Here, we will track our daily progress and any notes we find useful for our project.

<hr>


## **Day1**

<hr>

- **Date**: 2025-06-26

Started the nextjs project with command `npx create-next-app@latest`.

Set up the project structure.


## **Day2**

<hr>

- **Date**: 2025-06-27

Before starting to work on the project, we will explore our project design to understand the UI better.

After looking at the design, we identify the components needed, bases pages that we need, number of routes that we need to create. This way are able to divide the UI into smaller components and pages, much needed for reusability and maintainability.

- NavBar remains the static component, which will be used in all pages.

- Then header and footer will be used in all pages, but the content will change based on the page.

Altogether we will have 2 layouts i.e. for the `auth` and `main` pages because the NavBar is not needed in the `auth` pages.

We will use the `(root)` routing provided by Next.js, which allows us to create a folder structure that maps directly to the URL structure of our application.

The `(root)` folder will contain the main layout and the NavBar component, which will be used across all pages.

and, the `(auth)` folder will contain the authentication pages, such as login and signup.

Inside the `(auth)` route group, we have `sign-in` folder, which will contain the `page.tsx` file for the sign-in page.

**Create the Components Folder Outside the App Directory**

### **Working with Layout in the Auth Route**

The `layout.tsx` file in the `(auth)` folder will be used to define the layout for the authentication pages. This layout will include the header and footer components, which will be used in all authentication pages.

At the top we will load the `NavBar` component, which will be used in all pages.

and just below that we will load all the children components for that route.

By default, the `layout.tsx` top level component will be the parent of all the pages in the `app` directory, and it will be used to define the layout for all pages in the application.

So, based on the change in route, the `layout.tsx` file will be used to render the appropriate layout for the page.

To access the `auth` route, we will use the URL `/auth`, which will render the `layout.tsx` file in the `(auth)` folder.

### **Navbar.tsx Component**

Will have logo, then user profile icon.

For the user profile icon, we use the conditional rendering to show the user profile icon if the user is logged in, otherwise we will show the login button.

The user data will be fetched from the server using the `getServerSession` function from the `next-auth` package.

The `getServerSession` function will be used to get the user session data from the server, which will be used to determine if the user is logged in or not.

We use the `figure` element when we've to use image and a button together, like in the case of the user profile icon.

**Note**

All the `css` styles will be written in the `globals.css` file, which will be imported in the `layout.tsx` file.

It is due to global css and taiwind css classes that we are able to style the components without writing any additional css files.

UI Layout for flex and everything has been written in the `globals.css` file.

Now we are done with the `NavBar` component.

### **Working with the layout.tsx in the `(root)` Route**

The `layout.tsx` file in the `(root)` folder will be used to define the main layout of the application. This layout will include the `NavBar` component, which will be used in all pages.

And below the `NavBar` component, we will load the `children` components, which will be used to render the content of the page.

The `children` components will be the pages that are defined in the `(root)` folder, such as the `page.tsx` file.

This `page.tsx` file will be used to define the main content of the application, such as the welcome message and any other content that we want to display on the main page.

### **Working with the page.tsx in the `(root)` Route**

The `page.tsx` file in the `(root)` folder will be used to define the main page of the application. This page will include the main content of the application, such as the welcome message and any other content that we want to display on the main page.

Here, we will use the `main` tag to wrap the main content of the page, which will be used to define the main content of the application.

The max-width of the main content will be set to `1440px`, so that content is centered on the page. Class used is `wrapper page` the `page` is for the column flex layout and `wrapper` is for the max-width of the content.

### **For the http://192.168.1.79:3000/ URL**

When we access the URL `http://192.168.1.79:3000/`, the `layout.tsx` file in the `(root)` folder will be used to render the main layout of the application, which will include the `NavBar` component and the `main` content of the page as `children` props in the `layout.tsx` file.

Then this `layout.tsx` will be passed as `Component` to the top level `layout.tsx` file in the `app` directory, which will be used to render the main layout of the application.

**Header.tsx Component**

It is the component that we will use to display the header of the page. It will include the title and any other content that we want to display in the header.

As this is to be used as resuable component, we will need to accept different props to render different content in the header.

This component is dynamic, and we will pass the `title`, `subHeader`, and `userImg` props to render the content of the header.

**DropdownList.tsx Component**

This component will be used to display the dropdown list of options when the user clicks on the user profile icon.

The `DropdownList` component will be a simple component that will display the list of options in a dropdown format. It is toggled by the user profile icon click.

We will need to create a state variable to keep track of whether the dropdown is open or not, and we will use the `useState` hook to manage this state.


## **Profile Dynamic Route**

The `profile` dynamic route will be used to display the user profile page. This page will include the user profile information, such as the user name, email, and any other information that we want to display in the user profile.

**Route**

`192.168.1.79:3000/profile/[id]`

<hr>

For this, we will create a new folder inside the `(root)` route group called `profile`, and inside this folder, we will create a new folder called `[id]`, which will be used to define the dynamic route for the user profile page.

Inside the `[id]` folder, we will create a new file called `page.tsx`, which will be used to define the user profile page.

### **How will the User be Routed to the Profile Page?**

When the user clicks on the user profile icon in the `NavBar`, we will redirect the user to the profile page using the `router.push` method from the `next/navigation` package.

Therefore, we need to add route to the `NavBar` component, which will be used to redirect the user to the profile page.

Note,

`Route` change is done on the `Client` side using the `useRouter` hook from the `next/navigation` package.

Therefore, we will need to make NavBar a `Client Render` component by adding the `"use client"` directive at the top of the file.

Also, for `Client Components`, we will use `useRouter` hook from the `next/navigation` package to handle the route change. But,

For `Server Components`, we will use the `Link` component from the `next/link` package to handle the route change.

### **Capture the User ID from the URL**

Since, on click of the user profile icon, we will redirect the user to the profile page with the user ID in the URL, we will need to capture the user ID from the URL i.e. `192.168.1.79:3000/profile/[id]`.

We'll accept the `params` prop in the `page.tsx` file, which will be used to capture the user ID from the URL.

But, it needs to be `async` function, and use `await` to fetch the capture the user ID from the URL.

<hr>


## **Video Cards**

<hr>

On the home page, we will display random video cards.

But, on the profile page, we will display the videos that are associated with the user.

The goal is to create a Reusable VideoCard component that can be used in both places.

**Props**

As it will be a reusable component, we need to define the props that it will accept.

Such as:

- `title`: The title of the video

- `description`: A brief description of the video

- `thumbnail`: The URL of the video's thumbnail image

- `videoId`: The unique identifier for the video

- `userId`: The unique identifier for the user who uploaded the video

- `createdAt`: The date and time when the video was uploaded

- `views`: The number of times the video has been viewed

### **For the Home Page**

We will import the Video Card component in the `page.tsx` of the `(root)` directory.

Below Welcome to Loom Clone we will display random video cards.

**constants/index.ts**

We will create a `dummyCard` array of objects that represent the video cards and loop through it to display each video card.

### **For Profile Page**

We will display the videos that are associated with the user.

We will use the same `VideoCard` component and pass the relevant props to it.

**Note**

Clicking on any video to redirect to `/video/[id]` page. We will create a dynamic route for the video page.


## **Video Route Page**

As we click on any video card, we will be redirected to the video route page.

The route will be `/video/[id]` where `[id]` is the unique identifier for the video.

### **How Does the Routing Works**

**Current Folder Structure**

```text
.
├── app
│   ├── (root)
│   │   ├── profile
│   │   │   ├── [id]
│   │   │   │   ├── page.tsx
│   │   ├── video
│   │   │   ├── [id]
│   │   │   │   ├── page.tsx
│   │   ├── layout.tsx
│   │   ├── page.tsx
│   ├── layout.tsx
│   ├── global.css

```

So, whenever we request for `video/[id]`, the `page.tsx` file inside the `[id]` folder will be passed as child component to the `layout.tsx` file of the `(root)` folder.

Then this, `layout.tsx` will be passed as child component to the `layout.tsx` of the `app` folder.


<hr>
<hr>
<hr>
<hr>


Till now, we've implemented the `Home` and `Profile` pages. Now, we will work on `Authentication Page`.


### **Authentication Page**

We will create `(auth)` route group to handle all authentication-related routes. Inside the `(auth)` folder, we will create `page.tsx` file.

The authentication page will handle user login and registration.

<hr>

We will use the `BetterAuth` library to implement authentication. This library provides a simple and secure way to manage user sessions and protect routes.

**Before we move to `BetterAuth` configuration, let's get the `Google Cloud Console` credentials.**

Once, the `GCP` credentials are obtained, we can proceed with the `BetterAuth` configuration.

But,

**First Let's Configure Database so that we can store user information once the user is authenticated from `OAuth`.**

## **Database Configuration**

We will use `Xata` as our database solution. `Xata` is a serverless database that provides a simple API for managing data.

### **What is Xata?**

`Xata` is a serverless database that provides a simple API for managing data. It is designed to be easy to use and scalable, making it a great choice for modern web applications.

It helps develop with `PostgreSQL` compatibility, allowing developers to use familiar SQL queries.

[Link](https://lite.xata.io/)

### **What is BetterAuth?**

`BetterAuth` is a modern authentication library for React applications. It provides a set of hooks and components to easily add authentication to your app, including support for social login, email/password login, and more.

[Link](https://www.better-auth.com/)

[Installation](https://www.better-auth.com/docs/installation)

`npm install better-auth`

Then, set up the `.env` file with your authentication credentials.

<hr>


<hr>
<hr>
<hr>
<hr>


## **DataBase Configuration**

We are using `Xata` as our database solution. `Xata` is a serverless database that provides a simple API for managing data.

### **Config Details**

`DbName`: jsm_snapcast

Then include all the necessary environment variables in your `.env` file.

`ORM` : `Drizzle ORM` SQL

### **Connect with `Drizzle ORM` in `TypeScript`**

We will need to install the `Drizzle ORM` package to connect with the `Xata` database.

But, we are not using `Drizzle with node-postgres` because `node-postgres` is not yet supported in `Edge Runtime` with the stable release of the current `NextJs` version.

Our application will have `Middleware` that means it runs on `Edge Runtime`. Therefore, libraries likes `node-postgres` won't work because they need `TCP` sockets which does not exists in the `Edge` runtime.

So, if we want to use `node-postgres`, we need to switch to `next canary` which supports `Nextjs` middleware.

Therefore,

We will use `Xata Adapter` that uses `HTTP` to connect with the `Xata` database.

### **Xata Installation**

To install the `Xata` adapter, run the following command:

**Install Xata CLI**

```bash
sudo npm install -g @xata.io/cli // Install Xata CLI globally
```

**Xata Auth**

```bash
toni-birat@tonibirat:/media/toni-birat/New Volume/screen_recording_full_stack$ xata auth login
(node:71447) Warning: Closing file descriptor 21 on garbage collection
(Use `node --trace-warnings ...` to show where the warning was created)
(node:71447) [DEP0137] DeprecationWarning: Closing a FileHandle object on garbage collection is deprecated. Please close FileHandle objects explicitly using FileHandle.prototype.close(). In the future, an error will be thrown if a file descriptor is closed during garbage collection.
✔ Do you want to use an existing API key or create a new API key? › Use an existing API key
✔ Existing API key: … ************************************
i Checking access to the API...
✔ All set! you can now start using xata
```

We can choose to use existing API or create a new one using the Xata CLI.

This will create a `.xata` directory in your project root with the necessary configuration files.

**Initialization**

```bash
toni-birat@tonibirat:/media/toni-birat/New Volume/screen_recording_full_stack$ xata init
🦋 Initializing project... We will ask you some questions.

You have a single workspace, using it by default: Birat-Gautam-s-workspace-tf45ml
✔ Select a database or create a new one › jsm_snapcast
? Generate code and types from your Xata database › - Use arrow-keys. Return to submit.
✔ Generate code and types from your Xata database › TypeScript
✔ Choose the output path for the generated code … src/xata.ts

Setting up Xata...

Created Xata config: .xatarc

 ›   Warning: Your .env file already contains XATA_API_KEY
 ›   key. skipping...

i Running npm install --save @xata.io/client@next

added 1 package, and audited 433 packages in 5s

170 packages are looking for funding
  run `npm fund` for details

1 low severity vulnerability

To address all issues, run:
  npm audit fix

Run `npm audit` for details.


Successfully pulled 1 migrations from main branch
Generated Xata code to ./src/xata.ts

✔ Project setup with Xata 🦋

i Setup tables and columns at https://app.xata.io/workspaces/Birat-Gautam-s-workspace-tf45ml/dbs/jsm_snapcast:us-east-1

i Use xata pull main to regenerate code and types from your Xata database
```

This will create the necessary configuration files for the Xata database.

Let's us choose an existing Database or create a new one.

This will create a `src/xata.ts` and `.xatarc` file with the necessary code and types for the Xata database.

### **Configuring xata.ts File**

By default, the `xata.ts` file will contain the necessary code to connect to your Xata database and perform CRUD operations.

We will need to customize the way to add the `API Key` and remove unnecessary imports such as `tables`.

We just need to export the `DatabaseSchema` type from the `xata.ts` file.

We will provide the API Key in the `defaultOptions` object with `process.env.XATA_API_KEY`.

We will provide branch as well i.e. `branch: 'main'`.

**xata.ts**

It should be on the `root` level of your project.

```ts
// Generated by Xata Codegen 0.30.1. Please do not edit.
import { buildClient } from "@xata.io/client";
import type { BaseClientOptions } from "@xata.io/client";
import { apiKey } from "better-auth/plugins";

export type DatabaseSchema = {};

const DatabaseClient = buildClient();

const defaultOptions = {
  databaseURL:
    "https://Birat-Gautam-s-workspace-tf45ml.us-east-1.xata.sh/db/jsm_snapcast",
  apiKey: process.env.XATA_API_KEY,
  branch: "main",
};

export class XataClient extends DatabaseClient<DatabaseSchema> {
  constructor(options?: BaseClientOptions) {
    super({ ...defaultOptions, ...options });
  }
}

let instance: XataClient | undefined = undefined;

export const getXataClient = () => {
  if (instance) return instance;

  instance = new XataClient();
  return instance;
};
```


## **Connecting with Drizzle ORM**

We will use `Drizzle ORM` to connect with the `Xata` database.

[Link](https://orm.drizzle.team/)

[SetUp_Drizzle_With_Xata](https://orm.drizzle.team/docs/get-started) : Click get started with `Xata` and follow the steps.

<hr>

### **What is ORM?**

`ORM` stands for `Object-Relational Mapping`. It is a programming technique used to convert data between incompatible type systems in object-oriented programming languages. In simpler terms, it allows developers to interact with a database using the programming language's native objects, rather than writing raw SQL queries.

### **Drizzle ORM**

It is an `ORM` for `TypeScript` that provides a simple and intuitive API for working with databases.

It is `ORM` specifically for `serverless` databases i.e. `PostgreSQL`, `MySQL`, `SQLite`, etc.

### **Installation of Drizzle ORM**

To install `Drizzle ORM`, you can use `npm` or `yarn`. Run one of the following commands in your terminal:

```bash
npm install drizzle-orm
```

Next, we'll need to install `Drizzle Kit` that will create the `SQL` migrations. It is a command line tool.

```bash
npm install -D drizzle-kit // For Development
```

Next, we will need `Postgres` package to talk to the `PostgreSQL` database.

```bash
npm install pg
```

Now, we'll create `db.ts` file inside `drizzle/` folder.

In this file, we will write the Config to connect `Drizzle` and `Xata`.

```ts
import { drizzle } from "drizzle-orm/xata-http";
import { getXataClient } from "../xata";

export const db = drizzle(getXataClient()); // Export the DB connection
```

In the above code, we are importing the `getXataClient` function from the `xata` module and using it to create a new instance of the `Xata` client. Then, we pass this client to the `drizzle` function to create a database connection.

<hr>

Now, we will create `Schema` for our database. The `schema.ts` file is also created inside `drizzle/` folder.

Here, we'll add the `Authentication` schema that will be auto generated by `BetterAuth`.

Now, will need to create `drizzle` config file `drizzle.config.ts` inside the root folder.

Here will need to load the `environment` variables to setup the configuration. For that we will need the `dotenv` package.

```bash
npm install dotenv
```

Then,

```ts
// drizzle.config.ts

import { config } from "dotenv";
import { defineConfig } from "drizzle-kit";

config({ path: "./.env" }); // Load the Envs from the .env file

export default defineConfig({
  schema: "./drizzle/schema.ts", // Schema Path
  out: "./drizzle/migrations", // Output Migration Path
  dialect: "postgresql", // Database Type
  dbCredentials: {
    url: process.env.DATABASE_URL_POSTGRES!, // PostgreSQL connection string
  },
});
```

In the `drizzle.config.ts` file, we will export the configuration using `defineConfig` from `drizzle-kit`.

This `export` will be an `object` that contains all the necessary configuration options for `Drizzle ORM` to connect to the `PostgreSQL` database.

<hr>

Finally,

We'll have to setup `BetterAuth`, Create a folder named `lib` in the root directory. Inside, this folder create a file named `auth.ts`.

Here we will connect `Drizzle`,`BetterAuth` and the Database i.e. `Xata`.

```ts
import { db } from "@/drizzle/db";
import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";

export const auth = betterAuth({
  database: drizzleAdapter(db, { provider: "pg" }),
});
```

Here, we export the `auth` object which contains the configuration for `BetterAuth` that composes the `Drizzle` ORM with the `Xata` database.

**Now,**

We will need to execute the `better-auth/cli` to generate a schema file which includes `username`, `session`, and `account` verification schema that is needed for authentication.

```bash
npx @better-auth/cli generate
```

This will generate `auth.schema.ts` file in the root directory.

Copy the content of `auth.schema.ts` file to the `schema.ts` file inside the `drizzle/` folder.

```ts
import {
  pgTable,
  text,
  timestamp,
  boolean,
  integer,
} from "drizzle-orm/pg-core";

export const user = pgTable("user", {
  id: text("id").primaryKey(),
  name: text("name").notNull(),
  email: text("email").notNull().unique(),
  emailVerified: boolean("email_verified")
    .$defaultFn(() => false)
    .notNull(),
  image: text("image"),
  createdAt: timestamp("created_at")
    .$defaultFn(() => /* @__PURE__ */ new Date())
    .notNull(),
  updatedAt: timestamp("updated_at")
    .$defaultFn(() => /* @__PURE__ */ new Date())
    .notNull(),
});

export const session = pgTable("session", {
  id: text("id").primaryKey(),
  expiresAt: timestamp("expires_at").notNull(),
  token: text("token").notNull().unique(),
  createdAt: timestamp("created_at").notNull(),
  updatedAt: timestamp("updated_at").notNull(),
  ipAddress: text("ip_address"),
  userAgent: text("user_agent"),
  userId: text("user_id")
    .notNull()
    .references(() => user.id, { onDelete: "cascade" }),
});

export const account = pgTable("account", {
  id: text("id").primaryKey(),
  accountId: text("account_id").notNull(),
  providerId: text("provider_id").notNull(),
  userId: text("user_id")
    .notNull()
    .references(() => user.id, { onDelete: "cascade" }),
  accessToken: text("access_token"),
  refreshToken: text("refresh_token"),
  idToken: text("id_token"),
  accessTokenExpiresAt: timestamp("access_token_expires_at"),
  refreshTokenExpiresAt: timestamp("refresh_token_expires_at"),
  scope: text("scope"),
  password: text("password"),
  createdAt: timestamp("created_at").notNull(),
  updatedAt: timestamp("updated_at").notNull(),
});

export const verification = pgTable("verification", {
  id: text("id").primaryKey(),
  identifier: text("identifier").notNull(),
  value: text("value").notNull(),
  expiresAt: timestamp("expires_at").notNull(),
  createdAt: timestamp("created_at").$defaultFn(
    () => /* @__PURE__ */ new Date()
  ),
  updatedAt: timestamp("updated_at").$defaultFn(
    () => /* @__PURE__ */ new Date()
  ),
});

export const schema = {
  user,
  session,
  account,
  verification,
};
```

<hr>

Once our `schema` for the `BetterAuth` is ready, we can use it to create the necessary tables in the database.

```bash
npx drizzle-kit push
```

This command will apply the schema changes to the database i.e. `xata`, creating the `user`, `session`, `account`, and `verification` tables as defined in the `schema.ts` file.

<hr>

Now, let's add the `schema`, `socialProviders`, and `betterAuth` of the `auth.ts` file.

```ts
//auth.ts

import { db } from "@/drizzle/db"; // Database
import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { schema } from "@/drizzle/schema";
import { nextCookies } from "better-auth/next-js";

export const auth = betterAuth({
  database: drizzleAdapter(db, { provider: "pg", schema }),
  socialProviders: {
    google: {
      clientId: process.env.BETTER_AUTH_GOOGLE_CLIENT_ID!,
      clientSecret: process.env.BETTER_AUTH_GOOGLE_CLIENT_SECRET!,
    },
  },
  plugins: [nextCookies()],
  baseURL: process.env.NEXT_PUBLIC_BASE_URL,
});
```

The above code configures the `BetterAuth` instance with the necessary database adapter, social provider credentials, and other options like cookies and base URL.

Here,

`drizzleAdapter(db, …)`: tells `Better Auth` to persist all auth data through `Drizzle`.

`socialProviders`: Better Auth will generate the Google login flow for you (redirect → consent → callback). On successful callback, Better Auth will:

- Create or link a user,

- Store the OAuth account in your schema’s accounts table,

- Create a session (usually cookie-based),

- Return you to your app with the user signed in.

`plugins: [nextCookies()],`: A plugin that makes Better Auth read/write cookies via Next.js’s `cookies()` API—crucial for App Router/SSR/Edge compatibility.

`baseURL: process.env.NEXT_PUBLIC_BASE_URL,`: The base URL for your application, used by Better Auth for redirects and other purposes.

<hr>
<hr>

Now, we will need to create `Auth Client` for our application.

The `Auth Client` will be responsible for handling user authentication and authorization using the `BetterAuth` library.

```ts
// lib/auth-client.ts

import { auth } from "@/lib/auth";
import { createAuthClient } from "better-auth/react";
export const authClient = createAuthClient({
  baseURL: process.env.NEXT_PUBLIC_BASE_URL!,
});
```

Then we will need to create `API Route` for our authentication client. For that we will create `api/auth` folder within `app` folder. Then inside the `auth/[..all]` folder, we will create a file named `route.ts`.

Here, `auth/[...all]` is a catch-all route that will match all requests to the `auth` endpoint.

The `route.ts` file in `Next.Js` is used to define the API routes for our application. In this case, we will use it to handle authentication requests.

`route.ts` will expose the authentication endpoints for our application.

```ts
// app/api/auth/route.ts

import { auth } from "@/lib/auth";
import { toNextJsHandler } from "better-auth/next-js";

export const { GET, POST } = toNextJsHandler(auth.handler);
```

In the above code,

- We import the `auth` instance from our `lib/auth.ts` file.

- We use the `toNextJsHandler` function from the `better-auth/next-js` package to convert the `auth.handler` into Next.js compatible GET and POST handlers.

- Finally, we export these handlers for use in our API routes.

<hr>
<hr>

After all these setup now we've to setup the login functionality in the **`sign-in`** page.


## **Login Functionality**

We will use `onClick` event handler to trigger the login process when the user clicks the login button.

Since, we're using `onClick` the component should be a `client` i.e. `use client`;

<hr>

### **SignIn.tsx**

First create an `async` Event Handler Function i.e. `handleSignIn`.

```ts
"use client";

import Link from "next/link";
import React from "react";
import Image from "next/image";
import { authClient } from "@/lib/auth-client";

const page = () => {
  const handleSignIn = async () => {
    return await authClient.signIn.social({ provider: "google" });
  };

  return (
    <main className="sign-in">
      <aside className="google-sign-in">
        <button onClick={handleSignIn}>
          <Image
            src="/assets/icons/google.svg"
            alt="google"
            width={22}
            height={22}
          ></Image>
          <span>Sign in With Google</span>
        </button>
      </aside>
    </main>
  );
};

export default page;
```

In the above code,

The `handleSignIn` function is an asynchronous function that calls the `signIn.social` method from the `authClient` with the Google provider. When the user clicks the "Sign in With Google" button, this function is triggered, initiating the sign-in process.

<hr>
<hr>


Till now we have implemented the login functionality using Google OAuth. The user can click the "Sign in With Google" button, which triggers the `handleSignIn` function, initiating the sign-in process.

But if we try to access the `Dashboard` page even without signing in it is possible, which should not happen. The user `Dashboard` should be only accessible when the user is `Authenticated` and should `Redirect` to the sign-in page if not authenticated.

For that we can create a `Middleware` that checks the user's authentication status before allowing access to the `Dashboard` page.

<hr>

## **Middleware**

**Let's Understand the Middleware in Depth**

`Middleware` in general is a function that runs before a request is completed. It can be used to modify the request, response, or even end the request-response cycle.

In the context of Next.js, `middleware` can be used to protect certain routes, ensuring that only authenticated users can access them.

<hr>

**Note**

All `Next.js` `Middleware` runs in the `Edge Runtime`, which is a lightweight, serverless environment.

The `Edge Runtime` does not support `Node.js` APIs like `crypto`, `fs`, or `path`.

<hr>

### **What is `Edge Runtime`?**

`Edge Runtime` is a new execution environment for serverless functions that allows you to run your code closer to your users, reducing latency and improving performance. It is designed to be lightweight and fast, with a focus on delivering content quickly and efficiently.

Some key features of `Edge Runtime` include:

- **Low Latency**: By running your code at the edge, closer to your users, you can reduce the time it takes to process requests and deliver responses.

- **Scalability**: `Edge Runtime` is designed to scale automatically, handling large volumes of requests without any additional configuration.

- **Lightweight**: The environment is optimized for performance, with a minimal footprint and fast startup times.

<hr>

### **How to Create Middleware in Next.js**

In the root directory of your Next.js project, create a file named `middleware.ts`. `Next.js` will automatically use this file as middleware for all routes.

```tsx
// middleware.ts

import { NextRequest, NextResponse } from "next/server";
import { auth } from "./lib/auth";
import { headers } from "next/headers";

// Middelware Function
export async function middleware(request: NextRequest, response: NextResponse) {
  // Try to access the session
  const session = await auth.api.getSession({
    headers: await headers(),
  });

  // No Session
  if (!session) {
    // Redirect to Sign-in page from the current URL
    return NextResponse.redirect(new URL("/sign-in", request.url));
  }

  // Else, continue with what it was supposed to do
  return NextResponse.next();
}

// Middleware Routes
export const config = {
  // ReGex for Routes that we want the middleware to be applied
  matcher: ["/((?!api|_next/static|_next/image|favicon.ico|sign-in|assets).*)"],
};
```

In the above code,

```ts
auth.api.getSession({
  headers: await headers(),
});
```

we are trying to retrieve the user's session information from the authentication API. We need to pass `headers` from the request to the API to get the correct session information.

Then in the `config` we specify the routes that we want the middleware to be applied to using a regular expression matcher. In our case we've applied the middleware to any request that is for the `API`, `static files`, or the `sign-in` page.

<hr>

As here we are using `import { auth } from "./lib/auth";` to access the authentication API, and this library internally depends on `crypto` for some of its operations, but the `Edge Runtime` does not support `crypto` or any other `Node.js` APIs. Therefore, we get an `Error` as `Error: The edge runtime does not support Node.js 'crypto' module`.

### **The Only Perfect Solution for Edge Runtime Issue for Middleware**

Another `Solution` would be to use compatible libraries that work with the `Edge Runtime`. But we will stick to the below `Solution`

**Do Auth Checks in Server Components/ Layouts**

Instead of `Middleware`, check the session in `Layouts` or `Server Components`. As `Server Components` run on the server, you can use the full power of the Node.js API, including `crypto`, without any issues.

First `delete` the `middleware.ts` file.

Then in the `layout.tsx` of the `app/(root)/` directory, you can implement the session check like this:

```tsx
// layout.tsx
import React from "react";
import NavBar from "@/components/NavBar";
import { auth } from "@/lib/auth";
import { headers } from "next/headers";
import { redirect } from "next/navigation";

const layout = async ({ children }: { children: React.ReactNode }) => {
  // Check for Authenticated Session to Access Dashboard, Else Redirect to Sign-in
  const session = await auth.api.getSession({
    headers: await headers(),
  });

  // Check if session exists
  if (!session) {
    redirect("/sign-in");
  }

  // Else continue normal flow
  return (
    <div>
      <NavBar />
      {children}
    </div>
  );
};

export default layout;
```

After this change, when a user tries to access a protected route, the session check will be performed in the `layout`, and if the user is `not authenticated`, they will be `redirected` to the `sign-in` page. This approach leverages the full power of the Node.js API, including `crypto`, without any issues related to the `Edge Runtime`.


<hr>
<hr>


### **Problem with Sign In With Google**

After clicking `Sign In with Google` response comes very late.

Maybe problem with the above `pg` code previously it used to be different.

**Problem** : We were trying to use `PostgreSQL direct connection` `(node-postgres)` but with the wrong connection string:

```ts
// In drizzle/db.ts - BEFORE
import { drizzle } from "drizzle-orm/node-postgres";
import { Pool } from "pg";

const pool = new Pool({
  connectionString: process.env.DATABASE_URL, // ❌ This was HTTP API URL
});
```

Our `.env` had:

```bash
DATABASE_URL=https://Birat-Gautam-s-workspace-tf45ml.us-east-1.xata.sh/db/jsm_snapcast:main #(HTTP API URL)
DATABASE_URL_POSTGRES=postgresql://tf45ml:xau_iCnCNS00pp4ZHL1o79oIkAiYx4fRM41w@us-east-1.sql.xata.sh/jsm_snapcast:main?sslmode=require #(PostgreSQL URL)
```

Below was the server response,

```bash
toni-birat@tonibirat:/media/toni-birat/New Volume/screen_recording_full_stack$ npm run dev

> screen_recording_full_stack@0.1.0 dev
> next dev --turbopack

   ▲ Next.js 15.3.4 (Turbopack)
   - Local:        http://localhost:3000
   - Network:      http://192.168.1.79:3000
   - Environments: .env

 ✓ Starting...
 ✓ Ready in 820ms
 ○ Compiling /sign-in ...
 ✓ Compiled /sign-in in 1827ms
 GET /sign-in 200 in 2081ms
 ⚠ Cross origin request detected from 192.168.1.79 to /_next/* resource. In a future major version of Next.js, you will need to explicitly configure "allowedDevOrigins" in next.config to allow this.
Read more: https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins
 ○ Compiling /api/auth/[...all] ...
 ✓ Compiled /api/auth/[...all] in 1012ms
# SERVER_ERROR:  [Error: Failed query: insert into "verification" ("id", "identifier", "value", "expires_at", "created_at", "updated_at") values ($1, $2, $3, $4, $5, $6) returning "id", "identifier", "value", "expires_at", "created_at", "updated_at"
params: YMWipqvalubysPk28OxKdsj3zpcYv0x2,gJ9mQXI_m-PuTMSsSlp2Rmwy_VfnWRFd,{"callbackURL":"/","codeVerifier":"XVfBj2nVrWySnH-yO7cCl2_FVwubQ_AOpveurdkjpq_I9uoIfaoea8A2QdP1z2ycetUrrjEiNnTT-OkAovBk8SGT6dtTOPhGO7H14vFuPMJYxRY-WSlVoiEUG43u49sa","expiresAt":1755449360118},2025-08-17T16:49:20.118Z,2025-08-17T16:39:20.118Z,2025-08-17T16:39:20.118Z] {
  query: 'insert into "verification" ("id", "identifier", "value", "expires_at", "created_at", "updated_at") values ($1, $2, $3, $4, $5, $6) returning "id", "identifier", "value", "expires_at", "created_at", "updated_at"',
  params: [Array],
  [cause]: [AggregateError: ] { code: 'ETIMEDOUT' }
}
 POST /api/auth/sign-in/social 500 in 136430ms

```

`The node-postgres driver was trying to connect to an HTTP URL as if it were a PostgreSQL database, which caused ETIMEDOUT errors.`

The first step was to run `xata pull main`,

Which pulled the latest schema changes from the Xata database and it `synchronized` local Xata client with the actual database structure that was created when you previously ran `npx drizzle-kit push`.

```ts
// In xata.ts - AFTER

// Generated by Xata Codegen 0.30.1. Please do not edit.
import { buildClient } from "@xata.io/client";
import type {
  BaseClientOptions,
  SchemaInference,
  XataRecord,
} from "@xata.io/client";

// Full table defintions with all columns
const tables = [
  {
    name: "account",
    checkConstraints: {},
    foreignKeys: {
      account_user_id_user_id_fk: {
        name: "account_user_id_user_id_fk",
        columns: ["user_id"],
        referencedTable: "user",
        referencedColumns: ["id"],
        onDelete: "CASCADE",
      },
    },
    primaryKey: ["id"],
    uniqueConstraints: {},
    columns: [
      {
        name: "access_token",
        type: "text",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "access_token_expires_at",
        type: "timestamp without time zone",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "account_id",
        type: "text",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "created_at",
        type: "timestamp without time zone",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "id",
        type: "text",
        notNull: true,
        unique: true,
        defaultValue: null,
        comment: "",
      },
      {
        name: "id_token",
        type: "text",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "password",
        type: "text",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "provider_id",
        type: "text",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "refresh_token",
        type: "text",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "refresh_token_expires_at",
        type: "timestamp without time zone",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "scope",
        type: "text",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "updated_at",
        type: "timestamp without time zone",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "user_id",
        type: "link",
        link: { table: "user" },
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
    ],
  },
  {
    name: "session",
    checkConstraints: {},
    foreignKeys: {
      session_user_id_user_id_fk: {
        name: "session_user_id_user_id_fk",
        columns: ["user_id"],
        referencedTable: "user",
        referencedColumns: ["id"],
        onDelete: "CASCADE",
      },
    },
    primaryKey: ["id"],
    uniqueConstraints: {
      session_token_unique: {
        name: "session_token_unique",
        columns: ["token"],
      },
    },
    columns: [
      {
        name: "created_at",
        type: "timestamp without time zone",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "expires_at",
        type: "timestamp without time zone",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "id",
        type: "text",
        notNull: true,
        unique: true,
        defaultValue: null,
        comment: "",
      },
      {
        name: "ip_address",
        type: "text",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "token",
        type: "text",
        notNull: true,
        unique: true,
        defaultValue: null,
        comment: "",
      },
      {
        name: "updated_at",
        type: "timestamp without time zone",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "user_agent",
        type: "text",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "user_id",
        type: "link",
        link: { table: "user" },
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
    ],
  },
  {
    name: "user",
    checkConstraints: {},
    foreignKeys: {},
    primaryKey: ["id"],
    uniqueConstraints: {
      user_email_unique: { name: "user_email_unique", columns: ["email"] },
    },
    columns: [
      {
        name: "created_at",
        type: "timestamp without time zone",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "email",
        type: "text",
        notNull: true,
        unique: true,
        defaultValue: null,
        comment: "",
      },
      {
        name: "email_verified",
        type: "bool",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "id",
        type: "text",
        notNull: true,
        unique: true,
        defaultValue: null,
        comment: "",
      },
      {
        name: "image",
        type: "text",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "name",
        type: "text",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "updated_at",
        type: "timestamp without time zone",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
    ],
  },
  {
    name: "verification",
    checkConstraints: {},
    foreignKeys: {},
    primaryKey: ["id"],
    uniqueConstraints: {},
    columns: [
      {
        name: "created_at",
        type: "timestamp without time zone",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "expires_at",
        type: "timestamp without time zone",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "id",
        type: "text",
        notNull: true,
        unique: true,
        defaultValue: null,
        comment: "",
      },
      {
        name: "identifier",
        type: "text",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "updated_at",
        type: "timestamp without time zone",
        notNull: false,
        unique: false,
        defaultValue: null,
        comment: "",
      },
      {
        name: "value",
        type: "text",
        notNull: true,
        unique: false,
        defaultValue: null,
        comment: "",
      },
    ],
  },
] as const;

export type SchemaTables = typeof tables;
export type InferredTypes = SchemaInference<SchemaTables>;

export type Account = InferredTypes["account"];
export type AccountRecord = Account & XataRecord;

export type Session = InferredTypes["session"];
export type SessionRecord = Session & XataRecord;

export type User = InferredTypes["user"];
export type UserRecord = User & XataRecord;

export type Verification = InferredTypes["verification"];
export type VerificationRecord = Verification & XataRecord;

export type DatabaseSchema = {
  account: AccountRecord;
  session: SessionRecord;
  user: UserRecord;
  verification: VerificationRecord;
};

const DatabaseClient = buildClient();

const defaultOptions = {
  databaseURL:
    "https://Birat-Gautam-s-workspace-tf45ml.us-east-1.xata.sh/db/jsm_snapcast",
};

export class XataClient extends DatabaseClient<DatabaseSchema> {
  constructor(options?: BaseClientOptions) {
    super({ ...defaultOptions, ...options }, tables); // Tanle passed to Client
  }
}

let instance: XataClient | undefined = undefined;

export const getXataClient = () => {
  if (instance) return instance;

  instance = new XataClient();
  return instance;
};
```

Then we needed to update the `drizzle/db.ts` file to use the correct PostgreSQL connection string instead of the HTTP API URL.

```ts
// In drizzle/db.ts - AFTER
import { drizzle } from "drizzle-orm/xata-http";
import { getXataClient } from "../xata";

export const db = drizzle(getXataClient()); // Export the DB connection
```

Previously, we've used `drizzle-orm/node-postgres` which was trying to connect to the HTTP API URL, but now we are using `drizzle-orm/xata-http` which is specifically designed to work with Xata's HTTP API.

<hr>
<hr>

So, after `xata pull main`, we can see the changes reflected in our local database schema.

### **But do we need to delete the `schema.ts` file?**


### **You Should NOT Delete schema.ts - Here's Why:**

### **Two Different Schemas for Two Different Purposes:**

1. **schema.ts** (Your Drizzle ORM Schema) ✅ **KEEP THIS**

2. **xata.ts** (Xata Client Schema) ✅ **KEEP THIS TOO**

## **What Each Schema Does:**

### **1. schema.ts - Your Application Schema**

```typescript
// This is YOUR schema definition
export const user = pgTable("user", {
  id: text("id").primaryKey(),
  name: text("name").notNull(),
  email: text("email").notNull().unique(),
  // ... your table structure
});
```

**Purpose:**

- Defines how **YOU** want your tables to look

- Used by **Drizzle ORM** for type-safe database operations

- Used by **Better Auth** to understand your table structure

- Used for **migrations** and **schema changes**

### **2. xata.ts - Generated Client Schema**

```typescript
// This is GENERATED by Xata based on what actually exists in the database
const tables = [
  {
    name: "user",
    columns: [
      { name: "id", type: "text", notNull: true },
      { name: "name", type: "text", notNull: true },
      // ... actual database structure
    ],
  },
];
```

**Purpose:**

- **Generated automatically** by `xata pull main`

- Reflects the **actual current state** of your Xata database

- Used by **Xata HTTP client** to communicate with the database

- Provides **TypeScript types** for database records

## **The Workflow - How They Work Together:**

```mermaid
graph TD
    A[Your drizzle/schema.ts] --> B[npx drizzle-kit push]
    B --> C[Creates/Updates tables in Xata Database]
    C --> D[xata pull main]
    D --> E[Updates xata.ts with actual DB structure]
    E --> F[Your app uses both schemas]
```

### **Step-by-Step Process:**

1. **You write** schema.ts with your desired table structure

2. **You run** `npx drizzle-kit push` to create/update tables in Xata

3. **You run** `xata pull main` to sync the client with actual database

4. **Your app uses both:**

   - `schema.ts` for `ORM operations` and `Better Auth`

   - `xata.ts` for `HTTP` communication with `Xata`

## **What Happens If You Delete schema.ts?**

❌ **Bad Effects:**

1. **Better Auth breaks** - it needs your schema to know table structure

2. **No type safety** in your Drizzle queries

3. **Can't make schema changes** - no way to define new tables/columns

4. **No migrations** - can't evolve your database structure

## **What Happens If You Delete xata.ts?**

❌ **Bad Effects:**

1. **Xata HTTP client breaks** - can't communicate with database

2. **No database connection** - your app can't read/write data

3. **No TypeScript types** for database records

## **Why You Need Both:**

Made changes.

## **Think of It This Way:**

- **schema.ts** = Your architectural blueprint 📋

- **xata.ts** = The actual building that exists 🏗️

You need the blueprint to make changes, and you need to know what the actual building looks like to use it!

## **Best Practice - Keep Both and Understand Their Roles:**

1. **Modify schema.ts** when you want to change your database structure

2. **Run `npx drizzle-kit push`** to apply changes to Xata

3. **Run `xata pull main`** to sync the client

4. **Never manually edit xata.ts** - it's auto-generated

This is why our authentication works now - both schemas are in sync and serving their specific purposes!


<hr>
<hr>


Now, the moment we click `Login with Google` we get the `Login Window` where we can select our Google account.

After choosing, all the credentials are passed to the backend for verification and authentication.

This creates migration and then stored in the remote `PostgreSQL` `Xata` database provided by `Drizzle ORM`.


<hr>
<hr>


## **How Does the OAuth, Drizzle, Google Cloud, Xata Actually Works?**

**Date**: 2025-08-19

### **What Exactly Happens When You Click "Sign in with Google"?**

Let me break down the entire process step by step, explaining how every component works together.

---

## **Step 1: Client-Side Button Click**

### **Your Code:**

```typescript
// app/(auth)/sign-in/page.tsx
const handleSignIn = async () => {
  return await authClient.signIn.social({
    provider: "google",
    callbackURL: "/",
  });
};
```

### **What Happens:**

1. **User clicks button** → triggers `handleSignIn` function
2. **authClient.signIn.social()** is called
3. This makes a **POST request** to `/api/auth/sign-in/social`

---

## **Step 2: Better Auth API Route**

### **Your Code:**

```typescript
// app/api/auth/[...all]/route.ts
import { auth } from "@/lib/auth";
import { toNextJsHandler } from "better-auth/next-js";

export const { GET, POST } = toNextJsHandler(auth.handler);
```

### **What Happens:**

1. **Request hits** `/api/auth/sign-in/social`
2. **Better Auth handler** processes the request
3. **Better Auth generates** OAuth URL for Google
4. **Response sent** back to client with redirect URL

---

## **Step 3: Redirect to Google**

### **What Happens:**

1. **Browser redirects** to Google OAuth URL like:

   ```
   https://accounts.google.com/oauth/authorize?
   client_id=YOUR_CLIENT_ID&
   response_type=code&
   scope=openid%20email%20profile&
   redirect_uri=http://localhost:3000/api/auth/callback/google&
   state=RANDOM_STATE_STRING
   ```

2. **Google shows** the account selection/consent screen
3. **User selects** Google account and grants permissions

---

## **Step 4: Google Callback**

### **What Happens:**

1. **Google redirects** back to your app:

   ```
   http://localhost:3000/api/auth/callback/google?
   code=AUTHORIZATION_CODE&
   state=RANDOM_STATE_STRING
   ```

2. **Better Auth receives** this callback at `/api/auth/callback/google`
3. **Better Auth extracts** the authorization code

---

## **Step 5: Token Exchange**

### **What Better Auth Does:**

1. **Makes POST request** to Google's token endpoint:

   ```
   POST https://oauth2.googleapis.com/token
   Content-Type: application/x-www-form-urlencoded

   client_id=YOUR_CLIENT_ID&
   client_secret=YOUR_CLIENT_SECRET&
   code=AUTHORIZATION_CODE&
   grant_type=authorization_code&
   redirect_uri=http://localhost:3000/api/auth/callback/google
   ```

2. **Google responds** with access token:
   ```json
   {
     "access_token": "ya29.a0AfH6SMBC...",
     "id_token": "eyJhbGciOiJSUzI1NiIs...",
     "token_type": "Bearer",
     "expires_in": 3599,
     "scope": "openid email profile"
   }
   ```

---

## **Step 6: User Information Retrieval**

### **What Better Auth Does:**

1. **Decodes JWT id_token** to get user info:

   ```json
   {
     "sub": "123456789012345678901",
     "email": "user@gmail.com",
     "name": "John Doe",
     "picture": "https://lh3.googleusercontent.com/...",
     "email_verified": true
   }
   ```

2. **Or makes API call** to Google's userinfo endpoint if needed

---

## **Step 7: Database Operations - The Schema Magic**

Now comes the interesting part - how Better Auth interacts with your database!

### **Your Better Auth Configuration:**

```typescript
// lib/auth.ts
export const auth = betterAuth({
  database: drizzleAdapter(db, { provider: "pg", schema }),
  socialProviders: {
    google: {
      clientId: process.env.BETTER_AUTH_GOOGLE_CLIENT_ID!,
      clientSecret: process.env.BETTER_AUTH_GOOGLE_CLIENT_SECRET!,
    },
  },
  plugins: [nextCookies()],
  baseURL: process.env.NEXT_PUBLIC_BASE_URL!,
});
```

### **What Happens:**

#### **7a. Better Auth Checks if User Exists**

```sql
SELECT * FROM "user" WHERE email = 'user@gmail.com';
```

#### **7b. If User Doesn't Exist - CREATE USER**

```sql
INSERT INTO "user" (
  "id", "name", "email", "email_verified", "image",
  "created_at", "updated_at"
) VALUES (
  'generated_uuid', 'John Doe', 'user@gmail.com', true,
  'https://lh3.googleusercontent.com/...',
  '2025-08-19T17:30:00.000Z', '2025-08-19T17:30:00.000Z'
);
```

#### **7c. CREATE OR UPDATE ACCOUNT**

```sql
INSERT INTO "account" (
  "id", "account_id", "provider_id", "user_id",
  "access_token", "refresh_token", "id_token",
  "created_at", "updated_at"
) VALUES (
  'generated_uuid', '123456789012345678901', 'google', 'user_uuid',
  'ya29.a0AfH6SMBC...', 'refresh_token_if_provided', 'eyJhbGciOiJSUzI1NiIs...',
  '2025-08-19T17:30:00.000Z', '2025-08-19T17:30:00.000Z'
);
```

#### **7d. CREATE SESSION**

```sql
INSERT INTO "session" (
  "id", "expires_at", "token", "created_at", "updated_at",
  "ip_address", "user_agent", "user_id"
) VALUES (
  'session_uuid', '2025-08-26T17:30:00.000Z', 'session_token_hash',
  '2025-08-19T17:30:00.000Z', '2025-08-19T17:30:00.000Z',
  '192.168.1.79', 'Mozilla/5.0...', 'user_uuid'
);
```

#### **7e. CREATE VERIFICATION RECORD (for OAuth state)**

```sql
INSERT INTO "verification" (
  "id", "identifier", "value", "expires_at",
  "created_at", "updated_at"
) VALUES (
  'verification_uuid', 'oauth_state_identifier',
  '{"callbackURL":"/","codeVerifier":"...","expiresAt":...}',
  '2025-08-19T17:40:00.000Z', '2025-08-19T17:30:00.000Z',
  '2025-08-19T17:30:00.000Z'
);
```

---

## **Step 8: How Database Connection Works**

### **Your Database Setup:**

```typescript
// drizzle/db.ts
import { drizzle } from "drizzle-orm/xata-http";
import { getXataClient } from "../xata";

export const db = drizzle(getXataClient());
```

### **The Magic Chain:**

1. **Better Auth** → calls `drizzleAdapter(db, ...)`
2. **Drizzle Adapter** → uses your `db` instance
3. **Your db** → uses `drizzle(getXataClient())`
4. **getXataClient()** → creates Xata HTTP client
5. **Xata Client** → makes HTTP requests to Xata's API
6. **Xata API** → executes SQL on PostgreSQL database

### **The HTTP Request Flow:**

```
Better Auth → Drizzle → Xata Client → HTTP Request → Xata API → PostgreSQL
```

---

## **Step 9: Response and Cookie Setting**

### **What Better Auth Does:**

1. **Generates session cookie** with encrypted session token
2. **Sets HTTP-only cookie** in browser:
   ```
   Set-Cookie: better-auth.session_token=encrypted_token;
   HttpOnly; Secure; SameSite=Lax; Path=/
   ```
3. **Redirects user** to your callback URL (usually `/`)

---

## **Step 10: Protected Route Access**

### **Your Layout Protection:**

```typescript
// app/(root)/layout.tsx
const session = await auth.api.getSession({
  headers: await headers(),
});

if (!session) {
  redirect("/sign-in");
}
```

### **What Happens:**

1. **Browser requests** protected route
2. **Layout runs** `auth.api.getSession()`
3. **Better Auth** reads session cookie from headers
4. **Better Auth** queries database:
   ```sql
   SELECT s.*, u.* FROM "session" s
   JOIN "user" u ON s.user_id = u.id
   WHERE s.token = 'hashed_token'
   AND s.expires_at > NOW();
   ```
5. **If session valid** → user accesses protected route
6. **If session invalid** → redirect to sign-in

---

## **Key Questions Answered:**

### **Q: Is migration created for each sign-in?**

**A: NO!** Migrations are NOT created for each sign-in. Here's the difference:

- **Migrations** = Schema changes (adding/modifying tables)
- **Data Insertion** = Adding new records to existing tables

### **Q: How are the database operations performed?**

**A:** Through this chain:

1. **Your Schema** (`schema.ts`) defines table structure
2. **Better Auth** uses Drizzle Adapter to perform operations
3. **Drizzle** translates operations to SQL
4. **Xata Client** sends HTTP requests to Xata
5. **Xata** executes SQL on PostgreSQL

### **Q: What role does each component play?**

#### **Google Cloud Console:**

- Provides OAuth credentials
- Validates your app's identity
- Issues access tokens

#### **Better Auth:**

- Orchestrates the entire OAuth flow
- Handles token exchange
- Manages sessions and cookies
- Performs database operations

#### **Your Schema (`schema.ts`):**

- Defines how tables should look
- Provides TypeScript types
- Used by Better Auth to understand database structure

#### **Xata Client (`xata.ts`):**

- Generated HTTP client for your database
- Provides connection to Xata's API
- Handles authentication with Xata

#### **Drizzle ORM:**

- Translates JavaScript operations to SQL
- Provides type safety
- Acts as bridge between Better Auth and Xata

---

## **The Complete Flow Diagram:**

```
[User Click] → [Better Auth Client] → [Better Auth API] → [Google OAuth]
     ↓
[Google Consent] → [Authorization Code] → [Token Exchange] → [User Info]
     ↓
[Better Auth] → [Drizzle Adapter] → [Your Schema] → [Xata Client]
     ↓
[HTTP Request] → [Xata API] → [PostgreSQL] → [Insert/Update Records]
     ↓
[Session Cookie] → [Redirect to App] → [Protected Routes]
```

This entire process happens in **seconds** and creates a seamless authentication experience!


<hr>
<hr>


## **Upload a Video Form**

We will create `/upload` endpoint to handle video uploads. Create `upload` folder inside the `(root)` directory. Inside the `/upload` folder create `page.tsx`.

Once we click the `Upload A Video` button of the `Header` component, we will be redirected to the `/upload` page.

Within this page we will use couple of `Reusable` Components such as `FileInput` and different `FormField` components to create the upload form.

We will import them in the `page.tsx` file.

### **`page.tsx`**

```ts
// upload/page.tsx

"use client";

import React, { ChangeEvent, use, useState } from "react";
import FormField from "@/components/FormField";
import FileInput from "@/components/FileInput";
import { visibilities } from "@/constants";

const page = () => {
  const [error, setError] = useState(null); // For error while uploading video

  // State for form data
  const [formData, setFormData] = useState({
    title: "",
    description: "",
    visibility: "public",
  });

  // Event Handler for Change in Form Data
  const handleInputChange = (e: ChangeEvent) => {
    const { name, value } = e.target; // Name is the name of the element and value will be changed value

    // Change the previous data with the latest changed data
    setFormData((prevState) => ({ ...prevState, [name]: value }));
  };

  return (
    <div className="wrapper-md upload-page">
      <h1>Upload a Video</h1>

      {/* Check for Error if Error is True, then Display the Error */}

      {error && <div className="error-field">{error}</div>}

      {/* Create the Form to Handle Video Upload */}

      <form className="rounded-20 shadow-10 gap-6 w-full flex flex-col px-5 py-7.5">
        {/* First FormField Component */}

        <FormField
          id="Title"
          label="Title"
          placeholder="Enter a clear and concise video title"
          value={formData.title}
          onChange={handleInputChange}
        />

        <FormField
          id="Description"
          label="Description"
          placeholder="Describe what this video is about"
          value={formData.description}
          as="textarea"
          onChange={handleInputChange}
        />
        <FileInput />
      </form>
    </div>
  );
};

export default page;
```

In the above code, we have created a form for uploading a video with fields for title, description, and file input. We have used reusable components like `FormField` and `FileInput` to create a consistent and maintainable form structure.

<hr>

### **`FormField.tsx` Component**

It will be a resuable component that accepts props related to data that is required while uploading a video.

The props include:

```ts
declare interface FormFieldProps {
  id: string;
  label: string;
  type?: string;
  value: string;
  onChange: (
    e: ChangeEvent<HTMLInputElement | HTMLTextAreaElement | HTMLSelectElement>
  ) => void;
  placeholder?: string;
  as?: "input" | "textarea" | "select";
  options?: Array<{ value: string; label: string }>;
}
```

<hr>

This way we will duplicate `FormField` component for each form field we need.

```ts
import { string } from "better-auth";
import { phoneNumber } from "better-auth/plugins";
import React from "react";

const FormField = ({
  id,
  label,
  type = "text",
  value,
  onChange,
  placeholder,
  as = "input",
  options = [],
}: FormFieldProps) => {
  // Dynamic Internal Component to Render the Input Filed Based on Type
  const InputToRender = ({
    type,
    pHolder,
  }: {
    type: string;
    pHolder: string;
  }) => {
    if (type === "textarea") {
      return (
        <textarea
          placeholder={pHolder}
          id={id}
          name={id}
          value={value}
          onChange={onChange}
        />
      );
    } else if (type === "select") {
      return (
        <select id={id} name={id} value={value} onChange={onChange}>
          {options.map(({ label, value }) => (
            <option key={label} value={value}>
              {label}
            </option>
          ))}
        </select>
      );
    } else {
      return (
        <input
          placeholder={pHolder}
          id={id}
          name={id}
          value={value}
          onChange={onChange}
        />
      );
    }
  };

  return (
    <div className="form-field">
      <label htmlFor={id}>{label}</label>

      {/* Based on the Type of Input Field i.e. as prop
      we will create a Dynamic Internal Component that returns the related input element */}
      <InputToRender type={as} pHolder={placeholder || ""} />
    </div>
  );
};

export default FormField;
```

In the above `FormField` Component,

It first accepts props such as `id`, `label`, `type`, `value`, `onChange`, `placeholder`, `as`, and `options` to create a flexible form field. The `Prop` object is of type `FormFieldProps`.

Then we've `InputToRender` internal component that dynamically renders the appropriate input field based on the `as` prop.

We then return the `InputToRender` component with `label`, `value`, `onChange`, and `options` props.

<hr>

**Revised(Problem with `InputToRender`)**

If we try to input anything in the `title` or `description` fields, we can see that we've to refocus everytime we type and manually click the `input` field to regain the focus.

This is because, the `FormField` component is re-rendering a new `InputToRender` component each time the state changes which causes `React` to treat it like an entirely new `DOM` element instead of preserving the existing one.

As, `InputToRender` is declared inside `FormField`, so every render create a brand new `InputToRender` component.

Because `React` does not `reconcile` everything, including nested component just like `InputToRender` in the `FormField` component, it leads to the loss of focus issue. Therefore, each time the `FormField` is re-rendered, the `reconciliation` algorithm compares the newly created virtual `DOM` for the `FormField` component with the old `FormField` component.

As a result, it unmounts the old `InputToRender` component and mounts a new one because `InputToRender` is a `Component` or `Function` itself so it will have new reference each time the `FormField` is rendered due to which the algorithm treats it as a new element.

Then creates the new `InputToRender` inside the `FormField` component and render it.

```ts
// Revised FormField.tsx

import { string } from "better-auth";
import { phoneNumber } from "better-auth/plugins";
import React from "react";

const FormField = ({
  id,
  label,
  type = "text",
  value,
  onChange,
  placeholder,
  as = "input",
  options = [],
}: FormFieldProps) => {
  // To decide the type of input element
  let inputElement = null;

  if (as === "textarea") {
    inputElement = (
      <textarea
        placeholder={placeholder}
        id={id}
        name={id}
        value={value}
        onChange={onChange}
      />
    );
  } else if (as === "select") {
    inputElement = (
      <select id={id} name={id} value={value} onChange={onChange}>
        {options.map(({ label, value }) => (
          <option key={label} value={value}>
            {label}
          </option>
        ))}
      </select>
    );
  } else {
    inputElement = (
      <input
        placeholder={placeholder}
        id={id}
        name={id}
        value={value}
        onChange={onChange}
      />
    );
  }

  return (
    <div className="form-field">
      <label htmlFor={id}>{label}</label>

      {/* Render the Dynamic Element */}
      {inputElement}
    </div>
  );
};

export default FormField;
```

After we implement the above code, we can see that the focus issue is resolved. This is because we are no longer creating a new `InputToRender` component on each render, but instead reusing the existing one.

This time `React` will be able to capture the difference as the reference i.e. `<input type='text'>` or `<input type='textarea'>` will have the same reference but `value` will change. So it will easily identify the changes and update the `DOM` accordingly.

<hr>

### **`FileInput.tsx` Component**

We will have two file inputs i.e. one for the video file and another for the thumbnail image.

Therefore, it should be a reusable component that accepts props related to file input.

The props include:

```ts
declare interface FileInputProps {
  id: string;
  label: string;
  accept: string;
  file: File | null;
  previewUrl: string | null;
  inputRef: React.RefObject<HTMLInputElement | null>;
  onChange: (e: ChangeEvent<HTMLInputElement>) => void;
  onReset: () => void;
  type: "video" | "image";
}
```

<hr>

We will need to create `video` object in the `page.tsx` that will store the state for the video file input.

Also,

We will get the video from `Bunny` CDN.

Similarly, we will create an `image` object for the thumbnail image file input.

```ts
// components/FileInput.tsx

import React from "react";
import Image from "next/image";

const FileInput = ({
  id,
  label,
  accept,
  file,
  previewUrl,
  inputRef,
  onChange,
  onReset,
  type,
}: FileInputProps) => {
  return (
    <section className="file-input">
      <label htmlFor={id}>{label}</label>
      <input
        type="file"
        id={id}
        accept={accept}
        ref={inputRef}
        hidden
        onChange={onChange}
      ></input>

      {/* When there is no thumbnail, ternary operator */}
      {!previewUrl ? (
        <figure>
          <Image
            src="/assets/icons/upload.svg"
            alt="upload"
            width={24}
            height={24}
          />
          <p>Click to Upload your {id}</p>
        </figure>
      ) : (
        // If there is previewURL play it or show it
        <div className="">
          {type == "video" ? (
            <video src={previewUrl} controls></video>
          ) : (
            <Image src={previewUrl} alt="image" fill></Image>
          )}

          {/* Button for Reset */}

          <button type="button" onClick={onReset}>
            <Image
              src="/assets/icons/close.svg"
              width={16}
              height={16}
              alt="Reset Btn"
            ></Image>
          </button>

          {/* File Name */}
          <p>{file?.name}</p>
        </div>
      )}
    </section>
  );
};

export default FileInput;
```

We will be using `ref` to access the file input element directly for triggering file selection and resetting the input.

Here, `ref` is a React ref created using `useRef` hook and passed to the `FileInput` component as `inputRef` prop.

We will use `hidden` attribute to hide the file input element because we will implement `Drag and Drop` functionality for file uploads.

And,

Show the Upload Icon when there is no file selected else, show the Preview of the File.

We add the `Reset` button to allow users to remove the selected file and start over. Also, use `file?.name` to display the name of the selected file i.e. coalesce it with a default value.

<hr>

Since our `Input` is hidden we cannot click on it directly. Therefore, we will add `onClick` i.e. `onClick={() => inputRef?.current?.click()}` event to the `figure` element that will trigger the file input click event.

Here, `Figure` works as a `Proxy` Button. As we've hidden input we cannot click directly so when we click on `figure` it will open up the file picker dialog as it would if the input was visible.

<hr>

We will need to handle the `Drag and Drop` functionality for file uploads. For that we will create a `Custom` `Hook` that will deal with setting the `inputRef`, wheather it is `Video` or `Thumbnail`, track of the `Duration` of the upload video.


## **Custom Hook for File Uploads**

Inside `lib/hooks/useFileInput.ts`.

We will create a custom hook called `useFileUpload` to handle the file uploads, including the drag-and-drop functionality. This hook will manage the state of the file input, track the upload progress, and provide a way to reset the input.

```ts
import { ChangeEvent, useRef, useState } from "react";

export const useFileInput = (maxSize: number) => {
  const [file, setFile] = useState<File | null>(null); // Hold File Object
  const [previewUrl, setPreviewUrl] = useState(""); // Hold a Blob URL Created by URL.createObjectURL()
  const [duration, setduration] = useState(0); // Duration
  const inputRef = useRef<HTMLInputElement>(null); // Ref for the Input

  // Function that will be called when the a File is Uploaded
  const handleFileChange = (e: ChangeEvent<HTMLInputElement>) => {
    // Check if we've the file
    if (e.target.files?.[0]) {
      const selectedFile = e.target.files[0]; // Get the File

      // Check if the size of the file is of threshold size
      if (selectedFile.size > maxSize) return;

      // If the size is valid, remove the reference to the file
      if (previewUrl) URL.revokeObjectURL(previewUrl);

      // Store the file
      setFile(selectedFile);

      // Create ref to file (Blob) for preview faster without converting them to base64
      const objectUrl = URL.createObjectURL(selectedFile);

      // set the URL that points to the files binary data in memeory
      setPreviewUrl(objectUrl);

      // Duration of the Video
      if (selectedFile.type.startsWith("video")) {
        const video = document.createElement("video");
        video.preload = "metadata";
        video.onloadedmetadata = () => {
          if (isFinite(video.duration) && video.duration > 0) {
            setduration(Math.round(video.duration));
          } else {
            setduration(0);
          }
        };
        video.src = objectUrl; // Set the source to Blob URL, which triggers preload followed by onloadedmetadata
      }
    }
  };

  // Reset the file
  const resetFile = () => {
    if (previewUrl) URL.revokeObjectURL(previewUrl); // Remove the reference to the previous file

    setFile(null); // Empty the file
    setPreviewUrl(""); // Empty the URL
    setduration(0); // Duration is Zero

    // Clear the Reference to the Input if exists
    if (inputRef.current) inputRef.current.value = "";
  };

  // Return from Hook
  return {
    file,
    previewUrl,
    duration,
    inputRef,
  };
};
```

In the above code,

`file`: holds the `File` object the user picked. You’d use this to upload to a server.

`previewUrl`: a blob URL created via `URL.createObjectURL(file)` so you can preview the file locally (e.g., show an image or play a video) without uploading.

`duration`: stores the video length (in seconds) when the file is a video.

`inputRef`: a ref to the hidden `<input type="file">` so other elements (like a `<figure>`) can programmatically “click” it.

**`handleFileChange`**

This will handle the file selection and preview.

`e.target.files` is a `FileList`.

Grab the first selected file from `e.target.files?.[0]`.

`Size guard`: if `selectedFile.size > maxSize`, you exit early (prevents huge files).

`Prevent memory leaks`: `if (previewUrl) URL.revokeObjectURL(previewUrl);` if there’s an existing `previewUrl`, remove the `URL Blob` reference.

If we never clean these `URL` references, we could end up with memory leaks. For example, uploading 20 big videos → 20 blob URLs → browser holds them all in memory, even if you don’t need them anymore.

`setFile(selectedFile)`: updates the state with the newly selected file.

`Create preview`: `URL.createObjectURL(selectedFile)` gives you a local temporary URL (blob:) `blob:https://yourapp.com/23423-adsf-23423` that points to the file's binary data in memory without copying them. It is fast and memory-efficient as it's preview large files without converting them to `base64` which store a huge string string in JS Memory.

`setPreviewUrl(objectUrl)`: Save the `Blob` URL so we can use it in `<img>` or `<video>` elements.

`Video duration probe`: Check `MIME` type (e.g. "video/mp4") if `selectedFile.type.startsWith("video")`, you create a temporary `<video>` element just to read metadata(duration).

Then set the `video.preload="metadata"` which tells the browser to download only the `header/metadata` (like duration) not the entire video. The `metadata` includes information like duration, dimensions, MIME type and more.

`video.onloadedmetadata`: It is an event handler on media elements `<audio>` , `<video>`. It fires when the `metadata` has been loaded and parsed.

It is called when the metadata has been loaded. You can then access `video.duration` to get the duration of the video. Validate the `duration` and then `setduration()`.

`Note` : The `video.onloadmetadata` will only run after we set `video.src = URL`, because if we do not have the source (URL) then how will the metadata be downloaded. So, here we're just adding the passing the `Callback` function for the `onloadmetadata` event.

Then,

`video.src = objectUrl`; : Set the `src` of the video element to the object URL created from the selected file. Once this executes, the browser will start loading the video metadata i.e. `preload="metadata"` which is followed by `onloadedmetadata` event listener that checks the duration.

<hr>

**`resetFile`**

We will also need to reset the file input and clear the preview.

First, we need to revoke the object URL to free up memory. Then, we can reset the state variables.

`URL.revokeObjectURL(previewUrl)`; Remove the reference to the previous file

`setFile(null)`; Empty the file
`setPreviewUrl("")`; Empty the URL
`setduration(0)`; Duration is Zero

`if (inputRef.current) inputRef.current.value = ""` : Clear the reference to the input if it exists

<hr>
<hr>

Then we will import this `Custom Hook` to handle all the file input for `video` and `thumbnail` uploads in the `upload/page.tsx` file.


### **Modified `upload/page.tsx`**

We will pass `MAX_VIDEO_SIZE` and `MAX_THUMBNAIL_SIZE` as arguments to the `useFileInput` hook for video and thumbnail uploads respectively.

The `MAX_VIDEO_SIZE` is set to `500MB` and the `MAX_THUMBNAIL_SIZE` is set to `10MB`.

```ts
"use client";

import React, { ChangeEvent, use, useState } from "react";
import FormField from "@/components/FormField";
import FileInput from "@/components/FileInput";
import { useFileInput } from "@/lib/hooks/useFileInput";
import { MAX_THUMBNAIL_SIZE, MAX_VIDEO_SIZE } from "@/constants";

const page = () => {
  const [error, setError] = useState(null); // For error while uploading video

  // State for form data
  const [formData, setFormData] = useState({
    title: "",
    description: "",
    visibility: "public",
  });

  // Event Handler for Change in Form Data
  const handleInputChange = (e: ChangeEvent<HTMLInputElement>) => {
    const { name, value } = e.target; // Name is the name of the element and value will be changed value

    // Change the previous data with the latest changed data
    setFormData((prevState) => ({ ...prevState, [name]: value }));
  };

  // State for the Video
  const video = useFileInput(MAX_VIDEO_SIZE);

  // State for thumbnail
  const thumbnail = useFileInput(MAX_THUMBNAIL_SIZE);

  return (
    <div className="wrapper-md upload-page">
      <h1>Upload a Video</h1>

      {/* Check for Error if Error is True, then Display the Error */}

      {error && <div className="error-field">{error}</div>}

      {/* Create the Form to Handle Video Upload */}

      <form className="rounded-20 shadow-10 gap-6 w-full flex flex-col px-5 py-7.5">
        {/* First FormField Component */}

        <FormField
          id="title"
          label="Title"
          placeholder="Enter a clear and concise video title"
          value={formData.title}
          onChange={handleInputChange}
        />

        {/* Second FormField Component */}

        <FormField
          id="description"
          label="Description"
          placeholder="Describe what this video is about"
          value={formData.description}
          as="textarea"
          onChange={handleInputChange}
        />

        {/* First File Input for Video */}
        <FileInput
          id="video"
          label="Video"
          accept="video/*"
          file={video.file}
          previewUrl={video.previewUrl}
          inputRef={video.inputRef}
          onChange={video.handleFileChange}
          onReset={video.resetFile}
          type="video"
        />

        {/* Second File Input for Thumbnail */}
        <FileInput
          id="thumbnail"
          label="Thumbnail"
          accept="image/*"
          file={thumbnail.file}
          previewUrl={thumbnail.previewUrl}
          inputRef={thumbnail.inputRef}
          onChange={thumbnail.handleFileChange}
          onReset={thumbnail.resetFile}
          type="image"
        />

        {/* Visibility for Private and Public */}

        <FormField
          id="visibility"
          label="Visibility"
          value={formData.visibility}
          as="select"
          options={[
            { value: "public", label: "Public" },
            { value: "private", label: "Private" },
          ]}
          onChange={handleInputChange}
        />
      </form>
    </div>
  );
};

export default page;
```

Once, this is set up, we can now successfully handle file uploads for both videos and thumbnails in our application.

<hr>

Then, we'll add the `Submit` button to submit the video.

We will add the `handleSubmit` function to handle the form submission in the `onSubmit` event of the `form`.

We will upload the video to `Bunny` Server and `Thumbnail` to our `Database`.

Below is the updated code for `upload/page.tsx` after adding `handleSubmit`.

```ts
"use client";

import React, { ChangeEvent, FormEvent, use, useState } from "react";
import FormField from "@/components/FormField";
import FileInput from "@/components/FileInput";
import { useFileInput } from "@/lib/hooks/useFileInput";
import { MAX_THUMBNAIL_SIZE, MAX_VIDEO_SIZE } from "@/constants";

const page = () => {
  // If any error
  const [error, setError] = useState("null"); // For error while uploading video

  // Disable or Enable submit button
  const [isSubmitting, setIsSubmitting] = useState(false);

  // Handle Form Submit
  const handleSubmit = async (e: FormEvent) => {
    // Do not reload the page
    e.preventDefault();

    // Set True
    setIsSubmitting(true);

    // Try Catch for Submitting the Form
    try {
      // First check if video or thumbnail exists
      if (!video.file || !thumbnail.file) {
        setError("Please upload video and thumbnail");
        return;
      }

      // Check for the formData
      if (!formData.title || !formData.description) {
        setError("Please fill in all the details");
        return;
      }

      // After validation, finally we can proceed to uploading

      // Upload video to Bunny
      // Upload thumbnail to DB
      // Attach the Thumbnail to the Video
      // Create a new DB entry for the video details (metadata) i.e. (urls, data)
    } catch (error) {
      console.log("Error Submitting Form");
    } finally {
      // Finally set to False after submitting
      setIsSubmitting(false);
    }
  };

  // State for form data
  const [formData, setFormData] = useState({
    title: "",
    description: "",
    visibility: "public",
  });

  // Event Handler for Change in Form Data
  const handleInputChange = (e: ChangeEvent<HTMLInputElement>) => {
    const { name, value } = e.target; // Name is the name of the element and value will be changed value

    // Change the previous data with the latest changed data
    setFormData((prevState) => ({ ...prevState, [name]: value }));
  };

  // State for the Video
  const video = useFileInput(MAX_VIDEO_SIZE);

  // State for thumbnail
  const thumbnail = useFileInput(MAX_THUMBNAIL_SIZE);

  return (
    <div className="wrapper-md upload-page">
      <h1>Upload a Video</h1>

      {/* Check for Error if Error is True, then Display the Error */}

      {error && <div className="error-field">{error}</div>}

      {/* Create the Form to Handle Video Upload */}

      <form
        className="rounded-20 shadow-10 gap-6 w-full flex flex-col px-5 py-7.5"
        onSubmit={handleSubmit}
      >
        {/* First FormField Component */}

        <FormField
          id="title"
          label="Title"
          placeholder="Enter a clear and concise video title"
          value={formData.title}
          onChange={handleInputChange}
        />

        {/* Second FormField Component */}

        <FormField
          id="description"
          label="Description"
          placeholder="Describe what this video is about"
          value={formData.description}
          as="textarea"
          onChange={handleInputChange}
        />

        {/* First File Input for Video */}
        <FileInput
          id="video"
          label="Video"
          accept="video/*"
          file={video.file}
          previewUrl={video.previewUrl}
          inputRef={video.inputRef}
          onChange={video.handleFileChange}
          onReset={video.resetFile}
          type="video"
        />

        {/* Second File Input for Thumbnail */}
        <FileInput
          id="thumbnail"
          label="Thumbnail"
          accept="image/*"
          file={thumbnail.file}
          previewUrl={thumbnail.previewUrl}
          inputRef={thumbnail.inputRef}
          onChange={thumbnail.handleFileChange}
          onReset={thumbnail.resetFile}
          type="image"
        />

        {/* Visibility for Private and Public */}

        <FormField
          id="visibility"
          label="Visibility"
          value={formData.visibility}
          as="select"
          options={[
            { value: "public", label: "Public" },
            { value: "private", label: "Private" },
          ]}
          onChange={handleInputChange}
        />

        {/* Submit button */}
        <button type="submit" disabled={isSubmitting} className="submit-button">
          {/* Btn Value */}
          {isSubmitting ? "Uploading" : "Upload Video"}
        </button>
      </form>
    </div>
  );
};

export default page;
```

<hr>

We've just defined and perfomed some validations on the `video` and `thumbnail` file inputs. Next, we need to implement the actual upload logic to Bunny and the database.

But first, let's understand and setup `Bunny`.


## **What is `Bunny`?**

`Bunny` is a video hosting and streaming platform that allows users to upload, store, and share videos. It provides a simple API for developers to integrate video functionality into their applications, making it easy to manage video content.

It is a `CDN` i.e. Content Delivery Network, which means it distributes video content across multiple servers worldwide to ensure fast and reliable delivery to users.

It let's us `host`, `stream`, and `deliver` video content with low latency and high performance. `Bunny` also provides features like adaptive bitrate streaming, video analytics, and secure token authentication to enhance the video delivery experience.

<hr>

### **Bunny Setup**

We can use `Bunny` free for 14 days. Login to [Bunny](https://bunny.net/) and create an account.

First click on `Storage` then create a `Storage-Zone`. Choose `Geo Replication Zone`.

Then, create a folder `thumbnail`.

Go to `FTP & API Access` copy the `password` and paste in the `.env` file.

Then, copy the `hostname` and paste in the `constants/index.ts` `STORAGE_BASE_URL='https://hostname/username'`

<hr>

Now,

After we've stored our `Files` we need to create something called `Pull Zones`.

`Pull Zones` will be used to get our `Thumbnail` URL.

To create a Pull Zone, go to `CDN` then `Create Pull Zones` tab in your Bunny dashboard and click on `Add Pull Zone`. Give your Pull Zone a name i.e. `snapcat-pull-z` and select the `Storage Zone` you created earlier i.e. `snapcast-videos`

Once your Pull Zone is created, you will be given a `Pull Zone URL`. This URL is what you will use to access your video content.

Then copy the `Hostname` and paste it in the `constants/index.ts` file as `CDN_URL='https://snapcast-pull-z.b-cdn.net'`.

<hr>

After we store the videos, we will also need to stream those videos. For that we need to create got to `Stream` then create `Video Library` i.e. `stream-snapcast`.

Then click on `API`, copy the `Video Library ID` and paste it the `.env`. Similarly copy the `API Key` and paste it in the `.env` file.

Also, copy the `CDN Hostname` and paste in the `constants/index.ts` file as `TRANSCRIPT_URL: "https://vz-e62b6266-4f0.b-cdn.net"`. This will be used for transcription. It is optional we can `enable` it by clicking on `Transcribing`.

<hr>

Now, we're ready to upload our video files to `Bunny` via `Form` Submission.


For the video upload to `Bunny` we will need many helper functions. For that we'll create `lib/utils.ts` file.

```ts
import { type ClassValue, clsx } from "clsx";
import { twMerge } from "tailwind-merge";
import { ilike, sql } from "drizzle-orm";
import { videos } from "@/drizzle/schema";
import { DEFAULT_VIDEO_CONFIG, DEFAULT_RECORDING_CONFIG } from "@/constants";

export function cn(...inputs: ClassValue[]) {
  return twMerge(clsx(inputs));
}

export const updateURLParams = (
  currentParams: URLSearchParams,
  updates: Record<string, string | null | undefined>,
  basePath: string = "/"
): string => {
  const params = new URLSearchParams(currentParams.toString());

  // Process each parameter update
  Object.entries(updates).forEach(([name, value]) => {
    if (value) {
      params.set(name, value);
    } else {
      params.delete(name);
    }
  });

  return `${basePath}?${params.toString()}`;
};

// Get env helper function
const getEnv = (key: string): string => {
  const v = process.env[key];
  if (v === undefined) throw new Error(`Missing required env: ${key}`);
  return v;
};

// API fetch helper with required Bunny CDN options
export const apiFetch = async <T = Record<string, unknown>>(
  url: string,
  options: Omit<ApiFetchOptions, "bunnyType"> & {
    bunnyType: "stream" | "storage";
  }
): Promise<T> => {
  const {
    method = "GET",
    headers = {},
    body,
    expectJson = true,
    bunnyType,
  } = options;

  const key = getEnv(
    bunnyType === "stream"
      ? "BUNNY_STREAM_ACCESS_KEY"
      : "BUNNY_STORAGE_ACCESS_KEY"
  );

  const requestHeaders = {
    ...headers,
    AccessKey: key,
    ...(bunnyType === "stream" && {
      accept: "application/json",
      ...(body && { "content-type": "application/json" }),
    }),
  };

  const requestOptions: RequestInit = {
    method,
    headers: requestHeaders,
    ...(body && { body: JSON.stringify(body) }),
  };

  const response = await fetch(url, requestOptions);

  if (!response.ok) {
    throw new Error(`API error ${response.text()}`);
  }

  if (method === "DELETE" || !expectJson) {
    return true as T;
  }

  return await response.json();
};

// Higher order function to handle errors
export const withErrorHandling = <T, A extends unknown[]>(
  fn: (...args: A) => Promise<T>
) => {
  return async (...args: A): Promise<T> => {
    try {
      const result = await fn(...args);
      return result;
    } catch (error) {
      const errorMessage =
        error instanceof Error ? error.message : "Unknown error occurred";
      return errorMessage as unknown as T;
    }
  };
};

export const getOrderByClause = (filter?: string) => {
  switch (filter) {
    case "Most Viewed":
      return sql`${videos.views} DESC`;
    case "Least Viewed":
      return sql`${videos.views} ASC`;
    case "Oldest First":
      return sql`${videos.createdAt} ASC`;
    case "Most Recent":
    default:
      return sql`${videos.createdAt} DESC`;
  }
};

export const generatePagination = (currentPage: number, totalPages: number) => {
  if (totalPages <= 7) {
    return Array.from({ length: totalPages }, (_, i) => i + 1);
  }
  if (currentPage <= 3) {
    return [1, 2, 3, 4, 5, "...", totalPages];
  }
  if (currentPage >= totalPages - 2) {
    return [
      1,
      "...",
      totalPages - 4,
      totalPages - 3,
      totalPages - 2,
      totalPages - 1,
      totalPages,
    ];
  }
  return [
    1,
    "...",
    currentPage - 1,
    currentPage,
    currentPage + 1,
    "...",
    totalPages,
  ];
};

export const getMediaStreams = async (
  withMic: boolean
): Promise<MediaStreams> => {
  const displayStream = await navigator.mediaDevices.getDisplayMedia({
    video: DEFAULT_VIDEO_CONFIG,
    audio: true,
  });

  const hasDisplayAudio = displayStream.getAudioTracks().length > 0;
  let micStream: MediaStream | null = null;

  if (withMic) {
    micStream = await navigator.mediaDevices.getUserMedia({ audio: true });
    micStream
      .getAudioTracks()
      .forEach((track: MediaStreamTrack) => (track.enabled = true));
  }

  return { displayStream, micStream, hasDisplayAudio };
};

export const createAudioMixer = (
  ctx: AudioContext,
  displayStream: MediaStream,
  micStream: MediaStream | null,
  hasDisplayAudio: boolean
) => {
  if (!hasDisplayAudio && !micStream) return null;

  const destination = ctx.createMediaStreamDestination();
  const mix = (stream: MediaStream, gainValue: number) => {
    const source = ctx.createMediaStreamSource(stream);
    const gain = ctx.createGain();
    gain.gain.value = gainValue;
    source.connect(gain).connect(destination);
  };

  if (hasDisplayAudio) mix(displayStream, 0.7);
  if (micStream) mix(micStream, 1.5);

  return destination;
};

export const setupMediaRecorder = (stream: MediaStream) => {
  try {
    return new MediaRecorder(stream, DEFAULT_RECORDING_CONFIG);
  } catch {
    return new MediaRecorder(stream);
  }
};

export const getVideoDuration = (url: string): Promise<number | null> =>
  new Promise((resolve) => {
    const video = document.createElement("video");
    video.preload = "metadata";
    video.onloadedmetadata = () => {
      const duration =
        isFinite(video.duration) && video.duration > 0
          ? Math.round(video.duration)
          : null;
      URL.revokeObjectURL(video.src);
      resolve(duration);
    };
    video.onerror = () => {
      URL.revokeObjectURL(video.src);
      resolve(null);
    };
    video.src = url;
  });

export const setupRecording = (
  stream: MediaStream,
  handlers: RecordingHandlers
): MediaRecorder => {
  const recorder = new MediaRecorder(stream, DEFAULT_RECORDING_CONFIG);
  recorder.ondataavailable = handlers.onDataAvailable;
  recorder.onstop = handlers.onStop;
  return recorder;
};

export const cleanupRecording = (
  recorder: MediaRecorder | null,
  stream: MediaStream | null,
  originalStreams: MediaStream[] = []
) => {
  if (recorder?.state !== "inactive") {
    recorder?.stop();
  }

  stream?.getTracks().forEach((track: MediaStreamTrack) => track.stop());
  originalStreams.forEach((s) =>
    s.getTracks().forEach((track: MediaStreamTrack) => track.stop())
  );
};

export const createRecordingBlob = (
  chunks: Blob[]
): { blob: Blob; url: string } => {
  const blob = new Blob(chunks, { type: "video/webm" });
  const url = URL.createObjectURL(blob);
  return { blob, url };
};

export const calculateRecordingDuration = (startTime: number | null): number =>
  startTime ? Math.round((Date.now() - startTime) / 1000) : 0;

export function parseTranscript(transcript: string): TranscriptEntry[] {
  const lines = transcript.replace(/^WEBVTT\s*/, "").split("\n");
  const result: TranscriptEntry[] = [];
  let tempText: string[] = [];
  let startTime: string | null = null;

  for (const line of lines) {
    const trimmedLine = line.trim();
    const timeMatch = trimmedLine.match(
      /(\d{2}:\d{2}:\d{2})\.\d{3}\s-->\s(\d{2}:\d{2}:\d{2})\.\d{3}/
    );

    if (timeMatch) {
      if (tempText.length > 0 && startTime) {
        result.push({ time: startTime, text: tempText.join(" ") });
        tempText = [];
      }
      startTime = timeMatch[1] ?? null;
    } else if (trimmedLine) {
      tempText.push(trimmedLine);
    }

    if (tempText.length >= 3 && startTime) {
      result.push({ time: startTime, text: tempText.join(" ") });
      tempText = [];
      startTime = null;
    }
  }

  if (tempText.length > 0 && startTime) {
    result.push({ time: startTime, text: tempText.join(" ") });
  }

  return result;
}

export function daysAgo(inputDate: Date): string {
  const input = new Date(inputDate);
  const now = new Date();

  const diffTime = now.getTime() - input.getTime();
  const diffDays = Math.floor(diffTime / (1000 * 60 * 60 * 24));

  if (diffDays <= 0) {
    return "Today";
  } else if (diffDays === 1) {
    return "1 day ago";
  } else {
    return `${diffDays} days ago`;
  }
}

export const createIframeLink = (videoId: string) =>
  `https://iframe.mediadelivery.net/embed/421422/${videoId}?autoplay=true&preload=true`;

export const doesTitleMatch = (videos: any, searchQuery: string) =>
  ilike(
    sql`REPLACE(REPLACE(REPLACE(LOWER(${videos.title}), '-', ''), '.', ''), ' ', '')`,
    `%${searchQuery.replace(/[-. ]/g, "").toLowerCase()}%`
  );
```

In the above code, first we'll have to install `clsx` and `tailwind-merge` packages.

```bash
npm install clsx tailwind-merge
```

**`getEnv`**

To get the environment variables, we can create a utility function that retrieves the values from `process.env`. This function can be used throughout the application to access environment-specific configurations.

**`apiFetch = async <T = Record<string, unknown>>()`**

This is a `Generic` function that lets callers specify the expected response shape e.g. `apiFetch<MyResponse>(...)`. If they don't specify a type, it defaults to generic `Record<string, unknown>` which is `JSON`-ish.

`Omit<ApiFetchOptions, "bunnyType"> & { bunnyType: "stream" | "storage"; }` : This means the function accepts an options object that includes all properties from `ApiFetchOptions` except `bunnyType`, and it requires a `bunnyType` property that can be either `"stream"` or `"storage"`.

.......conttt


<hr>
<hr>


Now, we will need to create `Server Action` to upload the video to the `Bunny CDN`. For that `action` folder inside `lib` folder.

Inside the `action` folder, create a new file called `video.ts`. This file will contain the server action for uploading the video to Bunny CDN.

This file will be `use server`, because it will be executed on the server side.

## **Video Upload Action**

```ts
"use server";

import { headers } from "next/headers";
import { auth } from "../auth";
import { apiFetch, withErrorHandling, getEnv } from "../utils";
import { BUNNY } from "@/constants";

// Keys and Links
const VIDEO_STREAM_BASE_URL = BUNNY.STREAM_BASE_URL;
const THUMBNAIL_STORAGE_BASE_URL = BUNNY.STORAGE_BASE_URL;
const THUMBNAIL_CDN_URL = BUNNY.CDN_URL;
const BUNNY_LIBRARY_ID = getEnv("BUNNY_LIBRARY_ID");
const ACCESS_KEY = {
  streamAccessKey: getEnv("BUNNY_STREAM_ACCESS_API_KEY"),
  StorageAccessKey: getEnv("BUNNY_STORAGE_ACCESS_KEY"),
};

// Helper Functions

// Get the Session Id
const getSessionUserId = async (): Promise<string> => {
  const session = await auth.api.getSession({ headers: await headers() });

  if (!session) throw new Error("Unauthenticated");

  return session.user.id;
};

// Server Actions
// Wrap with withErrorHandling function to avoid error for Video
export const getVideoUploadURL = withErrorHandling(async () => {
  // Current User from Session
  await getSessionUserId();

  // Api call to Bunny to upload the video
  const videoResponse = await apiFetch(
    `${VIDEO_STREAM_BASE_URL}/${BUNNY_LIBRARY_ID}/videos`,
    {
      method: "POST",
      bunnyType: "stream",
      body: {
        title: "Temporary File",
        collectionId: "",
      },
    }
  );

  // Uploaded Video URL
  const uploadUrl = `${VIDEO_STREAM_BASE_URL}/${BUNNY_LIBRARY_ID}/videos/${videoResponse.guid}`;

  // return
  return {
    videoID: videoResponse.guid,
    uploadUrl,
    accessKey: ACCESS_KEY.streamAccessKey,
  };
});

// Wrap with withErrorHandling function to avoid error for Thumbnail, accepts VideoId
export const getThumbnailUploadURL = withErrorHandling(
  async (videoId: string) => {
    // Current User from Session
    await getSessionUserId();

    const fileName = `${Date.now()}-${videoId}-thumbnail`;
    const uploadUrl = `${THUMBNAIL_STORAGE_BASE_URL}/thumbnails/${fileName}`;
    const cdnUrl = `${THUMBNAIL_CDN_URL}/thumbnails/${fileName}`;

    return {
      uploadUrl,
      cdnUrl,
      accessKey: ACCESS_KEY.StorageAccessKey,
    };
  }
);

export const saveVideoDetails = withErrorHandling(
  async (videoDetails: VideoDetails) => {
    // Current User from Session
    const userId = await getSessionUserId();
  }
);
```

In the above code, `getVideoUploadURL` will upload the submitted video to Bunny CDN and return the video URL.

This function is wrapped with `withErrorHandling` to catch and handle any errors that may occur during the upload process. This way we do not need to write `try-catch` blocks inside the function.

And,

`getThumbnailUploadURL` will upload the thumbnail to Bunny CDN and return the thumbnail URL.

Then, we will also need to store the video and thumbnail URLs for all the users in our `Database`.

**`saveVideoDetails`**

For that we create a function `saveVideoDetails` that will accept `videoDetails` as a parameter that contains all the data related to video submitted via `Form`.

Also this function will save the `video` and `thumbnail URLs` to the user's record in the database.

But, for that we'll need to create a database model to store the video details. Therefore, we create `video` schema in the `schema.ts` file.

<hr>


### **Update `schema.ts`**

```ts
// Schema for Videos
export const videos = pgTable("videos", {
  id: uuid("id").primaryKey().defaultRandom().unique(),
  title: text("title").notNull(),
  description: text("description").notNull(),
  videoUrl: text("video_url").notNull(),
  videoId: text("video_id").notNull(),
  thumbnailUrl: text("thumbnail_url").notNull(),
  visibility: text("visibility").$type<"public" | "private">().notNull(),
  userId: text("user_id")
    .notNull()
    .references(() => user.id, { onDelete: "cascade" }),
  views: integer("views").notNull().default(0),
  duration: integer("duration"),
  createdAt: timestamp("created_at").notNull().defaultNow(),
  updatedAt: timestamp("updated_at").notNull().defaultNow(),
});

// All the schema for Tables Related to Auth
export const schema = {
  user,
  session,
  account,
  verification,
  videos,
};
```

Now, we need to push this schema to the database. For that run the following command.

```bash

npx drizzle-kit push

```

Then to sync the database with the schema, run the following command.

```bash
xata pull main
```

<hr>


Once our `video` schema is ready we can create a new video record in the database.

**updated `video.ts`**

```ts
"use server";

import { headers } from "next/headers";
import { auth } from "../auth";
import { apiFetch, withErrorHandling, getEnv } from "../utils";
import { BUNNY } from "@/constants";
import { db } from "@/drizzle/db";
import { videos } from "@/drizzle/schema";
import { revalidatePath } from "next/cache";

// Keys and Links
const VIDEO_STREAM_BASE_URL = BUNNY.STREAM_BASE_URL;
const THUMBNAIL_STORAGE_BASE_URL = BUNNY.STORAGE_BASE_URL;
const THUMBNAIL_CDN_URL = BUNNY.CDN_URL;
const BUNNY_LIBRARY_ID = getEnv("BUNNY_LIBRARY_ID");
const ACCESS_KEY = {
  streamAccessKey: getEnv("BUNNY_STREAM_ACCESS_API_KEY"),
  StorageAccessKey: getEnv("BUNNY_STORAGE_ACCESS_KEY"),
};

// Revalidate Paths
const revalidatePaths = (paths: string[]) => {
  paths.forEach((path) => {
    revalidatePath(path);
  });
};

// Helper Functions

// Get the Session Id
const getSessionUserId = async (): Promise<string> => {
  const session = await auth.api.getSession({ headers: await headers() });

  if (!session) throw new Error("Unauthenticated");

  return session.user.id;
};

// Server Actions
// Wrap with withErrorHandling function to avoid error for Video
export const getVideoUploadURL = withErrorHandling(async () => {
  // Current User from Session
  await getSessionUserId();

  // Api call to Bunny to upload the video
  const videoResponse = await apiFetch<BunnyVideoResponse>(
    `${VIDEO_STREAM_BASE_URL}/${BUNNY_LIBRARY_ID}/videos`,
    {
      method: "POST",
      bunnyType: "stream",
      body: {
        title: "Temporary File",
        collectionId: "",
      },
    }
  );

  // Uploaded Video URL
  const uploadUrl = `${VIDEO_STREAM_BASE_URL}/${BUNNY_LIBRARY_ID}/videos/${videoResponse.guid}`;

  // return
  return {
    videoID: videoResponse.guid,
    uploadUrl,
    accessKey: ACCESS_KEY.streamAccessKey,
  };
});

// Wrap with withErrorHandling function to avoid error for Thumbnail, accepts VideoId
export const getThumbnailUploadURL = withErrorHandling(
  async (videoId: string) => {
    // Current User from Session
    await getSessionUserId();

    const fileName = `${Date.now()}-${videoId}-thumbnail`;
    const uploadUrl = `${THUMBNAIL_STORAGE_BASE_URL}/thumbnails/${fileName}`;
    const cdnUrl = `${THUMBNAIL_CDN_URL}/thumbnails/${fileName}`;

    return {
      uploadUrl,
      cdnUrl,
      accessKey: ACCESS_KEY.StorageAccessKey,
    };
  }
);

// Save the Video URLs along with added metadata in our Database, Accepts videoDetails parameter that stores the form data
export const saveVideoDetails = withErrorHandling(
  async (videoDetails: VideoDetails) => {
    // Get the user
    const userId = await getSessionUserId();

    // Use Video Details to Update the Title and Other Metadata in Bunny CDN
    await apiFetch(
      `${VIDEO_STREAM_BASE_URL}/${BUNNY_LIBRARY_ID}/videos/${videoDetails.videoId}`,
      {
        method: "POST",
        bunnyType: "stream",
        body: {
          title: videoDetails.title,
          description: videoDetails.description,
        },
      }
    );

    // Insert in the Database, with videos schema
    await db.insert(videos).values({
      ...videoDetails,
      videoUrl: `${BUNNY.EMBED_URL}/${BUNNY_LIBRARY_ID}/${videoDetails.videoId}`,
      userId,
      createdAt: new Date(),
      updatedAt: new Date(),
    });

    // After the insert we've to revalidate the path to make sure the user sees the latest change i.e. see the uploaded video in the UI not the older cache

    // Revalidate the home page after we insert the video
    revalidatePaths(["/"]);

    // Return VideoId
    return {
      videoID: videoDetails.videoId,
    };
  }
);
```

Here, we've implemented the `saveVideoDetails` function, which handles saving video metadata to both Bunny CDN and our database. This function ensures that the user sees the latest video information immediately after uploading a new video.

Also, we've `revalidatePaths(["/"])` to refresh the homepage cache, ensuring that the new video appears in the UI without delay.

<hr>

Now, we can work on `handleSubmit` in `upload/page.tsx` to handle the form submission by the `lib/action/video.ts` functions.

**update `upload/page.tsx` with `handleSubmit`**

```ts
"use client";

import React, { ChangeEvent, FormEvent, use, useEffect, useState } from "react";
import FormField from "@/components/FormField";
import FileInput from "@/components/FileInput";
import { useFileInput } from "@/lib/hooks/useFileInput";
import { MAX_THUMBNAIL_SIZE, MAX_VIDEO_SIZE } from "@/constants";
import {
  getThumbnailUploadURL,
  getVideoUploadURL,
  saveVideoDetails,
} from "@/lib/action/video";
import { useRouter } from "next/navigation";

const page = () => {
  // If any error
  const [error, setError] = useState<string | null>(null); // For error while uploading video

  // Disable or Enable submit button
  const [isSubmitting, setIsSubmitting] = useState(false);

  // State for the Video
  const video = useFileInput(MAX_VIDEO_SIZE);

  // State for thumbnail
  const thumbnail = useFileInput(MAX_THUMBNAIL_SIZE);

  // Video Duration State
  const [videoDuration, setVideoDuration] = useState(0);

  // useEffect to only Store Video Duration if it is not null, use Video Dependency array
  useEffect(() => {
    if (video.duration != null) setVideoDuration(video.duration);
  }, [video.duration]);

  // Router for Navigation
  const router = useRouter();

  // Handle File Upload to Bunny both Video and Thumbnail
  const uploadFileToBunny = (
    file: File,
    uploadUrl: string,
    accessKey: string
  ): Promise<void> => {
    return fetch(uploadUrl, {
      method: "PUT",
      headers: {
        "Content-Type": file.type,
        AccessKey: accessKey,
      },
      body: file,
    }).then((response) => {
      if (!response.ok) throw new Error("Upload Failed");
    });
  };

  // Handle Form Submit
  const handleSubmit = async (e: FormEvent) => {
    // Do not reload the page
    e.preventDefault();

    // Set True
    setIsSubmitting(true);

    // Try Catch for Submitting the Form
    try {
      // First check if video or thumbnail exists
      if (!video.file || !thumbnail.file) {
        setError("Please upload video and thumbnail");
        return;
      }

      // Check for the formData
      if (!formData.title || !formData.description) {
        setError("Please fill in all the details");
        return;
      }

      // After validation, finally we can proceed to uploading

      // 0 Get the Upload URL

      /*
      First we'll have to get the UploadURL from Bunny then we'll 
      use that URL to upload. Use getVideoURL function 
      */

      const {
        videoID,
        uploadUrl: videoUploadUrl, // Renaming
        accessKey: videoAccessKey, // Renaming
      } = await getVideoUploadURL();

      console.log(`Get Video URL`);
      console.log(
        `video ID ${videoID}, URL ${videoUploadUrl}, AccessKey ${videoAccessKey}`
      );

      /*
      Check if we've videoUrl
      */

      if (!videoID || !videoAccessKey)
        throw new Error("Failed to get video upload credentials");

      // 1. Upload video to Bunny

      /*
      Pass the video file, videoUploadURL, and AcceessKey
      */

      await uploadFileToBunny(video.file, videoUploadUrl, videoAccessKey);

      console.log(`Video Upload to Bunny`);

      // 2. Get Thumbnail Upload URL

      const {
        uploadUrl: thumbnailUploadUrl,
        cdnUrl: thumbnailCdnUrl,
        accessKey: thumbnailAccessKey, // Renaming
      } = await getThumbnailUploadURL(videoID);

      /*
      Check if we've thumbnailUrl
      */

      if (!thumbnailUploadUrl || !thumbnailAccessKey || !thumbnailCdnUrl)
        throw new Error("Failed to get thumbnail upload credentials");

      console.log(`Get Thumbnail URL`);
      console.log(
        `video ID ${thumbnailUploadUrl}, URL ${thumbnailCdnUrl}, AccessKey ${thumbnailAccessKey}`
      );

      // 3. Upload thumbnail to DB

      /*
      If there's attach the Thumbnail to the video
      */

      await uploadFileToBunny(
        thumbnail.file,
        thumbnailUploadUrl,
        thumbnailAccessKey
      );

      console.log(`Uploaded Thumb to Bunny`);

      // 4. Create a new DB entry for the video details (metadata) i.e. (urls, data)

      await saveVideoDetails({
        videoId: videoID,
        thumbnailUrl: thumbnailCdnUrl,
        ...formData, // Spread the form data that contains title, descirption, visibility and etc
        duration: video.duration,
      });

      console.log(`Upload to Database`);

      // 5. After Video Upload Change the Route to Specific Video Route

      router.push(`/video/${videoID}`);

      console.log("Pushed Router Change");
    } catch (error) {
      console.log(`Error Submitting Form ${error}`);
    } finally {
      // Finally set to False after submitting
      setIsSubmitting(false);
    }
  };

  // State for form data
  const [formData, setFormData] = useState({
    title: "",
    description: "",
    visibility: "public",
  });

  // Event Handler for Change in Form Data
  const handleInputChange = (
    e: ChangeEvent<HTMLInputElement | HTMLTextAreaElement | HTMLSelectElement>
  ) => {
    const { name, value } = e.target; // Name is the name of the element and value will be changed value

    // Change the previous data with the latest changed data
    setFormData((prevState) => ({ ...prevState, [name]: value }));
  };

  return (
    <div className="wrapper-md upload-page">
      <h1>Upload a Video</h1>

      {/* Check for Error if Error is True, then Display the Error */}

      {error && <div className="error-field">{error}</div>}

      {/* Create the Form to Handle Video Upload */}

      <form
        className="rounded-20 shadow-10 gap-6 w-full flex flex-col px-5 py-7.5"
        onSubmit={handleSubmit}
      >
        {/* First FormField Component */}

        <FormField
          id="title"
          label="Title"
          placeholder="Enter a clear and concise video title"
          value={formData.title}
          onChange={handleInputChange}
        />

        {/* Second FormField Component */}

        <FormField
          id="description"
          label="Description"
          placeholder="Describe what this video is about"
          value={formData.description}
          as="textarea"
          onChange={handleInputChange}
        />

        {/* First File Input for Video */}
        <FileInput
          id="video"
          label="Video"
          accept="video/*"
          file={video.file}
          previewUrl={video.previewUrl}
          inputRef={video.inputRef}
          onChange={video.handleFileChange}
          onReset={video.resetFile}
          type="video"
        />

        {/* Second File Input for Thumbnail */}
        <FileInput
          id="thumbnail"
          label="Thumbnail"
          accept="image/*"
          file={thumbnail.file}
          previewUrl={thumbnail.previewUrl}
          inputRef={thumbnail.inputRef}
          onChange={thumbnail.handleFileChange}
          onReset={thumbnail.resetFile}
          type="image"
        />

        {/* Visibility for Private and Public */}

        <FormField
          id="visibility"
          label="Visibility"
          value={formData.visibility}
          as="select"
          options={[
            { value: "public", label: "Public" },
            { value: "private", label: "Private" },
          ]}
          onChange={handleInputChange}
        />

        {/* Submit button */}
        <button type="submit" disabled={isSubmitting} className="submit-button">
          {/* Btn Value */}
          {isSubmitting ? "Uploading" : "Upload Video"}
        </button>
      </form>
    </div>
  );
};

export default page;
```

In the above code, the form allows users to upload a video along with its title, description, and visibility settings. The form fields are managed using React state, and the submission process includes uploading the video and thumbnail to a CDN, saving the video details to a database, and then redirecting the user to the specific video page. The code also includes error handling and loading states to improve the user experience during the upload process.

<hr>

After this implementation we've completed the video upload feature, allowing users to easily upload their videos along with relevant metadata.


<hr>
<hr>


Now, we're moving to make our `Application` more secure. For that we'll use `ArcJet`, a powerful authentication and authorization library for `Next.js` applications.

In our `Upload` feature, we've used multiple `fetch` calls to interact with the `Bunny CDN API` for video uploads. With `ArcJet`, we can streamline this process by adding `authentication` and `authorization` checks to these API calls, ensuring that only authorized users can upload videos.

## **Understanding `ArcJet`**

In our implementation, we've multiple `fetch` calls when the user tries to upload a video. In such case there might be a situation that the same user tries to `run` a `script` to hit the `endpoint` to upload a `Video` due this it can affect our `Storage` and `Computing` resources.

To prevent such cases, we need to implement rate limiting and authentication checks on our API endpoints.

This can be done with `ArcJet`, which provides a simple way to add these security measures to our application.

**Note**

`Arcjet` should be used only for the `Server` side API calls, not for client-side code.

<hr>

**`ArcJet`**

- A code-level security layer (no agents/proxies to manage) that supports `Next.js 14/15` and the `Edge/Node runtimes`. Features include `bot protection`, `multiple rate-limit algorithms`, a WAF-style “Shield,” `email validation`, and sensitive-info detection.

- You configure “rules” (e.g., sliding-window rate limit + bot detection + Shield). Arcjet evaluates the request and gives you a decision with detailed reasons; DENY decisions are cached by TTL. You can run rules in LIVE (blocks) or DRY_RUN (observe only) mode.

- Rate-limit algorithms supported: fixed window, sliding window, and token bucket—so you can choose burst-tolerant or strict behavior per endpoint.

- “Shield” blocks common web attacks (SQLi, XSS, LFI/RFI, code injection, etc.).

<hr>

### **`ArcJet` Let's Us**

- Put hard limits per user/IP on sensitive endpoints (e.g., “generate at most N upload URLs/minute”).

- Block/deny known bot categories and obvious automation on your actions.

- Run a lightweight WAF against payloads (your title/description fields) to catch injection/XSS patterns before you touch DB.

- Start safely in DRY_RUN to tune limits, then flip to LIVE to enforce.

- Keep protection close to business logic (inside your Next.js server actions/routes) and compatible with Edge. If Arcjet’s remote check is used, the client fails open quickly on timeout (conservative default), so you don’t introduce big latency.

<hr>

### **`ArcJet` Features**

[Features_Documentation](https://docs.arcjet.com/shield/concepts/)

**Bot Protection**

[Bot_Protection_Documentation](https://docs.arcjet.com/bot-protection/quick-start)

**Rate Limiting**

[Rate_Limiting_Documentation](https://docs.arcjet.com/rate-limiting/quick-start)

**Shield WAF**

Read the below doc to understand different types of attacks that can be mitigated.

[OWASP Top Ten](https://owasp.org/www-project-top-ten/)

**Email Validation**

<hr>

### **Creating `ArcJet` Instance in `NextJs`**

**Steps**

`npm i @arcjet/next @arcjet/inspect` : Install ArcJet packages

Then, setup `.env` variables:

```bash
ARCJET_API_KEY=your_api_key
ARCJET_API_SECRET=your_api_secret
```

Then, `create` a file `arcjet.ts` in the `root` directory:

```typescript
// Create Single Instance of ArcJet, Because
// The SDK caches the Rules and Configurations to Improve
// Performance

import arcjet from "@arcjet/next";
import { getEnv } from "./lib/utils";

const aj = arcjet({
  key: getEnv("ARCJET_API_KEY"),
  rules: [],
});

export default aj;
```

Then, we'll implement the `ArcJet` in our `video.ts` to limit the `server` actions.

<hr>


## **Implementation of `ArcJet` for Limiting `Server` Actions**

### **`video.ts` File**

We'll try to limit the user from spamming video uploads i.e. only one upload per minute.

For that we'll create a `validateWithArcJet` function. That accepts a `fingerprint`.

**What is `fingerprint`?**

A `fingerprint` is a unique identifier for a user or a session. It can be based on various factors such as user ID, IP address, and user-agent string. This helps in tracking and limiting actions per user.

<hr>

**`validateWithArcJet` Function**

```ts
import aj from "@/arcjet";
import { fixedWindow, request } from "@arcjet/next";

// ArcJet Validator, with fingerprint
const validateWithArcjet = async (fingerprint: string) => {
  // Implement Rate Limiting based on User ID
  const rateLimit = aj.withRule(
    fixedWindow({
      mode: "LIVE",
      window: "1m", // Minutes
      max: 1, // Max # of req per window
      characteristics: ["fingerprint"], // Characteristics Based on Fingerprint
    })
  );

  // Request
  const req = await request();

  // Create Decision
  const decision = await rateLimit.protect(req, { fingerprint }); // Protect the request that the user is trying with fingerprint constraint

  // Request is deined if the constraint is Violated
  if (decision.isDenied()) {
    throw new Error("Rate Limit Exceeded");
  }
};
```

In the above code, we have implemented a rate limiting function using ArcJet. The `validateWithArcjet` function takes a `fingerprint` as an argument and sets up a rate limit rule that allows only one request per minute per user (identified by the fingerprint). If a user exceeds this limit, an error is thrown.

`fixedWindow` : This is a rate limiting strategy that uses a fixed time window to track requests. In this case, it allows only one request per minute.

`const req = await request();` : This line creates a new request object that represents the incoming request from the user. It is used to track the specific request that is being made and to apply the rate limiting rules to it.

`const decision = await rateLimit.protect(req, { fingerprint });` : This line creates a decision object that represents the outcome of the rate limiting check. It uses the `protect` method of the `rateLimit` object to check if the request is allowed based on the defined rate limiting rules and the user's fingerprint.

<hr>

Now, we can add `validateWithArcJet` function wherever we want in the `Server` Actions.

For now we'll add to `saveVideoDetails` to secure the upload. We'll take the `SessionID` from `getSessionId()` and pass it as `fingerprint` to our `validateWithArcjet` function.

```ts
export const saveVideoDetails = withErrorHandling(
  async (videoDetails: VideoDetails) => {
    // Get the user
    const userId = await getSessionUserId();

    // Validate the Request with ArcJet Validation Function
    await validateWithArcjet(userId);

    // Use Video Details to Update the Title and Other Metadata in Bunny CDN
    await apiFetch(
      `${VIDEO_STREAM_BASE_URL}/${BUNNY_LIBRARY_ID}/videos/${videoDetails.videoId}`,
      {
        method: "POST",
        bunnyType: "stream",
        body: {
          title: videoDetails.title,
          description: videoDetails.description,
        },
      }
    );

    // Others .....
  }
);
```

Just like in the above code we've called `validateWithArcjet` function to secure the upload. We can implement this function with any `Server` Actions, `Database` Actions, or even `Middleware`.

<hr>

Now, we'll implement the `ArcJet` to protect any of our `pages.tsx` files from bot attacks. For that we'll have to implement a `middleware`.


## **`ArcJet` Implementation in `middleware.ts` to Protect all the `pages.tsx`**

### **Is There Still Issue with Middleware In Our Project?**

Previously when we tried to implement the `middleware` but, we faced issues with accessing the `Session` information because we were using `auth` from `next-auth` which uses libraries related to `cryptography` and `JWT` tokens.

As, `middleware` runs on `Edge` Runtime, it has limitations in accessing certain `Node.js APIs` and `libraries`.

Due to this we were not able to implement the `middleware.ts`.

[Click_Find_The_Previous_Issue](#middleware)

<hr>

### **`middleware.ts`**

```ts
import aj from "@/arcjet";
import { createMiddleware, detectBot, shield } from "@arcjet/next";

const validate = aj
  .withRule(
    shield({
      // Shield Protection to Prevent Sus Activity
      mode: process.env.NODE_ENV === "production" ? "LIVE" : "DRY_RUN", // If production the LIVE else DRY_RUN
    })
  )
  .withRule(
    detectBot({
      // Bot Protection, Allow Only Few but Block Others
      mode: "LIVE",
      allow: ["CATEGORY:SEARCH_ENGINE", "GOOGLE_CRAWLER"],
    })
  );

export default createMiddleware(validate); // Export this ArcJet Middleware
```

In the above code, we have implemented the `ArcJet` middleware to protect our `pages.tsx` files from bot attacks. The middleware uses two main rules: `shield` and `detectBot`. The `shield` rule provides protection against suspicious activity, while the `detectBot` rule allows only specific bots (like search engine crawlers) and blocks others. This ensures that our application is secure and not vulnerable to abuse from malicious bots.

Also, we've set the `Mode` to `DRY_RUN` in development and `LIVE` in production.

**`DRY_RUN`**

When we set `DRY_RUN` mode, the middleware will simulate the protection mechanisms without actually blocking any requests.

In the `server` console the `ArcJet` will log all requests and their corresponding protection decisions, allowing us to see how the middleware would behave in a real scenario, without blocking any requests.

**`LIVE`**

When we set `LIVE` mode, the middleware will actively enforce the protection mechanisms and block any requests that are deemed suspicious or malicious. This is the mode we want to use in a production environment to ensure the security of our application.

This way we `ArcJet` validation in `middleware` that will be applied to all incoming requests and `pages.tsx`.

<hr>

Now we'll implement `ArcJet` for `EmailValidation` and `RateLimiting` on our `app/(auth)/api/[...all]/route.ts` file.

### **`route.ts`**

This file is responsible for handling API requests related to OAuth from Google.

**First We'll Implement Email Validation to See If the Email is Valid and Not Spam**

**Second We'll Implement Rate Limiting to Prevent Abuse** : Instead of `Fixed` `Window` `Rate Limiting`, we'll use `Sliding` `Window` `Rate Limiting`.

`Sliding Window Rate Limiting` allows us to limit the number of requests a user can make in a given time frame, while still allowing for bursts of activity. This is particularly useful for APIs that may experience sudden spikes in traffic.

```ts
// route.ts

import { auth } from "@/lib/auth";
import { ArcjetDecision, slidingWindow, validateEmail } from "@arcjet/next";
import { toNextJsHandler } from "better-auth/next-js";
import { NextRequest } from "next/server";
import ip from "@arcjet/ip";
import aj from "@/arcjet";

// Email Validation -> Arcject Email Protection Spam Email, Temp Email Sites
const emailValidation = aj.withRule(
  validateEmail({
    mode: "LIVE",
    block: ["DISPOSABLE", "INVALID", "NO_MX_RECORDS"], // Block these types
  })
);

// Rate Limiting -> ArcJet Advanced Rate Limiting
const rateLimit = aj.withRule(
  slidingWindow({
    mode: "LIVE",
    interval: "2m",
    max: 5,
    characteristics: ["fingerprint"],
  })
);

// Implement both the Validation in Order
const protectAuth = async (
  req: Request,
  body?: any
): Promise<ArcjetDecision> => {
  const session = await auth.api.getSession({ headers: req.headers });

  let userId: string;

  if (session?.user?.id) {
    userId = session.user.id;
  } else {
    userId = ip(req) || "127.0.0.1";
  }

  if (req.url.includes("/api/auth/sign-in") && body?.email) {
    return emailValidation.protect(req, { email: body.email });
  }

  return rateLimit.protect(req, { fingerprint: userId });
};

// Export for Better authHandler i.e. OAuth
const authHandler = toNextJsHandler(auth.handler);
export const { GET } = authHandler;

// Export the POST Request for Middleware ArcJet Validator
export const POST = async (req: NextRequest) => {
  // Parse body once
  let rawBody = null;

  try {
    rawBody = await req.json();
  } catch (err) {
    console.error("Failed to parse JSON body:", err);
    return new Response(JSON.stringify({ error: "Invalid JSON body" }), {
      status: 400,
    });
  }

  // Now rawBody is safe to use
  console.log(rawBody);

  // Recreate a fresh Request for authHandler with the same body
  const newReq = new Request(req.url, {
    method: req.method,
    headers: req.headers,
    body: JSON.stringify(rawBody),
  });

  // Run Arcjet protection
  const decision = await protectAuth(newReq, rawBody);

  console.log("Rate Limit Decision:", decision);

  if (decision.isDenied()) {
    if (decision.reason.isEmail()) {
      throw new Error("Email Validation Failed");
    }

    if (decision.reason.isRateLimit()) {
      throw new Error("Rate Limit Exceeded");
    }

    if (decision.reason.isShield()) {
      throw new Error("Shield Turned on, protected against malicious actions");
    }
  }

  // Pass the recreated Request to authHandler
  return authHandler.POST(newReq);
};
```

In the above code, we've implemented `ArcJet` for `EmailValidation` and `RateLimiting` in our `app/(auth)/api/[...all]/route.ts` file.

### **Understanding the Flow for `Sign-in With Google` Request with `middleware.ts` and `route.ts`**

When a user clicks the **"Sign in with Google"** button on the `/sign-in` page, the request flows through several layers before completing authentication. Below is the hierarchical breakdown:

---

**1. Frontend (React/Next.js page)**

- The button triggers a **POST request** to the backend endpoint `/api/auth/sign-in/social`.

- The request may include information such as the OAuth provider (Google) and optionally the user's email.

- Example:

```ts
fetch("/api/auth/sign-in/social", {
  method: "POST",
  body: JSON.stringify({ provider: "google" }),
});
```

---

**2. Middleware Layer (`middleware.ts`)**

- This is the **first line of defense**, applied globally before the request reaches the route.

- ArcJet rules applied here:

  1. `shield` → Blocks suspicious/malicious activity.

  2. `detectBot` → Allows only whitelisted bots (e.g., Google crawler) and blocks others.

- Behavior:

  - If a rule is violated → request is blocked immediately.

  - If the request passes → it continues to the route handler.

---

**3. API Route Handler (`app/(auth)/api/[...all]/route.ts`)**

- This layer handles **route-specific authentication logic**.

- Steps:

  1. Parses the request body (JSON) safely.

  2. Applies ArcJet rules:

     - `emailValidation` → Blocks disposable, invalid, or no MX record emails.

     - `rateLimit` → Limits requests based on user fingerprint or IP.

  3. If a request violates these rules → throws an error or blocks the request.

  4. If allowed → passes the request to the **Better Auth handler** i.e `return authHandler.POST(newReq);`

---

**4. Better Auth Handler (`authHandler`)**

- Handles **OAuth workflow**:

  1. Checks if the user is already authenticated.

  2. If not, redirects the user to **Google OAuth login page**.

  3. User logs in with Google → Google returns an OAuth code/token to your app.

  4. Better Auth exchanges the code for user info.

  5. Creates a **session** in your backend and sets a **session cookie**.

---

**5. Browser Receives Session**

- Once authentication succeeds:

  - The session cookie is stored in the browser.

  - Frontend can now make authenticated requests to protected routes.

  - User is considered logged in.

---

### **Note**

Every request passed from `middleware.ts` is an Instance of `NextRequest`. The body of `NextRequest` is a stream and can only be read once. If you need to access the body multiple times, you'll have to cache or store it in an intermediate variable.

<hr>


After implementing the `ArcJet` if any user violates any of the protection rules, the middleware will respond with an appropriate error message and status code. This ensures that malicious or suspicious activity is blocked before it reaches the API route handlers.

The error message looks like below:

```ts
toni-birat@tonibirat:/media/toni-birat/New Volume/screen_recording_full_stack$ npm run dev

> screen_recording_full_stack@0.1.0 dev
> next dev --turbopack

   ▲ Next.js 15.3.4 (Turbopack)
   - Local:        http://localhost:3000
   - Network:      http://192.168.1.79:3000
   - Environments: .env

 ✓ Starting...
 ✓ Compiled middleware in 331ms
 ✓ Ready in 1139ms
✦Aj WARN Arcjet will use 127.0.0.1 when missing public IP address in development mode
 ○ Compiling / ...
 ✓ Compiled / in 2.3s
No branch was passed to the client constructor. Using default branch main. You can set the branch with the environment variable XATA_BRANCH or by passing the branch option to the client constructor.
 GET / 307 in 2709ms
 ○ Compiling /sign-in ...
 ✓ Compiled /sign-in in 539ms
 GET /sign-in 200 in 616ms
 ○ Compiling /api/auth/[...all] ...
 ✓ Compiled /api/auth/[...all] in 1246ms
No branch was passed to the client constructor. Using default branch main. You can set the branch with the environment variable XATA_BRANCH or by passing the branch option to the client constructor.
✦Aj WARN Arcjet will use 127.0.0.1 when missing public IP address in development mode
No branch was passed to the client constructor. Using default branch main. You can set the branch with the environment variable XATA_BRANCH or by passing the branch option to the client constructor.
✦Aj WARN Arcjet will use 127.0.0.1 when missing public IP address in development mode
{ provider: 'google', callbackURL: '/' }
Rate Limit Decision: ArcjetAllowDecision {
  id: 'req_01k429frykewjrdg0e6ns804gf',
  ttl: 0,
  results: [
    ArcjetRuleResult {
      ruleId: '4e0969c60f9916a7e4d01fa7777df7d2ac600fd671e1f868a432b523aaa3a322',
      fingerprint: 'fp::2::981df4654d4919c6e30221b228087880a26959c4a8378839f8fbfd62013fe6c3',
      ttl: 0,
      state: 'RUN',
      conclusion: 'ALLOW',
      reason: [ArcjetRateLimitReason]
    }
  ],
  ip: ArcjetIpDetails {
    latitude: undefined,
    longitude: undefined,
    accuracyRadius: undefined,
    timezone: undefined,
    postalCode: undefined,
    city: undefined,
    region: undefined,
    country: undefined,
    countryName: undefined,
    continent: undefined,
    continentName: undefined,
    asn: undefined,
    asnName: undefined,
    asnDomain: undefined,
    asnType: undefined,
    asnCountry: undefined,
    service: undefined
  },
  conclusion: 'ALLOW',
  reason: ArcjetRateLimitReason {
    type: 'RATE_LIMIT',
    max: 2,
    remaining: 1,
    reset: 72,
    window: 120,
    resetTime: 2025-09-01T09:26:00.000Z
  }
}
 POST /api/auth/sign-in/social 200 in 3440ms
 GET /sign-in 200 in 77ms
{ provider: 'google', callbackURL: '/' }
Rate Limit Decision: ArcjetAllowDecision {
  id: 'req_01k429g28sexqb6wxnm5v56dbf',
  ttl: 0,
  results: [
    ArcjetRuleResult {
      ruleId: '4e0969c60f9916a7e4d01fa7777df7d2ac600fd671e1f868a432b523aaa3a322',
      fingerprint: 'fp::2::981df4654d4919c6e30221b228087880a26959c4a8378839f8fbfd62013fe6c3',
      ttl: 0,
      state: 'RUN',
      conclusion: 'ALLOW',
      reason: [ArcjetRateLimitReason]
    }
  ],
  ip: ArcjetIpDetails {
    latitude: undefined,
    longitude: undefined,
    accuracyRadius: undefined,
    timezone: undefined,
    postalCode: undefined,
    city: undefined,
    region: undefined,
    country: undefined,
    countryName: undefined,
    continent: undefined,
    continentName: undefined,
    asn: undefined,
    asnName: undefined,
    asnDomain: undefined,
    asnType: undefined,
    asnCountry: undefined,
    service: undefined
  },
  conclusion: 'ALLOW',
  reason: ArcjetRateLimitReason {
    type: 'RATE_LIMIT',
    max: 2,
    remaining: 0,
    reset: 63,
    window: 120,
    resetTime: 2025-09-01T09:26:00.000Z
  }
}
No branch was passed to the client constructor. Using default branch main. You can set the branch with the environment variable XATA_BRANCH or by passing the branch option to the client constructor.
✦Aj WARN Arcjet will use 127.0.0.1 when missing public IP address in development mode
 POST /api/auth/sign-in/social 200 in 1419ms
 GET /sign-in 200 in 80ms
{ provider: 'google', callbackURL: '/' }
Rate Limit Decision: ArcjetDenyDecision {
  id: 'req_01k429g7ywewjv5jvtvb48jreb',
  ttl: 57,
  results: [
    ArcjetRuleResult {
      ruleId: '4e0969c60f9916a7e4d01fa7777df7d2ac600fd671e1f868a432b523aaa3a322',
      fingerprint: 'fp::2::981df4654d4919c6e30221b228087880a26959c4a8378839f8fbfd62013fe6c3',
      ttl: 57,
      state: 'RUN',
      conclusion: 'DENY',
      reason: [ArcjetRateLimitReason]
    }
  ],
  ip: ArcjetIpDetails {
    latitude: undefined,
    longitude: undefined,
    accuracyRadius: undefined,
    timezone: undefined,
    postalCode: undefined,
    city: undefined,
    region: undefined,
    country: undefined,
    countryName: undefined,
    continent: undefined,
    continentName: undefined,
    asn: undefined,
    asnName: undefined,
    asnDomain: undefined,
    asnType: undefined,
    asnCountry: undefined,
    service: undefined
  },
  conclusion: 'DENY',
  reason: ArcjetRateLimitReason {
    type: 'RATE_LIMIT',
    max: 2,
    remaining: 0,
    reset: 57,
    window: 120,
    resetTime: 2025-09-01T09:26:00.000Z
  }
}
 ⨯ Error: Rate Limit Exceeded
    at POST (app/api/auth/[...all]/route.ts:87:12)
  85 |
  86 |     if (decision.reason.isRateLimit()) {
> 87 |       throw new Error("Rate Limit Exceeded");
     |            ^
  88 |     }
  89 |
  90 |     if (decision.reason.isShield()) {
 ⨯ Error: Rate Limit Exceeded
    at POST (app/api/auth/[...all]/route.ts:87:12)
  85 |
  86 |     if (decision.reason.isRateLimit()) {
> 87 |       throw new Error("Rate Limit Exceeded");
     |            ^
  88 |     }
  89 |
  90 |     if (decision.reason.isShield()) {
 POST /api/auth/sign-in/social 500 in 381ms
No branch was passed to the client constructor. Using default branch main. You can set the branch with the environment variable XATA_BRANCH or by passing the branch option to the client constructor.
✦Aj WARN Arcjet will use 127.0.0.1 when missing public IP address in development mode
```

For the above `log` we kept `mode: LIVE` with `Sliding Window Rate Limiting` of `2 Requests` in `2 Minutes`.

As we can see from the `log` output, the rate limit was exceeded after 2 requests were made within the 2-minute window. The middleware correctly identified the situation and returned a `Rate Limit Exceeded` error.

<hr>

Also, we can visit to `https://app.arcjet.com/sites/site_01k3zx9t28fydrwrs05xmhgg3f/requests` to see the detailed request logs and how the middleware is handling different requests.

<img src='./Notes_Image/aj.png'>

<hr>
