NextAuth + Prisma + Server Actions (NNRC)
This skill is opinionated to this repo’s patterns:
- •Auth:
auth()/signIn()/signOut()fromsrc/lib/auth.ts - •Admin auth:
withAdminAuth()/ helpers insrc/lib/admin.ts - •DB:
prismasingleton fromsrc/lib/prisma.ts - •Server actions:
src/app/actions/*with"use server"
Default patterns
Server action shape
- •Put the mutation in
src/app/actions/<domain>.ts - •Start with
"use server" - •Authenticate early
- •Validate/parse inputs (especially
FormData) - •Delegate business logic to
src/services/*where appropriate - •Revalidate paths after mutations that affect server-rendered pages
Auth & role checks
- •User-required:
const session = await auth(); if (!session?.user?.id) throw new Error("Not authenticated"); - •Admin-required: wrap the body with
withAdminAuth(async () => { ... }) - •Don’t trust client-provided user ids/roles; derive from the session.
Prisma query hygiene
- •Prefer
selectover returning whole models when you don’t need all fields. - •Watch for accidental N+1 loops; batch with
where: { id: { in: ... } }or useinclude. - •For multi-write invariants, use
prisma.$transaction(...).
Debugging playbook
“Session.user.id is undefined”
- •Confirm
src/lib/auth.tssets it in thesessioncallback. - •Confirm the
jwtcallback is populatingtoken.idfrom DB. - •Confirm types in
src/types/next-auth.d.tsincludesession.user.id.
“Admin pages/actions not protected”
- •Server actions should use
withAdminAuth(...). - •Pages/layouts should gate data fetching and rendering based on role (server-side).
- •Confirm admin role is being set (see
src/lib/auth.tssign-in callback +shouldBeAdmin).
“Mutation works but UI doesn’t update”
- •If the UI is server-rendered, add
revalidatePath("/the-path")in the server action after the write. - •If the UI is client state, ensure you update local state or refetch after the action resolves.
“Prisma errors in production”
- •Ensure migrations are deployed (
yarn buildrunsprisma migrate deploy). - •Avoid relying on dev-only behavior (e.g., using
migrate devsemantics). - •Validate all nullable fields before use; production data often has more edge cases.
References
- •Patterns:
references/patterns.md - •Debugging checklist:
references/debugging.md