saas_template
Cloudflare-first SaaS starter. Next.js 16 + D1 + Better Auth + Stripe. Opinionated, SEO-first, swappable.
Quick start
git clone https://github.com/omar16100/saas_template.git my-saas
cd my-saas
pnpm install
cp .env.example .env.local
# fill BETTER_AUTH_SECRET: openssl rand -base64 32
pnpm devWhat's inside
Auth
Better Auth — email/password, Google OAuth, magic links, passkeys, 2FA.
Billing
Stripe hosted Checkout + Portal, webhook with D1 idempotency, Stripe Tax.
Resend outbound + react-email templates. CF Email Routing inbound.
DB
D1 + Drizzle with a repository layer — swap to Postgres/Turso without touching domain code.
SEO
SSG marketing, dynamic sitemap, JSON-LD, IndexNow, llms.txt, Lighthouse CI.
Security
Route-scoped CSP, HSTS, Turnstile, D1 rate limiter, account delete + export.
Analytics
Consent-gated GA4 + PostHog + CF Web Analytics. Web vitals → PostHog.
Ops
Structured logs → Axiom via Logpush. CI + deploy (preview per PR, prod on main).
Why
- One platform — compute, DB, files, cache, queues, email routing all on Cloudflare.
- Stripe hosted Checkout keeps PCI scope at zero and CSP simple.
- D1 with a repo boundary is cheap today, swappable later.
- Flat app — no monorepo tax until you genuinely need one.
- Better Auth without custom CSRF — one layer, not two that fight each other.
- SSG for SEO pages always — crawlers see instant HTML, cache misses never hit origin.
Deployment
pnpm deploy:preview # wrangler deploy --env preview
pnpm deploy # wrangler deploy --env productionGitHub Actions runs this for you: preview on every PR, production on merge to main. See docs/setup.md for the full post-deploy checklist (DNS, Stripe webhooks, Resend DKIM, Turnstile, GSC/Bing verification).