{"slug": "coinflow-i-built-a-full-stack-micro-tasking-platform-with-github-copilot", "title": "🪙 CoinFlow — I Built a Full-Stack Micro-Tasking Platform with GitHub Copilot.", "summary": "Redwan Shahriar Shubho built CoinFlow, a full-stack MERN micro-tasking platform featuring a real coin economy, Stripe payments, Firebase authentication, and a three-role system for Workers, Buyers, and Admins. The platform allows workers to earn coins by completing tasks and withdraw earnings once they reach 200 coins ($10), while buyers can post tasks with coin rewards and manage submissions through a dashboard. GitHub Copilot assisted in identifying an IDOR vulnerability and recommended database indexes to prevent duplicate submissions and enforce buyer ownership verification.", "body_md": "**CoinFlow** is a full-stack MERN micro-tasking platform with a real coin economy, Stripe payments, Firebase authentication, and a three-role system for Workers, Buyers, and Admins.\n\n**Live Demo:** [coin-flow-peach.vercel.app](https://coin-flow-peach.vercel.app)\n\n**GitHub Repo:** [github.com/redwanshahriarshubho/CoinFlow](https://github.com/redwanshahriarshubho/CoinFlow)\n\nThe entire `server/`\n\nfolder had no `index.js`\n\n. Every API call failed with network errors. The frontend looked beautiful but nothing worked.\n\n**Frontend:** React 19, Vite 8, React Router 7, TanStack Query v5, Firebase v12, Stripe.js, Swiper, React Hook Form\n\n**Backend:** Node.js, Express 5, MongoDB (native driver), JWT, Stripe SDK\n\n**Infrastructure:** Vercel (frontend), Render (backend), MongoDB Atlas, imgBB\n\nWorkers join the platform and get 10 free coins on signup. They browse available tasks, submit completed work, and get paid instantly when approved. Once they hit 200 coins ($10), they can withdraw via bKash, Nagad, Rocket, or Bank Transfer.\n\nBuyers post tasks with a coin reward per worker — the total cost is deducted when the task goes live. They review submissions through a dashboard and approve or reject each one. Unused coins are refunded automatically if a task is deleted.\n\nAdmins see platform-wide stats, manage all users, moderate any task, and approve worker withdrawal requests.\n\n| Action | Coins |\n|---|---|\n| Register as Worker | +10 free |\n| Register as Buyer | +50 free |\n| Post a task | -(workers × coins_per_worker) |\n| Submission approved | +payable_amount to worker |\n| Delete task (unused slots) | +refund to buyer |\n| Withdrawal minimum | 200 coins ($10) |\nExchange rate |\n20 coins = $1 USD |\n\nOne design decision I'm proud of: when a submission is **rejected**, the task's `required_workers`\n\ncount is incremented back by 1 so another worker can claim that slot. Without this, a single rejection would permanently block an open position.\n\n```\napp.patch(\"/submissions/:id/reject\", verifyToken, verifyBuyer, async (req, res) => {\n  await submissions.updateOne(\n    { _id: new ObjectId(req.params.id) },\n    { $set: { status: \"rejected\" } }\n  );\n  await tasks.updateOne(\n    { _id: new ObjectId(sub.task_id) },\n    { $inc: { required_workers: 1 } }\n  );\n  await notifications.insertOne({\n    recipient_email: sub.worker_email,\n    message: `Your submission for \"${sub.task_title}\" was rejected. Keep going!`,\n    actionRoute: \"/dashboard/task-list\",\n    time: new Date(), read: false,\n  });\n});\n```\n\nI used Copilot as a sounding board throughout. Describing the coin economy rules in plain English and asking \"what could go wrong here?\" surfaced edge cases before they became bugs.\n\nCopilot flagged an IDOR vulnerability — I wasn't verifying that the buyer making a request actually owned the task. It suggested adding `buyer_email: req.user.email`\n\nto every MongoDB mutation query:\n\n```\nawait tasks.updateOne(\n  { _id: new ObjectId(req.params.id), buyer_email: req.user.email },\n  { $set: { task_title, task_detail, submission_info } }\n);\n```\n\nCopilot reviewed my schema and recommended the full index set:\n\n```\nawait users.createIndex({ email: 1 }, { unique: true });\nawait tasks.createIndex({ buyer_email: 1 });\nawait submissions.createIndex({ worker_email: 1 });\nawait notifications.createIndex({ recipient_email: 1, time: -1 });\njs\nconst dup = await submissions.findOne({ task_id, worker_email });\nif (dup) return res.status(400).json({ message: \"You already submitted this task\" });\n```\n\n**Worker:** Browse tasks, full detail page, submit work, paginated history, real-time notifications, withdrawal form\n\n**Buyer:** Post tasks with live cost preview, review submissions via modal, approve/reject with instant worker payout, edit/delete with refund, purchase coins via Stripe, payment history\n\n**Admin:** Platform stats, user management, task moderation, withdrawal approval queue\n\n**System:** JWT + Firebase auth (Email + Google OAuth), role-based route guards, imgBB image upload, fully responsive UI\n\nRegister as a **Worker** to browse and complete tasks, or as a **Buyer** to post tasks and review submissions.\n\nTest Stripe with card `4242 4242 4242 4242`\n\n/ any future date / any CVC.\n\n*Built with React, Node.js, MongoDB, Stripe, and Firebase. GitHub Copilot helped me think through security, edge cases, and performance throughout the build.*", "url": "https://wpnews.pro/news/coinflow-i-built-a-full-stack-micro-tasking-platform-with-github-copilot", "canonical_source": "https://dev.to/redwanshahriarshubho/coinflow-i-built-a-full-stack-micro-tasking-platform-with-github-copilot-38h7", "published_at": "2026-06-05 18:19:01+00:00", "updated_at": "2026-06-05 18:42:20.066698+00:00", "lang": "en", "topics": ["ai-products", "ai-tools", "ai-startups"], "entities": ["GitHub Copilot", "Stripe", "Firebase", "MongoDB Atlas", "Vercel", "Render", "bKash", "Nagad"], "alternates": {"html": "https://wpnews.pro/news/coinflow-i-built-a-full-stack-micro-tasking-platform-with-github-copilot", "markdown": "https://wpnews.pro/news/coinflow-i-built-a-full-stack-micro-tasking-platform-with-github-copilot.md", "text": "https://wpnews.pro/news/coinflow-i-built-a-full-stack-micro-tasking-platform-with-github-copilot.txt", "jsonld": "https://wpnews.pro/news/coinflow-i-built-a-full-stack-micro-tasking-platform-with-github-copilot.jsonld"}}