今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#saas

找到 71 篇相关文章

AI 资讯

How to build a credit system for a Next.js AI app (Stripe + Supabase)

If you're building an AI app (image generation, transcription, an agent, anything that calls a model) you've probably realized a flat "$10/month" doesn't work. Every action costs you real money in GPU/API spend, so a single power user can torch your margins. The answer is usage credits : users buy a balance, each action spends some. Credits sound trivial. They are not. I've shipped about 10 small AI/SaaS apps, and the credit layer is where I got burned every single time. It took three patterns to fix it for good. Here they are, with copy-pasteable code for Next.js + Supabase + Stripe. Get these right and your billing won't oversell, double-charge, or strand a user's money. The three things everyone gets wrong Overdrawing. Two requests arrive at once, both read "balance = 1," both spend. Now the balance is negative and you gave away work for free. Double-granting. Stripe retries webhooks (it will ), and if you grant credits on every delivery, a $9 purchase becomes $18 of credits. Forgetting the refund. The AI job fails after you've already charged the credits. The user paid for nothing and emails you angry. Let's kill all three. Part 1. The atomic spend (overdraw becomes impossible) The mistake is doing the check in your app code: // DON'T: read-then-write has a race condition const { balance } = await getBalance ( userId ); if ( balance < cost ) throw new Error ( " insufficient " ); await setBalance ( userId , balance - cost ); // two concurrent requests both pass the check Do it in the database, in one statement, with the guard in the WHERE clause: -- balances: one row per user create table credit_balances ( user_id uuid primary key references auth . users ( id ) on delete cascade , balance integer not null default 0 check ( balance >= 0 ), updated_at timestamptz not null default now () ); -- append-only ledger = audit log + idempotency guard (see Part 2) create table credit_ledger ( id bigint generated always as identity primary key , user_id uuid not null referen

2026-06-06 原文 →
AI 资讯

Building a SaaS engine in public: shipping the billing seam, not billing

I tagged v0.9.0 of LaraFoundry this week: billing. Except the honest headline is that I shipped the billing seam , not billing. The free core now has the whole shape of a subscription system, a payment-gateway contract, a driver manager, a real access gate over subscription columns, and it cannot take a single cent. That is on purpose, and the reason is the most interesting part of the phase. LaraFoundry is a SaaS core I'm extracting in public from a live CRM, one module at a time. The deal I made with myself early on: the core is free and stays free for everything except money. Auth, multi-tenancy, RBAC, the admin console, the activity log, i18n, files: all free. The day a business wants to charge its customers , that is the paid part. So billing could not just be "another module." It had to split cleanly down a line, with the free side carrying real, useful structure and the paid side carrying the parts that actually move money. The donor habit I would not carry Here is what the original CRM did when a company "paid" for its subscription: // TODO: real payment gateway integration // TEMPORARY: every payment is successful, for testing $paymentStatus = 'success' ; That success was hardcoded. There was no Stripe, no Paddle, no gateway at all. "Paying" wrote a row into a company_payments table and flipped the subscription date forward. For a CRM I run myself, with one real user, that was fine: I never needed the real thing, so the placeholder sat there indefinitely. The moment this becomes a reusable core, that placeholder is poison. A success that is always true is worse than no gateway, because it looks like billing works. So the rule for this phase was simple: the fake gateway does not get extracted. Whatever stands in its place has to be honest about the fact that it takes no money. What the seam actually is The free core ships a PaymentGatewayInterface : subscribe, cancel, refund, status, and verify a webhook. It describes only the mechanics of moving money. It d

2026-06-04 原文 →
开发者

Database Indexing Mistakes That Kill SaaS Performance at Scale

Your API is fast. Your code is clean. Your architecture looks solid on paper. Then you hit 500,000 records and everything slows down. Queries that ran in 12ms now take 4 seconds. Your dashboards lag. Users start filing support tickets. Your on-call engineer is staring at a query plan at midnight wondering what went wrong. Nine times out of ten, the answer is indexing. Not missing indexes — wrong indexes. Indexes that exist but don't help. Indexes that actively hurt write performance without meaningfully improving reads. This is a breakdown of the most damaging database indexing mistakes in production SaaS systems — and how to fix them before they become incidents. Mistake 1: Indexing Everything "Just in Case" The most common mistake isn't under-indexing. It's over-indexing out of anxiety. New engineers especially fall into this pattern — add an index on every column that appears in a WHERE clause, just to be safe. Seems responsible. It isn't. Every index you add is a write tax. On every INSERT, UPDATE, and DELETE, PostgreSQL (or MySQL) has to update every index on that table. On a table with 8 indexes, every write touches 8 data structures. At low volume, this is invisible. At 10,000 writes per minute, it becomes your bottleneck. The fix: Audit your indexes regularly. In PostgreSQL: SELECT schemaname , tablename , indexname , idx_scan , idx_tup_read , idx_tup_fetch FROM pg_stat_user_indexes ORDER BY idx_scan ASC ; Any index with idx_scan = 0 or near zero hasn't been used since your last stats reset. That's a candidate for removal — not immediately, but after investigation. Mistake 2: Not Understanding Index Selectivity An index on a boolean column ( is_active , is_deleted ) is almost always useless. Here's why: selectivity measures how many distinct values exist relative to total rows. A boolean column has two values. If 95% of your rows have is_active = true , an index on that column tells the query planner almost nothing useful. It will often skip the index entire

2026-06-02 原文 →
AI 资讯

Why Your SaaS Integration Layer Needs AI (And What 'AI-Native' Actually Means)

Integrations kill product velocity. Every SaaS team knows this. You ship a killer feature, customers love it, then they ask: "Can it sync with Salesforce? What about HubSpot? Zendesk?" Suddenly your roadmap is hostage to building connector after connector. Each one takes 2-3 weeks. Your engineers hate it. Your customers wait. Competitors who solve this faster win deals. The standard response has been iPaaS platforms. They help, but they don't fundamentally change the game. You still need engineers to map fields, handle edge cases, and maintain brittle connections. The real breakthrough isn't just automation , it's making integrations LLM-native from the ground up . What Actually Makes an Integration Layer "AI-Native"? Let's cut through the marketing speak. Every B2B tool now claims to be "AI-powered." Most just added a ChatGPT wrapper to their UI. Real AI-native architecture means three things: 1. LLM-Ready Connectivity via MCP Servers Model Context Protocol (MCP) is Anthropic's standard for connecting LLMs to external data sources. If your integration layer doesn't support MCP servers natively, your AI features will always be bolted on, not built in. MCP servers expose your SaaS data to language models in a structured way. Instead of engineers writing custom API wrappers for every LLM interaction, you get a standardized interface. Claude, GPT-4, and future models can query your integration layer directly. Example: A customer support tool with native MCP integration lets an AI agent pull ticket history from Zendesk, check Stripe subscription status, and update Salesforce records in one conversation flow. No custom code. No brittle middleware. 2. AI-Mapped Data Migration Data migration is where most SaaS deals die. Customer says "we'll switch from ServiceNow to your ITSM if you migrate our 50,000 tickets." Your team estimates 6 weeks. Deal stalls. Traditional migration means: Manual field mapping spreadsheets Custom scripts for data transformation Downtime windows Hi

2026-06-01 原文 →
AI 资讯

I built a detention-pay calculator for truckers in a day — unglamourous niches beat another AI wrapper

Every "what should I build" thread on here is full of AI wrappers fighting over the same five SaaS founders. Meanwhile there's a guy sitting at a loading dock right now, doing arithmetic in his head, who is about to undercharge his broker by a few hundred bucks because nobody built him a 30-second tool. I built that tool. It's a free detention-pay calculator for truck drivers. This is the build log — the niche-selection, the single-file stack, and two decisions (an SVG gauge and a no-mail-service auth scheme) that were more interesting than the app deserves. I'm not a trucker. I build small free web tools for industries other may find unglamourous or not enticing enough. That honesty matters later. The problem (worth $2–6k/yr to one user) Truckers get a "free time" window at a dock — usually 2 hours. Past that, the broker owes detention pay (~$50–100/hr). Drivers leave an estimated $2,000–6,000/year of it unclaimed, mostly because the math + the paperwork is annoying enough to skip. So the spec wrote itself: In/out times + free hours + rate → dollars owed. Export a dispute-ready PDF they can email the broker. Work on a phone, no login, instant. Validating before writing a line The mistake I almost made: assume the niche is empty because I'd never heard of it. I checked. It is not empty — DockClaim ($49/mo, GPS tracking), Detention Buddy, a couple of $9.99/mo App Store apps, even a free email-gated web calculator or two. That killed my first instinct ("be the only one") but clarified the real wedge: everything is a paid app download or email-gated. The opening was a genuinely free, no-signup, instant web version that also generates the claim PDF. Not "the only detention tool" — the one with the least friction. I'll say more on why I'm careful about that claim at the end. Lesson: validate to find your angle , not just a go/no-go. "Crowded but all friction-heavy" is a fine market. The stack: one HTML file No framework. The whole app is a single self-contained .html — m

2026-05-31 原文 →
AI 资讯

Why my single Next.js app runs 4 different domains (and how the proxy.ts decides who sees what)

> TL;DR — I run four different domains off one Next.js codebase: a marketing site at pagestrike.com , an authenticated app at app.pagestrike.com, a public publishing domain at pagestrike.app, and customer-owned domains. The trick isn't deploying four apps — it's a single proxy.ts that reads the host and rewrites/redirects/passes-through per-request. This post walks through why I chose this shape, the parts I got wrong, and the cookie-domain trick that makes it all stick. Stack: Next.js 16 App Router , Supabase , Vercel , one proxy.ts file (~370 lines). This is the second post in my build-in-public series on PageStrike . Last week I wrote about the 6-CTA architecture — modeling conversion intent as a discriminated union so one launch could be a checkout, a COD form, or a calendar booking. This post is about a different primitive: modeling host as routing context so one codebase can serve four very different audiences. Why four domains, not one Most SaaS apps live at one domain — say myapp.com with /dashboard under it. That works until you grow into edge cases that don't fit: Marketing pages get spammed by your own dashboard headers. Your marketing nav says "Sign in / Pricing / Blog". Your dashboard nav says "Launches / Contacts / Settings". You either A/B them with conditional logic everywhere or you live with the noise. Public user-generated pages share your domain reputation. When a customer publishes a landing page at myapp.com/p/[slug] , every spammy LP from a free-tier user drags down myapp.com 's sender reputation, search trust, and ad-account standing. Google and Meta penalize the host, not the path. Custom domains don't route cleanly. A customer who buys acmewidgets.com and points it at your app expects their LP at acmewidgets.com/ — not myapp.com/p/acme-widgets . You need a rewrite that's transparent to the visitor, doesn't 404 on _next/static/* , and survives RSC prefetches. I split PageStrike — a free AI landing page builder — across four hosts to solve al

2026-05-30 原文 →
AI 资讯

AI Coding Tools Compared: Copilot vs Cursor vs Claude Code vs Gemini CLI

AI coding tools are no longer just autocomplete. In 2026, they are becoming coding assistants, terminal agents, code reviewers, and sometimes full workflow helpers. But the real question is: Which AI coding tool should developers actually use? Here is a short, practical comparison. Quick comparison Tool Best for Main strength Watch out for GitHub Copilot Daily coding inside IDE Fast autocomplete and GitHub workflow support Can feel limited for deep architecture work Cursor Full AI-first coding experience Great for editing across files and working inside a project You may rely on it too much without reviewing code Claude Code Terminal-based agentic coding Strong reasoning, repo understanding, and command execution Needs careful review before running changes Gemini CLI Open-source terminal AI agent Good for terminal workflows, debugging, and automation Output quality depends heavily on task clarity 1. GitHub Copilot GitHub Copilot is the safest default choice for most developers. It works well inside common IDEs and is useful for: Autocomplete Small functions Unit tests Refactoring Explaining code GitHub-based workflows GitHub also has Copilot coding agent support, which can work on assigned tasks, make code changes, and open pull requests from GitHub workflows. :contentReference[oaicite:0]{index=0} Use Copilot if: You want AI help without changing your full coding workflow. Best for: Junior to senior developers Teams already using GitHub Everyday coding productivity 2. Cursor Cursor is best when you want an AI-first editor experience. Instead of only helping with one line or one function, Cursor is useful when you want to ask questions about your whole project and make multi-file changes. Use Cursor if: You want your editor to feel like an AI coding workspace. Best for: Building features quickly Editing multiple files Understanding unfamiliar codebases Indie hackers and startup builders My honest take: Cursor is very productive, but developers should avoid blindly ac

2026-05-30 原文 →
AI 资讯

I Built a Side Project Selling Pine Script Strategies for Prop Traders

Started propfirmpinescripts.com a while back selling pine script strategies for futures prop firm traders. Figured I would share some of what worked and what has not. The problem I was solving I was actually trading on Apex myself and kept running into the same thing. Every pine script strategy I found online was not built for prop firm rules. Daily loss limits not enforced in code. No end of day flatten. Blew an evaluation partly because of it. Figured other traders had the same problem. Coded the rules myself, then decided to sell the scripts. What I built Pre-built pine scripts for 4 instruments: GC (gold futures), MES (micro S&P), MNQ (micro Nasdaq), CL (crude oil). Each one has daily loss lock, EOD flatten, win lock coded in. You can configure the limits for different firms without touching the core logic. Priced at $50 for a single script or $150 for all 4. What actually moved conversions Adding real payout screenshots. Like actual Apex payout certificates from traders who passed using the strategies. Before I did that — traffic but weak conversions. After — noticeably better. Prop firm traders do not trust backtest results at all anymore. Too many people have gamed them. A real funded account payout is the only thing that actually means something to them. Where things are at Still early. Revenue is real but small. Building more SEO content, getting into prop firm communities, and eventually a subscription tier for updates when firms change their rules. If you are a dev with trading knowledge this space is underbuilt.

2026-05-30 原文 →
AI 资讯

How I Protected My Inbox from Spam Bots While Building Landing Pages

As developers, indie hackers, and solo founders, we launch numerous static sites, minimal landing pages, and open-source project documentation blocks. Every single one of these deployments shares a universal prerequisite: a reliable path to gather raw incoming user feedback, inbound sales leads, or bug reports. The traditional path of least resistance has long been to embed a hardcoded HTML <form> inside our page, or worse, expose a standard mailto: link. However, we all know what happens next. Within hours of your app hitting public hosting servers or GitHub, automated asynchronous spam bots find your raw source code, harvest your personal email address, and turn your inbox into a living nightmare. I used to spend hours configuring captchas, writing honey-pot filters, or spinning up custom Serverless Lambda routines just to secure a simple contact form. Eventually, I realized I was fighting the wrong battle. The best way to protect your inbox isn't to build a better shield around your frontend form; it's to remove the form from your code entirely. That is why I built FormCrab.com . 🦀 The Problem: Why Client-Side Forms are a Risk When you embed a custom form or mailto link into your landing page, you are effectively publishing your communication architecture to the world. Spam bots don't even need to render your page anymore; they use basic regex scrapers to crawl through millions of raw static HTML repositories looking for keywords like type="email" or action="..." . Once your endpoint or raw email identity is captured, it is added to bulk programmatic marketing lists. The Trade-Off We All Hate: Option A: Spin Up a Custom Backend. Configuring an Express or Spring Boot API routing layer solely to act as an authenticated SMTP relay. This adds infrastructural complexity and database burdens to what should be a 15-minute frontend project. Option B: Use Form Backends. Even if you use a standard form endpoint handler, you still have to code the frontend UI, handle valida

2026-05-29 原文 →