Overview
Project started: 2026
Multi-tenant CMS microservice built with NestJS, Prisma, and PostgreSQL. Manages articles, comments, and users with full tenant isolation, automatic moderation via banned word lists and report thresholds, and async webhook delivery using the outbox pattern with exactly-once semantics.
Features
Every tenant is fully isolated via tenantId fields across all models. Every query is always scoped to the tenant, guaranteeing data security and separation.
ModerationPolicy centralises all moderation logic: per-tenant banned word scanning, automatic shadow banning, and content status transitions enforced by a finite state machine.
Polymorphic report system for articles, comments, and users. When the configured threshold is exceeded, reports automatically trigger content moderation.
Webhook events are persisted as database records and delivered asynchronously with exactly-once semantics, tracking attempts, retry delays, and HMAC signatures for client-side validation.
TenantMiddleware extracts and verifies the x-api-key header (SHA-256 hash) on every request, with exceptions only for public endpoints such as GET /health.
Articles and comments flow through defined statuses (DRAFT, PUBLISHED, UNDER_REVIEW, HIDDEN, BANNED) with transitions validated by a centralised state machine.
Similar projects
