A modern, full-stack Kanban project management system built with NestJS + Next.js 15, featuring enterprise-grade multi-tenant architecture, fine-grained permission control, and complete task management workflows.
- Multi-tenant SaaS Architecture: Support for multiple teams with complete data isolation
- Four-tier Permission System: System β Workspace β Board β Resource inheritance with RBAC
- Workspace-based Collaboration: Team management with role-based access control
- Enterprise-grade Security: JWT authentication, input sanitization, rate limiting
- Hierarchical Organization: Workspaces β Boards β Lists β Cards
- Drag & Drop Interface: Smooth card and list reordering with @dnd-kit
- Task Management: Card assignment, due dates, descriptions, and activity tracking
- Real-time Updates: Optimistic UI updates with proper state management
- Monorepo Architecture: pnpm workspace for unified code management
- Full-stack Type Safety: Shared TypeScript types between frontend and backend
- Modern Frontend: Next.js 15 with App Router, React Server Components
- Enterprise Backend: NestJS with Fastify, Prisma ORM, PostgreSQL
- Containerized Deployment: Docker support with health checks and orchestration
zenban/
βββ apps/ # Applications
β βββ api/ # Backend API (NestJS)
β β βββ src/ # Backend source code
β β βββ prisma/ # Database schema and migrations
β β βββ generated/ # Generated Prisma client
β β βββ package.json # Backend dependencies
β βββ web/ # Frontend (Next.js 15)
β βββ app/ # Next.js App Router
β βββ components/ # React components
β βββ lib/ # Utilities and API clients
β βββ package.json # Frontend dependencies
βββ packages/ # Shared packages
β βββ shared-types/ # Shared TypeScript definitions
β βββ src/
β β βββ user.ts # User types
β β βββ workspace.ts # Workspace types
β β βββ board.ts # Board types
β β βββ auth.ts # Authentication types
β β βββ index.ts # Unified exports
β βββ package.json
βββ docker-compose.yml # Production Docker setup
βββ docker-compose.dev.yml # Development Docker setup
βββ pnpm-workspace.yaml # pnpm workspace configuration
βββ package.json # Root package management
- Node.js >= 18.0.0
- pnpm >= 8.0.0 (recommended package manager)
- Docker & Docker Compose (for containerized deployment)
- PostgreSQL 14+ (or use Docker)
# Clone the repository
git clone https://github.com/your-username/zenban.git
cd zenban
# Install dependencies
pnpm install
# Set up environment variables
cp env.example .env
# Edit .env file with your configuration# Start all services (frontend + backend)
pnpm dev
# Or start individually
pnpm dev:api # Backend only: http://localhost:8080
pnpm dev:web # Frontend only: http://localhost:3000
# With Docker database
pnpm dev:full # PostgreSQL + development servers# Build all projects
pnpm build
# Build individually
pnpm build:api
pnpm build:web- Framework: NestJS 11 with Fastify adapter
- Database: PostgreSQL 16 with Prisma ORM
- Authentication: JWT with Passport.js strategy
- Security: Rate limiting, input sanitization, CORS
- Documentation: Swagger/OpenAPI 3.0
- Validation: class-validator with class-transformer
- Caching: Redis integration ready
- Framework: Next.js 15 with App Router
- Language: TypeScript 5 with strict mode
- UI Components: shadcn/ui with Radix UI primitives
- Styling: TailwindCSS v4 with CSS variables
- Forms: React Hook Form with Zod validation
- Drag & Drop: @dnd-kit for kanban functionality
- State Management: Server Components + Client Components
- Build Tool: Turbopack for development
- @zenban/shared-types: TypeScript type definitions
- Build System: TypeScript compiler
- Exports: User, Auth, Workspace, Board types and DTOs
This project uses pnpm workspaces for efficient monorepo management:
- Unified Dependency Management: Single lockfile for all packages
- Type Safety: Shared TypeScript definitions across frontend and backend
- Workspace Linking: Local packages use
workspace:*protocol - Build Orchestration: Coordinated builds with dependency resolution
- Code Reusability: Shared utilities, types, and validation logic
// Workspace dependencies
"@zenban/shared-types": "workspace:*"- JWT-based Authentication: Access tokens with configurable expiration
- Refresh Token Support: Secure token rotation mechanism
- Password Security: bcrypt hashing with salt rounds
- Role-based Access Control: Four-tier permission inheritance
- Input Sanitization: XSS prevention and SQL injection protection
- Rate Limiting: API endpoint protection against abuse
- CORS Configuration: Cross-origin request security
- Security Headers: Comprehensive HTTP security headers
System Level β Workspace Level β Board Level β Resource Level
β β β β
OWNER OWNER ADMIN FULL_ACCESS
MEMBER MEMBER MEMBER READ_WRITE
VIEWER VIEWER VIEWER READ_ONLY
# 1. Configure environment
cp env.example .env
# Edit .env with production settings
# 2. One-click deployment
pnpm deploy# Start development environment (database + hot reload)
pnpm dev:full
# Or manually
pnpm docker:dev # Start PostgreSQL database
pnpm dev # Start development serverspnpm docker:build # Build all images
pnpm docker:up # Start all services
pnpm docker:down # Stop all services
pnpm docker:logs # View service logs- User: Authentication and profile information
- Workspace: Multi-tenant organization units
- Board: Kanban boards within workspaces
- List: Columns within boards (with ordering)
- Card: Tasks within lists (with ordering and assignees)
- Member: Workspace and board membership with roles
User β WorkspaceMember β Workspace β Board β BoardMember β List β Card
- Create type definitions in
packages/shared-types/src/ - Export from
packages/shared-types/src/index.ts - Build the package:
pnpm --filter @zenban/shared-types build - Import and use in both frontend and backend
- RESTful Design: Consistent resource-based URLs
- DTO Validation: Input validation with class-validator
- Error Handling: Standardized error response format
- Pagination: Use
pageandlimitquery parameters - Sorting: Use
sortByandsortOrderparameters
- Component Architecture: Reusable shadcn/ui components
- Form Handling: React Hook Form with Zod schemas
- API Integration: Centralized client with error handling
- State Management: Server Components for data fetching
- UI Consistency: Design system with TailwindCSS
# Unit tests
pnpm test:api
# Test coverage
pnpm test:cov
# End-to-end tests
pnpm test:e2e# Component tests (when implemented)
pnpm test:web- Database Indexing: Optimized queries with Prisma
- Connection Pooling: PostgreSQL connection management
- Caching Strategy: Redis integration for frequently accessed data
- Query Optimization: N+1 query prevention with Prisma
- Server Components: Reduced client-side JavaScript
- Image Optimization: Next.js Image component
- Code Splitting: Automatic route-based splitting
- Bundle Analysis: Build optimization with Turbopack
Interactive API documentation available at:
- Development: http://localhost:8080/api-docs
- Swagger UI: Full REST API documentation
- OpenAPI 3.0: Standard API specification
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- NestJS for the amazing backend framework
- Next.js for the powerful React framework
- shadcn/ui for the beautiful UI components
- Prisma for the excellent database toolkit
- pnpm for the efficient package manager
For support and questions:
- Create an issue in the GitHub repository
- Check the documentation links provided above
- Review the existing code and configuration files
Built with β€οΈ using modern web technologies