21 |
31 |
32 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2023 Michael Dausmann
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/components/UserAccount/UserAccount.vue:
--------------------------------------------------------------------------------
1 |
10 |
11 |
12 |
36 |
37 |
--------------------------------------------------------------------------------
/app.vue:
--------------------------------------------------------------------------------
1 |
2 | 22 | 23 | We appreciate your business {{ customer.name }}! 24 | 25 | 26 | It appears your stripe customer information has been deleted! 27 | 28 |
29 |Go to Your
3 |
11 |
12 |
28 |
--------------------------------------------------------------------------------
/lib/services/service.types.ts:
--------------------------------------------------------------------------------
1 | import { Prisma } from '@prisma/client';
2 |
3 | export const membershipWithAccount = Prisma.validator
5 |
6 |
8 |
9 |
33 |
55 |
56 |
--------------------------------------------------------------------------------
/test/notify.store.spec.ts:
--------------------------------------------------------------------------------
1 | import { describe, test, expect, beforeEach } from 'vitest';
2 | import { setup, $fetch } from '@nuxt/test-utils';
3 | import { useNotifyStore, NotificationType } from '../stores/notify.store';
4 | import { setActivePinia, createPinia } from 'pinia';
5 |
6 | describe('Notify Store', async () => {
7 | await setup({
8 | // test context options
9 | });
10 |
11 | beforeEach(() => {
12 | // creates a fresh pinia and makes it active
13 | // so it's automatically picked up by any useStore() call
14 | // without having to pass it to it: `useStore(pinia)`
15 | setActivePinia(createPinia());
16 | });
17 |
18 | test('should add a notification', () => {
19 | const notifyStore = useNotifyStore();
20 | const message = 'Test notification';
21 | const type = NotificationType.Info;
22 |
23 | notifyStore.notify(message, type);
24 |
25 | expect(notifyStore.notifications).toHaveLength(1);
26 | expect(notifyStore.notifications[0].message).toBe(message);
27 | expect(notifyStore.notifications[0].type).toBe(type);
28 | });
29 |
30 | test('should add an Error notification', () => {
31 | const notifyStore = useNotifyStore();
32 | const error = new Error('Test error');
33 | const type = NotificationType.Error;
34 |
35 | notifyStore.notify(error, type);
36 |
37 | expect(notifyStore.notifications).toHaveLength(1);
38 | expect(notifyStore.notifications[0].message).toBe(error.message);
39 | expect(notifyStore.notifications[0].type).toBe(type);
40 | });
41 |
42 | test('should remove a notification', () => {
43 | const notifyStore = useNotifyStore();
44 | const message = 'Test notification';
45 | const type = NotificationType.Info;
46 |
47 | notifyStore.notify(message, type);
48 | const notification = notifyStore.notifications[0];
49 |
50 | notifyStore.removeNotification(notification);
51 |
52 | expect(notifyStore.notifications).toHaveLength(0);
53 | });
54 | });
55 |
--------------------------------------------------------------------------------
/server/trpc/routers/notes.router.ts:
--------------------------------------------------------------------------------
1 | import { NotesService } from '~~/lib/services/notes.service';
2 | import {
3 | accountHasSpecialFeature,
4 | adminProcedure,
5 | memberProcedure,
6 | publicProcedure,
7 | readWriteProcedure,
8 | router
9 | } from '../trpc';
10 | import { z } from 'zod';
11 |
12 | export const notesRouter = router({
13 | getForActiveAccount: memberProcedure.query(async ({ ctx, input }) => {
14 | const notes = ctx.activeAccountId
15 | ? await NotesService.getNotesForAccountId(ctx.activeAccountId)
16 | : [];
17 | return {
18 | notes
19 | };
20 | }),
21 | getById: publicProcedure
22 | .input(z.object({ note_id: z.number() }))
23 | .query(async ({ ctx, input }) => {
24 | const note = await NotesService.getNoteById(input.note_id);
25 | return {
26 | note
27 | };
28 | }),
29 | createNote: readWriteProcedure
30 | .input(z.object({ note_text: z.string() }))
31 | .mutation(async ({ ctx, input }) => {
32 | const note = ctx.activeAccountId
33 | ? await NotesService.createNote(ctx.activeAccountId, input.note_text)
34 | : null;
35 | return {
36 | note
37 | };
38 | }),
39 | deleteNote: adminProcedure
40 | .input(z.object({ note_id: z.number() }))
41 | .mutation(async ({ ctx, input }) => {
42 | const note = ctx.activeAccountId
43 | ? await NotesService.deleteNote(input.note_id)
44 | : null;
45 | return {
46 | note
47 | };
48 | }),
49 | generateAINoteFromPrompt: readWriteProcedure
50 | .use(accountHasSpecialFeature)
51 | .input(z.object({ user_prompt: z.string() }))
52 | .query(async ({ ctx, input }) => {
53 | const noteText = ctx.activeAccountId
54 | ? await NotesService.generateAINoteFromPrompt(
55 | input.user_prompt,
56 | ctx.activeAccountId
57 | )
58 | : null;
59 | return {
60 | noteText
61 | };
62 | })
63 | });
64 |
--------------------------------------------------------------------------------
/components/AppHeader.vue:
--------------------------------------------------------------------------------
1 |
4 |
5 |
6 |
53 |
54 |
--------------------------------------------------------------------------------
/components/Notifications.client.vue:
--------------------------------------------------------------------------------
1 |
21 |
22 |
34 |
54 | Forgot Pasword
35 | 53 |
23 |
49 |
50 |
--------------------------------------------------------------------------------
/lib/services/notes.service.ts:
--------------------------------------------------------------------------------
1 | import prisma_client from '~~/prisma/prisma.client';
2 | import { openai } from './openai.client';
3 | import { AccountLimitError } from './errors';
4 | import { AccountService } from './account.service';
5 |
6 | export namespace NotesService {
7 | export async function getNoteById(id: number) {
8 | return prisma_client.note.findUniqueOrThrow({ where: { id } });
9 | }
10 |
11 | export async function getNotesForAccountId(account_id: number) {
12 | return prisma_client.note.findMany({ where: { account_id } });
13 | }
14 |
15 | export async function createNote(account_id: number, note_text: string) {
16 | const account = await prisma_client.account.findFirstOrThrow({
17 | where: { id: account_id },
18 | include: { notes: true }
19 | });
20 |
21 | if (account.notes.length >= account.max_notes) {
22 | throw new AccountLimitError(
23 | 'Note Limit reached, no new notes can be added'
24 | );
25 | }
26 |
27 | return prisma_client.note.create({ data: { account_id, note_text } });
28 | }
29 |
30 | export async function updateNote(id: number, note_text: string) {
31 | return prisma_client.note.update({ where: { id }, data: { note_text } });
32 | }
33 |
34 | export async function deleteNote(id: number) {
35 | return prisma_client.note.delete({ where: { id } });
36 | }
37 |
38 | export async function generateAINoteFromPrompt(
39 | userPrompt: string,
40 | account_id: number
41 | ) {
42 | const account = await AccountService.checkAIGenCount(account_id);
43 |
44 | const prompt = `
45 | Write an interesting short note about ${userPrompt}.
46 | Restrict the note to a single paragraph.
47 | `;
48 | const completion = await openai.chat.completions.create({
49 | model: 'gpt-3.5-turbo',
50 | messages: [{ role: 'user', content: prompt }],
51 | temperature: 0.6,
52 | stop: '\n\n',
53 | max_tokens: 1000,
54 | n: 1
55 | });
56 |
57 | await AccountService.incrementAIGenCount(account);
58 |
59 | return completion.choices?.[0]?.message.content?.trim();
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/components/Modal.vue:
--------------------------------------------------------------------------------
1 |
49 |
50 |
51 |
52 |
57 |
26 |
48 |
27 |
45 | {{ notification.message }}
46 |
47 |
58 |
71 |
72 |
--------------------------------------------------------------------------------
/server/routes/create-checkout-session.post.ts:
--------------------------------------------------------------------------------
1 | import { ACCOUNT_ACCESS } from '~~/prisma/account-access-enum';
2 | import Stripe from 'stripe';
3 | import { AccountService } from '~~/lib/services/account.service';
4 | import type { AccountWithMembers } from '~~/lib/services/service.types';
5 |
6 | const config = useRuntimeConfig();
7 | const stripe = new Stripe(config.stripeSecretKey, { apiVersion: '2023-10-16' });
8 |
9 | export default defineEventHandler(async event => {
10 | const body = await readBody(event);
11 | let { price_id, account_id } = body;
12 | account_id = +account_id;
13 | console.log(
14 | `session.post.ts recieved price_id:${price_id}, account_id:${account_id}`
15 | );
16 |
17 | const account: AccountWithMembers = await AccountService.getAccountById(
18 | account_id
19 | );
20 | let customer_id: string;
21 | if (!account.stripe_customer_id) {
22 | // need to pre-emptively create a Stripe user for this account so we know who they are when the webhook comes back
23 | const owner = account.members.find(
24 | member => member.access == ACCOUNT_ACCESS.OWNER
25 | );
26 | console.log(
27 | `Creating account with name ${account.name} and email ${owner?.user.email}`
28 | );
29 | const customer = await stripe.customers.create({
30 | name: account.name,
31 | email: owner?.user.email
32 | });
33 | customer_id = customer.id;
34 | AccountService.updateAccountStipeCustomerId(account_id, customer.id);
35 | } else {
36 | customer_id = account.stripe_customer_id;
37 | }
38 |
39 | const session = await stripe.checkout.sessions.create({
40 | mode: 'subscription',
41 | line_items: [
42 | {
43 | price: price_id,
44 | quantity: 1
45 | }
46 | ],
47 | // {CHECKOUT_SESSION_ID} is a string literal; do not change it!
48 | // the actual Session ID is returned in the query parameter when your customer
49 | // is redirected to the success page.
50 | success_url: `${config.public.siteRootUrl}/success?session_id={CHECKOUT_SESSION_ID}`,
51 | cancel_url: `${config.public.siteRootUrl}/cancel`,
52 | customer: customer_id
53 | });
54 |
55 | if (session?.url) {
56 | return sendRedirect(event, session.url, 303);
57 | } else {
58 | return sendRedirect(event, `${config.public.siteRootUrl}/fail`, 303);
59 | }
60 | });
61 |
--------------------------------------------------------------------------------
/lib/services/auth.service.ts:
--------------------------------------------------------------------------------
1 | import { ACCOUNT_ACCESS } from '~~/prisma/account-access-enum';
2 | import prisma_client from '~~/prisma/prisma.client';
3 | import { fullDBUser, type FullDBUser } from './service.types';
4 | import { UtilService } from './util.service';
5 | import generator from 'generate-password-ts';
6 |
7 | const config = useRuntimeConfig();
8 |
9 | export namespace AuthService {
10 | export async function getFullUserBySupabaseId(
11 | supabase_uid: string
12 | ): Promise
59 |
70 |
61 |
62 |
69 |
63 |
64 |
65 |
66 |
67 |
68 |
30 |
66 |
67 |
--------------------------------------------------------------------------------
/plugins/cookieconsent.client.ts:
--------------------------------------------------------------------------------
1 | import 'vanilla-cookieconsent/dist/cookieconsent.css';
2 | import * as CookieConsent from 'vanilla-cookieconsent';
3 |
4 | export default defineNuxtPlugin(nuxtApp => {
5 | /**
6 | * All config. options available here:
7 | * https://cookieconsent.orestbida.com/reference/configuration-reference.html
8 | */
9 | CookieConsent.run({
10 | categories: {
11 | necessary: {
12 | enabled: true, // this category is enabled by default
13 | readOnly: true // this category cannot be disabled
14 | },
15 | analytics: {}
16 | },
17 |
18 | language: {
19 | default: 'en',
20 | translations: {
21 | en: {
22 | consentModal: {
23 | title: 'We use cookies',
24 | description: 'Cookie modal description',
25 | acceptAllBtn: 'Accept all',
26 | acceptNecessaryBtn: 'Reject all',
27 | showPreferencesBtn: 'Manage Individual preferences'
28 | },
29 | preferencesModal: {
30 | title: 'Manage cookie preferences',
31 | acceptAllBtn: 'Accept all',
32 | acceptNecessaryBtn: 'Reject all',
33 | savePreferencesBtn: 'Accept current selection',
34 | closeIconLabel: 'Close modal',
35 | sections: [
36 | {
37 | title: 'Somebody said ... cookies?',
38 | description: 'I want one!'
39 | },
40 | {
41 | title: 'Strictly Necessary cookies',
42 | description:
43 | 'These cookies are essential for the proper functioning of the website and cannot be disabled.',
44 |
45 | //this field will generate a toggle linked to the 'necessary' category
46 | linkedCategory: 'necessary'
47 | },
48 | {
49 | title: 'Performance and Analytics',
50 | description:
51 | 'These cookies collect information about how you use our website. All of the data is anonymized and cannot be used to identify you.',
52 | linkedCategory: 'analytics'
53 | },
54 | {
55 | title: 'More information',
56 | description:
57 | 'For any queries in relation to my policy on cookies and your choices, please contact us'
58 | }
59 | ]
60 | }
61 | }
62 | }
63 | }
64 | });
65 | });
66 |
--------------------------------------------------------------------------------
/pages/deletemyaccount.vue:
--------------------------------------------------------------------------------
1 |
17 |
18 |
31 |
65 | Forgot Pasword
32 | 64 |
19 |
63 |
64 |
--------------------------------------------------------------------------------
/server/middleware/authContext.ts:
--------------------------------------------------------------------------------
1 | import { defineEventHandler, parseCookies, setCookie, getCookie } from 'h3';
2 | import { serverSupabaseUser } from '#supabase/server';
3 | import { AuthService } from '~/lib/services/auth.service';
4 |
5 | import type { User } from '@supabase/supabase-js';
6 | import type { FullDBUser } from '~~/lib/services/service.types';
7 |
8 | // Explicitly type our context by 'Merging' our custom types with the H3EventContext (https://stackoverflow.com/a/76349232/95242)
9 | declare module 'h3' {
10 | interface H3EventContext {
11 | user?: User; // the Supabase User
12 | dbUser?: FullDBUser; // the corresponding Database User
13 | activeAccountId?: number; // the account ID that is active for the user
14 | }
15 | }
16 |
17 | export default defineEventHandler(async event => {
18 | if (
19 | !(event.path.startsWith('/api/trpc') || event.path.startsWith('/api/note'))
20 | ) {
21 | return; // only apply middleware to working routes
22 | }
23 |
24 | const cookies = parseCookies(event);
25 | if (cookies && cookies['sb-access-token']) {
26 | const user = await serverSupabaseUser(event);
27 | if (user) {
28 | event.context.user = user;
29 |
30 | let dbUser = await AuthService.getFullUserBySupabaseId(user.id);
31 |
32 | if (!dbUser && user) {
33 | dbUser = await AuthService.createUser(
34 | user.id,
35 | user.user_metadata.full_name
36 | ? user.user_metadata.full_name
37 | : 'no name supplied',
38 | user.email ? user.email : 'no@email.supplied'
39 | );
40 | console.log(`\n Created DB User \n ${JSON.stringify(dbUser)}\n`);
41 | }
42 |
43 | if (dbUser) {
44 | event.context.dbUser = dbUser;
45 | let activeAccountId;
46 | const preferredAccountId = getCookie(
47 | event,
48 | 'preferred-active-account-id'
49 | );
50 | if (
51 | preferredAccountId &&
52 | dbUser?.memberships.find(
53 | m => m.account_id === +preferredAccountId && !m.pending
54 | )
55 | ) {
56 | activeAccountId = +preferredAccountId;
57 | } else {
58 | const defaultActive = dbUser.memberships[0].account_id.toString();
59 | setCookie(event, 'preferred-active-account-id', defaultActive, {
60 | expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365 * 10)
61 | });
62 | activeAccountId = +defaultActive;
63 | }
64 | if (activeAccountId) {
65 | event.context.activeAccountId = activeAccountId;
66 | }
67 | }
68 | }
69 | }
70 | });
71 |
--------------------------------------------------------------------------------
/server/routes/webhook.post.ts:
--------------------------------------------------------------------------------
1 | import Stripe from 'stripe';
2 | import { AccountService } from '~~/lib/services/account.service';
3 |
4 | const config = useRuntimeConfig();
5 | const stripe = new Stripe(config.stripeSecretKey, { apiVersion: '2023-10-16' });
6 |
7 | export default defineEventHandler(async event => {
8 | const stripeSignature = getRequestHeader(event, 'stripe-signature');
9 | if (!stripeSignature) {
10 | throw createError({
11 | statusCode: 400,
12 | statusMessage: 'Webhook Error: No stripe signature in header'
13 | });
14 | }
15 |
16 | const rawBody = await readRawBody(event);
17 | if (!rawBody) {
18 | throw createError({
19 | statusCode: 400,
20 | statusMessage: 'Webhook Error: No body'
21 | });
22 | }
23 | let stripeEvent: Stripe.Event;
24 |
25 | try {
26 | stripeEvent = stripe.webhooks.constructEvent(
27 | rawBody,
28 | stripeSignature,
29 | config.stripeEndpointSecret
30 | );
31 | } catch (err) {
32 | console.log(err);
33 | throw createError({
34 | statusCode: 400,
35 | statusMessage: `Error validating Webhook Event`
36 | });
37 | }
38 |
39 | if (
40 | stripeEvent.type &&
41 | stripeEvent.type.startsWith('customer.subscription')
42 | ) {
43 | console.log(`****** Web Hook Recieved (${stripeEvent.type}) ******`);
44 |
45 | let subscription = stripeEvent.data.object as Stripe.Subscription;
46 | if (subscription.status == 'active') {
47 | const sub_item = subscription.items.data.find(
48 | item => item?.object && item?.object == 'subscription_item'
49 | );
50 |
51 | const stripe_product_id = sub_item?.plan.product?.toString(); // TODO - is the product ever a product object and in that case should I check for deleted?
52 | if (!stripe_product_id) {
53 | throw createError({
54 | statusCode: 400,
55 | statusMessage: `Error validating Webhook Event`
56 | });
57 | }
58 |
59 | let current_period_ends: Date = new Date(
60 | subscription.current_period_end * 1000
61 | );
62 | current_period_ends.setDate(
63 | current_period_ends.getDate() + config.subscriptionGraceDays
64 | );
65 |
66 | console.log(
67 | `updating stripe sub details subscription.current_period_end:${subscription.current_period_end}, subscription.id:${subscription.id}, stripe_product_id:${stripe_product_id}`
68 | );
69 | AccountService.updateStripeSubscriptionDetailsForAccount(
70 | subscription.customer.toString(),
71 | subscription.id,
72 | current_period_ends,
73 | stripe_product_id
74 | );
75 | }
76 | }
77 | return `handled ${stripeEvent.type}.`;
78 | });
79 |
--------------------------------------------------------------------------------
/prisma/schema.prisma:
--------------------------------------------------------------------------------
1 | // This is your Prisma schema file,
2 | // learn more about it in the docs: https://pris.ly/d/prisma-schema
3 |
4 | generator client {
5 | provider = "prisma-client-js"
6 | }
7 |
8 | datasource db {
9 | provider = "postgresql"
10 | url = env("DATABASE_URL")
11 | }
12 |
13 | model User {
14 | id Int @id @default(autoincrement())
15 | supabase_uid String
16 | email String
17 | display_name String?
18 |
19 | memberships Membership[]
20 |
21 | @@map("users")
22 | }
23 |
24 | enum ACCOUNT_ACCESS {
25 | READ_ONLY
26 | READ_WRITE
27 | ADMIN
28 | OWNER
29 | }
30 |
31 | model Membership {
32 | id Int @id @default(autoincrement())
33 | user_id Int
34 | account_id Int
35 | account Account @relation(fields: [account_id], references: [id])
36 | user User @relation(fields: [user_id], references: [id])
37 | access ACCOUNT_ACCESS @default(READ_ONLY)
38 | pending Boolean @default(false)
39 |
40 | @@map("membership")
41 | @@unique([user_id, account_id])
42 | }
43 |
44 | model Account {
45 | id Int @id @default(autoincrement())
46 | name String
47 | current_period_ends DateTime @default(now())
48 | features String[]
49 | plan_id Int
50 | plan Plan @relation(fields: [plan_id], references: [id])
51 | plan_name String
52 | members Membership[]
53 | notes Note[]
54 | max_notes Int @default(100)
55 | stripe_subscription_id String?
56 | stripe_customer_id String?
57 | max_members Int @default(1)
58 | join_password String @unique
59 | ai_gen_max_pm Int @default(7)
60 | ai_gen_count Int @default(0)
61 |
62 | @@map("account")
63 | }
64 |
65 | model Plan {
66 | id Int @id @default(autoincrement())
67 | name String @unique
68 | features String[]
69 | accounts Account[]
70 | max_notes Int @default(100)
71 | stripe_product_id String?
72 | max_members Int @default(1)
73 | ai_gen_max_pm Int @default(7)
74 |
75 | @@map("plan")
76 | }
77 |
78 | model Note {
79 | id Int @id @default(autoincrement())
80 | account_id Int?
81 | account Account? @relation(fields: [account_id], references: [id])
82 |
83 | note_text String
84 |
85 | @@map("note")
86 | }
87 |
--------------------------------------------------------------------------------
/test/TEST.md:
--------------------------------------------------------------------------------
1 | # Manual test for Admin Functions Scenario
2 | ## Pre-req
3 | - Site configured for free plan
4 | - Neither User1 or User2 are present in DB
5 | ## Main Flow (Happy Path)
6 | This scenario covers most of the Site Auth and Account admin functions.
7 |
8 | (User 1)
9 | - Front page - Get Started
10 | - Signup with google - should drop to dashboard
11 | - Check account page via nav
12 | - Go to pricing page via nav
13 | - Click on 'Subscribe' button under team account
14 | - Fill in Credit card details and sub in Stripe - Should come back to Dashboard page (comes to success page but no customer info??)
15 | - Add a Note or 2 in the Dashboard page - make it clear user1 has entered
16 | - Check Account view - Should be OWNER of this account, max members should be updated to 10
17 | - Update Team account Name using button
18 | - Copy Join Link
19 | - Signout
20 |
21 | (User 2)
22 | - Open Join Link - Should prompt for signup to new account name
23 | - Signup with email/password - should drop to dashboard (some fucking bullshit error with signin + no avatar link + how the fuck to deal with non confirmed emails)
24 | - Open join link again - should prompt to Join (Note, doing navigateTo and saving a returnURL seems to be difficult in Nuxt)
25 | - Click Join - should redirect to dashboard
26 | - Check 'Switch to' accounts, team account should be (pending) and not clickable
27 | - Sign out
28 |
29 | (User 1)
30 | - Front Page - Sign in - Note Signin page subtly different to signup page, no password conf and no 'if you proceed' warning
31 | - Sign in with google - Should drop to dashboard page
32 | - navigate to Account page
33 | - Look at members, should show User 2 as 'Pending' with approve/reject buttons
34 | - Click approve, should update user item in list and display 'Upgrade to read/write' and 'Delete'
35 |
36 | (User 2)
37 | - Signin -> Dashboard should now show notes but no 'Delete' or 'Add' buttons
38 |
39 | (User 1)
40 | - Signin -> Dashboard
41 | - Navigate to Account Page
42 | - Click 'Upgrade to read/write' - Should update user and now show 'Upgrade to Admin' button
43 | - sign out
44 |
45 | (User 2)
46 | - Signin -> Dashboard - should see 'Add' button now
47 | - Add a Note
48 | - Sign Out
49 |
50 | (User 1)
51 | - Signin -> Dashboard
52 | - Navigate to Account Page
53 | - Click 'Upgrade to Admin' - Should see just the 'Delete' button now
54 | - sign out
55 |
56 | (User 2)
57 | - Signin -> Dashboard - should now see 'Delete' button on notes
58 | - Click on 'Delete' for an existing Note
59 | - Go to Account Page - should now see 'Claim ownership' button next to access
60 | - Click on 'Claim Ownership' - Button should dissappear and member list should be updated - Delete button should be visible against
61 | User 1
62 | - Click 'Delete' for user 1
63 | - You are now king of the world
64 | - navigate to Notes, verify you can see/crud notes on dashboard.
65 |
66 | ## Unchecked things
67 | - Admin can approve pending membership
68 |
69 | ## Alternate Flow (Pricing First)
70 | - Front Page - Pricing
71 | - get started for free (TODO - should be button to go to signup under free plan)
--------------------------------------------------------------------------------
/test/account.store.spec.ts:
--------------------------------------------------------------------------------
1 | import { describe, expect, afterEach, beforeEach, it, vi } from 'vitest';
2 | import { useAccountStore } from '../stores/account.store';
3 | import { setActivePinia, createPinia } from 'pinia';
4 |
5 | import type { FullDBUser } from '~/lib/services/service.types';
6 |
7 | const fakeInitAccountStoreAdmin = (accountStore: any) => {
8 | const dbUser: FullDBUser = {
9 | id: 1,
10 | name: 'John Doe',
11 | memberships: [
12 | { account_id: 1, access: 'ADMIN' },
13 | { account_id: 2, access: 'READ_ONLY' }
14 | ]
15 | } as any;
16 | accountStore.dbUser = dbUser;
17 | accountStore.activeAccountId = 1;
18 | };
19 |
20 | describe('Account Store', async () => {
21 | beforeEach(() => {
22 | setActivePinia(createPinia());
23 | });
24 |
25 | it('should initialize the store', async () => {
26 | // stub the useNuxtApp function with a mock client
27 | vi.stubGlobal('useNuxtApp', () => ({
28 | $client: {
29 | auth: {
30 | getDBUser: {
31 | query: () => ({
32 | dbUser: {
33 | id: 1,
34 | name: 'John Doe',
35 | memberships: []
36 | }
37 | })
38 | }
39 | },
40 | account: {
41 | getActiveAccountId: {
42 | query: () => ({ activeAccountId: 1 })
43 | }
44 | }
45 | }
46 | }));
47 |
48 | const accountStore = useAccountStore();
49 |
50 | // method under test
51 | await accountStore.init();
52 |
53 | expect(accountStore.dbUser).toEqual({
54 | id: 1,
55 | name: 'John Doe',
56 | memberships: []
57 | });
58 |
59 | expect(accountStore.activeAccountId).toEqual(1);
60 | });
61 |
62 | it('should get active account members', async () => {
63 | // stub the useNuxtApp function with a mock client
64 | vi.stubGlobal('useNuxtApp', () => ({
65 | $client: {
66 | account: {
67 | getAccountMembers: {
68 | useQuery: () => ({
69 | data: { value: { memberships: [new Object() as any] } }
70 | })
71 | }
72 | }
73 | }
74 | }));
75 |
76 | const accountStore = useAccountStore();
77 | fakeInitAccountStoreAdmin(accountStore);
78 |
79 | // method under test
80 | await accountStore.getActiveAccountMembers();
81 |
82 | expect(accountStore.activeAccountMembers.length).toEqual(1);
83 | });
84 |
85 | it('should get an active membership', async () => {
86 | const accountStore = useAccountStore();
87 | fakeInitAccountStoreAdmin(accountStore);
88 |
89 | expect(accountStore.activeMembership).toEqual({
90 | account_id: 1,
91 | access: 'ADMIN'
92 | });
93 | });
94 |
95 | it('should signout', async () => {
96 | const accountStore = useAccountStore();
97 | fakeInitAccountStoreAdmin(accountStore);
98 |
99 | await accountStore.signout();
100 |
101 | expect(accountStore.dbUser).toBeNull();
102 | expect(accountStore.activeAccountId).toBeNull();
103 | expect(accountStore.activeAccountMembers.length).toEqual(0);
104 | });
105 | });
106 |
--------------------------------------------------------------------------------
/pages/join/[join_password].vue:
--------------------------------------------------------------------------------
1 |
30 |
31 | Account Deletion
20 |21 | We're sorry to see you go! By clicking the button below, you will initiate 22 | the account deletion process, which will result in the permanent removal 23 | of all your account information stored by SupaNuxt SaaS and associated 24 | service providers. Please be aware that this action is irreversible and 25 | all subscriptions associated with your account will be terminated. Once 26 | your account is deleted, you will lose access to all the features and 27 | benefits of SupaNuxt SaaS. 28 |
29 | 30 |Important Notes:
31 |-
32 |
- 33 | Account Deletion Process: By clicking the "Delete My 34 | Account" button below, your account and all associated data will be 35 | immediately marked for deletion. The actual removal of your information 36 | may take some time to complete, depending on the size and complexity of 37 | your account. 38 | 39 |
- 40 | Subscriptions: Please note that the termination of your 41 | account will also result in the cancellation of any active subscriptions 42 | you have with SupaNuxt SaaS. You will no longer be billed for these 43 | services, and access to premium features will be discontinued 44 | immediately. 45 | 46 |
- 47 | Data Recovery: Once your account is deleted, it will 48 | not be possible to recover any of your account information, including 49 | personal details, saved preferences, and usage history. Please ensure 50 | that you have backed up any essential data before proceeding with the 51 | account deletion process. 52 | 53 |
32 |
74 |
75 |
--------------------------------------------------------------------------------
/pages/dashboard.vue:
--------------------------------------------------------------------------------
1 |
32 |
33 |
33 |
73 | 34 | Request to Join {{ account?.name }} 35 |
36 | 37 |38 | Click below to request to Join the team. Your request to join will 39 | remain as 'Pending' untill the team administrators complete their 40 | review. 41 |
42 |43 | If your requeste is approved, you will become a member of the team and 44 | will be able to switch to the team account at any time in order to 45 | share the benefits of the team plan. 46 |
47 |
48 |
53 |
54 |
55 |
56 | 57 | Only signed in users can join a team. Please either Signup or Signin 58 | and then return to this page using the join link. 59 |
60 | 65 | 66 | 71 | 72 |
35 |
92 |
93 |
--------------------------------------------------------------------------------
/pages/privacy.vue:
--------------------------------------------------------------------------------
1 |
2 |
36 |
41 |
42 | 38 | Notes Dashboard 39 |
40 |
50 |
56 |
73 |
74 |
57 |
63 |
71 |
72 |
75 |
91 |
78 |
90 | {{ note.note_text }}
79 | 89 |
3 |
84 |
85 |
--------------------------------------------------------------------------------
/pages/signin.vue:
--------------------------------------------------------------------------------
1 |
56 |
57 | Privacy Statement
4 | 5 |6 | Your privacy is important to us. This privacy statement explains what 7 | personal data we collect from you and how we use it. By using our website, 8 | you agree to the terms of this privacy statement. 9 |
10 | 11 |Information we collect
12 | 13 |14 | We collect personal information that you voluntarily provide to us when 15 | you use our website, including your email and full name. We also collect 16 | non-personal information about your use of our website, such as your IP 17 | address, browser type, and the pages you visit. 18 |
19 | 20 |21 | In addition to the personal data that we collect directly from you, we 22 | also use a third-party authentication provider called Supabase to manage 23 | user authentication. When you use our website, Supabase may collect 24 | personal data about you, such as your email address and authentication 25 | credentials. For more information about Supabase's data practices, please 26 | refer to their privacy policy at 27 | https://supabase.com/privacy. 28 |
29 | 30 |How we use your information
31 | 32 |33 | We use your personal information to provide you with the products and 34 | services you request, to communicate with you, and to improve our website. 35 | We may also use your information for marketing purposes, but we will 36 | always give you the option to opt-out of receiving marketing 37 | communications from us. 38 |
39 | 40 |Disclosure of your information
41 | 42 |43 | We may disclose your personal information to third parties who provide 44 | services to us, such as website hosting, data analysis, and customer 45 | service. We may also disclose your information if we believe it is 46 | necessary to comply with the law or to protect our rights or the rights of 47 | others. 48 |
49 | 50 |51 | As mentioned above, we use a third-party authentication provider called 52 | Supabase to manage user authentication. Supabase may share your personal 53 | data with other third-party service providers that they use to provide 54 | their services, such as hosting and cloud storage providers. For more 55 | information about Supabase's data sharing practices, please refer to their 56 | privacy policy at 57 | https://supabase.com/privacy. 58 |
59 | 60 |Security of your information
61 | 62 |63 | We take reasonable measures to protect your personal information from 64 | unauthorized access, use, or disclosure. However, no data transmission 65 | over the internet or electronic storage is completely secure, so we cannot 66 | guarantee the absolute security of your information. 67 |
68 | 69 |Changes to this privacy statement
70 | 71 |72 | We may update this privacy statement from time to time. Any changes will 73 | be posted on this page, so please check back periodically to review the 74 | most current version of the statement. 75 |
76 | 77 |Contact us
78 | 79 |80 | If you have any questions or concerns about our privacy practices, please 81 | contact us at [insert contact information]. 82 |
83 |
58 |
105 |
106 |
--------------------------------------------------------------------------------
/pages/signup.vue:
--------------------------------------------------------------------------------
1 |
38 |
39 |
59 |
104 | Sign in
60 | 94 |or
95 | 103 |
40 |
103 |
104 |
--------------------------------------------------------------------------------
/pages/terms.vue:
--------------------------------------------------------------------------------
1 |
2 |
41 |
102 | Sign up
42 | 87 |or
88 | 96 |
97 | By proceeding, I agree to the
98 |
3 |
96 |
97 |
--------------------------------------------------------------------------------
/server/trpc/trpc.ts:
--------------------------------------------------------------------------------
1 | /**
2 | * This is your entry point to setup the root configuration for tRPC on the server.
3 | * - `initTRPC` should only be used once per app.
4 | * - We export only the functionality that we use so we can enforce which base procedures should be used
5 | *
6 | * Learn how to create protected base procedures and other things below:
7 | * @see https://trpc.io/docs/v10/router
8 | * @see https://trpc.io/docs/v10/procedures
9 | */
10 | import { initTRPC, TRPCError } from '@trpc/server';
11 | import type { Context } from './context';
12 | import { ACCOUNT_ACCESS } from '~~/prisma/account-access-enum';
13 | import superjson from 'superjson';
14 | import { AccountLimitError } from '~~/lib/services/errors';
15 |
16 | const t = initTRPC.contextTerms of Service
4 | 5 |6 | These terms of service (the "Agreement") govern your use of our website 7 | and services (collectively, the "Service"). By using the Service, you 8 | agree to be bound by the terms of this Agreement. If you do not agree to 9 | these terms, you may not use the Service. 10 |
11 | 12 |Use of the Service
13 | 14 |15 | You may use the Service only for lawful purposes and in accordance with 16 | this Agreement. You agree not to use the Service: 17 |
18 | 19 |-
20 |
- 21 | In any way that violates any applicable federal, state, local, or 22 | international law or regulation 23 | 24 |
- 25 | To impersonate or attempt to impersonate us, our employees, another 26 | user, or any other person or entity 27 | 28 |
- 29 | To engage in any other conduct that restricts or inhibits anyone's use 30 | or enjoyment of the Service, or which, as determined by us, may harm us 31 | or users of the Service or expose them to liability 32 | 33 |
Intellectual Property
36 | 37 |38 | The Service and its entire contents, features, and functionality 39 | (including but not limited to all information, software, text, displays, 40 | images, video, and audio, and the design, selection, and arrangement 41 | thereof) are owned by us, our licensors, or other providers of such 42 | material and are protected by United States and international copyright, 43 | trademark, patent, trade secret, and other intellectual property or 44 | proprietary rights laws. 45 |
46 | 47 |48 | You may not reproduce, distribute, modify, create derivative works of, 49 | publicly display, publicly perform, republish, download, store, or 50 | transmit any of the material on our website, except as follows: 51 |
52 | 53 |-
54 |
- 55 | Your computer may temporarily store copies of such materials in RAM 56 | incidental to your accessing and viewing those materials 57 | 58 |
- 59 | You may store files that are automatically cached by your Web browser 60 | for display enhancement purposes 61 | 62 |
- 63 | You may print or download one copy of a reasonable number of pages of 64 | the website for your own personal, non-commercial use and not for 65 | further reproduction, publication, or distribution 66 | 67 |
Disclaimer of Warranties
70 | 71 |72 | The Service is provided on an "as is" and "as available" basis, without 73 | any warranties of any kind, either express or implied, including but not 74 | limited to warranties of merchantability, fitness for a particular 75 | purpose, or non-infringement. We make no warranty that the Service will 76 | meet your requirements, be available on an uninterrupted, secure, or 77 | error-free basis, or be free from viruses or other harmful components. 78 |
79 | 80 |Limitation of Liability
81 | 82 |83 | In no event shall we be liable for any direct, indirect, incidental, 84 | special, or consequential damages arising out of or in any way connected 85 | with the use of the Service, whether based on contract, tort, strict 86 | liability, or any other theory of liability. 87 |
88 | 89 |Indemnification
90 | 91 |92 | You agree to defend, indemnify, and hold us harmless from and against any 93 | claims, liabilities, damages, judgments, fines, costs, and expenses. 94 |
95 |
15 |
128 |
129 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Changelog
2 |
3 | ## Version 1.4.3
4 | ### Update All Dependencies to latest
5 | - openai (3.3.0 -> 4.28.0)
6 | - superjson (1.12.2 -> 2.2.1)
7 | - node types (18.15.11 -> 20.11.19)
8 | - stripe lib (11.12.0 -> 14.17.0)
9 | - stripe api version (2022-11-15 -> 2023-10-16)
10 | - cookie consent (2.9.2 -> 3.0.0)
11 | - daisyui (2.51.5 -> 4.7.2)
12 | - vitest (0.33.0 -> 1.3.0)
13 | - other minor and patch versions
14 |
15 |
16 | ## Version 1.4.2
17 | - Added Favicons and web manifest and referenced in nuxt.config (I used https://favicon.io/favicon-converter/ to generate the icon assets, seems to work well)
18 | - Added patch folder to hold patch files, should make it easier to update repos based on earlier versions
19 | - Refactor service classes into namespaces to avoid pointless service instantiation (1_4_2-service-refactor-to-namespaces_authcontextremoved.patch or 1_4_2-service-refactor-to-namespaces.patch)
20 | - Added an Acount Deletion page - you will need to show you have one of these (along with privacy and terms pages) for several signups e.g. Facebook login
21 | - Added seoMeta - required for Facebook login
22 |
23 | ## Version 1.4.1
24 |
25 | - Refactor some components and explicitly split out client only components
26 | - Fix bug in the notifications
27 | - Update readme to indicate sister project in react/next
28 |
29 | ## Version 1.4.0
30 |
31 | - Cookie Consent
32 | `npm i vanilla-cookieconsent`
33 |
34 | ## Version 1.3.0
35 |
36 | - Add an example of usage limits (Notes AI Gen).
37 | - Includes non-destructive schema changes
38 | `npx prisma db push`
39 |
40 | ## Version 1.2.0
41 |
42 | - 'Lift' auth context into server middleware to support authenticated api (rest) endpoints for alternate clients while still supporting fully typed Trpc context.
43 |
44 | ## Version 1.1.0
45 |
46 | - Upgrade Prisma to version 5 to improve performance (https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-5)
47 |
48 | ```
49 | npm install @prisma/client@5
50 | npm install -D prisma@5
51 | npx prisma generate
52 | ```
53 |
54 | - Upgrade Nuxt to 3.7.0
55 |
56 | ```
57 | npx nuxi upgrade --force
58 | ```
59 |
60 | ## Version 1.0.0
61 |
62 | First Release version. If your package.json does not have a version attribute, this is the version you have.
63 |
64 | ## Project Creation (for interest only)
65 |
66 | This is what I did to create the project including all the extra fiddly stuff. Putting this here so I don't forget.
67 |
68 | ### Setup Nuxt
69 |
70 | I Followed instructions from here https://nuxt.com/docs/getting-started/installation
71 |
72 | ```bash
73 | # install node
74 | n lts
75 | npx nuxi init nuxt3-boilerplate
76 | code nuxt3-boilerplate/
77 | npm install
78 | npm run dev -- -o
79 | ```
80 |
81 | ### Setup Supabase
82 |
83 | To setup supabase and middleware, loosely follow instructions from https://www.youtube.com/watch?v=IcaL1RfnU44
84 | remember to update email template
85 | Supabase - new account (free tier), used github oath for supabase account
86 |
87 | ```
88 | npm install @nuxtjs/supabase
89 | ```
90 |
91 | add this to nuxt.config.ts
92 |
93 | ```
94 | modules: ['@nuxtjs/supabase']
95 | ```
96 |
97 | ### Setup Google OAuth
98 |
99 | Follow these instructions to add google oath https://supabase.com/docs/guides/auth/social-login/auth-google
100 |
101 | ### Nuxt-Supabase
102 |
103 | Then I frigged around trying to get the nuxt-supabase module to work properly for the oauth flow. It's a bit of a mess TBH. Eventually I looked at the demo https://github.com/nuxt-modules/supabase/tree/main/demo like a chump and got it working
104 |
105 | ### Integrating Prisma
106 |
107 | This felt like a difficult decision at first. the Subabase client has some pseudo sql Ormy sort of features already
108 | but Prisma has this awesome schema management support and autogeneration of a typed client works great and reduces errors.
109 | I already had a schema lying around based on this (https://blog.checklyhq.com/building-a-multi-tenant-saas-data-model/) that was nearly what I needed and it was nice to be able to re-use it.
110 |
111 | ```
112 | npm install prisma --save-dev
113 | npx prisma init
114 | ```
115 |
116 | go to Supabase -> settings -> database -> connection string -> URI.. and copy the URI into the
117 | DATABASE_URL setting created with prisma init.
118 | still in database, go to 'Database password' and reset/set it and copy the password into the [YOUR-PASSWORD] placeholder in the URI
119 |
120 | Then I manually hand coded the schema.prisma file based on something else I already had.
121 |
122 | ```
123 | npx prisma db push
124 | npm install @prisma/client --save-dev
125 | npx prisma generate
126 | ```
127 |
128 | ### Stripe Integration
129 |
130 | This was a royal pain in the butt. Got some tips from https://github.com/jurassicjs/nuxt3-fullstack-tutorial and https://www.youtube.com/watch?v=A24aKCQ-rf4&t=895s Official docs try to be helpful but succeed only in confusing things https://stripe.com/docs/billing/quickstart
131 |
132 | I set up a Stripe account with a couple of 'Products' with a single price each to represent my different plans. These price id's are embedded into the Pricing page.
133 |
134 | ### Key things I learned
135 |
136 | - You need to need to pre-emptively create a Stripe user _before_ you send them to the checkout page so that you know who they are when the webhook comes back.
137 | - There are like a Billion Fricking Webhooks you _can_ subscribe to but for an MVP, you just need the _customer.subscription_ events and you basically treat them all the same.
138 |
--------------------------------------------------------------------------------
/server/trpc/routers/account.router.ts:
--------------------------------------------------------------------------------
1 | import { TRPCError } from '@trpc/server';
2 | import { setCookie } from 'h3';
3 | import {
4 | router,
5 | adminProcedure,
6 | publicProcedure,
7 | protectedProcedure,
8 | ownerProcedure
9 | } from '../trpc';
10 | import { ACCOUNT_ACCESS } from '~~/prisma/account-access-enum';
11 | import { z } from 'zod';
12 | import { AccountService } from '~~/lib/services/account.service';
13 | import type { MembershipWithAccount } from '~~/lib/services/service.types';
14 |
15 | /*
16 | Note on proliferation of Bang syntax... adminProcedure throws if either the ctx.dbUser or the ctx.activeAccountId is not available but the compiler can't figure that out so bang quiesces the null warning
17 | */
18 | export const accountRouter = router({
19 | getDBUser: publicProcedure.query(({ ctx }) => {
20 | return {
21 | dbUser: ctx.dbUser
22 | };
23 | }),
24 | getActiveAccountId: publicProcedure.query(({ ctx }) => {
25 | return {
26 | activeAccountId: ctx.activeAccountId
27 | };
28 | }),
29 | changeActiveAccount: protectedProcedure
30 | .input(z.object({ account_id: z.number() }))
31 | .mutation(async ({ ctx, input }) => {
32 | const activeMembership = ctx.dbUser?.memberships.find(
33 | membership => membership.account_id == input.account_id
34 | );
35 | if (activeMembership?.pending) {
36 | throw new TRPCError({
37 | code: 'BAD_REQUEST',
38 | message: `membership ${activeMembership?.id} is not active so cannot be switched to`
39 | });
40 | }
41 | ctx.activeAccountId = input.account_id;
42 | setCookie(
43 | ctx.event,
44 | 'preferred-active-account-id',
45 | input.account_id.toString(),
46 | { expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365 * 10) }
47 | );
48 | }),
49 | changeAccountName: adminProcedure
50 | .input(z.object({ new_name: z.string() }))
51 | .mutation(async ({ ctx, input }) => {
52 | const account = await AccountService.changeAccountName(
53 | ctx.activeAccountId!,
54 | input.new_name
55 | );
56 | return {
57 | account
58 | };
59 | }),
60 | rotateJoinPassword: adminProcedure.mutation(async ({ ctx }) => {
61 | const account = await AccountService.rotateJoinPassword(
62 | ctx.activeAccountId!
63 | );
64 | return {
65 | account
66 | };
67 | }),
68 | getAccountByJoinPassword: publicProcedure
69 | .input(z.object({ join_password: z.string() }))
70 | .query(async ({ input }) => {
71 | const account = await AccountService.getAccountByJoinPassword(
72 | input.join_password
73 | );
74 | return {
75 | account
76 | };
77 | }),
78 | joinUserToAccountPending: publicProcedure // this uses a passed account id rather than using the active account because user is usually active on their personal or some other account when they attempt to join a new account
79 | .input(z.object({ account_id: z.number(), user_id: z.number() }))
80 | .mutation(async ({ input }) => {
81 | const membership: MembershipWithAccount =
82 | await AccountService.joinUserToAccount(
83 | input.user_id,
84 | input.account_id,
85 | true
86 | );
87 | return {
88 | membership
89 | };
90 | }),
91 | acceptPendingMembership: adminProcedure
92 | .input(z.object({ membership_id: z.number() }))
93 | .query(async ({ ctx, input }) => {
94 | const membership: MembershipWithAccount =
95 | await AccountService.acceptPendingMembership(
96 | ctx.activeAccountId!,
97 | input.membership_id
98 | );
99 | return {
100 | membership
101 | };
102 | }),
103 | rejectPendingMembership: adminProcedure
104 | .input(z.object({ membership_id: z.number() }))
105 | .query(async ({ ctx, input }) => {
106 | const membership: MembershipWithAccount =
107 | await AccountService.deleteMembership(
108 | ctx.activeAccountId!,
109 | input.membership_id
110 | );
111 | return {
112 | membership
113 | };
114 | }),
115 | deleteMembership: ownerProcedure
116 | .input(z.object({ membership_id: z.number() }))
117 | .query(async ({ ctx, input }) => {
118 | const membership: MembershipWithAccount =
119 | await AccountService.deleteMembership(
120 | ctx.activeAccountId!,
121 | input.membership_id
122 | );
123 | return {
124 | membership
125 | };
126 | }),
127 | changeUserAccessWithinAccount: adminProcedure
128 | .input(
129 | z.object({
130 | user_id: z.number(),
131 | access: z.enum([
132 | ACCOUNT_ACCESS.ADMIN,
133 | ACCOUNT_ACCESS.OWNER,
134 | ACCOUNT_ACCESS.READ_ONLY,
135 | ACCOUNT_ACCESS.READ_WRITE
136 | ])
137 | })
138 | )
139 | .mutation(async ({ ctx, input }) => {
140 | const membership = await AccountService.changeUserAccessWithinAccount(
141 | input.user_id,
142 | ctx.activeAccountId!,
143 | input.access
144 | );
145 | return {
146 | membership
147 | };
148 | }),
149 | claimOwnershipOfAccount: adminProcedure.mutation(async ({ ctx }) => {
150 | const memberships = await AccountService.claimOwnershipOfAccount(
151 | ctx.dbUser!.id,
152 | ctx.activeAccountId!
153 | );
154 | return {
155 | memberships
156 | };
157 | }),
158 | getAccountMembers: adminProcedure.query(async ({ ctx }) => {
159 | const memberships = await AccountService.getAccountMembers(
160 | ctx.activeAccountId!
161 | );
162 | return {
163 | memberships
164 | };
165 | })
166 | });
167 |
--------------------------------------------------------------------------------
/stores/account.store.ts:
--------------------------------------------------------------------------------
1 | import { ACCOUNT_ACCESS } from '~~/prisma/account-access-enum';
2 | import { defineStore } from 'pinia';
3 | import { ref, computed } from 'vue';
4 | import type {
5 | FullDBUser,
6 | MembershipWithUser
7 | } from '~~/lib/services/service.types';
8 |
9 | /*
10 | This store manages User and Account state including the ActiveAccount
11 | It is used in the Account administration page and the header due to it's account switching features.
12 |
13 | Note) Other pages don't need this state as the dbUser and activeAccount are available on the TRPC Context
14 | so that other routers can use them to filter results to the active user and account transparently.
15 |
16 | [State Map]
17 |
18 | (supabase) user -> dbUser <-- this.dbUser
19 | |
20 | |
21 | membership-----membership------membership* <-- this.dbUser.memberships (*this.activeMembership)
22 | | | |
23 | account account acccount** <--**(id=this.activeAccountId)
24 | |
25 | membership-----membership------membership <-- this.activeAccountMembers
26 | | | |
27 | account account acccount*
28 | */
29 | export const useAccountStore = defineStore('account', () => {
30 | const dbUser = ref
16 |
25 |
26 | 18 | Flexible Pricing 19 |
20 |21 | SupaNuxt SaaS is completely free and open source but you can price your 22 | own SaaS like this 23 |
24 |
27 |
28 |
127 |
30 |
42 |
43 |
44 | Free Plan
31 |Single user, 10 notes
32 |33 | $0/mo 34 |
35 | 41 |
46 |
84 |
85 |
86 | Personal Plan
47 |Single user, 100 notes
48 |49 | $15/mo 50 |
51 | 52 | 53 | 76 | 77 | 83 |
88 |
126 | Team Plan
89 |10 users, 200 notes
90 |91 | $25/mo 92 |
93 | 94 | 95 | 118 | 119 | 125 |
31 |
226 |
227 |
--------------------------------------------------------------------------------
/pages/index.vue:
--------------------------------------------------------------------------------
1 |
9 |
10 |
32 |
37 |
38 | 34 | Account Information 35 |
36 |
39 |
225 |
40 | Account Name:
41 | {{ activeMembership?.account.name }}
42 |
48 |
53 |
58 |
59 |
60 |
61 |
62 | Current Period Ends:
63 | {{
64 | formatDate(activeMembership?.account.current_period_ends)
65 | }}
66 |
67 |
68 |
69 | Permitted Features:
70 |
78 |
79 |
71 |
74 | {{ feature }}
75 |
76 |
77 |
80 | Maximum Notes:
81 | {{ activeMembership?.account.max_notes }}
82 |
83 |
84 |
85 | AI Gens for this Month/Max:
86 |
87 | {{ activeMembership?.account.ai_gen_count }} /
88 | {{ activeMembership?.account.ai_gen_max_pm }}
89 |
90 |
91 |
92 |
93 | Maximum Members:
94 | {{ activeMembership?.account.max_members }}
95 |
96 |
97 |
98 | Access Level:
99 |
101 | {{ activeMembership?.access }}
102 |
103 |
111 |
112 |
113 |
114 | Plan:
115 | {{ activeMembership?.account.plan_name }}
116 |
117 |
118 |
119 | Join Link:
120 |
138 |
139 |
121 |
126 |
136 |
137 |
140 |
224 | Members
141 |
142 |
223 |
145 | {{ accountMember.user.display_name }}
146 |
148 | {{ accountMember.access }}
149 |
150 | ({{ accountMember.user.email }})
151 |
164 |
177 |
194 |
210 |
221 |
222 |
11 |
12 |
13 |
38 |
39 |
40 |
237 |
238 |
239 |
--------------------------------------------------------------------------------
/lib/services/account.service.ts:
--------------------------------------------------------------------------------
1 | import { ACCOUNT_ACCESS } from '~~/prisma/account-access-enum';
2 | import prisma_client from '~~/prisma/prisma.client';
3 | import {
4 | accountWithMembers,
5 | type AccountWithMembers,
6 | membershipWithAccount,
7 | type MembershipWithAccount,
8 | membershipWithUser,
9 | type MembershipWithUser
10 | } from './service.types';
11 | import generator from 'generate-password-ts';
12 | import { UtilService } from './util.service';
13 | import { AccountLimitError } from './errors';
14 |
15 | const config = useRuntimeConfig();
16 |
17 | export namespace AccountService {
18 | export async function getAccountById(
19 | account_id: number
20 | ): Promise
14 |
37 |
15 |
36 |
16 | Get Started
29 |
30 | Build Your Next SaaS Faster
17 |18 | With SupaNuxt SaaS, you can easily get started building your next 19 | web application. Our pre-configured tech stack and industry 20 | leading features make it easy to get up and running in no time. 21 | Look! this guy is working so fast, his hands are just a blur.. you 22 | could be this fast. 23 |
24 |
31 | 
34 |
35 |
34 |
41 |
236 |
43 |
45 | Tech Stack
44 |
46 |
121 |
47 |
120 | -
48 |
-
49 |
50 | Nuxt 3
51 |52 | The Progressive Vue.js Framework 53 |
54 |
55 | -
56 |
57 | Supabase
58 |59 | Auth including OAuth + Postgresql instance 60 |
61 |
62 | -
63 |
66 | PostgreSQL
67 |Relational Database
68 |
69 | -
70 |
71 | Prisma
72 |73 | Schema management + Strongly typed client 74 |
75 |
76 | -
77 |
78 | TRPC
79 |80 | Server/Client communication with Strong types, SSR compatible 81 |
82 |
83 | -
84 |
85 | Pinia
86 |State Store
87 |
88 | -
89 |
90 | Stripe
91 |92 | Payments including Webhook integration 93 |
94 |
95 | -
96 |
99 | Tailwind
100 |101 | A utility-first CSS framework 102 |
103 |
104 | -
105 |
106 | Vue.js
107 |108 | The Progressive JavaScript Framework 109 |
110 |
111 | -
112 |
113 | OpenAI
114 |115 | AI Completions including Note generation from prompt 116 |
117 |
118 |
123 |
125 |
126 | Features
124 |
127 |
146 |
147 |
128 | 
132 |
133 |
132 |
134 |
145 | User Management
135 |136 | SupaNuxt SaaS includes robust user management features, including 137 | authentication with social login (oauth) or email/password, 138 | management of user roles and permissions, and multi-user/team 139 | accounts that permit multiple users to share plan features 140 | including a team administration facility and user roles within 141 | team. This is a great feature for businesses or community groups 142 | who want to share the cost of the plan. 143 |
144 |
148 |
167 |
168 |
149 | 
153 |
154 |
153 |
155 |
166 | DB Schema Management
156 |157 | We use Prisma for schema management to make sure you can easily 158 | manage and keep track of your database schema. We also utilise 159 | Prisma based strong types which, with some help from TRPC, 160 | penetrate the entire stack all the way to the web front end. This 161 | ensures that you can move fast with your feature development, 162 | alter schema and have those type changes instantly available and 163 | validated everywhere. 164 |
165 |
169 |
183 |
184 |
170 | 
174 |
175 |
174 |
176 |
182 | Config and Environment
177 |178 | SupaNuxt SaaS includes an approach to config and environment 179 | management that enables customisation and management of api keys. 180 |
181 |
185 |
202 |
203 |
186 | 
190 |
191 |
190 |
192 |
201 | State Management
193 |194 | SupaNuxt SaaS includes multi modal state management that supports 195 | both Single Page Application (SPA) pages such as dashboards and 196 | Server Side Rendered (SSR) style pages for public content that are 197 | crawlable by Search engines like google and facilitate excellent 198 | Search Engine Optimisation (SEO). 199 |
200 |
204 |
219 |
220 |
205 | 
209 |
210 |
209 |
211 |
218 | Stripe Integration
212 |213 | SupaNuxt SaaS includes Stripe integration for subscription 214 | payments including Subscription based support for multi pricing 215 | and multiple plans. 216 |
217 |
221 |
235 |
222 | 
226 |
227 |
226 |
228 |
234 | Style System
229 |230 | SupaNuxt SaaS includes Tailwind integration for site styling 231 | including a themable UI components with daisyUI 232 |
233 |
126 |
127 | ### Walkthrough
128 |
129 | [
](https://www.youtube.com/watch?v=AFfbGuJYRqI)
130 |
131 | ### Tricky Decisions
132 |
133 | _Composition over options API_ - I have decided to use composition api and setup functions accross the board including components, pages and Pinia stores. I was resistant at first, especially with the stores as I was used to Vuex but have come to the conclusion that it is easier to go one approach all over. It's also the latest and greatest and folks don't like to use a starter that starts behind the cutting edge.
134 |
135 | _Prisma over Supabase API_ - I went with Prisma for direct DB access rather than use the Supabase client. This is Primarily to avoid lock-in with Supabase too much. Supabase is great but I thought burdening my users with a future situation where it's difficult to move off it wouldn't be very cool. Also, I really like how Prisma handles schema changes and updates to the client layer and types with just two bash commands, after using other approaches, I find this super smooth.
136 |
137 | _Trpc over REST_ - Primarily for full thickness types without duplication on the client. Also I think the remote procedure call paradigm works well. Note however that I still include a [REST endpoint example](/server/api/note.ts) for flexibility. My preference for mobile is Flutter and there is not a Trpc client for Flutter that i'm aware off so it was important for me to make sure REST works also.
138 |
139 | ## Externals Setup
140 |
141 | Things you gotta do that aren't code (and are therefore not very interesting)
142 |
143 | ### Env
144 |
145 | Copy the [.env_example](/.env_example) file to create [.env](/.env)
146 | Note) This file is for development convenience, is .gitignored by default and should _not_ be added to source control
147 |
148 | ### Supabase
149 |
150 | This solution uses Supabase for Auth and to provide a DB. In addition to Magic Link and email/password login via Supabase, it also supports Google OAuth via Supabase.
151 |
152 | 1. Go to [Supabase](https://supabase.com/) and 'Start your Project'
153 | 2. Setup your org and project (Free tier is fine to start)
154 | 3. Update the project's email template (Supabase -> Authentication -> Email Templates) Note that the default Supabase email templates are very generic and for some reason, this can lead to your emails being sent to spam folders. for e.g. to get my password reset emails to my inbox, I needed to change the subject to "Password Reset for ..." and the email body text.
155 | 4. Choose an OAuth provider. I have chosen Google using these [Instructions](https://supabase.com/docs/guides/auth/social-login/auth-google) for the purposes of demonstration but they all should work.
156 | 5. Go to Project Settings -> API and copy Project URL and Project API Key to SUPABASE_URL and SUPABASE_KEY settings respectively in your [.env](/.env) file
157 | 6. Go to Project Settings -> Database -> Connection String -> URI and copy the uri value into the DATABASE_URL setting in your [.env](/.env) file, remembering to replace `[YOUR-PASSWORD]` with the password you provided when you setup the project.
158 |
159 | ### Stripe
160 |
161 | This solution uses Stripe for Subscription payments.
162 |
163 | 1. Go to [Stripe](https://stripe.com) and setup your business (Free Tier is fine to start)
164 | 2. Create 2 products ('Team Plan' and 'Individual Plan') each with a single price and note the Product ID's and Price ID's
165 | 3. Edit the [seed.ts](/prisma/seed.ts) file and replace the stripe_product_id values with the Product ID's from 2)
166 |
167 | ```typescript
168 | create: {
169 | name: 'Team Plan',
170 | .....
171 | stripe_product_id: '[Your Product ID from Stripe]'
172 | },
173 | ```
174 |
175 | 4. Edit the Pricing [pricing](/pages/pricing.vue) page and put your Price ID's from 2) into the appropriate hidden `price_id` form fields...
176 |
177 | ```html
178 |
179 | ```
180 |
181 | 5. go to the [API Keys](https://dashboard.stripe.com/test/apikeys) page find 'Secret Key' -> reveal test key. click to copy and then replace the STRIPE_SECRET_KEY value in your .env
182 |
183 | 6. install the stripe cli used to forward webhooks (macos)
184 |
185 | ```
186 | brew install stripe/stripe-cli/stripe
187 | ```
188 |
189 | 7. log the CLI into your stripe account.
190 |
191 | ```
192 | stripe login -i
193 | ```
194 |
195 | provide the api key found in step 5) above
196 |
197 | ### Setup Database (Prisma)
198 |
199 | This solution uses Prisma to both manage changes and connect to the Postgresql database provided by Supabase. Your Supabase DB will be empty by default so you need to hydrate the schema and re-generate the local prisma client.
200 |
201 | ```
202 | npx prisma db push
203 | npx prisma generate
204 | npm install @prisma/client --save-dev
205 | npx prisma db seed
206 | ```
207 |
208 | ...you should now have a a Plan table with 3 rows and a bunch of empty tables in your Supabase DB
209 |
210 | ## Developement Setup
211 |
212 | ### Dependencies
213 |
214 | ```bash
215 | # yarn
216 | yarn install
217 |
218 | # npm
219 | npm install
220 |
221 | # pnpm
222 | pnpm install --shamefully-hoist
223 | ```
224 |
225 | ### Webhook Forwarding
226 |
227 | This makes sure that you can debug subscription workflows locally
228 |
229 | ```bash
230 | stripe listen --forward-to localhost:3000/webhook
231 | ```
232 |
233 | If you haven't already done so look at the stripe cli output for this text
234 |
235 | ```
236 | Your webhook signing secret is whsec_xxxxxxxxxxxxx (^C to quit)
237 | ```
238 |
239 | take ths signing secret and update the STRIPE_ENDPOINT_SECRET value in .env
240 |
241 | ### Start the Server
242 |
243 | Start the development server on http://localhost:3000
244 |
245 | ```bash
246 | npm run dev
247 | ```
248 |
249 | ### Running the Tests
250 |
251 | There are a few unit tests, just for the stores because I needed to refactor. Feel free to extend the tests for your use cases, or not, it's your SaaS, not mine.
252 |
253 | ```bash
254 | npm run test
255 | ```
256 |
257 | ## Production
258 |
259 | Build the application for production:
260 |
261 | ```bash
262 | npm run build
263 | ```
264 |
265 | Locally preview production build:
266 |
267 | ```bash
268 | npm run preview
269 | ```
270 |
271 | Check out the [deployment documentation](https://nuxt.com/docs/getting-started/deployment) for more information.
272 |
273 | ### Going Live on Netlify
274 |
275 | Where you host your SAAS is 100% your problem however :-
276 |
277 | - A quick look at the vue.js discord indicates that netlify has the most mentions (2020) out of all the hosting providers beating out Firebase (1592), Vercel (973) and AWS (740)
278 | - I was able to get my app up and running with ridiculously little effort
279 |
280 | Steps (Assumes your repo is in github)
281 |
282 | 1. Go to [Netlify](https://www.netlify.com/)
283 | 2. Log in with your github account (it's easier) and create an account (Free Tier is fine for now)
284 | 3. Add a New Site -> Import from Existing Proect
285 | 4. Choose your repo (You might need to Configure the Netlify app on GitHub) - Netlify auto-detects a nuxt app pretty good and the defaults it chooses seem to be fine.
286 | 5. Setup environment variables per the .env_example file (SUPABASE_URL, SUPABASE_KEY....etc)
287 | 6. Optionally change site name (e.g. mycoolsaas) or apply a domain name
288 |
289 | 7. Go to [Supabase](https://app.supabase.com/)
290 | 8. Choose your project
291 | 9. Go to URL Authentication -> URL Configuration -> Site URL
292 | 10. enter your new netlify URL e.g. https://mycoolsaas.netlify.app/ and click 'save'
293 | 11. Add the following additional redirect URLs for local development and deployment previews:
294 |
295 | - http://localhost:3000/\*\*
296 | - https://**--mycoolsaas.netlify.app/** (or https://mycustomdomain.com/**)
297 |
298 | 12. If you haven't already done so, edit your Supabase Email templates as the generic ones tend to get blocked by GMail.
299 |
300 | ### Netlify deployments and environment variables
301 |
302 | Netlify is a bit rubbish at updating environment variables so you may need to manually re-deploy your site in certain situations e.g.
303 |
304 | - If on initial load of the site you get a message along the lines of 'SUPABASE_URL is required'.. but you have set that environment variable correctly... try a manual deployment.
305 | - Changing the default domain e.g. setting to a custom domain - If you notice you are redirected to the wrong version of the site after signup to a stripe subscription, this means the URL env variable has not been reset by Netlify. a manual deployment may fix it.
306 |
307 | To manually redeploy to to your Netlify dashboard and navigate to Deploys -> Trigger Deploy -> Deploy site
308 |
--------------------------------------------------------------------------------
/patches/1_4_2-service-refactor-to-namespaces_authcontextremoved.patch:
--------------------------------------------------------------------------------
1 | From 32ac5e68868d66c04cc7918d18e2988b66214519 Mon Sep 17 00:00:00 2001
2 | From: Michael Dausmann