A modular NestJS + TypeScript starter for building AI-powered SaaS REST APIs. This project demonstrates:
- API key based auth and lightweight user/account model
- Image generation endpoints integrating with external AI APIs (e.g., OpenAI, Replicate) - Soon custom fine-tuned model
- Prisma ORM for schema, migrations, and queries
- Clean module separation and DI-friendly services
- πΌοΈ Image generation endpoints integrating with external AI APIs (e.g., OpenAI, Replicate) - Soon custom fine-tuned model
- π API key authentication and usage tracking
- ποΈ Prisma ORM for schema, migrations, and queries
- 𧩠Clean module separation: controllers, services, DTOs, guards
- π§ͺ Unit + e2e tests with Jest and supertest
- β‘ Ready for local dev and production deployment
- Realistic, extendable baseline for SaaS APIs that need per-client API keys and usage tracking
- Pattern examples: feature modules, DTOs, guards, providers, and Prisma integration
- Practical image-generation flow (upload/init image, prompt, return asset URL)
- Quickstart
- Environment
- Endpoints
- Project structure
- Prisma schema & DB
- Testing
- Common issues & troubleshooting
- Contributing / License
-
Install deps: pnpm install
-
Add environment variables (.env)
- REPLICATE_API_TOKEN=...
- DATABASE_URL="file:./dev.db" (or your PostgreSQL URL)
- PORT=3000
- APP_API_KEY_SECRET=your-signing-secret (See "Environment" section below for full list.)
-
Run prisma migrations (dev) pnpm prisma migrate dev --name init
-
Start dev server pnpm run start:dev
-
Run tests pnpm run test pnpm run test:e2e
- PORT (optional) β server port
- DATABASE_URL β Prisma connection string
- REPLICATE_API_TOKEN β token for image-generation provider
- APP_API_KEY_SECRET β secret for generating API keys / HMAC
- Optional third-party keys (OpenAI, Cloud storage, etc.)
-
POST /api/images/generate πΌοΈ
- Request: { prompt: string, base64_img?: string }
- Response: { url: string }
- Protected by API key guard (Header: x-api-key)
-
POST /api/api-keys π
- Create/manage API keys for clients (admin-only)
-
Auth/usage endpoints
- Basic examples in src/auth and src/api-key modules
Project structure (recommended, simplified)
- src/
- main.ts β bootstrap
- app.module.ts β root module aggregation
- app.controller.ts / app.service.ts β example
- api-key/
- api-key.module.ts
- api-key.controller.ts
- api-key.service.ts
- dto/
- auth/
- auth.module.ts
- guards/ (ApiKeyGuard, RolesGuard)
- strategies/
- db/
- prisma.service.ts β Prisma client provider
- migrations/
- image-generation/
- image-generation.module.ts
- image-generation.controller.ts
- image-generation.service.ts
- dto/
- utils/
- logger, helpers, validators
- prisma/
- schema.prisma
- migrations/
- test/
- app.e2e-spec.ts
- package.json, pnpm-lock.yaml
- .env.example
- README.md
Prisma & Data Model (overview)
- prisma/schema.prisma includes models like:
- User (optional)
- Account / Organization (optional)
- ApiKey { id, keyHash, name, enabled, createdAt, lastUsedAt, ownerId }
- Usage / Audit records for tracking request counts
Testing
- Unit tests with Jest (src/**/*.spec.ts)
- e2e tests in test/ using supertest against a test instance
- Coverage: pnpm run test:cov
Common issues & troubleshooting
- "Property 'url' does not exist on type 'object'": some provider SDKs return unknown-shaped objects β see image generation service guard code (src/image-generation/image-generation.service.ts) that safely narrows the response before reading .url
- Verify REPLICATE_API_TOKEN and provider responses by logging the raw output during development
- If Prisma errors occur, run prisma generate and migrate dev