The latest articles on DEV Community by Lorenzo (@lorenzosc8). https://dev.to/lorenzosc8 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3948009%2Fb1367ee2-7e26-4f73-9549-dca9381c45ab.jpg https://dev.to/lorenzosc8 en Lorenzo Sun, 24 May 2026 23:28:37 +0000 https://dev.to/lorenzosc8/i-built-a-full-nextjs-saas-boilerplate-in-a-weekend-heres-everything-in-it-39d5 https://dev.to/lorenzosc8/i-built-a-full-nextjs-saas-boilerplate-in-a-weekend-heres-everything-in-it-39d5 <p>Every time I start a new project I spend the first two days on the same setup: auth, database, billing, UI components. Always from scratch, always the same code.</p> <p>So I packaged it all into a clean, production-ready boilerplate.</p> <h2> Stack </h2> <ul> <li> <strong>Next.js 16</strong> — App Router, Server Components, TypeScript</li> <li> <strong>Supabase</strong> — auth + PostgreSQL with Row Level Security</li> <li> <strong>Stripe</strong> — subscription billing with webhook handling</li> <li> <strong>Tailwind CSS + shadcn/ui</strong> — polished UI out of the box</li> <li> <strong>Zod + React Hook Form</strong> — type-safe form validation</li> <li> <strong>Dark mode</strong> — built in via next-themes</li> </ul> <h2> What's included </h2> <h3> Authentication </h3> <p>Full email/password auth flow — register, login, logout, reset password. Sessions managed server-side with Supabase SSR, protected routes handled at the proxy level.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Protecting a route is one dependency</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">DashboardLayout</span><span class="p">({</span> <span class="nx">children</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">supabase</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">createClient</span><span class="p">()</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">getUser</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="nf">redirect</span><span class="p">(</span><span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">)</span> <span class="k">return</span> <span class="o">&lt;&gt;</span><span class="p">{</span><span class="nx">children</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/</span><span class="err">&gt; </span><span class="p">}</span> </code></pre> </div> <h3> Stripe subscriptions </h3> <p>Full billing flow: checkout session creation, success redirect, webhook handling for subscription lifecycle events.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">checkout</span><span class="p">.</span><span class="nx">sessions</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">customer</span><span class="p">:</span> <span class="nx">customerId</span><span class="p">,</span> <span class="na">line_items</span><span class="p">:</span> <span class="p">[{</span> <span class="na">price</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">STRIPE_PRICE_ID</span><span class="o">!</span><span class="p">,</span> <span class="na">quantity</span><span class="p">:</span> <span class="mi">1</span> <span class="p">}],</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">"</span><span class="s2">subscription</span><span class="dl">"</span><span class="p">,</span> <span class="na">success_url</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_APP_URL</span><span class="p">}</span><span class="s2">/dashboard/billing?success=true`</span><span class="p">,</span> <span class="na">cancel_url</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_APP_URL</span><span class="p">}</span><span class="s2">/dashboard/billing?cancelled=true`</span><span class="p">,</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">user_id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">},</span> <span class="p">})</span> </code></pre> </div> <p>Webhooks handle: <code>checkout.session.completed</code>, <code>customer.subscription.deleted</code>, <code>invoice.payment_failed</code>.</p> <h3> Dashboard </h3> <p>Sidebar navigation, profile management, billing page with upgrade/cancel, settings page with password change. All server-rendered with real data.</p> <h3> Database </h3> <p>One SQL migration to run in Supabase — creates the profiles table, enables Row Level Security, and sets up a trigger to auto-create profiles on signup.</p> <h2> Project structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>src/ ├── app/ │ ├── (auth)/ # Login, register, reset password │ ├── (dashboard)/ # Protected dashboard pages │ ├── api/stripe/ # Checkout, cancel, webhook │ └── page.tsx # Landing page ├── components/ │ ├── auth/ # Auth forms │ ├── dashboard/ # Sidebar, billing card, settings form │ └── ui/ # shadcn/ui components └── lib/ └── supabase/ # Client, server, middleware </code></pre> </div> <h2> Up and running in 5 minutes </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/thask8lo/nextjs-saas-starter <span class="nb">cd </span>nextjs-saas-starter npm <span class="nb">install cp</span> .env.example .env.local <span class="c"># Fill in Supabase and Stripe keys</span> npm run dev </code></pre> </div> <h2> Live demo </h2> <p>You can see it running at: <a href="https://nextjs-saas-starter-full.onrender.com" rel="noopener noreferrer">nextjs-saas-starter-full.onrender.com</a></p> <p>Register, explore the dashboard, and test the billing flow with Stripe test card <code>4242 4242 4242 4242</code>.</p> <h2> Get it </h2> <p>GitHub preview: <a href="https://github.com/thask8lo/nextjs-saas-starter" rel="noopener noreferrer">github.com/thask8lo/nextjs-saas-starter</a></p> <p>Full package: <a href="https://7538195787226.gumroad.com/l/cvdfl" rel="noopener noreferrer">available on Gumroad</a></p> <p>Happy to answer questions in the comments.</p> nextjs typescript webdev programming Lorenzo Sat, 23 May 2026 17:12:13 +0000 https://dev.to/lorenzosc8/i-built-a-production-ready-fastapi-saas-boilerplate-heres-whats-in-it-g3e https://dev.to/lorenzosc8/i-built-a-production-ready-fastapi-saas-boilerplate-heres-whats-in-it-g3e <p>Every time I start a new backend project I waste the first two days on the exact same things: JWT auth, Stripe subscriptions, database migrations, Docker setup.</p> <p>So I stopped doing that and packaged everything into a clean, working boilerplate.</p> <p>Here's what's in it and why I made the choices I did.</p> <h2> Stack </h2> <ul> <li> <strong>FastAPI</strong> — async, fast, auto-generates OpenAPI docs at <code>/docs</code> </li> <li> <strong>SQLAlchemy 2.0 + Alembic</strong> — ORM with proper migration support</li> <li> <strong>Pydantic v2</strong> — request/response validation throughout</li> <li> <strong>python-jose</strong> — JWT access and refresh tokens</li> <li> <strong>passlib + bcrypt</strong> — password hashing</li> <li> <strong>Stripe</strong> — subscription billing</li> <li> <strong>SlowAPI</strong> — per-route rate limiting</li> <li> <strong>Docker + docker-compose</strong> — runs anywhere</li> </ul> <p>SQLite out of the box, one line to switch to Postgres.</p> <h2> Project structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>app/ ├── api/routes/ # auth.py, users.py, billing.py ├── core/ # config, database, security ├── models/ # SQLAlchemy models └── schemas/ # Pydantic v2 schemas </code></pre> </div> <p>Clean, flat, easy to extend.</p> <h2> Auth </h2> <p>JWT with separate access and refresh tokens. Access tokens expire in 30 minutes, refresh tokens in 7 days. Rate limited at the route level — 5 requests/minute on register, 10 on login.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/register</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">UserResponse</span><span class="p">,</span> <span class="n">status_code</span><span class="o">=</span><span class="mi">201</span><span class="p">)</span> <span class="nd">@limiter.limit</span><span class="p">(</span><span class="sh">"</span><span class="s">5/minute</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">register</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">user_data</span><span class="p">:</span> <span class="n">UserCreate</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> <span class="k">if</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">User</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">User</span><span class="p">.</span><span class="n">email</span> <span class="o">==</span> <span class="n">user_data</span><span class="p">.</span><span class="n">email</span><span class="p">).</span><span class="nf">first</span><span class="p">():</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">400</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Email already registered</span><span class="sh">"</span><span class="p">)</span> <span class="bp">...</span> </code></pre> </div> <h2> Stripe subscriptions </h2> <p>Full subscription flow: checkout session creation, success redirect, webhook handling for cancellations and failed payments.</p> <p>Protecting a route behind an active subscription is one dependency:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">app.core.security</span> <span class="kn">import</span> <span class="n">get_current_active_subscriber</span> <span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/premium-feature</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">premium</span><span class="p">(</span><span class="n">current_user</span><span class="p">:</span> <span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_active_subscriber</span><span class="p">)):</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">only for paying customers</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <p>Returns <code>402 Payment Required</code> automatically if the user has no active plan.</p> <h2> Database migrations </h2> <p>Alembic is wired up and the initial migration is included. Adding a new field to a model and generating a migration is one command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>alembic revision <span class="nt">--autogenerate</span> <span class="nt">-m</span> <span class="s2">"add new field"</span> alembic upgrade <span class="nb">head</span> </code></pre> </div> <h2> Up and running in 5 minutes </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/thask8lo/fastapi-saas-starter <span class="nb">cd </span>fastapi-saas-starter python <span class="nt">-m</span> venv venv <span class="nb">source </span>venv/bin/activate <span class="c"># Windows: venv\Scripts\activate</span> pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="nb">cp</span> .env.example .env alembic upgrade <span class="nb">head </span>uvicorn app.main:app <span class="nt">--reload</span> </code></pre> </div> <p>Open <code>http://localhost:8000/docs</code> — every endpoint is there, ready to test.</p> <h2> Get it </h2> <p>GitHub: <a href="https://github.com/thask8lo/fastapi-saas-starter" rel="noopener noreferrer">github.com/thask8lo/fastapi-saas-starter</a></p> <p>If you want the full packaged version ready to drop into a project: <a href="https://7538195787226.gumroad.com/l/cvdfl" rel="noopener noreferrer">available on Gumroad</a></p> <p>Happy to answer questions in the comments.</p> python fastapi webdev programming