Nexus - Admin Dashboard Template (Next.js)
Invite-only admin dashboard template built on Next.js 16, PostgreSQL, Drizzle, RBAC, audit logging, data-table operations, CSV import/export, security controls, and the Template Empire Gate 17 compliance scaffold.
Quick Start
Prerequisites: Node.js 22.13+, pnpm 10+, PostgreSQL 15+.
- Copy
.env.exampleto.env:powershell# PowerShell Copy-Item .env.example .env -Force # macOS/Linux cp -f .env.example .env - Start Postgres:
bash
docker compose -f docker-compose.demo.yml up -d - Install dependencies:
bash
pnpm install - Apply migrations and seed demo data:
bash
pnpm db:migrate pnpm db:seed:demo - Start the app:
bash
pnpm dev - Open
http://localhost:3000.
Demo Credentials
- Admin:
admin@example.com/Password123!! - Demo user:
demo@example.com/Password123!!
For public demo deployments, set SEED_PASSWORD before seeding.
What Ships
- Invite-only email/password auth with password reset, session refresh, account lockout, failed-login audit events, and admin force-logout controls.
- User and role management with invitations, status changes, predefined Admin/Editor/Viewer roles, and permission-matrix data.
- Operational data-table surfaces with search, filtering, bulk actions, CSV import preview/validation, and CSV export.
- Audit-log viewer with filters, entity metadata, export support, and per-user login activity.
- Security console with active sessions, password policy copy, and account activity.
- System settings editor backed by a typed key/value store.
- API keys, user webhooks, notifications, analytics, uploads, and dashboard metrics.
- UK/EU/US compliance scaffold: legal pages, cookie consent with reject-all
parity, server-side GPC honour, DSAR export, account deletion with 30-day
soft-delete, audit log table, and
COMPLIANCE.md.
TL02 is an invite-only admin template. It does not ship anonymous account creation, social sign-in, public one-click email sign-in, public offer pages, checkout, or payment webhook handling.
Tech Stack
- Framework: Next.js 16 App Router
- Database: PostgreSQL via Drizzle ORM
- Auth: JWT access tokens + httpOnly refresh cookies
- Validation: Zod at API boundaries
- Styling: Tailwind CSS v4 + shadcn/ui primitives
- Theme: Nexus design tokens
- Testing: Vitest + Playwright
Project Structure
text
src/
app/
(auth)/ - Login, forgot-password, reset-password, accept-invite
(dashboard)/ - Admin dashboard, users, roles, data, security, system, audit
(marketing)/ - Legal pages and template showcase routes
api/ - Auth, admin, account, consent, analytics, webhooks, uploads
page.tsx - Template showcase page with demo credentials
components/
dashboard/ - Dashboard-specific UI
forms/ - Auth and admin forms
landing/ - Showcase/header/footer components
layout/ - Admin shell, sidebar, topbar, theme provider
ui/ - shadcn/ui primitives
lib/
compliance/ - DSAR + consent helpers
db/ - Drizzle schema, migrations, seed scripts
email/ - Transactional email templates
site-config.ts - Buyer-facing branding and compliance config
services/ - Business logic layer
validators/ - Zod schemas
Environment Variables
See .env.example for every variable the app reads.
Production deployments must set:
DATABASE_URLor the splitPOSTGRES_*values.JWT_SECRETwith at least 32 characters.NEXT_PUBLIC_APP_URLwith the public origin.- SMTP variables if transactional emails should send instead of logging in dev.
WEBHOOK_ENCRYPTION_KEYto rotate webhook secret encryption independently from JWT signing keys.
Verification
bash
pnpm typecheck
pnpm lint
pnpm build
pnpm audit:prod
Documentation
INSTALLATION.md- local setup and troubleshootingDEPLOYMENT.md- production deployment and maintenanceCUSTOMIZATION.md- branding, legal copy, theme, and demo dataCOMPLIANCE.md- Gate 17 compliance scaffoldLICENCE.md- commercial licence terms
Version
- Version: 1.23.3
- Edition: Nexus
- Stack: Next.js