A complete boilerplate for modern web applications focused on security, with cookie-based authentication and GDPR compliance.
- Overview
- Key Features
- Technology Stack
- Database Architecture
- Quick Start
- Documentation
- Contributing
- License
Pandom Stack is a comprehensive, security-first application boilerplate that provides a complete foundation for building modern web applications. It features advanced security measures, cookie-based authentication, and GDPR compliance out of the box.
- Cookie-based Authentication with httpOnly cookies for XSS protection
- JWT tokens managed securely on server-side
- Role-based authorization (RBAC) with admin and user roles
- Complete audit logging for compliance and security monitoring
- Configured security headers (HSTS, CSP, X-Frame-Options)
- Rate limiting and DDoS protection
- Integrated GDPR compliance with data protection
- CSRF protection with secure cookies
- Session management with automatic cleanup
- NestJS 11+ backend with TypeScript
- Angular 19+ frontend with PWA capabilities
- PostgreSQL 17+ database with TypeORM
- Complete Docker containerization
- Well-documented REST APIs
- Microservices ready
- App-like experience with responsive design
- Theme switching (light/dark mode)
- Internationalization (English/Italian)
- Web App Manifest for install prompts
- PWA-ready structure for future service worker implementation
- Automatic health checks for all services
- Real-time metrics collection and analysis
- Structured logging with correlation IDs
- Performance monitoring and alerting
- Audit trail for security compliance
- Framework: NestJS 11+ with TypeScript
- Database: PostgreSQL 17+ with TypeORM
- Authentication: JWT with httpOnly cookies
- Storage: MinIO for S3-compatible file storage
- Containerization: Docker & Docker Compose
- Security: bcrypt, passport.js, rate limiting
- Framework: Angular 19+ with TypeScript
- PWA: Progressive Web App ready structure
- UI Framework: PrimeNG 19+ with PrimeFlex
- Internationalization: ngx-translate (English/Italian)
- Theme: Light/Dark mode with system preference detection
- Authentication: Cookie-based with automatic refresh
- PostgreSQL 17: Primary relational database
- MinIO: S3-compatible object storage
- TypeORM: Database migrations and seeding
- Connection pooling: Optimized database connections
- Security Headers: Via interceptors (HSTS, CSP, etc.)
- Audit Logging: Complete activity tracking
- Health Checks: System monitoring endpoints
- Metrics Collection: Performance and usage analytics
- Session Management: Secure session handling
- Docker: Containerization for all services
- Docker Compose: Multi-service orchestration
- Environment-based Configuration: Flexible deployment
- Health Monitoring: Built-in health check endpoints
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DATABASE LAYER β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β βββββββββββββββ βββββββββββββββ β
β β PostgreSQL β β MinIO β β
β β Database β β Storage β β
β βββββββββββββββ βββββββββββββββ β
β β β β
β Relational Data File Storage β
β User Management Document Storage β
β Audit Logging Media Files β
β Session Data Backup Files β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
auth_users- User authentication and account managementuser_profiles- Extended user profile data with tags and metadataaudit_logs- Security and activity logging for compliancesessions- User session management with device trackingsecurity_logs- Security event tracking and monitoring
- UUID Primary Keys for secure, globally unique identifiers
- JSONB Data Types for flexible schema evolution
- PostgreSQL Arrays for efficient tag storage
- Automatic Timestamps for audit trails
- Foreign Key Constraints for data integrity
- Indexes for optimal query performance
- Enum Types for role management
- TypeORM Migrations for schema versioning
- Automated Seeding for development data
- Connection Pooling with automatic retry
- Backup Strategies for data protection
- Performance Monitoring and optimization
- Docker and Docker Compose
- Node.js 18+ (for development)
- Git
# Clone the repository
git clone <repository-url>
cd pandom-stack
# Setup environment
cp demo.env .env
# Configure environment variables in .env
# Start the application
docker-compose up -d
# The application will be available at:
# Frontend: http://localhost:4200
# Backend: http://localhost:3000
# MinIO Console: http://localhost:9001
# PostgreSQL: localhost:5432Key environment variables:
# Database Configuration
DATABASE_HOST=localhost
DATABASE_PORT=5432
DATABASE_NAME=pandom_db
DATABASE_USERNAME=pandom_user
DATABASE_PASSWORD=secure_password
# Frontend Configuration
FE_URL=http://localhost:4200
# JWT Configuration
JWT_SECRET=your_jwt_secret
JWT_EXPIRATION=1h
# MinIO Configuration
MINIO_ENDPOINT=localhost
MINIO_PORT=9000
MINIO_ROOT_USER=your_access_key
MINIO_ROOT_PASSWORD=your_secret_key
MINIO_BUCKET_NAME=pandom-storage- Application Overview - General overview and architecture
- Installation Guide - Complete setup step-by-step
- Environment Configuration - Environment variables and configurations
- System Architecture - System architecture overview
- Database Design - Database schema and management
- Security Overview - Security framework and features
- API Reference - Complete API documentation
- Postman Collection - Complete Postman collection
- Postman Environment - Postman environment
- Postman Setup Guide - Postman configuration guide
This project is open source and accepts contributions! Please read our contributing guidelines before submitting pull requests.
This project is released under the MIT license. See the LICENSE file for details.