Full-Stack Developer Needed (Next.js / React / TypeScript / Node / MongoDB) Security Audit • Bug Fixing • Admin Panel Revamp • Cookie Consent • UI/UX • Performance • SEO

Full-Stack Developer Needed ([login to view URL] / React / TypeScript / Node / MongoDB) Security Audit • Bug Fixing • Admin Panel Revamp • Cookie Consent • UI/UX • Performance • SEO I have a test production application built with: it is on free server(you need to host it on your free server and demo all the changes daily) • [login to view URL] • React • TypeScript • Node.js / Express • MongoDB I need a sharp, detail-focused full-stack developer who knows this stack inside out to: 1. Audit the whole app for security, bugs, and code quality 2. Find issues yourself (not just fix what I point out) 3. Fix and improve the admin panel, UI, performance, and SEO 4. Implement a cookie consent popup and cookie settings page Important: I do not have a list of bugs. You must systematically review the codebase and the live app (frontend, backend, APIs, admin panel), identify problems yourself, and fix them. Payment: We can create a separate milestone for each bullet point below. Please tell me your estimated cost per bullet point and we can agree on milestones accordingly. ________________________________________ Scope of Work (Bullet Points / Milestones) 1. Check all functionality and fix issues o Go through all main user flows end-to-end (auth, onboarding, forms, dashboards, admin, etc.). o Find and fix any bugs, broken links, validation gaps, or confusing UX. o Ensure all error states are handled cleanly (no crashes, useful error messages). 2. Full security review & hardening (top priority) o Review and secure:  All login / signup / password reset flows.  Every API route, especially admin/privileged or sensitive data.  All forms, text inputs, file uploads, and any place a user can paste content. o Check and improve:  Auth logic (sessions or JWT), including secure storage and expiry.  Cookies & headers (HttpOnly, Secure, SameSite, HSTS, etc.).  Server-side validation & sanitisation for every important endpoint.  Protection against XSS, CSRF, injection, and similar attacks.  Rate limiting on sensitive routes (e.g. login, password reset). o Make sure role-based access control (RBAC) is in place so only the right roles can access certain APIs and pages. 3. Permissions & role-based access (APIs & admin) o Audit user roles (e.g. user, admin, etc.). o Ensure every admin/privileged API is protected on the server (not just hidden in the UI). o Verify that a normal user cannot access admin functionality by guessing URLs or IDs. o Hide admin UI controls from non-admins, while still enforcing checks on the backend. 4. Admin panel revamp + page management o Improve the admin panel UX, layout, and structure so it’s easy to use. o Add functionality so the admin can manage content pages directly from the admin panel, including:  FAQ  Policies (Privacy Policy, Terms, etc.)  About Us  Team  Cookie Policy o Admin should be able to create/edit titles, sections, and content without code changes, and publish updates. 5. Cookie consent popup & cookie settings page o Implement a cookie consent banner/popup that:  Clearly explains cookie usage.  Lets users accept all, reject non-essential, or customise. o Add a cookie settings/preferences page where users can:  View and change their consent later.  Toggle non-essential cookie categories (e.g. analytics, marketing). o Make sure:  Only strictly necessary cookies are set by default.  Analytics/marketing scripts run only after consent.  User choices are stored and respected, and only minimal data is stored. o The text (cookie policy, descriptions) should be editable from the admin panel. 6. Fonts, colours, alignment & design consistency o Standardise fonts, colours, spacing, and component styles across all pages. o Replace one-off styles with shared components (buttons, inputs, cards, modals, etc.). o Fix any misalignment, inconsistent padding/margins, or “off” layouts. 7. Responsiveness o Ensure all key pages are fully responsive and look good on:  Mobile  Tablet  Desktop o Fix issues like horizontal scrolling, overlapping elements, or tiny tap targets. o Check forms, tables, cards, and the admin panel on smaller screens. 8. Performance o Identify and fix performance bottlenecks on both frontend and backend. o Frontend:  Optimize bundle size and avoid unnecessary client-side work.  Use code splitting / lazy loading where appropriate.  Use next/image or similar optimisations for images. o Backend:  Ensure efficient MongoDB queries and proper indexes.  Add pagination where needed.  Avoid N+1 queries and heavy operations in request handlers. 9. SEO basics o Ensure each important page has:  Correct page title and meta description.  Open Graph and Twitter meta tags for social sharing.  Canonical URLs where relevant. o Check:  Logical, clean URLs (e.g. /about, /faq, /policies/privacy).  Presence of sitemap and robots.txt.  Reasonable HTML structure (headings, semantic tags) to help SEO. 10. Code quality & maintainability o Clean up the codebase:  Remove unused components, files, and dependencies.  Fix ESLint/TypeScript issues and format code consistently (Prettier or similar).  Improve folder structure where it helps clarity. o Strengthen TypeScript types where weak or missing. o Make it easier for future developers to understand and extend the project. ________________________________________ Deliverables 1. Patched and committed code o Small, clear commits with meaningful commit messages. o Each commit should make sense on its own (what changed and why). 2. Plain-English report o Short summary describing:  What you reviewed.  What you found (bugs, security issues, UX problems).  What you fixed (with a clear explanation).  What still deserves attention later (non-critical improvements, future ideas). 3. Zero regressions o All existing automated tests must stay green. o Add tests where important pieces have no coverage (especially auth, RBAC, and admin content editing).

Proje No: 40046147