This repository is prepared as a reusable Next.js template for AI SaaS products.
- Rename the app and repository.
- Replace placeholder copy, pricing, legal pages, and external links.
- Confirm that the bundled Apache-2.0 license matches your intended distribution model.
See TEMPLATE_SETUP.md for the placeholder map, branding checklist, and publish steps.
- Copy values from
.env.example. - Install dependencies with
pnpm install. - Initialize the local database with
pnpm db:push. - Start the app with
pnpm dev.
This branch uses a direct-to-storage upload flow for images:
- The browser calls a
prepareendpoint with upload metadata and file signature bytes. - The server validates the request and returns a presigned
PUTURL. - The browser uploads the file directly to R2 or S3.
- The browser calls a
completeendpoint, and the server verifies the stored object before returning the final URL.
For Cloudflare R2:
R2_ACCESS_KEYR2_SECRET_KEYR2_BUCKET_NAMER2_ENDPOINTR2_DOMAINAUTH_SECRET
For AWS S3-compatible providers:
S3_ACCESS_KEYS3_SECRET_KEYS3_BUCKETS3_ENDPOINTS3_REGIONS3_DOMAINAUTH_SECRET
AUTH_SECRETmust be set and should be at least 16 characters long. Upload tokens fail closed when the secret is missing or too short.- Public anonymous reference images upload through
/api/storage/upload-image/public. - Authenticated/private uploads use
/api/storage/upload-image. - Private and public uploads use different object-key namespaces.
- Public reference-image uploads should be treated as temporary objects.
- Configure bucket CORS for the browser origins that will upload directly.
- Allow at least:
- Methods:
PUT,GET,HEAD - Headers:
Content-Type,Content-Disposition
- Methods:
- Configure lifecycle cleanup for the temporary public prefix:
uploads/public-temp/reference-images/
- Policy and token tests:
node --import tsx --test tests/upload-policy.test.ts tests/upload-token.test.ts
- Typecheck:
rm -rf .next/dev && npx tsc --noEmit
- Lint:
pnpm lint --quiet
- Production build:
pnpm build
- Update
NEXT_PUBLIC_APP_NAME, domain, and support email. - Replace demo assets in
public/. - Review locale content under
src/config/locale/messages/. - Replace sample legal content in
content/pages/. - Review admin setting placeholders in
src/shared/services/settings.ts. - Review GitHub Actions before enabling package or image publishing.