Build a multi-role food delivery backend in Lovable with a customer ordering interface, a restaurant management dashboard, and a driver delivery view — all connected by a Supabase Edge Function state machine that enforces the order lifecycle and broadcasts realtime status updates to every party.
What you're building
A food delivery backend has three distinct actor types, each with a different view of the same order data. Customers place orders. Restaurants confirm, prepare, and package them. Drivers pick them up and deliver them. The state machine ensures an order can only advance to the next valid state — a driver cannot mark an order delivered without having first picked it up.
The order lifecycle is enforced by a Supabase Edge Function that receives a transition request, validates that the requested new status is a legal next step from the current status, updates the order, and broadcasts a Realtime message to all subscribers for that order_id. Each dashboard subscribes to the Realtime channel for its relevant orders and updates without polling.
Drivers see available orders in their area when restaurants mark them ready. Accepting an order assigns the driver to the order and removes it from the queue. The customer's tracking screen subscribes to the driver's location updates (a separate locations table updated by the driver every 30 seconds) and shows an animated map marker.
Final result
A three-role food delivery platform with a working order lifecycle, realtime tracking, menu management, and Stripe payment integration.
Tech stack
Prerequisites
- Lovable Pro account (multi-role logic and Edge Functions require significant generation credits)
- Supabase project created at supabase.com — free tier works for development
- Stripe account with test keys — add to Cloud tab → Secrets
- A clear decision on your role system: use Supabase Auth metadata or a profiles table with a role column
- Sample restaurant and menu data to seed for initial testing
Build steps
Define the multi-role schema with order lifecycle
The schema must represent all three roles and the order lifecycle. The roles (customer, restaurant, driver) are stored in a profiles table that extends auth.users. RLS policies use role-based checks.
1Create a food delivery app with Supabase. Set up these tables:23- profiles: id (references auth.users), role (customer|restaurant|driver), display_name, avatar_url, phone4- restaurants: id (references profiles), name, description, cuisine_type, address, city, is_open (bool), delivery_fee (numeric), min_order (numeric), image_url, created_at5- menu_categories: id, restaurant_id (references restaurants), name, position (int)6- menu_items: id, category_id (references menu_categories), restaurant_id, name, description, price (numeric), image_url, is_available (bool default true), created_at7- menu_item_modifiers: id, menu_item_id, name, type (single|multiple), required (bool), options (jsonb: [{label, price_add}])8- customer_addresses: id, customer_id (references profiles), label (Home|Work|Other), street, city, state, zip, is_default (bool)9- orders: id, customer_id, restaurant_id, driver_id (nullable), status (placed|confirmed|preparing|ready|picked_up|delivered|cancelled), items (jsonb snapshot), subtotal, delivery_fee, tip, total, stripe_payment_intent_id, delivery_address (jsonb), special_instructions, estimated_delivery_at, created_at, updated_at10- driver_locations: id, driver_id (unique — one per driver), lat (numeric), lng (numeric), updated_at1112RLS:13- profiles: users can read/update their own profile; restaurants and drivers are readable by all authenticated users14- restaurants: anyone can read open restaurants; restaurant owners can update their own row15- menu_items/categories: anyone can read; restaurant owner can CRUD for their restaurant16- orders: customers see their own orders; restaurants see orders for their restaurant_id; drivers see orders assigned to them or with status=ready17- driver_locations: drivers can update their own location; customers with an active order can read the driver_location for their assigned driverPro tip: Ask Lovable to create a Supabase check constraint on the orders status column that only allows valid transitions using a PostgreSQL function: CREATE FUNCTION valid_order_transition(old_status text, new_status text) RETURNS bool and reference it in a BEFORE UPDATE trigger. This adds database-level enforcement on top of the Edge Function.
Expected result: All eight tables are created with correct foreign keys, RLS policies, and TypeScript types. The profiles table has the role column and seeded rows for a test restaurant, customer, and driver.
Build the restaurant menu management dashboard
Restaurant owners need a dashboard to manage their menu: add categories, add items within categories, toggle item availability in real time, and set modifier groups (e.g., add-ons, sizes).
1Build a restaurant dashboard at src/pages/RestaurantDashboard.tsx.23Requirements:4- Sidebar navigation with tabs: Orders, Menu, Settings.5- Menu tab:6 - List menu_categories for this restaurant sorted by position. Each is a collapsible AccordionItem.7 - Inside each category, list menu_items as rows: image thumbnail, name, price, an available/unavailable Toggle switch.8 - Toggling the switch calls supabase.from('menu_items').update({ is_available }).eq('id', itemId).9 - 'Add Category' Button opens a Dialog with a name Input and saves to menu_categories.10 - 'Add Item' Button inside each category opens a Sheet with fields: name (Input), description (Textarea), price (Input number), image upload (file Input to Supabase Storage bucket 'menu'), is_available (Switch).11 - Drag-to-reorder categories using position integer (show drag handle icon, update position on drop).12- Orders tab:13 - Four columns (kanban-style): Placed, Confirmed, Preparing, Ready.14 - Each order is a Card showing: order ID, customer name, item count, total, time elapsed since placed.15 - Buttons on each card: 'Confirm', 'Mark Preparing', 'Mark Ready' — each calls the order-transition Edge Function.16 - Subscribe to Realtime inserts on orders WHERE restaurant_id = this restaurant to show new orders instantly.17 - New order cards slide in with a brief highlight animation using Tailwind transition.Pro tip: Add a browser Notification API call when a new order arrives in the Realtime subscription. Ask Lovable to request notification permission on dashboard load and send a native browser notification with the order summary when status changes to 'placed'. This works even when the tab is in the background.
Expected result: Restaurant owners can toggle item availability and it reflects immediately on the customer-facing menu. New orders appear in the Placed column in real time without page refresh.
Build the order lifecycle Edge Function
The state machine Edge Function is the heart of the system. It validates transitions, updates the order, and notifies all parties via Realtime broadcast.
1Create a Supabase Edge Function at supabase/functions/order-transition/index.ts.23Receives: { order_id: string, new_status: string, metadata?: object } in body.4Requires authentication.56Valid transitions map:7const TRANSITIONS: Record<string, string[]> = {8 placed: ['confirmed', 'cancelled'],9 confirmed: ['preparing', 'cancelled'],10 preparing: ['ready'],11 ready: ['picked_up'],12 picked_up: ['delivered'],13 delivered: [],14 cancelled: [],15}1617Logic:181. Fetch the order by order_id using service role key.192. Get the caller's profile to verify they are allowed to make this transition:20 - Restaurant can transition: placed→confirmed, confirmed→preparing, preparing→ready21 - Driver can transition: ready→picked_up, picked_up→delivered (only if order.driver_id = caller's id)22 - Customer can transition: placed→cancelled, confirmed→cancelled23 - Admin can do any transition243. If transition is invalid (not in TRANSITIONS[current_status]), return 400 error.254. If caller role doesn't match allowed transitions, return 403.265. Build update object: { status: new_status, updated_at: new Date().toISOString() }27 - If new_status === 'confirmed': set estimated_delivery_at = NOW() + 40 minutes28 - If new_status === 'picked_up': set driver_id = caller's id (for drivers accepting from ready queue)296. Update orders row.307. Broadcast to Supabase Realtime channel 'order-{order_id}': { type: 'status_change', status: new_status, timestamp }318. Return { success: true, new_status }Expected result: Calling the Edge Function with a valid transition updates the order status and broadcasts to the Realtime channel. Invalid transitions return a 400 with a descriptive error. Unauthorized role transitions return 403.
Build the customer ordering flow and realtime tracker
Customers browse restaurants, add items to a cart with modifiers, check out with Stripe, then watch their order status update live on a tracking screen.
1import { useEffect, useState } from 'react'2import { supabase } from '@/integrations/supabase/client'3import { Badge } from '@/components/ui/badge'4import { Progress } from '@/components/ui/progress'5import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card'67const STATUS_STEPS = ['placed', 'confirmed', 'preparing', 'ready', 'picked_up', 'delivered'] as const8type OrderStatus = typeof STATUS_STEPS[number]910const STATUS_LABELS: Record<OrderStatus, string> = {11 placed: 'Order Placed',12 confirmed: 'Restaurant Confirmed',13 preparing: 'Preparing Your Food',14 ready: 'Ready for Pickup',15 picked_up: 'Driver Picked Up',16 delivered: 'Delivered',17}1819export function OrderTracker({ orderId }: { orderId: string }) {20 const [status, setStatus] = useState<OrderStatus>('placed')21 const [estimatedAt, setEstimatedAt] = useState<string | null>(null)22 const [driverLocation, setDriverLocation] = useState<{ lat: number; lng: number } | null>(null)2324 useEffect(() => {25 supabase.from('orders').select('status, estimated_delivery_at, driver_id').eq('id', orderId).single()26 .then(({ data }) => {27 if (data) {28 setStatus(data.status as OrderStatus)29 setEstimatedAt(data.estimated_delivery_at)30 }31 })3233 const orderChannel = supabase34 .channel(`order-${orderId}`)35 .on('broadcast', { event: 'status_change' }, (payload) => {36 setStatus(payload.payload.status as OrderStatus)37 })38 .subscribe()3940 const locationChannel = supabase41 .channel(`driver-location-${orderId}`)42 .on('postgres_changes', {43 event: 'UPDATE',44 schema: 'public',45 table: 'driver_locations',46 }, (payload) => {47 setDriverLocation({ lat: payload.new.lat, lng: payload.new.lng })48 })49 .subscribe()5051 return () => {52 supabase.removeChannel(orderChannel)53 supabase.removeChannel(locationChannel)54 }55 }, [orderId])5657 const stepIndex = STATUS_STEPS.indexOf(status)58 const progress = Math.round((stepIndex / (STATUS_STEPS.length - 1)) * 100)5960 return (61 <Card className="w-full max-w-lg">62 <CardHeader>63 <CardTitle className="flex justify-between items-center">64 <span>Order #{orderId.slice(-6).toUpperCase()}</span>65 <Badge>{STATUS_LABELS[status]}</Badge>66 </CardTitle>67 {estimatedAt && (68 <p className="text-sm text-muted-foreground">69 Estimated delivery: {new Date(estimatedAt).toLocaleTimeString()}70 </p>71 )}72 </CardHeader>73 <CardContent className="space-y-6">74 <Progress value={progress} className="h-2" />75 <div className="space-y-3">76 {STATUS_STEPS.map((step, i) => (77 <div key={step} className={`flex items-center gap-3 ${i <= stepIndex ? 'text-foreground' : 'text-muted-foreground'}`}>78 <div className={`w-2 h-2 rounded-full ${i < stepIndex ? 'bg-green-500' : i === stepIndex ? 'bg-primary animate-pulse' : 'bg-muted'}`} />79 <span className="text-sm">{STATUS_LABELS[step]}</span>80 </div>81 ))}82 </div>83 {driverLocation && (84 <p className="text-sm text-muted-foreground">Driver location updated {new Date().toLocaleTimeString()}</p>85 )}86 </CardContent>87 </Card>88 )89}Expected result: Customers can track their order status in real time. The progress bar advances as the restaurant and driver update the order. The estimated delivery time appears once the restaurant confirms.
Build the driver delivery queue and location update
Drivers see orders with status 'ready' in their queue, can accept one, and then progress it through pickup and delivery. Their location is updated every 30 seconds to let customers track them.
1Build a driver dashboard at src/pages/DriverDashboard.tsx.23Requirements:4- Two tabs: Available Orders, My Active Delivery.56Available Orders tab:7- Fetch orders WHERE status = 'ready' AND driver_id IS NULL.8- Each is a Card showing: restaurant name, delivery address, payout estimate (delivery_fee * 0.8), distance (calculate from driver's last known location if available).9- 'Accept' Button calls order-transition Edge Function with new_status='picked_up' (which sets driver_id to this driver).10- Realtime subscription to orders WHERE status = 'ready' for live queue updates.1112My Active Delivery tab:13- Fetch the one order where driver_id = auth.uid() AND status IN ('picked_up').14- Show order details, customer name, delivery address on a Card.15- Large 'Mark Delivered' Button that calls order-transition Edge Function with new_status='delivered'.16- Every 30 seconds, upsert driver_locations: { driver_id: auth.uid(), lat, lng, updated_at } using browser Geolocation API.17 - Use navigator.geolocation.watchPosition to get the current position.18 - Only upsert if the position changed by more than 0.001 degrees to avoid unnecessary writes.1920Add a location permission request banner if Geolocation is not yet granted.Pro tip: Use navigator.geolocation.watchPosition instead of setInterval + getCurrentPosition. watchPosition fires automatically when the device detects movement, which is more battery-efficient on mobile and provides more accurate tracking.
Expected result: Drivers see available orders in real time. Accepting an order claims it and moves it to the active delivery tab. The customer's tracker shows location updates as the driver moves.
Complete code
1import { useState } from 'react'2import { supabase } from '@/integrations/supabase/client'3import { useToast } from '@/hooks/use-toast'45export type OrderStatus = 'placed' | 'confirmed' | 'preparing' | 'ready' | 'picked_up' | 'delivered' | 'cancelled'67const NEXT_STATUS: Partial<Record<OrderStatus, OrderStatus>> = {8 placed: 'confirmed',9 confirmed: 'preparing',10 preparing: 'ready',11 ready: 'picked_up',12 picked_up: 'delivered',13}1415const STATUS_ACTION_LABEL: Partial<Record<OrderStatus, string>> = {16 placed: 'Confirm Order',17 confirmed: 'Start Preparing',18 preparing: 'Mark Ready',19 ready: 'Mark Picked Up',20 picked_up: 'Mark Delivered',21}2223export function useOrderLifecycle(orderId: string, currentStatus: OrderStatus) {24 const [loading, setLoading] = useState(false)25 const { toast } = useToast()2627 const nextStatus = NEXT_STATUS[currentStatus]28 const actionLabel = STATUS_ACTION_LABEL[currentStatus]2930 const advance = async () => {31 if (!nextStatus) return32 setLoading(true)33 const { data, error } = await supabase.functions.invoke('order-transition', {34 body: { order_id: orderId, new_status: nextStatus },35 })36 setLoading(false)3738 if (error || !data?.success) {39 toast({40 title: 'Update failed',41 description: error?.message ?? 'Could not update order status. Please try again.',42 variant: 'destructive',43 })44 return false45 }4647 toast({48 title: 'Order updated',49 description: `Status changed to ${nextStatus.replace('_', ' ')}`,50 })51 return true52 }5354 const cancel = async () => {55 setLoading(true)56 const { data, error } = await supabase.functions.invoke('order-transition', {57 body: { order_id: orderId, new_status: 'cancelled' },58 })59 setLoading(false)60 if (error || !data?.success) {61 toast({ title: 'Cancel failed', description: error?.message, variant: 'destructive' })62 return false63 }64 return true65 }6667 return { advance, cancel, loading, nextStatus, actionLabel, canAdvance: !!nextStatus }68}Customization ideas
Multi-restaurant cart and batch ordering
Allow customers to order from multiple restaurants in one session by splitting the cart into per-restaurant sub-orders. Each sub-order becomes an independent order row, has its own driver assignment, and tracks separately. The checkout creates multiple PaymentIntents or a single one that splits fees per restaurant.
Scheduled delivery time slots
Add a delivery_slots table (restaurant_id, date, time_slot, max_orders, current_orders). At checkout, show a time slot picker. The selected slot is stored on the order. The restaurant dashboard shows orders grouped by scheduled slot. Implement a cron Edge Function that alerts restaurants to upcoming delivery windows.
Driver earnings and weekly payout summary
Track completed deliveries in a driver_earnings table (order_id, driver_id, amount, paid_at). Create a /driver/earnings page showing weekly and monthly totals with a Recharts bar chart. Add a Stripe Connect integration for weekly automatic payouts to driver bank accounts.
Restaurant ratings after delivery
After an order reaches delivered status, send a push notification (or email) asking the customer to rate the restaurant and driver. Add a restaurant_reviews table and a driver_reviews table, both gated to delivered orders only. Show aggregate ratings on restaurant cards in the browse view.
Promo codes and loyalty points
Add a promo_codes table (code, discount_type, value, min_order, expires_at) and a loyalty_points table (customer_id, balance, total_earned). Award 1 point per dollar spent. Allow customers to redeem points for a fixed discount at checkout. Validate promos in the Edge Function during payment intent creation.
Common pitfalls
Pitfall: Letting customers directly update order status via the Supabase client
How to avoid: Add an RLS UPDATE policy that restricts the status column: customers can only update their own orders and only to 'cancelled' (and only from 'placed' or 'confirmed'). All other transitions must go through the order-transition Edge Function which uses the service role key.
Pitfall: Storing menu items as a JSON blob directly on the order instead of a snapshot
How to avoid: At order creation time, capture a snapshot of each ordered item's name, price, and modifiers into the orders.items jsonb column. This preserves the exact state of the menu at the time of purchase.
Pitfall: Polling for order status updates instead of using Realtime
How to avoid: Subscribe to the Realtime broadcast channel for each order (order-{id}) and the postgres_changes channel for driver_locations. Cancel all subscriptions in the useEffect cleanup to prevent accumulation.
Pitfall: Not handling driver location permission denial gracefully
How to avoid: Use navigator.permissions.query({ name: 'geolocation' }) before calling watchPosition. If state is 'denied', show a persistent Banner explaining that location sharing is required for the delivery queue and provide instructions to enable it.
Best practices
- Snapshot order item data (name, price, modifiers) into a jsonb column at placement time. Never rely on live joins to menu_items for displaying historical orders.
- Enforce status transition logic at both the Edge Function level (role and sequence check) and the database level (CHECK constraint or trigger) for defense in depth.
- Use Supabase Realtime Broadcast for order status changes rather than postgres_changes on the orders table. Broadcast is lighter weight and avoids exposing the full order row diff to subscribers.
- Update driver_locations with an UPSERT (ON CONFLICT (driver_id) DO UPDATE) so there is only one row per driver, not a growing history. If you need location history, write to a separate driver_location_history table.
- Index orders on (restaurant_id, status) and (driver_id, status) separately. Restaurant and driver dashboards filter on these column combinations constantly.
- Show order age prominently in the restaurant dashboard (minutes since placed). Restaurants need to prioritize old orders. Highlight orders over 10 minutes with an amber Badge and over 20 minutes with a red Badge.
- Add estimated_delivery_at when confirming an order and update it when the driver picks up. Use this field to calculate expected arrival on the customer tracker rather than generic time labels.
AI prompts to try
Copy these prompts to build this project faster.
I'm building a food delivery app in Lovable (React + Supabase). I have an orders table with status column and a Supabase Edge Function called order-transition. The valid state transitions are: placed → confirmed → preparing → ready → picked_up → delivered. Write a TypeScript React hook useOrderLifecycle(orderId, currentStatus) that calls supabase.functions.invoke('order-transition', { body: { order_id, new_status } }) to advance the order. Return: advance(), cancel(), loading, nextStatus, actionLabel, canAdvance. Handle errors with useToast.
Add a menu item search to the customer ordering page. Above the category tabs, add a shadcn/ui Input with a search icon. As the customer types, filter the displayed menu items in real time (client-side filter on already-loaded items, no extra Supabase calls). Matching items across all categories should appear in a flat filtered list. Highlight the matching text in each item name using a bold span. Show 'No items match your search' if the filter returns empty.
In Supabase, write a PostgreSQL function get_restaurant_order_stats(p_restaurant_id uuid, p_date date) that returns JSON with: orders_today (count where date(created_at) = p_date AND status != 'cancelled'), revenue_today (sum of total), avg_prep_time_minutes (avg of EXTRACT(EPOCH FROM (updated_at - created_at))/60 for orders with status = 'delivered' today), pending_count (status IN ('placed','confirmed','preparing')), popular_items (top 5 item names from orders.items jsonb aggregated by count). Return as a single RPC call.
Frequently asked questions
How do I implement role-based routing so each role sees the right dashboard?
On login, fetch the user's profile row and check the role column. Store the role in a React context or Zustand store. Use a wrapper component around your routes that reads the role and renders the correct dashboard component. Ask Lovable to create a RoleGuard component that redirects to /login if unauthenticated and to /unauthorized if the user's role does not match the required role for that route.
Can a driver reject an order after accepting it?
Allowing cancellation after acceptance is a business decision. Technically, you can add a transition from picked_up back to ready (clearing driver_id) if it happens quickly — add this to the TRANSITIONS map in the Edge Function and restrict it to drivers only. Add a time limit: cancellation is only allowed within 2 minutes of acceptance by checking (updated_at - NOW()) < 2 minutes in the Edge Function.
How do I handle cash-on-delivery orders?
Add a payment_method column to orders (card|cash). For cash orders, skip the Stripe checkout and create the order with status 'confirmed' directly. The order lifecycle is identical, but there is no PaymentIntent or Stripe webhook. Mark the order as paid when the driver delivers by updating a paid boolean column in the same transition that sets status to 'delivered'.
How do I show restaurants on a map for the browse page?
Add lat and lng numeric columns to the restaurants table. On the browse page, fetch active restaurants with their coordinates and render them on a map. Lovable works well with react-leaflet (open source, no API key needed for basic maps). Ask Lovable to add a toggle between grid view and map view on the browse page.
How do menu modifiers work in the cart?
When a customer adds an item with modifiers, show a Dialog with the modifier options before adding to cart. Build the selected option list into the cart item's local state as { modifier_name, option_label, price_add }[]. When creating the order, include these selections in the items jsonb snapshot. The price calculation in the frontend sums item base price plus all selected modifier price_add values.
Can multiple restaurants use the same Lovable app?
Yes. The schema supports multiple restaurants via the restaurants table with each restaurant having its own profile row. Restaurant owners see only their own data through RLS. The browse page shows all active restaurants. Scale-wise, Supabase free tier supports hundreds of restaurants. RLS keeps the data correctly isolated without any application-level filtering.
How do I send order confirmation emails?
In the order-transition Edge Function, when new_status changes to 'confirmed', add a call to your email provider (Resend works well). Fetch the customer's email from auth.users, the restaurant name, and the order items from the orders jsonb snapshot. Send a confirmation email with order number, items, total, and estimated delivery time. Store your RESEND_API_KEY in Cloud tab → Secrets.
Is there help available for production delivery platform builds?
RapidDev builds production-grade Lovable apps including multi-role platforms with complex state machines, Stripe Connect driver payouts, and real-time tracking. Reach out if your food delivery app needs expert development support.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation