DEV Community: sizan mahmud0 The latest articles on DEV Community by sizan mahmud0 (@sizan_mahmud0_e7c3fd0cb68). https://dev.to/sizan_mahmud0_e7c3fd0cb68 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3528308%2F9493cf26-b718-479e-ac54-d25894ad3e42.png DEV Community: sizan mahmud0 https://dev.to/sizan_mahmud0_e7c3fd0cb68 en Git Basics: What Every Developer Should Actually Needs sizan mahmud0 Wed, 18 Feb 2026 08:42:20 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/git-basics-what-every-developer-should-actually-needs-3elg https://dev.to/sizan_mahmud0_e7c3fd0cb68/git-basics-what-every-developer-should-actually-needs-3elg <p><em>A practical deep-dive into the version control tool you use every day but probably don't fully understand</em></p> <p>Git is one of those tools that most developers learn just enough of to get by — <code>git add</code>, <code>git commit</code>, <code>git push</code> — and then stop. But Git is remarkably powerful, and a real understanding of how it works under the hood will save you from hair-pulling moments, make you a better collaborator, and turn you into the person your team calls when something goes wrong.</p> <p>This post is for developers who are past the absolute basics and want to level up their Git game.</p> <h2> How Git Actually Works (The Mental Model That Changes Everything) </h2> <p>Most people think of Git as a system that tracks file changes. It doesn't. Git is a <strong>content-addressable file system</strong> — essentially a key-value store where the key is a SHA-1 hash and the value is your data.</p> <p>When you make a commit, Git doesn't store diffs. It takes a <strong>snapshot</strong> of your entire project at that moment. If a file hasn't changed, Git doesn't store it again — it just links to the previous snapshot. This snapshot model is why Git is so fast and why operations like branching cost almost nothing.</p> <p>The three objects you should know:</p> <p><strong>Blobs</strong> store file content. <strong>Trees</strong> store directory structures (which blobs belong where). <strong>Commits</strong> store a pointer to a tree, metadata (author, message, timestamp), and a pointer to the parent commit(s).</p> <p>Every one of these is hashed and stored in <code>.git/objects</code>. You can actually explore this yourself:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git cat-file <span class="nt">-t</span> HEAD <span class="c"># shows "commit"</span> git cat-file <span class="nt">-p</span> HEAD <span class="c"># shows the commit contents</span> git cat-file <span class="nt">-p</span> HEAD^<span class="o">{</span>tree<span class="o">}</span> <span class="c"># shows the tree that commit points to</span> </code></pre> </div> <p>Once you internalize the snapshot model, a lot of Git's behavior stops feeling magical and starts making sense.</p> <h2> Branching: Cheap, Powerful, and Misunderstood </h2> <p>A Git branch is nothing more than a text file containing a 40-character SHA-1 hash — the commit it points to. That's it. Creating a branch is essentially creating a 41-byte file on disk, which is why it's instantaneous.</p> <p><code>HEAD</code> is just a pointer to the branch you're currently on (or directly to a commit, in "detached HEAD" state).</p> <p>When you commit, Git creates a new commit object, and the current branch pointer moves forward to it. Branching is designed to be used constantly — not just for features, but for experiments, bug fixes, spikes, anything.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git switch <span class="nt">-c</span> my-feature <span class="c"># Create and switch to a new branch (modern syntax)</span> git switch main <span class="c"># Go back to main</span> git branch <span class="nt">-d</span> my-feature <span class="c"># Delete it when done</span> </code></pre> </div> <h2> Merging vs. Rebasing: Know the Difference </h2> <p>This is where a lot of teams have strong opinions. Here's the practical breakdown.</p> <p><strong>Merging</strong> preserves history exactly as it happened. When you merge a feature branch into main, Git creates a merge commit that has two parents. Your history is truthful but can get noisy over time with many criss-crossing branches.</p> <p><strong>Rebasing</strong> rewrites history. When you rebase your feature branch onto main, Git replays your commits one-by-one on top of the latest main, creating brand new commits (new SHAs). The result is a clean, linear history — but it's a rewritten one.</p> <p>The golden rule: <strong>never rebase commits that have been pushed and shared with others.</strong> Rebasing creates new commits, so if someone else has built on your old commits, their history diverges from yours in painful ways.</p> <p>A common workflow that works well for most teams:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># While working on a feature:</span> git fetch origin git rebase origin/main <span class="c"># Keep your feature branch up to date, cleanly</span> <span class="c"># When merging the feature:</span> git merge <span class="nt">--no-ff</span> feature <span class="c"># Create a merge commit to preserve the feature boundary</span> </code></pre> </div> <h2> The Commands That Saved My Life (Probably Yours Too) </h2> <p><strong><code>git reflog</code></strong> is the undo button for things you thought you couldn't undo. Every time HEAD moves — commit, checkout, rebase, reset — Git logs it. If you accidentally deleted a branch or did a destructive reset, the reflog almost certainly has what you need.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git reflog <span class="c"># See everything HEAD has pointed to</span> git checkout HEAD@<span class="o">{</span>3<span class="o">}</span> <span class="c"># Go back to where HEAD was 3 moves ago</span> </code></pre> </div> <p><strong><code>git stash</code></strong> is obvious, but <code>git stash -u</code> (which includes untracked files) and <code>git stash --patch</code> (which lets you interactively choose what to stash) are underused.</p> <p><strong><code>git bisect</code></strong> is magical for tracking down when a bug was introduced. You give it a known good commit and a known bad commit, and it binary searches through history — checking out commits and asking you to mark them good or bad — until it pinpoints the exact offending commit.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git bisect start git bisect bad <span class="c"># current commit is bad</span> git bisect good v2.0 <span class="c"># v2.0 was known good</span> <span class="c"># Git checks out a midpoint — you test it and mark it:</span> git bisect good <span class="c"># or: git bisect bad</span> <span class="c"># Repeat until Git identifies the culprit</span> git bisect reset </code></pre> </div> <p><strong><code>git cherry-pick</code></strong> lets you apply any commit from anywhere onto your current branch. Great for backporting a bug fix to an older release branch.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git cherry-pick abc1234 </code></pre> </div> <h2> Writing Better Commit Messages </h2> <p>A commit message is a letter to your future self (and your teammates). It's the only in-code documentation that explains <em>why</em> something changed, not just what changed — the diff already shows the what.</p> <p>The widely-accepted convention:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;type&gt;: short summary in imperative mood (50 chars max) Longer explanation of WHY this change was made, what problem it solves, and any context that would help a reader understand the decision. Wrap at 72 characters. Refs: #1234 </code></pre> </div> <p>Common types from the Conventional Commits spec: <code>feat</code>, <code>fix</code>, <code>docs</code>, <code>refactor</code>, <code>test</code>, <code>chore</code>.</p> <p>A few rules that make a real difference: use the imperative mood ("Add feature" not "Added feature"), keep the subject line under 50 characters, and always explain the <em>why</em> in the body. Future readers — including you — will thank you.</p> <h2> Interactive Rebase: Your History Editing Superpower </h2> <p><code>git rebase -i</code> (interactive rebase) lets you rewrite, reorder, squash, edit, and drop commits before sharing them. This is how you turn a messy series of "WIP", "fix typo", and "actually fix it" commits into a clean, logical history.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git rebase <span class="nt">-i</span> HEAD~5 <span class="c"># interactively edit the last 5 commits</span> </code></pre> </div> <p>This opens an editor with your commits listed. You can:</p> <ul> <li> <code>pick</code> — keep the commit as-is</li> <li> <code>squash</code> (or <code>s</code>) — combine with the previous commit</li> <li> <code>reword</code> (or <code>r</code>) — change the commit message</li> <li> <code>edit</code> (or <code>e</code>) — pause and amend the commit</li> <li> <code>drop</code> (or <code>d</code>) — delete the commit entirely</li> </ul> <p>The workflow: commit messily and freely while working, then clean up with interactive rebase before pushing. This way you get the safety of frequent commits and the readability of a polished history.</p> <h2> Working with Remotes </h2> <p>A few things that aren't obvious about remotes:</p> <p><code>git fetch</code> downloads changes from the remote but doesn't touch your working directory or local branches. <code>git pull</code> is <code>git fetch</code> followed by a merge (or rebase, with <code>git pull --rebase</code>). In most cases, <code>git fetch</code> + explicit merge/rebase gives you more control and fewer surprises.</p> <p><code>git remote -v</code> shows your remotes. If you've forked a repo, it's common to add the original as <code>upstream</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git remote add upstream https://github.com/original/repo.git git fetch upstream git rebase upstream/main </code></pre> </div> <p><code>git push --force-with-lease</code> is the safe alternative to <code>git push --force</code>. It will refuse to push if someone else has pushed to the branch since you last fetched — protecting you from accidentally overwriting others' work.</p> <h2> A Few Patterns Worth Adopting </h2> <p><strong>Commit early, commit often.</strong> Small commits are easier to review, easier to revert, and easier to understand. You can always squash them later.</p> <p><strong>One logical change per commit.</strong> Each commit should be a single, coherent unit of work. This makes <code>git bisect</code> effective and makes code review much more humane.</p> <p><strong>Keep main green.</strong> Whatever your main branch is called, it should always be in a deployable state. Feature branches are where experimentation lives.</p> <p><strong>Use <code>.gitignore</code> properly.</strong> There's a global <code>.gitignore</code> for your personal cruft (editor files, OS files), and a project-level one for project-specific ignores. Use both. GitHub maintains excellent template files at <code>github.com/github/gitignore</code>.</p> <h2> Going Deeper </h2> <p>Git's documentation (<code>git help &lt;command&gt;</code>) is genuinely good. Scott Chacon's <em>Pro Git</em> (available free at git-scm.com) is the definitive resource and an excellent read. For visual learners, <code>git log --oneline --graph --all</code> gives you a terminal-based visualization of your entire repository history.</p> <p>The more you understand Git's underlying model, the more you'll trust it — and the less you'll be afraid of making mistakes, because you'll know how to undo almost anything.</p> <p>Git is a tool designed to give you confidence, not to trip you up. Learn it well, and it will.</p> <p><em>Found this useful? Follow for more developer deep-dives. Got questions or a favorite Git trick? Drop it in the comments.</em></p> git software programming webdev Next.js JWT Authentication: Complete Guide to Secure Your App in 2026 sizan mahmud0 Mon, 16 Feb 2026 08:44:54 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/nextjs-jwt-authentication-complete-guide-to-secure-your-app-in-2026-15jc https://dev.to/sizan_mahmud0_e7c3fd0cb68/nextjs-jwt-authentication-complete-guide-to-secure-your-app-in-2026-15jc <p>Building secure authentication in Next.js applications can be challenging, especially with the framework's unique server-side and client-side rendering capabilities. In this comprehensive guide, I'll show you how to implement JWT (JSON Web Token) authentication in Next.js 14+ with App Router, covering everything from setup to production-ready security practices.</p> <h2> Why JWT Authentication for Next.js? </h2> <p>Next.js's hybrid rendering model (SSR, SSG, CSR) requires an authentication solution that works seamlessly across server and client components. JWT authentication provides:</p> <p><strong>Stateless Authentication</strong>: Perfect for serverless deployments and edge functions</p> <p><strong>API Route Protection</strong>: Secure your Next.js API routes effortlessly</p> <p><strong>SSR Compatibility</strong>: Works with server-side rendering out of the box</p> <p><strong>Scalability</strong>: No session storage needed, ideal for distributed systems</p> <p><strong>Mobile-Friendly</strong>: Easy integration with React Native or mobile apps</p> <p><strong>Edge-Ready</strong>: Compatible with Next.js Edge Runtime</p> <h2> What We'll Build </h2> <p>By the end of this tutorial, you'll have a fully functional Next.js app with:</p> <ul> <li>User registration and login</li> <li>Protected pages and API routes</li> <li>JWT token management with refresh tokens</li> <li>Middleware for authentication</li> <li>Secure cookie storage</li> <li>Logout functionality</li> <li>Client and server-side authentication checks</li> </ul> <h2> Prerequisites </h2> <p>Before we start, ensure you have:</p> <ul> <li>Node.js 18+ installed</li> <li>Basic understanding of React and Next.js</li> <li>Familiarity with TypeScript (optional but recommended)</li> <li>A backend API or we'll use Next.js API routes</li> </ul> <h2> Project Setup </h2> <h3> Step 1: Create a Next.js Project </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx create-next-app@latest nextjs-jwt-auth <span class="nb">cd </span>nextjs-jwt-auth </code></pre> </div> <p>When prompted, select:</p> <ul> <li>✅ TypeScript</li> <li>✅ ESLint</li> <li>✅ Tailwind CSS</li> <li>✅ App Router</li> <li>❌ Turbopack</li> </ul> <h3> Step 2: Install Required Dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>jsonwebtoken bcryptjs jose npm <span class="nb">install</span> <span class="nt">--save-dev</span> @types/jsonwebtoken @types/bcryptjs </code></pre> </div> <p><strong>Package Breakdown:</strong></p> <ul> <li> <code>jsonwebtoken</code>: JWT creation and verification</li> <li> <code>bcryptjs</code>: Password hashing</li> <li> <code>jose</code>: JWT handling for Edge Runtime (Next.js compatible)</li> </ul> <h3> Step 3: Project Structure </h3> <p>Create the following folder structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>nextjs-jwt-auth/ ├── app/ │ ├── api/ │ │ ├── auth/ │ │ │ ├── login/route.ts │ │ │ ├── register/route.ts │ │ │ ├── logout/route.ts │ │ │ └── refresh/route.ts │ │ └── protected/route.ts │ ├── login/page.tsx │ ├── register/page.tsx │ ├── dashboard/page.tsx │ ├── layout.tsx │ └── page.tsx ├── lib/ │ ├── auth.ts │ ├── db.ts │ └── types.ts ├── middleware.ts └── .env.local </code></pre> </div> <h2> Setting Up Environment Variables </h2> <p>Create a <code>.env.local</code> file in your project root:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>JWT_SECRET=your-super-secret-jwt-key-change-this-in-production JWT_REFRESH_SECRET=your-super-secret-refresh-key-change-this ACCESS_TOKEN_EXPIRY=15m REFRESH_TOKEN_EXPIRY=7d NODE_ENV=development </code></pre> </div> <p><strong>Important</strong>: Generate strong secrets using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>node <span class="nt">-e</span> <span class="s2">"console.log(require('crypto').randomBytes(32).toString('hex'))"</span> </code></pre> </div> <h2> Creating Type Definitions </h2> <p>Create <code>lib/types.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kr">interface</span> <span class="nx">User</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">password</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">createdAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">JWTPayload</span> <span class="p">{</span> <span class="nl">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">iat</span><span class="p">?:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">exp</span><span class="p">?:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">LoginCredentials</span> <span class="p">{</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">RegisterData</span> <span class="p">{</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">AuthResponse</span> <span class="p">{</span> <span class="nl">success</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">message</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">user</span><span class="p">?:</span> <span class="nb">Omit</span><span class="o">&lt;</span><span class="nx">User</span><span class="p">,</span> <span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="o">&gt;</span><span class="p">;</span> <span class="nl">accessToken</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Building Authentication Utilities </h2> <p>Create <code>lib/auth.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">SignJWT</span><span class="p">,</span> <span class="nx">jwtVerify</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">jose</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">cookies</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/headers</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">JWTPayload</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./types</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">secretKey</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="o">!</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">refreshSecretKey</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_REFRESH_SECRET</span><span class="o">!</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextEncoder</span><span class="p">().</span><span class="nf">encode</span><span class="p">(</span><span class="nx">secretKey</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">refreshKey</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextEncoder</span><span class="p">().</span><span class="nf">encode</span><span class="p">(</span><span class="nx">refreshSecretKey</span><span class="p">);</span> <span class="c1">// Generate Access Token</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">generateAccessToken</span><span class="p">(</span><span class="nx">payload</span><span class="p">:</span> <span class="nx">JWTPayload</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">SignJWT</span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="p">.</span><span class="nf">setProtectedHeader</span><span class="p">({</span> <span class="na">alg</span><span class="p">:</span> <span class="dl">'</span><span class="s1">HS256</span><span class="dl">'</span> <span class="p">})</span> <span class="p">.</span><span class="nf">setIssuedAt</span><span class="p">()</span> <span class="p">.</span><span class="nf">setExpirationTime</span><span class="p">(</span><span class="dl">'</span><span class="s1">15m</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">sign</span><span class="p">(</span><span class="nx">key</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Generate Refresh Token</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">generateRefreshToken</span><span class="p">(</span><span class="nx">payload</span><span class="p">:</span> <span class="nx">JWTPayload</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">SignJWT</span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="p">.</span><span class="nf">setProtectedHeader</span><span class="p">({</span> <span class="na">alg</span><span class="p">:</span> <span class="dl">'</span><span class="s1">HS256</span><span class="dl">'</span> <span class="p">})</span> <span class="p">.</span><span class="nf">setIssuedAt</span><span class="p">()</span> <span class="p">.</span><span class="nf">setExpirationTime</span><span class="p">(</span><span class="dl">'</span><span class="s1">7d</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">sign</span><span class="p">(</span><span class="nx">refreshKey</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Verify Access Token</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">verifyAccessToken</span><span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">JWTPayload</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">verified</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">jwtVerify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">key</span><span class="p">);</span> <span class="k">return</span> <span class="nx">verified</span><span class="p">.</span><span class="nx">payload</span> <span class="k">as</span> <span class="nx">JWTPayload</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Verify Refresh Token</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">verifyRefreshToken</span><span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">JWTPayload</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">verified</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">jwtVerify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">refreshKey</span><span class="p">);</span> <span class="k">return</span> <span class="nx">verified</span><span class="p">.</span><span class="nx">payload</span> <span class="k">as</span> <span class="nx">JWTPayload</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Get token from cookies</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getTokenFromCookies</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cookieStore</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">cookies</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">cookieStore</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">accessToken</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">token</span><span class="p">?.</span><span class="nx">value</span> <span class="o">||</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Get token from request headers</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">getTokenFromHeaders</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">):</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">authorization</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">authHeader</span> <span class="o">&amp;&amp;</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bearer </span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">substring</span><span class="p">(</span><span class="mi">7</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Get current user from token</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getCurrentUser</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">JWTPayload</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cookieStore</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">cookies</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">cookieStore</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">accessToken</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span> <span class="o">||</span> <span class="nf">getTokenFromHeaders</span><span class="p">(</span><span class="nx">request</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">verifyAccessToken</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Set auth cookies</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">setAuthCookies</span><span class="p">(</span><span class="nx">accessToken</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">refreshToken</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cookieStore</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">cookies</span><span class="p">();</span> <span class="nx">cookieStore</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">accessToken</span><span class="dl">'</span><span class="p">,</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="p">{</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">production</span><span class="dl">'</span><span class="p">,</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">'</span><span class="s1">lax</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxAge</span><span class="p">:</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">15</span><span class="p">,</span> <span class="c1">// 15 minutes</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="nx">cookieStore</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">refreshToken</span><span class="dl">'</span><span class="p">,</span> <span class="nx">refreshToken</span><span class="p">,</span> <span class="p">{</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">production</span><span class="dl">'</span><span class="p">,</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">'</span><span class="s1">lax</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxAge</span><span class="p">:</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">7</span><span class="p">,</span> <span class="c1">// 7 days</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Clear auth cookies</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">clearAuthCookies</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cookieStore</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">cookies</span><span class="p">();</span> <span class="nx">cookieStore</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">accessToken</span><span class="dl">'</span><span class="p">);</span> <span class="nx">cookieStore</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">refreshToken</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> Simple User Database (In-Memory) </h2> <p>Create <code>lib/db.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">bcrypt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">bcryptjs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">User</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./types</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// In production, use a real database (PostgreSQL, MongoDB, etc.)</span> <span class="kd">const</span> <span class="nx">users</span><span class="p">:</span> <span class="nb">Map</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nx">User</span><span class="o">&gt;</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Map</span><span class="p">();</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">db</span> <span class="o">=</span> <span class="p">{</span> <span class="c1">// Find user by email</span> <span class="na">findUserByEmail</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">user</span> <span class="k">of</span> <span class="nx">users</span><span class="p">.</span><span class="nf">values</span><span class="p">())</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">email</span> <span class="o">===</span> <span class="nx">email</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">},</span> <span class="c1">// Find user by ID</span> <span class="na">findUserById</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="na">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">users</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">id</span><span class="p">)</span> <span class="o">||</span> <span class="kc">null</span><span class="p">;</span> <span class="p">},</span> <span class="c1">// Create new user</span> <span class="na">createUser</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="na">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">User</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">existingUser</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">findUserByEmail</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">existingUser</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">User already exists</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">hashedPassword</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="mi">10</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">userId</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">().</span><span class="nf">toString</span><span class="p">();</span> <span class="kd">const</span> <span class="na">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">userId</span><span class="p">,</span> <span class="nx">name</span><span class="p">,</span> <span class="nx">email</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">hashedPassword</span><span class="p">,</span> <span class="na">createdAt</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(),</span> <span class="p">};</span> <span class="nx">users</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">userId</span><span class="p">,</span> <span class="nx">user</span><span class="p">);</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">},</span> <span class="c1">// Verify password</span> <span class="na">verifyPassword</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="na">plainPassword</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="na">hashedPassword</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">plainPassword</span><span class="p">,</span> <span class="nx">hashedPassword</span><span class="p">);</span> <span class="p">},</span> <span class="c1">// Remove password from user object</span> <span class="na">sanitizeUser</span><span class="p">:</span> <span class="p">(</span><span class="na">user</span><span class="p">:</span> <span class="nx">User</span><span class="p">):</span> <span class="nb">Omit</span><span class="o">&lt;</span><span class="nx">User</span><span class="p">,</span> <span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">password</span><span class="p">,</span> <span class="p">...</span><span class="nx">userWithoutPassword</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">user</span><span class="p">;</span> <span class="k">return</span> <span class="nx">userWithoutPassword</span><span class="p">;</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <h2> Creating API Routes </h2> <h3> Registration Route </h3> <p>Create <code>app/api/auth/register/route.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">db</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/db</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">RegisterData</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/types</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="na">body</span><span class="p">:</span> <span class="nx">RegisterData</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">name</span><span class="p">,</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">body</span><span class="p">;</span> <span class="c1">// Validation</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">name</span> <span class="o">||</span> <span class="o">!</span><span class="nx">email</span> <span class="o">||</span> <span class="o">!</span><span class="nx">password</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">All fields are required</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">password</span><span class="p">.</span><span class="nx">length</span> <span class="o">&lt;</span> <span class="mi">6</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Password must be at least 6 characters</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// Create user</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">createUser</span><span class="p">(</span><span class="nx">name</span><span class="p">,</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">sanitizedUser</span> <span class="o">=</span> <span class="nx">db</span><span class="p">.</span><span class="nf">sanitizeUser</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">User registered successfully</span><span class="dl">'</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="nx">sanitizedUser</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">201</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Registration failed</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Login Route </h3> <p>Create <code>app/api/auth/login/route.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">db</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/db</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">generateAccessToken</span><span class="p">,</span> <span class="nx">generateRefreshToken</span><span class="p">,</span> <span class="nx">setAuthCookies</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/auth</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">LoginCredentials</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/types</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="na">body</span><span class="p">:</span> <span class="nx">LoginCredentials</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">body</span><span class="p">;</span> <span class="c1">// Validation</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">email</span> <span class="o">||</span> <span class="o">!</span><span class="nx">password</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Email and password are required</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// Find user</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">findUserByEmail</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid credentials</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// Verify password</span> <span class="kd">const</span> <span class="nx">isValidPassword</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">verifyPassword</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">password</span><span class="o">!</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">isValidPassword</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid credentials</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// Generate tokens</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">accessToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generateAccessToken</span><span class="p">(</span><span class="nx">payload</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">refreshToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generateRefreshToken</span><span class="p">(</span><span class="nx">payload</span><span class="p">);</span> <span class="c1">// Set cookies</span> <span class="k">await</span> <span class="nf">setAuthCookies</span><span class="p">(</span><span class="nx">accessToken</span><span class="p">,</span> <span class="nx">refreshToken</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">sanitizedUser</span> <span class="o">=</span> <span class="nx">db</span><span class="p">.</span><span class="nf">sanitizeUser</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Login successful</span><span class="dl">'</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="nx">sanitizedUser</span><span class="p">,</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Login failed</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Refresh Token Route </h3> <p>Create <code>app/api/auth/refresh/route.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">cookies</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/headers</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">verifyRefreshToken</span><span class="p">,</span> <span class="nx">generateAccessToken</span><span class="p">,</span> <span class="nx">setAuthCookies</span><span class="p">,</span> <span class="nx">generateRefreshToken</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/auth</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cookieStore</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">cookies</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">refreshToken</span> <span class="o">=</span> <span class="nx">cookieStore</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">refreshToken</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">refreshToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">No refresh token provided</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">verifyRefreshToken</span><span class="p">(</span><span class="nx">refreshToken</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">payload</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid refresh token</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// Generate new tokens</span> <span class="kd">const</span> <span class="nx">newAccessToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generateAccessToken</span><span class="p">({</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">userId</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">newRefreshToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generateRefreshToken</span><span class="p">({</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">userId</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Set new cookies</span> <span class="k">await</span> <span class="nf">setAuthCookies</span><span class="p">(</span><span class="nx">newAccessToken</span><span class="p">,</span> <span class="nx">newRefreshToken</span><span class="p">);</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Token refreshed successfully</span><span class="dl">'</span><span class="p">,</span> <span class="na">accessToken</span><span class="p">:</span> <span class="nx">newAccessToken</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Token refresh failed</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Logout Route </h3> <p>Create <code>app/api/auth/logout/route.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">clearAuthCookies</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/auth</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">clearAuthCookies</span><span class="p">();</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Logged out successfully</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Logout failed</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Protected API Route Example </h2> <p>Create <code>app/api/protected/route.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getCurrentUser</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/auth</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">GET</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getCurrentUser</span><span class="p">(</span><span class="nx">request</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">This is protected data</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">secretInfo</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Only authenticated users can see this</span><span class="dl">'</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Server error</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Creating Middleware for Route Protection </h2> <p>Create <code>middleware.ts</code> in the root directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">NextRequest</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">verifyAccessToken</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./lib/auth</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">middleware</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">accessToken</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span><span class="p">;</span> <span class="c1">// Protected routes</span> <span class="kd">const</span> <span class="nx">protectedPaths</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/profile</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/settings</span><span class="dl">'</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">isProtectedPath</span> <span class="o">=</span> <span class="nx">protectedPaths</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">path</span> <span class="o">=&gt;</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="nx">path</span><span class="p">)</span> <span class="p">);</span> <span class="c1">// Public routes that should redirect if authenticated</span> <span class="kd">const</span> <span class="nx">authPaths</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/register</span><span class="dl">'</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">isAuthPath</span> <span class="o">=</span> <span class="nx">authPaths</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">path</span> <span class="o">=&gt;</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="nx">path</span><span class="p">)</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">isProtectedPath</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">verifyAccessToken</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="nx">response</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">accessToken</span><span class="dl">'</span><span class="p">);</span> <span class="nx">response</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">refreshToken</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">isAuthPath</span> <span class="o">&amp;&amp;</span> <span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">verifyAccessToken</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">/dashboard/:path*</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/profile/:path*</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/settings/:path*</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/register</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="p">};</span> </code></pre> </div> <h2> Building Frontend Components </h2> <h3> Login Page </h3> <p>Create <code>app/login/page.tsx</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useState</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useRouter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/navigation</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Link</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/link</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">LoginPage</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nf">useRouter</span><span class="p">();</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">formData</span><span class="p">,</span> <span class="nx">setFormData</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">error</span><span class="p">,</span> <span class="nx">setError</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="dl">''</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">loading</span><span class="p">,</span> <span class="nx">setLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">handleSubmit</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">e</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">FormEvent</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">e</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">''</span><span class="p">);</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">formData</span><span class="p">),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">refresh</span><span class="p">();</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Login failed</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">An error occurred. Please try again.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">min-h-screen flex items-center justify-center bg-gray-50 py-12 px-4 sm:px-6 lg:px-8</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">max-w-md w-full space-y-8</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h2</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">mt-6 text-center text-3xl font-extrabold text-gray-900</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Sign</span> <span class="k">in</span> <span class="nx">to</span> <span class="nx">your</span> <span class="nx">account</span> <span class="o">&lt;</span><span class="sr">/h2</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">form</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">mt-8 space-y-6</span><span class="dl">"</span> <span class="nx">onSubmit</span><span class="o">=</span><span class="p">{</span><span class="nx">handleSubmit</span><span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">error</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">rounded-md bg-red-50 p-4</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-sm text-red-800</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">error</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">rounded-md shadow-sm -space-y-px</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">label</span> <span class="nx">htmlFor</span><span class="o">=</span><span class="dl">"</span><span class="s2">email</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">sr-only</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Email</span> <span class="nx">address</span><span class="o">&lt;</span><span class="sr">/label</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">input</span> <span class="nx">id</span><span class="o">=</span><span class="dl">"</span><span class="s2">email</span><span class="dl">"</span> <span class="nx">name</span><span class="o">=</span><span class="dl">"</span><span class="s2">email</span><span class="dl">"</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">email</span><span class="dl">"</span> <span class="nx">required</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-t-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 focus:z-10 sm:text-sm</span><span class="dl">"</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Email address</span><span class="dl">"</span> <span class="nx">value</span><span class="o">=</span><span class="p">{</span><span class="nx">formData</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span> <span class="nx">onChange</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setFormData</span><span class="p">({</span> <span class="p">...</span><span class="nx">formData</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">value</span> <span class="p">})}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">label</span> <span class="nx">htmlFor</span><span class="o">=</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">sr-only</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Password</span><span class="o">&lt;</span><span class="sr">/label</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">input</span> <span class="nx">id</span><span class="o">=</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="nx">name</span><span class="o">=</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="nx">required</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-b-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 focus:z-10 sm:text-sm</span><span class="dl">"</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span> <span class="nx">value</span><span class="o">=</span><span class="p">{</span><span class="nx">formData</span><span class="p">.</span><span class="nx">password</span><span class="p">}</span> <span class="nx">onChange</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setFormData</span><span class="p">({</span> <span class="p">...</span><span class="nx">formData</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">value</span> <span class="p">})}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span> <span class="nx">disabled</span><span class="o">=</span><span class="p">{</span><span class="nx">loading</span><span class="p">}</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">group relative w-full flex justify-center py-2 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 disabled:opacity-50</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="p">{</span><span class="nx">loading</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">Signing in...</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">Sign in</span><span class="dl">'</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-sm text-center</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Link</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">/register</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">font-medium text-indigo-600 hover:text-indigo-500</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Don</span><span class="dl">'</span><span class="s1">t have an account? Register &lt;/Link&gt; &lt;/div&gt; &lt;/form&gt; &lt;/div&gt; &lt;/div&gt; ); } </span></code></pre> </div> <h3> Register Page </h3> <p>Create <code>app/register/page.tsx</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useState</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useRouter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/navigation</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Link</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/link</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">RegisterPage</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nf">useRouter</span><span class="p">();</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">formData</span><span class="p">,</span> <span class="nx">setFormData</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">confirmPassword</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">error</span><span class="p">,</span> <span class="nx">setError</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="dl">''</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">loading</span><span class="p">,</span> <span class="nx">setLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">handleSubmit</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">e</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">FormEvent</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">e</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">''</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">formData</span><span class="p">.</span><span class="nx">password</span> <span class="o">!==</span> <span class="nx">formData</span><span class="p">.</span><span class="nx">confirmPassword</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Passwords do not match</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/register</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">formData</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">formData</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">formData</span><span class="p">.</span><span class="nx">password</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login?registered=true</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Registration failed</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">An error occurred. Please try again.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">min-h-screen flex items-center justify-center bg-gray-50 py-12 px-4 sm:px-6 lg:px-8</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">max-w-md w-full space-y-8</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h2</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">mt-6 text-center text-3xl font-extrabold text-gray-900</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Create</span> <span class="nx">your</span> <span class="nx">account</span> <span class="o">&lt;</span><span class="sr">/h2</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">form</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">mt-8 space-y-6</span><span class="dl">"</span> <span class="nx">onSubmit</span><span class="o">=</span><span class="p">{</span><span class="nx">handleSubmit</span><span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">error</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">rounded-md bg-red-50 p-4</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-sm text-red-800</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">error</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">rounded-md shadow-sm space-y-4</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">input</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">text</span><span class="dl">"</span> <span class="nx">required</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">appearance-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 sm:text-sm</span><span class="dl">"</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Full Name</span><span class="dl">"</span> <span class="nx">value</span><span class="o">=</span><span class="p">{</span><span class="nx">formData</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span> <span class="nx">onChange</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setFormData</span><span class="p">({</span> <span class="p">...</span><span class="nx">formData</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">value</span> <span class="p">})}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">input</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">email</span><span class="dl">"</span> <span class="nx">required</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">appearance-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 sm:text-sm</span><span class="dl">"</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Email address</span><span class="dl">"</span> <span class="nx">value</span><span class="o">=</span><span class="p">{</span><span class="nx">formData</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span> <span class="nx">onChange</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setFormData</span><span class="p">({</span> <span class="p">...</span><span class="nx">formData</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">value</span> <span class="p">})}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">input</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="nx">required</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">appearance-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 sm:text-sm</span><span class="dl">"</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span> <span class="nx">value</span><span class="o">=</span><span class="p">{</span><span class="nx">formData</span><span class="p">.</span><span class="nx">password</span><span class="p">}</span> <span class="nx">onChange</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setFormData</span><span class="p">({</span> <span class="p">...</span><span class="nx">formData</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">value</span> <span class="p">})}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">input</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="nx">required</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">appearance-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 sm:text-sm</span><span class="dl">"</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Confirm Password</span><span class="dl">"</span> <span class="nx">value</span><span class="o">=</span><span class="p">{</span><span class="nx">formData</span><span class="p">.</span><span class="nx">confirmPassword</span><span class="p">}</span> <span class="nx">onChange</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setFormData</span><span class="p">({</span> <span class="p">...</span><span class="nx">formData</span><span class="p">,</span> <span class="na">confirmPassword</span><span class="p">:</span> <span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">value</span> <span class="p">})}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">button</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span> <span class="nx">disabled</span><span class="o">=</span><span class="p">{</span><span class="nx">loading</span><span class="p">}</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">group relative w-full flex justify-center py-2 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 disabled:opacity-50</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="p">{</span><span class="nx">loading</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">Creating account...</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">Register</span><span class="dl">'</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-sm text-center</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Link</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">font-medium text-indigo-600 hover:text-indigo-500</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Already</span> <span class="nx">have</span> <span class="nx">an</span> <span class="nx">account</span><span class="p">?</span> <span class="nx">Sign</span> <span class="k">in</span> <span class="o">&lt;</span><span class="sr">/Link</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/form</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> Protected Dashboard Page </h3> <p>Create <code>app/dashboard/page.tsx</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useEffect</span><span class="p">,</span> <span class="nx">useState</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useRouter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/navigation</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">UserData</span> <span class="p">{</span> <span class="nl">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">DashboardPage</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nf">useRouter</span><span class="p">();</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">userData</span><span class="p">,</span> <span class="nx">setUserData</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="nx">UserData</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">protectedData</span><span class="p">,</span> <span class="nx">setProtectedData</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="kr">any</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">loading</span><span class="p">,</span> <span class="nx">setLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">fetchProtectedData</span><span class="p">();</span> <span class="p">},</span> <span class="p">[]);</span> <span class="kd">const</span> <span class="nx">fetchProtectedData</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/protected</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setUserData</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="nf">setProtectedData</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error fetching protected data:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">handleLogout</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/logout</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">refresh</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Logout error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> <span class="k">if </span><span class="p">(</span><span class="nx">loading</span><span class="p">)</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">min-h-screen flex items-center justify-center</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-xl</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Loading</span><span class="p">...</span><span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">min-h-screen bg-gray-50</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">nav</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">bg-white shadow-sm</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">max-w-7xl mx-auto px-4 sm:px-6 lg:px-8</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex justify-between h-16</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex items-center</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h1</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-xl font-bold</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Dashboard</span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex items-center</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{</span><span class="nx">handleLogout</span><span class="p">}</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">ml-4 px-4 py-2 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-indigo-600 hover:bg-indigo-700</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="nx">Logout</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/nav</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">main</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">max-w-7xl mx-auto py-6 sm:px-6 lg:px-8</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">px-4 py-6 sm:px-0</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">bg-white shadow rounded-lg p-6 mb-6</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h2</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-2xl font-bold mb-4</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Welcome</span><span class="p">,</span> <span class="p">{</span><span class="nx">userData</span><span class="p">?.</span><span class="nx">name</span><span class="p">}</span><span class="o">!&lt;</span><span class="sr">/h2</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">space-y-2</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-gray-600</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">span</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">font-semibold</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Email</span><span class="p">:</span><span class="o">&lt;</span><span class="sr">/span&gt; {userData</span><span class="se">?</span><span class="sr">.email</span><span class="err">} </span> <span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-gray-600</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">span</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">font-semibold</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">User</span> <span class="nx">ID</span><span class="p">:</span><span class="o">&lt;</span><span class="sr">/span&gt; {userData</span><span class="se">?</span><span class="sr">.userId</span><span class="err">} </span> <span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">bg-white shadow rounded-lg p-6</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h3</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-xl font-bold mb-4</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Protected</span> <span class="nx">Data</span><span class="o">&lt;</span><span class="sr">/h3</span><span class="err">&gt; </span> <span class="p">{</span><span class="nx">protectedData</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">space-y-2</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-gray-600</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">protectedData</span><span class="p">.</span><span class="nx">secretInfo</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-sm text-gray-500</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Last</span> <span class="nx">accessed</span><span class="p">:</span> <span class="p">{</span><span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">protectedData</span><span class="p">.</span><span class="nx">timestamp</span><span class="p">).</span><span class="nf">toLocaleString</span><span class="p">()}</span> <span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/main</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> Creating a Custom Auth Hook </h2> <p>Create <code>lib/useAuth.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useState</span><span class="p">,</span> <span class="nx">useEffect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useRouter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/navigation</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">User</span> <span class="p">{</span> <span class="nl">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">useAuth</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">user</span><span class="p">,</span> <span class="nx">setUser</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">loading</span><span class="p">,</span> <span class="nx">setLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nf">useRouter</span><span class="p">();</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">checkAuth</span><span class="p">();</span> <span class="p">},</span> <span class="p">[]);</span> <span class="kd">const</span> <span class="nx">checkAuth</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/protected</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setUser</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">setUser</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setUser</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">login</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setUser</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">message</span> <span class="p">};</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">logout</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/logout</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span> <span class="p">});</span> <span class="nf">setUser</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">);</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">refreshToken</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/refresh</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">return</span> <span class="nx">data</span><span class="p">.</span><span class="nx">success</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">};</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">loading</span><span class="p">,</span> <span class="nx">login</span><span class="p">,</span> <span class="nx">logout</span><span class="p">,</span> <span class="nx">refreshToken</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h2> Testing Your Authentication </h2> <h3> Start the Development Server </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run dev </code></pre> </div> <h3> Test Flow: </h3> <ol> <li> <p><strong>Register</strong>: Navigate to <code>http://localhost:3000/register</code></p> <ul> <li>Create a new account</li> <li>Should redirect to login</li> </ul> </li> <li> <p><strong>Login</strong>: Go to <code>http://localhost:3000/login</code></p> <ul> <li>Use your credentials</li> <li>Should redirect to dashboard</li> </ul> </li> <li> <p><strong>Dashboard</strong>: Access <code>http://localhost:3000/dashboard</code></p> <ul> <li>See your user information</li> <li>View protected data</li> </ul> </li> <li> <p><strong>Logout</strong>: Click logout button</p> <ul> <li>Should redirect to login</li> <li>Cannot access dashboard</li> </ul> </li> </ol> <h2> Security Best Practices </h2> <h3> 1. Token Storage </h3> <p><strong>✅ DO:</strong></p> <ul> <li>Store tokens in httpOnly cookies (server-side)</li> <li>Use secure flag in production</li> <li>Set appropriate sameSite attribute</li> </ul> <p><strong>❌ DON'T:</strong></p> <ul> <li>Store tokens in localStorage</li> <li>Store tokens in regular cookies accessible via JavaScript</li> <li>Expose tokens in URLs</li> </ul> <h3> 2. Token Expiration </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Short-lived access tokens</span> <span class="nx">ACCESS_TOKEN_EXPIRY</span><span class="o">=</span><span class="mi">15</span><span class="nx">m</span> <span class="c1">// Long-lived refresh tokens</span> <span class="nx">REFRESH_TOKEN_EXPIRY</span><span class="o">=</span><span class="mi">7</span><span class="nx">d</span> </code></pre> </div> <h3> 3. HTTPS in Production </h3> <p>Always use HTTPS in production to prevent token interception:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">cookieStore</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">accessToken</span><span class="dl">'</span><span class="p">,</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="p">{</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">production</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// HTTPS only in prod</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">'</span><span class="s1">lax</span><span class="dl">'</span><span class="p">,</span> <span class="na">maxAge</span><span class="p">:</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">15</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <h3> 4. CSRF Protection </h3> <p>Next.js provides built-in CSRF protection for API routes. Ensure you're using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">api</span><span class="p">:</span> <span class="p">{</span> <span class="na">bodyParser</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <h3> 5. Rate Limiting </h3> <p>Install and configure rate limiting:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @upstash/ratelimit @upstash/redis </code></pre> </div> <h3> 6. Environment Variables </h3> <p>Never commit <code>.env.local</code> to version control:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .gitignore</span> .env.local .env.<span class="k">*</span>.local </code></pre> </div> <h2> Production Deployment Checklist </h2> <ul> <li>[ ] Generate strong JWT secrets</li> <li>[ ] Enable HTTPS/SSL</li> <li>[ ] Set secure cookie flags</li> <li>[ ] Configure CORS properly</li> <li>[ ] Implement rate limiting</li> <li>[ ] Set up monitoring and logging</li> <li>[ ] Use environment variables</li> <li>[ ] Enable token refresh mechanism</li> <li>[ ] Implement token blacklisting (optional)</li> <li>[ ] Add CSP headers</li> <li>[ ] Configure proper error handling</li> <li>[ ] Set up database (replace in-memory storage)</li> </ul> <h2> Connecting to a Real Database </h2> <p>Replace the in-memory storage with a real database. Here's an example with Prisma:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>prisma @prisma/client npx prisma init </code></pre> </div> <p>Update <code>prisma/schema.prisma</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>model User { id String @id @default(cuid()) email String @unique name String password String createdAt DateTime @default(now()) updatedAt DateTime @updatedAt } </code></pre> </div> <p>Run migrations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx prisma migrate dev <span class="nt">--name</span> init npx prisma generate </code></pre> </div> <h2> Advanced Features to Implement </h2> <h3> 1. Email Verification </h3> <p>Add email verification during registration to ensure valid users.</p> <h3> 2. Password Reset </h3> <p>Implement forgot password functionality with time-limited reset tokens.</p> <h3> 3. Two-Factor Authentication </h3> <p>Add an extra security layer with 2FA using libraries like <code>speakeasy</code>.</p> <h3> 4. Social Authentication </h3> <p>Integrate OAuth providers using NextAuth.js:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>next-auth </code></pre> </div> <h3> 5. Role-Based Access Control </h3> <p>Extend JWT payload with user roles:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kr">interface</span> <span class="nx">JWTPayload</span> <span class="p">{</span> <span class="nl">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">moderator</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Common Issues and Solutions </h2> <h3> Issue 1: "Invalid Token" After Refresh </h3> <p><strong>Solution</strong>: Implement automatic token refresh in your API calls.</p> <h3> Issue 2: Cookies Not Being Set </h3> <p><strong>Solution</strong>: Check cookie settings and ensure domain matches.</p> <h3> Issue 3: Middleware Not Working </h3> <p><strong>Solution</strong>: Verify middleware.ts is in the root directory and config matcher is correct.</p> <h3> Issue 4: CORS Errors </h3> <p><strong>Solution</strong>: Configure CORS headers in next.config.js:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">headers</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="p">{</span> <span class="na">source</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/api/:path*</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Access-Control-Allow-Credentials</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">true</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Access-Control-Allow-Origin</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">*</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Access-Control-Allow-Methods</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET,POST,PUT,DELETE,OPTIONS</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Access-Control-Allow-Headers</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Content-Type, Authorization</span><span class="dl">'</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">];</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <h2> Performance Optimization </h2> <h3> 1. Token Caching </h3> <p>Cache verified tokens to reduce computation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">tokenCache</span> <span class="o">=</span> <span class="k">new</span> <span class="nb">Map</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="p">{</span> <span class="na">payload</span><span class="p">:</span> <span class="nx">JWTPayload</span><span class="p">;</span> <span class="nl">exp</span><span class="p">:</span> <span class="kr">number</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">();</span> </code></pre> </div> <h3> 2. Edge Runtime </h3> <p>Deploy middleware to Edge for faster authentication checks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">/dashboard/:path*</span><span class="dl">'</span><span class="p">],</span> <span class="na">runtime</span><span class="p">:</span> <span class="dl">'</span><span class="s1">edge</span><span class="dl">'</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <h3> 3. Lazy Loading </h3> <p>Lazy load authentication check on client:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuth</span><span class="p">();</span> </code></pre> </div> <h2> Monitoring and Logging </h2> <p>Implement logging for security events:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/logger.ts</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">logger</span> <span class="o">=</span> <span class="p">{</span> <span class="na">login</span><span class="p">:</span> <span class="p">(</span><span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="na">success</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Login attempt: </span><span class="p">${</span><span class="nx">email</span><span class="p">}</span><span class="s2"> - </span><span class="p">${</span><span class="nx">success</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">SUCCESS</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">FAILED</span><span class="dl">'</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">},</span> <span class="na">tokenRefresh</span><span class="p">:</span> <span class="p">(</span><span class="na">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Token refreshed for user: </span><span class="p">${</span><span class="nx">userId</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">},</span> <span class="na">logout</span><span class="p">:</span> <span class="p">(</span><span class="na">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`User logged out: </span><span class="p">${</span><span class="nx">userId</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <h2> Conclusion </h2> <p>You've successfully implemented a complete JWT authentication system in Next.js with the App Router. This implementation includes user registration, login, logout, token refresh, protected routes, and middleware protection.</p> <p>The stateless nature of JWT makes it perfect for Next.js applications, especially when deploying to serverless or edge environments. Remember to follow security best practices, use HTTPS in production, and keep your tokens short-lived.</p> <p>Have questions about Next.js JWT authentication? Drop them in the comments below!</p> <p><strong>Found this helpful? Give it a like and follow for more Next.js tutorials!</strong></p> javascript nextjs security tutorial Next.js CI/CD Pipeline: Complete Implementation Guide for Automated Deployments sizan mahmud0 Mon, 26 Jan 2026 06:16:33 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/nextjs-cicd-pipeline-complete-implementation-guide-for-automated-deployments-314h https://dev.to/sizan_mahmud0_e7c3fd0cb68/nextjs-cicd-pipeline-complete-implementation-guide-for-automated-deployments-314h <p><em>Build a production-ready CI/CD workflow for Next.js applications with GitHub Actions, automated testing, and zero-downtime deployments</em></p> <p>Manually deploying your Next.js application every time you push code is tedious, error-prone, and slows down your development velocity. A proper CI/CD (Continuous Integration/Continuous Deployment) pipeline automates testing, building, and deploying your application, allowing you to ship features faster with confidence.</p> <p>In this comprehensive guide, you'll learn how to implement a complete CI/CD pipeline for Next.js applications using GitHub Actions, including automated testing, linting, building, and deployment to popular platforms.</p> <h2> Why CI/CD Matters for Next.js Applications </h2> <p>Modern Next.js applications are complex. They use TypeScript, require build optimization, leverage server-side rendering, and often integrate with multiple services. A robust CI/CD pipeline ensures:</p> <ul> <li> <strong>Consistent builds</strong> across all environments</li> <li> <strong>Automated testing</strong> catches bugs before production</li> <li> <strong>Faster deployment</strong> cycles with zero manual intervention</li> <li> <strong>Rollback capabilities</strong> when issues arise</li> <li> <strong>Team collaboration</strong> without deployment bottlenecks</li> </ul> <p>Let's build one from scratch.</p> <h2> Prerequisites </h2> <p>Before implementing CI/CD, ensure you have:</p> <ul> <li>A Next.js application in a Git repository</li> <li>A GitHub account (we'll use GitHub Actions)</li> <li>A deployment target (Vercel, AWS, DigitalOcean, etc.)</li> <li>Basic understanding of YAML syntax</li> </ul> <h2> Setting Up the Foundation </h2> <h3> Project Structure Best Practices </h3> <p>First, organize your Next.js project for CI/CD success:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>nextjs-app/ ├── .github/ │ └── workflows/ │ ├── ci.yml │ └── deploy.yml ├── src/ ├── tests/ ├── package.json ├── next.config.js └── .env.example </code></pre> </div> <h3> Environment Variables Management </h3> <p>Create a <code>.env.example</code> file documenting all required environment variables:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .env.example</span> <span class="nv">NEXT_PUBLIC_API_URL</span><span class="o">=</span> <span class="nv">DATABASE_URL</span><span class="o">=</span> <span class="nv">AUTH_SECRET</span><span class="o">=</span> <span class="nv">STRIPE_SECRET_KEY</span><span class="o">=</span> </code></pre> </div> <p>Never commit actual <code>.env</code> files. Store secrets in GitHub Secrets or your deployment platform's secret management.</p> <h2> Building the CI Pipeline </h2> <p>Create <code>.github/workflows/ci.yml</code> for continuous integration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">CI Pipeline</span> <span class="na">on</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">,</span> <span class="nv">develop</span><span class="pi">]</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">,</span> <span class="nv">develop</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">lint-and-test</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">18.x</span><span class="pi">,</span> <span class="nv">20.x</span><span class="pi">]</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup Node.js</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="s">${{ matrix.node-version }}</span> <span class="na">cache</span><span class="pi">:</span> <span class="s1">'</span><span class="s">npm'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run ESLint</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run lint</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run TypeScript check</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run type-check</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run unit tests</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run test</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run build</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run build</span> <span class="na">env</span><span class="pi">:</span> <span class="na">NEXT_PUBLIC_API_URL</span><span class="pi">:</span> <span class="s">${{ secrets.NEXT_PUBLIC_API_URL }}</span> </code></pre> </div> <h3> Adding Test Scripts to package.json </h3> <p>Update your <code>package.json</code> with necessary scripts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"dev"</span><span class="p">:</span><span class="w"> </span><span class="s2">"next dev"</span><span class="p">,</span><span class="w"> </span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="s2">"next build"</span><span class="p">,</span><span class="w"> </span><span class="nl">"start"</span><span class="p">:</span><span class="w"> </span><span class="s2">"next start"</span><span class="p">,</span><span class="w"> </span><span class="nl">"lint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"next lint"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type-check"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tsc --noEmit"</span><span class="p">,</span><span class="w"> </span><span class="nl">"test"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jest"</span><span class="p">,</span><span class="w"> </span><span class="nl">"test:watch"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jest --watch"</span><span class="p">,</span><span class="w"> </span><span class="nl">"test:coverage"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jest --coverage"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Implementing Automated Testing </h2> <h3> Setting Up Jest for Next.js </h3> <p>Install testing dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-D</span> jest @testing-library/react @testing-library/jest-dom jest-environment-jsdom </code></pre> </div> <p>Create <code>jest.config.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">nextJest</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">next/jest</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">createJestConfig</span> <span class="o">=</span> <span class="nf">nextJest</span><span class="p">({</span> <span class="na">dir</span><span class="p">:</span> <span class="dl">'</span><span class="s1">./</span><span class="dl">'</span><span class="p">,</span> <span class="p">})</span> <span class="kd">const</span> <span class="nx">customJestConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">setupFilesAfterEnv</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">&lt;rootDir&gt;/jest.setup.js</span><span class="dl">'</span><span class="p">],</span> <span class="na">testEnvironment</span><span class="p">:</span> <span class="dl">'</span><span class="s1">jest-environment-jsdom</span><span class="dl">'</span><span class="p">,</span> <span class="na">moduleNameMapper</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">^@/(.*)$</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">&lt;rootDir&gt;/src/$1</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">collectCoverageFrom</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">src/**/*.{js,jsx,ts,tsx}</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">!src/**/*.d.ts</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">!src/**/*.stories.{js,jsx,ts,tsx}</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="p">}</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="nf">createJestConfig</span><span class="p">(</span><span class="nx">customJestConfig</span><span class="p">)</span> </code></pre> </div> <h3> Writing Component Tests </h3> <p>Example test for a Next.js component:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// __tests__/components/Button.test.tsx</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">render</span><span class="p">,</span> <span class="nx">screen</span><span class="p">,</span> <span class="nx">fireEvent</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@testing-library/react</span><span class="dl">'</span> <span class="k">import</span> <span class="nx">Button</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/components/Button</span><span class="dl">'</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">Button Component</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">it</span><span class="p">(</span><span class="dl">'</span><span class="s1">renders button with correct text</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">render</span><span class="p">(</span><span class="o">&lt;</span><span class="nx">Button</span><span class="o">&gt;</span><span class="nx">Click</span> <span class="nx">me</span><span class="o">&lt;</span><span class="sr">/Button&gt;</span><span class="err">) </span> <span class="nf">expect</span><span class="p">(</span><span class="nx">screen</span><span class="p">.</span><span class="nf">getByText</span><span class="p">(</span><span class="dl">'</span><span class="s1">Click me</span><span class="dl">'</span><span class="p">)).</span><span class="nf">toBeInTheDocument</span><span class="p">()</span> <span class="p">})</span> <span class="nf">it</span><span class="p">(</span><span class="dl">'</span><span class="s1">calls onClick handler when clicked</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">handleClick</span> <span class="o">=</span> <span class="nx">jest</span><span class="p">.</span><span class="nf">fn</span><span class="p">()</span> <span class="nf">render</span><span class="p">(</span><span class="o">&lt;</span><span class="nx">Button</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{</span><span class="nx">handleClick</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">Click</span> <span class="nx">me</span><span class="o">&lt;</span><span class="sr">/Button&gt;</span><span class="err">) </span> <span class="nx">fireEvent</span><span class="p">.</span><span class="nf">click</span><span class="p">(</span><span class="nx">screen</span><span class="p">.</span><span class="nf">getByText</span><span class="p">(</span><span class="dl">'</span><span class="s1">Click me</span><span class="dl">'</span><span class="p">))</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">handleClick</span><span class="p">).</span><span class="nf">toHaveBeenCalledTimes</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">})</span> <span class="p">})</span> </code></pre> </div> <h2> Creating the CD Pipeline </h2> <h3> Deploying to Vercel </h3> <p>Create <code>.github/workflows/deploy-vercel.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to Vercel</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to Vercel</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">amondnet/vercel-action@v25</span> <span class="na">with</span><span class="pi">:</span> <span class="na">vercel-token</span><span class="pi">:</span> <span class="s">${{ secrets.VERCEL_TOKEN }}</span> <span class="na">vercel-org-id</span><span class="pi">:</span> <span class="s">${{ secrets.VERCEL_ORG_ID }}</span> <span class="na">vercel-project-id</span><span class="pi">:</span> <span class="s">${{ secrets.VERCEL_PROJECT_ID }}</span> <span class="na">vercel-args</span><span class="pi">:</span> <span class="s1">'</span><span class="s">--prod'</span> </code></pre> </div> <h3> Deploying to AWS or DigitalOcean </h3> <p>For custom server deployments, create <code>.github/workflows/deploy-production.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to Production</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup Node.js</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">20.x'</span> <span class="na">cache</span><span class="pi">:</span> <span class="s1">'</span><span class="s">npm'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build application</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run build</span> <span class="na">env</span><span class="pi">:</span> <span class="na">NEXT_PUBLIC_API_URL</span><span class="pi">:</span> <span class="s">${{ secrets.NEXT_PUBLIC_API_URL }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to server</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">appleboy/ssh-action@master</span> <span class="na">with</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s">${{ secrets.SERVER_HOST }}</span> <span class="na">username</span><span class="pi">:</span> <span class="s">${{ secrets.SERVER_USER }}</span> <span class="na">key</span><span class="pi">:</span> <span class="s">${{ secrets.SSH_PRIVATE_KEY }}</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">cd /var/www/nextjs-app</span> <span class="s">git pull origin main</span> <span class="s">npm ci</span> <span class="s">npm run build</span> <span class="s">pm2 reload nextjs-app</span> </code></pre> </div> <h2> Advanced CI/CD Features </h2> <h3> Parallel Testing for Faster Builds </h3> <p>Speed up your CI pipeline by running tests in parallel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">test</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">shard</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">1</span><span class="pi">,</span> <span class="nv">2</span><span class="pi">,</span> <span class="nv">3</span><span class="pi">,</span> <span class="nv">4</span><span class="pi">]</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run tests</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run test -- --shard=${{ matrix.shard }}/4</span> </code></pre> </div> <h3> Automated Lighthouse Performance Checks </h3> <p>Add performance testing to your pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Lighthouse CI</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">npm install -g @lhci/cli</span> <span class="s">lhci autorun</span> <span class="na">env</span><span class="pi">:</span> <span class="na">LHCI_GITHUB_APP_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.LHCI_GITHUB_APP_TOKEN }}</span> </code></pre> </div> <h3> Automatic Dependency Updates </h3> <p>Use Dependabot to keep dependencies updated. Create <code>.github/dependabot.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="m">2</span> <span class="na">updates</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">package-ecosystem</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npm"</span> <span class="na">directory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/"</span> <span class="na">schedule</span><span class="pi">:</span> <span class="na">interval</span><span class="pi">:</span> <span class="s2">"</span><span class="s">weekly"</span> <span class="na">open-pull-requests-limit</span><span class="pi">:</span> <span class="m">10</span> </code></pre> </div> <h3> Preview Deployments for Pull Requests </h3> <p>Deploy every PR to a preview environment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Preview Deployment</span> <span class="na">on</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">types</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">opened</span><span class="pi">,</span> <span class="nv">synchronize</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">preview</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy Preview</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">amondnet/vercel-action@v25</span> <span class="na">with</span><span class="pi">:</span> <span class="na">vercel-token</span><span class="pi">:</span> <span class="s">${{ secrets.VERCEL_TOKEN }}</span> <span class="na">vercel-org-id</span><span class="pi">:</span> <span class="s">${{ secrets.VERCEL_ORG_ID }}</span> <span class="na">vercel-project-id</span><span class="pi">:</span> <span class="s">${{ secrets.VERCEL_PROJECT_ID }}</span> </code></pre> </div> <h2> Security Best Practices </h2> <h3> Protecting Secrets </h3> <p>Store all sensitive data in GitHub Secrets:</p> <ol> <li>Go to repository Settings → Secrets and variables → Actions</li> <li>Add secrets like <code>VERCEL_TOKEN</code>, <code>DATABASE_URL</code>, etc.</li> <li>Reference them in workflows using <code>${{ secrets.SECRET_NAME }}</code> </li> </ol> <h3> Dependency Scanning </h3> <p>Add automated security scanning:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run security audit</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm audit --audit-level=high</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Check for vulnerabilities</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">snyk/actions/node@master</span> <span class="na">env</span><span class="pi">:</span> <span class="na">SNYK_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.SNYK_TOKEN }}</span> </code></pre> </div> <h2> Monitoring and Notifications </h2> <h3> Slack Notifications for Deployments </h3> <p>Add deployment notifications:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Notify Slack</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">8398a7/action-slack@v3</span> <span class="na">if</span><span class="pi">:</span> <span class="s">always()</span> <span class="na">with</span><span class="pi">:</span> <span class="na">status</span><span class="pi">:</span> <span class="s">${{ job.status }}</span> <span class="na">webhook_url</span><span class="pi">:</span> <span class="s">${{ secrets.SLACK_WEBHOOK }}</span> </code></pre> </div> <h3> Discord Notifications </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Discord notification</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">Ilshidur/action-discord@master</span> <span class="na">env</span><span class="pi">:</span> <span class="na">DISCORD_WEBHOOK</span><span class="pi">:</span> <span class="s">${{ secrets.DISCORD_WEBHOOK }}</span> <span class="na">with</span><span class="pi">:</span> <span class="na">args</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Deployment</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">production</span><span class="nv"> </span><span class="s">completed!'</span> </code></pre> </div> <h2> Troubleshooting Common Issues </h2> <h3> Build Failures </h3> <p>If builds fail in CI but work locally, check:</p> <ul> <li>Node version consistency</li> <li>Environment variables are properly set</li> <li>Dependencies are locked in <code>package-lock.json</code> </li> </ul> <h3> Deployment Timeouts </h3> <p>For large Next.js apps, increase timeout limits:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build application</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run build</span> <span class="na">timeout-minutes</span><span class="pi">:</span> <span class="m">20</span> </code></pre> </div> <h2> The Complete Workflow </h2> <p>Here's what your production-ready CI/CD pipeline accomplishes:</p> <ol> <li> <strong>On every commit</strong>: Lint, type-check, and test</li> <li> <strong>On pull requests</strong>: Run full CI suite + deploy preview</li> <li> <strong>On merge to main</strong>: Build, test, and deploy to production</li> <li> <strong>Continuously</strong>: Scan for security vulnerabilities</li> <li> <strong>Weekly</strong>: Update dependencies automatically</li> </ol> <h2> Conclusion </h2> <p>Implementing CI/CD for your Next.js application transforms your development workflow. You ship faster, catch bugs earlier, and deploy with confidence. Start with the basic CI pipeline, add automated testing, then progressively enhance with preview deployments, performance checks, and security scanning.</p> <p>The investment in setting up CI/CD pays dividends immediately. Your team focuses on building features while automation handles the repetitive, error-prone deployment tasks.</p> <p>Ready to implement CI/CD? Start with the workflows in this guide, customize them for your needs, and watch your deployment velocity skyrocket.</p> <p><em>What CI/CD challenges have you faced with Next.js? Share your experiences and solutions in the comments below.</em></p> automation cicd nextjs frontend jQuery 4.0.0 Released: A Milestone 20 Years in the Making – Everything You Need to Know sizan mahmud0 Tue, 20 Jan 2026 03:33:27 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/jquery-400-released-a-milestone-20-years-in-the-making-everything-you-need-to-know-14nk https://dev.to/sizan_mahmud0_e7c3fd0cb68/jquery-400-released-a-milestone-20-years-in-the-making-everything-you-need-to-know-14nk <p><strong>Meta Description:</strong> jQuery 4.0.0 is officially here after nearly a decade. Learn about the breaking changes, modern browser support, ES modules, Trusted Types, and how to upgrade from jQuery 3.x.</p> <p>After almost a decade since its last major version, the jQuery team has officially released <strong>jQuery 4.0.0</strong> on January 17, 2026, coinciding perfectly with the library's 20th anniversary. This landmark release represents a significant shift from legacy compatibility to modern web standards while maintaining the stability that millions of websites depend on.</p> <h2> The Journey: From 2006 to 2026 </h2> <p>Twenty years ago, John Resig introduced jQuery at BarCamp in New York City on January 14, 2006. What started as a solution to browser inconsistencies has become one of the most influential JavaScript libraries in web development history, currently powering an estimated 90% of all websites.</p> <p>jQuery 4.0.0 marks the first major version release in nearly 10 years, bringing long-awaited modernizations, breaking changes, and performance improvements that the team has wanted to implement for years.</p> <h2> What's New in jQuery 4.0.0? </h2> <h3> 1. Dropping Legacy Browser Support </h3> <p>The most significant change is the removal of support for Internet Explorer 10 and older versions. While this might seem overdue to some developers, the jQuery team has taken a measured approach.</p> <p><strong>Supported Browsers:</strong></p> <ul> <li>Internet Explorer 11 (temporary, will be removed in jQuery 5.0)</li> <li>Chrome, Edge, Firefox, Safari (current and previous versions)</li> <li>iOS Safari (current through current minus two versions)</li> <li>Android (current and previous versions)</li> </ul> <p><strong>No Longer Supported:</strong></p> <ul> <li>Internet Explorer 10 and earlier</li> <li>Edge Legacy (pre-Chromium)</li> <li>Firefox versions older than the last two releases (excluding ESR)</li> <li>iOS versions earlier than the last three releases</li> <li>Android Browser</li> </ul> <p>If your project still requires these older browsers, the recommendation is to stick with jQuery 3.x, which will continue to receive security updates.</p> <h3> 2. Migration to ES Modules </h3> <p>The jQuery source code has been migrated from AMD to ES modules, marking a special milestone in the library's evolution. This change brings several benefits:</p> <ul> <li>Direct compatibility with modern build tools like Webpack, Rollup, and Vite</li> <li>Better tree-shaking capabilities for reduced bundle sizes</li> <li>Support for native browser module loading via <code>&lt;script type="module"&gt;</code> </li> <li>Improved integration with server-side rendering frameworks</li> </ul> <p>The primary jQuery distribution remains a UMD module that works in both AMD and non-AMD environments, ensuring backward compatibility for most use cases.</p> <h3> 3. Trusted Types Support for Enhanced Security </h3> <p>jQuery 4.0 adds support for Trusted Types, allowing HTML wrapped in TrustedHTML objects to be used safely with jQuery manipulation methods under strict Content Security Policy configurations. This enhancement significantly improves security for applications with stringent CSP requirements.</p> <p>Additionally, most asynchronous script requests now use <code>&lt;script&gt;</code> tags instead of inline scripts to avoid CSP violations.</p> <h3> 4. Removal of Deprecated APIs </h3> <p>Many utility methods that browsers now implement natively have been removed, including:</p> <ul> <li> <code>jQuery.isArray()</code> → Use <code>Array.isArray()</code> </li> <li> <code>jQuery.parseJSON()</code> → Use <code>JSON.parse()</code> </li> <li> <code>jQuery.trim()</code> → Use <code>String.prototype.trim()</code> </li> <li> <code>jQuery.now()</code> → Use <code>Date.now()</code> </li> <li>Various CSS-related internals replaced by native browser APIs</li> </ul> <p>These removals help reduce the library's file size and encourage developers to use modern JavaScript features.</p> <h3> 5. Slim Build Option </h3> <p>For developers who don't need everything jQuery offers, a "slim" build is available that excludes:</p> <ul> <li>AJAX functionality</li> <li>Effects/animations</li> <li>Deprecated APIs</li> </ul> <p>The slim build is approximately 8KB smaller (gzipped) than the regular version, making it ideal for projects that handle AJAX with fetch API or use CSS for animations.</p> <h3> 6. Updated Event Handling </h3> <p>jQuery 4.0 aligns focus-related events with the current W3C specification, no longer overriding native browser behavior. This ensures event sequences follow standardized orders used by modern browsers.</p> <h2> Should You Upgrade? </h2> <h3> When to Upgrade: </h3> <ul> <li>Your application no longer needs to support IE 10 or older browsers</li> <li>You want to take advantage of modern JavaScript features</li> <li>You're using modern build tools and want better integration</li> <li>You need enhanced Content Security Policy support</li> </ul> <h3> When to Wait: </h3> <ul> <li>Your project still supports legacy browsers</li> <li>You rely on deprecated APIs that have been removed</li> <li>You have a large codebase that hasn't been tested with jQuery 4.0</li> </ul> <h2> How to Upgrade </h2> <p>The jQuery team has prepared comprehensive resources to help with the transition:</p> <ol> <li> <strong>Upgrade Guide</strong>: A detailed guide covering all breaking changes</li> <li> <strong>jQuery Migrate Plugin</strong>: Helps identify and fix compatibility issues</li> <li> <strong>Testing</strong>: Thoroughly test your application with jQuery 4.0 before deploying</li> </ol> <h3> Installation Options: </h3> <p><strong>Via CDN:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"https://code.jquery.com/jquery-4.0.0.min.js"</span><span class="nt">&gt;&lt;/script&gt;</span> </code></pre> </div> <p><strong>Via npm:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>jquery@4.0.0 </code></pre> </div> <p><strong>Slim Build:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"https://code.jquery.com/jquery-4.0.0.slim.min.js"</span><span class="nt">&gt;&lt;/script&gt;</span> </code></pre> </div> <h2> The Bigger Picture: jQuery's Role in Modern Web Development </h2> <p>While frameworks like React, Vue, and Angular dominate new project development, jQuery remains critical infrastructure for millions of existing websites, WordPress themes, and enterprise applications. This release demonstrates that jQuery isn't trying to compete with modern frameworks but rather serve its existing ecosystem while embracing modern standards.</p> <p>The library's mission of cross-browser compatibility has been largely accomplished—modern browsers now implement consistent APIs following W3C specifications. jQuery 4.0 acknowledges this reality by shedding unnecessary legacy code while maintaining stability for the vast web ecosystem that depends on it.</p> <h2> What's Next? </h2> <p>jQuery 5.0 will likely remove IE 11 support entirely, but given that jQuery 4.0 took nearly a decade to release, significant version updates will remain infrequent. The team prioritizes stability and backward compatibility over rapid iteration, which is exactly what the library's users need.</p> <h2> Conclusion </h2> <p>jQuery 4.0.0 represents a carefully balanced modernization of one of the web's most important libraries. It drops outdated browser support, embraces modern JavaScript standards, improves security, and reduces file size—all while maintaining the stability that millions of websites depend on.</p> <p>For teams maintaining jQuery-based applications, this release offers a clear migration path to modern web development practices without requiring a complete rewrite. For new projects, it serves as a reminder that sometimes the most reliable tool is the one that's been battle-tested for two decades.</p> <p>Whether you upgrade immediately or continue with jQuery 3.x, this release marks an important milestone in web development history and sets the foundation for jQuery's next chapter.</p> <p><strong>Resources:</strong></p> <ul> <li><a href="https://blog.jquery.com/2026/01/17/jquery-4-0-0/" rel="noopener noreferrer">Official jQuery 4.0.0 Release Announcement</a></li> <li><a href="https://jquery.com/upgrade-guide/4.0/" rel="noopener noreferrer">jQuery 4.0 Upgrade Guide</a></li> <li><a href="https://jquery.com/download/" rel="noopener noreferrer">jQuery Download Page</a></li> <li><a href="https://github.com/jquery/jquery" rel="noopener noreferrer">jQuery GitHub Repository</a></li> </ul> jquery javascript programming frontend Django Security: 10 Essential Steps to Secure Your Project Before Production sizan mahmud0 Thu, 15 Jan 2026 09:21:30 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/django-security-10-essential-steps-to-secure-your-project-before-production-4lfn https://dev.to/sizan_mahmud0_e7c3fd0cb68/django-security-10-essential-steps-to-secure-your-project-before-production-4lfn <h2> The Ultimate Production Security Checklist for Django Developers in 2026 </h2> <p>You've built an amazing Django application. Your features work perfectly, tests are passing, and you're ready to launch. But wait—<strong>is your application really secure?</strong></p> <p>Every day, thousands of Django applications get hacked because developers skip critical security steps. A single vulnerability can lead to data breaches, financial losses, and destroyed reputations.</p> <p>In this comprehensive guide, you'll learn <strong>10 essential security practices</strong> that every Django developer must implement before going to production. Plus, I'll show you how to handle high traffic like a pro!</p> <p><strong>By the end of this article, you'll know exactly how to:</strong></p> <ul> <li>✅ Secure your Django settings properly</li> <li>✅ Prevent common security vulnerabilities</li> <li>✅ Handle thousands of concurrent users</li> <li>✅ Monitor and respond to security threats</li> <li>✅ Pass security audits with confidence</li> </ul> <p>Before diving in, join our <a href="https://dly.to/NmfDmu9f4lN" rel="noopener noreferrer">community</a> to get more updates about Django <a href="https://dly.to/NmfDmu9f4lN" rel="noopener noreferrer">JOIN</a>. Let's dive in and make your Django app bulletproof! 🛡️</p> <h2> 🚨 Why Django Security Matters </h2> <p>Before we start, consider these sobering statistics:</p> <ul> <li> <strong>43%</strong> of cyberattacks target small businesses and startups</li> <li> <strong>60%</strong> of companies go out of business within 6 months of a data breach</li> <li> <strong>Average cost</strong> of a data breach: <strong>$4.45 million</strong> </li> </ul> <p>Django provides excellent security features out of the box, but <strong>YOU</strong> must configure them correctly. One misconfiguration can expose your entire application.</p> <h2> Security Tip #1: Lock Down Your Django Settings </h2> <h3> The Problem </h3> <p>Default Django settings are designed for development, not production. Running with <code>DEBUG=True</code> in production is like leaving your front door wide open.</p> <h3> The Solution </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># settings/production.py </span><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">pathlib</span> <span class="kn">import</span> <span class="n">Path</span> <span class="c1"># CRITICAL: Never run with DEBUG=True in production </span><span class="n">DEBUG</span> <span class="o">=</span> <span class="bp">False</span> <span class="c1"># Restrict which hosts can access your application </span><span class="n">ALLOWED_HOSTS</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">'</span><span class="s">yourdomain.com</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">www.yourdomain.com</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">api.yourdomain.com</span><span class="sh">'</span><span class="p">,</span> <span class="p">]</span> <span class="c1"># Generate a strong SECRET_KEY and keep it secret! </span><span class="n">SECRET_KEY</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">DJANGO_SECRET_KEY</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">SECRET_KEY</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">DJANGO_SECRET_KEY environment variable must be set!</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Security Headers </span><span class="n">SECURE_SSL_REDIRECT</span> <span class="o">=</span> <span class="bp">True</span> <span class="c1"># Force HTTPS </span><span class="n">SESSION_COOKIE_SECURE</span> <span class="o">=</span> <span class="bp">True</span> <span class="c1"># Only send cookies over HTTPS </span><span class="n">CSRF_COOKIE_SECURE</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">SECURE_BROWSER_XSS_FILTER</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">SECURE_CONTENT_TYPE_NOSNIFF</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">X_FRAME_OPTIONS</span> <span class="o">=</span> <span class="sh">'</span><span class="s">DENY</span><span class="sh">'</span> <span class="c1"># Prevent clickjacking </span> <span class="c1"># HSTS (HTTP Strict Transport Security) </span><span class="n">SECURE_HSTS_SECONDS</span> <span class="o">=</span> <span class="mi">31536000</span> <span class="c1"># 1 year </span><span class="n">SECURE_HSTS_INCLUDE_SUBDOMAINS</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">SECURE_HSTS_PRELOAD</span> <span class="o">=</span> <span class="bp">True</span> <span class="c1"># Proxy settings (if behind nginx/load balancer) </span><span class="n">SECURE_PROXY_SSL_HEADER</span> <span class="o">=</span> <span class="p">(</span><span class="sh">'</span><span class="s">HTTP_X_FORWARDED_PROTO</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">https</span><span class="sh">'</span><span class="p">)</span> <span class="n">USE_X_FORWARDED_HOST</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">USE_X_FORWARDED_PORT</span> <span class="o">=</span> <span class="bp">True</span> </code></pre> </div> <h3> Generate a Strong SECRET_KEY </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># generate_secret_key.py </span><span class="kn">from</span> <span class="n">django.core.management.utils</span> <span class="kn">import</span> <span class="n">get_random_secret_key</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Your new SECRET_KEY: </span><span class="si">{</span><span class="nf">get_random_secret_key</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Pro Tip:</strong> Never commit your SECRET_KEY to version control! Use environment variables or secret management tools like AWS Secrets Manager or HashiCorp Vault.</p> <h2> Security Tip #2: Implement Proper Authentication &amp; Authorization </h2> <h3> The Problem </h3> <p>Weak authentication allows attackers to gain unauthorized access. Poor authorization lets users access data they shouldn't see.</p> <h3> The Solution </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># settings.py </span><span class="n">AUTH_PASSWORD_VALIDATORS</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">'</span><span class="s">NAME</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django.contrib.auth.password_validation.UserAttributeSimilarityValidator</span><span class="sh">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">'</span><span class="s">NAME</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django.contrib.auth.password_validation.MinimumLengthValidator</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">OPTIONS</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">min_length</span><span class="sh">'</span><span class="p">:</span> <span class="mi">12</span><span class="p">,</span> <span class="c1"># Require strong passwords </span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">'</span><span class="s">NAME</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django.contrib.auth.password_validation.CommonPasswordValidator</span><span class="sh">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">'</span><span class="s">NAME</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django.contrib.auth.password_validation.NumericPasswordValidator</span><span class="sh">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">]</span> <span class="c1"># Session Security </span><span class="n">SESSION_COOKIE_AGE</span> <span class="o">=</span> <span class="mi">3600</span> <span class="c1"># 1 hour </span><span class="n">SESSION_COOKIE_HTTPONLY</span> <span class="o">=</span> <span class="bp">True</span> <span class="c1"># Prevent JavaScript access </span><span class="n">SESSION_COOKIE_SAMESITE</span> <span class="o">=</span> <span class="sh">'</span><span class="s">Strict</span><span class="sh">'</span> <span class="c1"># Prevent CSRF </span><span class="n">SESSION_SAVE_EVERY_REQUEST</span> <span class="o">=</span> <span class="bp">True</span> <span class="c1"># Extend session on activity </span> <span class="c1"># Password hashing (use Argon2 for best security) </span><span class="n">PASSWORD_HASHERS</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">'</span><span class="s">django.contrib.auth.hashers.Argon2PasswordHasher</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">django.contrib.auth.hashers.PBKDF2PasswordHasher</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher</span><span class="sh">'</span><span class="p">,</span> <span class="p">]</span> </code></pre> </div> <h3> Install Argon2 </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>django[argon2] </code></pre> </div> <h3> Implement Two-Factor Authentication </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Install django-otp </span><span class="n">pip</span> <span class="n">install</span> <span class="n">django</span><span class="o">-</span><span class="n">otp</span> <span class="n">qrcode</span> <span class="c1"># settings.py </span><span class="n">INSTALLED_APPS</span> <span class="o">=</span> <span class="p">[</span> <span class="c1"># ... </span> <span class="sh">'</span><span class="s">django_otp</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">django_otp.plugins.otp_totp</span><span class="sh">'</span><span class="p">,</span> <span class="p">]</span> <span class="n">MIDDLEWARE</span> <span class="o">=</span> <span class="p">[</span> <span class="c1"># ... </span> <span class="sh">'</span><span class="s">django_otp.middleware.OTPMiddleware</span><span class="sh">'</span><span class="p">,</span> <span class="p">]</span> <span class="c1"># views.py </span><span class="kn">from</span> <span class="n">django_otp.decorators</span> <span class="kn">import</span> <span class="n">otp_required</span> <span class="nd">@otp_required</span> <span class="k">def</span> <span class="nf">sensitive_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="c1"># This view requires 2FA </span> <span class="k">return</span> <span class="nf">render</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="sh">'</span><span class="s">sensitive.html</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <h3> Advanced: Rate Limiting Login Attempts </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># middleware.py </span><span class="kn">from</span> <span class="n">django.core.cache</span> <span class="kn">import</span> <span class="n">cache</span> <span class="kn">from</span> <span class="n">django.http</span> <span class="kn">import</span> <span class="n">HttpResponseForbidden</span> <span class="kn">import</span> <span class="n">time</span> <span class="k">class</span> <span class="nc">LoginRateLimitMiddleware</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">get_response</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">get_response</span> <span class="o">=</span> <span class="n">get_response</span> <span class="k">def</span> <span class="nf">__call__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">):</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">path</span> <span class="o">==</span> <span class="sh">'</span><span class="s">/accounts/login/</span><span class="sh">'</span> <span class="ow">and</span> <span class="n">request</span><span class="p">.</span><span class="n">method</span> <span class="o">==</span> <span class="sh">'</span><span class="s">POST</span><span class="sh">'</span><span class="p">:</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_client_ip</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="n">cache_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">'</span><span class="s">login_attempts_</span><span class="si">{</span><span class="n">ip</span><span class="si">}</span><span class="sh">'</span> <span class="n">attempts</span> <span class="o">=</span> <span class="n">cache</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">cache_key</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="k">if</span> <span class="n">attempts</span> <span class="o">&gt;=</span> <span class="mi">5</span><span class="p">:</span> <span class="c1"># Max 5 attempts </span> <span class="k">return</span> <span class="nc">HttpResponseForbidden</span><span class="p">(</span> <span class="sh">'</span><span class="s">Too many login attempts. Try again in 15 minutes.</span><span class="sh">'</span> <span class="p">)</span> <span class="n">cache</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="n">cache_key</span><span class="p">,</span> <span class="n">attempts</span> <span class="o">+</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">900</span><span class="p">)</span> <span class="c1"># 15 minutes </span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_response</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_client_ip</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">):</span> <span class="n">x_forwarded_for</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">META</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">HTTP_X_FORWARDED_FOR</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="n">x_forwarded_for</span><span class="p">:</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">x_forwarded_for</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">,</span><span class="sh">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="k">else</span><span class="p">:</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">META</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">REMOTE_ADDR</span><span class="sh">'</span><span class="p">)</span> <span class="k">return</span> <span class="n">ip</span> </code></pre> </div> <h2> Security Tip #3: Prevent SQL Injection Attacks </h2> <h3> The Problem </h3> <p>SQL injection is one of the most common and dangerous vulnerabilities. It allows attackers to execute arbitrary database queries.</p> <h3> The Solution </h3> <p><strong>❌ NEVER DO THIS:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># DANGEROUS! Vulnerable to SQL injection </span><span class="k">def</span> <span class="nf">get_user_data</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">GET</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">)</span> <span class="n">query</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">SELECT * FROM users WHERE id = </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="sh">"</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">query</span><span class="p">)</span> <span class="c1"># UNSAFE! </span></code></pre> </div> <p><strong>✅ ALWAYS DO THIS:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># SAFE: Use Django ORM </span><span class="k">def</span> <span class="nf">get_user_data</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">GET</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">)</span> <span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nb">id</span><span class="o">=</span><span class="n">user_id</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="c1"># SAFE: Use parameterized queries if you need raw SQL </span><span class="k">def</span> <span class="nf">get_user_data_raw</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">GET</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">)</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">SELECT * FROM users WHERE id = %s</span><span class="sh">"</span><span class="p">,</span> <span class="p">[</span><span class="n">user_id</span><span class="p">]</span> <span class="c1"># Parameters are properly escaped </span> <span class="p">)</span> </code></pre> </div> <h3> Additional Protection: Input Validation </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.core.validators</span> <span class="kn">import</span> <span class="n">validate_email</span> <span class="kn">from</span> <span class="n">django.core.exceptions</span> <span class="kn">import</span> <span class="n">ValidationError</span> <span class="k">def</span> <span class="nf">create_user</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">email</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">POST</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">email</span><span class="sh">'</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="nf">validate_email</span><span class="p">(</span><span class="n">email</span><span class="p">)</span> <span class="k">except</span> <span class="n">ValidationError</span><span class="p">:</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">'</span><span class="s">error</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Invalid email</span><span class="sh">'</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">400</span><span class="p">)</span> <span class="c1"># Safe to proceed </span> <span class="n">User</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="n">email</span><span class="o">=</span><span class="n">email</span><span class="p">)</span> </code></pre> </div> <h2> Security Tip #4: Protect Against XSS (Cross-Site Scripting) </h2> <h3> The Problem </h3> <p>XSS attacks inject malicious JavaScript into your pages, stealing cookies, sessions, and sensitive data.</p> <h3> The Solution </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Django automatically escapes variables in templates # This is SAFE: </span><span class="o">&lt;</span><span class="n">p</span><span class="o">&gt;</span><span class="p">{{</span> <span class="n">user</span><span class="p">.</span><span class="n">name</span> <span class="p">}}</span><span class="o">&lt;/</span><span class="n">p</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="err">!</span><span class="o">--</span> <span class="n">Automatically</span> <span class="n">escaped</span> <span class="o">--&gt;</span> <span class="c1"># If you MUST render HTML, sanitize it first # Install bleach </span><span class="n">pip</span> <span class="n">install</span> <span class="n">bleach</span> <span class="c1"># utils.py </span><span class="kn">import</span> <span class="n">bleach</span> <span class="n">ALLOWED_TAGS</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">p</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">br</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">strong</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">em</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">a</span><span class="sh">'</span><span class="p">]</span> <span class="n">ALLOWED_ATTRIBUTES</span> <span class="o">=</span> <span class="p">{</span><span class="sh">'</span><span class="s">a</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span><span class="sh">'</span><span class="s">href</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]}</span> <span class="k">def</span> <span class="nf">sanitize_html</span><span class="p">(</span><span class="n">dirty_html</span><span class="p">):</span> <span class="k">return</span> <span class="n">bleach</span><span class="p">.</span><span class="nf">clean</span><span class="p">(</span> <span class="n">dirty_html</span><span class="p">,</span> <span class="n">tags</span><span class="o">=</span><span class="n">ALLOWED_TAGS</span><span class="p">,</span> <span class="n">attributes</span><span class="o">=</span><span class="n">ALLOWED_ATTRIBUTES</span><span class="p">,</span> <span class="n">strip</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="c1"># views.py </span><span class="kn">from</span> <span class="n">django.utils.safestring</span> <span class="kn">import</span> <span class="n">mark_safe</span> <span class="k">def</span> <span class="nf">display_content</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">user_content</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">POST</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">content</span><span class="sh">'</span><span class="p">)</span> <span class="n">clean_content</span> <span class="o">=</span> <span class="nf">sanitize_html</span><span class="p">(</span><span class="n">user_content</span><span class="p">)</span> <span class="k">return</span> <span class="nf">render</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="sh">'</span><span class="s">page.html</span><span class="sh">'</span><span class="p">,</span> <span class="p">{</span> <span class="sh">'</span><span class="s">content</span><span class="sh">'</span><span class="p">:</span> <span class="nf">mark_safe</span><span class="p">(</span><span class="n">clean_content</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <h3> Content Security Policy (CSP) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Install django-csp </span><span class="n">pip</span> <span class="n">install</span> <span class="n">django</span><span class="o">-</span><span class="n">csp</span> <span class="c1"># settings.py </span><span class="n">MIDDLEWARE</span> <span class="o">=</span> <span class="p">[</span> <span class="c1"># ... </span> <span class="sh">'</span><span class="s">csp.middleware.CSPMiddleware</span><span class="sh">'</span><span class="p">,</span> <span class="p">]</span> <span class="n">CSP_DEFAULT_SRC</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"'</span><span class="s">self</span><span class="sh">'"</span><span class="p">,)</span> <span class="n">CSP_SCRIPT_SRC</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"'</span><span class="s">self</span><span class="sh">'"</span><span class="p">,</span> <span class="sh">'</span><span class="s">cdn.jsdelivr.net</span><span class="sh">'</span><span class="p">)</span> <span class="n">CSP_STYLE_SRC</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"'</span><span class="s">self</span><span class="sh">'"</span><span class="p">,</span> <span class="sh">'</span><span class="s">fonts.googleapis.com</span><span class="sh">'</span><span class="p">)</span> <span class="n">CSP_FONT_SRC</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"'</span><span class="s">self</span><span class="sh">'"</span><span class="p">,</span> <span class="sh">'</span><span class="s">fonts.gstatic.com</span><span class="sh">'</span><span class="p">)</span> <span class="n">CSP_IMG_SRC</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"'</span><span class="s">self</span><span class="sh">'"</span><span class="p">,</span> <span class="sh">'</span><span class="s">data:</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">https:</span><span class="sh">'</span><span class="p">)</span> <span class="n">CSP_CONNECT_SRC</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"'</span><span class="s">self</span><span class="sh">'"</span><span class="p">,)</span> </code></pre> </div> <h2> Security Tip #5: Secure File Uploads </h2> <h3> The Problem </h3> <p>Unrestricted file uploads can lead to remote code execution, malware distribution, and server compromise.</p> <h3> The Solution </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># settings.py # Limit file upload size </span><span class="n">DATA_UPLOAD_MAX_MEMORY_SIZE</span> <span class="o">=</span> <span class="mi">5242880</span> <span class="c1"># 5MB </span><span class="n">FILE_UPLOAD_MAX_MEMORY_SIZE</span> <span class="o">=</span> <span class="mi">5242880</span> <span class="c1"># 5MB </span> <span class="c1"># Restrict file types </span><span class="n">ALLOWED_UPLOAD_EXTENSIONS</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">.jpg</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">.jpeg</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">.png</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">.pdf</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">.docx</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Store uploads outside web root </span><span class="n">MEDIA_ROOT</span> <span class="o">=</span> <span class="sh">'</span><span class="s">/var/www/media/</span><span class="sh">'</span> <span class="n">MEDIA_URL</span> <span class="o">=</span> <span class="sh">'</span><span class="s">/media/</span><span class="sh">'</span> <span class="c1"># models.py </span><span class="kn">from</span> <span class="n">django.core.validators</span> <span class="kn">import</span> <span class="n">FileExtensionValidator</span> <span class="kn">from</span> <span class="n">django.core.exceptions</span> <span class="kn">import</span> <span class="n">ValidationError</span> <span class="k">def</span> <span class="nf">validate_file_size</span><span class="p">(</span><span class="nb">file</span><span class="p">):</span> <span class="n">max_size_mb</span> <span class="o">=</span> <span class="mi">5</span> <span class="k">if</span> <span class="nb">file</span><span class="p">.</span><span class="n">size</span> <span class="o">&gt;</span> <span class="n">max_size_mb</span> <span class="o">*</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">1024</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValidationError</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="s">File size cannot exceed </span><span class="si">{</span><span class="n">max_size_mb</span><span class="si">}</span><span class="s">MB</span><span class="sh">'</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Document</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="nb">file</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">FileField</span><span class="p">(</span> <span class="n">upload_to</span><span class="o">=</span><span class="sh">'</span><span class="s">documents/%Y/%m/%d/</span><span class="sh">'</span><span class="p">,</span> <span class="n">validators</span><span class="o">=</span><span class="p">[</span> <span class="nc">FileExtensionValidator</span><span class="p">(</span> <span class="n">allowed_extensions</span><span class="o">=</span><span class="p">[</span><span class="sh">'</span><span class="s">pdf</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">docx</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">jpg</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">png</span><span class="sh">'</span><span class="p">]</span> <span class="p">),</span> <span class="n">validate_file_size</span><span class="p">,</span> <span class="p">]</span> <span class="p">)</span> <span class="c1"># views.py </span><span class="kn">from</span> <span class="n">PIL</span> <span class="kn">import</span> <span class="n">Image</span> <span class="kn">import</span> <span class="n">magic</span> <span class="k">def</span> <span class="nf">upload_image</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">method</span> <span class="o">==</span> <span class="sh">'</span><span class="s">POST</span><span class="sh">'</span><span class="p">:</span> <span class="n">uploaded_file</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">FILES</span><span class="p">[</span><span class="sh">'</span><span class="s">image</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Verify file type using python-magic </span> <span class="n">file_type</span> <span class="o">=</span> <span class="n">magic</span><span class="p">.</span><span class="nf">from_buffer</span><span class="p">(</span><span class="n">uploaded_file</span><span class="p">.</span><span class="nf">read</span><span class="p">(</span><span class="mi">1024</span><span class="p">),</span> <span class="n">mime</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">uploaded_file</span><span class="p">.</span><span class="nf">seek</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span> <span class="k">if</span> <span class="n">file_type</span> <span class="ow">not</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">'</span><span class="s">image/jpeg</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">image/png</span><span class="sh">'</span><span class="p">]:</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">'</span><span class="s">error</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Invalid file type</span><span class="sh">'</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">400</span><span class="p">)</span> <span class="c1"># Verify image integrity </span> <span class="k">try</span><span class="p">:</span> <span class="n">img</span> <span class="o">=</span> <span class="n">Image</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="n">uploaded_file</span><span class="p">)</span> <span class="n">img</span><span class="p">.</span><span class="nf">verify</span><span class="p">()</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">'</span><span class="s">error</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Corrupted image</span><span class="sh">'</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">400</span><span class="p">)</span> <span class="c1"># Safe to save </span> <span class="n">document</span> <span class="o">=</span> <span class="n">Document</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nb">file</span><span class="o">=</span><span class="n">uploaded_file</span><span class="p">)</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">'</span><span class="s">success</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span><span class="p">})</span> </code></pre> </div> <h3> Scan Uploads for Malware </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Install ClamAV </span><span class="n">pip</span> <span class="n">install</span> <span class="n">clamd</span> <span class="c1"># utils.py </span><span class="kn">import</span> <span class="n">clamd</span> <span class="k">def</span> <span class="nf">scan_file_for_malware</span><span class="p">(</span><span class="n">file_path</span><span class="p">):</span> <span class="n">cd</span> <span class="o">=</span> <span class="n">clamd</span><span class="p">.</span><span class="nc">ClamdUnixSocket</span><span class="p">()</span> <span class="n">scan_result</span> <span class="o">=</span> <span class="n">cd</span><span class="p">.</span><span class="nf">scan</span><span class="p">(</span><span class="n">file_path</span><span class="p">)</span> <span class="k">if</span> <span class="n">scan_result</span><span class="p">[</span><span class="n">file_path</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sh">'</span><span class="s">FOUND</span><span class="sh">'</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span><span class="p">,</span> <span class="n">scan_result</span><span class="p">[</span><span class="n">file_path</span><span class="p">][</span><span class="mi">1</span><span class="p">]</span> <span class="c1"># Malware found </span> <span class="k">return</span> <span class="bp">True</span><span class="p">,</span> <span class="bp">None</span> <span class="c1"># Clean </span></code></pre> </div> <h2> Security Tip #6: Protect Your APIs </h2> <h3> The Problem </h3> <p>APIs are prime targets for attacks: brute force, data scraping, DDoS, and more.</p> <h3> The Solution </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Install Django REST Framework and throttling </span><span class="n">pip</span> <span class="n">install</span> <span class="n">djangorestframework</span> <span class="c1"># settings.py </span><span class="n">REST_FRAMEWORK</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">DEFAULT_AUTHENTICATION_CLASSES</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span> <span class="sh">'</span><span class="s">rest_framework.authentication.TokenAuthentication</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">rest_framework_simplejwt.authentication.JWTAuthentication</span><span class="sh">'</span><span class="p">,</span> <span class="p">],</span> <span class="sh">'</span><span class="s">DEFAULT_PERMISSION_CLASSES</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span> <span class="sh">'</span><span class="s">rest_framework.permissions.IsAuthenticated</span><span class="sh">'</span><span class="p">,</span> <span class="p">],</span> <span class="sh">'</span><span class="s">DEFAULT_THROTTLE_CLASSES</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span> <span class="sh">'</span><span class="s">rest_framework.throttling.AnonRateThrottle</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">rest_framework.throttling.UserRateThrottle</span><span class="sh">'</span><span class="p">,</span> <span class="p">],</span> <span class="sh">'</span><span class="s">DEFAULT_THROTTLE_RATES</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">anon</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">100/hour</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">user</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">1000/hour</span><span class="sh">'</span><span class="p">,</span> <span class="p">},</span> <span class="sh">'</span><span class="s">DEFAULT_RENDERER_CLASSES</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span> <span class="sh">'</span><span class="s">rest_framework.renderers.JSONRenderer</span><span class="sh">'</span><span class="p">,</span> <span class="p">],</span> <span class="p">}</span> <span class="c1"># Use JWT for stateless authentication </span><span class="n">SIMPLE_JWT</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">ACCESS_TOKEN_LIFETIME</span><span class="sh">'</span><span class="p">:</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="mi">15</span><span class="p">),</span> <span class="sh">'</span><span class="s">REFRESH_TOKEN_LIFETIME</span><span class="sh">'</span><span class="p">:</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="mi">1</span><span class="p">),</span> <span class="sh">'</span><span class="s">ROTATE_REFRESH_TOKENS</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="sh">'</span><span class="s">BLACKLIST_AFTER_ROTATION</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="p">}</span> <span class="c1"># views.py - Custom throttling </span><span class="kn">from</span> <span class="n">rest_framework.throttling</span> <span class="kn">import</span> <span class="n">UserRateThrottle</span> <span class="k">class</span> <span class="nc">BurstRateThrottle</span><span class="p">(</span><span class="n">UserRateThrottle</span><span class="p">):</span> <span class="n">scope</span> <span class="o">=</span> <span class="sh">'</span><span class="s">burst</span><span class="sh">'</span> <span class="n">rate</span> <span class="o">=</span> <span class="sh">'</span><span class="s">10/min</span><span class="sh">'</span> <span class="k">class</span> <span class="nc">SustainedRateThrottle</span><span class="p">(</span><span class="n">UserRateThrottle</span><span class="p">):</span> <span class="n">scope</span> <span class="o">=</span> <span class="sh">'</span><span class="s">sustained</span><span class="sh">'</span> <span class="n">rate</span> <span class="o">=</span> <span class="sh">'</span><span class="s">1000/day</span><span class="sh">'</span> <span class="k">class</span> <span class="nc">MyAPIView</span><span class="p">(</span><span class="n">APIView</span><span class="p">):</span> <span class="n">throttle_classes</span> <span class="o">=</span> <span class="p">[</span><span class="n">BurstRateThrottle</span><span class="p">,</span> <span class="n">SustainedRateThrottle</span><span class="p">]</span> <span class="k">def</span> <span class="nf">get</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">):</span> <span class="k">return</span> <span class="nc">Response</span><span class="p">({</span><span class="sh">'</span><span class="s">data</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">protected</span><span class="sh">'</span><span class="p">})</span> </code></pre> </div> <h3> API Key Management </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># models.py </span><span class="kn">import</span> <span class="n">secrets</span> <span class="k">class</span> <span class="nc">APIKey</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">user</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">ForeignKey</span><span class="p">(</span><span class="n">User</span><span class="p">,</span> <span class="n">on_delete</span><span class="o">=</span><span class="n">models</span><span class="p">.</span><span class="n">CASCADE</span><span class="p">)</span> <span class="n">key</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">64</span><span class="p">,</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">name</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="n">created_at</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">DateTimeField</span><span class="p">(</span><span class="n">auto_now_add</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">last_used</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">DateTimeField</span><span class="p">(</span><span class="n">null</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">is_active</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">BooleanField</span><span class="p">(</span><span class="n">default</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">def</span> <span class="nf">save</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">self</span><span class="p">.</span><span class="n">key</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">key</span> <span class="o">=</span> <span class="n">secrets</span><span class="p">.</span><span class="nf">token_urlsafe</span><span class="p">(</span><span class="mi">32</span><span class="p">)</span> <span class="nf">super</span><span class="p">().</span><span class="nf">save</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="c1"># authentication.py </span><span class="kn">from</span> <span class="n">rest_framework.authentication</span> <span class="kn">import</span> <span class="n">BaseAuthentication</span> <span class="kn">from</span> <span class="n">rest_framework.exceptions</span> <span class="kn">import</span> <span class="n">AuthenticationFailed</span> <span class="k">class</span> <span class="nc">APIKeyAuthentication</span><span class="p">(</span><span class="n">BaseAuthentication</span><span class="p">):</span> <span class="k">def</span> <span class="nf">authenticate</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">):</span> <span class="n">api_key</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">META</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">HTTP_X_API_KEY</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">api_key</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">try</span><span class="p">:</span> <span class="n">key_obj</span> <span class="o">=</span> <span class="n">APIKey</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="n">api_key</span><span class="p">,</span> <span class="n">is_active</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">key_obj</span><span class="p">.</span><span class="n">last_used</span> <span class="o">=</span> <span class="n">timezone</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="n">key_obj</span><span class="p">.</span><span class="nf">save</span><span class="p">(</span><span class="n">update_fields</span><span class="o">=</span><span class="p">[</span><span class="sh">'</span><span class="s">last_used</span><span class="sh">'</span><span class="p">])</span> <span class="nf">return </span><span class="p">(</span><span class="n">key_obj</span><span class="p">.</span><span class="n">user</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> <span class="k">except</span> <span class="n">APIKey</span><span class="p">.</span><span class="n">DoesNotExist</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">AuthenticationFailed</span><span class="p">(</span><span class="sh">'</span><span class="s">Invalid API key</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <h2> Security Tip #7: Database Security Best Practices </h2> <h3> The Problem </h3> <p>Database breaches expose sensitive user data, leading to regulatory fines and loss of trust.</p> <h3> The Solution </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># settings.py - Use environment variables </span><span class="n">DATABASES</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">default</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">ENGINE</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django.db.backends.postgresql</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">NAME</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">DB_NAME</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">USER</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">DB_USER</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">PASSWORD</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">DB_PASSWORD</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">HOST</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">DB_HOST</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">PORT</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">DB_PORT</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">5432</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">OPTIONS</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">sslmode</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">require</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># Require SSL connection </span> <span class="sh">'</span><span class="s">connect_timeout</span><span class="sh">'</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="p">},</span> <span class="sh">'</span><span class="s">CONN_MAX_AGE</span><span class="sh">'</span><span class="p">:</span> <span class="mi">600</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Encrypt sensitive data </span><span class="n">pip</span> <span class="n">install</span> <span class="n">django</span><span class="o">-</span><span class="n">fernet</span><span class="o">-</span><span class="n">fields</span> <span class="c1"># models.py </span><span class="kn">from</span> <span class="n">fernet_fields</span> <span class="kn">import</span> <span class="n">EncryptedTextField</span><span class="p">,</span> <span class="n">EncryptedCharField</span> <span class="k">class</span> <span class="nc">UserProfile</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">user</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">OneToOneField</span><span class="p">(</span><span class="n">User</span><span class="p">,</span> <span class="n">on_delete</span><span class="o">=</span><span class="n">models</span><span class="p">.</span><span class="n">CASCADE</span><span class="p">)</span> <span class="n">ssn</span> <span class="o">=</span> <span class="nc">EncryptedCharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">11</span><span class="p">)</span> <span class="c1"># Encrypted at rest </span> <span class="n">credit_card</span> <span class="o">=</span> <span class="nc">EncryptedCharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">16</span><span class="p">)</span> <span class="n">address</span> <span class="o">=</span> <span class="nc">EncryptedTextField</span><span class="p">()</span> <span class="c1"># Backup encryption key in settings.py </span><span class="n">FERNET_KEYS</span> <span class="o">=</span> <span class="p">[</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">FERNET_KEY</span><span class="sh">'</span><span class="p">),</span> <span class="p">]</span> </code></pre> </div> <h3> Database Access Control </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Create read-only user for reporting</span> <span class="k">CREATE</span> <span class="k">USER</span> <span class="n">reporting_user</span> <span class="k">WITH</span> <span class="n">PASSWORD</span> <span class="s1">'strong_password'</span><span class="p">;</span> <span class="k">GRANT</span> <span class="k">CONNECT</span> <span class="k">ON</span> <span class="k">DATABASE</span> <span class="n">mydb</span> <span class="k">TO</span> <span class="n">reporting_user</span><span class="p">;</span> <span class="k">GRANT</span> <span class="k">SELECT</span> <span class="k">ON</span> <span class="k">ALL</span> <span class="n">TABLES</span> <span class="k">IN</span> <span class="k">SCHEMA</span> <span class="k">public</span> <span class="k">TO</span> <span class="n">reporting_user</span><span class="p">;</span> <span class="c1">-- Create limited user for application</span> <span class="k">CREATE</span> <span class="k">USER</span> <span class="n">app_user</span> <span class="k">WITH</span> <span class="n">PASSWORD</span> <span class="s1">'strong_password'</span><span class="p">;</span> <span class="k">GRANT</span> <span class="k">CONNECT</span> <span class="k">ON</span> <span class="k">DATABASE</span> <span class="n">mydb</span> <span class="k">TO</span> <span class="n">app_user</span><span class="p">;</span> <span class="k">GRANT</span> <span class="k">SELECT</span><span class="p">,</span> <span class="k">INSERT</span><span class="p">,</span> <span class="k">UPDATE</span><span class="p">,</span> <span class="k">DELETE</span> <span class="k">ON</span> <span class="k">ALL</span> <span class="n">TABLES</span> <span class="k">IN</span> <span class="k">SCHEMA</span> <span class="k">public</span> <span class="k">TO</span> <span class="n">app_user</span><span class="p">;</span> <span class="k">REVOKE</span> <span class="k">CREATE</span> <span class="k">ON</span> <span class="k">SCHEMA</span> <span class="k">public</span> <span class="k">FROM</span> <span class="n">app_user</span><span class="p">;</span> </code></pre> </div> <h3> Audit Logging </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Install django-auditlog </span><span class="n">pip</span> <span class="n">install</span> <span class="n">django</span><span class="o">-</span><span class="n">auditlog</span> <span class="c1"># settings.py </span><span class="n">INSTALLED_APPS</span> <span class="o">=</span> <span class="p">[</span> <span class="c1"># ... </span> <span class="sh">'</span><span class="s">auditlog</span><span class="sh">'</span><span class="p">,</span> <span class="p">]</span> <span class="c1"># models.py </span><span class="kn">from</span> <span class="n">auditlog.registry</span> <span class="kn">import</span> <span class="n">auditlog</span> <span class="k">class</span> <span class="nc">SensitiveData</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">user</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">ForeignKey</span><span class="p">(</span><span class="n">User</span><span class="p">,</span> <span class="n">on_delete</span><span class="o">=</span><span class="n">models</span><span class="p">.</span><span class="n">CASCADE</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">TextField</span><span class="p">()</span> <span class="n">auditlog</span><span class="p">.</span><span class="nf">register</span><span class="p">(</span><span class="n">SensitiveData</span><span class="p">)</span> <span class="c1"># Now all changes are automatically logged! </span></code></pre> </div> <h2> Security Tip #8: Implement Security Monitoring </h2> <h3> The Problem </h3> <p>You can't fix what you don't know about. Without monitoring, breaches go undetected for months.</p> <h3> The Solution </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Install Sentry for error tracking </span><span class="n">pip</span> <span class="n">install</span> <span class="n">sentry</span><span class="o">-</span><span class="n">sdk</span> <span class="c1"># settings.py </span><span class="kn">import</span> <span class="n">sentry_sdk</span> <span class="kn">from</span> <span class="n">sentry_sdk.integrations.django</span> <span class="kn">import</span> <span class="n">DjangoIntegration</span> <span class="n">sentry_sdk</span><span class="p">.</span><span class="nf">init</span><span class="p">(</span> <span class="n">dsn</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">SENTRY_DSN</span><span class="sh">'</span><span class="p">),</span> <span class="n">integrations</span><span class="o">=</span><span class="p">[</span><span class="nc">DjangoIntegration</span><span class="p">()],</span> <span class="n">traces_sample_rate</span><span class="o">=</span><span class="mf">1.0</span><span class="p">,</span> <span class="n">send_default_pii</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="c1"># Don't send personally identifiable information </span> <span class="n">environment</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">ENVIRONMENT</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">production</span><span class="sh">'</span><span class="p">),</span> <span class="p">)</span> <span class="c1"># Custom security event logging # middleware.py </span><span class="kn">import</span> <span class="n">logging</span> <span class="n">security_logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="sh">'</span><span class="s">security</span><span class="sh">'</span><span class="p">)</span> <span class="k">class</span> <span class="nc">SecurityMonitoringMiddleware</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">get_response</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">get_response</span> <span class="o">=</span> <span class="n">get_response</span> <span class="k">def</span> <span class="nf">__call__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">):</span> <span class="c1"># Log suspicious activity </span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="nf">is_suspicious</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">security_logger</span><span class="p">.</span><span class="nf">warning</span><span class="p">(</span> <span class="sa">f</span><span class="sh">'</span><span class="s">Suspicious request from </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="nf">get_client_ip</span><span class="p">(</span><span class="n">request</span><span class="p">)</span><span class="si">}</span><span class="sh">'</span><span class="p">,</span> <span class="n">extra</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">ip</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_client_ip</span><span class="p">(</span><span class="n">request</span><span class="p">),</span> <span class="sh">'</span><span class="s">path</span><span class="sh">'</span><span class="p">:</span> <span class="n">request</span><span class="p">.</span><span class="n">path</span><span class="p">,</span> <span class="sh">'</span><span class="s">user</span><span class="sh">'</span><span class="p">:</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="n">username</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="n">is_authenticated</span> <span class="k">else</span> <span class="sh">'</span><span class="s">anonymous</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">user_agent</span><span class="sh">'</span><span class="p">:</span> <span class="n">request</span><span class="p">.</span><span class="n">META</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">HTTP_USER_AGENT</span><span class="sh">'</span><span class="p">),</span> <span class="p">}</span> <span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_response</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span> <span class="k">def</span> <span class="nf">is_suspicious</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">):</span> <span class="c1"># Check for common attack patterns </span> <span class="n">suspicious_patterns</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">'</span><span class="s">../</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">..</span><span class="se">\\</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># Path traversal </span> <span class="sh">'</span><span class="s">&lt;script</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">javascript:</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># XSS attempts </span> <span class="sh">'</span><span class="s">union select</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">drop table</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># SQL injection </span> <span class="sh">'</span><span class="s">&lt;?php</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># PHP code injection </span> <span class="p">]</span> <span class="n">query_string</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">META</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">QUERY_STRING</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">).</span><span class="nf">lower</span><span class="p">()</span> <span class="n">path</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">lower</span><span class="p">()</span> <span class="k">return</span> <span class="nf">any</span><span class="p">(</span><span class="n">pattern</span> <span class="ow">in</span> <span class="n">query_string</span> <span class="ow">or</span> <span class="n">pattern</span> <span class="ow">in</span> <span class="n">path</span> <span class="k">for</span> <span class="n">pattern</span> <span class="ow">in</span> <span class="n">suspicious_patterns</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_client_ip</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">):</span> <span class="n">x_forwarded_for</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">META</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">HTTP_X_FORWARDED_FOR</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="n">x_forwarded_for</span><span class="p">:</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">x_forwarded_for</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">,</span><span class="sh">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="k">else</span><span class="p">:</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">META</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">REMOTE_ADDR</span><span class="sh">'</span><span class="p">)</span> <span class="k">return</span> <span class="n">ip</span> <span class="c1"># settings.py - Configure logging </span><span class="n">LOGGING</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">version</span><span class="sh">'</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="sh">'</span><span class="s">disable_existing_loggers</span><span class="sh">'</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="sh">'</span><span class="s">formatters</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">verbose</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">format</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">{levelname} {asctime} {module} {message}</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">style</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">{</span><span class="sh">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="sh">'</span><span class="s">handlers</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">file</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">level</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">WARNING</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">class</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">logging.handlers.RotatingFileHandler</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">filename</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">/var/log/django/security.log</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">maxBytes</span><span class="sh">'</span><span class="p">:</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">15</span><span class="p">,</span> <span class="c1"># 15MB </span> <span class="sh">'</span><span class="s">backupCount</span><span class="sh">'</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="sh">'</span><span class="s">formatter</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">verbose</span><span class="sh">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="sh">'</span><span class="s">loggers</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">security</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">handlers</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span><span class="sh">'</span><span class="s">file</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">level</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">WARNING</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">propagate</span><span class="sh">'</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}</span> </code></pre> </div> <h2> Security Tip #9: Secure Your Dependencies </h2> <h3> The Problem </h3> <p>Third-party packages can have vulnerabilities that compromise your entire application.</p> <h3> The Solution </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install safety to check for known vulnerabilities</span> pip <span class="nb">install </span>safety <span class="c"># Check your dependencies</span> safety check <span class="c"># Scan with Bandit for security issues in your code</span> pip <span class="nb">install </span>bandit bandit <span class="nt">-r</span> <span class="nb">.</span> <span class="nt">-f</span> json <span class="nt">-o</span> security-report.json <span class="c"># Keep dependencies updated</span> pip <span class="nb">install </span>pip-audit pip-audit <span class="c"># Use requirements with pinned versions</span> pip freeze <span class="o">&gt;</span> requirements.txt </code></pre> </div> <h3> Automated Dependency Scanning </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .github/workflows/security-scan.yml</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Security Scan</span> <span class="na">on</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">cron</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0</span><span class="nv"> </span><span class="s">0</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">0'</span> <span class="c1"># Run weekly</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">security-scan</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Python</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-python@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">python-version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.11'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">pip install safety bandit pip-audit</span> <span class="s">pip install -r requirements.txt</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Safety check</span> <span class="na">run</span><span class="pi">:</span> <span class="s">safety check --json</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Bandit scan</span> <span class="na">run</span><span class="pi">:</span> <span class="s">bandit -r . -f json -o bandit-report.json</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run pip-audit</span> <span class="na">run</span><span class="pi">:</span> <span class="s">pip-audit</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Upload results</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/upload-artifact@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">security-reports</span> <span class="na">path</span><span class="pi">:</span> <span class="s">bandit-report.json</span> </code></pre> </div> <h2> Security Tip #10: Handle High Traffic Securely </h2> <h3> The Problem </h3> <p>Traffic spikes can bring down your application or be exploited for DDoS attacks.</p> <h3> The Solution </h3> <h3> 1. Implement Caching </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># settings.py </span><span class="n">CACHES</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">default</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">BACKEND</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django.core.cache.backends.redis.RedisCache</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">LOCATION</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">REDIS_URL</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">redis://127.0.0.1:6379/1</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">OPTIONS</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">CLIENT_CLASS</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django_redis.client.DefaultClient</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">PASSWORD</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">REDIS_PASSWORD</span><span class="sh">'</span><span class="p">),</span> <span class="p">},</span> <span class="sh">'</span><span class="s">KEY_PREFIX</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">myapp</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">TIMEOUT</span><span class="sh">'</span><span class="p">:</span> <span class="mi">300</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># views.py </span><span class="kn">from</span> <span class="n">django.views.decorators.cache</span> <span class="kn">import</span> <span class="n">cache_page</span> <span class="kn">from</span> <span class="n">django.core.cache</span> <span class="kn">import</span> <span class="n">cache</span> <span class="nd">@cache_page</span><span class="p">(</span><span class="mi">60</span> <span class="o">*</span> <span class="mi">15</span><span class="p">)</span> <span class="c1"># Cache for 15 minutes </span><span class="k">def</span> <span class="nf">homepage</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="k">return</span> <span class="nf">render</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="sh">'</span><span class="s">home.html</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Cache expensive queries </span><span class="k">def</span> <span class="nf">get_popular_posts</span><span class="p">():</span> <span class="n">cache_key</span> <span class="o">=</span> <span class="sh">'</span><span class="s">popular_posts</span><span class="sh">'</span> <span class="n">posts</span> <span class="o">=</span> <span class="n">cache</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">cache_key</span><span class="p">)</span> <span class="k">if</span> <span class="n">posts</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="n">posts</span> <span class="o">=</span> <span class="n">Post</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">annotate</span><span class="p">(</span> <span class="n">like_count</span><span class="o">=</span><span class="nc">Count</span><span class="p">(</span><span class="sh">'</span><span class="s">likes</span><span class="sh">'</span><span class="p">)</span> <span class="p">).</span><span class="nf">order_by</span><span class="p">(</span><span class="sh">'</span><span class="s">-like_count</span><span class="sh">'</span><span class="p">)[:</span><span class="mi">10</span><span class="p">]</span> <span class="n">cache</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="n">cache_key</span><span class="p">,</span> <span class="n">posts</span><span class="p">,</span> <span class="mi">3600</span><span class="p">)</span> <span class="c1"># Cache for 1 hour </span> <span class="k">return</span> <span class="n">posts</span> </code></pre> </div> <h3> 2. Database Connection Pooling </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># settings.py </span><span class="n">DATABASES</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">default</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">ENGINE</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django.db.backends.postgresql</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># ... </span> <span class="sh">'</span><span class="s">CONN_MAX_AGE</span><span class="sh">'</span><span class="p">:</span> <span class="mi">600</span><span class="p">,</span> <span class="c1"># Keep connections alive for 10 minutes </span> <span class="sh">'</span><span class="s">OPTIONS</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">pool</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="sh">'</span><span class="s">pool_size</span><span class="sh">'</span><span class="p">:</span> <span class="mi">20</span><span class="p">,</span> <span class="c1"># Maximum connections in pool </span> <span class="sh">'</span><span class="s">max_overflow</span><span class="sh">'</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="c1"># Additional connections when pool is full </span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Install pgbouncer for production # Ubuntu/Debian: # sudo apt-get install pgbouncer </span></code></pre> </div> <h3> 3. Load Balancing with Nginx </h3> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="c1"># /etc/nginx/sites-available/myapp</span> <span class="k">upstream</span> <span class="s">django_app</span> <span class="p">{</span> <span class="kn">least_conn</span><span class="p">;</span> <span class="c1"># Use least connections algorithm</span> <span class="kn">server</span> <span class="nf">127.0.0.1</span><span class="p">:</span><span class="mi">8001</span> <span class="s">max_fails=3</span> <span class="s">fail_timeout=30s</span><span class="p">;</span> <span class="kn">server</span> <span class="nf">127.0.0.1</span><span class="p">:</span><span class="mi">8002</span> <span class="s">max_fails=3</span> <span class="s">fail_timeout=30s</span><span class="p">;</span> <span class="kn">server</span> <span class="nf">127.0.0.1</span><span class="p">:</span><span class="mi">8003</span> <span class="s">max_fails=3</span> <span class="s">fail_timeout=30s</span><span class="p">;</span> <span class="p">}</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">myapp.com</span><span class="p">;</span> <span class="c1"># Rate limiting</span> <span class="kn">limit_req_zone</span> <span class="nv">$binary_remote_addr</span> <span class="s">zone=general:10m</span> <span class="s">rate=10r/s</span><span class="p">;</span> <span class="kn">limit_req_zone</span> <span class="nv">$binary_remote_addr</span> <span class="s">zone=api:10m</span> <span class="s">rate=100r/s</span><span class="p">;</span> <span class="c1"># DDoS protection</span> <span class="kn">client_body_timeout</span> <span class="s">10s</span><span class="p">;</span> <span class="kn">client_header_timeout</span> <span class="s">10s</span><span class="p">;</span> <span class="kn">keepalive_timeout</span> <span class="s">5s</span> <span class="s">5s</span><span class="p">;</span> <span class="kn">send_timeout</span> <span class="s">10s</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">limit_req</span> <span class="s">zone=general</span> <span class="s">burst=20</span> <span class="s">nodelay</span><span class="p">;</span> <span class="kn">proxy_pass</span> <span class="s">http://django_app</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="p">}</span> <span class="kn">location</span> <span class="n">/api/</span> <span class="p">{</span> <span class="kn">limit_req</span> <span class="s">zone=api</span> <span class="s">burst=50</span> <span class="s">nodelay</span><span class="p">;</span> <span class="kn">proxy_pass</span> <span class="s">http://django_app</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># Serve static files directly</span> <span class="kn">location</span> <span class="n">/static/</span> <span class="p">{</span> <span class="kn">alias</span> <span class="n">/var/www/myapp/staticfiles/</span><span class="p">;</span> <span class="kn">expires</span> <span class="s">30d</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">Cache-Control</span> <span class="s">"public,</span> <span class="s">immutable"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 4. Asynchronous Task Processing </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Install Celery </span><span class="n">pip</span> <span class="n">install</span> <span class="n">celery</span> <span class="n">redis</span> <span class="c1"># celery.py </span><span class="kn">from</span> <span class="n">celery</span> <span class="kn">import</span> <span class="n">Celery</span> <span class="kn">import</span> <span class="n">os</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">setdefault</span><span class="p">(</span><span class="sh">'</span><span class="s">DJANGO_SETTINGS_MODULE</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">myproject.settings</span><span class="sh">'</span><span class="p">)</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Celery</span><span class="p">(</span><span class="sh">'</span><span class="s">myproject</span><span class="sh">'</span><span class="p">)</span> <span class="n">app</span><span class="p">.</span><span class="nf">config_from_object</span><span class="p">(</span><span class="sh">'</span><span class="s">django.conf:settings</span><span class="sh">'</span><span class="p">,</span> <span class="n">namespace</span><span class="o">=</span><span class="sh">'</span><span class="s">CELERY</span><span class="sh">'</span><span class="p">)</span> <span class="n">app</span><span class="p">.</span><span class="nf">autodiscover_tasks</span><span class="p">()</span> <span class="c1"># settings.py </span><span class="n">CELERY_BROKER_URL</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">REDIS_URL</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">redis://localhost:6379/0</span><span class="sh">'</span><span class="p">)</span> <span class="n">CELERY_RESULT_BACKEND</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">REDIS_URL</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">redis://localhost:6379/0</span><span class="sh">'</span><span class="p">)</span> <span class="n">CELERY_ACCEPT_CONTENT</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">json</span><span class="sh">'</span><span class="p">]</span> <span class="n">CELERY_TASK_SERIALIZER</span> <span class="o">=</span> <span class="sh">'</span><span class="s">json</span><span class="sh">'</span> <span class="n">CELERY_RESULT_SERIALIZER</span> <span class="o">=</span> <span class="sh">'</span><span class="s">json</span><span class="sh">'</span> <span class="n">CELERY_TIMEZONE</span> <span class="o">=</span> <span class="sh">'</span><span class="s">UTC</span><span class="sh">'</span> <span class="c1"># tasks.py </span><span class="kn">from</span> <span class="n">celery</span> <span class="kn">import</span> <span class="n">shared_task</span> <span class="kn">from</span> <span class="n">django.core.mail</span> <span class="kn">import</span> <span class="n">send_mail</span> <span class="nd">@shared_task</span> <span class="k">def</span> <span class="nf">send_email_async</span><span class="p">(</span><span class="n">subject</span><span class="p">,</span> <span class="n">message</span><span class="p">,</span> <span class="n">recipient</span><span class="p">):</span> <span class="nf">send_mail</span><span class="p">(</span> <span class="n">subject</span><span class="p">,</span> <span class="n">message</span><span class="p">,</span> <span class="sh">'</span><span class="s">noreply@myapp.com</span><span class="sh">'</span><span class="p">,</span> <span class="p">[</span><span class="n">recipient</span><span class="p">],</span> <span class="n">fail_silently</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="p">)</span> <span class="c1"># views.py </span><span class="k">def</span> <span class="nf">register_user</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="c1"># ... user registration logic ... </span> <span class="c1"># Send welcome email asynchronously </span> <span class="n">send_email_async</span><span class="p">.</span><span class="nf">delay</span><span class="p">(</span> <span class="sh">'</span><span class="s">Welcome to MyApp</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Thank you for registering!</span><span class="sh">'</span><span class="p">,</span> <span class="n">user</span><span class="p">.</span><span class="n">email</span> <span class="p">)</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="sh">'</span><span class="s">dashboard</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <h3> 5. Auto-Scaling Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml with auto-scaling</span> <span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.9'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">web</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">myapp:latest</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">3</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0.5'</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">512M</span> <span class="na">reservations</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0.25'</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">256M</span> <span class="na">restart_policy</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">on-failure</span> <span class="na">delay</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">max_attempts</span><span class="pi">:</span> <span class="m">3</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">curl"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-f"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">http://localhost:8000/health/"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">30s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">3</span> <span class="na">start_period</span><span class="pi">:</span> <span class="s">40s</span> </code></pre> </div> <h2> 🎯 Production Security Checklist </h2> <p>Before deploying, verify:</p> <h3> Settings </h3> <ul> <li>[ ] DEBUG = False</li> <li>[ ] SECRET_KEY is secure and not in version control</li> <li>[ ] ALLOWED_HOSTS is properly configured</li> <li>[ ] All security middleware enabled</li> <li>[ ] HTTPS enforced (SECURE_SSL_REDIRECT = True)</li> <li>[ ] Secure cookies configured</li> </ul> <h3> Authentication &amp; Authorization </h3> <ul> <li>[ ] Strong password requirements</li> <li>[ ] Session security configured</li> <li>[ ] Rate limiting on login implemented</li> <li>[ ] 2FA available for sensitive accounts</li> <li>[ ] API authentication properly secured</li> </ul> <h3> Data Protection </h3> <ul> <li>[ ] SQL injection prevention (using ORM)</li> <li>[ ] XSS protection enabled</li> <li>[ ] CSRF protection active</li> <li>[ ] File upload validation</li> <li>[ ] Sensitive data encrypted</li> </ul> <h3> Infrastructure </h3> <ul> <li>[ ] Database credentials secured</li> <li>[ ] SSL/TLS certificates installed</li> <li>[ ] Firewall configured</li> <li>[ ] Regular backups scheduled</li> <li>[ ] Monitoring and logging active</li> </ul> <h3> Dependencies </h3> <ul> <li>[ ] All packages updated</li> <li>[ ] Security vulnerabilities scanned</li> <li>[ ] Unused dependencies removed</li> <li>[ ] Requirements.txt pinned versions</li> </ul> <h3> Performance &amp; Scaling </h3> <ul> <li>[ ] Caching implemented</li> <li>[ ] Database optimized</li> <li>[ ] Static files served efficiently</li> <li>[ ] CDN configured</li> <li>[ ] Load balancing ready</li> </ul> <h2> 🚀 Join Our Django Developer Community! </h2> <p><strong>Want to learn more about Django security and best practices?</strong><br> Continue your journey with <a href="https://dly.to/NmfDmu9f4lN" rel="noopener noreferrer">django community</a></p> django python security webdev Understanding Dead Letter Queues: Your Safety Net for Message Processing sizan mahmud0 Mon, 12 Jan 2026 09:03:25 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/understanding-dead-letter-queues-your-safety-net-for-message-processing-1iie https://dev.to/sizan_mahmud0_e7c3fd0cb68/understanding-dead-letter-queues-your-safety-net-for-message-processing-1iie <p>In distributed systems and message-driven architectures, not every message successfully reaches its destination on the first try. Network issues, service outages, invalid data formats, or business logic errors can cause message processing to fail. This is where Dead Letter Queues (DLQs) become an essential component of robust system design.</p> <h2> What is a Dead Letter Queue? </h2> <p>A Dead Letter Queue is a specialized queue that stores messages that cannot be processed successfully by their intended consumers. Think of it as a holding area for problematic messages that would otherwise be lost or cause repeated processing failures. When a message fails to be processed after multiple retry attempts, it gets moved to the DLQ instead of being discarded or blocking the main queue indefinitely.</p> <h2> Why Dead Letter Queues Matter </h2> <p>Without a DLQ, failed messages present several challenges:</p> <p><strong>Data Loss</strong>: Messages that fail processing might be permanently lost, leading to incomplete business transactions or missing critical information.</p> <p><strong>Queue Blocking</strong>: In some systems, a single poison message (a message that always fails processing) can block an entire queue, preventing subsequent valid messages from being processed.</p> <p><strong>Resource Waste</strong>: Continuously retrying a message that will never succeed wastes computational resources and can impact system performance.</p> <p><strong>Lack of Visibility</strong>: Without a designated place for failed messages, troubleshooting becomes difficult as there's no clear record of what went wrong.</p> <h2> How Dead Letter Queues Work </h2> <p>The typical flow of a message with DLQ protection looks like this:</p> <ol> <li>A message is published to a primary queue</li> <li>A consumer attempts to process the message</li> <li>If processing fails, the message is returned to the queue for retry</li> <li>After a configured number of retry attempts (often 3-5 retries), the message is automatically moved to the DLQ</li> <li>Operations teams can then inspect, fix, and potentially reprocess messages from the DLQ</li> </ol> <p>Most modern messaging systems like Amazon SQS, Azure Service Bus, RabbitMQ, and Apache Kafka support DLQs either natively or through configuration.</p> <h2> Common Causes of Messages Landing in DLQs </h2> <p>Understanding why messages end up in DLQs helps prevent future issues:</p> <ul> <li> <strong>Malformed Data</strong>: Invalid JSON, missing required fields, or data that doesn't match expected schemas</li> <li> <strong>Business Logic Violations</strong>: Messages that violate business rules or constraints</li> <li> <strong>Downstream Service Failures</strong>: Persistent unavailability of dependent services</li> <li> <strong>Timeout Issues</strong>: Processing takes longer than allowed limits</li> <li> <strong>Deserialization Errors</strong>: Problems converting message formats</li> <li> <strong>Bug in Consumer Code</strong>: Logic errors in the message processing code itself</li> </ul> <h2> Best Practices for Working with DLQs </h2> <h3> 1. Set Appropriate Retry Limits </h3> <p>Configure retry attempts based on your use case. Too few retries might send recoverable messages to the DLQ prematurely, while too many waste resources on truly broken messages.</p> <h3> 2. Include Rich Metadata </h3> <p>When moving messages to a DLQ, include contextual information such as:</p> <ul> <li>Original timestamp</li> <li>Number of retry attempts</li> <li>Error messages and stack traces</li> <li>Source queue information</li> <li>Correlation IDs for tracing</li> </ul> <h3> 3. Monitor Your DLQs Actively </h3> <p>Set up alerts when messages appear in your DLQ. A growing DLQ often indicates a systemic issue that needs immediate attention rather than individual message problems.</p> <h3> 4. Implement DLQ Processing Workflows </h3> <p>Develop procedures for:</p> <ul> <li>Regular DLQ inspection and analysis</li> <li>Message correction and reprocessing</li> <li>Pattern identification to fix root causes</li> <li>Archiving or purging old DLQ messages</li> </ul> <h3> 5. Use Separate DLQs for Different Message Types </h3> <p>Consider having dedicated DLQs for different queues or message types. This makes troubleshooting easier and allows for tailored handling strategies.</p> <h3> 6. Design for Idempotency </h3> <p>Since messages might be reprocessed from the DLQ, ensure your processing logic is idempotent so that reprocessing the same message multiple times doesn't cause duplicate effects.</p> <h2> Real-World Example: E-Commerce Order Processing </h2> <p>Imagine an e-commerce system where order placement messages are processed through a queue:</p> <ul> <li>An order message arrives with an invalid product ID</li> <li>The order processor attempts to look up the product but fails</li> <li>After 3 retry attempts (with exponential backoff), the message moves to the DLQ</li> <li>An alert notifies the operations team</li> <li>An engineer reviews the DLQ, identifies the issue (product was deleted from inventory)</li> <li>The order is either canceled with customer notification, or corrected with a valid product ID and reprocessed</li> <li>The team investigates why deleted products aren't being handled properly in the order flow</li> </ul> <p>Without a DLQ, this order might have been lost entirely or blocked other orders from processing.</p> <h2> DLQs in Different Platforms </h2> <p><strong>Amazon SQS</strong>: Supports DLQs through redrive policies, where you specify the source queue, the DLQ ARN, and the maximum receive count.</p> <p><strong>RabbitMQ</strong>: Uses dead letter exchanges (DLX) where rejected or expired messages are routed based on exchange bindings.</p> <p><strong>Apache Kafka</strong>: Doesn't have native DLQ support but can be implemented by producing failed messages to a separate "dead letter topic."</p> <p><strong>Azure Service Bus</strong>: Provides built-in DLQ support with detailed failure reasons and automatic message forwarding after max delivery attempts.</p> <h2> When Not to Use Dead Letter Queues </h2> <p>While DLQs are valuable, they're not always necessary:</p> <ul> <li>For truly fire-and-forget messages where loss is acceptable</li> <li>In systems where immediate failure notification is preferred over queuing</li> <li>For high-volume, low-value telemetry data where sampling is acceptable</li> <li>When message processing is guaranteed to succeed (though this is rare)</li> </ul> <h2> Conclusion </h2> <p>Dead Letter Queues are a critical pattern for building resilient, observable distributed systems. They provide a safety net that prevents data loss, enables debugging, and helps maintain system health when message processing goes wrong. By implementing DLQs thoughtfully and monitoring them actively, you can build more reliable message-driven architectures that gracefully handle the inevitable failures that occur in complex systems.</p> <p>The key is not to view messages in your DLQ as failures, but as opportunities to improve your system's reliability and learn from edge cases you might not have anticipated.</p> webdev devops programming distributedsystems SQL vs NoSQL: The Ultimate Interview Guide to Choosing the Right Database (Simple Checklist Included) sizan mahmud0 Mon, 12 Jan 2026 03:33:37 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/sql-vs-nosql-the-ultimate-interview-guide-to-choosing-the-right-database-simple-checklist-1n37 https://dev.to/sizan_mahmud0_e7c3fd0cb68/sql-vs-nosql-the-ultimate-interview-guide-to-choosing-the-right-database-simple-checklist-1n37 <p>Choosing between SQL and NoSQL databases is one of the most common technical interview questions, and for good reason. This decision can make or break your application's performance, scalability, and maintainability. Whether you're preparing for a system design interview or architecting a real-world solution, this guide will help you confidently explain your database choice.</p> <h2> Understanding the Fundamentals </h2> <p>Before diving into the decision-making process, let's quickly recap what sets these databases apart.</p> <p><strong>SQL (Relational) Databases</strong> like MySQL, PostgreSQL, and Oracle store data in structured tables with predefined schemas. They use Structured Query Language for queries and enforce ACID properties (Atomicity, Consistency, Isolation, Durability) to ensure data integrity.</p> <p><strong>NoSQL Databases</strong> like MongoDB, Cassandra, Redis, and DynamoDB embrace flexible schemas and various data models including document stores, key-value pairs, wide-column stores, and graph databases. They typically prioritize scalability and performance over strict consistency.</p> <h2> The Interview-Ready Checklist </h2> <p>When faced with a database selection question in an interview, work through this systematic checklist:</p> <h3> 1. Data Structure and Schema Requirements </h3> <p><strong>Choose SQL if:</strong></p> <ul> <li>Your data has a clear, consistent structure</li> <li>Relationships between entities are well-defined</li> <li>Schema changes are infrequent</li> <li>You need complex joins across multiple tables</li> </ul> <p><strong>Choose NoSQL if:</strong></p> <ul> <li>Your data structure varies significantly between records</li> <li>Schema needs to evolve rapidly</li> <li>You're dealing with semi-structured or unstructured data</li> <li>Denormalization is acceptable for performance gains</li> </ul> <p><strong>Example:</strong> An e-commerce platform with products, orders, customers, and inventory benefits from SQL's relational model, while a content management system with varying content types fits NoSQL better.</p> <h3> 2. Transaction Requirements </h3> <p><strong>Choose SQL if:</strong></p> <ul> <li>You need ACID compliance for financial transactions</li> <li>Data consistency is critical (banking, inventory management)</li> <li>Multi-row transactions are common</li> <li>Rollback capabilities are essential</li> </ul> <p><strong>Choose NoSQL if:</strong></p> <ul> <li>Eventual consistency is acceptable</li> <li>You're tracking events or logs where slight delays don't matter</li> <li>Operations are mostly single-document updates</li> <li>High availability matters more than immediate consistency</li> </ul> <h3> 3. Scalability and Performance Needs </h3> <p><strong>Choose SQL if:</strong></p> <ul> <li>Vertical scaling (more powerful servers) is feasible</li> <li>Your dataset fits comfortably on a single server</li> <li>Read-heavy workloads with complex queries</li> <li>Budget allows for powerful hardware</li> </ul> <p><strong>Choose NoSQL if:</strong></p> <ul> <li>Horizontal scaling (adding more servers) is necessary</li> <li>You expect massive data growth</li> <li>Write-heavy workloads with simple queries</li> <li>Global distribution across data centers is required</li> <li>You need sub-millisecond response times</li> </ul> <p><strong>Real-world scenario:</strong> A social media platform with billions of posts and users needs NoSQL's horizontal scaling, while a hospital management system with controlled data growth works well with SQL.</p> <h3> 4. Query Complexity </h3> <p><strong>Choose SQL if:</strong></p> <ul> <li>You need complex joins, aggregations, and subqueries</li> <li>Ad-hoc reporting is important</li> <li>Business analysts need flexible querying capabilities</li> <li>Data analytics and BI tools integration is required</li> </ul> <p><strong>Choose NoSQL if:</strong></p> <ul> <li>Queries are primarily key-based lookups</li> <li>Access patterns are predictable and simple</li> <li>Application logic handles data aggregation</li> <li>Speed trumps query flexibility</li> </ul> <h3> 5. Development Speed and Expertise </h3> <p><strong>Choose SQL if:</strong></p> <ul> <li>Your team is experienced with relational databases</li> <li>Mature ecosystem and tooling are important</li> <li>You need robust third-party integrations</li> <li>Time-to-market isn't extremely urgent</li> </ul> <p><strong>Choose NoSQL if:</strong></p> <ul> <li>Rapid prototyping is essential</li> <li>Your team is familiar with specific NoSQL technologies</li> <li>Flexibility during early development stages matters</li> <li>You're building microservices with independent data stores</li> </ul> <h2> The Interview Power Move: Hybrid Approaches </h2> <p>Here's what separates good candidates from great ones: recognizing that you don't always need to choose one over the other. Modern architectures often use polyglot persistence, where different parts of your system use different database types.</p> <p><strong>Example hybrid architecture:</strong></p> <ul> <li>PostgreSQL for transactional data (orders, payments)</li> <li>Redis for caching and session management</li> <li>Elasticsearch for search functionality</li> <li>MongoDB for user-generated content and logs</li> </ul> <p>When discussing this in interviews, mention that you'd analyze each microservice's specific requirements independently rather than forcing a single database solution across the entire system.</p> <h2> Common Interview Pitfalls to Avoid </h2> <p><strong>Don't say:</strong> "NoSQL is always faster than SQL" or "SQL can't scale"</p> <p><strong>Do say:</strong> "The performance characteristics depend on the access patterns and data model. NoSQL excels at simple key-value lookups and horizontal scaling, while SQL performs better for complex joins and aggregations on structured data."</p> <p><strong>Don't say:</strong> "NoSQL doesn't support transactions"</p> <p><strong>Do say:</strong> "Many modern NoSQL databases now support transactions, though with varying guarantees. The choice depends on whether you need distributed transactions across multiple documents or collections."</p> <h2> Quick Decision Framework </h2> <p>Use this simple flowchart logic in interviews:</p> <ol> <li> <strong>Need strict ACID transactions?</strong> → SQL</li> <li> <strong>Massive scale with simple queries?</strong> → NoSQL</li> <li> <strong>Complex relationships and joins?</strong> → SQL</li> <li> <strong>Flexible, rapidly changing schema?</strong> → NoSQL</li> <li> <strong>Mature tooling and reporting?</strong> → SQL</li> <li> <strong>High write throughput?</strong> → NoSQL</li> </ol> <h2> Final Thoughts </h2> <p>The SQL vs NoSQL debate isn't about which technology is superior but rather which tool fits your specific requirements. In interviews, demonstrate that you understand the tradeoffs, can articulate your reasoning clearly, and recognize that real-world systems often benefit from using both.</p> <p>Remember to always follow up your choice with: "Of course, I'd want to validate these assumptions with benchmarks using our actual access patterns and data volumes before making a final decision."</p> <p>This shows technical maturity and an understanding that database selection is an important architectural decision that deserves proper evaluation.</p> <p><strong>Found this helpful?</strong> Share it with someone preparing for technical interviews! Drop a comment below about your own database selection experiences or questions you've faced in interviews. What factors do you consider most important when choosing between SQL and NoSQL?</p> <p><strong>Want more system design content?</strong> Follow for weekly posts on architecture patterns, scalability strategies, and interview preparation tips that actually work.</p> <h1> SystemDesign #DatabaseDesign #TechnicalInterviews #SQL #NoSQL #SoftwareEngineering #TechCareers #InterviewPreparation #DatabaseArchitecture #SoftwareDevelopment </h1> interview sql nosql programming The Complete Guide to API Types in 2026: REST, GraphQL, gRPC, SOAP, and Beyond sizan mahmud0 Sun, 11 Jan 2026 05:05:15 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/the-complete-guide-to-api-types-in-2026-rest-graphql-grpc-soap-and-beyond-191 https://dev.to/sizan_mahmud0_e7c3fd0cb68/the-complete-guide-to-api-types-in-2026-rest-graphql-grpc-soap-and-beyond-191 <h2> Understanding Different API Architectures, Their Pros and Cons, and When to Use Each </h2> <p>APIs (Application Programming Interfaces) are the backbone of modern software development, enabling different applications to communicate seamlessly. However, choosing the right API architecture can make or break your project. In this comprehensive guide, we'll explore all major API types, their advantages, disadvantages, formats, and real-world use cases.</p> <h2> What is an API? </h2> <p>An API (Application Programming Interface) is a set of rules and protocols that allows different software applications to communicate with each other. Think of it as a waiter in a restaurant who takes your order (request) to the kitchen (server) and brings back your food (response).</p> <h2> 1. REST API (Representational State Transfer) </h2> <h3> What is REST? </h3> <p>REST is an architectural style that uses HTTP methods and follows specific principles for building web services. It's the most popular API architecture today, powering platforms like Twitter, GitHub, and Google Maps.</p> <h3> Key Characteristics </h3> <ul> <li> <strong>Stateless</strong>: Each request contains all necessary information</li> <li> <strong>Resource-based</strong>: Everything is treated as a resource (users, products, orders)</li> <li> <strong>HTTP Methods</strong>: Uses GET, POST, PUT, DELETE, PATCH</li> <li> <strong>Standard URLs</strong>: <code>/api/users/123</code> for user with ID 123</li> </ul> <h3> Data Formats </h3> <ul> <li> <strong>Primary</strong>: JSON (JavaScript Object Notation)</li> <li> <strong>Alternative</strong>: XML, YAML</li> <li> <strong>Content Type</strong>: <code>application/json</code> </li> </ul> <h3> Example Request &amp; Response </h3> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="nf">GET</span> <span class="nn">/api/users/123</span> <span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="na">Host</span><span class="p">:</span> <span class="s">example.com</span> <span class="na">Accept</span><span class="p">:</span> <span class="s">application/json</span> Response: { "id": 123, "name": "John Doe", "email": "john@example.com", "created_at": "2026-01-01T10:00:00Z" } </code></pre> </div> <h3> Pros of REST API </h3> <p>✅ <strong>Easy to Learn</strong>: Simple and intuitive for developers<br> ✅ <strong>Widely Adopted</strong>: Extensive documentation and community support<br> ✅ <strong>Scalable</strong>: Stateless nature makes horizontal scaling easier<br> ✅ <strong>Cacheable</strong>: HTTP caching mechanisms work out of the box<br> ✅ <strong>Flexible</strong>: Supports multiple data formats<br> ✅ <strong>Browser Friendly</strong>: Can be tested directly in browsers<br> ✅ <strong>SEO Friendly</strong>: URLs are human-readable</p> <h3> Cons of REST API </h3> <p>❌ <strong>Over-fetching</strong>: You get all data even if you need only specific fields<br> ❌ <strong>Under-fetching</strong>: May require multiple requests to get related data<br> ❌ <strong>No Built-in Schema</strong>: API documentation can become outdated<br> ❌ <strong>Versioning Challenges</strong>: Managing API versions can be complex<br> ❌ <strong>Multiple Round Trips</strong>: Fetching nested resources requires multiple calls</p> <h3> When to Use REST </h3> <ul> <li>Building public APIs for web and mobile applications</li> <li>Creating CRUD (Create, Read, Update, Delete) applications</li> <li>When you need simple, stateless communication</li> <li>Projects with limited bandwidth for learning new technologies</li> <li>APIs consumed by diverse clients (web, mobile, IoT)</li> </ul> <h3> Real-World Examples </h3> <ul> <li> <strong>Twitter API</strong>: Tweet management, user data</li> <li> <strong>Stripe API</strong>: Payment processing</li> <li> <strong>GitHub API</strong>: Repository management</li> <li> <strong>Google Maps API</strong>: Location services</li> </ul> <h2> 2. GraphQL API </h2> <h3> What is GraphQL? </h3> <p>GraphQL is a query language for APIs developed by Facebook in 2012 and open-sourced in 2015. It allows clients to request exactly the data they need, nothing more, nothing less.</p> <h3> Key Characteristics </h3> <ul> <li> <strong>Single Endpoint</strong>: Typically <code>/graphql</code> </li> <li> <strong>Query Language</strong>: Clients specify exact data requirements</li> <li> <strong>Strongly Typed</strong>: Schema defines all possible queries</li> <li> <strong>Real-time</strong>: Built-in subscriptions for live updates</li> </ul> <h3> Data Format </h3> <ul> <li> <strong>Format</strong>: JSON</li> <li> <strong>Content Type</strong>: <code>application/json</code> </li> <li> <strong>Schema</strong>: Defined using GraphQL Schema Definition Language (SDL)</li> </ul> <h3> Example Query &amp; Response </h3> <div class="highlight js-code-highlight"> <pre class="highlight graphql"><code><span class="c"># Query</span><span class="w"> </span><span class="k">query</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">user</span><span class="p">(</span><span class="n">id</span><span class="p">:</span><span class="w"> </span><span class="mi">123</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="n">posts</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">title</span><span class="w"> </span><span class="n">createdAt</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="c"># Response</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">"</span><span class="n">data</span><span class="err">":</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">"</span><span class="n">user</span><span class="err">":</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">"</span><span class="n">name</span><span class="err">":</span><span class="w"> </span><span class="err">"</span><span class="n">John</span><span class="w"> </span><span class="n">Doe</span><span class="err">"</span><span class="p">,</span><span class="w"> </span><span class="err">"</span><span class="n">email</span><span class="err">":</span><span class="w"> </span><span class="err">"</span><span class="n">john</span><span class="k">@example</span><span class="err">.</span><span class="n">com</span><span class="err">"</span><span class="p">,</span><span class="w"> </span><span class="err">"</span><span class="n">posts</span><span class="err">":</span><span class="w"> </span><span class="err">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">"</span><span class="n">title</span><span class="err">":</span><span class="w"> </span><span class="err">"</span><span class="n">First</span><span class="w"> </span><span class="n">Post</span><span class="err">"</span><span class="p">,</span><span class="w"> </span><span class="err">"</span><span class="n">createdAt</span><span class="err">":</span><span class="w"> </span><span class="err">"2026-01-01</span><span class="n">T10</span><span class="p">:</span><span class="err">00:00</span><span class="n">Z</span><span class="err">"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Pros of GraphQL </h3> <p>✅ <strong>No Over-fetching</strong>: Get exactly what you request<br> ✅ <strong>Single Request</strong>: Fetch nested resources in one call<br> ✅ <strong>Strong Typing</strong>: Schema provides clear API contract<br> ✅ <strong>Introspection</strong>: APIs are self-documenting<br> ✅ <strong>Real-time Support</strong>: Built-in subscriptions for live data<br> ✅ <strong>Version-free</strong>: Evolve API without versioning<br> ✅ <strong>Developer Tools</strong>: GraphiQL, Apollo DevTools for testing</p> <h3> Cons of GraphQL </h3> <p>❌ <strong>Learning Curve</strong>: More complex than REST<br> ❌ <strong>Caching Complexity</strong>: HTTP caching doesn't work as easily<br> ❌ <strong>Query Complexity</strong>: Malicious queries can overload servers<br> ❌ <strong>File Uploads</strong>: Not built-in, requires additional setup<br> ❌ <strong>Overhead</strong>: Overkill for simple CRUD applications<br> ❌ <strong>Backend Complexity</strong>: More complex to implement</p> <h3> When to Use GraphQL </h3> <ul> <li>Mobile applications with limited bandwidth</li> <li>Applications with complex, nested data relationships</li> <li>When multiple clients need different data shapes</li> <li>Real-time applications (chat, live dashboards)</li> <li>Rapid frontend development with changing requirements</li> <li>When you want to avoid API versioning</li> </ul> <h3> Real-World Examples </h3> <ul> <li> <strong>Facebook</strong>: News feed, user profiles</li> <li> <strong>GitHub</strong>: GitHub v4 API</li> <li> <strong>Shopify</strong>: E-commerce data access</li> <li> <strong>Airbnb</strong>: Property listings and bookings</li> </ul> <h2> 3. gRPC (Google Remote Procedure Call) </h2> <h3> What is gRPC? </h3> <p>gRPC is a high-performance, open-source framework developed by Google that uses HTTP/2 and Protocol Buffers (protobuf) for serialization. It's designed for microservices communication.</p> <h3> Key Characteristics </h3> <ul> <li> <strong>HTTP/2</strong>: Supports multiplexing, streaming, and header compression</li> <li> <strong>Binary Protocol</strong>: Uses Protocol Buffers instead of JSON</li> <li> <strong>Code Generation</strong>: Auto-generates client and server code</li> <li> <strong>Bidirectional Streaming</strong>: Real-time, two-way communication</li> </ul> <h3> Data Format </h3> <ul> <li> <strong>Format</strong>: Protocol Buffers (binary)</li> <li> <strong>Content Type</strong>: <code>application/grpc+proto</code> </li> <li> <strong>Schema</strong>: Defined in <code>.proto</code> files</li> </ul> <h3> Example Proto Definition </h3> <div class="highlight js-code-highlight"> <pre class="highlight protobuf"><code><span class="na">syntax</span> <span class="o">=</span> <span class="s">"proto3"</span><span class="p">;</span> <span class="kd">service</span> <span class="n">UserService</span> <span class="p">{</span> <span class="k">rpc</span> <span class="n">GetUser</span> <span class="p">(</span><span class="n">UserRequest</span><span class="p">)</span> <span class="k">returns</span> <span class="p">(</span><span class="n">UserResponse</span><span class="p">);</span> <span class="k">rpc</span> <span class="n">ListUsers</span> <span class="p">(</span><span class="n">Empty</span><span class="p">)</span> <span class="k">returns</span> <span class="p">(</span><span class="n">stream</span> <span class="n">UserResponse</span><span class="p">);</span> <span class="p">}</span> <span class="kd">message</span> <span class="nc">UserRequest</span> <span class="p">{</span> <span class="kt">int32</span> <span class="na">id</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="kd">message</span> <span class="nc">UserResponse</span> <span class="p">{</span> <span class="kt">int32</span> <span class="na">id</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="kt">string</span> <span class="na">name</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="kt">string</span> <span class="na">email</span> <span class="o">=</span> <span class="mi">3</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Pros of gRPC </h3> <p>✅ <strong>High Performance</strong>: Binary format is faster than JSON<br> ✅ <strong>Low Latency</strong>: HTTP/2 multiplexing reduces overhead<br> ✅ <strong>Streaming</strong>: Supports server, client, and bidirectional streaming<br> ✅ <strong>Type Safety</strong>: Strongly typed contracts<br> ✅ <strong>Code Generation</strong>: Automatic client/server code<br> ✅ <strong>Language Agnostic</strong>: Support for 10+ languages<br> ✅ <strong>Built-in Auth</strong>: SSL/TLS and token-based authentication</p> <h3> Cons of gRPC </h3> <p>❌ <strong>Not Browser Friendly</strong>: Limited browser support<br> ❌ <strong>Binary Format</strong>: Not human-readable, harder to debug<br> ❌ <strong>Learning Curve</strong>: Protocol Buffers require learning<br> ❌ <strong>Limited Tools</strong>: Fewer debugging tools compared to REST<br> ❌ <strong>Firewall Issues</strong>: Some firewalls block HTTP/2<br> ❌ <strong>Complexity</strong>: Overkill for simple applications</p> <h3> When to Use gRPC </h3> <ul> <li>Microservices architecture with service-to-service communication</li> <li>Real-time applications requiring bidirectional streaming</li> <li>High-performance, low-latency requirements</li> <li>Polyglot environments (multiple programming languages)</li> <li>Internal APIs not consumed by browsers</li> <li>IoT devices with limited resources</li> </ul> <h3> Real-World Examples </h3> <ul> <li> <strong>Google</strong>: Internal microservices</li> <li> <strong>Netflix</strong>: Microservices communication</li> <li> <strong>Cisco</strong>: Network device management</li> <li> <strong>Square</strong>: Payment processing infrastructure</li> </ul> <h2> 4. SOAP API (Simple Object Access Protocol) </h2> <h3> What is SOAP? </h3> <p>SOAP is a mature, XML-based protocol for exchanging structured information. Despite its name including "Simple," it's actually quite complex. It was the dominant enterprise API standard before REST.</p> <h3> Key Characteristics </h3> <ul> <li> <strong>Protocol</strong>: Not just an architectural style, it's a strict protocol</li> <li> <strong>XML-based</strong>: All messages in XML format</li> <li> <strong>WSDL</strong>: Web Services Description Language for API contracts</li> <li> <strong>Built-in Security</strong>: WS-Security standards</li> </ul> <h3> Data Format </h3> <ul> <li> <strong>Format</strong>: XML exclusively</li> <li> <strong>Content Type</strong>: <code>application/soap+xml</code> or <code>text/xml</code> </li> <li> <strong>Envelope</strong>: SOAP envelope wraps all messages</li> </ul> <h3> Example SOAP Request </h3> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="cp">&lt;?xml version="1.0"?&gt;</span> <span class="nt">&lt;soap:Envelope</span> <span class="na">xmlns:soap=</span><span class="s">"http://www.w3.org/2003/05/soap-envelope"</span><span class="nt">&gt;</span> <span class="nt">&lt;soap:Header&gt;</span> <span class="nt">&lt;auth:credentials&gt;</span> <span class="nt">&lt;username&gt;</span>user123<span class="nt">&lt;/username&gt;</span> <span class="nt">&lt;password&gt;</span>pass123<span class="nt">&lt;/password&gt;</span> <span class="nt">&lt;/auth:credentials&gt;</span> <span class="nt">&lt;/soap:Header&gt;</span> <span class="nt">&lt;soap:Body&gt;</span> <span class="nt">&lt;m:GetUser</span> <span class="na">xmlns:m=</span><span class="s">"http://example.com/user"</span><span class="nt">&gt;</span> <span class="nt">&lt;m:UserId&gt;</span>123<span class="nt">&lt;/m:UserId&gt;</span> <span class="nt">&lt;/m:GetUser&gt;</span> <span class="nt">&lt;/soap:Body&gt;</span> <span class="nt">&lt;/soap:Envelope&gt;</span> </code></pre> </div> <h3> Pros of SOAP </h3> <p>✅ <strong>Enterprise-Grade Security</strong>: WS-Security, WS-AtomicTransaction<br> ✅ <strong>ACID Compliance</strong>: Built-in transaction support<br> ✅ <strong>Formal Contract</strong>: WSDL provides strict API definition<br> ✅ <strong>Error Handling</strong>: Standardized fault messages<br> ✅ <strong>Transport Agnostic</strong>: Works over HTTP, SMTP, TCP<br> ✅ <strong>Reliable</strong>: Built-in retry logic and message delivery guarantees</p> <h3> Cons of SOAP </h3> <p>❌ <strong>Verbose</strong>: XML is bulky, increases bandwidth usage<br> ❌ <strong>Complex</strong>: Steep learning curve<br> ❌ <strong>Slow Performance</strong>: XML parsing is slower than JSON<br> ❌ <strong>Rigid</strong>: Changes require updating WSDL<br> ❌ <strong>Outdated</strong>: Less community support compared to REST<br> ❌ <strong>Development Time</strong>: Longer implementation time</p> <h3> When to Use SOAP </h3> <ul> <li>Banking and financial services requiring ACID transactions</li> <li>Legacy system integration</li> <li>Enterprise applications needing high security</li> <li>Payment gateways and sensitive data handling</li> <li>When formal contracts (WSDL) are mandatory</li> <li>Asynchronous processing and retry mechanisms needed</li> </ul> <h3> Real-World Examples </h3> <ul> <li> <strong>PayPal API</strong>: Payment processing (legacy)</li> <li> <strong>Salesforce API</strong>: CRM operations (also offers REST)</li> <li> <strong>Banking APIs</strong>: Transaction processing</li> <li> <strong>Government Services</strong>: Tax filing, public services</li> </ul> <h2> 5. WebSocket API </h2> <h3> What is WebSocket? </h3> <p>WebSocket is a protocol providing full-duplex, real-time communication over a single TCP connection. Unlike HTTP's request-response model, WebSocket maintains an open connection for bidirectional data flow.</p> <h3> Key Characteristics </h3> <ul> <li> <strong>Persistent Connection</strong>: Single long-lived connection</li> <li> <strong>Full-Duplex</strong>: Both client and server can send messages simultaneously</li> <li> <strong>Low Latency</strong>: No HTTP overhead after initial handshake</li> <li> <strong>Event-Driven</strong>: Push notifications from server to client</li> </ul> <h3> Data Format </h3> <ul> <li> <strong>Format</strong>: JSON, Binary, or Plain Text</li> <li> <strong>Protocol</strong>: <code>ws://</code> or <code>wss://</code> (secure)</li> </ul> <h3> Example WebSocket Communication </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Client-side JavaScript</span> <span class="kd">const</span> <span class="nx">socket</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WebSocket</span><span class="p">(</span><span class="dl">'</span><span class="s1">wss://example.com/socket</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Connection opened</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">open</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">subscribe</span><span class="dl">'</span><span class="p">,</span> <span class="na">channel</span><span class="p">:</span> <span class="dl">'</span><span class="s1">notifications</span><span class="dl">'</span> <span class="p">}));</span> <span class="p">});</span> <span class="c1">// Listen for messages</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">data</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Message from server:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h3> Pros of WebSocket </h3> <p>✅ <strong>Real-Time</strong>: Instant bidirectional communication<br> ✅ <strong>Low Latency</strong>: No HTTP request/response overhead<br> ✅ <strong>Efficient</strong>: Reduced bandwidth after connection establishment<br> ✅ <strong>Server Push</strong>: Server can send updates without client request<br> ✅ <strong>Maintained State</strong>: Connection stays open<br> ✅ <strong>Cross-Platform</strong>: Supported in all modern browsers</p> <h3> Cons of WebSocket </h3> <p>❌ <strong>Complexity</strong>: More complex than simple HTTP requests<br> ❌ <strong>Scaling Challenges</strong>: Maintaining many connections is resource-intensive<br> ❌ <strong>Proxy/Firewall Issues</strong>: Some networks block WebSocket<br> ❌ <strong>No HTTP Benefits</strong>: No caching, no HTTP/2 advantages<br> ❌ <strong>Connection Management</strong>: Requires reconnection logic<br> ❌ <strong>Not RESTful</strong>: Different paradigm from REST</p> <h3> When to Use WebSocket </h3> <ul> <li>Real-time chat applications</li> <li>Live sports scores and updates</li> <li>Collaborative editing tools (Google Docs-like)</li> <li>Online gaming</li> <li>Stock trading platforms</li> <li>Live notifications and alerts</li> <li>IoT device communication</li> </ul> <h3> Real-World Examples </h3> <ul> <li> <strong>Slack</strong>: Real-time messaging</li> <li> <strong>WhatsApp Web</strong>: Message synchronization</li> <li> <strong>Trading Platforms</strong>: Live price updates</li> <li> <strong>Multiplayer Games</strong>: Real-time game state</li> </ul> <h2> 6. Webhook API </h2> <h3> What is a Webhook? </h3> <p>Webhooks are user-defined HTTP callbacks triggered by specific events. Instead of polling for changes, the server sends data to your endpoint when something happens. Often called "reverse APIs."</p> <h3> Key Characteristics </h3> <ul> <li> <strong>Event-Driven</strong>: Triggered by events</li> <li> <strong>HTTP POST</strong>: Usually POST requests with JSON payload</li> <li> <strong>Asynchronous</strong>: Non-blocking communication</li> <li> <strong>Push Model</strong>: Server pushes data to client</li> </ul> <h3> Data Format </h3> <ul> <li> <strong>Format</strong>: JSON (most common)</li> <li> <strong>Method</strong>: HTTP POST</li> <li> <strong>Content Type</strong>: <code>application/json</code> </li> </ul> <h3> Example Webhook Payload </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Webhook endpoint receives:</span> <span class="nx">POST</span> <span class="o">/</span><span class="nx">webhooks</span><span class="o">/</span><span class="nx">payment</span><span class="o">-</span><span class="nx">completed</span> <span class="nx">HTTP</span><span class="o">/</span><span class="mf">1.1</span> <span class="nx">Content</span><span class="o">-</span><span class="nx">Type</span><span class="p">:</span> <span class="nx">application</span><span class="o">/</span><span class="nx">json</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">event</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">payment.completed</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">timestamp</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">2026-01-11T10:30:00Z</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">data</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">payment_id</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">pay_123456</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">amount</span><span class="dl">"</span><span class="p">:</span> <span class="mf">99.99</span><span class="p">,</span> <span class="dl">"</span><span class="s2">currency</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">USD</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">customer_id</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">cus_789012</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Pros of Webhooks </h3> <p>✅ <strong>Real-Time</strong>: Instant notifications when events occur<br> ✅ <strong>Efficient</strong>: No need for constant polling<br> ✅ <strong>Reduced Load</strong>: Server only sends data when necessary<br> ✅ <strong>Simple</strong>: Easy to implement and understand<br> ✅ <strong>Event-Driven</strong>: Perfect for asynchronous workflows<br> ✅ <strong>Scalable</strong>: Less resource-intensive than polling</p> <h3> Cons of Webhooks </h3> <p>❌ <strong>Reliability</strong>: Recipient must be available (no retry in basic setup)<br> ❌ <strong>Security</strong>: Need to verify webhook authenticity<br> ❌ <strong>Debugging</strong>: Harder to test than request-response APIs<br> ❌ <strong>Public Endpoint Required</strong>: Receiver needs accessible URL<br> ❌ <strong>No Standard Format</strong>: Each service implements differently<br> ❌ <strong>Failed Delivery</strong>: Missed events if endpoint is down</p> <h3> When to Use Webhooks </h3> <ul> <li>Payment processing notifications (Stripe, PayPal)</li> <li>CI/CD pipelines (GitHub, GitLab commits)</li> <li>E-commerce order updates</li> <li>Email delivery confirmations</li> <li>Social media mentions and interactions</li> <li>Form submissions and user signups</li> <li>Automated workflow triggers</li> </ul> <h3> Real-World Examples </h3> <ul> <li> <strong>Stripe</strong>: Payment events</li> <li> <strong>GitHub</strong>: Repository events (push, PR, issues)</li> <li> <strong>Mailchimp</strong>: Email campaign events</li> <li> <strong>Twilio</strong>: SMS delivery status</li> </ul> <h2> 7. Server-Sent Events (SSE) </h2> <h3> What is SSE? </h3> <p>Server-Sent Events enable servers to push updates to clients over HTTP. Unlike WebSocket, it's unidirectional (server to client only) and simpler to implement.</p> <h3> Key Characteristics </h3> <ul> <li> <strong>Unidirectional</strong>: Server to client only</li> <li> <strong>HTTP-based</strong>: Uses standard HTTP</li> <li> <strong>Auto-Reconnection</strong>: Built-in reconnection logic</li> <li> <strong>Text-Based</strong>: Plain text event stream</li> </ul> <h3> Data Format </h3> <ul> <li> <strong>Format</strong>: Text/Event-Stream</li> <li> <strong>Content Type</strong>: <code>text/event-stream</code> </li> </ul> <h3> Example SSE Implementation </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Server-side (Node.js)</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/events</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">setHeader</span><span class="p">(</span><span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">text/event-stream</span><span class="dl">'</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">setHeader</span><span class="p">(</span><span class="dl">'</span><span class="s1">Cache-Control</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">no-cache</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">sendEvent</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="s2">`data: </span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">time</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">()</span> <span class="p">})}</span><span class="s2">\n\n`</span><span class="p">);</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">interval</span> <span class="o">=</span> <span class="nf">setInterval</span><span class="p">(</span><span class="nx">sendEvent</span><span class="p">,</span> <span class="mi">1000</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Client-side</span> <span class="kd">const</span> <span class="nx">eventSource</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">EventSource</span><span class="p">(</span><span class="dl">'</span><span class="s1">/events</span><span class="dl">'</span><span class="p">);</span> <span class="nx">eventSource</span><span class="p">.</span><span class="nx">onmessage</span> <span class="o">=</span> <span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">New message:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">data</span><span class="p">));</span> <span class="p">};</span> </code></pre> </div> <h3> Pros of SSE </h3> <p>✅ <strong>Simple</strong>: Easier than WebSocket<br> ✅ <strong>Auto-Reconnection</strong>: Built-in retry mechanism<br> ✅ <strong>HTTP-Based</strong>: Works through firewalls and proxies<br> ✅ <strong>Efficient</strong>: Lightweight for one-way communication<br> ✅ <strong>Browser Support</strong>: Native browser API<br> ✅ <strong>No Special Protocol</strong>: Uses standard HTTP</p> <h3> Cons of SSE </h3> <p>❌ <strong>Unidirectional</strong>: Client cannot send messages over same connection<br> ❌ <strong>Browser Limits</strong>: Connection limits per domain<br> ❌ <strong>Text Only</strong>: Binary data requires encoding<br> ❌ <strong>No IE Support</strong>: Internet Explorer doesn't support SSE<br> ❌ <strong>Less Control</strong>: Fewer features than WebSocket</p> <h3> When to Use SSE </h3> <ul> <li>Live news feeds and updates</li> <li>Social media timelines</li> <li>Stock price tickers</li> <li>Server monitoring dashboards</li> <li>Progress updates for long-running tasks</li> <li>Live sports scores</li> <li>Notification feeds</li> </ul> <h3> Real-World Examples </h3> <ul> <li> <strong>Twitter</strong>: Live timeline updates</li> <li> <strong>Facebook</strong>: News feed updates</li> <li> <strong>Financial Dashboards</strong>: Real-time stock prices</li> <li> <strong>Server Monitoring</strong>: Live log streaming</li> </ul> <h2> 8. JSON-RPC and XML-RPC </h2> <h3> What is RPC? </h3> <p>Remote Procedure Call (RPC) allows executing functions on remote servers as if they were local. JSON-RPC and XML-RPC are lightweight remote procedure call protocols.</p> <h3> Key Characteristics </h3> <ul> <li> <strong>Function-Oriented</strong>: Call remote functions directly</li> <li> <strong>Request-Response</strong>: Synchronous communication</li> <li> <strong>Simple</strong>: Minimal overhead</li> <li> <strong>Stateless</strong>: Each call is independent</li> </ul> <h3> Data Format </h3> <p><strong>JSON-RPC</strong></p> <ul> <li> <strong>Format</strong>: JSON</li> <li> <strong>Content Type</strong>: <code>application/json</code> </li> </ul> <p><strong>XML-RPC</strong></p> <ul> <li> <strong>Format</strong>: XML</li> <li> <strong>Content Type</strong>: <code>text/xml</code> </li> </ul> <h3> Example JSON-RPC </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">Request</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"jsonrpc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"getUser"</span><span class="p">,</span><span class="w"> </span><span class="nl">"params"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="nl">"userId"</span><span class="p">:</span><span class="w"> </span><span class="mi">123</span><span class="p">},</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">Response</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"jsonrpc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"John Doe"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"john@example.com"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Pros of RPC </h3> <p>✅ <strong>Simple</strong>: Straightforward function calls<br> ✅ <strong>Lightweight</strong>: Minimal protocol overhead<br> ✅ <strong>Action-Oriented</strong>: Clear method names<br> ✅ <strong>Easy Testing</strong>: Simple request/response format</p> <h3> Cons of RPC </h3> <p>❌ <strong>Less RESTful</strong>: Doesn't follow REST principles<br> ❌ <strong>Discovery</strong>: No standard way to discover available methods<br> ❌ <strong>Tight Coupling</strong>: Client and server closely coupled<br> ❌ <strong>Limited Adoption</strong>: Less popular than REST</p> <h3> When to Use RPC </h3> <ul> <li>Internal microservices communication</li> <li>Simple, action-based operations</li> <li>When you need lightweight protocol</li> <li>Legacy system integration</li> </ul> <h2> API Comparison Table </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>REST</th> <th>GraphQL</th> <th>gRPC</th> <th>SOAP</th> <th>WebSocket</th> <th>Webhook</th> </tr> </thead> <tbody> <tr> <td><strong>Format</strong></td> <td>JSON/XML</td> <td>JSON</td> <td>Protobuf</td> <td>XML</td> <td>JSON/Binary</td> <td>JSON</td> </tr> <tr> <td><strong>Protocol</strong></td> <td>HTTP</td> <td>HTTP</td> <td>HTTP/2</td> <td>HTTP/SMTP</td> <td>WebSocket</td> <td>HTTP</td> </tr> <tr> <td><strong>Learning Curve</strong></td> <td>Easy</td> <td>Medium</td> <td>Hard</td> <td>Hard</td> <td>Medium</td> <td>Easy</td> </tr> <tr> <td><strong>Performance</strong></td> <td>Good</td> <td>Good</td> <td>Excellent</td> <td>Poor</td> <td>Excellent</td> <td>Good</td> </tr> <tr> <td><strong>Real-time</strong></td> <td>No</td> <td>Yes (subscriptions)</td> <td>Yes</td> <td>No</td> <td>Yes</td> <td>Yes</td> </tr> <tr> <td><strong>Browser Support</strong></td> <td>Excellent</td> <td>Excellent</td> <td>Poor</td> <td>Good</td> <td>Excellent</td> <td>N/A</td> </tr> <tr> <td><strong>Caching</strong></td> <td>Easy</td> <td>Complex</td> <td>Complex</td> <td>Limited</td> <td>No</td> <td>No</td> </tr> <tr> <td><strong>Versioning</strong></td> <td>Required</td> <td>Not needed</td> <td>Required</td> <td>Required</td> <td>N/A</td> <td>N/A</td> </tr> <tr> <td><strong>Security</strong></td> <td>OAuth/JWT</td> <td>OAuth/JWT</td> <td>SSL/TLS</td> <td>WS-Security</td> <td>WSS</td> <td>HMAC</td> </tr> <tr> <td><strong>Best For</strong></td> <td>CRUD apps</td> <td>Complex queries</td> <td>Microservices</td> <td>Enterprise</td> <td>Real-time</td> <td>Events</td> </tr> </tbody> </table></div> <h2> Choosing the Right API Type: Decision Tree </h2> <p><strong>Need real-time bidirectional communication?</strong></p> <ul> <li>Yes → <strong>WebSocket</strong> </li> <li>No → Continue</li> </ul> <p><strong>Building microservices with high performance needs?</strong></p> <ul> <li>Yes → <strong>gRPC</strong> </li> <li>No → Continue</li> </ul> <p><strong>Need to receive event notifications?</strong></p> <ul> <li>Yes → <strong>Webhook</strong> </li> <li>No → Continue</li> </ul> <p><strong>Complex, nested data with varying client needs?</strong></p> <ul> <li>Yes → <strong>GraphQL</strong> </li> <li>No → Continue</li> </ul> <p><strong>Enterprise application with ACID compliance?</strong></p> <ul> <li>Yes → <strong>SOAP</strong> </li> <li>No → Continue</li> </ul> <p><strong>Simple CRUD application?</strong></p> <ul> <li>Yes → <strong>REST</strong> </li> </ul> <h2> SEO Keywords Summary </h2> <p>This guide covers: API types, REST API, GraphQL, gRPC, SOAP, WebSocket, Webhook, Server-Sent Events, API architecture, API comparison, API pros and cons, when to use REST, when to use GraphQL, API formats, JSON API, XML API, Protocol Buffers, microservices API, real-time API, API best practices 2026, choosing API architecture, API performance comparison, REST vs GraphQL vs gRPC.</p> <h2> Conclusion </h2> <p>Choosing the right API architecture depends on your specific use case:</p> <ul> <li> <strong>REST</strong> remains the best choice for most web and mobile applications</li> <li> <strong>GraphQL</strong> excels when clients need flexible, efficient data fetching</li> <li> <strong>gRPC</strong> is ideal for internal microservices requiring high performance</li> <li> <strong>SOAP</strong> is still relevant in enterprise and financial sectors</li> <li> <strong>WebSocket</strong> is essential for real-time, bidirectional communication</li> <li> <strong>Webhooks</strong> provide efficient event-driven notifications</li> <li> <strong>SSE</strong> offers simple server-to-client real-time updates</li> </ul> <p>There's no one-size-fits-all solution. Evaluate your requirements for performance, real-time capabilities, client diversity, team expertise, and security needs before making a decision.</p> <p><strong>What API architecture are you using in your projects? Share your experiences in the comments below!</strong></p> <p><em>Keywords: API types, REST API, GraphQL API, gRPC, SOAP API, WebSocket, API architecture, API comparison 2026, choosing API type, API pros and cons</em></p> api webdev programming javascript The Complete Guide to Frontend Architecture Patterns in 2026 sizan mahmud0 Sun, 04 Jan 2026 05:33:02 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/the-complete-guide-to-frontend-architecture-patterns-in-2026-3ioo https://dev.to/sizan_mahmud0_e7c3fd0cb68/the-complete-guide-to-frontend-architecture-patterns-in-2026-3ioo <p>Choosing the right frontend architecture can make or break your application's performance, scalability, and developer experience. Let's explore every major pattern, when to use them, and real-world examples.</p> <h2> Rendering Patterns: How Your UI Gets to Users </h2> <h3> 1. Client-Side Rendering (CSR) </h3> <p><strong>What It Is:</strong><br> The browser downloads a minimal HTML shell and JavaScript bundle, then renders everything on the client.</p> <p><strong>How It Works:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User Request → Server sends HTML + JS bundle → Browser executes JS → Renders UI → Fetches data via API </code></pre> </div> <p><strong>Best For:</strong></p> <ul> <li>Highly interactive web applications (dashboards, admin panels)</li> <li>Apps behind authentication</li> <li>Single-page applications (SPAs)</li> </ul> <p><strong>Examples:</strong> Gmail, Figma, Notion</p> <p><strong>Pros:</strong></p> <ul> <li>Rich interactivity</li> <li>Fast navigation after initial load</li> <li>Reduced server load</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Slow initial load time</li> <li>Poor SEO (search engines see empty HTML)</li> <li>Large JavaScript bundles</li> </ul> <p><strong>Popular Tools:</strong> React, Vue, Angular with Create React App or Vite</p> <h3> 2. Server-Side Rendering (SSR) </h3> <p><strong>What It Is:</strong><br> Each page is rendered on the server for every request, sending fully formed HTML to the browser.</p> <p><strong>How It Works:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User Request → Server fetches data → Renders HTML → Sends to browser → Hydration (adds interactivity) </code></pre> </div> <p><strong>Best For:</strong></p> <ul> <li>Content-heavy sites needing SEO</li> <li>E-commerce product pages</li> <li>News and blog platforms</li> <li>Social media feeds</li> </ul> <p><strong>Examples:</strong> Reddit, Twitter/X, Medium</p> <p><strong>Pros:</strong></p> <ul> <li>Excellent SEO (search engines see complete HTML)</li> <li>Fast initial page load</li> <li>Works without JavaScript</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Server processing for every request</li> <li>Higher server costs</li> <li>Slower navigation between pages</li> </ul> <p><strong>Popular Tools:</strong> Next.js (React), Nuxt.js (Vue), SvelteKit</p> <h3> 3. Static Site Generation (SSG) </h3> <p><strong>What It Is:</strong><br> Pages are pre-rendered at build time, generating static HTML files served via CDN.</p> <p><strong>How It Works:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Build Time → Fetch data → Generate HTML for all pages → Deploy to CDN → User gets instant HTML </code></pre> </div> <p><strong>Best For:</strong></p> <ul> <li>Marketing websites</li> <li>Documentation sites</li> <li>Blogs with infrequent updates</li> <li>Portfolio sites</li> </ul> <p><strong>Examples:</strong> Company websites, GitHub Pages, documentation portals</p> <p><strong>Pros:</strong></p> <ul> <li>Lightning-fast load times</li> <li>Excellent SEO</li> <li>Minimal server costs (just CDN)</li> <li>High security (no server-side code)</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Build time increases with page count</li> <li>Requires rebuild for content updates</li> <li>Not suitable for personalized content</li> </ul> <p><strong>Popular Tools:</strong> Next.js (SSG mode), Gatsby, Astro, Hugo, Jekyll</p> <h3> 4. Incremental Static Regeneration (ISR) </h3> <p><strong>What It Is:</strong><br> Combines SSG and SSR by pre-rendering pages but regenerating them periodically in the background.</p> <p><strong>How It Works:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Build: Generate static pages → Runtime: Serve static → Background: Regenerate after X seconds → Update static page </code></pre> </div> <p><strong>Best For:</strong></p> <ul> <li>E-commerce with thousands of products</li> <li>News sites with frequent updates</li> <li>Content platforms with mixed update frequencies</li> </ul> <p><strong>Examples:</strong> Vercel deployments, large e-commerce platforms</p> <p><strong>Pros:</strong></p> <ul> <li>Fast like SSG but with fresh content</li> <li>Scales to millions of pages</li> <li>Handles high traffic effortlessly</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Complex caching strategies</li> <li>Stale content possible during regeneration</li> <li>Requires proper cache invalidation</li> </ul> <p><strong>Popular Tools:</strong> Next.js (with revalidate), Gatsby Cloud</p> <h3> 5. Islands Architecture </h3> <p><strong>What It Is:</strong><br> Static HTML with interactive "islands" of JavaScript sprinkled where needed.</p> <p><strong>How It Works:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Render static HTML → Identify interactive components → Hydrate only those components → Leave rest as static </code></pre> </div> <p><strong>Best For:</strong></p> <ul> <li>Content sites with occasional interactivity</li> <li>Marketing pages with interactive demos</li> <li>Blogs with embedded widgets</li> </ul> <p><strong>Examples:</strong> Astro-based sites, some marketing websites</p> <p><strong>Pros:</strong></p> <ul> <li>Minimal JavaScript sent to browser</li> <li>Fast performance</li> <li>Progressive enhancement</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Limited interactivity patterns</li> <li>Newer pattern with fewer resources</li> <li>Learning curve for proper island boundaries</li> </ul> <p><strong>Popular Tools:</strong> Astro, Fresh (Deno), Marko</p> <h2> Application Architecture Patterns </h2> <h3> 6. Monolithic Frontend </h3> <p><strong>What It Is:</strong><br> A single codebase containing all frontend features, built and deployed as one unit.</p> <p><strong>Structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>my-app/ ├── src/ │ ├── features/ │ │ ├── auth/ │ │ ├── dashboard/ │ │ ├── products/ │ │ └── checkout/ │ └── shared/ </code></pre> </div> <p><strong>Best For:</strong></p> <ul> <li>Small to medium teams</li> <li>Startups and MVPs</li> <li>Applications with cohesive features</li> </ul> <p><strong>Pros:</strong></p> <ul> <li>Simpler to develop and test</li> <li>Easier dependency management</li> <li>Straightforward deployment</li> <li>Better code reuse</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Entire app redeploys for small changes</li> <li>Can become unwieldy at scale</li> <li>Harder for multiple teams to work independently</li> </ul> <h3> 7. Micro-Frontends </h3> <p><strong>What It Is:</strong><br> Breaking the frontend into independently deployable units, each owned by different teams.</p> <p><strong>Structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>shell-app (container) ├── imports: auth-app (Team A) ├── imports: products-app (Team B) ├── imports: checkout-app (Team C) └── shared-library </code></pre> </div> <p><strong>Best For:</strong></p> <ul> <li>Large organizations with multiple teams</li> <li>Applications with distinct business domains</li> <li>Legacy migration strategies</li> </ul> <p><strong>Examples:</strong> Spotify, Ikea, Zalando</p> <p><strong>Implementation Approaches:</strong></p> <p><strong>1. Build-Time Integration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Shell imports other apps as npm packages</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AuthApp</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@company/auth-app</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ProductsApp</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@company/products-app</span><span class="dl">'</span><span class="p">;</span> </code></pre> </div> <p><strong>2. Runtime Integration (Module Federation):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Webpack Module Federation</span> <span class="kd">const</span> <span class="nx">AuthApp</span> <span class="o">=</span> <span class="nx">React</span><span class="p">.</span><span class="nf">lazy</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="k">import</span><span class="p">(</span><span class="dl">'</span><span class="s1">auth_app/AuthApp</span><span class="dl">'</span><span class="p">));</span> </code></pre> </div> <p><strong>3. iFrame Integration:</strong><br> Different apps loaded in iframes (simplest but limited)</p> <p><strong>Pros:</strong></p> <ul> <li>Teams work independently</li> <li>Technology agnostic (mix React, Vue, Angular)</li> <li>Deploy features without coordinating</li> <li>Fault isolation</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Increased complexity</li> <li>Duplicate dependencies possible</li> <li>Harder to maintain consistency</li> <li>Performance overhead from multiple bundles</li> </ul> <p><strong>Popular Tools:</strong> Module Federation (Webpack 5), Single-SPA, Bit</p> <h3> 8. Jamstack Architecture </h3> <p><strong>What It Is:</strong><br> JavaScript + APIs + Markup - decoupling frontend from backend, using APIs for dynamic functionality.</p> <p><strong>Structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Static Site (SSG/ISR) → CDN → APIs (headless CMS, auth, payment) → Database </code></pre> </div> <p><strong>Best For:</strong></p> <ul> <li>Content-driven sites</li> <li>E-commerce with headless CMS</li> <li>Applications needing global distribution</li> </ul> <p><strong>Examples:</strong> Netlify, Vercel deployments</p> <p><strong>Pros:</strong></p> <ul> <li>Excellent performance (CDN-served)</li> <li>Better security (no server to hack)</li> <li>Scalability built-in</li> <li>Developer experience</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>API dependencies</li> <li>Build times for large sites</li> <li>Limited real-time capabilities</li> </ul> <p><strong>Popular Stack:</strong> Next.js/Gatsby + Contentful/Sanity + Stripe API + Auth0</p> <h3> 9. Progressive Web Apps (PWA) </h3> <p><strong>What It Is:</strong><br> Web applications that behave like native apps with offline support, push notifications, and installation.</p> <p><strong>Key Features:</strong></p> <ul> <li>Service Workers for offline functionality</li> <li>Web App Manifest for installation</li> <li>Push notifications</li> <li>Background sync</li> </ul> <p><strong>Best For:</strong></p> <ul> <li>Mobile-first applications</li> <li>Apps needing offline access</li> <li>Reducing native app development costs</li> </ul> <p><strong>Examples:</strong> Twitter Lite, Starbucks, Pinterest</p> <p><strong>Pros:</strong></p> <ul> <li>Works offline</li> <li>Installable on devices</li> <li>Lower development cost than native</li> <li>Cross-platform</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Limited access to device features</li> <li>iOS support limitations</li> <li>Larger initial cache</li> </ul> <h2> Choosing the Right Architecture </h2> <p><strong>Decision Matrix:</strong></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Need</th> <th>Best Choice</th> </tr> </thead> <tbody> <tr> <td>SEO critical</td> <td>SSR or SSG</td> </tr> <tr> <td>High interactivity</td> <td>CSR or SSR</td> </tr> <tr> <td>Content rarely changes</td> <td>SSG</td> </tr> <tr> <td>Content updates frequently</td> <td>ISR or SSR</td> </tr> <tr> <td>Minimal JavaScript</td> <td>Islands or SSG</td> </tr> <tr> <td>Large organization</td> <td>Micro-Frontends</td> </tr> <tr> <td>Small team</td> <td>Monolithic</td> </tr> <tr> <td>Global performance</td> <td>Jamstack</td> </tr> <tr> <td>Offline functionality</td> <td>PWA</td> </tr> </tbody> </table></div> <h2> Hybrid Approaches: The Modern Way </h2> <p>Most production applications combine multiple patterns:</p> <p><strong>E-commerce Example:</strong></p> <ul> <li>Homepage: SSG (marketing content)</li> <li>Product pages: ISR (updated hourly)</li> <li>User dashboard: CSR (behind auth)</li> <li>Search: SSR (SEO needed)</li> </ul> <p><strong>Next.js Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Per-page rendering choice</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getStaticProps</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// SSG</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getServerSideProps</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// SSR</span> <span class="p">}</span> <span class="c1">// Or use 'use client' for CSR components</span> </code></pre> </div> <h2> Conclusion </h2> <p>There's no one-size-fits-all architecture. Modern frameworks like Next.js, Nuxt, and SvelteKit let you mix patterns per page. Start with these principles:</p> <ol> <li> <strong>SSG by default</strong> for best performance</li> <li> <strong>ISR for dynamic content</strong> that updates periodically</li> <li> <strong>SSR for personalized pages</strong> needing SEO</li> <li> <strong>CSR for authenticated</strong> highly interactive apps</li> <li> <strong>Monolithic unless</strong> you have multiple teams</li> <li> <strong>Consider Micro-Frontends</strong> only at scale</li> </ol> <p>The best architecture is the one that meets your current needs while allowing room to evolve. Start simple, measure performance, and adapt as you grow.</p> frontend programming javascript frontendchallenge Hexagonal Architecture: A Complete Guide to Building Flexible and Testable Applications sizan mahmud0 Mon, 29 Dec 2025 06:08:51 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/hexagonal-architecture-a-complete-guide-to-building-flexible-and-testable-applications-k1l https://dev.to/sizan_mahmud0_e7c3fd0cb68/hexagonal-architecture-a-complete-guide-to-building-flexible-and-testable-applications-k1l <p>Hexagonal Architecture, also known as Ports and Adapters pattern, is a software design approach that creates loosely coupled, testable, and maintainable applications. If you've ever struggled with tangled dependencies or found it difficult to swap out frameworks, this architecture might be your solution.</p> <h2> What is Hexagonal Architecture? </h2> <p>Hexagonal Architecture separates your application into distinct layers, with your business logic at the center, completely isolated from external concerns like databases, APIs, or user interfaces. The "hexagon" shape is symbolic—it represents that your core application can have multiple sides, each connecting to different external systems through well-defined interfaces.</p> <p>Created by Alistair Cockburn in 2005, this pattern solves a common problem: applications become tightly coupled to their frameworks, databases, and external services, making them rigid and difficult to test or modify.</p> <h2> The Core Concepts </h2> <p><strong>The Domain (Inside the Hexagon)</strong><br> The innermost layer contains your business logic and domain models. This is the heart of your application—the rules, calculations, and workflows that define what your application does. This layer knows nothing about databases, web frameworks, or external APIs.</p> <p><strong>Ports (The Interfaces)</strong><br> Ports are the entry and exit points of your application. They're simply interfaces that define how the outside world can interact with your domain. There are two types: primary ports (driving ports) that allow external actors to use your application, and secondary ports (driven ports) that your application uses to interact with external systems.</p> <p><strong>Adapters (The Connectors)</strong><br> Adapters are concrete implementations that connect the real world to your ports. A REST controller is an adapter that translates HTTP requests into calls to your domain. A database repository is an adapter that translates your domain's storage needs into actual database operations.</p> <h2> How Hexagonal Architecture Works </h2> <p>Imagine you're building an e-commerce application. Your domain contains business rules like "calculate order total," "apply discount codes," and "validate inventory." This logic shouldn't care whether orders come from a web browser, mobile app, or API.</p> <p><strong>Primary Adapters (Driving)</strong><br> When a user places an order through your web interface, a REST controller adapter receives the HTTP request, translates it into a domain command, and passes it through a primary port to your domain logic. The domain processes the order without knowing anything about HTTP or JSON.</p> <p><strong>Secondary Adapters (Driven)</strong><br> When your domain needs to check inventory, it calls a secondary port interface like <code>InventoryRepository</code>. An adapter implementing this interface translates the call into actual database queries. Your domain doesn't know if inventory data comes from PostgreSQL, MongoDB, or an external API—it just uses the port interface.</p> <p>This separation means you can swap MySQL for PostgreSQL, replace your REST API with GraphQL, or add a mobile app interface without touching your business logic.</p> <h2> Key Benefits </h2> <p><strong>Testability</strong><br> Since your domain logic doesn't depend on external systems, you can test it in isolation using mock implementations of your ports. No need to spin up databases or external services for unit tests. Testing becomes faster and more reliable.</p> <p><strong>Flexibility</strong><br> Want to try a different database? Switch from REST to GraphQL? Add a CLI interface? Just create new adapters without modifying your core business logic. This flexibility is invaluable as requirements evolve.</p> <p><strong>Technology Independence</strong><br> Your business logic isn't locked into any framework or technology. If a better framework emerges, you can migrate without rewriting your domain. This protects your investment in the most valuable part of your codebase.</p> <p><strong>Clear Boundaries</strong><br> The architecture enforces clear separation of concerns. Developers immediately understand where different types of code belong. Business logic stays in the domain, infrastructure code stays in adapters.</p> <h2> Practical Implementation Example </h2> <p>Let's look at a simple order processing flow:</p> <p>Your domain defines a port interface:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>OrderService (port) - with method processOrder() </code></pre> </div> <p>The domain implements the business logic without external dependencies. It also defines what it needs from the outside:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PaymentGateway (port) - with method charge() OrderRepository (port) - with method save() </code></pre> </div> <p>Adapters provide concrete implementations:</p> <ul> <li>RestOrderController implements the primary adapter to receive web requests</li> <li>StripePaymentAdapter implements PaymentGateway for Stripe integration</li> <li>PostgresOrderRepository implements OrderRepository for database storage</li> </ul> <p>When a request comes in, it flows: REST Controller → OrderService (domain) → Payment and Repository adapters. The domain orchestrates the business logic while adapters handle technical details.</p> <h2> When to Use Hexagonal Architecture </h2> <p>This architecture shines in applications where business logic complexity justifies the additional structure. It's ideal for long-lived applications that need to evolve, systems requiring multiple interfaces (web, mobile, API, CLI), or projects where technology decisions might change.</p> <p>For simple CRUD applications or prototypes, hexagonal architecture might be overkill. The added abstraction layers can feel like unnecessary ceremony when your application logic is straightforward.</p> <h2> Getting Started </h2> <p>Start by identifying your core business logic and separating it from infrastructure concerns. Define port interfaces for external interactions. Create adapters to connect real implementations to your ports. Remember, you don't need to implement everything perfectly from day one—apply the pattern where it adds value and refactor gradually.</p> <p>The key insight of Hexagonal Architecture is simple: keep your business logic pure and isolated, and connect to the outside world through well-defined interfaces. This seemingly simple principle leads to applications that are easier to test, maintain, and evolve over time.</p> systemdesign programming webdev frontend 10 Next.js Packages Every Developer Must Know Before Writing a Single Line of Code sizan mahmud0 Wed, 24 Dec 2025 08:34:53 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/10-nextjs-packages-every-developer-must-know-before-writing-a-single-line-of-code-5674 https://dev.to/sizan_mahmud0_e7c3fd0cb68/10-nextjs-packages-every-developer-must-know-before-writing-a-single-line-of-code-5674 <p>Starting a Next.js project without these packages is like building a house without power tools. Sure, you can do it, but why would you when better solutions exist?</p> <p>After building 50+ Next.js applications, I've learned that the right packages at the start save weeks of work later. These aren't just nice-to-haves—they're the difference between a prototype and a production-ready application.</p> <p>If you're about to run <code>npx create-next-app</code>, stop. Read this first. These 10 packages will save you from countless headaches and make you look like a Next.js wizard.</p> <h2> 1. Zod: Type-Safe Data Validation That Actually Works </h2> <p><strong>Install</strong>: <code>npm install zod</code></p> <p><strong>The Problem</strong>: User input is evil. Forms, API responses, environment variables—nothing can be trusted. TypeScript types disappear at runtime, leaving you vulnerable.</p> <p><strong>The Solution</strong>: Zod provides runtime validation with TypeScript type inference. It's like having a bouncer at every data entry point.</p> <h3> Basic Usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Define a schema</span> <span class="kd">const</span> <span class="nx">UserSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Name is required</span><span class="dl">"</span><span class="p">),</span> <span class="na">email</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">email</span><span class="p">(</span><span class="dl">"</span><span class="s2">Invalid email format</span><span class="dl">"</span><span class="p">),</span> <span class="na">age</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">18</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Must be 18 or older</span><span class="dl">"</span><span class="p">),</span> <span class="na">role</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">enum</span><span class="p">([</span><span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">guest</span><span class="dl">'</span><span class="p">]),</span> <span class="na">website</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">url</span><span class="p">().</span><span class="nf">optional</span><span class="p">(),</span> <span class="p">});</span> <span class="c1">// Type inference (no need to write types twice!)</span> <span class="kd">type</span> <span class="nx">User</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nx">infer</span><span class="o">&lt;</span><span class="k">typeof</span> <span class="nx">UserSchema</span><span class="o">&gt;</span><span class="p">;</span> <span class="c1">// Validate data</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">UserSchema</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">formData</span><span class="p">);</span> <span class="c1">// user is now typed and validated</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">z</span><span class="p">.</span><span class="nx">ZodError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">errors</span><span class="p">);</span> <span class="c1">// Detailed error messages</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Real-World Next.js API Route </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/api/users/route.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">CreateUserSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">2</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">50</span><span class="p">),</span> <span class="na">email</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">email</span><span class="p">(),</span> <span class="na">password</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">8</span><span class="p">).</span><span class="nf">regex</span><span class="p">(</span> <span class="sr">/^</span><span class="se">(?=</span><span class="sr">.*</span><span class="se">[</span><span class="sr">a-z</span><span class="se">])(?=</span><span class="sr">.*</span><span class="se">[</span><span class="sr">A-Z</span><span class="se">])(?=</span><span class="sr">.*</span><span class="se">\d)</span><span class="sr">/</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Password must contain uppercase, lowercase, and number</span><span class="dl">"</span> <span class="p">),</span> <span class="na">confirmPassword</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="p">}).</span><span class="nf">refine</span><span class="p">((</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">data</span><span class="p">.</span><span class="nx">password</span> <span class="o">===</span> <span class="nx">data</span><span class="p">.</span><span class="nx">confirmPassword</span><span class="p">,</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Passwords don't match</span><span class="dl">"</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">confirmPassword</span><span class="dl">"</span><span class="p">],</span> <span class="p">});</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">validatedData</span> <span class="o">=</span> <span class="nx">CreateUserSchema</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">body</span><span class="p">);</span> <span class="c1">// Now safely use validatedData</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">createUser</span><span class="p">(</span><span class="nx">validatedData</span><span class="p">);</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">201</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">z</span><span class="p">.</span><span class="nx">ZodError</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">errors</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">errors</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Internal server error</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Environment Variables Validation </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/env.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">envSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">DATABASE_URL</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">url</span><span class="p">(),</span> <span class="na">NEXTAUTH_SECRET</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">32</span><span class="p">),</span> <span class="na">STRIPE_SECRET_KEY</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">sk_</span><span class="dl">'</span><span class="p">),</span> <span class="na">NODE_ENV</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">enum</span><span class="p">([</span><span class="dl">'</span><span class="s1">development</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">production</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">]),</span> <span class="p">});</span> <span class="c1">// Validate on startup</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">env</span> <span class="o">=</span> <span class="nx">envSchema</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">);</span> <span class="c1">// Now you have type-safe, validated env vars</span> <span class="c1">// env.DATABASE_URL is guaranteed to be a valid URL</span> </code></pre> </div> <p><strong>Why it's essential</strong>: Catches bugs at runtime, provides amazing error messages, and eliminates the need to write validation logic manually. Used by Vercel, Clerk, and thousands of Next.js apps.</p> <h2> 2. React Hook Form + Zod: Forms Without Tears </h2> <p><strong>Install</strong>: <code>npm install react-hook-form @hookform/resolvers</code></p> <p><strong>The Problem</strong>: Forms in React are notoriously painful. Managing state, validation, errors, and submissions manually is error-prone and verbose.</p> <p><strong>The Solution</strong>: React Hook Form provides performant, flexible forms with minimal re-renders. Combine it with Zod for bulletproof validation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useForm</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react-hook-form</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">zodResolver</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@hookform/resolvers/zod</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">signupSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Username must be at least 3 characters</span><span class="dl">"</span><span class="p">),</span> <span class="na">email</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">email</span><span class="p">(</span><span class="dl">"</span><span class="s2">Invalid email address</span><span class="dl">"</span><span class="p">),</span> <span class="na">password</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">8</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Password must be at least 8 characters</span><span class="dl">"</span><span class="p">),</span> <span class="na">confirmPassword</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">(),</span> <span class="p">}).</span><span class="nf">refine</span><span class="p">((</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">data</span><span class="p">.</span><span class="nx">password</span> <span class="o">===</span> <span class="nx">data</span><span class="p">.</span><span class="nx">confirmPassword</span><span class="p">,</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Passwords don't match</span><span class="dl">"</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">confirmPassword</span><span class="dl">"</span><span class="p">],</span> <span class="p">});</span> <span class="kd">type</span> <span class="nx">SignupFormData</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nx">infer</span><span class="o">&lt;</span><span class="k">typeof</span> <span class="nx">signupSchema</span><span class="o">&gt;</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">SignupForm</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">register</span><span class="p">,</span> <span class="nx">handleSubmit</span><span class="p">,</span> <span class="na">formState</span><span class="p">:</span> <span class="p">{</span> <span class="nx">errors</span><span class="p">,</span> <span class="nx">isSubmitting</span> <span class="p">},</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">useForm</span><span class="o">&lt;</span><span class="nx">SignupFormData</span><span class="o">&gt;</span><span class="p">({</span> <span class="na">resolver</span><span class="p">:</span> <span class="nf">zodResolver</span><span class="p">(</span><span class="nx">signupSchema</span><span class="p">),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">onSubmit</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">data</span><span class="p">:</span> <span class="nx">SignupFormData</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/signup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">data</span><span class="p">),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Handle success</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">User created!</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Signup failed:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">form</span> <span class="nx">onSubmit</span><span class="o">=</span><span class="p">{</span><span class="nf">handleSubmit</span><span class="p">(</span><span class="nx">onSubmit</span><span class="p">)}</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">space-y-4</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">input</span> <span class="p">{...</span><span class="nf">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">username</span><span class="dl">'</span><span class="p">)}</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Username</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">w-full px-4 py-2 border rounded</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="p">{</span><span class="nx">errors</span><span class="p">.</span><span class="nx">username</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-red-500 text-sm mt-1</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">errors</span><span class="p">.</span><span class="nx">username</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">input</span> <span class="p">{...</span><span class="nf">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">)}</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">email</span><span class="dl">"</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Email</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">w-full px-4 py-2 border rounded</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="p">{</span><span class="nx">errors</span><span class="p">.</span><span class="nx">email</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-red-500 text-sm mt-1</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">errors</span><span class="p">.</span><span class="nx">email</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">input</span> <span class="p">{...</span><span class="nf">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="p">)}</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">w-full px-4 py-2 border rounded</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="p">{</span><span class="nx">errors</span><span class="p">.</span><span class="nx">password</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-red-500 text-sm mt-1</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">errors</span><span class="p">.</span><span class="nx">password</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">input</span> <span class="p">{...</span><span class="nf">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">confirmPassword</span><span class="dl">'</span><span class="p">)}</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Confirm Password</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">w-full px-4 py-2 border rounded</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="p">{</span><span class="nx">errors</span><span class="p">.</span><span class="nx">confirmPassword</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-red-500 text-sm mt-1</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">errors</span><span class="p">.</span><span class="nx">confirmPassword</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">button</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span> <span class="nx">disabled</span><span class="o">=</span><span class="p">{</span><span class="nx">isSubmitting</span><span class="p">}</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">w-full bg-blue-600 text-white py-2 rounded hover:bg-blue-700 disabled:opacity-50</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="p">{</span><span class="nx">isSubmitting</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">Creating account...</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">Sign Up</span><span class="dl">'</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/form</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why it's essential</strong>: </p> <ul> <li>Minimal re-renders (better performance)</li> <li>Built-in validation</li> <li>Easy error handling</li> <li>Works perfectly with Server Actions</li> <li>Reduces form code by 60%</li> </ul> <h2> 3. ShadCN UI: Copy-Paste Components That Look Professional </h2> <p><strong>Install</strong>: <code>npx shadcn-ui@latest init</code></p> <p><strong>The Problem</strong>: Building UI from scratch is time-consuming. Component libraries like Material-UI or Chakra are great but add bloat and lock you into their ecosystem.</p> <p><strong>The Solution</strong>: ShadCN UI is not a library—it's a collection of copy-paste components built with Radix UI and Tailwind. You own the code completely.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install components as needed</span> npx shadcn-ui@latest add button npx shadcn-ui@latest add dialog npx shadcn-ui@latest add dropdown-menu </code></pre> </div> <h3> Example: Professional Modal Dialog </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Dialog</span><span class="p">,</span> <span class="nx">DialogContent</span><span class="p">,</span> <span class="nx">DialogDescription</span><span class="p">,</span> <span class="nx">DialogHeader</span><span class="p">,</span> <span class="nx">DialogTitle</span><span class="p">,</span> <span class="nx">DialogTrigger</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/components/ui/dialog</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Button</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/components/ui/button</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">DeleteConfirmDialog</span><span class="p">({</span> <span class="nx">onConfirm</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">onConfirm</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">Dialog</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">DialogTrigger</span> <span class="nx">asChild</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Button</span> <span class="nx">variant</span><span class="o">=</span><span class="dl">"</span><span class="s2">destructive</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Delete</span> <span class="nx">Account</span><span class="o">&lt;</span><span class="sr">/Button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/DialogTrigger</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">DialogContent</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">DialogHeader</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">DialogTitle</span><span class="o">&gt;</span><span class="nx">Are</span> <span class="nx">you</span> <span class="nx">absolutely</span> <span class="nx">sure</span><span class="p">?</span><span class="o">&lt;</span><span class="sr">/DialogTitle</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">DialogDescription</span><span class="o">&gt;</span> <span class="nx">This</span> <span class="nx">action</span> <span class="nx">cannot</span> <span class="nx">be</span> <span class="nx">undone</span><span class="p">.</span> <span class="nx">This</span> <span class="nx">will</span> <span class="nx">permanently</span> <span class="k">delete</span> <span class="nx">your</span> <span class="nx">account</span> <span class="nx">and</span> <span class="nx">remove</span> <span class="nx">your</span> <span class="nx">data</span> <span class="k">from</span> <span class="nx">our</span> <span class="nx">servers</span><span class="p">.</span> <span class="o">&lt;</span><span class="sr">/DialogDescription</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/DialogHeader</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex justify-end gap-3</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Button</span> <span class="nx">variant</span><span class="o">=</span><span class="dl">"</span><span class="s2">outline</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Cancel</span><span class="o">&lt;</span><span class="sr">/Button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">Button</span> <span class="nx">variant</span><span class="o">=</span><span class="dl">"</span><span class="s2">destructive</span><span class="dl">"</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{</span><span class="nx">onConfirm</span><span class="p">}</span><span class="o">&gt;</span> <span class="nx">Delete</span> <span class="nx">Account</span> <span class="o">&lt;</span><span class="sr">/Button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/DialogContent</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/Dialog</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Available Components</strong>:</p> <ul> <li>Buttons, Forms, Inputs</li> <li>Dialogs, Dropdowns, Tooltips</li> <li>Tables, Cards, Tabs</li> <li>Date Pickers, Calendars</li> <li>And 40+ more</li> </ul> <p><strong>Why it's essential</strong>: </p> <ul> <li>No runtime overhead (just your code)</li> <li>Fully customizable with Tailwind</li> <li>Accessible by default (Radix UI)</li> <li>Production-ready styling</li> <li>Copy once, modify forever</li> </ul> <h2> 4. NextAuth.js: Authentication That Just Works </h2> <p><strong>Install</strong>: <code>npm install next-auth</code></p> <p><strong>The Problem</strong>: Building authentication from scratch is a security nightmare. Sessions, tokens, OAuth, password hashing—it's complex and risky.</p> <p><strong>The Solution</strong>: NextAuth.js handles everything: email/password, OAuth (Google, GitHub, etc.), magic links, JWTs, and more.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/api/auth/[...nextauth]/route.ts</span> <span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">GoogleProvider</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/google</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">GitHubProvider</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/github</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">CredentialsProvider</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/providers/credentials</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">PrismaAdapter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@auth/prisma-adapter</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">prisma</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/prisma</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">bcrypt</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">bcryptjs</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">handler</span> <span class="o">=</span> <span class="nc">NextAuth</span><span class="p">({</span> <span class="na">adapter</span><span class="p">:</span> <span class="nc">PrismaAdapter</span><span class="p">(</span><span class="nx">prisma</span><span class="p">),</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="nc">GoogleProvider</span><span class="p">({</span> <span class="na">clientId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_CLIENT_ID</span><span class="o">!</span><span class="p">,</span> <span class="na">clientSecret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_CLIENT_SECRET</span><span class="o">!</span><span class="p">,</span> <span class="p">}),</span> <span class="nc">GitHubProvider</span><span class="p">({</span> <span class="na">clientId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GITHUB_ID</span><span class="o">!</span><span class="p">,</span> <span class="na">clientSecret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GITHUB_SECRET</span><span class="o">!</span><span class="p">,</span> <span class="p">}),</span> <span class="nc">CredentialsProvider</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Credentials</span><span class="dl">"</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Email</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">email</span><span class="dl">"</span> <span class="p">},</span> <span class="na">password</span><span class="p">:</span> <span class="p">{</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="p">}</span> <span class="p">},</span> <span class="k">async</span> <span class="nf">authorize</span><span class="p">(</span><span class="nx">credentials</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">credentials</span><span class="p">?.</span><span class="nx">email</span> <span class="o">||</span> <span class="o">!</span><span class="nx">credentials</span><span class="p">?.</span><span class="nx">password</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nf">findUnique</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">credentials</span><span class="p">.</span><span class="nx">email</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span> <span class="o">||</span> <span class="o">!</span><span class="nx">user</span><span class="p">.</span><span class="nx">hashedPassword</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">isValid</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span> <span class="nx">credentials</span><span class="p">.</span><span class="nx">password</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">hashedPassword</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">isValid</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}),</span> <span class="p">],</span> <span class="na">session</span><span class="p">:</span> <span class="p">{</span> <span class="na">strategy</span><span class="p">:</span> <span class="dl">"</span><span class="s2">jwt</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="na">pages</span><span class="p">:</span> <span class="p">{</span> <span class="na">signIn</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="na">signOut</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/logout</span><span class="dl">'</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/error</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">callbacks</span><span class="p">:</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">jwt</span><span class="p">({</span> <span class="nx">token</span><span class="p">,</span> <span class="nx">user</span> <span class="p">})</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="nx">token</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">token</span><span class="p">;</span> <span class="p">},</span> <span class="k">async</span> <span class="nf">session</span><span class="p">({</span> <span class="nx">session</span><span class="p">,</span> <span class="nx">token</span> <span class="p">})</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">token</span><span class="p">.</span><span class="nx">id</span> <span class="k">as</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">session</span><span class="p">;</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">handler</span> <span class="k">as</span> <span class="nx">GET</span><span class="p">,</span> <span class="nx">handler</span> <span class="k">as</span> <span class="nx">POST</span> <span class="p">};</span> </code></pre> </div> <h3> Using Auth in Components </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useSession</span><span class="p">,</span> <span class="nx">signIn</span><span class="p">,</span> <span class="nx">signOut</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/react</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">ProfileButton</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">session</span><span class="p">,</span> <span class="nx">status</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useSession</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">loading</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span><span class="nx">Loading</span><span class="p">...</span><span class="o">&lt;</span><span class="sr">/div&gt;</span><span class="err">; </span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex items-center gap-3</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">span</span><span class="o">&gt;</span><span class="nx">Welcome</span><span class="p">,</span> <span class="p">{</span><span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">?.</span><span class="nx">name</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/span</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{()</span> <span class="o">=&gt;</span> <span class="nf">signOut</span><span class="p">()}</span><span class="o">&gt;</span><span class="nx">Sign</span> <span class="nx">Out</span><span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{()</span> <span class="o">=&gt;</span> <span class="nf">signIn</span><span class="p">()}</span><span class="o">&gt;</span><span class="nx">Sign</span> <span class="nx">In</span><span class="o">&lt;</span><span class="sr">/button&gt;</span><span class="err">; </span><span class="p">}</span> </code></pre> </div> <h3> Protecting Server Components </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">getServerSession</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/next</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/navigation</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">ProtectedPage</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getServerSession</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="nf">redirect</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">h1</span><span class="o">&gt;</span><span class="nx">Welcome</span><span class="p">,</span> <span class="p">{</span><span class="nx">session</span><span class="p">.</span><span class="nx">user</span><span class="p">?.</span><span class="nx">name</span><span class="p">}</span><span class="o">!&lt;</span><span class="sr">/h1&gt;</span><span class="err">; </span><span class="p">}</span> </code></pre> </div> <p><strong>Why it's essential</strong>: Authentication is hard. NextAuth.js is battle-tested, secure, and handles edge cases you didn't know existed.</p> <h2> 5. Prisma: The ORM That Makes Databases Fun </h2> <p><strong>Install</strong>: <code>npm install prisma @prisma/client &amp;&amp; npx prisma init</code></p> <p><strong>The Problem</strong>: Writing raw SQL is error-prone. Traditional ORMs are clunky and slow. Type safety between database and code is manual.</p> <p><strong>The Solution</strong>: Prisma provides type-safe database access with an intuitive API, migrations, and works perfectly with Next.js Server Components.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// prisma/schema.prisma datasource db { provider = "postgresql" url = env("DATABASE_URL") } generator client { provider = "prisma-client-js" } model User { id String @id @default(cuid()) email String @unique name String? posts Post[] createdAt DateTime @default(now()) updatedAt DateTime @updatedAt } model Post { id String @id @default(cuid()) title String content String? published Boolean @default(false) author User @relation(fields: [authorId], references: [id]) authorId String createdAt DateTime @default(now()) updatedAt DateTime @updatedAt } </code></pre> </div> <h3> Type-Safe Database Queries </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/prisma.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">PrismaClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@prisma/client</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">globalForPrisma</span> <span class="o">=</span> <span class="nb">global</span> <span class="k">as</span> <span class="nx">unknown</span> <span class="k">as</span> <span class="p">{</span> <span class="na">prisma</span><span class="p">:</span> <span class="nx">PrismaClient</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">prisma</span> <span class="o">=</span> <span class="nx">globalForPrisma</span><span class="p">.</span><span class="nx">prisma</span> <span class="o">||</span> <span class="k">new</span> <span class="nc">PrismaClient</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">production</span><span class="dl">'</span><span class="p">)</span> <span class="nx">globalForPrisma</span><span class="p">.</span><span class="nx">prisma</span> <span class="o">=</span> <span class="nx">prisma</span><span class="p">;</span> <span class="c1">// app/api/posts/route.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">prisma</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/prisma</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">GET</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">posts</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nx">post</span><span class="p">.</span><span class="nf">findMany</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">published</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="na">include</span><span class="p">:</span> <span class="p">{</span> <span class="na">author</span><span class="p">:</span> <span class="p">{</span> <span class="na">select</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="na">orderBy</span><span class="p">:</span> <span class="p">{</span> <span class="na">createdAt</span><span class="p">:</span> <span class="dl">'</span><span class="s1">desc</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">take</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">posts</span><span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">post</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nx">post</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="nx">body</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">body</span><span class="p">.</span><span class="nx">content</span><span class="p">,</span> <span class="na">author</span><span class="p">:</span> <span class="p">{</span> <span class="na">connect</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">body</span><span class="p">.</span><span class="nx">authorId</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">post</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">201</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why it's essential</strong>:</p> <ul> <li>Auto-generated TypeScript types</li> <li>Intuitive query API</li> <li>Built-in migrations</li> <li>Excellent Next.js integration</li> <li>Active development and community</li> </ul> <h2> 6. TanStack Query (React Query): Server State Management Done Right </h2> <p><strong>Install</strong>: <code>npm install @tanstack/react-query</code></p> <p><strong>The Problem</strong>: Managing server state (API data) with useState/useEffect is a mess. Caching, refetching, loading states—it's boilerplate hell.</p> <p><strong>The Solution</strong>: TanStack Query handles all server state concerns: caching, background updates, pagination, infinite scroll, and more.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/providers.tsx</span> <span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">QueryClient</span><span class="p">,</span> <span class="nx">QueryClientProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@tanstack/react-query</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ReactQueryDevtools</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@tanstack/react-query-devtools</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useState</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">Providers</span><span class="p">({</span> <span class="nx">children</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">ReactNode</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">queryClient</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nc">QueryClient</span><span class="p">());</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">QueryClientProvider</span> <span class="nx">client</span><span class="o">=</span><span class="p">{</span><span class="nx">queryClient</span><span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">children</span><span class="p">}</span> <span class="o">&lt;</span><span class="nx">ReactQueryDevtools</span> <span class="nx">initialIsOpen</span><span class="o">=</span><span class="p">{</span><span class="kc">false</span><span class="p">}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/QueryClientProvider</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> Using in Components </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useQuery</span><span class="p">,</span> <span class="nx">useMutation</span><span class="p">,</span> <span class="nx">useQueryClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@tanstack/react-query</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">Post</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">content</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">PostList</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">queryClient</span> <span class="o">=</span> <span class="nf">useQueryClient</span><span class="p">();</span> <span class="c1">// Fetch posts with automatic caching</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">posts</span><span class="p">,</span> <span class="nx">isLoading</span><span class="p">,</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useQuery</span><span class="p">({</span> <span class="na">queryKey</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">posts</span><span class="dl">'</span><span class="p">],</span> <span class="na">queryFn</span><span class="p">:</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/posts</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to fetch posts</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">as</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Post</span><span class="p">[]</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">},</span> <span class="na">staleTime</span><span class="p">:</span> <span class="mi">5</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="c1">// 5 minutes</span> <span class="na">refetchOnWindowFocus</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Mutation for creating posts</span> <span class="kd">const</span> <span class="nx">createPost</span> <span class="o">=</span> <span class="nf">useMutation</span><span class="p">({</span> <span class="na">mutationFn</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="na">newPost</span><span class="p">:</span> <span class="nb">Omit</span><span class="o">&lt;</span><span class="nx">Post</span><span class="p">,</span> <span class="dl">'</span><span class="s1">id</span><span class="dl">'</span><span class="o">&gt;</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/posts</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">newPost</span><span class="p">),</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="p">},</span> <span class="na">onSuccess</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Invalidate and refetch posts</span> <span class="nx">queryClient</span><span class="p">.</span><span class="nf">invalidateQueries</span><span class="p">({</span> <span class="na">queryKey</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">posts</span><span class="dl">'</span><span class="p">]</span> <span class="p">});</span> <span class="p">},</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">isLoading</span><span class="p">)</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span><span class="nx">Loading</span> <span class="nx">posts</span><span class="p">...</span><span class="o">&lt;</span><span class="sr">/div&gt;</span><span class="err">; </span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span><span class="nb">Error</span> <span class="nx">loading</span> <span class="nx">posts</span><span class="o">&lt;</span><span class="sr">/div&gt;</span><span class="err">; </span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">posts</span><span class="p">?.</span><span class="nf">map</span><span class="p">((</span><span class="nx">post</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">key</span><span class="o">=</span><span class="p">{</span><span class="nx">post</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h3</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">post</span><span class="p">.</span><span class="nx">title</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/h3</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">p</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">post</span><span class="p">.</span><span class="nx">content</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">))}</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{()</span> <span class="o">=&gt;</span> <span class="nx">createPost</span><span class="p">.</span><span class="nf">mutate</span><span class="p">({</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">New Post</span><span class="dl">'</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Content</span><span class="dl">'</span> <span class="p">})}</span><span class="o">&gt;</span> <span class="nx">Create</span> <span class="nx">Post</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why it's essential</strong>:</p> <ul> <li>Eliminates 90% of data-fetching boilerplate</li> <li>Automatic caching and background updates</li> <li>Built-in loading/error states</li> <li>Optimistic updates</li> <li>Works perfectly with Next.js Server Components</li> </ul> <h2> 7. Zustand: State Management That Doesn't Hurt </h2> <p><strong>Install</strong>: <code>npm install zustand</code></p> <p><strong>The Problem</strong>: Redux is overkill. Context API causes unnecessary re-renders. You need simple global state without the ceremony.</p> <p><strong>The Solution</strong>: Zustand provides a minimal, fast state management solution with zero boilerplate.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// store/useAuthStore.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">create</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zustand</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">persist</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zustand/middleware</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">User</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="kr">interface</span> <span class="nx">AuthStore</span> <span class="p">{</span> <span class="nl">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">token</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">login</span><span class="p">:</span> <span class="p">(</span><span class="nx">user</span><span class="p">:</span> <span class="nx">User</span><span class="p">,</span> <span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">logout</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">updateUser</span><span class="p">:</span> <span class="p">(</span><span class="nx">user</span><span class="p">:</span> <span class="nb">Partial</span><span class="o">&lt;</span><span class="nx">User</span><span class="o">&gt;</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">useAuthStore</span> <span class="o">=</span> <span class="nx">create</span><span class="o">&lt;</span><span class="nx">AuthStore</span><span class="o">&gt;</span><span class="p">()(</span> <span class="nf">persist</span><span class="p">(</span> <span class="p">(</span><span class="kd">set</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">user</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="na">token</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="na">login</span><span class="p">:</span> <span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">token</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">set</span><span class="p">({</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">token</span> <span class="p">}),</span> <span class="na">logout</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nf">set</span><span class="p">({</span> <span class="na">user</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="na">token</span><span class="p">:</span> <span class="kc">null</span> <span class="p">}),</span> <span class="na">updateUser</span><span class="p">:</span> <span class="p">(</span><span class="nx">updates</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">set</span><span class="p">((</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">user</span><span class="p">:</span> <span class="nx">state</span><span class="p">.</span><span class="nx">user</span> <span class="p">?</span> <span class="p">{</span> <span class="p">...</span><span class="nx">state</span><span class="p">.</span><span class="nx">user</span><span class="p">,</span> <span class="p">...</span><span class="nx">updates</span> <span class="p">}</span> <span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="p">})),</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">auth-storage</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Persists to localStorage</span> <span class="p">}</span> <span class="p">)</span> <span class="p">);</span> <span class="c1">// store/useCartStore.ts</span> <span class="kr">interface</span> <span class="nx">CartItem</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">price</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">quantity</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="kr">interface</span> <span class="nx">CartStore</span> <span class="p">{</span> <span class="nl">items</span><span class="p">:</span> <span class="nx">CartItem</span><span class="p">[];</span> <span class="nl">addItem</span><span class="p">:</span> <span class="p">(</span><span class="nx">item</span><span class="p">:</span> <span class="nx">CartItem</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">removeItem</span><span class="p">:</span> <span class="p">(</span><span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">updateQuantity</span><span class="p">:</span> <span class="p">(</span><span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">quantity</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">clearCart</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">total</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">useCartStore</span> <span class="o">=</span> <span class="nx">create</span><span class="o">&lt;</span><span class="nx">CartStore</span><span class="o">&gt;</span><span class="p">((</span><span class="kd">set</span><span class="p">,</span> <span class="kd">get</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">items</span><span class="p">:</span> <span class="p">[],</span> <span class="na">addItem</span><span class="p">:</span> <span class="p">(</span><span class="nx">item</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">set</span><span class="p">((</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">exists</span> <span class="o">=</span> <span class="nx">state</span><span class="p">.</span><span class="nx">items</span><span class="p">.</span><span class="nf">find</span><span class="p">((</span><span class="nx">i</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">i</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">item</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">exists</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">items</span><span class="p">:</span> <span class="nx">state</span><span class="p">.</span><span class="nx">items</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">i</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">i</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">item</span><span class="p">.</span><span class="nx">id</span> <span class="p">?</span> <span class="p">{</span> <span class="p">...</span><span class="nx">i</span><span class="p">,</span> <span class="na">quantity</span><span class="p">:</span> <span class="nx">i</span><span class="p">.</span><span class="nx">quantity</span> <span class="o">+</span> <span class="mi">1</span> <span class="p">}</span> <span class="p">:</span> <span class="nx">i</span> <span class="p">),</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">items</span><span class="p">:</span> <span class="p">[...</span><span class="nx">state</span><span class="p">.</span><span class="nx">items</span><span class="p">,</span> <span class="nx">item</span><span class="p">]</span> <span class="p">};</span> <span class="p">}),</span> <span class="na">removeItem</span><span class="p">:</span> <span class="p">(</span><span class="nx">id</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">set</span><span class="p">((</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">items</span><span class="p">:</span> <span class="nx">state</span><span class="p">.</span><span class="nx">items</span><span class="p">.</span><span class="nf">filter</span><span class="p">((</span><span class="nx">i</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">i</span><span class="p">.</span><span class="nx">id</span> <span class="o">!==</span> <span class="nx">id</span><span class="p">)</span> <span class="p">})),</span> <span class="na">updateQuantity</span><span class="p">:</span> <span class="p">(</span><span class="nx">id</span><span class="p">,</span> <span class="nx">quantity</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">set</span><span class="p">((</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">items</span><span class="p">:</span> <span class="nx">state</span><span class="p">.</span><span class="nx">items</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">i</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="nx">i</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">id</span> <span class="p">?</span> <span class="p">{</span> <span class="p">...</span><span class="nx">i</span><span class="p">,</span> <span class="nx">quantity</span> <span class="p">}</span> <span class="p">:</span> <span class="nx">i</span><span class="p">)),</span> <span class="p">})),</span> <span class="na">clearCart</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nf">set</span><span class="p">({</span> <span class="na">items</span><span class="p">:</span> <span class="p">[]</span> <span class="p">}),</span> <span class="na">total</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">state</span> <span class="o">=</span> <span class="nf">get</span><span class="p">();</span> <span class="k">return</span> <span class="nx">state</span><span class="p">.</span><span class="nx">items</span><span class="p">.</span><span class="nf">reduce</span><span class="p">((</span><span class="nx">sum</span><span class="p">,</span> <span class="nx">item</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">sum</span> <span class="o">+</span> <span class="nx">item</span><span class="p">.</span><span class="nx">price</span> <span class="o">*</span> <span class="nx">item</span><span class="p">.</span><span class="nx">quantity</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> <span class="p">},</span> <span class="p">}));</span> </code></pre> </div> <h3> Using in Components </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useAuthStore</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/store/useAuthStore</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useCartStore</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/store/useCartStore</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">Header</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nf">useAuthStore</span><span class="p">((</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">state</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">logout</span> <span class="o">=</span> <span class="nf">useAuthStore</span><span class="p">((</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">state</span><span class="p">.</span><span class="nx">logout</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cartItems</span> <span class="o">=</span> <span class="nf">useCartStore</span><span class="p">((</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">state</span><span class="p">.</span><span class="nx">items</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cartTotal</span> <span class="o">=</span> <span class="nf">useCartStore</span><span class="p">((</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">state</span><span class="p">.</span><span class="nf">total</span><span class="p">());</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">header</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">user</span> <span class="p">?</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">span</span><span class="o">&gt;</span><span class="nx">Welcome</span><span class="p">,</span> <span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/span</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{</span><span class="nx">logout</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">Logout</span><span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">)</span> <span class="p">:</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Login</span><span class="o">&lt;</span><span class="sr">/a</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="nx">Cart</span><span class="p">:</span> <span class="p">{</span><span class="nx">cartItems</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span> <span class="nf">items </span><span class="p">(</span><span class="nx">$</span><span class="p">{</span><span class="nx">cartTotal</span><span class="p">.</span><span class="nf">toFixed</span><span class="p">(</span><span class="mi">2</span><span class="p">)})</span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/header</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why it's essential</strong>:</p> <ul> <li>Minimal API (learn in 5 minutes)</li> <li>No providers needed</li> <li>Automatic optimization (no unnecessary re-renders)</li> <li>Middleware for persistence, devtools, etc.</li> <li>Perfect for small to medium state needs</li> </ul> <h2> 8. Axios or Ky: Better HTTP Requests </h2> <p><strong>Install</strong>: <code>npm install axios</code> or <code>npm install ky</code></p> <p><strong>The Problem</strong>: The native <code>fetch</code> API is powerful but verbose. Error handling, interceptors, and timeouts require boilerplate.</p> <p><strong>The Solution</strong>: Axios (traditional) or Ky (modern, lightweight) provide cleaner APIs with built-in features.</p> <h3> Axios Example </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/api.ts</span> <span class="k">import</span> <span class="nx">axios</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">axios</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">api</span> <span class="o">=</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">baseURL</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_API_URL</span><span class="p">,</span> <span class="na">timeout</span><span class="p">:</span> <span class="mi">10000</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="c1">// Request interceptor (add auth token)</span> <span class="nx">api</span><span class="p">.</span><span class="nx">interceptors</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">config</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="nx">config</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">Authorization</span> <span class="o">=</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">config</span><span class="p">;</span> <span class="p">});</span> <span class="c1">// Response interceptor (handle errors globally)</span> <span class="nx">api</span><span class="p">.</span><span class="nx">interceptors</span><span class="p">.</span><span class="nx">response</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span> <span class="p">(</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">,</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Redirect to login</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">reject</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">);</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">api</span><span class="p">;</span> <span class="c1">// Usage</span> <span class="k">import</span> <span class="nx">api</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/api</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">fetchUsers</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">api</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/users</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">createUser</span><span class="p">(</span><span class="nx">userData</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">api</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/users</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userData</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Ky Example (Modern Alternative) </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/api.ts</span> <span class="k">import</span> <span class="nx">ky</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">ky</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">api</span> <span class="o">=</span> <span class="nx">ky</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">prefixUrl</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_API_URL</span><span class="p">,</span> <span class="na">timeout</span><span class="p">:</span> <span class="mi">10000</span><span class="p">,</span> <span class="na">hooks</span><span class="p">:</span> <span class="p">{</span> <span class="na">beforeRequest</span><span class="p">:</span> <span class="p">[</span> <span class="p">(</span><span class="nx">request</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">,</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="p">},</span> <span class="p">],</span> <span class="na">afterResponse</span><span class="p">:</span> <span class="p">[</span> <span class="k">async </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">options</span><span class="p">,</span> <span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">});</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">api</span><span class="p">;</span> <span class="c1">// Usage</span> <span class="kd">const</span> <span class="nx">users</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">api</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">).</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">newUser</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">api</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">json</span><span class="p">:</span> <span class="nx">userData</span> <span class="p">}).</span><span class="nf">json</span><span class="p">();</span> </code></pre> </div> <p><strong>Why it's essential</strong>:</p> <ul> <li>Cleaner syntax than fetch</li> <li>Built-in interceptors</li> <li>Automatic JSON parsing</li> <li>Timeout handling</li> <li>TypeScript support</li> </ul> <h2> 9. Date-fns: Date Manipulation Without the Pain </h2> <p><strong>Install</strong>: <code>npm install date-fns</code></p> <p><strong>The Problem</strong>: JavaScript Date objects are awful. Moment.js is deprecated and massive (67KB). You need modern date utilities.</p> <p><strong>The Solution</strong>: date-fns is modular, tree-shakeable, and provides 200+ functions for date manipulation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">format</span><span class="p">,</span> <span class="nx">formatDistance</span><span class="p">,</span> <span class="nx">formatRelative</span><span class="p">,</span> <span class="nx">addDays</span><span class="p">,</span> <span class="nx">subDays</span><span class="p">,</span> <span class="nx">isAfter</span><span class="p">,</span> <span class="nx">isBefore</span><span class="p">,</span> <span class="nx">parseISO</span><span class="p">,</span> <span class="nx">startOfDay</span><span class="p">,</span> <span class="nx">endOfDay</span><span class="p">,</span> <span class="nx">differenceInDays</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">date-fns</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Formatting</span> <span class="kd">const</span> <span class="nx">date</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">();</span> <span class="nf">format</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="dl">'</span><span class="s1">yyyy-MM-dd</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// "2025-12-24"</span> <span class="nf">format</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="dl">'</span><span class="s1">MMMM dd, yyyy</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// "December 24, 2025"</span> <span class="nf">format</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="dl">"</span><span class="s2">h:mm a</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// "3:45 PM"</span> <span class="c1">// Relative time</span> <span class="nf">formatDistance</span><span class="p">(</span><span class="nf">subDays</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="mi">3</span><span class="p">),</span> <span class="nx">date</span><span class="p">,</span> <span class="p">{</span> <span class="na">addSuffix</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// "3 days ago"</span> <span class="nf">formatRelative</span><span class="p">(</span><span class="nf">subDays</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="mi">3</span><span class="p">),</span> <span class="nx">date</span><span class="p">);</span> <span class="c1">// "last Friday at 3:45 PM"</span> <span class="c1">// Date math</span> <span class="kd">const</span> <span class="nx">tomorrow</span> <span class="o">=</span> <span class="nf">addDays</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">lastWeek</span> <span class="o">=</span> <span class="nf">subDays</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="mi">7</span><span class="p">);</span> <span class="c1">// Comparisons</span> <span class="nf">isAfter</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="nx">lastWeek</span><span class="p">);</span> <span class="c1">// true</span> <span class="nf">isBefore</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="nx">tomorrow</span><span class="p">);</span> <span class="c1">// true</span> <span class="c1">// Parsing</span> <span class="kd">const</span> <span class="nx">parsed</span> <span class="o">=</span> <span class="nf">parseISO</span><span class="p">(</span><span class="dl">'</span><span class="s1">2025-12-24T15:30:00</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Day boundaries</span> <span class="kd">const</span> <span class="nx">dayStart</span> <span class="o">=</span> <span class="nf">startOfDay</span><span class="p">(</span><span class="nx">date</span><span class="p">);</span> <span class="c1">// 2025-12-24 00:00:00</span> <span class="kd">const</span> <span class="nx">dayEnd</span> <span class="o">=</span> <span class="nf">endOfDay</span><span class="p">(</span><span class="nx">date</span><span class="p">);</span> <span class="c1">// 2025-12-24 23:59:59</span> <span class="c1">// Differences</span> <span class="nf">differenceInDays</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="nf">subDays</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="mi">10</span><span class="p">));</span> <span class="c1">// 10</span> </code></pre> </div> <h3> Real-World Next.js Usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// components/PostCard.tsx</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">formatDistance</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">date-fns</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">Post</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">createdAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">PostCard</span><span class="p">({</span> <span class="nx">post</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">post</span><span class="p">:</span> <span class="nx">Post</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">article</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h3</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">post</span><span class="p">.</span><span class="nx">title</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/h3</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">time</span><span class="o">&gt;</span> <span class="nx">Posted</span> <span class="p">{</span><span class="nf">formatDistance</span><span class="p">(</span><span class="nx">post</span><span class="p">.</span><span class="nx">createdAt</span><span class="p">,</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(),</span> <span class="p">{</span> <span class="na">addSuffix</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})}</span> <span class="o">&lt;</span><span class="sr">/time</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/article</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// lib/utils.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">format</span><span class="p">,</span> <span class="nx">isToday</span><span class="p">,</span> <span class="nx">isYesterday</span><span class="p">,</span> <span class="nx">isThisYear</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">date-fns</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">smartDateFormat</span><span class="p">(</span><span class="nx">date</span><span class="p">:</span> <span class="nb">Date</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nf">isToday</span><span class="p">(</span><span class="nx">date</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Today at </span><span class="p">${</span><span class="nf">format</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="dl">'</span><span class="s1">h:mm a</span><span class="dl">'</span><span class="p">)}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nf">isYesterday</span><span class="p">(</span><span class="nx">date</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Yesterday at </span><span class="p">${</span><span class="nf">format</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="dl">'</span><span class="s1">h:mm a</span><span class="dl">'</span><span class="p">)}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nf">isThisYear</span><span class="p">(</span><span class="nx">date</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">format</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="dl">'</span><span class="s1">MMM d</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nf">format</span><span class="p">(</span><span class="nx">date</span><span class="p">,</span> <span class="dl">'</span><span class="s1">MMM d, yyyy</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why it's essential</strong>:</p> <ul> <li>Tree-shakeable (only import what you use)</li> <li>Immutable (no date mutation bugs)</li> <li>TypeScript-first</li> <li>No timezone headaches</li> <li>2KB vs Moment.js 67KB</li> </ul> <h2> 10. Framer Motion: Animations That Wow </h2> <p><strong>Install</strong>: <code>npm install framer-motion</code></p> <p><strong>The Problem</strong>: CSS animations are limited. Complex gestures, layout animations, and scroll-triggered effects require JavaScript.</p> <p><strong>The Solution</strong>: Framer Motion makes advanced animations simple with a declarative API built for React.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> typescript 'use client'; import { motion, AnimatePresence } from 'framer-motion'; import { useState } from 'react'; // Fade in animation export function FadeInText() { return ( &lt;motion.div initial={{ opacity: 0, y: 20 }} animate={{ opacity: 1, y: 0 }} transition={{ duration: 0.5 }} &gt; &lt;h1&gt;Welcome to our site!&lt;/h1&gt; &lt;/motion.div&gt; ); } // Hover and tap animations export function AnimatedButton() { return ( &lt;motion.button whileHover={{ scale: 1.05 }} whileTap={{ scale: 0.95 }} className="px-6 py-3 bg-blue-600 text-white rounded" &gt; Click me &lt;/motion.button&gt; ); } // List animations export function TodoList({ todos }: { todos: string[] }) { return ( &lt;ul&gt; &lt;AnimatePresence&gt; {todos.map((todo, index) =&gt; ( &lt;motion.li key={todo} initial={{ opacity: 0, x: -50 }} animate={{ opacity: 1, x: 0 }} exit={{ opacity: 0, x: 50 }} transition={{ delay: index * 0.1 }} &gt; {todo} &lt;/motion.li&gt; ))} </code></pre> </div> programming nextjs javascript webdev Complete Guide to Role-Based Access Control (RBAC) in Next.js 14: From Basic Roles to Enterprise Permissions sizan mahmud0 Tue, 23 Dec 2025 06:10:41 +0000 https://dev.to/sizan_mahmud0_e7c3fd0cb68/complete-guide-to-role-based-access-control-rbac-in-nextjs-14-from-basic-roles-to-enterprise-1hhj https://dev.to/sizan_mahmud0_e7c3fd0cb68/complete-guide-to-role-based-access-control-rbac-in-nextjs-14-from-basic-roles-to-enterprise-1hhj <p>Authentication answers "Who are you?" but authorization answers "What can you do?" Role-Based Access Control (RBAC) is the most widely adopted authorization pattern, used by everything from small startups to Fortune 500 companies. In this comprehensive guide, we'll build a production-ready RBAC system in Next.js 14 that scales from simple admin/user roles to complex permission-based systems.</p> <h2> Understanding RBAC: Why It Matters </h2> <p>Imagine your SaaS application without proper access control:</p> <ul> <li>A regular user deletes your entire product database</li> <li>An intern accesses sensitive financial reports</li> <li>A customer views other customers' private data</li> </ul> <p>RBAC prevents these nightmares by defining <strong>who can do what</strong>. Instead of checking permissions for every user individually, you assign users to roles, and roles have predefined permissions.</p> <h2> RBAC Core Concepts </h2> <h3> The Three Pillars </h3> <p><strong>1. Users</strong>: People using your application<br> <strong>2. Roles</strong>: Groups with specific permissions (Admin, Editor, Viewer)<br> <strong>3. Permissions</strong>: Specific actions (create:post, delete:user, view:analytics)</p> <h3> Role Hierarchy Example </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Super Admin ├── Can do everything └── Manage all users and roles Admin ├── Manage users ├── View analytics └── Edit content Editor ├── Create/Edit content └── View analytics (read-only) Viewer └── View content only </code></pre> </div> <h2> Building RBAC in Next.js 14: Step-by-Step </h2> <h3> Step 1: Define Your Permission System </h3> <p>Create <code>lib/permissions.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Define all possible permissions in your system</span> <span class="k">export</span> <span class="kr">enum</span> <span class="nx">Permission</span> <span class="p">{</span> <span class="c1">// User management</span> <span class="nx">VIEW_USERS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">view:users</span><span class="dl">'</span><span class="p">,</span> <span class="nx">CREATE_USERS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">create:users</span><span class="dl">'</span><span class="p">,</span> <span class="nx">EDIT_USERS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">edit:users</span><span class="dl">'</span><span class="p">,</span> <span class="nx">DELETE_USERS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">delete:users</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Content management</span> <span class="nx">VIEW_POSTS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">view:posts</span><span class="dl">'</span><span class="p">,</span> <span class="nx">CREATE_POSTS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">create:posts</span><span class="dl">'</span><span class="p">,</span> <span class="nx">EDIT_POSTS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">edit:posts</span><span class="dl">'</span><span class="p">,</span> <span class="nx">DELETE_POSTS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">delete:posts</span><span class="dl">'</span><span class="p">,</span> <span class="nx">PUBLISH_POSTS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">publish:posts</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Analytics</span> <span class="nx">VIEW_ANALYTICS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">view:analytics</span><span class="dl">'</span><span class="p">,</span> <span class="nx">EXPORT_ANALYTICS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">export:analytics</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Settings</span> <span class="nx">EDIT_SETTINGS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">edit:settings</span><span class="dl">'</span><span class="p">,</span> <span class="nx">VIEW_AUDIT_LOGS</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">view:audit_logs</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="c1">// Define roles and their permissions</span> <span class="k">export</span> <span class="kr">enum</span> <span class="nx">Role</span> <span class="p">{</span> <span class="nx">SUPER_ADMIN</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">super_admin</span><span class="dl">'</span><span class="p">,</span> <span class="nx">ADMIN</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">,</span> <span class="nx">EDITOR</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">editor</span><span class="dl">'</span><span class="p">,</span> <span class="nx">VIEWER</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">viewer</span><span class="dl">'</span><span class="p">,</span> <span class="nx">USER</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="c1">// Map roles to permissions</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">rolePermissions</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="nx">Role</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">[]</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">SUPER_ADMIN</span><span class="p">]:</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">values</span><span class="p">(</span><span class="nx">Permission</span><span class="p">),</span> <span class="c1">// All permissions</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">ADMIN</span><span class="p">]:</span> <span class="p">[</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_USERS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">CREATE_USERS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">EDIT_USERS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_POSTS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">CREATE_POSTS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">EDIT_POSTS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">DELETE_POSTS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">PUBLISH_POSTS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_ANALYTICS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">EXPORT_ANALYTICS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_AUDIT_LOGS</span><span class="p">,</span> <span class="p">],</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">EDITOR</span><span class="p">]:</span> <span class="p">[</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_POSTS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">CREATE_POSTS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">EDIT_POSTS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_ANALYTICS</span><span class="p">,</span> <span class="p">],</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">VIEWER</span><span class="p">]:</span> <span class="p">[</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_POSTS</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_ANALYTICS</span><span class="p">,</span> <span class="p">],</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">USER</span><span class="p">]:</span> <span class="p">[</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_POSTS</span><span class="p">,</span> <span class="p">],</span> <span class="p">};</span> <span class="c1">// Helper function to check if role has permission</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">hasPermission</span><span class="p">(</span><span class="nx">role</span><span class="p">:</span> <span class="nx">Role</span><span class="p">,</span> <span class="nx">permission</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">):</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">rolePermissions</span><span class="p">[</span><span class="nx">role</span><span class="p">]?.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">permission</span><span class="p">)</span> <span class="o">??</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Helper function to check multiple permissions (user must have ALL)</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">hasAllPermissions</span><span class="p">(</span><span class="nx">role</span><span class="p">:</span> <span class="nx">Role</span><span class="p">,</span> <span class="nx">permissions</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">[]):</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">permissions</span><span class="p">.</span><span class="nf">every</span><span class="p">(</span><span class="nx">permission</span> <span class="o">=&gt;</span> <span class="nf">hasPermission</span><span class="p">(</span><span class="nx">role</span><span class="p">,</span> <span class="nx">permission</span><span class="p">));</span> <span class="p">}</span> <span class="c1">// Helper function to check if user has ANY of the permissions</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">hasAnyPermission</span><span class="p">(</span><span class="nx">role</span><span class="p">:</span> <span class="nx">Role</span><span class="p">,</span> <span class="nx">permissions</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">[]):</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">permissions</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">permission</span> <span class="o">=&gt;</span> <span class="nf">hasPermission</span><span class="p">(</span><span class="nx">role</span><span class="p">,</span> <span class="nx">permission</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <h3> Step 2: Update JWT to Include Role </h3> <p>Modify <code>lib/jwt.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">SignJWT</span><span class="p">,</span> <span class="nx">jwtVerify</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">jose</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Role</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./permissions</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">secret</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextEncoder</span><span class="p">().</span><span class="nf">encode</span><span class="p">(</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">fallback-secret-key</span><span class="dl">'</span> <span class="p">);</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">JWTPayload</span> <span class="p">{</span> <span class="nl">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">role</span><span class="p">:</span> <span class="nx">Role</span><span class="p">;</span> <span class="nl">permissions</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="c1">// Optional: embed permissions for performance</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">signToken</span><span class="p">(</span><span class="nx">payload</span><span class="p">:</span> <span class="nx">JWTPayload</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">SignJWT</span><span class="p">({</span> <span class="p">...</span><span class="nx">payload</span> <span class="p">})</span> <span class="p">.</span><span class="nf">setProtectedHeader</span><span class="p">({</span> <span class="na">alg</span><span class="p">:</span> <span class="dl">'</span><span class="s1">HS256</span><span class="dl">'</span> <span class="p">})</span> <span class="p">.</span><span class="nf">setIssuedAt</span><span class="p">()</span> <span class="p">.</span><span class="nf">setExpirationTime</span><span class="p">(</span><span class="dl">'</span><span class="s1">7d</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">sign</span><span class="p">(</span><span class="nx">secret</span><span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">verifyToken</span><span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">JWTPayload</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">payload</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">jwtVerify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">secret</span><span class="p">);</span> <span class="k">return</span> <span class="nx">payload</span> <span class="k">as</span> <span class="nx">JWTPayload</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Step 3: Create Authorization Utilities </h3> <p>Create <code>lib/rbac.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">cookies</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/headers</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">verifyToken</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./jwt</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Permission</span><span class="p">,</span> <span class="nx">hasPermission</span><span class="p">,</span> <span class="nx">Role</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./permissions</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getCurrentUser</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cookieStore</span> <span class="o">=</span> <span class="nf">cookies</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">cookieStore</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">verifyToken</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">payload</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">userId</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">requireAuth</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getCurrentUser</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">requireRole</span><span class="p">(</span><span class="nx">allowedRoles</span><span class="p">:</span> <span class="nx">Role</span><span class="p">[])</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">requireAuth</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">allowedRoles</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">))</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Forbidden: Insufficient permissions</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">requirePermission</span><span class="p">(</span><span class="nx">permission</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">requireAuth</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">hasPermission</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="nx">permission</span><span class="p">))</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Forbidden: Missing permission </span><span class="p">${</span><span class="nx">permission</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">requirePermissions</span><span class="p">(</span><span class="nx">permissions</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">[])</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">requireAuth</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">missingPermissions</span> <span class="o">=</span> <span class="nx">permissions</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span> <span class="nx">permission</span> <span class="o">=&gt;</span> <span class="o">!</span><span class="nf">hasPermission</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="nx">permission</span><span class="p">)</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">missingPermissions</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span> <span class="s2">`Forbidden: Missing permissions </span><span class="p">${</span><span class="nx">missingPermissions</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">, </span><span class="dl">'</span><span class="p">)}</span><span class="s2">`</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Check if current user can perform action (non-throwing version)</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">can</span><span class="p">(</span><span class="nx">permission</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getCurrentUser</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="k">return</span> <span class="nf">hasPermission</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="nx">permission</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Check if current user has role (non-throwing version)</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">isRole</span><span class="p">(</span><span class="nx">role</span><span class="p">:</span> <span class="nx">Role</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getCurrentUser</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="k">return</span> <span class="nx">user</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="nx">role</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Step 4: Protect API Routes </h3> <p>Create <code>app/api/users/route.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">requirePermission</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/rbac</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Permission</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/permissions</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// GET /api/users - View users list</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">GET</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">requirePermission</span><span class="p">(</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_USERS</span><span class="p">);</span> <span class="c1">// Fetch users from database</span> <span class="c1">// const users = await db.user.findMany();</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">users</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1</span><span class="dl">'</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin@example.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">2</span><span class="dl">'</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user@example.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span> <span class="p">},</span> <span class="p">],</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Authentication required</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden: You do not have permission to view users</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">403</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// POST /api/users - Create new user</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">POST</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">requirePermission</span><span class="p">(</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">CREATE_USERS</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">role</span><span class="p">,</span> <span class="nx">name</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">body</span><span class="p">;</span> <span class="c1">// Validation</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">email</span> <span class="o">||</span> <span class="o">!</span><span class="nx">role</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Email and role are required</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// Create user in database</span> <span class="c1">// const newUser = await db.user.create({</span> <span class="c1">// data: { email, role, name }</span> <span class="c1">// });</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">User created</span><span class="dl">'</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">role</span><span class="p">,</span> <span class="nx">name</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">201</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Authentication required</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden: You do not have permission to create users</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">403</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// DELETE /api/users/[id] - Delete user</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">DELETE</span><span class="p">(</span> <span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="p">{</span> <span class="nx">params</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">params</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">requirePermission</span><span class="p">(</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">DELETE_USERS</span><span class="p">);</span> <span class="c1">// Prevent deleting yourself</span> <span class="k">if </span><span class="p">(</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Cannot delete your own account</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// Delete user from database</span> <span class="c1">// await db.user.delete({ where: { id: params.id } });</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">User deleted</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Authentication required</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden: You do not have permission to delete users</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">403</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Step 5: Protect Pages with Middleware </h3> <p>Update <code>middleware.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/server</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">verifyToken</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/jwt</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">hasPermission</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">,</span> <span class="nx">Role</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/permissions</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Define route permissions</span> <span class="kd">const</span> <span class="nx">routePermissions</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">[]</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">/dashboard/users</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_USERS</span><span class="p">],</span> <span class="dl">'</span><span class="s1">/dashboard/analytics</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_ANALYTICS</span><span class="p">],</span> <span class="dl">'</span><span class="s1">/dashboard/settings</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">EDIT_SETTINGS</span><span class="p">],</span> <span class="dl">'</span><span class="s1">/dashboard/posts/new</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">CREATE_POSTS</span><span class="p">],</span> <span class="p">};</span> <span class="c1">// Define routes that require specific roles</span> <span class="kd">const</span> <span class="nx">routeRoles</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nx">Role</span><span class="p">[]</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">/admin</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">ADMIN</span><span class="p">,</span> <span class="nx">Role</span><span class="p">.</span><span class="nx">SUPER_ADMIN</span><span class="p">],</span> <span class="dl">'</span><span class="s1">/admin/audit</span><span class="dl">'</span><span class="p">:</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">SUPER_ADMIN</span><span class="p">],</span> <span class="p">};</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">middleware</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">pathname</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">;</span> <span class="c1">// Public routes</span> <span class="kd">const</span> <span class="nx">publicRoutes</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/register</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">/about</span><span class="dl">'</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">isPublicRoute</span> <span class="o">=</span> <span class="nx">publicRoutes</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">route</span> <span class="o">=&gt;</span> <span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="nx">route</span><span class="p">));</span> <span class="c1">// If accessing protected route without token</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">isPublicRoute</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="c1">// If has token, verify and check permissions</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">isPublicRoute</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">verifyToken</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">payload</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Invalid token</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="nx">response</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Check role-based restrictions</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="p">[</span><span class="nx">route</span><span class="p">,</span> <span class="nx">allowedRoles</span><span class="p">]</span> <span class="k">of</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">entries</span><span class="p">(</span><span class="nx">routeRoles</span><span class="p">))</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="nx">route</span><span class="p">))</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">allowedRoles</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">payload</span><span class="p">.</span><span class="nx">role</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/forbidden</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Check permission-based restrictions</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="p">[</span><span class="nx">route</span><span class="p">,</span> <span class="nx">requiredPermissions</span><span class="p">]</span> <span class="k">of</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">entries</span><span class="p">(</span><span class="nx">routePermissions</span><span class="p">))</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="nx">route</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">hasAllPermissions</span> <span class="o">=</span> <span class="nx">requiredPermissions</span><span class="p">.</span><span class="nf">every</span><span class="p">(</span><span class="nx">permission</span> <span class="o">=&gt;</span> <span class="nf">hasPermission</span><span class="p">(</span><span class="nx">payload</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="nx">permission</span><span class="p">)</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">hasAllPermissions</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/forbidden</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// If accessing auth routes with valid token, redirect to dashboard</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span> <span class="o">&amp;&amp;</span> <span class="p">(</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">/register</span><span class="dl">'</span><span class="p">)))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">verifyToken</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">/((?!api|_next/static|_next/image|favicon.ico).*)</span><span class="dl">'</span><span class="p">],</span> <span class="p">};</span> </code></pre> </div> <h3> Step 6: Client-Side Permission Checks </h3> <p>Create <code>components/PermissionGate.tsx</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useAuth</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/contexts/AuthContext</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Permission</span><span class="p">,</span> <span class="nx">hasPermission</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/permissions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ReactNode</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">PermissionGateProps</span> <span class="p">{</span> <span class="nl">permission</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">;</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">ReactNode</span><span class="p">;</span> <span class="nl">fallback</span><span class="p">?:</span> <span class="nx">ReactNode</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">PermissionGate</span><span class="p">({</span> <span class="nx">permission</span><span class="p">,</span> <span class="nx">children</span><span class="p">,</span> <span class="nx">fallback</span> <span class="o">=</span> <span class="kc">null</span> <span class="p">}:</span> <span class="nx">PermissionGateProps</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuth</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span> <span class="o">||</span> <span class="o">!</span><span class="nf">hasPermission</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="nx">permission</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&lt;&gt;</span><span class="p">{</span><span class="nx">fallback</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/&gt;</span><span class="err">; </span> <span class="p">}</span> <span class="k">return</span> <span class="o">&lt;&gt;</span><span class="p">{</span><span class="nx">children</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/&gt;</span><span class="err">; </span><span class="p">}</span> <span class="c1">// Usage with multiple permissions</span> <span class="kr">interface</span> <span class="nx">MultiPermissionGateProps</span> <span class="p">{</span> <span class="nl">permissions</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">[];</span> <span class="nl">requireAll</span><span class="p">?:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="c1">// true = AND logic, false = OR logic</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">ReactNode</span><span class="p">;</span> <span class="nl">fallback</span><span class="p">?:</span> <span class="nx">ReactNode</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">MultiPermissionGate</span><span class="p">({</span> <span class="nx">permissions</span><span class="p">,</span> <span class="nx">requireAll</span> <span class="o">=</span> <span class="kc">true</span><span class="p">,</span> <span class="nx">children</span><span class="p">,</span> <span class="nx">fallback</span> <span class="o">=</span> <span class="kc">null</span><span class="p">,</span> <span class="p">}:</span> <span class="nx">MultiPermissionGateProps</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuth</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="o">&lt;&gt;</span><span class="p">{</span><span class="nx">fallback</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/&gt;</span><span class="err">; </span> <span class="kd">const</span> <span class="nx">checkFunction</span> <span class="o">=</span> <span class="nx">requireAll</span> <span class="p">?</span> <span class="nx">permissions</span><span class="p">.</span><span class="nf">every</span><span class="p">(</span><span class="nx">p</span> <span class="o">=&gt;</span> <span class="nf">hasPermission</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="nx">p</span><span class="p">))</span> <span class="p">:</span> <span class="nx">permissions</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">p</span> <span class="o">=&gt;</span> <span class="nf">hasPermission</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="nx">p</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">checkFunction</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&lt;&gt;</span><span class="p">{</span><span class="nx">fallback</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/&gt;</span><span class="err">; </span> <span class="p">}</span> <span class="k">return</span> <span class="o">&lt;&gt;</span><span class="p">{</span><span class="nx">children</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/&gt;</span><span class="err">; </span><span class="p">}</span> </code></pre> </div> <p>Create <code>components/RoleGate.tsx</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useAuth</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/contexts/AuthContext</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Role</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/permissions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ReactNode</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">RoleGateProps</span> <span class="p">{</span> <span class="nl">allowedRoles</span><span class="p">:</span> <span class="nx">Role</span><span class="p">[];</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">ReactNode</span><span class="p">;</span> <span class="nl">fallback</span><span class="p">?:</span> <span class="nx">ReactNode</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">RoleGate</span><span class="p">({</span> <span class="nx">allowedRoles</span><span class="p">,</span> <span class="nx">children</span><span class="p">,</span> <span class="nx">fallback</span> <span class="o">=</span> <span class="kc">null</span> <span class="p">}:</span> <span class="nx">RoleGateProps</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuth</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span> <span class="o">||</span> <span class="o">!</span><span class="nx">allowedRoles</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&lt;&gt;</span><span class="p">{</span><span class="nx">fallback</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/&gt;</span><span class="err">; </span> <span class="p">}</span> <span class="k">return</span> <span class="o">&lt;&gt;</span><span class="p">{</span><span class="nx">children</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/&gt;</span><span class="err">; </span><span class="p">}</span> </code></pre> </div> <h3> Step 7: Create Auth Context </h3> <p>Create <code>contexts/AuthContext.tsx</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="dl">'</span><span class="s1">use client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createContext</span><span class="p">,</span> <span class="nx">useContext</span><span class="p">,</span> <span class="nx">useState</span><span class="p">,</span> <span class="nx">useEffect</span><span class="p">,</span> <span class="nx">ReactNode</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Role</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/permissions</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">User</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">role</span><span class="p">:</span> <span class="nx">Role</span><span class="p">;</span> <span class="nl">name</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="kr">interface</span> <span class="nx">AuthContextType</span> <span class="p">{</span> <span class="nl">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">loading</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">login</span><span class="p">:</span> <span class="p">(</span><span class="nx">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span><span class="p">;</span> <span class="nl">logout</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span><span class="p">;</span> <span class="nl">hasRole</span><span class="p">:</span> <span class="p">(</span><span class="nx">role</span><span class="p">:</span> <span class="nx">Role</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">boolean</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">AuthContext</span> <span class="o">=</span> <span class="nx">createContext</span><span class="o">&lt;</span><span class="nx">AuthContextType</span> <span class="o">|</span> <span class="kc">undefined</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">undefined</span><span class="p">);</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">AuthProvider</span><span class="p">({</span> <span class="nx">children</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">ReactNode</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">user</span><span class="p">,</span> <span class="nx">setUser</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">loading</span><span class="p">,</span> <span class="nx">setLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Fetch current user on mount</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/me</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setUser</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to fetch user:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">))</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">));</span> <span class="p">},</span> <span class="p">[]);</span> <span class="kd">const</span> <span class="nx">login</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Login failed</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nf">setUser</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">logout</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/logout</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span> <span class="p">});</span> <span class="nf">setUser</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">hasRole</span> <span class="o">=</span> <span class="p">(</span><span class="nx">role</span><span class="p">:</span> <span class="nx">Role</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">role</span> <span class="o">===</span> <span class="nx">role</span><span class="p">;</span> <span class="p">};</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">AuthContext</span><span class="p">.</span><span class="nx">Provider</span> <span class="nx">value</span><span class="o">=</span><span class="p">{{</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">loading</span><span class="p">,</span> <span class="nx">login</span><span class="p">,</span> <span class="nx">logout</span><span class="p">,</span> <span class="nx">hasRole</span> <span class="p">}}</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">children</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/AuthContext.Provider</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">useAuth</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">context</span> <span class="o">=</span> <span class="nf">useContext</span><span class="p">(</span><span class="nx">AuthContext</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">context</span> <span class="o">===</span> <span class="kc">undefined</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">useAuth must be used within an AuthProvider</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">context</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Step 8: Build Protected UI Components </h3> <p>Create <code>app/dashboard/users/page.tsx</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">requirePermission</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/rbac</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Permission</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/permissions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">redirect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next/navigation</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">PermissionGate</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/components/PermissionGate</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">CreateUserButton</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/components/CreateUserButton</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">DeleteUserButton</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/components/DeleteUserButton</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">UsersPage</span><span class="p">()</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">requirePermission</span><span class="p">(</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_USERS</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nf">redirect</span><span class="p">(</span><span class="dl">'</span><span class="s1">/forbidden</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Fetch users from API</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:3000/api/users</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">cache</span><span class="p">:</span> <span class="dl">'</span><span class="s1">no-store</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">p-8</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex justify-between items-center mb-6</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h1</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-3xl font-bold</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">User</span> <span class="nx">Management</span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">PermissionGate</span> <span class="nx">permission</span><span class="o">=</span><span class="p">{</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">CREATE_USERS</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">CreateUserButton</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="sr">/PermissionGate</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">bg-white rounded-lg shadow</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">table</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">min-w-full</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">thead</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">bg-gray-50</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">tr</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">th</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Email</span> <span class="o">&lt;</span><span class="sr">/th</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">th</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Role</span> <span class="o">&lt;</span><span class="sr">/th</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">th</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Actions</span> <span class="o">&lt;</span><span class="sr">/th</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/tr</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/thead</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">tbody</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">divide-y divide-gray-200</span><span class="dl">"</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">users</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="na">user</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">tr</span> <span class="nx">key</span><span class="o">=</span><span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">td</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">px-6 py-4 whitespace-nowrap</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/td</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">td</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">px-6 py-4 whitespace-nowrap</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">span</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">px-2 py-1 text-xs bg-blue-100 text-blue-800 rounded</span><span class="dl">"</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/span</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/td</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">td</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">px-6 py-4 whitespace-nowrap</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">PermissionGate</span> <span class="nx">permission</span><span class="o">=</span><span class="p">{</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">EDIT_USERS</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-blue-600 hover:text-blue-800 mr-3</span><span class="dl">"</span><span class="o">&gt;</span> <span class="nx">Edit</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/PermissionGate</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">PermissionGate</span> <span class="nx">permission</span><span class="o">=</span><span class="p">{</span><span class="nx">Permission</span><span class="p">.</span><span class="nx">DELETE_USERS</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">DeleteUserButton</span> <span class="nx">userId</span><span class="o">=</span><span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/PermissionGate</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/td</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/tr</span><span class="err">&gt; </span> <span class="p">))}</span> <span class="o">&lt;</span><span class="sr">/tbody</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/table</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> Advanced Patterns </h2> <h3> Pattern 1: Resource-Based Permissions </h3> <p>Sometimes you need to check if a user owns a resource:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">canEditPost</span><span class="p">(</span><span class="nx">postId</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getCurrentUser</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="c1">// Admins can edit any post</span> <span class="k">if </span><span class="p">(</span><span class="nf">hasPermission</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">EDIT_POSTS</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Regular users can only edit their own posts</span> <span class="kd">const</span> <span class="nx">post</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nx">post</span><span class="p">.</span><span class="nf">findUnique</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">postId</span> <span class="p">}</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">post</span><span class="p">?.</span><span class="nx">authorId</span> <span class="o">===</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Pattern 2: Hierarchical Roles </h3> <p>Implement role hierarchy where higher roles inherit lower role permissions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">roleHierarchy</span><span class="p">:</span> <span class="nb">Record</span><span class="o">&lt;</span><span class="nx">Role</span><span class="p">,</span> <span class="kr">number</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">{</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">SUPER_ADMIN</span><span class="p">]:</span> <span class="mi">5</span><span class="p">,</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">ADMIN</span><span class="p">]:</span> <span class="mi">4</span><span class="p">,</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">EDITOR</span><span class="p">]:</span> <span class="mi">3</span><span class="p">,</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">VIEWER</span><span class="p">]:</span> <span class="mi">2</span><span class="p">,</span> <span class="p">[</span><span class="nx">Role</span><span class="p">.</span><span class="nx">USER</span><span class="p">]:</span> <span class="mi">1</span><span class="p">,</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">hasRoleLevel</span><span class="p">(</span><span class="nx">userRole</span><span class="p">:</span> <span class="nx">Role</span><span class="p">,</span> <span class="nx">requiredRole</span><span class="p">:</span> <span class="nx">Role</span><span class="p">):</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">roleHierarchy</span><span class="p">[</span><span class="nx">userRole</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="nx">roleHierarchy</span><span class="p">[</span><span class="nx">requiredRole</span><span class="p">];</span> <span class="p">}</span> </code></pre> </div> <h3> Pattern 3: Dynamic Permissions </h3> <p>Load permissions from database for flexibility:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Store in database</span> <span class="kr">interface</span> <span class="nx">UserPermission</span> <span class="p">{</span> <span class="nl">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">permissions</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">[];</span> <span class="nl">expiresAt</span><span class="p">?:</span> <span class="nb">Date</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getUserPermissions</span><span class="p">(</span><span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Permission</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nf">findUnique</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">userId</span> <span class="p">},</span> <span class="na">include</span><span class="p">:</span> <span class="p">{</span> <span class="na">customPermissions</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Combine role permissions with custom permissions</span> <span class="kd">const</span> <span class="nx">rolePerms</span> <span class="o">=</span> <span class="nx">rolePermissions</span><span class="p">[</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">customPerms</span> <span class="o">=</span> <span class="nx">user</span><span class="p">.</span><span class="nx">customPermissions</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">p</span> <span class="o">=&gt;</span> <span class="nx">p</span><span class="p">.</span><span class="nx">permission</span><span class="p">);</span> <span class="k">return</span> <span class="p">[...</span><span class="k">new</span> <span class="nc">Set</span><span class="p">([...</span><span class="nx">rolePerms</span><span class="p">,</span> <span class="p">...</span><span class="nx">customPerms</span><span class="p">])];</span> <span class="p">}</span> </code></pre> </div> <h2> Testing RBAC </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">describe</span><span class="p">,</span> <span class="nx">it</span><span class="p">,</span> <span class="nx">expect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">vitest</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">hasPermission</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">,</span> <span class="nx">Role</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/permissions</span><span class="dl">'</span><span class="p">;</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">RBAC System</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">it</span><span class="p">(</span><span class="dl">'</span><span class="s1">should allow admin to view users</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">expect</span><span class="p">(</span><span class="nf">hasPermission</span><span class="p">(</span><span class="nx">Role</span><span class="p">.</span><span class="nx">ADMIN</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">VIEW_USERS</span><span class="p">)).</span><span class="nf">toBe</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="p">});</span> <span class="nf">it</span><span class="p">(</span><span class="dl">'</span><span class="s1">should not allow viewer to delete users</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">expect</span><span class="p">(</span><span class="nf">hasPermission</span><span class="p">(</span><span class="nx">Role</span><span class="p">.</span><span class="nx">VIEWER</span><span class="p">,</span> <span class="nx">Permission</span><span class="p">.</span><span class="nx">DELETE_USERS</span><span class="p">)).</span><span class="nf">toBe</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">});</span> <span class="nf">it</span><span class="p">(</span><span class="dl">'</span><span class="s1">should allow super admin all permissions</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">values</span><span class="p">(</span><span class="nx">Permission</span><span class="p">).</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">permission</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">expect</span><span class="p">(</span><span class="nf">hasPermission</span><span class="p">(</span><span class="nx">Role</span><span class="p">.</span><span class="nx">SUPER_ADMIN</span><span class="p">,</span> <span class="nx">permission</span><span class="p">)).</span><span class="nf">toBe</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h2> Common Pitfalls to Avoid </h2> <p><strong>1. Client-Side Only Checks</strong>: Always validate permissions on the server. Client-side gates are for UX only.</p> <p><strong>2. Hardcoded Roles</strong>: Use enums and constants instead of strings like <code>if (role === 'admin')</code>.</p> <p><strong>3. Missing Permission Checks</strong>: Every API endpoint and page must check permissions.</p> <p><strong>4. Over-Permissive Defaults</strong>: Deny by default, grant explicitly.</p> <p><strong>5. Forgetting Edge Cases</strong>: What happens when a user's role changes mid-session?</p> <h2> Monitoring and Auditing </h2> <p>Track permission checks for security auditing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">auditPermissionCheck</span><span class="p">(</span> <span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">permission</span><span class="p">:</span> <span class="nx">Permission</span><span class="p">,</span> <span class="nx">granted</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">,</span> <span class="nx">resource</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nx">auditLog</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">userId</span><span class="p">,</span> <span class="na">action</span><span class="p">:</span> <span class="nx">permission</span><span class="p">,</span> <span class="nx">granted</span><span class="p">,</span> <span class="nx">resource</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(),</span> <span class="p">},</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h2> Conclusion </h2> <p>Role-Based Access Control transforms your Next.js application from a single-tier system into a secure, scalable platform ready for real-world use. Start with basic roles, add permissions as you grow, and implement advanced patterns when complexity demands it.</p> <p>The key is consistency: check permissions everywhere, server-side first, and provide clear feedback when access is denied. Your users will appreciate the security, and your future self will thank you for the maintainable code.</p> <p><strong>What's your approach to authorization? Are you using RBAC or exploring ABAC (Attribute-Based Access Control)? Share your experiences in the comments!</strong></p> programming nextjs security ai