Documentation

Introduction

A production-ready SaaS starter kit built with Next.js 14, TypeScript, Tailwind CSS, and MongoDB. This starter kit provides everything you need to build a modern SaaS application with authentication, billing, and user management.

Core Features

🚀 Next.js 14

  • App Router and Server Components
  • API Routes and Middleware
  • Server-side Rendering

🔒 Authentication System

  • Email/Password authentication
  • Social login support
  • JWT-based session management
  • Password reset functionality

💳 Stripe Integration

  • Subscription management
  • Multiple pricing tiers
  • Usage-based billing
  • Webhook integration

🎨 UI Components

  • Responsive navigation
  • Dashboard layout
  • Form components
  • Toast notifications

Getting Started

Prerequisites

  • Node.js 18+ installed
  • MongoDB database (local or Atlas)
  • Stripe account for payments
  • Resend account for email services

Installation

git clone https://github.com/ahlgren1234/saas-starter.git
cd saas-starter
npm install

Environment Setup

Create a .env.local file in the root directory with the following variables:

# App
NEXT_PUBLIC_APP_URL=http://localhost:3000

# MongoDB
MONGODB_URI=your_mongodb_connection_string

# Authentication
JWT_SECRET=your_jwt_secret_key

# Email (Resend)
RESEND_API_KEY=your_resend_api_key
EMAIL_FROM=your_verified_email_address

# Stripe
STRIPE_SECRET_KEY=your_stripe_secret_key
STRIPE_WEBHOOK_SECRET=your_stripe_webhook_secret
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=your_stripe_publishable_key

Database Setup

Local Development

1. Install MongoDB locally

2. Start MongoDB service

3. Use the following connection string:

mongodb://localhost:27017/your_database_name

Production (MongoDB Atlas)

1. Create a MongoDB Atlas account

2. Create a new cluster

3. Get your connection string

4. Add IP whitelist for your servers

5. Update your .env.local file with the connection string

Security Features

Authentication Security

  • Secure password hashing
  • JWT token management
  • Rate limiting on auth endpoints
  • Session management

API Security

  • CSRF protection
  • Rate limiting
  • Input validation
  • Secure headers