A modern TypeScript stack with microservices architecture, combining Nuxt, Elysia, ORPC, Better Auth, and more.
- TypeScript - For type safety and improved developer experience
- Nuxt - The Intuitive Vue Framework
- TailwindCSS - Utility-first CSS for rapid UI development
- Elysia - Type safe server framework
- oRPC - End-to-end type-safe APIs with OpenAPI integration
- Bun - Runtime environment
- Drizzle - TypeScript-first ORM
- PostgreSQL - Database engine
- Authentication - Email & password authentication with Better Auth
- Better Auth Sessions - Service-to-service authentication
- Biome - Linting and formatting
- Husky - Git hooks for code quality
- Turborepo - Optimized monorepo build system
- Changesets - Versioning and publishing
This project uses a microservices architecture with three main services:
-
Web App (
apps/web/) - Port 3000- Frontend UI that consumes both servers
- Uses Better Auth client for authentication
- Uses shared API client for business logic
-
Auth Server (
apps/auth-server/) - Port 3001- Handles all authentication and authorization
- Database: Auth-specific schema (users, sessions, accounts)
- Endpoints:
/api/auth/**(login, register, session management) - Validates Better Auth sessions for API server communication
-
API Server (
apps/api-server/) - Port 3002- Handles all application logic and business data
- Database: Application-specific schema
- Endpoints:
/rpc/**(all application endpoints) - Validates Better Auth sessions from auth server
packages/api/- Shared oRPC router definitions and type-safe API procedurespackages/shared-types/- Common TypeScript interfacespackages/shared-utils/- Shared utilities (session validation, database helpers)
If you're using this as a template, you can initialize your project using the carve script. This will handle everything for you.
# Interactive project initialization
bun run carveThis will:
- Detect your project name from the directory
- Update all package names and imports
- Create a backup before making changes
- Offer package installs
- Offer docker and DB setup
- Provide clear next steps
bun install# Start the database
docker-compose up --build -dAuth Server (create apps/auth-server/.env)
AUTH_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/auth_db"
BETTER_AUTH_SECRET="your-secret"
BETTER_AUTH_URL="http://localhost:3001"
CORS_ORIGIN="http://localhost:3000"API Server (create apps/api-server/.env)
API_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/api_db"
AUTH_SERVER_URL="http://localhost:3001"
CORS_ORIGIN="http://localhost:3000"Web App (create apps/web/.env)
AUTH_SERVER_URL="http://localhost:3001"
API_SERVER_URL="http://localhost:3002"# Push auth schema
bun run db:push:auth
# Push API schema
bun run db:push:apibun dev# Terminal 1 - Auth Server
bun dev:auth-server
# Terminal 2 - API Server
bun dev:api-server
# Terminal 3 - Web App
bun dev:web- Web App: http://localhost:3000
- Auth Server: http://localhost:3001
- API Server: http://localhost:3002
# Test Web App
curl http://localhost:3000/
# Test Auth Server
curl http://localhost:3001/
# Test API Server
curl http://localhost:3002/- Open http://localhost:3000 in your browser
- Try to sign up/sign in
- Check that the web app communicates with both servers
# Start database
docker-compose up --build -d
# Stop database
docker-compose down
# Reset database (removes all data)
docker-compose down -v && docker-compose up --build -d# Push auth schema
bun run db:push:auth
# Push API schema
bun run db:push:api
# View auth database
bun run db:studio:auth
# View API database
bun run db:studio:apiThis project uses Better Auth sessions for service-to-service authentication between the auth-server and api-server.
- User Authentication: Web app authenticates with auth server using Better Auth
- Session Validation: API server validates Better Auth sessions with auth server
- API Access: Web app uses session cookies to access protected API endpoints
- Session Verification: API server verifies sessions with auth server
- No Shared Database: API server doesn't need direct access to auth database
- Session Management: Better Auth handles session lifecycle and security
- Cookie-based Security: Sessions are managed securely through HTTP cookies
- Microservices Security: Proper separation between auth and business logic
For detailed information, see ARCHITECTURE.md.
- Edit
packages/api/src/router.ts - Add your new procedures
- The API server will automatically pick them up
- The web app will have type-safe access
- Extend the auth server in
apps/auth-server/ - Update the shared types as needed
- All clients benefit from the changes
- Create new app in
apps/ - Install shared packages
- Configure environment variables
- Get type-safe access to all APIs
bun dev: Start all applications in development modebun build: Build all applicationsbun dev:web: Start only the web applicationbun dev:auth-server: Start only the auth serverbun dev:api-server: Start only the API serverbun check-types: Check TypeScript types across all appsbun db:push:auth: Push auth schema changes to databasebun db:push:api: Push API schema changes to databasebun db:studio:auth: Open auth database studio UIbun db:studio:api: Open API database studio UIbun check: Run Biome formatting and linting
- Check that PostgreSQL is running:
docker ps - Verify database URLs in environment variables
- Check database logs:
docker logs carve-2-postgres
- Check that
CORS_ORIGINis set correctly - Verify that web app URL matches CORS settings
- Check that auth server is running
- Verify that API server can reach auth server
- Check environment variables
# Check all types
bun run check-types
# Check specific service
cd apps/auth-server && bun run check-typesIf port 5432 is already in use:
# Stop existing PostgreSQL
brew services stop postgresql
# Or change the port in docker-compose.yml
ports:
- "5433:5432" # Use port 5433 instead- Separation of Concerns: Each service has a single responsibility
- Scalability: Services can be scaled independently
- Security: Auth server can be locked down separately
- Flexibility: Easy to add new services or frontends
- Type Safety: Shared packages ensure consistency
- Database Isolation: Auth and app data are separate
- Better Auth Sessions: Secure service-to-service communication
carve-2/
├── apps/
│ ├── web/ # Frontend application (Nuxt)
│ ├── auth-server/ # Authentication service (Hono + Better Auth)
│ └── api-server/ # Business logic service (Hono + ORPC)
├── packages/
│ ├── api/ # Shared API router and types
│ ├── shared-types/ # Common TypeScript interfaces
│ └── shared-utils/ # Shared utilities
├── docs/
│ ├── ARCHITECTURE.md # System architecture documentation
│ └── ARCHITECTURE.md # Architecture overview
- Add your application schema to
apps/api-server/src/db/schema/ - Add API endpoints to
packages/api/src/router.ts - Customize auth features in
apps/auth-server/ - Add more frontends as needed
- Set up production deployment for each service
- System Architecture - Detailed architecture implementation
- Architecture Overview - Microservices architecture details
This project is free to use, clone, and share for non-commercial purposes. You may not sell, modify, or use the source code for commercial projects. See LICENSE.txt for details.