added pricing and new users

[postpilotai]

Added Payment options and User Options

Summary by CodeRabbit

• New Features

  • Updated subscription plans now offer new tiers—BASIC, PRO, and BUSINESS—with refined pricing and upgrade paths.
  • Enhanced team and account management with updated role designations (Viewer, Editor, Admin) for clearer permissions and access.

• Chores

  • Implemented internal improvements and dependency updates to boost overall system performance and stability.
  • Introduced a new Nginx server configuration for improved request handling and proxying.

[vercel]

@postpilotai is attempting to deploy a commit to the Listinai Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

This pull request refactors several areas across the backend, frontend, and shared libraries to update user role definitions and subscription tier naming. Changes include modifying default tier assignments, updating method signatures and parameter types, and revising validations and enums. The alterations cover authentication, authorization, billing components, team management, pricing structures, and dependency upgrades.

Changes

File(s) Affected	Change Summary
apps/backend/src/api/routes/users.controller.ts	Modified getSelf method default tier from 'ULTIMATE' to 'BUSINESS'.
apps/backend/src/services/auth/auth.service.ts apps/backend/src/services/auth/permissions/permissions.service.ts	Updated role-related parameters and return types to include 'VIEWER' and 'EDITOR' instead of 'USER'.
apps/frontend/src/components/billing/lifetime.deal.tsx apps/frontend/src/components/billing/main.billing.component.tsx libraries/nestjs-libraries/src/services/stripe.service.ts	Revised billing logic and package naming; switched checks from STANDARD/TEAM to BASIC/BUSINESS with corresponding updates in type definitions.
apps/frontend/src/components/layout/top.menu.tsx apps/frontend/src/components/layout/user.context.tsx apps/frontend/src/components/settings/teams.component.tsx	Updated UI components and context to use new role and tier values; modified access control in menus and team settings.
Multiple files in libraries/nestjs-libraries/src/database/prisma/* and DTOs in libraries/nestjs-libraries/src/dtos/*	Adjusted enums, default values, method signatures, and validation constraints to reflect new roles and subscription tiers; refactored pricing models and user organization logic.
package.json	Upgraded @prisma/client and prisma dependencies from ^5.8.1 to ^6.4.0.
apps/backend/nginx.conf	Added new Nginx server configuration for reverse proxying requests.

Sequence Diagram(s)

Subscription Tier Update Flow

sequenceDiagram
    participant U as User
    participant FE as Billing UI
    participant SS as Stripe Service
    participant DB as Subscription Service/Repository

    U->>FE: Request subscription details/update
    FE->>SS: Send billing info (BASIC/PRO/BUSINESS)
    SS->>DB: Create or update subscription with new billing tier
    DB-->>SS: Return subscription confirmation
    SS-->>FE: Respond with updated subscription data
    FE-->>U: Render new subscription options

Loading

Role Assignment & Permission Check Flow

sequenceDiagram
    participant U as User
    participant FE as Frontend (User Context/Team Settings)
    participant AS as AuthService
    participant PERM as PermissionsService

    U->>FE: Login / Access team settings
    FE->>AS: Submit credentials & role update (VIEWER/EDITOR/ADMIN)
    AS->>PERM: Validate permissions with updated role types
    PERM-->>AS: Return permission results
    AS-->>FE: Provide user data with new roles
    FE-->>U: Grant access based on updated permissions

Loading

Possibly related PRs

• Not secured #574: The changes in the main PR, specifically the modification of the getSelf method in the UsersController class, are related to the updates made in the users.controller.ts file of the retrieved PR, which also involves changes to the getSelf method and cookie handling logic.

Poem

I'm a rabbit, hopping with cheer,
Changes made, both far and near.
New roles and tiers now lead the way,
In code and logic, bright as day.
With a twitch of my nose and a happy leap,
I celebrate these updates, oh so deep!
🐰✨ Enjoy the code, and never sleep!

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

package.json (1)

74-74: Dependency Upgrade for @prisma/client:
The version has been updated to ^6.4.0 from a previous version. Please ensure that all usages of the Prisma client (including any breaking changes in methods, migration workflows, or client configuration) are updated accordingly.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 64d2fdd and eab5e66.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (18)

• apps/backend/src/api/routes/users.controller.ts (1 hunks)
• apps/backend/src/services/auth/auth.service.ts (2 hunks)
• apps/backend/src/services/auth/permissions/permissions.service.ts (1 hunks)
• apps/frontend/src/components/billing/lifetime.deal.tsx (2 hunks)
• apps/frontend/src/components/billing/main.billing.component.tsx (5 hunks)
• apps/frontend/src/components/layout/top.menu.tsx (1 hunks)
• apps/frontend/src/components/layout/user.context.tsx (2 hunks)
• apps/frontend/src/components/settings/teams.component.tsx (3 hunks)
• libraries/nestjs-libraries/src/database/prisma/organizations/organization.repository.ts (2 hunks)
• libraries/nestjs-libraries/src/database/prisma/organizations/organization.service.ts (2 hunks)
• libraries/nestjs-libraries/src/database/prisma/schema.prisma (3 hunks)
• libraries/nestjs-libraries/src/database/prisma/subscriptions/pricing.ts (3 hunks)
• libraries/nestjs-libraries/src/database/prisma/subscriptions/subscription.repository.ts (1 hunks)
• libraries/nestjs-libraries/src/database/prisma/subscriptions/subscription.service.ts (2 hunks)
• libraries/nestjs-libraries/src/dtos/billing/billing.subscribe.dto.ts (1 hunks)
• libraries/nestjs-libraries/src/dtos/settings/add.team.member.dto.ts (1 hunks)
• libraries/nestjs-libraries/src/services/stripe.service.ts (3 hunks)
• package.json (2 hunks)

🔇 Additional comments (34)

libraries/nestjs-libraries/src/database/prisma/subscriptions/pricing.ts (2)

25-27: LGTM! More generous FREE tier limits.

The increased FREE tier limits (1 channel, 30 posts/month) provide a better starting point for new users to evaluate the platform.

---

53-84: Review pricing structure: PRO tier is more expensive than BUSINESS tier.

The current pricing structure shows:

• BASIC: $9.99/month
• BUSINESS: $29.99/month
• PRO: $39/month

This seems counterintuitive as the PRO tier is more expensive than the BUSINESS tier but offers similar features. Consider either:

1. Adjusting the PRO tier price to be lower than BUSINESS
2. Adding more distinctive features to justify PRO's higher price
3. Renaming tiers to better reflect their target users and value proposition

libraries/nestjs-libraries/src/dtos/billing/billing.subscribe.dto.ts (1)

7-8: LGTM! Consistent with pricing tier changes.

The validation constraint correctly reflects the new pricing tiers (BASIC, PRO, BUSINESS).

libraries/nestjs-libraries/src/dtos/settings/add.team.member.dto.ts (1)

10-11:

❓ Verification inconclusive

Verify migration plan for existing 'USER' role accounts.

The role validation has been updated to support more granular access control (EDITOR, VIEWER, ADMIN). However, we need to ensure there's a migration plan for existing accounts with the 'USER' role.

---

🏁 Script executed:

#!/bin/bash
# Check for existing users with 'USER' role that need migration
ast-grep --pattern 'role: "USER"' || ast-grep --pattern "role: 'USER'"

Length of output: 35

---

Migration Plan Verification Required

The role validation now only accepts "EDITOR", "VIEWER", and "ADMIN", so please ensure a migration plan exists (or is clearly documented) to handle any legacy accounts still using the "USER" role. The initial automated search did not return any instances of a "USER" role in the code, but this result is inconclusive. I recommend manually verifying the user records and checking that there’s an established process to update the role assignments where necessary.

• Review database migration procedures or related scripts to confirm that existing "USER" role accounts are being migrated.
• Verify that any related documentation reflects the updated role usage and migration instructions.

apps/frontend/src/components/layout/user.context.tsx (1)

16-16: LGTM! Frontend types are in sync with backend changes.

The UserContext and ContextWrapper types have been correctly updated to reflect:

1. New role-based access control (EDITOR, VIEWER, ADMIN, SUPERADMIN)
2. New pricing tiers (FREE, BASIC, PRO, BUSINESS)

Also applies to: 27-28

apps/frontend/src/components/layout/top.menu.tsx (1)

69-69: LGTM! Role permissions updated for Affiliate menu item.

The change appropriately expands access to the Affiliate menu item to include the new EDITOR and VIEWER roles, aligning with the updated role system.

libraries/nestjs-libraries/src/database/prisma/organizations/organization.service.ts (2)

39-39: LGTM! Role type updated to support granular permissions.

The role type change aligns with the new role system, replacing 'USER' with more specific 'EDITOR' and 'VIEWER' roles.

---

98-118: LGTM! Well-structured role hierarchy implementation.

The LEVELS object and getLevel helper function provide a clear, maintainable way to handle role hierarchies. The implementation:

• Establishes a clear hierarchy: VIEWER < EDITOR < ADMIN
• Improves maintainability with centralized role levels
• Follows good practices with separation of concerns

apps/backend/src/services/auth/permissions/permissions.service.ts (1)

60-60: LGTM! Permission type updated to support granular roles.

The permission type change aligns with the new role system while maintaining correct access control for admin sections.

libraries/nestjs-libraries/src/database/prisma/subscriptions/subscription.repository.ts (1)

131-131:

❓ Verification inconclusive

Verify migration path for existing subscriptions.

The subscription tier update from 'STANDARD' | 'PRO' to 'BASIC' | 'PRO' | 'BUSINESS' looks good, but requires verification.

Please ensure:

1. Existing 'STANDARD' subscriptions are properly migrated
2. Billing system is updated to handle new tiers

---

🏁 Script executed:

#!/bin/bash
# Description: Check for existing subscriptions that need migration

# Search for any hardcoded references to old subscription tiers
rg -i "['\"](STANDARD|PRO)['\"]" --type ts --type tsx --type js

Length of output: 97

---

Verify migration and legacy tier handling

The update to subscription tiers from 'STANDARD' | 'PRO' to 'BASIC' | 'PRO' | 'BUSINESS' appears correct. However, please confirm the following before finalizing:

• Legacy Subscription Migration: Ensure that any subscriptions previously using the legacy 'STANDARD' tier are properly migrated (likely to 'BASIC').
• Billing System Updates: Verify that the billing system now correctly handles the new tiers.
• Codebase Consistency Check: Although an initial search for legacy references was attempted, the command returned an error due to unrecognized file types (specifically for TSX). Please manually re-run the search using a revised command—such as by adding a custom TSX file type (e.g., rg --type-add 'tsx:*.tsx' -i "['\"](STANDARD)['\"]" --type ts --type tsx --type js)—or verify manually that no lingering legacy references exist in the repository.

libraries/nestjs-libraries/src/database/prisma/subscriptions/subscription.service.ts (2)

149-154: LGTM!

The billing tier type has been updated to include new tiers, and the function correctly excludes the 'FREE' tier as it's not applicable for subscription creation or updates.

---

72-75:

✅ Verification successful

Verify pricing object supports new billing tiers.

The billing tier type has been updated to include new tiers. Ensure that the pricing object imported from pricing.ts has been updated to support the new 'BASIC' and 'BUSINESS' tiers.

Run the following script to verify the pricing object:

---

🏁 Script executed:

#!/bin/bash
# Description: Verify pricing object supports new billing tiers.

# Test: Search for pricing object definition. Expect: Object with new tiers.
rg -A 10 $'export const pricing = {'

Length of output: 149

---

Please re-run the above script in your environment and verify that the output shows the pricing object with keys for the new 'BASIC' and 'BUSINESS' tiers. Once confirmed, update the pricing object in pricing.ts if necessary to support these tiers.

---

Verify pricing object supports new billing tiers.

The billing tier type on modifySubscription now includes 'BASIC' and 'BUSINESS'. Please ensure that the pricing object (typically defined in pricing.ts) reflects these new tiers. The previous verification script had a regex error; the updated script above uses a literal search. Manually verify that the pricing definition includes properties for 'BASIC' and 'BUSINESS'.

---

🏁 Script executed:

#!/bin/bash
# Re-run verification: Check for the pricing object definition using a literal search.
rg -F -A 10 'export const pricing = {' 

Length of output: 40

---

Please run the above script to manually verify that a pricing.ts file exists in the repository and that it contains an export for the pricing object incorporating the new billing tiers ('BASIC' and 'BUSINESS'). Once you’ve confirmed that the pricing object is updated accordingly, the review comment can be finalized.

---

Verify that the Pricing Object Supports New Billing Tiers

The modifySubscription function now accepts a billing tier parameter that includes the new tiers 'BASIC' and 'BUSINESS'. Please ensure that the pricing object (typically defined in pricing.ts) is updated to handle these tiers. The scripts above help locate the file and verify that the new billing tiers are present. If they are missing, update the pricing object accordingly.

---

🏁 Script executed:

#!/bin/bash
# Step 1: Locate any TypeScript file named pricing.ts.
fd -e ts -i pricing.ts

# Step 2: For each found pricing.ts file, verify that it exports the pricing object.
fd -e ts -i pricing.ts -x grep -H -n 'export const pricing' {}

# Step 3: Check for the inclusion of new billing tiers 'BASIC' and 'BUSINESS' in pricing.ts.
fd -e ts -i pricing.ts -x grep -H -n -F 'BASIC' {}
fd -e ts -i pricing.ts -x grep -H -n -F 'BUSINESS' {}

Length of output: 772

---

Pricing object correctly supports all billing tiers.

The pricing object defined in libraries/nestjs-libraries/src/database/prisma/subscriptions/pricing.ts is updated to include both BASIC (lines 37–38) and BUSINESS (lines 69–70) tiers. No further changes are necessary based on the current updates to the modifySubscription method.

apps/backend/src/services/auth/auth.service.ts (2)

104-118: LGTM!

The role type in the return type has been updated to match the new role structure, maintaining consistency with the broader role changes.

---

31-37:

❓ Verification inconclusive

Verify role changes are consistent across the codebase.

The role type has been updated to include new roles ('VIEWER', 'EDITOR', 'ADMIN'). Ensure that all role-related code, including enums, DTOs, and database schemas, have been updated consistently.

Run the following script to verify role-related code:

---

🏁 Script executed:

#!/bin/bash
# Description: Verify role-related code has been updated consistently.

# Test: Search for role enums, types, and usages. Expect: Updated roles.
ast-grep --pattern $'enum Role {
  $$$
}'

rg -A 5 $'role: .*USER.*ADMIN'

Length of output: 74

---

Action Required: Manual Verification for Role Updates Across the Codebase

The role type update to include 'VIEWER', 'EDITOR', and 'ADMIN' appears correctly in the routeAuth function signature. However, automated searches for role enums and usages did not produce conclusive output. Please manually verify that all role-related code—such as enum declarations, DTO definitions, and database schema migrations—has been updated consistently. In particular, confirm:

• The updated enum (or equivalent type definitions) for roles is defined as intended.
• All references using role values (in authorization logic, DTOs like CreateOrgUserDto/LoginUserDto, and database models) correctly use the new roles.
• There are no lingering references to the old role (e.g., 'USER').

libraries/nestjs-libraries/src/database/prisma/organizations/organization.repository.ts (2)

158-163: LGTM!

The role type has been updated to match the new role structure, maintaining consistency with the broader role changes.

---

184-188: LGTM!

The subscription tier check has been updated from 'STANDARD' to 'BASIC', aligning with the new subscription tier structure.

apps/backend/src/api/routes/users.controller.ts (1)

48-67: LGTM!

The default tier when STRIPE_PUBLISHABLE_KEY is not set has been updated from 'ULTIMATE' to 'BUSINESS', aligning with the new subscription tier structure.

apps/frontend/src/components/billing/lifetime.deal.tsx (2)

45-51: LGTM! The tier check has been updated correctly.

The logic for determining the next package has been updated to check for 'BASIC' tier instead of 'STANDARD', aligning with the new tier structure.

---

147-147: LGTM! The next package display logic has been updated correctly.

The conditional logic now includes 'BUSINESS' as a tier option, maintaining consistency with the new tier structure.

apps/frontend/src/components/settings/teams.component.tsx (5)

20-33: LGTM! The role definitions have been updated with clearer permissions.

The changes introduce a more granular role hierarchy:

• 'Viewer' replaces 'User' for read-only access
• 'Editor' is added as a new intermediate role
• 'Admin' remains unchanged

---

142-142: LGTM! The role level assignment has been updated correctly.

The myLevel variable now assigns appropriate numeric levels to each role in the hierarchy:

• 'VIEWER': 0 (lowest access)
• 'EDITOR': 1 (intermediate access)
• 'ADMIN': 2 (high access)
• Others: 3 (highest access)

---

144-156: LGTM! The role level function has been refactored for better readability.

The switch statement improves code clarity and makes it easier to add or modify roles in the future.

---

163-163: LGTM! The role type has been updated to include all roles.

The type definition now correctly includes 'EDITOR' and 'VIEWER' roles.

---

216-220: LGTM! The role display has been updated to use the new role names.

The conditional rendering now correctly displays 'Viewer' for the 'VIEWER' role.

apps/frontend/src/components/billing/main.billing.component.tsx (4)

33-34: LGTM! The tier interface has been updated with the new tier names.

The Tiers interface now correctly uses 'Basic', 'Pro', and 'Business' for both monthly and yearly subscriptions.

Also applies to: 38-39

---

46-46: LGTM! The prorate pack type has been updated correctly.

The pack prop type now accepts 'Basic', 'Pro', and 'Business' tiers.

---

96-96: LGTM! The features pack type has been updated correctly.

The pack prop type now includes 'BASIC', 'PRO', 'BUSINESS', and 'FREE' tiers.

---

472-472: LGTM! The type casts have been updated to use the new tier names.

The type casts now correctly use 'BASIC', 'PRO', and 'BUSINESS' tiers.

Also applies to: 496-496, 501-501

libraries/nestjs-libraries/src/services/stripe.service.ts (2)

122-123: LGTM! The billing type in metadata has been updated correctly.

The billing type now uses 'BASIC', 'PRO', and 'BUSINESS' tiers consistently.

Also applies to: 153-154

---

729-729: LGTM! The next package assignment has been updated correctly.

The nextPackage now defaults to 'BASIC' for new subscriptions, consistent with the new tier structure.

package.json (1)

227-227: Dependency Upgrade for prisma CLI:
The Prisma CLI dependency has been updated to ^6.4.0. Verify that your generation scripts (e.g., prisma generate) and migration commands work as expected with this new version.

libraries/nestjs-libraries/src/database/prisma/schema.prisma (3)

130-130: Default Role Change in UserOrganization:
The default value for the role field has been updated to VIEWER (previously it was USER). Please verify that this modification aligns with the intended permissions for newly associated users in organizations and that all related business logic reflects the updated default.

---

622-626: Subscription Tier Updates:
The SubscriptionTier enum now includes FREE, BASIC, (and retains PRO) while adding BUSINESS—with the removal of the former STANDARD and TEAM tiers. Please ensure that the billing logic, validations, and UI components are updated to reflect these new tiers.

---

641-646: User Role Enum Update:
The Role enum has been updated by removing USER and introducing EDITOR and VIEWER alongside existing roles. Confirm that these changes are consistently propagated throughout the application’s authorization and access control mechanisms, and that any hard-coded checks or defaults have been updated accordingly.

[egelhaus]

Hey, your user permission fix could be approved but we wont be merging it, as you would be changing our SaaS Pricing Model too, which we do not want. Only the SaaS Owner Nevo David is allowed to change the values.

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eab5e66 and 36feb1d.

📒 Files selected for processing (3)

• apps/backend/nginx.conf (1 hunks)
• apps/frontend/src/components/billing/main.billing.component.tsx (5 hunks)
• package.json (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• package.json
• apps/frontend/src/components/billing/main.billing.component.tsx

[coderabbitai]

⚠️ Potential issue

Add SSL/TLS configuration for secure communication.

Given that this service handles payment-related traffic, it should enforce HTTPS to protect sensitive data. Consider adding SSL configuration and redirecting all HTTP traffic to HTTPS.

Add the following configuration:

# Redirect HTTP to HTTPS
server {
    listen 80;
    server_name 10.122.0.2.postpilotai.com;
    return 301 https://$server_name$request_uri;
}

# HTTPS server
server {
    listen 443 ssl;
    server_name 10.122.0.2.postpilotai.com;

    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    
    # ... rest of your configuration
}

[coderabbitai]

⚠️ Potential issue

Enhance security headers and remove hard-coded values.

The current configuration has several security concerns:

1. Hard-coded IP addresses in proxy configuration
2. Hard-coded X-Real-IP which could mask actual client IPs
3. Missing security headers
4. No rate limiting for payment endpoints

Apply these security enhancements:

    location / {
        # Use environment variables or DNS instead of hard-coded IPs
        proxy_pass http://backend_upstream;
        
        # Pass the original host header
        proxy_set_header Host $host;
        
        # Pass real client IP
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Security headers
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        
        # Rate limiting for payment endpoints
        location /api/payment {
            limit_req zone=payment_limit burst=5;
            proxy_pass http://backend_upstream;
        }
    }

Define the upstream and rate limiting zones at the http context level:

# At http context level
upstream backend_upstream {
    server backend:8080;  # Use Docker service name or DNS
}

# Rate limiting zones
limit_req_zone $binary_remote_addr zone=payment_limit:10m rate=10r/s;

[coderabbitai]

🛠️ Refactor suggestion

Consider using environment variables for configuration.

Hard-coded values make the configuration less maintainable and pose security risks. Consider using environment variables for dynamic values.

Example using environment variables:

# Use envsubst to replace variables during container startup
server {
    listen ${PORT};
    server_name ${SERVER_NAME};

    location / {
        proxy_pass ${BACKEND_URL};
        proxy_set_header Host ${BACKEND_HOST};
        # ... rest of your configuration
    }
}

Create a startup script to replace variables:

#!/bin/bash
envsubst '${PORT} ${SERVER_NAME} ${BACKEND_URL} ${BACKEND_HOST}' < /etc/nginx/nginx.template > /etc/nginx/nginx.conf
nginx -g 'daemon off;'

[coderabbitai]

⚠️ Potential issue

Fix incorrect server_name directive configuration.

The server_name directive should not include the protocol (http://) or trailing slash. This is syntactically incorrect and will not work as expected.

Apply this diff to fix the server_name:

    listen 80;
-    server_name http://10.122.0.2.postpilotai.com/;
+    server_name 10.122.0.2.postpilotai.com;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	listen 80;
	server_name http://10.122.0.2.postpilotai.com/;
	listen 80;
	server_name 10.122.0.2.postpilotai.com;