Back to portfolio
SaaS Analytics Platform2026

Pulse SaaS

Multi-tenant analytics SaaS with Google OAuth, YouTube + GA4 insights, automated reporting, and an operations-ready backend.

Next.jsNestJSSaaSAnalyticsRBAC

Project screenshots

1 / 12

Pulse SaaS screenshot 1

Architecture

Core

Domain-based backend modules, shared contracts, and a clear runtime separation between frontend, API, data layer, and external providers.

Architecture diagram

Rendering architecture diagram...

Monorepo

  • apps/frontend: marketing + SaaS dashboard
  • apps/backend: modular NestJS API
  • packages/shared: shared business types and tRPC contract surface

Runtime flow

  • Browser -> Next.js frontend
  • Frontend -> NestJS API via JWT httpOnly cookie
  • Backend -> PostgreSQL through Prisma
  • Backend -> Google APIs (OAuth, YouTube, GA4)
  • Backend -> queue/cache services and PDF generation pipeline

Problem

Product and growth signals were fragmented across tools, while access control and reporting workflows were not centralized for teams.

Solution

Built a full-stack monorepo (Next.js + NestJS) with workspace RBAC, unified analytics views, correlation insights, report scheduling, and a guarded API architecture.

Result

Pulse provides one operational cockpit for analytics, reporting, and workspace collaboration, with a solid foundation for production hardening.

Engineering snapshot

Next.js (App Router)ReactTypeScriptTailwind CSSFramer MotionNestJSPrismaPostgreSQLJWT + Google OAuth2Turborepo + pnpm workspaces

V1 scope delivered

  • Google OAuth login and callback with remember-me behavior
  • Workspace lifecycle: create, rename, switch active workspace
  • Role-based invitations and member management
  • Analytics modules: overview, YouTube, GA4, correlations
  • Automatic lag/correlation insight generation
  • Report generation, scheduling, retries, and history
  • Puppeteer PDF generation with fallback strategy

Key highlights

  • Google OAuth + JWT cookie auth flow
  • Multi-tenant workspace RBAC (OWNER / EDITOR / VIEWER)
  • Real YouTube + GA4 data endpoints
  • Weekly/monthly report scheduling with retry flows
  • Ops endpoints and audit-ready structure

Security & quality

  • Helmet + CSP baseline and route-level rate limiting
  • httpOnly cookies with secure production setup
  • Encrypted Google tokens (AES-256-GCM) with rotation support
  • DTO validation and standardized API success/error envelopes
  • Unit tests on core services and CI quality gates (lint, typecheck, tests, build, Lighthouse)

Current limits

  • Cache and queue currently in-memory (distributed infra planned)
  • Email delivery still stubbed
  • Frontend/e2e test coverage remains a next step