- Fixed price
- Intermediate
- Est. budget: $500.00
I need a backend developer to deploy an already-written Node.js/Express server to Railway, connect it to an existing Supabase project, and complete a third-party OAuth/webhook integration with the Garmin Connect API. This is a deployment and configuration task, not a build task. Expected time: 3–6 hours for someone experienced with this exact stack. What’s already done • Server code is fully written (Express routes for OAuth callback, webhook receiver, token refresh, deregistration) • Supabase database schema is created with tables and RLS policies • Supabase private storage bucket is created • Code runs successfully on localhost What you’ll do 1. Deploy the provided GitHub repo to a Railway project I’ve already created 2. Configure environment variables in Railway 3. Verify the deployed health check endpoint responds correctly 4. Set up a Railway Cron job for hourly token refresh 5. Provide me with three endpoint URLs to register with Garmin (I’ll handle the Garmin portal myself — you won’t need access to it) 6. Run an end-to-end smoke test using Garmin’s API testing tools to confirm the full flow works (webhook received → FIT file downloaded → stored correctly) 7. Document any bugs you find and fix What you’ll be given access to • A standalone GitHub repo (just this server — not my main app codebase) • My Railway project (Member role) • My Supabase project (Developer role) • Environment variable values, shared securely once you’re onboarded What you will NOT need or have access to • iOS app codebase • Garmin Developer Portal login • Any production user data (this is a 5-person alpha test — no real user data exists yet) • Any other part of my systems Requirements • Demonstrated experience deploying Node.js/Express apps to Railway (please share an example or describe a past project) • Experience with OAuth 2.0, ideally including PKCE flow • Experience with Postgres (Supabase or similar) including basic schema/RLS understanding • Comfortable working from a written technical brief with minimal back-and-forth • Available for a short, focused engagement — not looking for ongoing work right now (though that may be possible later if this goes well) Budget & terms • Fixed price for defined scope, paid via Upwork • Budget: $300–500 depending on experience, payable on completion of the smoke test • All access (GitHub, Railway, Supabase) will be revoked/rotated at the end of the engagement — this is standard practice on my end, not a reflection of trust To apply, please answer 1. Have you deployed a Node/Express app to Railway before? Please describe briefly. 2. Have you worked with OAuth 2.0 PKCE flows? In what context? 3. In one or two sentences: how would you handle a webhook that must respond within 30 seconds, but also needs to do slower async work (like downloading a file) afterward? 4. Your availability to start and rough timeline to complete Looking forward to hearing from you.
- Hourly: $45.00 - $75.00
- Expert
- Est. time: 1 to 3 months, Not sure
I'm building a medical education app for nurse anesthesia students called Remy at remyanesthesia.com. Built in Lovable with Supabase and React. The app is working but has several bugs I need fixed. Bugs to fix: Questions always appear in same order — need randomization Answer choices always in same order — need shuffling Select all that apply only allows one selection Bottom navigation disappears during flip card sessions Flip card drug name too large on mobile I will add you as a collaborator on my Lovable project. Estimated 3-5 hours. Looking for someone with Lovable and Supabase experience.
- Fixed price
- Intermediate
- Est. budget: $650.00
We run a white-label health platform. The core app already exists and is in good shape — passwordless magic-link auth, row-level security / tenant isolation, PHI kept out of analytics and logs, server-side data handling, encryption in transit and at rest. This is not a greenfield build. We need a developer to close a specific, bounded set of HIPAA technical-safeguard gaps and security-test the result. Stack: TypeScript, Next.js (App Router, Server Actions), Supabase (Postgres + RLS), Vercel. What you'll build (quote EACH item separately, not a lump sum) 1. Audit logging (highest priority) Append-only, immutable audit_log table in Postgres (DB triggers/grants block UPDATE/DELETE; RLS insert + scoped select only) A single reusable helper called at every PHI touchpoint: record view, intake submit, checkout, auth issue/consume, admin reads, exports, deletions Acceptance: every PHI view/modify/export/delete + every auth event writes exactly one immutable row (who / what / when / where / success) 2. Rate limiting Applied to login, intake submit, and checkout endpoints. Per-IP and per-email. Postgres-backed (no new external service) Acceptance: over-limit requests return 429; login throttled per email + IP 3. Security headers HSTS (preload), CSP, X-Frame-Options DENY, X-Content-Type-Options, Referrer-Policy, Permissions-Policy CSP must still allow our third-party payment and identity-verification embeds Acceptance: securityheaders.com grade ≥ A, and checkout + verification flows still work end-to-end 4. Idle-session timeout Auto sign-out after N minutes of inactivity on the patient portal; confirm token expiry/refresh config Acceptance: idle session is invalidated and redirected to login 5. Patient data export + secure deletion Admin-initiated export of a single patient's full record (JSON) and a deletion workflow consistent with retention policy. Admin-run is fine — no patient-facing UI needed for v1 Acceptance: given a patient ID, export returns the full record; delete removes it and writes an audit row 6. Monitoring hooks (code portion) Emit structured events for failed logins, rate-limit trips, and audit anomalies (we wire the alerting) Acceptance: events emitted in a consumable, structured shape 7. Admin MFA + RBAC — conditional Only if there is a surface that reads PHI across multiple tenants: TOTP MFA + role checks + separate admin accounts. If no such surface is in scope, mark N/A Out of scope (do not quote) Managed infrastructure (encryption, backups, point-in-time recovery, SSL enforcement, dashboard-level config) — handled on our side All vendor BAAs Risk assessment, incident-response plan, DR plan, policies, training — our paperwork, not engineering Rebuilding anything already in place (listed above) Security testing (part of the deliverable) Per-layer tests for each item An adversarial pass: attempt to bypass rate limits, mutate/forge audit rows, access another tenant's data, inject PHI into analytics or URLs A short written summary of what was tested and the results Deliverables All code as reviewable PRs with tests passing The audit-log SQL migration as a standalone file (we apply it to our live database) A short doc listing every PHI touchpoint instrumented and every security header set Security-test summary Requirements Strong TypeScript + Next.js App Router (Server Actions, middleware) Solid Supabase/Postgres: RLS, triggers, grants, migrations Practical HIPAA technical-safeguards experience (audit controls, access control, integrity, transmission security) CSP tuning with third-party iframes (payments / identity verification a plus) Clean, test-covered work How to apply Quote each of the 7 items separately (line-by-line estimate), not a lump sum. Tell us specifically how you'd guarantee the audit log is immutable, and share one example of prior HIPAA or healthcare-data work.
- Hourly: $45.00 - $70.00
- Intermediate
- Est. time: 1 to 3 months, 30+ hrs/week
I’m building the final UX surfaces for a July 1 SaaS launch and need a fast, reliable React + Supabase engineer who can execute clean, production‑ready screens and flows. The project is front‑end heavy, well‑defined, and focused on UI polish, dashboards, forms, and simple Supabase integrations. You’ll work directly with me (the founder) in a clear, async workflow with daily check‑ins. I move quickly, communicate clearly, and provide detailed requirements for each screen or flow. What I need built Dashboard_flows - user dashboards, scoring views, operator tools UX_surfaces - responsive screens using React, TypeScript, Tailwind Form_and_flow_logic - multi‑step flows, validation, state handling Supabase_integration - basic CRUD, auth, RLS‑safe queries Admin tools - simple internal views for data visibility UI polish - spacing, alignment, loading/error states Stripe_integration - light subscription or billing touchpoints This is not deep backend work. It’s clean, fast UI execution. How I work Clear requirements - I provide detailed specs for each screen Async- updates - daily check‑ins, async communication Fast iteration - I respond quickly and unblock immediately Direct founder access - no layers, no bureaucracy What I’m looking for React Typescript experience Tailwind UI polish Supabase familiarity Stripe comfort Clean communication US based Timeline & budget Start today 2 to 3 week contract 45 to 70 hr Potential ongoing work If you can start immediately and have examples of polished React/Tailwind work, I’d love to see your GitHub or recent projects.
- Fixed price
- Intermediate
- Est. budget: $2,500.00
Hello Upwork Developers! This app will be a critical tool once it's finalized. Looking for an experienced, supportive, and communicative developer in the Sacramento or San Francisco Bay area. Fee for the first build of the mobile app and a desktop version is flexible based on experience and qualifications. Starting rate around $2-3K with a timeline of not more than 6 months. Project Criteria: -Set up a Supabase project cleanly -Create tables with proper relationships -Implement Row Level Security (RLS) -Write policies that protect sensitive data -Document every policy -Use Supabase Auth for login + roles -Avoid unnecessary Postgres functions unless documented -Full FlutterFlow project -Full Supabase schema -Full Supabase policies -Full documentation -Full training -Full source files -Full ownership transferred to me (owner) ACTUAL DELIVERABLES FOR APP (APP FEATURES) 1. User Accounts & Authentication -Email/password login -Password reset -Optional multi‑factor authentication -Role‑based access (if needed later) -Supabase Auth integration 2. Data Storage & Structure -Supabase database -Clean relational tables -Secure Row Level Security (RLS) -Encrypted or protected sensitive fields -Full audit trail (optional but recommended) 3. Data Input & Forms -Multiple structured forms -Conditional fields (show/hide based on user input) -Attachments (images, files, audio, etc.) -Draft saving -Edit/update existing entries -Delete entries (with confirmation) 4. Data Viewing & Reporting -List views -Detail views -Filters (date, category, tags, etc.) -Search -Sorting -Summary reports -Optional charts or analytics 5. PDF / Word / CSV Exporting Your app must support exporting: -Individual records → PDF -Collections of records → PDF or CSV -Summary reports → PDF -Optional: Word (.docx) export -Exports must include: - Branding -Timestamp -User info -Structured layout -Optional attachments FlutterFlow supports PDF generation natively. CSV export is easy. Word export requires a plugin or API. 6. File Attachments Users must be able to: Upload images Upload documents Upload audio notes View attachments Download attachments Stored in: Supabase Storage With secure access policies 7. Notifications (Optional) Email notifications Push notifications (if determined needed; nice to have) In‑app alerts Push notifications require: Firebase setup Apple/Google certificates 8. Subscription / Billing System If I want paid tiers later, I need: Stripe integration Subscription tiers Free vs paid feature gating Billing history Cancel/renew options Webhooks to update Supabase roles This can be added later — don’t need it for MVP. 9. Settings & User Preferences Profile editing Email change Password change Notification preferences Optional dark mode 10. App Publishing Requirements The app must support: iOS build Android build Web app (optional) App store listing setup Version updates Crash reporting (Firebase) 11. Admin Tools (Optional) If you want admin features later: Admin dashboard User management Data oversight Export all data Role assignment This can be added after MVP. ⭐ 12. Privacy & Security Requirements Because OGRE handles sensitive content: NDA required before development Secure Supabase RLS No external data sharing No analytics that expose user content Optional local encryption Optional “panic delete” or “quick hide” feature Decoy page for startup/app disguise ⭐ 13. Maintainability Requirements The app must be built so I can: -Add fields -Edit forms -Add pages -Update logic -Manage Supabase -Publish updates -Debug issues This is why FlutterFlow and post-app training is essential, so I can reliably handle the maintenance aspect of taking over control. Thank you for your interest in my app and I look forward to hearing from you!
- Hourly: $70.00 - $90.00
- Expert
- Est. time: 3 to 6 months, Less than 30 hrs/week
Contract Full Stack Engineer – Manufacturing Data Platform Development Overview We are seeking an experienced full stack software engineer to design and implement a cloud-based manufacturing data platform to support device production testing, quality tracking, and manufacturing analytics. Our current manufacturing test workflow uses a Windows-based test application that logs production test data into Google Sheets. As we scale production and introduce contract manufacturing, we are transitioning to a structured cloud database architecture using Supabase and PostgreSQL. The contractor will be responsible for establishing the backend data infrastructure, assisting with integrating existing manufacturing test software with the new platform, and developing flexible data visualization and analytics tools for engineering and manufacturing teams. This is an opportunity to build a foundational manufacturing data system that will support production scaling, quality improvements, and future automation. Scope of Work 1. Database Architecture & Supabase Implementation Design and implement a production-ready database architecture using: Supabase PostgreSQL REST APIs Cloud-based authentication and security Responsibilities include: Define database schema for manufacturing test data Create tables and relationships for: - Device serial numbers - Production lots - Firmware versions - Hardware revisions - Test results - Calibration data - Operator information - Failure codes - Manufacturing history - Implement database indexing and optimization - Establish backup and data retention strategies - Configure user access permissions for internal teams and manufacturing partners 2. Manufacturing Test Software Integration Our existing Windows test application currently performs device testing and uploads results to Google Sheets. The contractor will: -Assist team members with replacing Google Sheets API integration with database/API integration -Develop secure REST API endpoints -Integrate authentication between the test application and backend -Design reliable data upload workflows -Handle offline operation and data synchronization considerations -Ensure robust error handling and logging Preferred experience: -C# / .NET desktop applications (current data gathering tools) -REST API development -Cloud database integration 3. Manufacturing Dashboard & Data Analytics Platform -Develop an intuitive interface for engineering, manufacturing, and quality teams. The platform should provide: High-Level Production Dashboards Examples: -Units tested per day/week/month -Production throughput -Pass/fail rates -First pass yield -Failure trends -Failure Analysis Tools Ability to analyze: -Failure categories -Failed test steps -Firmware correlation -Hardware revision correlation -Production lot trends -Time-based trends -Flexible Data Exploration The system should provide spreadsheet-like flexibility similar to Google Sheets pivot tables. Desired capabilities: -Dynamic filtering -Sorting -Grouping -Pivot-style summaries -Custom reports -Export capability (CSV/Excel) -User-defined views The implementation can be: -Web application -Desktop Windows application -Hybrid solution The priority is flexibility, maintainability, and ease of use by engineering teams. Technical Requirements Required experience: -PostgreSQL database design -Supabase platform experience -REST API development -Full stack application development -Data visualization/dashboard development -Cloud application architecture -Authentication and user management Preferred experience: -Quality systems -Production test software -Electronics manufacturing data -Statistical process control (SPC) -Yield analysis Preferred Technology Experience Backend: -PostgreSQL -Supabase -REST APIs -Python, Node.js, C#, or similar backend technologies Frontend: -React / Next.js -TypeScript -Dashboard frameworks -Data visualization libraries Desktop (optional): -C#/.NET -WPF -WinUI Analytics: -SQL reporting -Data aggregation -Pivot-style analysis tools Deliverables Phase 1 – Database Foundation -Supabase project setup -Database schema -Authentication system -API architecture documentation Phase 2 – Test Software Integration -Updated Windows tester integration -Data upload API -Error handling -Production validation Phase 3 – Manufacturing Dashboard -Production overview dashboard -Yield reporting -Failure analysis interface -Flexible data exploration tools Phase 4 – Documentation & Handoff -Database documentation -API documentation -Deployment instructions -Training for internal engineering team Contract position: Estimated duration: 3–6 months initially -Potential for ongoing support as manufacturing systems expand -Remote acceptable Ideal candidate: -Independent engineer comfortable owning architecture decisions -Able to work directly with engineering leadership -Comfortable building an initial system quickly while maintaining long-term scalability About the Product We are developing a battery-powered consumer electronics device transitioning from engineering prototypes into scaled manufacturing. The manufacturing data platform will become a critical component of our production infrastructure, supporting internal engineering teams and external manufacturing partners.
- Hourly
- Expert
- Est. time: 1 to 3 months, Less than 30 hrs/week
I have a production-ready React/TypeScript health record web application built with Lovable (AI app builder) that needs to be migrated to professional infrastructure I own before public launch. I also need Claude Code (Anthropic's AI coding CLI) set up so I can continue building features independently after migration without relying on Lovable. This is a one-time migration project with a clear scope and a complete data export already prepared. I need someone experienced, detail-oriented, and trustworthy — this is a health application handling sensitive patient data. What I already have: Vercel Pro account — ready to connect Supabase account — ready to create new project GitHub repository — connected and available Domain: fullycharted.app — DNS access available Complete bulk export ZIP from Lovable Cloud — all tables as CSV/JSON, all storage files, complete supabase/migrations/ folder 2 beta users currently — minimal data to migrate Mac computer for local development setup The application: React/TypeScript frontend with Vite and TailwindCSS Supabase backend — PostgreSQL, Row Level Security, Edge Functions, Storage buckets Supabase Auth for authentication 1,326 automated tests passing Currently hosted on Lovable Cloud fullycharted.app currently points to a separate landing page — needs to point to the full app after migration What I need done: Connect GitHub to my Vercel account and configure build settings for Vite/React and all environment variables Create new Supabase project in my account — run supabase db push using migrations folder, import all table data from CSV/JSON export, re-upload all storage files (lab documents, imaging, diagnostic studies), verify all Row Level Security policies working correctly Configure all environment variables — VITE_SUPABASE_URL, VITE_SUPABASE_PUBLISHABLE_KEY, VITE_ADMIN_EMAIL, and any others currently in Lovable DNS configuration — point fullycharted.app to Vercel, configure www redirect, verify SSL certificate Handle 2 beta user accounts — coordinate password reset timing before DNS cutover Full verification — app loads at fullycharted.app, login works, patient data intact, emergency view works without auth, file uploads work, admin route gated correctly, all 1,326 automated tests pass, RLS verified (no cross-account data access) Claude Code setup on my Mac — install Node.js, install Claude Code CLI, clone repository locally, configure local environment variables, verify app runs locally (npm run dev) and tests pass (npm test), walk me through one simple change so I understand the workflow Documentation and handoff — all environment variables documented, Vercel and Supabase configuration documented, local development workflow documented, GitHub push triggers Vercel deployment confirmed Security requirements: This is a health application. RLS policies must be verified after migration. Patients must only access their own data. Admin route gated to one specific email. Public emergency routes work without exposing other patient data. What I will provide: Access to my Vercel account Access to my Supabase account Complete bulk export ZIP GitHub repository access Domain registrar access for DNS Anthropic API key for Claude Code Quick responses throughout the project Success looks like: fullycharted.app loads the full application Beta users can reset password and log in with all data intact All 1,326 tests passing I own all infrastructure completely Claude Code installed, configured, working Complete documentation in my hands Follow-on work: I have a second application (MySynapse — homeschool platform) on the same stack needing the same migration in 1-2 months. Strong performance here leads to that second project directly. To apply please include: Examples of similar Lovable/managed platform to Vercel migrations Supabase RLS and migration experience Your approach to data integrity verification Confirmation you are comfortable with health app security requirements
- Hourly: $35.00 - $70.00
- Entry Level
- Est. time: 1 to 3 months, 30+ hrs/week
We're building a data-driven platform in the beauty/cosmetics space. We've already collected a very large volume of scraped product and brand data, and it's messy - inconsistent formats, duplicates, missing fields, mixed languages, and unreliable values. Your job is to turn that raw data into something clean and reliable, and to build the web application on top of it. This is not a quick gig. We're looking for someone to stay with us for roughly a year and grow with the product. What you'll be doing Building and maintaining a Next.js (App Router) front end and back end Designing and managing our Supabase setup (Postgres schema, RLS policies, auth, storage, edge functions) Cleaning, normalizing, and deduplicating large beauty datasets (this is a major part of the role) Building data pipelines to process and validate incoming scraped data Writing transformation/normalization logic (units, brand names, categories, ingredients, pricing, etc.) Setting up data-quality checks and monitoring Iterating on features with us as the product evolves You should have Strong production experience with Next.js and Supabase (please point to specific projects) Solid SQL/Postgres skills - not just ORMs Real experience cleaning and normalizing large, messy datasets (Python/pandas or similar is a plus) Comfort working with scraped data and all the inconsistencies it brings Good written English and reliable communication Ability to work independently and own your part of the product Nice to have Experience in e-commerce, catalog, or product-data projects Familiarity with data pipelines / ETL tooling Some ML/NLP experience for entity matching or text cleanup Budget We expect this to run around $4,000–$5,000 USD per month depending on experience and hours. This is a long-term commitment, so stability and quality matter more to us than the lowest rate. To apply, please include: Similar past work - links or short descriptions of Next.js + Supabase projects, and at least one data-cleaning/normalization project you've done. Your time zone and your typical available hours - we need to know there's reasonable overlap. Your expected monthly budget within the range above (or your rate if hourly). Applications that don't address all three points will not be considered. A short note on how you'd approach cleaning messy beauty product data is a big plus. We read every proposal carefully and respond quickly to strong candidates. Looking forward to working with you.
- Fixed price
- Intermediate
- Est. budget: $3,500.00
Immediate project: • Integrate a standalone HTML demo (a risk-indicators dashboard) into the main Next.js app • Restyle the integrated demo to visually match the existing landing page (typography, color, spacing, components) • Use static or mocked data for the dashboard views — this does not need to be wired to live Supabase data for this phase • UI consistency pass limited to the demo-facing pages a prospect would see in a live walkthrough (not the full app) • Deliver a clean, working build deployed on Vercel, ready for live demo use Timeline: Targeting completion within 2–3 weeks — this supports an active sales conversation, so reliability and responsiveness matter. Possible follow-on work (separate scope, hourly): • Wiring the dashboard demo to live Supabase data • Bug fixes and feature requests • Periodic maintenance, including an upcoming Supabase policy/security deadline • Ongoing point of contact for a non-technical founder
- Fixed price
- Intermediate
- Est. budget: $500.00
OVERVIEW I'm building Inkora, a subscription web app: an AI creative-writing companion for fiction (romance, fan fiction, poetry, general fiction). The React front-end is COMPLETE and will be provided, with clearly marked integration points. I need the backend built, connected, and the full app deployed. This is an 18+ platform with content safeguards. STACK ALREADY IN PLACE - React front-end (provided; single-file app ready to be scaffolded into a project) - GitHub (repo will live on my account) - Vercel (hosting, my account) - Stripe account created - Anthropic (Claude) API key — must live server-side only, never in client code - Domain: inkora.com SCOPE OF WORK 1. Secure AI endpoint — a serverless endpoint (e.g. POST /api/write) that attaches the provided system prompt, calls the Claude API with the server-side key, and returns the text to the front-end. Suggested writing model: claude-sonnet-4-6. 2. Content moderation — screen user input BEFORE the model call and model output AFTER it. Block sexually explicit content and gratuitous graphic gore. Use a inexpensive-model screen (e.g. Haiku) or a third-party moderation API. Log violations; support a warn-then-suspend flow. 3. Auth — your recommendation (Supabase or Firebase preferred). Email + password baseline; Google sign-in if low effort. 4. Database — persist each user's stories (title, genre, full message history, timestamps), characters, and notes. The front-end already models these data shapes. The story's full saved history must be sent with each AI request (this powers in-story continuity). 5. Subscriptions (Stripe) — $10/month, ~$27/quarter, ~$96/year. Free tier: 10 messages per day (make this a config value), resetting every 24h. Gate writing access by subscription status / remaining free allowance. Handle the subscription lifecycle via webhooks. 6. Age-gate persistence — the front-end collects date of birth + an 18+ affirmation; store the affirmation timestamp with the account. Structure it so a third-party age-verification provider can be swapped in later without reworking the flow. I'm open to building on a proven starter/template (e.g. the Vercel AI chatbot template) if it speeds things up — adapting solid existing code is welcome. DELIVERABLES - Deployed, working app (provided front-end + your backend) on my Vercel, repo on my GitHub - All secrets configured as environment variables (never in client code) - Short handoff notes: key rotation, where moderation logs live, how to change config values WHAT I PROVIDE - Complete front-end code, a written backend brief, and the system prompt (shared privately with the selected freelancer) - All accounts (GitHub, Vercel, Stripe, Anthropic) already created and ready TO APPLY, PLEASE ANSWER THESE IN YOUR PROPOSAL: 1. Have you wired Stripe subscriptions with webhooks before? Link or example. 2. How will you keep the API key off the client? 3. How would you implement input + output moderation cost-effectively? 4. Have you deployed serverless APIs on Vercel? 5. Your fixed quote and timeline for this scope. Proposals that don't answer these questions will not be considered.