Back to projects

NodeStack

2025

Production-ready, tenant-aware microservices platform with event-driven architecture.

NodeStack

Microservices Architecture

Overview

NodeStack is a complete microservices platform that provides authentication, user management, tenant management, audit logging, and notifications out of the box. It is designed to be single-tenant by default but can scale to multi-tenant SaaS applications.

Built as a Turborepo monorepo with pnpm for efficient package management. Uses Fastify for high-performance, typed endpoints, Prisma ORM with PostgreSQL, Redis for caching, and NATS for event-driven communication between services.

Architecture

Client to API Gateway (:3000) to Services to Event Bus to Workers

API Gateway (Port 3000)

Single entry point with authentication, routing, rate limiting, and auto-generated Swagger documentation at /documentation. Acts as the main router for all services.

Auth Service (Port 4001)

JWT-based authentication with access and refresh tokens. Handles user registration, login, token refresh, and session management. All protected routes require valid JWT.

User Service (Port 4002)

User profile management with roles and permissions. Implements RBAC (Role-Based Access Control) with granular permission system for fine-grained access management.

Tenant Service (Port 4003)

Multi-tenant management with tenant isolation. Handles tenant creation, settings, user assignments, and ensures all data is properly scoped to tenants.

Audit Service (Port 4004)

Compliance logging and activity tracking. Logs all API requests with correlation IDs for distributed tracing. Provides audit trails for compliance requirements.

Notification Worker

Background notification processor via NATS event bus. Supports email via Resend API and SMS via Twilio. Event-driven delivery with retry logic and dead letter queues.

Project Structure

nodestack/
├── apps/
│   ├── api-gateway/        # Port 3000
│   ├── auth-service/       # Port 4001
│   ├── user-service/       # Port 4002
│   ├── tenant-service/     # Port 4003
│   ├── audit-service/      # Port 4004
│   └── notification-worker/ # Background worker
├── packages/
│   ├── core/              # Shared utilities
│   └── database/          # Prisma schema
└── docker-compose.yml     # Infrastructure

Security Features

  • -
    JWT Authentication

    Access and refresh tokens with configurable expiration

  • -
    Role-Based Access Control

    Granular permissions for users with role hierarchy

  • -
    Tenant Isolation

    Multi-tenant mode with data isolation at database level

  • -
    Rate Limiting

    Configurable rate limits per endpoint and user

  • -
    Request Validation

    Type-safe request validation with Zod schemas

  • -
    Audit Logging

    Complete request logs with correlation IDs for tracing

Infrastructure

PostgreSQL
Primary Database
Redis
Caching Layer
NATS
Event Bus

Tech Stack

Node.jsTypeScriptFastifyPostgreSQLPrisma ORMRedisNATSTurborepopnpmDockerResendTwilio
View Source