A full-stack SaaS fitness tracker with authentication, daily goals, calorie tracking, yoga routines, and meditation modules.
Fitnest (Holistic Health Buddy) is a production-ready health and wellness platform that consolidates fitness tools, mental health resources, and AI-powered nutrition planning into a single, cohesive web experience. It was built as a full-stack showcase project covering the full development lifecycle — from database schema design and authentication to public deployment.
Health and wellness tools are typically fragmented across many separate apps — one for calorie tracking, another for yoga, another for meditation. Users who want a holistic approach to well-being have no single place to manage it all. The goal was to build a unified platform that addresses physical health (calculators, nutrition), mental health (meditation, mood tracking), and active wellness (yoga library) — all behind a secure, personalized account.
The application was architected as a Next.js full-stack app, with pages-based routing
for public and authenticated experiences. Supabase handles both the PostgreSQL database
and authentication (email/password with confirmation flow, password reset, and session
management). A custom ProtectedRoute component enforces access control across all
private pages. AI-powered meal planning is served through a Next.js API route that
proxies requests to OpenRouter, keeping API keys server-side and allowing model
flexibility. Yoga and meditation content is stored in Supabase and served via versioned
REST API routes (/api/v1/), seeded from JSON files using a custom migration script.
1. Secure authentication end-to-end
Implementing the full auth lifecycle (signup, email confirmation, login, password reset,
session persistence) correctly required careful coordination between Supabase's redirect
URLs, Next.js API callbacks, and client-side session hydration. The auth callback at
/auth/callback handles token exchange and redirects users to the correct post-auth
destination.
2. Strong password validation
Beyond basic length requirements, the app needed to detect common or easily guessable
passwords without a full HIBP API call on every keystroke. A client-side utility
(src/utils/passwordValidation.ts) runs complexity checks and a local common-password
list, with the architecture designed to support a server-side HIBP check as a future
enhancement.
3. AI meal planner on a serverless budget Streaming AI responses from a third-party provider through a Next.js serverless function required managing timeout limits on Vercel and structuring the prompt to return structured JSON (diet type, cuisine preference, macros, allergen exclusions) rather than free text — making the response directly renderable without parsing overhead.
4. Data seeding and migration
Yoga poses, meditation practices, and mood data needed to be loaded into Supabase from
static JSON files without manual SQL. A custom lib/migrate.ts script handles upserts
with conflict resolution, enabling safe re-runs during development and schema changes.