npm - @digilogiclabs/create-saas-app - Versions diffs - 2.0.0 → 2.2.0 - Mend

@digilogiclabs/create-saas-app 2.0.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/src/templates/infrastructure/kubernetes/production/template/kustomization.yaml ADDED Viewed

@@ -0,0 +1,92 @@
+# {{titleCaseName}} - Production Overlay
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata:
+  name: {{projectName}}-production
+namespace: {{projectName}}-production
+resources:
+  - ../../base/template
+nameSuffix: ""
+commonLabels:
+  app.kubernetes.io/environment: production
+# Production-specific image
+images:
+  - name: {{projectName}}
+    newName: ghcr.io/your-org/{{projectName}}
+    newTag: production
+# Production patches
+patches:
+  # Increase replicas
+  - target:
+      kind: Deployment
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/replicas
+        value: 3
+  # Increase resources
+  - target:
+      kind: Deployment
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value:
+          requests:
+            cpu: 250m
+            memory: 512Mi
+          limits:
+            cpu: 1000m
+            memory: 1Gi
+  # Update HPA for production
+  - target:
+      kind: HorizontalPodAutoscaler
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/minReplicas
+        value: 3
+      - op: replace
+        path: /spec/maxReplicas
+        value: 20
+  # Update PDB for production
+  - target:
+      kind: PodDisruptionBudget
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/minAvailable
+        value: 2
+  # Update ingress host for production
+  - target:
+      kind: Ingress
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/tls/0/hosts/0
+        value: "{{projectName}}.com"
+      - op: replace
+        path: /spec/tls/0/secretName
+        value: {{projectName}}-production-tls
+      - op: replace
+        path: /spec/rules/0/host
+        value: "{{projectName}}.com"
+# Production ConfigMap overrides
+configMapGenerator:
+  - name: {{projectName}}-config
+    behavior: merge
+    literals:
+      - APP_URL=https://{{projectName}}.com
+      - LOG_LEVEL=warn

package/src/templates/infrastructure/terraform/aws/template/README.md ADDED Viewed

@@ -0,0 +1,156 @@
+# {{titleCaseName}} - AWS Infrastructure
+Terraform configuration for deploying {{titleCaseName}} to AWS with Vercel frontend.
+## Architecture
+```
+┌─────────────────────────────────────────────────────────────┐
+│                         Internet                            │
+└─────────────────────────────────────────────────────────────┘
+                              │
+              ┌───────────────┼───────────────┐
+              ▼               ▼               ▼
+        ┌──────────┐   ┌───────────┐   ┌───────────┐
+        │  Vercel  │   │ CloudFront│   │  Supabase │
+        │ (App)    │   │ (CDN)     │   │ (Auth/DB) │
+        └──────────┘   └───────────┘   └───────────┘
+                              │
+                              ▼
+                       ┌───────────┐
+                       │    S3     │
+                       │ (Storage) │
+                       └───────────┘
+        ┌───────────┐   ┌───────────┐   ┌───────────┐
+        │    SQS    │   │  Secrets  │   │CloudWatch │
+        │ (Queue)   │   │ Manager   │   │ (Logs)    │
+        └───────────┘   └───────────┘   └───────────┘
+```
+## Prerequisites
+1. **AWS Account** with appropriate permissions
+2. **Vercel Account** with API token
+3. **Supabase Project** created
+4. **Terraform** >= 1.0 installed
+5. **AWS CLI** configured with credentials
+## Quick Start
+1. **Initialize Terraform:**
+   ```bash
+   terraform init
+   ```
+2. **Create variables file:**
+   ```bash
+   cp terraform.tfvars.example terraform.tfvars
+   ```
+3. **Update variables:**
+   Edit `terraform.tfvars` with your values.
+4. **Plan changes:**
+   ```bash
+   terraform plan
+   ```
+5. **Apply changes:**
+   ```bash
+   terraform apply
+   ```
+## Resources Created
+| Resource | Purpose |
+|----------|---------|
+| Vercel Project | Frontend hosting with automatic deployments |
+| S3 Bucket | File storage with versioning and encryption |
+| CloudFront Distribution | CDN for S3 content |
+| SQS Queues | Background job processing (main + DLQ) |
+| Secrets Manager | Secure storage for API keys |
+| IAM Role | Execution role for Lambda/ECS |
+| CloudWatch Log Group | Centralized logging |
+| SNS Topic | Alert notifications |
+## Environments
+### Staging
+```bash
+terraform workspace new staging
+terraform apply -var="environment=staging"
+```
+### Production
+```bash
+terraform workspace new production
+terraform apply -var="environment=production"
+```
+## Remote State (Recommended for Teams)
+1. Create S3 bucket and DynamoDB table:
+   ```bash
+   aws s3 mb s3://{{projectName}}-terraform-state
+   aws dynamodb create-table \
+     --table-name {{projectName}}-terraform-locks \
+     --attribute-definitions AttributeName=LockID,AttributeType=S \
+     --key-schema AttributeName=LockID,KeyType=HASH \
+     --billing-mode PAY_PER_REQUEST
+   ```
+2. Uncomment backend configuration in `main.tf`
+3. Re-initialize:
+   ```bash
+   terraform init -migrate-state
+   ```
+## Security Notes
+- All S3 buckets have public access blocked
+- Encryption enabled at rest (AES256)
+- Secrets stored in Secrets Manager
+- IAM follows least-privilege principle
+- CloudFront uses HTTPS only
+## Cost Estimation
+| Resource | Estimated Monthly Cost |
+|----------|----------------------|
+| Vercel | Free - $20 (Hobby/Pro) |
+| S3 | ~$5 (50GB storage) |
+| CloudFront | ~$10 (100GB transfer) |
+| SQS | ~$1 (1M requests) |
+| Secrets Manager | ~$1 (4 secrets) |
+| CloudWatch | ~$5 (10GB logs) |
+| **Total** | **~$22-42/month** |
+## Cleanup
+```bash
+terraform destroy
+```
+## Troubleshooting
+### Vercel API Token
+Generate at: https://vercel.com/account/tokens
+### AWS Credentials
+```bash
+aws configure
+# Or use environment variables:
+export AWS_ACCESS_KEY_ID="xxx"
+export AWS_SECRET_ACCESS_KEY="xxx"
+```
+### State Lock Issues
+```bash
+terraform force-unlock LOCK_ID
+```
+## License
+MIT - Built with DLL Platform

package/src/templates/infrastructure/terraform/aws/template/main.tf ADDED Viewed

@@ -0,0 +1,343 @@
+# {{titleCaseName}} - AWS Infrastructure
+# Terraform configuration for deploying to AWS with Vercel frontend
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    vercel = {
+      source  = "vercel/vercel"
+      version = "~> 1.0"
+    }
+  }
+  # Uncomment for remote state storage
+  # backend "s3" {
+  #   bucket         = "{{projectName}}-terraform-state"
+  #   key            = "terraform.tfstate"
+  #   region         = "us-east-1"
+  #   dynamodb_table = "{{projectName}}-terraform-locks"
+  #   encrypt        = true
+  # }
+}
+provider "aws" {
+  region = var.aws_region
+  default_tags {
+    tags = {
+      Project     = "{{projectName}}"
+      Environment = var.environment
+      ManagedBy   = "Terraform"
+    }
+  }
+}
+provider "vercel" {
+  api_token = var.vercel_api_token
+  team      = var.vercel_team_id
+}
+# ============================================
+# Vercel Project
+# ============================================
+resource "vercel_project" "app" {
+  name      = "{{projectName}}-${var.environment}"
+  framework = "nextjs"
+  git_repository = {
+    type = "github"
+    repo = var.github_repo
+  }
+  environment = [
+    {
+      key    = "NEXT_PUBLIC_SUPABASE_URL"
+      value  = var.supabase_url
+      target = ["production", "preview", "development"]
+    },
+    {
+      key    = "NEXT_PUBLIC_SUPABASE_ANON_KEY"
+      value  = var.supabase_anon_key
+      target = ["production", "preview", "development"]
+    },
+    {
+      key    = "SUPABASE_SERVICE_ROLE_KEY"
+      value  = var.supabase_service_role_key
+      target = ["production"]
+    },
+    {
+      key    = "NEXT_PUBLIC_APP_URL"
+      value  = "https://${var.domain}"
+      target = ["production"]
+    }
+  ]
+}
+resource "vercel_project_domain" "app" {
+  project_id = vercel_project.app.id
+  domain     = var.domain
+}
+# ============================================
+# S3 Bucket for File Storage
+# ============================================
+resource "aws_s3_bucket" "storage" {
+  bucket = "{{projectName}}-${var.environment}-storage"
+}
+resource "aws_s3_bucket_versioning" "storage" {
+  bucket = aws_s3_bucket.storage.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+resource "aws_s3_bucket_server_side_encryption_configuration" "storage" {
+  bucket = aws_s3_bucket.storage.id
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
+resource "aws_s3_bucket_public_access_block" "storage" {
+  bucket = aws_s3_bucket.storage.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+resource "aws_s3_bucket_cors_configuration" "storage" {
+  bucket = aws_s3_bucket.storage.id
+  cors_rule {
+    allowed_headers = ["*"]
+    allowed_methods = ["GET", "PUT", "POST", "DELETE", "HEAD"]
+    allowed_origins = ["https://${var.domain}"]
+    expose_headers  = ["ETag"]
+    max_age_seconds = 3000
+  }
+}
+# ============================================
+# CloudFront CDN for S3
+# ============================================
+resource "aws_cloudfront_origin_access_control" "storage" {
+  name                              = "{{projectName}}-${var.environment}-oac"
+  origin_access_control_origin_type = "s3"
+  signing_behavior                  = "always"
+  signing_protocol                  = "sigv4"
+}
+resource "aws_cloudfront_distribution" "storage" {
+  enabled             = true
+  is_ipv6_enabled     = true
+  comment             = "{{titleCaseName}} Storage CDN"
+  default_root_object = "index.html"
+  price_class         = "PriceClass_100"
+  origin {
+    domain_name              = aws_s3_bucket.storage.bucket_regional_domain_name
+    origin_id                = "S3-${aws_s3_bucket.storage.id}"
+    origin_access_control_id = aws_cloudfront_origin_access_control.storage.id
+  }
+  default_cache_behavior {
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = "S3-${aws_s3_bucket.storage.id}"
+    forwarded_values {
+      query_string = false
+      cookies {
+        forward = "none"
+      }
+    }
+    viewer_protocol_policy = "redirect-to-https"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
+resource "aws_s3_bucket_policy" "storage" {
+  bucket = aws_s3_bucket.storage.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid       = "AllowCloudFrontAccess"
+        Effect    = "Allow"
+        Principal = {
+          Service = "cloudfront.amazonaws.com"
+        }
+        Action   = "s3:GetObject"
+        Resource = "${aws_s3_bucket.storage.arn}/*"
+        Condition = {
+          StringEquals = {
+            "AWS:SourceArn" = aws_cloudfront_distribution.storage.arn
+          }
+        }
+      }
+    ]
+  })
+}
+# ============================================
+# SQS Queue for Background Jobs
+# ============================================
+resource "aws_sqs_queue" "jobs" {
+  name                       = "{{projectName}}-${var.environment}-jobs"
+  delay_seconds              = 0
+  max_message_size           = 262144
+  message_retention_seconds  = 1209600
+  receive_wait_time_seconds  = 10
+  visibility_timeout_seconds = 300
+  redrive_policy = jsonencode({
+    deadLetterTargetArn = aws_sqs_queue.jobs_dlq.arn
+    maxReceiveCount     = 3
+  })
+}
+resource "aws_sqs_queue" "jobs_dlq" {
+  name                      = "{{projectName}}-${var.environment}-jobs-dlq"
+  message_retention_seconds = 1209600
+}
+# ============================================
+# Secrets Manager
+# ============================================
+resource "aws_secretsmanager_secret" "app_secrets" {
+  name        = "{{projectName}}/${var.environment}/app"
+  description = "Application secrets for {{titleCaseName}}"
+}
+resource "aws_secretsmanager_secret_version" "app_secrets" {
+  secret_id = aws_secretsmanager_secret.app_secrets.id
+  secret_string = jsonencode({
+    STRIPE_SECRET_KEY      = var.stripe_secret_key
+    STRIPE_WEBHOOK_SECRET  = var.stripe_webhook_secret
+    OPENAI_API_KEY         = var.openai_api_key
+    ANTHROPIC_API_KEY      = var.anthropic_api_key
+  })
+}
+# ============================================
+# IAM Role for Lambda/ECS
+# ============================================
+resource "aws_iam_role" "app_execution" {
+  name = "{{projectName}}-${var.environment}-execution"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = ["lambda.amazonaws.com", "ecs-tasks.amazonaws.com"]
+        }
+      }
+    ]
+  })
+}
+resource "aws_iam_role_policy" "app_execution" {
+  name = "{{projectName}}-${var.environment}-execution-policy"
+  role = aws_iam_role.app_execution.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "s3:GetObject",
+          "s3:PutObject",
+          "s3:DeleteObject"
+        ]
+        Resource = "${aws_s3_bucket.storage.arn}/*"
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "sqs:SendMessage",
+          "sqs:ReceiveMessage",
+          "sqs:DeleteMessage",
+          "sqs:GetQueueAttributes"
+        ]
+        Resource = [
+          aws_sqs_queue.jobs.arn,
+          aws_sqs_queue.jobs_dlq.arn
+        ]
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "secretsmanager:GetSecretValue"
+        ]
+        Resource = aws_secretsmanager_secret.app_secrets.arn
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ]
+        Resource = "*"
+      }
+    ]
+  })
+}
+# ============================================
+# CloudWatch Log Group
+# ============================================
+resource "aws_cloudwatch_log_group" "app" {
+  name              = "/{{projectName}}/${var.environment}"
+  retention_in_days = 30
+}
+# ============================================
+# SNS Topic for Alerts
+# ============================================
+resource "aws_sns_topic" "alerts" {
+  name = "{{projectName}}-${var.environment}-alerts"
+}
+resource "aws_sns_topic_subscription" "alerts_email" {
+  count     = var.alert_email != "" ? 1 : 0
+  topic_arn = aws_sns_topic.alerts.arn
+  protocol  = "email"
+  endpoint  = var.alert_email
+}

package/src/templates/infrastructure/terraform/aws/template/outputs.tf ADDED Viewed

@@ -0,0 +1,66 @@
+# {{titleCaseName}} - Terraform Outputs
+output "vercel_project_id" {
+  description = "Vercel project ID"
+  value       = vercel_project.app.id
+}
+output "vercel_domains" {
+  description = "Vercel project domains"
+  value       = [var.domain]
+}
+output "s3_bucket_name" {
+  description = "S3 storage bucket name"
+  value       = aws_s3_bucket.storage.id
+}
+output "s3_bucket_arn" {
+  description = "S3 storage bucket ARN"
+  value       = aws_s3_bucket.storage.arn
+}
+output "cloudfront_distribution_id" {
+  description = "CloudFront distribution ID"
+  value       = aws_cloudfront_distribution.storage.id
+}
+output "cloudfront_domain" {
+  description = "CloudFront distribution domain"
+  value       = aws_cloudfront_distribution.storage.domain_name
+}
+output "sqs_queue_url" {
+  description = "SQS jobs queue URL"
+  value       = aws_sqs_queue.jobs.url
+}
+output "sqs_queue_arn" {
+  description = "SQS jobs queue ARN"
+  value       = aws_sqs_queue.jobs.arn
+}
+output "sqs_dlq_url" {
+  description = "SQS dead letter queue URL"
+  value       = aws_sqs_queue.jobs_dlq.url
+}
+output "secrets_arn" {
+  description = "Secrets Manager secret ARN"
+  value       = aws_secretsmanager_secret.app_secrets.arn
+}
+output "execution_role_arn" {
+  description = "IAM execution role ARN"
+  value       = aws_iam_role.app_execution.arn
+}
+output "log_group_name" {
+  description = "CloudWatch log group name"
+  value       = aws_cloudwatch_log_group.app.name
+}
+output "sns_alerts_topic_arn" {
+  description = "SNS alerts topic ARN"
+  value       = aws_sns_topic.alerts.arn
+}

package/src/templates/infrastructure/terraform/aws/template/terraform.tfvars.example ADDED Viewed

@@ -0,0 +1,28 @@
+# {{titleCaseName}} - Terraform Variables
+# Copy to terraform.tfvars and fill in values
+# General
+environment = "staging"
+aws_region  = "us-east-1"
+# Vercel
+vercel_api_token = "your-vercel-api-token"
+vercel_team_id   = null  # Optional: your-team-id
+github_repo      = "your-org/{{projectName}}"
+domain           = "{{projectName}}.com"
+# Supabase
+supabase_url              = "https://xxx.supabase.co"
+supabase_anon_key         = "your-supabase-anon-key"
+supabase_service_role_key = "your-supabase-service-role-key"
+# Stripe (Optional - leave empty if not using payments)
+stripe_secret_key     = ""
+stripe_webhook_secret = ""
+# AI (Optional - leave empty if not using AI features)
+openai_api_key    = ""
+anthropic_api_key = ""
+# Monitoring
+alert_email = "alerts@{{projectName}}.com"