Explore the live environment and administration panel using these credentials:
- Live Application: aurora-nu-three.vercel.app
- GitHub Repository: github.com/1ewig/aurora
Aurora is heavily optimized for speed, access, and search visibility, achieving near-perfect Core Web Vitals:
- Performance:
92% - Accessibility:
93% - Best Practices:
100% - SEO:
100%
(Audited via Chrome DevTools Lighthouse tool on the live production deployment).
| Role | Password | Access Privileges | |
|---|---|---|---|
| Customer | customer@example.com |
Customer123! |
Personal profile, order history, checkout |
Tip
Guest Checkout is fully enabled. Users can browse products, select sizes, input address details, and checkout without authenticating or creating an account.
Aurora combines React Server Components (RSC) for fast first-paint metrics and SEO indexability, combined with highly focused client state containers for responsive user interaction.
graph TD
subgraph Client ["Client Browser (React 19 / Zustand / React Query)"]
UI["UI & Presentational Components"]
Zustand["Zustand Store (Cart & UI State)"]
RQ["React Query (Server Cache)"]
end
subgraph Edge ["Edge Infrastructure"]
Middleware["Next.js Edge Middleware (Session & Admin protection)"]
end
subgraph Server ["Next.js 16 Server (App Router)"]
RSC["Server Components (RSC - Hydrated & SEO)"]
Routes["API Route Handlers (Auth & Checkout Operations)"]
end
subgraph Backend ["InsForge BaaS & Infrastructure"]
Postgres[("PostgreSQL Database (Raw pg, SELECT FOR UPDATE locks)")]
Storage["Object Storage (Product / Lookbook / Editorial buckets)"]
BetterAuth["Better Auth Engine"]
end
UI --> Middleware
Middleware --> RSC
Middleware --> Routes
RSC --> Postgres
RSC --> Storage
Routes --> Postgres
Routes --> BetterAuth
UI -.-> |Reads Cache| RQ
UI -.-> |Manages Cart| Zustand
- Clean Architecture Enforced: Restricts the storefront to a strict 4-layer separation of concerns (Pages β Containers/Bridges β Hooks/Stores β Presentational UI) documented in docs/CODING_STANDARDS.md to ensure maintainable, modular code.
- Maximum Search & Render Speed: Prioritizes React Server Components (RSC) by default and restricts client-side rendering boundaries to interactive sub-trees, maximizing search visibility and load times.
- Perfect Core Web Vitals: Optimizes layout shifts, rendering speeds, and semantic structure to achieve a 100% SEO score and 92% Performance rating on live production audits.
- Zero-Friction Conversion: Supports complete unauthenticated guest checkouts, decoupling cart operations and shipping address collections from signup requirements.
- URL-Synchronized State: Syncs categories, sorting, pagination, and search queries directly to URL query strings to enable bookmarking and back-history navigation with zero layout shifts.
- Race Condition Prevention: Implements pessimistic concurrency control (
SELECT ... FOR UPDATE) inside atomic database transactions, preventing stock overselling under concurrent checkout load. - N+1 Query Elimination: Consolidates relational product details (images, sizes, details) into a single, high-performance database roundtrip using PostgreSQL
json_aggaggregates, reducing DB latency by over 70%. - Atomic Order Consistency: Encapsulates stock checks, inventory updates, billing data entries, and transactional emails inside a managed database transaction to prevent orphan orders on checkout failure.
- SQL Injection Defeated: Enforces query parameterization ($1, $2, $3) across all endpoints, hiding underlying database schemas to block potential information leaks.
- Direct Database Access: Queries PostgreSQL directly via connection pooling (singleton
pgclient wrapper with connection timeouts) to eliminate the bundle size and execution latency overhead of ORMs like Prisma.
- Explicit Cache Directives: Uses Next.js 16's explicit
'use cache'compiler directive on catalog API endpoints with stale-while-revalidate revalidation, reducing server response times by 38-60%. - Offline-Resilient Cart: Persists Zustand client shopping bags using localStorage sync, allowing users to restore their shopping sessions across browser reloads.
- Granular Cached State: Fetches and caches server-state via TanStack Query. Admin list filters use
keepPreviousDatacaching, preventing screen-tearing and layout flashes while background queries execute. - Zero-Flicker Transitions: Hydrates detail views immediately from cached TanStack Query product lists, eliminating render latency when browsing from the listing catalog.
- Humanized Auth Exceptions: Maps raw Better Auth exception codes (such as
email_not_verifiedorexpired_reset_token) to user-friendly alert banners. - Dynamic Receipt Syncing: Polls the public API on successful redirection to replace
"Pending Fulfillment"with the official database order number once the webhook completes.
Prevents inventory overselling by locking the product size database row during checkout verification.
In src/app/api/webhooks/lemonsqueezy/route.ts:
// Lock product size stock row to prevent race conditions
const sizeRes = await client.query(
`SELECT id, stock FROM product_sizes
WHERE product_id = $1 AND size = $2 FOR UPDATE`,
[item.internalProductId, item.size]
);
const sizeInfo = sizeRes.rows[0];
if (!sizeInfo || sizeInfo.stock < item.quantity) {
throw new Error(`Insufficient stock.`);
}
// Decrement stock atomically
await client.query(
`UPDATE product_sizes
SET stock = stock - $1
WHERE id = $2`,
[item.quantity, sizeInfo.id]
);Consolidates nested relational details directly inside PostgreSQL to eliminate multiple roundtrips.
In src/app/api/products/[slug]/route.ts:
SELECT
p.id, p.slug, p.name, p.price, p.description,
(SELECT COALESCE(json_agg(image_url ORDER BY id), '[]'::json)
FROM product_images WHERE product_id = p.id) as images,
(SELECT COALESCE(json_agg(size ORDER BY id), '[]'::json)
FROM product_sizes WHERE product_id = p.id) as sizes
FROM products p
WHERE p.slug = $1;Interceptive Edge functions block unauthenticated or non-admin requests prior to loading server bundles.
In src/proxy.ts:
const cookie = request.headers.get('cookie') || '';
// Fast-path: Check session cookie before making any fetches
const hasSessionCookie = cookie.includes('better-auth.session_token');
if (!hasSessionCookie) {
const loginUrl = new URL("/login", request.url);
loginUrl.searchParams.set("redirect", pathname);
return NextResponse.redirect(loginUrl);
}
// For admin routes, check role via the dedicated endpoint
if (isAdminPath(pathname)) {
const roleRes = await fetch(`${baseUrl}/api/auth/role`, {
headers: { cookie },
});
if (roleRes.status === 401) {
const loginUrl = new URL("/login", request.url);
loginUrl.searchParams.set("redirect", pathname);
return NextResponse.redirect(loginUrl);
}
}We follow a strict unidirectional data flow standard defined in docs/CODING_STANDARDS.md:
Pages (src/app/)
β Server Components: resolve route params, export SEO metadata, render containers
βΌ
Containers / Bridges (src/components/*/)
β Read stores, call hooks, assemble props
ββββΊ Hooks (src/hooks/) - Business logic, form state, queries
ββββΊ Stores (src/stores/) - Zustand global state management
βΌ
Presentational Components (src/components/*/)
Pure JSX β receive everything via props, zero store/hook imports
| Component | Technology | Usage |
|---|---|---|
| Core Framework | Next.js 16.2 + React 19 | App Router, Server Components, Route Handlers |
| Database | PostgreSQL (InsForge) | SQL Database, transactional operations, direct connection pool |
| Authentication | Better Auth 1.6 | Email/password auth, edge session validations, secure administration |
| Server Cache | TanStack React Query 5 | Query caching, optimistic UI hydration, stale revalidation |
| Client State | Zustand 5 | Client-side shopping cart with localStorage persistence, UI modal toggles |
| Styling Engine | Tailwind CSS 4 | CSS theme tokens, responsive layouts, modular styles |
| Animations | Framer Motion 12 | Smooth page entrances, cart drawers, lookbook sliders |
| Image Preprocessor | Sharp | Automated asset WebP conversions and edge constraint scaling |
| Notifications | Nodemailer + SMTP | Automated transactional order confirmations and auth updates |
| Payments Integration | Lemon Squeezy Sandbox | Payment overlay modal, webhooks processing, receipt generation |
| Analytics | Vercel Analytics | Production user insights, traffic tracking, and performance monitoring |
To spin up a local instance of Aurora, clone the repository and execute the setup pipeline:
# 1. Clone the project and install dependencies
git clone https://github.com/1ewig/aurora.git
cd aurora
npm install
# 2. Configure environment parameters
cp .env.example .env.localFollow the Backend Deployment Guide to configure your InsForge credentials in .env.local. Once ready, execute the onboarding pipeline:
# Initialize Better Auth schema and tables
node scripts/setup-db.js
# Deploy full database structures and store media resources
npx tsx scripts/upload-and-seed.mts
# Manage admin user accounts and roles
npx tsx scripts/manage-user.ts
# Start local server
npm run devVisit http://localhost:3000 to interact with your local environment.
Explore the implementation quality of the core components in this codebase:
| Resource Path | Demonstration Purpose |
|---|---|
| src/proxy.ts | Next.js 16 Edge proxy middleware, route-gating. |
| src/app/api/orders/route.ts | Concurrency transaction logic, email template compiler. |
| src/hooks/queries.ts | Optimistic cache loading, React Query data fetching layer. |
| src/app/api/products/[slug]/route.ts | PostgreSQL query optimizations (json_agg data shaping). |
| src/hooks/useUsersManagement.ts | Custom React hook separating business/state logic from admin user panel. |
| src/stores/useAuthStore.ts | Zustand client wrapper for session tracking. |
| scripts/manage-user.ts | Comprehensive CLI for user creations, role updating, and account deletion. |
| scripts/upload-and-seed.mts | Schema deployer, S3 bucket config, and media asset ingestion pipeline. |
| scripts/optimize-images.mjs | Asset WebP preprocessing script utilizing Sharp. |
