SaaS Background

SaaS Platform for Logistics Operations

Comprehensive Control of Pre-Alerts, Warehouses, Outputs, and Operational Costs

Next.js 14 React 19 Tailwind CSS Supabase TypeScript Zod

# Introduction: Logistics Complexity

VertS-app is an internal SaaS application designed specifically to orchestrate deep operational logistics. In the world of cargo and parcel management, maintaining control from the moment a pre-alert enters the system until the merchandise is delivered is a critical challenge that traditional software rarely solves in an integrated and agile way.

Daily operations include multiple actors: managed client companies, logistics providers with dynamic rates, and warehouse staff. The system had to consolidate all of this into a fast, highly reactive, and reliable dashboard.

The Challenge: Replace spreadsheets, decentralized emails, and manual processes with a centralized tool capable of managing multi-tenant architectures, complex pricing logic, strict parcel tracking, and financial reconciliation (invoices, supplier costs).

The Goal: Build a modular ERP with Next.js 14 using Supabase to enable real-time reporting, advanced role-based security (RLS), and a UX designed for fast flows like mass merchandise reception.

# Core Modules: The Ecosystem

The application is structured into secure, role-based modules accessible from the main dashboard. Each module resolves a specific operational friction:

📦
Warehouse
Receptions
Management of incoming cargo, pre-alerts, and invoices.
🚚
Dispatch
Deliveries
Tracking outbound consolidated packages securely.
⚖️
Finance
Tariffs
Calculators and complex pricing business rules.
📊
Data
Reports
Export to XLSX, CSV, and PDF. Full KPIs.

# Architecture & Tech Stack

On the client side, the app leverages the Next.js App Router for fast, hybrid rendering. Interfaces are built with Tailwind CSS and Radix UI components (via Shadcn/UI), ensuring accessibility alongside a modern iterative design. Complex forms are cleanly managed with React Hook Form paired with Zod validations.

The backend heavily relies on Supabase (PostgreSQL). All core storage, authentication, and authorization logic operate at the database layer through Row Level Security (RLS). This radically simplifies the frontend by offloading data filtering: the database intrinsically knows who is asking and what they are allowed to read/write.

# Multi-tenant Security & RLS

Applications of this nature require strict data isolation across client companies and user tiers natively. We employ a relational schema where each entity rolls up to master accounts and every core table has strict native constraints.

Profiles & Roles

Auth Users -> Profiles Table

Integration atop native auth for bespoke role handling.

Secure

Row Level Security

Policy: auth.uid() = user_id

All PostgreSQL queries filter rows natively by user/tenant.

Unbreakable

Storage Buckets

File Level Policies

ID Images, Invoices, and PDFs are protected in RLS buckets.

Private

By leveraging native DB capabilities, the application bypasses common backend-layer injection vulnerabilities and scales authorization logically without rewriting API permission logic every time a new feature module is added.

A Glimpse into Server Actions

An example of how the application integrates fluidly natively into Next.js Server Components. Observe the secure auth checks and how the profile implicitly forces the database row insertions to protect the 'tenant' (empresa) boundaries without trusting the client.

src/app/actions/reception.ts 
"text-slate-500">// --- Next.js Server Action - Supabase RLS ---
"text-purple-400">import { createServerClient } "text-purple-400">from '@supabase/ssr'
"text-purple-400">import { cookies } "text-purple-400">from 'next/headers'

"text-purple-400">export "text-purple-400">async "text-purple-400">function createReception(data: ReceptionData) {
  "text-purple-400">const cookieStore = cookies()
  "text-purple-400">const supabase = createServerClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    {
      cookies: {
        get(name: string) {
          "text-purple-400">return cookieStore.get(name)?.value
        },
      },
    }
  )

  "text-slate-500">// 1. Ver"text-purple-400">ify Authentication & Role
  "text-purple-400">const { data: { user }, error: authError } = "text-purple-400">await supabase.auth.getUser()
  "text-purple-400">if (authError || !user) "text-purple-400">throw "text-purple-400">new Error('Unauthorized')

  "text-slate-500">// 2. Insert with strict RLS (empresa_id inferred "text-purple-400">from user profile securely)
  "text-purple-400">const { data: profile } = "text-purple-400">await supabase
    ."text-purple-400">from('perfiles')
    .select('empresa_id')
    .eq('id', user.id)
    .single()

  "text-purple-400">const { data: "text-purple-400">newReception, error: insertError } = "text-purple-400">await supabase
    ."text-purple-400">from('recepciones')
    .insert([{ 
      ...data, 
      estado: 'RECIBIDO',
      creado_por: user.id,
      empresa_id: profile.empresa_id "text-slate-500">// Multi-tenant isolation
    }])
    .select()
    .single()

  "text-purple-400">if (insertError) "text-purple-400">throw "text-purple-400">new Error('Failed to create reception')
  
  "text-purple-400">return { success: true, data: "text-purple-400">newReception }
}

# Infrastructure & Setup

Configuration, deployment, and contribution workflows are sharply standardized:

  • Vercel Deployment: Edge-ready CI/CD integration. Zero-config pushes right from the repo.
  • Database Flow: Migrations and schema pushes handled uniformly via Supabase CLI toolchains.
  • Environment Vars: Isolated client vs server secrets via Anonymous Anon Keys and Service Roles.

Interested in the technical setup and capabilities?

Contact Me