Systems
Architecture patterns coordinating multiple components
What are Systems?
Systems are architecture patterns that coordinate multiple components to achieve a specific capability. They sit between Solutions (business outcomes) and Software (frameworks).
Every system on this page includes: component list, data flow, complete code, and production failure modes.
Available Systems
Search System
Complete search architecture: traditional SEO, AI citations (ChatGPT, Claude, Perplexity, Gemini), schema markup, Core Web Vitals
Components: Next.js Metadata API, Schema.org knowledge graph, Image optimization, Server Components, AI citation optimization
Email System
Production email with Resend + React Email - type-safe templates, enterprise deliverability, sub-7-second setup
Components: Resend API, React Email components, Next.js API Routes, TypeScript validation
Social Sharing System
OpenGraph + Twitter Cards for rich social previews - 2-3x higher engagement, works across all platforms
Components: Next.js Metadata API, OpenGraph protocol, Twitter Cards, 1200x630px social images
Mobile System
React Native 0.81 + Expo SDK 54 + Next.js code sharing - 40-50% code reduction, production-ready mobile architecture
Components: React Native New Architecture, Expo SDK, Monorepo (Nx/Turborepo), EAS Build, code sharing
Authentication System
Production-ready auth with Supabase + Next.js middleware for edge protection
Components: Supabase Auth, Next.js Middleware, Server Components, Client Components
Pattern: Authentication System
Components
- Supabase Auth: User management, sessions, OAuth providers
- Next.js Middleware: Route protection at edge
- Server Components: Secure data fetching
- Client Components: Login UI, session state
Data Flow
- User visits protected route → Middleware checks session
- No session → Redirect to /login
- User submits login → Supabase creates session
- Session stored in httpOnly cookie → Secure from XSS
- Subsequent requests → Middleware validates session
- Valid session → Allow access, fetch user data server-side
Implementation
1. Middleware (Edge Protection)
// middleware.ts // Dependencies (October 5, 2025): // - Next.js: 15.5.4 // - @supabase/ssr: 0.7.1 // Last verified: 2025-10-05 import { createServerClient } from '@supabase/ssr'; import { NextResponse, type NextRequest } from 'next/server'; export async function middleware(request: NextRequest) { let response = NextResponse.next({ request }); const supabase = createServerClient( process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, { cookies: { get(name: string) { return request.cookies.get(name)?.value; }, set(name: string, value: string, options: any) { response.cookies.set({ name, value, ...options }); }, remove(name: string, options: any) { response.cookies.set({ name, value: '', ...options }); }, }, } ); const { data: { session } } = await supabase.auth.getSession(); // Protect dashboard routes if (request.nextUrl.pathname.startsWith('/dashboard') && !session) { return NextResponse.redirect(new URL('/login', request.url)); } return response; } export const config = { matcher: ['/dashboard/:path*'], };
2. Server Component (Secure Data)
// app/dashboard/page.tsx import { createServerClient } from '@supabase/ssr'; import { cookies } from 'next/headers'; export default async function Dashboard() { const supabase = createServerClient( process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, { cookies: { get(name: string) { return cookies().get(name)?.value; }, }, } ); const { data: { user } } = await supabase.auth.getUser(); return ( <div> <h1>Welcome, {user?.email}</h1> {/* Secure server-side rendered content */} </div> ); }
3. Client Component (Login UI)
// components/login-form.tsx 'use client'; import { createBrowserClient } from '@supabase/ssr'; import { useState } from 'react'; export function LoginForm() { const [email, setEmail] = useState(''); const [password, setPassword] = useState(''); const supabase = createBrowserClient( process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY! ); async function handleLogin(e: React.FormEvent) { e.preventDefault(); const { error } = await supabase.auth.signInWithPassword({ email, password, }); if (!error) window.location.href = '/dashboard'; } return ( <form onSubmit={handleLogin} className="space-y-4 max-w-md"> <input type="email" value={email} onChange={(e) => setEmail(e.target.value)} placeholder="Email" className="w-full p-2 border rounded" /> <input type="password" value={password} onChange={(e) => setPassword(e.target.value)} placeholder="Password" className="w-full p-2 border rounded" /> <button type="submit" className="w-full p-2 bg-blue-600 text-white rounded" > Login </button> </form> ); }
What Breaks in Production
- Cookie domain mismatch: localhost works, production fails.
Fix: SetcookieOptions.domain
correctly for your deployment. - Session refresh timing: Users logged out randomly.
Fix: Callsupabase.auth.refreshSession()
in client layout. - Middleware infinite redirects: /login redirects to /login.
Fix: Exclude /login from matcher config. - Server/client data mismatch: Hydration errors.
Fix: Use server components for initial user data, sync with client.