NextReady Architecture

Understanding NextReady's structure, design patterns, and architectural decisions that make it production-ready.

Modular design

Type-safe

Scalable patterns

System Overview

App Router Architecture

Next.js 15 App Router with TypeScript and modern patterns

Server-first architecture with RSC
Parallel routes and intercepting routes
Streaming with Suspense boundaries
Optimized bundle splitting

API Design

RESTful APIs with middleware composition and validation

Composable middleware system
Zod schema validation
Rate limiting and security
Error handling patterns

Database Layer

Type-safe database operations with Prisma ORM

Prisma client with connection pooling
Schema-first development
Migration and seeding system
Graceful degradation support

Authentication System

Secure auth with NextAuth v5 and role-based access control

Multi-provider OAuth support
JWT with secure sessions
Role-based permissions
Protected route patterns

Design Principles

Type Safety First

Full TypeScript coverage with Zod validation at API boundaries

Example: Database schema → Prisma types → API validation → Client types

Composable Architecture

Reusable middleware, components, and utilities that work together

Example: API middleware can be composed with auth, rate limiting, and validation

Developer Experience

Clear patterns, helpful utilities, and comprehensive tooling

Example: Interactive CLI, automated setup, and development scripts

Production Ready

Performance, security, and scalability built-in from the start

Example: Connection pooling, rate limiting, and graceful error handling

Project Structure

Directory Organization

NextReady follows Next.js 15 App Router conventions with clear separation of concerns

app/
├── (auth)/                 # Auth group routes
│   ├── signin/            # Sign in page
│   └── signup/            # Sign up page
├── (dashboard)/           # Protected dashboard routes
│   ├── dashboard/         # Main dashboard
│   ├── files/            # File management
│   ├── profile/          # User profile
│   └── settings/         # App settings
├── api/                   # API routes
│   ├── auth/             # NextAuth endpoints
│   ├── files/            # File management API
│   ├── users/            # User management API
│   └── email/            # Email system API
├── docs/                  # Documentation routes
│   ├── getting-started/   # Setup guide
│   ├── architecture/      # This page
│   └── [other-docs]/     # Other doc pages
├── globals.css           # Global styles
├── layout.tsx            # Root layout
└── page.tsx              # Landing page

components/
├── ui/                    # shadcn/ui components
├── auth/                  # Authentication components
├── file/                  # File management components
├── email/                 # Email system components
└── layout/               # Layout components

lib/
├── auth.ts               # NextAuth configuration
├── db.ts                 # Database client
├── validations.ts        # Zod schemas
├── permissions.ts        # RBAC system
├── api-middleware.ts     # API middleware
├── file-storage.ts       # File storage utilities
└── email.ts              # Email system utilities

scripts/
├── setup.js              # Interactive setup
├── db-commands.js        # Database utilities
└── brand.js              # Branding utilities

Key Patterns & Examples

Composable API Middleware

Our middleware system allows you to compose authentication, rate limiting, and validation in a clean, reusable way

// lib/api-middleware.ts
export const withApiMiddleware = (
  handler: ApiHandler,
  options: MiddlewareOptions
) => {
  return async (request: NextRequest) => {
    try {
      // Rate limiting
      if (options.rateLimit) {
        await checkRateLimit(request, options.rateLimit);
      }

      // Authentication
      if (options.requireAuth) {
        const session = await getSession(request);
        if (!session) return unauthorized();
      }

      // Authorization
      if (options.requiredRole) {
        await checkRole(session.user, options.requiredRole);
      }

      // Permission checks
      if (options.requiredPermission) {
        await checkPermission(session.user, options.requiredPermission);
      }

      return await handler(request);
    } catch (error) {
      return handleApiError(error);
    }
  };
};

// Usage in API routes
export const GET = withApiMiddleware(getUsersHandler, {
  rateLimit: "default",
  requiredRole: UserRole.ADMIN,
  requiredPermission: Permission.USER_READ,
});

Development Best Practices

Type Safety

Always use TypeScript and Zod validation. The database schema drives type generation throughout the application.

API Protection

Use the middleware system for all API routes. Never create unprotected endpoints unless absolutely necessary.

Component Structure

Follow the existing patterns: UI components in components/ui, feature components grouped by domain, and shared utilities in lib/.

Ready to Build?

Now that you understand the architecture, learn about specific systems and how to use them effectively.

Authentication Guide Database Setup