially read other users' private coaching conversations. This needs to be locked down so each user can only access their own data. **Issue 2: Unprotected AI endpoints** The AI API endpoints are publicly accessible with no authentication or rate limiting, leaving the app open to abuse and unexpected cost. **What I need from you:** - Fixed price quote for both issues together - Brief explanation of your approach to each - Confirmation of what "done" looks like and how it will be tested - A short written summary of changes made on completion "Note: this is a fixed-scope engagement for two specific issues. That said, I'm building this platform toward enterprise level (multi-tenant orgs, SSO, admin dashboards, billing) and will be looking for the right long-term developer partner. If that's you, say so — but please quote on the security fixes only."