ar-saas 0.3.3 → 0.4.1

package/dist/generator.js

@@ -184,8 +184,6 @@ function buildDockerCompose(config) {
 
   mongodb:
     image: mongo:7
-    ports:
-      - "27017:27017"
     volumes:
       - mongodb_data:/data/db
     restart: unless-stopped`);
@@ -202,9 +200,7 @@ function buildDockerCompose(config) {
     ${hasBackend ? 'depends_on:\n      - backend\n    ' : ''}restart: unless-stopped`);
     }
     const volumes = hasBackend ? '\nvolumes:\n  mongodb_data:' : '';
-    return `version: '3.8'
-
-services:
+    return `services:
 ${services.join('\n\n')}
 ${volumes}
 `;
@@ -215,7 +211,7 @@ builder = "nixpacks"
 
 [deploy]
 startCommand = "npm run start:prod"
-healthcheckPath = "/api/health"
+healthcheckPath = "/api"
 healthcheckTimeout = 30
 restartPolicyType = "on_failure"
 `;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ar-saas",
-  "version": "0.3.3",
+  "version": "0.4.1",
   "description": "Generador de proyectos SaaS multi-tenant para startups argentinas. Landing page, auth, dashboard y legal listos para producción.",
   "main": "dist/index.js",
   "bin": {

package/templates/backend/.env.example

@@ -1,5 +1,5 @@
 # =========================================
-# create-saas-ar Backend
+# ar-saas Backend
 # Variables de entorno
 # =========================================
 # Copiá este archivo a .env y completá los valores

package/templates/backend/README.md

@@ -1,6 +1,6 @@
 <p align="center"><samp>
 ╔══════════════════════════════════╗<br/>
-║&nbsp;&nbsp;create-saas-ar-backend&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br/>
+║&nbsp;&nbsp;ar-saas-backend&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br/>
 ║&nbsp;&nbsp;AFIP&nbsp;·&nbsp;Mercado&nbsp;Pago&nbsp;·&nbsp;Auth&nbsp;·&nbsp;Mail&nbsp;&nbsp;<br/>
 ║&nbsp;&nbsp;todo&nbsp;integrado&nbsp;en&nbsp;un&nbsp;comando&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br/>
 ╚══════════════════════════════════╝<br/>
@@ -23,7 +23,7 @@ manejo de errores. Y cuando por fin terminás todo ese boilerplate, te das cuent
 de que todavía falta integrar AFIP para facturación electrónica y Mercado Pago
 para cobrar. Otras 2 semanas.
 
-`create-saas-ar` genera este repositorio completo **en un comando**. Viene con
+`ar-saas` genera este repositorio completo **en un comando**. Viene con
 todo lo genérico ya resuelto, más integraciones reales para operar en Argentina.
 **Solo tenés que agregar tus módulos de negocio** siguiendo el patrón de
 `.ai-docs/`.
@@ -51,9 +51,9 @@ todo lo genérico ya resuelto, más integraciones reales para operar en Argentin
 
 ## Características principales
 
-- **Multi-tenancy real** — Aislamiento por `workspaceId` garantizado en cada query. Un `WorkspaceTenantInterceptor` extrae el tenant del header `x-workspace-id` o del JWT. `BaseRepository` fuerza el filtro en toda operación. Imposible leakear datos entre workspaces por error humano.
+- **Multi-tenancy real** — Aislamiento por `workspaceId` garantizado en cada query. El `workspaceId` se extrae del JWT verificado del usuario autenticado. `BaseRepository` fuerza el filtro en toda operación. Imposible leakear datos entre workspaces por error humano.
 
-- **Auth completo** — Registro, login, refresh token rotativo, email verification, password reset, change password. Access + refresh tokens en cookies `HttpOnly`, `Secure`, `SameSite=Strict`. Nunca en `localStorage` ni en el body.
+- **Auth completo** — Registro, login, refresh token rotativo, email verification, password reset. Access + refresh tokens en cookies `HttpOnly`, `Secure`, `SameSite=Strict`. Con rate limiting en endpoints sensibles y Helmet para headers de seguridad. Nunca en `localStorage` ni en el body.
 
 - **BaseRepository genérico** — Soft delete, paginación, filtros dinámicos, agregaciones, conteo, upsert. Manejo automático de errores MongoDB (duplicate key, cast error). 12 métodos heredados por todos los repositorios.
 
@@ -197,7 +197,7 @@ src/
 │   ├── guards/
 │   │   └── jwt-auth.guard.ts          # AuthGuard('jwt')
 │   └── interceptors/
-│       └── workspace-tenant.interceptor.ts  # x-workspace-id header → request.workspaceId
+│       └── workspace-tenant.interceptor.ts  # Extrae workspaceId del JWT verificado
 ├── modules/
 │   ├── auth/           # Registro, login, refresh, email verification, password reset
 │   ├── users/          # CRUD de usuarios
@@ -246,4 +246,4 @@ El archivo `.ai-docs/examples/full-module-example.md` tiene el módulo Clientes
 
 ## Licencia
 
-Privado (UNLICENSED). Generado con [`create-saas-ar`](https://github.com/anomalyco/create-saas-ar).
+Privado (UNLICENSED). Generado con [`ar-saas`](https://github.com/anomalyco/ar-saas).

package/templates/backend/package.json

@@ -1,7 +1,7 @@
 {
-  "name": "create-saas-ar-backend",
+  "name": "ar-saas-backend",
   "version": "0.0.1",
-  "description": "Backend SaaS multi-tenant generado con create-saas-ar",
+  "description": "Backend SaaS multi-tenant generado con ar-saas",
   "author": "",
   "private": true,
   "license": "UNLICENSED",
@@ -29,10 +29,13 @@
     "@nestjs/platform-express": "^11.0.1",
     "@nestjs/schedule": "^6.0.1",
     "@nestjs/swagger": "^11.2.1",
+    "@nestjs/throttler": "^6.0.0",
     "bcryptjs": "^2.4.3",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.2",
     "cookie-parser": "^1.4.7",
+    "helmet": "^8.0.0",
+    "joi": "^17.13.3",
     "mongoose": "^9.0.1",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",

package/templates/backend/src/app.module.ts

@@ -1,40 +1,68 @@
-import { Module } from '@nestjs/common';
-import { ConfigModule, ConfigService } from '@nestjs/config';
-import { MongooseModule } from '@nestjs/mongoose';
-import { APP_FILTER } from '@nestjs/core';
-import { AppController } from './app.controller';
-import { AppService } from './app.service';
-import { GlobalExceptionFilter } from './common/filters/global-exception.filter';
-import { AuthModule } from './modules/auth/auth.module';
-import { MailModule } from './modules/mail/mail.module';
-import { UsersModule } from './modules/users/users.module';
-import { WorkspacesModule } from './modules/workspaces/workspaces.module';
-
-@Module({
-  imports: [
-    ConfigModule.forRoot({
-      isGlobal: true,
-      envFilePath: '.env',
-    }),
-    MongooseModule.forRootAsync({
-      imports: [ConfigModule],
-      inject: [ConfigService],
-      useFactory: (config: ConfigService) => ({
-        uri: config.getOrThrow<string>('MONGODB_URI'),
-      }),
-    }),
-    MailModule,
-    UsersModule,
-    WorkspacesModule,
-    AuthModule,
-  ],
-  controllers: [AppController],
-  providers: [
-    AppService,
-    {
-      provide: APP_FILTER,
-      useClass: GlobalExceptionFilter,
-    },
-  ],
-})
-export class AppModule {}
+import { Module } from '@nestjs/common';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { MongooseModule } from '@nestjs/mongoose';
+import { ThrottlerModule, ThrottlerGuard } from '@nestjs/throttler';
+import { APP_FILTER, APP_GUARD } from '@nestjs/core';
+import * as Joi from 'joi';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+import { GlobalExceptionFilter } from './common/filters/global-exception.filter';
+import { AuthModule } from './modules/auth/auth.module';
+import { MailModule } from './modules/mail/mail.module';
+import { UsersModule } from './modules/users/users.module';
+import { WorkspacesModule } from './modules/workspaces/workspaces.module';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot({
+      isGlobal: true,
+      envFilePath: '.env',
+      validationSchema: Joi.object({
+        NODE_ENV: Joi.string()
+          .valid('development', 'production', 'test')
+          .default('development'),
+        MONGODB_URI: Joi.string().required(),
+        JWT_ACCESS_SECRET: Joi.string().required(),
+        JWT_REFRESH_SECRET: Joi.string().required(),
+        RESEND_API_KEY: Joi.string().required(),
+        RESEND_FROM_EMAIL: Joi.string().email().required(),
+        APP_URL: Joi.string().uri().required(),
+        COOKIE_SECRET: Joi.string().optional().default(''),
+      }),
+    }),
+    ThrottlerModule.forRootAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: (config: ConfigService) => ({
+        throttlers: [{
+          ttl: config.get<number>('THROTTLE_TTL', 60) * 1000,
+          limit: config.get<number>('THROTTLE_LIMIT', 100),
+        }],
+      }),
+    }),
+    MongooseModule.forRootAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: (config: ConfigService) => ({
+        uri: config.getOrThrow<string>('MONGODB_URI'),
+      }),
+    }),
+    MailModule,
+    UsersModule,
+    WorkspacesModule,
+    AuthModule,
+  ],
+  controllers: [AppController],
+  providers: [
+    AppService,
+    {
+      provide: APP_FILTER,
+      useClass: GlobalExceptionFilter,
+    },
+    {
+      provide: APP_GUARD,
+      useClass: ThrottlerGuard,
+    },
+  ],
+})
+export class AppModule {}

package/templates/backend/src/common/interceptors/workspace-tenant.interceptor.ts

@@ -1,45 +1,27 @@
-import {
-  Injectable,
-  NestInterceptor,
-  ExecutionContext,
-  CallHandler,
-  BadRequestException,
-} from '@nestjs/common';
-import { Observable } from 'rxjs';
-import { Request } from 'express';
-
-export interface TenantRequest extends Request {
-  workspaceId?: string;
-  user?: Record<string, unknown>;
-}
-
-@Injectable()
-export class WorkspaceTenantInterceptor implements NestInterceptor {
-  intercept(context: ExecutionContext, next: CallHandler): Observable<unknown> {
-    const request = context.switchToHttp().getRequest<TenantRequest>();
-
-    const headerWorkspaceId = request.headers['x-workspace-id'];
-    if (headerWorkspaceId && typeof headerWorkspaceId === 'string') {
-      request.workspaceId = headerWorkspaceId;
-      return next.handle();
-    }
-
-    const workspaceIdFromUser =
-      typeof request.user?.workspaceId === 'string'
-        ? request.user.workspaceId
-        : undefined;
-    if (workspaceIdFromUser) {
-      request.workspaceId = workspaceIdFromUser;
-      return next.handle();
-    }
-
-    const apiPrefix = process.env.API_PREFIX ?? 'api';
-    if (request.path.startsWith(`/${apiPrefix}/auth/`)) {
-      return next.handle();
-    }
-
-    throw new BadRequestException(
-      'Se requiere workspaceId en header x-workspace-id o token JWT',
-    );
-  }
-}
+import {
+  Injectable,
+  NestInterceptor,
+  ExecutionContext,
+  CallHandler,
+} from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { Request } from 'express';
+
+export interface TenantRequest extends Request {
+  workspaceId?: string;
+  user?: Record<string, unknown>;
+}
+
+@Injectable()
+export class WorkspaceTenantInterceptor implements NestInterceptor {
+  intercept(context: ExecutionContext, next: CallHandler): Observable<unknown> {
+    const request = context.switchToHttp().getRequest<TenantRequest>();
+    const apiPrefix = process.env.API_PREFIX ?? 'api';
+
+    if (request.path.startsWith(`/${apiPrefix}/auth/`)) {
+      return next.handle();
+    }
+
+    return next.handle();
+  }
+}

package/templates/backend/src/main.ts

@@ -1,51 +1,50 @@
-import { NestFactory } from '@nestjs/core';
-import { ValidationPipe } from '@nestjs/common';
-import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
-import cookieParser from 'cookie-parser';
-import { AppModule } from './app.module';
-import { WorkspaceTenantInterceptor } from './common/interceptors/workspace-tenant.interceptor';
-
-async function bootstrap() {
-  const app = await NestFactory.create(AppModule);
-
-  const apiPrefix = process.env.API_PREFIX ?? 'api';
-  app.setGlobalPrefix(apiPrefix);
-
-  app.use(cookieParser(process.env.COOKIE_SECRET));
-
-  app.enableCors({
-    origin: process.env.CORS_ORIGINS?.split(',') ?? ['http://localhost:5173'],
-    credentials: true,
-  });
-
-  app.useGlobalPipes(
-    new ValidationPipe({
-      whitelist: true,
-      forbidNonWhitelisted: true,
-      transform: true,
-      transformOptions: {
-        enableImplicitConversion: true,
-      },
-    }),
-  );
-
-  app.useGlobalInterceptors(new WorkspaceTenantInterceptor());
-
-  if (process.env.SWAGGER_ENABLED === 'true') {
-    const config = new DocumentBuilder()
-      .setTitle('create-saas-ar API')
-      .setDescription('Backend SaaS multi-tenant')
-      .setVersion('1.0')
-      .addCookieAuth('access_token')
-      .build();
-
-    const document = SwaggerModule.createDocument(app, config);
-    SwaggerModule.setup(`${apiPrefix}/docs`, app, document);
-  }
-
-  const port = process.env.PORT ?? 3000;
-  await app.listen(port);
-  console.log(`🚀 Servidor corriendo en http://localhost:${port}/${apiPrefix}`);
-}
-
-void bootstrap();
+import { NestFactory } from '@nestjs/core';
+import { ValidationPipe } from '@nestjs/common';
+import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
+import cookieParser from 'cookie-parser';
+import helmet from 'helmet';
+import { AppModule } from './app.module';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+
+  const apiPrefix = process.env.API_PREFIX ?? 'api';
+  app.setGlobalPrefix(apiPrefix);
+
+  app.use(helmet());
+  app.use(cookieParser(process.env.COOKIE_SECRET));
+
+  app.enableCors({
+    origin: process.env.CORS_ORIGINS?.split(',') ?? ['http://localhost:5173'],
+    credentials: true,
+  });
+
+  app.useGlobalPipes(
+    new ValidationPipe({
+      whitelist: true,
+      forbidNonWhitelisted: true,
+      transform: true,
+      transformOptions: {
+        enableImplicitConversion: true,
+      },
+    }),
+  );
+
+  if (process.env.SWAGGER_ENABLED === 'true') {
+    const config = new DocumentBuilder()
+      .setTitle('ar-saas API')
+      .setDescription('Backend SaaS multi-tenant')
+      .setVersion('1.0')
+      .addCookieAuth('access_token')
+      .build();
+
+    const document = SwaggerModule.createDocument(app, config);
+    SwaggerModule.setup(`${apiPrefix}/docs`, app, document);
+  }
+
+  const port = process.env.PORT ?? 3000;
+  await app.listen(port);
+  console.log(`🚀 Servidor corriendo en http://localhost:${port}/${apiPrefix}`);
+}
+
+void bootstrap();