How We Built a 15-Module SaaS Platform with Next.js 16

The deciding factors were Server Components (massive performance wins), Server Actions (eliminated 90% of API routes), and the ecosystem (Shadcn/UI, Prisma, NextAuth alternatives).

Decision 2: Database Architecture

With 60+ Prisma models, database design was critical:

// Key patterns we established early:

// 1. CUID for all IDs
model User {
  id        String   @id @default(cuid())
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt
  deletedAt DateTime? // Soft delete
}

// 2. Configuration from database, not .env
model SiteConfig {
  id       String  @id @default(cuid())
  key      String  @unique
  value    String
  isSecret Boolean @default(false) // Encrypted values
}

// 3. Polymorphic relationships for notifications
model Notification {
  id         String @id @default(cuid())
  userId     String
  type       String // "order", "invoice", "message"
  resourceId String // Links to order/invoice/message ID
}

We chose PostgreSQL for its reliability, JSON support, and full-text search. Learn more about database patterns in our Prisma ORM Advanced Patterns guide and PostgreSQL Performance Tuning.

Decision 3: Authentication Without NextAuth

We built custom JWT authentication using Jose and bcrypt instead of NextAuth:

// Why custom auth?
// 1. Full control over token structure
// 2. Edge-compatible (Jose works at the edge)
// 3. Role-based tokens with custom claims
// 4. No dependency lock-in

const token = await new SignJWT({
  userId: user.id,
  role: user.role, // SUPER_ADMIN | CLIENT | CUSTOMER | AFFILIATE
  email: user.email,
})
  .setProtectedHeader({ alg: "HS256" })
  .setIssuedAt()
  .setExpirationTime("7d")
  .sign(secret);

This gives us complete control over the authentication flow, which is critical for a multi-portal platform with 4 user roles.

Decision 4: Configuration System

One of our best decisions was making the database the source of truth for ALL configuration:

.env file → Only 3 variables:
  - DATABASE_URL
  - CRON_SECRET
  - JWT_SECRET

Everything else → SiteConfig table:
  - SMTP settings (encrypted)
  - PayPal credentials (encrypted)
  - Feature flags
  - Site metadata
  - SEO defaults

This means you can change any setting from the admin dashboard without redeploying. The installation wizard sets up initial config on first run.

Challenge 1: Multi-Portal Architecture

Supporting 4 different user portals was the biggest architectural challenge:

(public)           → Portfolio, blog, store (everyone)
(admin)            → Full system control (SUPER_ADMIN)
(account)          → Purchases, licenses (CUSTOMER)
(portal)           → Projects, invoices (CLIENT)
(affiliate-portal) → Referrals, commissions (AFFILIATE)

The solution: route groups for physical organization + middleware for access control. The middleware fetches state from an internal API (to avoid Edge database calls) and enforces RBAC.

Challenge 2: Real-Time Features

For the SMS Gateway and device monitoring, we needed real-time communication:

Server (Socket.IO) ←→ HK Relay Android App
       ↕
Admin Dashboard (live status updates)

The HK Relay SMS Gateway ($79) connects Android phones to the platform via Socket.IO, enabling programmatic SMS and WhatsApp messaging. The HK AIR IoT Controls ($149) uses the same infrastructure for device telemetry and remote commands.

Challenge 3: Developer Extensions

We needed time tracking that works where developers actually work:

• Chrome Extension ($19) — tracks active tabs and time per project
• VS Code Extension ($24) — tracks coding time by repo, branch, and language

Both sync with the platform dashboard via heartbeat APIs, creating a complete picture of billable hours without manual entry.

The Results

After 18 months of development:

• 60+ Prisma models covering every business scenario
• 25+ server action files for type-safe mutations
• 15+ integrated modules in one codebase
• 4 companion products (Chrome Extension, VS Code Extension, HK Relay, HK AIR)
• Zero any types — strict TypeScript throughout

Lessons Learned

1. Start with the data model — get your Prisma schema right first
2. Server Components first — add "use client" only when needed
3. Database config over .env — makes deployment and updates trivial
4. Build for roles early — RBAC is harder to add later
5. Invest in dev tools — our extensions save hours of manual tracking

Want to Build on This Foundation?

Instead of spending 18 months building from scratch, you can start with our platform:

• $299 — Single Domain license with all modules
• $799 — Extended license for up to 5 domains
• $1,499 — Agency license with unlimited domains and resell rights

Visit hardikkanajariya.in to explore the platform and start building today.

Related posts:

• Developer Portfolio & SaaS Platform Deep Dive
• Next.js 16 App Router Complete Guide
• Real Projects We've Delivered — portfolio showcase

Connect with me on LinkedIn or Sulekha.

Hardik Kanajariya — Full Stack Developer, building tools that empower developers. Explore our products →