Contact person: Business Client

Phone:Show

Email:Show

Location: Pune, India

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"INVITE ONLY PROJECT: Follow-up to Strong backend developer for Conversational AI App project.

Here's what the selected freelancer will do:

Phase 1: Backend & Infrastructure Setup
[login to view URL] Backend Project: Set up a server (Node.js/Express, NestJS, Python/FastAPI, or Go).
2. Environment Management: Set up robust .env handling for production secrets (DB credentials, API keys, Payment secrets).
3. Database Selection: Provision a real database (PostgreSQL is recommended for relational transactional data like wallets; MongoDB is good for storing chat logs).
4. Database Schema Design:
- Recreate the structure from [login to view URL] into SQL/NoSQL schemas.
- Users Table: ID, Auth Data, Profile, Balance (use DECIMAL type, not Float), Settings.
- Transactions Table: ID, UserID, Amount, Type, Status, GatewayReferenceID.
- Sessions Table: ID, Duration, Cost, Start/End Timestamps.
- ChatLogs Table: ID, SessionID, MessageContent (JSON/Text).

Phase 2: Authentication & Security
1. Replace Mock Auth:
- Implement JWT (JSON Web Tokens) or Session-based authentication.
- Integrate Firebase Auth, Auth0, or Supabase to handle Email/Password, Google, and Facebook logins securely.
2. Real SMS Verification:
- Replace the "1234" OTP mock with a real SMS provider (Twilio, AWS SNS, Msg91).
- Implement rate limiting on OTP requests to prevent abuse.
3. Age Verification Logic:
- Ensure the Date of Birth is validated on the server side.
- Store the "Age Verified" flag in the secure database, not just local storage.

Phase 3: Frontend Refactoring
1. API Client: Replace services/[login to view URL] with a real HTTP client (axios or fetch) that calls your new backend endpoints.
- [login to view URL]() GET /api/user/me
- [login to view URL]() GET /api/wallet/transactions
2. State Management: (Optional) Move from AppContext to React Query (TanStack Query) to handle server state, caching, and loading states more efficiently.
3. Media Handling: Implement an S3/Cloud Storage bucket (AWS S3, Google Cloud Storage) to store user-uploaded avatar images. Do not store Base64 strings in the database.

Phase 4: Payments & Wallet System
1. Payment Gateway Integration:
- Replace components/[login to view URL] logic with a real SDK (Stripe Elements / Razorpay / PayPal).
2. Server-Side Verification (Webhooks):
- Never trust the client. When a payment succeeds on the frontend, do not add funds immediately.
- Wait for the Payment Gateway to send a Webhook to your backend confirming the success.
- Only update the User's balance in the database upon receiving this secure Webhook.
3. Concurrency Handling: Use database transactions/locking when deducting funds to ensure a user cannot spend the same balance twice simultaneously.

Phase 5: The AI "Proxy" (Critical Security)
1. Secure the API Key: Move process.env.API_KEY from the Frontend to the Backend.
2. Build a WebSocket Proxy:
- Current Flow: Browser Gemini Live API (Unsecure).
- Required Flow: Browser Backend (WebSocket) Gemini Live API.
- The backend must accept the audio stream from the client, attach the API Key, and pipe it to Google, then pipe the response back to the client.
3. System Instruction Protection: Move the "Persona/System Prompts" (Saanvi/Aishwarya/Meera lore) to the backend. Do not send these from the frontend to prevent users from tampering with the prompt ("Jailbreaking").

Phase 6: DevOps & Deployment
1. Hosting:
- Frontend: Vercel, Netlify, or AWS Amplify.
- Backend: AWS EC2, Google Cloud Run, Heroku, or DigitalOcean.
2. CI/CD Pipeline: Set up GitHub Actions to run tests and deploy automatically on merge.
3. Monitoring: Add logging (Sentry, Datadog) to track errors, especially for the WebSocket connection stability.
4. Legal Pages: Create real HTML pages for "Terms of Service" and "Privacy Policy" linked in the Age Verification step.

Phase 7: Optimization (Post-Launch)
1. Latency Tuning: Optimize the WebSocket proxy buffer sizes to minimize the delay between the user speaking and the AI responding.
2. Cron Jobs: Set up a server-side Cron Job to handle the "Monthly Free Session Reset" reliably, rather than relying on the user logging in to trigger the check.

Milestones:

Milestone 1: Login, DB, Infrastructure
1. Backend & Infrastructure Setup
- Initialize Server (Node/Python/Go).
- Provision Database (PostgreSQL).
- Create Database Schemas (Users, Sessions, Transactions)
2. Authentication & Security
- Replace mock Auth with Firebase/Auth0/Supabase.
- Implement real SMS Verification (Twilio).
- Server-side Age Verification logic
3. Frontend Refactoring (Part A)
- Replace services/[login to view URL] with a real API Client (axios).
- Connect Frontend Login/Signup forms to the real Backend

Milestone 2: AI Audio Proxy & Security
1. The AI "Proxy" (Critical)
- Secure the API Key: Move it to the server.
- WebSocket Proxy: Build the binary stream tunnel (Browser <-> Server <-> Google).
- System Prompt Protection: Move Saanvi/Aishwarya lore to the server.
2. Frontend Refactoring (Part B)
- Implement S3/Cloud Storage for Avatar uploads.

Milestone 3: Payments & Wallet
1. Payments & Wallet System
- Integrate Payment Gateway (Stripe/Razorpay).
- Implement Webhooks for secure balance updates.
- Implement Database Transactions (Concurrency handling)

Milestone 4: Hosting, DevOps, Polish
1. DevOps & Deployment
- Deploy Frontend (Vercel) & Backend (Cloud Run/EC2).
- Set up CI/CD pipelines.
- Deploy Legal Pages (Terms/Privacy).
2. Optimization
- Tune WebSocket latency.
- Set up Cron Jobs for monthly free session resets.

Please submit YOUR OWN REALISTIC BUDGET ESTIMATE based on scope of work. The best value for money proposal will be selected." (client-provided description)