Silvershield

Project overview

A full-stack AI-enabled web application, for family members to monitor their senior relative's emails for fraud.

I built the platform from concept to beta launch and collaborated with the CEO, machine learning developers, designer, and marketing lead to develop and iterate on the product. Silvershield is now in use by beta testers.

The platform's functionality includes:

  1. Integration with Supabase auth and database
  1. CRUD operations for user profiles, and organizations with multiple members
  1. Row Level Security and trigger functions with PostgreSQL
  1. Automated emails with Sendgrid
  1. Communication with multiple APIs and SDKs
  1. Fully responsive frontend

Tech stack

  • Next.js/
  • Supabase/
  • Tailwind CSS/
  • PostgreSQL/
  • Nylas/
  • Google Cloud Platform/
  • OAuth 2.0/
  • Sendgrid
Silvershield dashboard showing an inbox with fraud alerts raning from low to high for each email.
Approach
When I built the Silvershield platform, I focused on two key things: security and scalability.
Our users would be trusting us with sensitive data, so keeping it safe was a top priority. The first iteration of the platform analyzes email inboxes for fraud but in the future will also analyze bank accounts, and messages so it needed to be adaptable and scalable.
Also, with users in their 40s-50s and their senior parents, the interface needed to be both modern and intuitive to a senior user.
To achieve this I chose to use Next.js, Supabase, Nylas, Sendgrid, Tailwind CSS, and hosted the platform on Vercel.
The Silvershield website settings page dsiplaying first name, last name, email, password, groups the user is a member of, and an edit button.

Problems & solutions

User permission: The first major challenge in building the Silvershield platform was keeping sensitive data secure and accessible to multiple users with different permissions. Filtering data on the front-end, even server side, didn't provide as much security as I wanted which led me to two Supabase features: Row Level Security (RLS) and JWTs. By storing membership and permission data in JWTs and checking it against table data with RLS, I could access the necessary data and keep it secure.

useContext hook: I realized some users would want to create multiple groups and easily switch between them, automatically logging into their most recent group when they came back to the platform. To make this happen, I saved their last group to the profiles table and used the useContext hook to set a platform-wide state for their current group. Although this shift from server-side to client-side database calls meant a loss in efficiency and speed, I felt the improvement in user experience was worth it.

Webhooks: One of the trickiest problems I encountered was how to notify users as soon as they received a potentially fraudulent email in their connected inbox. I set up a Nylas webhook to alert me when a new email arrived, but the function to fetch additional email data, and process it for fraud kept timing out. I also wanted to avoid saving any email data to our database for security purposes. First, I tried a cron job that would periodically check if new emails had been received and process them, but it was inefficient, so I set up a Supabase webhook to trigger a function every time a new email was received, generating a fraud score and notify the user if it was high.

Silvershield webpage to connect an inbox for fraud review with an input to enter an email address and buttons to connect email or skip this step.
Learnings
If I were to list all the things I learned while developing this project it would be an essay. This project took me from an aspiring coder to a full-fledged software engineer.

Some of the things I taught myself while building this project: auth, SMTPs, databases, storage, SDKs, google API, webhooks, cron jobs, edge functions, postgreSQL, Row Level Security, JWTs, Tailwind CSS, and most importantly, debugging and interpreting logs.