How do either of you plan to handle authentication and authorization? How will you handle CORS? Just curious as I've worked in this realm as well.

Authentication and especially authorization can be completely handled by PostgreSQL. In front of it all sits OpenResty (nginx) so that is where you would add whatever headers you would need

jwt's are a touchy subject but was the well-trodden route I was planning to follow for authentication.

Integration with auth0 and other third-party services would be a roadmap thing for me.

Authorization can be handled by PostgreSQL: it has built-in facilities for role-based access control and row-level security. You can develop the authorization scheme that fits your application.

You're way ahead of what I'm thinking of. :)

Nice job.

For a service like this to work, one thing needs to be solved, automating the code deployment (i am talking views/functions/roles/grants/RLS). As far as i know (and i've asked other people) this is not a solved problem. This is what i am working on now. The rest is done