Available for remote work

Emmanuel

Oghene

Fullstack Developer
Emmanuel Oghene

I build the backend most agencies outsource and most devs avoid: multi-tenant SaaS, subscription infrastructure, real-time systems. Production-ready from day one, no hand-holding required.

Selected work
04 projects

Category

Client deliveryMulti-role SaaSReal-time

Stack

Next.jsNode/ExpressPostgreSQLDrizzle ORMWebSocketsResendCloudinaryTypeScriptFirebase (FCM)
ScopeBackend · 2 Dashboards · Landing
TrackingLive · 1 sec interval
AuthJWT + RBAC

Time to Market

99h total
Backend
59h
Vendor dashboard
32h
Admin panel
5h
Landing page
3h

Overview

Nigerian vendors lose customers daily to a trust problem, riders go dark, false 'delivered' claims stick, and the vendor gets blamed. OtoNav's founder hired me to build the platform that solves this: a delivery visibility and accountability system purpose-built for the Nigerian market. I owned the full backend, vendor dashboard, admin dashboard, and landing page end-to-end. A mobile developer handled the React Native apps for riders and customers. Every order now has a full live-tracked lifecycle: riders share location every second, customers hold a private delivery PIN the rider must collect at the door, and vendors manage their entire dispatch operation from one dashboard. Production system, real users, subscription-based.

View Project

Key decisions

01.Org-based multi-tenancy — Resources are scoped strictly to organizations (vendors) with role-based access for underlying members (riders/customers).
02.WebSocket live tracking — Streams high-frequency real-time location data per active order, broadcasting simultaneously to multiple user roles.
03.Delivery PIN confirmation — 4-digit token generated per order, verified exclusively by the customer, required by the rider to close out delivery and prevent false claims.
04.Stateless invitation system — Uses self-contained, expiring JWTs for user onboarding to eliminate the need for a pending-invitations database table.
05.Plan-based feature gating — Feature flags are stored at the organization level and evaluated at request time for instantaneous subscription adjustments.
06.Multi-layer seat enforcement — Structural checks at invitation creation, renewal boundaries, and rider scaling to prevent billing leaks.
07.Cron-driven lifecycle automation — Daily background workers automate subscription expiration, tenant deactivation, and email notification scheduling.

Category

Developer toolingBilling infrastructureAPI

Stack

Next.jsNode/ExpressPostgreSQLDrizzle ORMStripeTypeScript
API surfaceInternal + Public V1
API keysSHA-256 hashed
BillingWebhook-driven Stripe

Time to Market

56h total
Backend
39h
Frontend
17h

Overview

SaaS companies routinely waste engineering cycles hardcoding plan limits and rebuilding billing logic every time marketing changes pricing tiers. Tenon decouples monetization from core business logic, allowing fast-moving startups to launch, test, and gate new tiers in minutes without a single code redeployment. Your payment platform handles the money. Tenon handles what each customer is allowed to do. Integrate once and get usage tracking, rate limiting, and feature gating out of the box, works with whatever payment provider you already use. Built for SaaS products that need plan-based access control without the complexity.

View Project

Key decisions

01.Org-based multi-tenancy — All resources and entitlements belong to the organization tier rather than individual users, simplifying team scaling.
02.SHA-256 API key hashing — Keys utilize identifiable prefixes, are displayed only once at creation, and are securely hashed at rest.
03.Plan-agnostic middleware gating — Decouples system limitations from structural code; rules live in the database to allow tier modifications without redeployments.
04.Dual API architecture — Isolates internal application interfaces from a version-locked public API surface to maintain backwards compatibility.
05.Webhook-driven state machine — Subscription lifecycles are completely driven by Stripe webhooks with idempotent event processing.
06.Token family versioning — Uses database counters on refresh tokens to enable atomic global sign-outs and immediate session invalidation.
07.Local usage tracking — Buffers and runs metered billing events locally before asynchronous reporting to mitigate duplicate counting errors.

Category

Chrome ExtensionSaaSOutreach tooling

Stack

Chrome MV3ReactNode/ExpressMongoDBBull/RedisPolarHandlebarsTypeScript
QueueBull + Redis
AuthOAuth 2.0 Gmail / Outlook
PlansFree · Pro · Growth · Founder

Time to Market

21h total
Backend
13h
Extension
8h

Overview

Sales development reps lose hours jumping between lead spreadsheets, email clients, and expensive external sequencing platforms that risk domain health. Persent unifies this workflow directly inside the browser, enabling cost-effective, high-yield pipeline generation without subscription bloat. A Chrome extension that lets you run personalized cold email campaigns at scale without leaving your browser. Write one template, send hundreds of tailored emails. Campaign tracking, contact management, and sending logic all handled from the extension.

Private repoCode available on request

Key decisions

01.Redis-backed Bull queue — Manages high-volume email dispatch, strictly enforcing provider-specific daily limits and surviving server cold-starts.
02.Refresh token rotation (RTR) — Tracks token families to automatically invalidate compromised sessions if a replay attack is detected.
03.Encrypted OAuth token storage — Access tokens are fully encrypted at rest and decrypted exclusively at the runtime point of use.
04.Persistent MV3 background execution — Extension relies on an MV3 service worker background script to handle long-running auth lifecycles across browser restarts.
05.Cursor-based pagination — Used globally across all list endpoints to keep database performance constant on massive recipient datasets.
06.Three-layer quota enforcement — Independent evaluation of account tiers, active campaign capacities, and lifetime lead quotas at the middleware layer.
07.HMAC-SHA256 webhook signatures — Ensures cryptographic verification of incoming payment events combined with idempotent handling logic.

Category

Developer infrastructureMulti-tenant SaaSReal-time

Stack

Node/ExpressPostgreSQLDrizzle ORMNeonRedisUpstashWebSocketsNext.jsTypeScript
ConcurrencyOCC · zero row locks
ValidationIn-memory · Redis
BroadcastRedis pub/sub · WS

Time to Market

16h total
Backend
10h
Showcase dashboard
6h

Overview

Every B2B vertical: logistics, aviation, healthcare, ends up rebuilding the same infrastructure: state machines, role-gated transitions, audit trails, and real-time sync. Stratum abstracts this into a single engine any tenant can configure with a JSON blueprint. Register, upload your workflow contract, and immediately get atomic state mutations with optimistic concurrency control, Redis-backed in-memory rules validation, and a horizontally scalable WebSocket broadcast layer. Built an interactive showcase dashboard on top to demonstrate multi-tenant isolation, concurrent write collision detection, and real-time pub/sub propagation between independent operator sessions.

View Project

Key decisions

01.Optimistic Concurrency Control (OCC) — Leverages atomic update conditions matching expected version and state, bypassing heavy database row locks and returning structured collision payloads on failure.
02.Redis-first validation engine — Transitions, RBAC, and payload schemas are validated entirely in-memory against Redis, saving PostgreSQL from dead reads on invalid requests.
03.Atomic blueprint updates — Schema/contract updates rewrite the Redis cache and SQL storage within a single request, enabling instant live rules updates with zero system restarts.
04.Append-only database-level immutable ledger — Postgres triggers strictly enforce a ban on UPDATE/DELETE operations on the audit log table, ensuring security compliance below the application tier.
05.Asynchronous non-blocking audits — Offloads log ingestion to a fire-and-forget Node.js EventEmitter, isolating client API response latency from slower disk writes.
06.Dual Redis client isolation — Completely separates the long-lived Redis Subscriber connection from the standard command client to protect the pub/sub architecture from blocking queries.
07.Pattern pub/sub (`PSUBSCRIBE`) clustering — Uses wildcard matching over tenant channels to support seamless horizontal scaling of independent socket instances without relying on sticky sessions.
08.Composite index tenant isolation — Every query forces a `tenant_id` constraint backed by a `(tenant_id, entity_type)` composite index, safely returning 404s instead of access errors on cross-tenant attempts.
09.GIN index JSONB querying — Schema-free tenant attributes use GIN indexes for fast containment mapping (`@>`), bypassing sequential database scans at scale.
10.Boot-time cache warming — Pipelines active tenant blueprints from Postgres to Redis during the server initialization sequence to prevent cold-start latency spikes.
11.Handshake WebSocket authorization — Authenticates clients using custom Socket.IO middleware before completing the upgrade, eliminating resource wastage on invalid sessions.
12.Structural room isolation — Restricts connected users strictly to their `tenant:{id}` socket rooms, removing the need for complex, bug-prone permission logic inside downstream event handlers.
End of selected work
About
Open to work
5+ years
building web products

Independent contract engineer. I take complex backend briefs: multi-tenant SaaS, subscription billing, real-time systems and ship them production-ready without internal hand-holding.

I work with agencies that need a backend they can trust and founders who need a solo operator who owns the full build. No ramp-up period, no status-update babysitting, no code that falls apart when someone else touches it.

Structured logging, error tracking, input validation, audit trails: these aren't things I add when asked. They're in every build by default, the same way an agency team would deliver. Just without the agency overhead.

|

01

Multi-role web architecture

Complex user hierarchies don't become your problem post-launch: org isolation, RBAC, and plan-based access are designed in from day one.

02

Subscription infrastructure

Billing that handles edge cases: failed payments, plan switches, seat overages, without surprises.

03

Real-time features

Live data that stays live. WebSocket architecture, event-driven updates, and reconnect logic so time-sensitive features actually hold up.

04

End-to-end product builds

From greenfield to deployed. Architecture, API design, frontend, and everything the brief doesn't mention but still needs to ship.

Tools & stack

Next.jsReactTypeScriptJavaScriptTailwind CSSNode.jsExpressPostgreSQLMongoDBChrome MV3StripeREST APIsWebSocketsVercelRenderRailwayGitZodPinoRedisBullCron jobsSentryDrizzle ORMNode-cronFirebaseZustandAxios

Ships with

Refresh token rotationBull job queuesZod input validationRate limiting (global + auth)Structured logging · PinoError tracking · SentryCursor-based paginationAudit logs
Based in Nigeria · Remote
Contact
Remote · Worldwide

Let's build
something._

I'm open to remote contracts and full-time roles, particularly with agencies and startups building web products. If you have a project that fits, reach out.

Emailemmanueloghene72@gmail.com
LinkedInlinkedin.com/in/emmanuel-oghene-0242182ab
GitHubgithub.com/OgheneDev