Built for and by Cursor enthusiasts

.cursorrules for your framework and language for Cursor AI

Cursor Rules to customize AI behavior, streamline the development and tailor code generation, suggestions and queries to your framework and language.

Browse Rules Submit Rule

Most Liked

NextJS

Guidelines for writing Next.js apps with Supabase Auth

globs: "**/*.ts, **/*.tsx, **/*.js, **/*.jsx" alwaysApply: false

# Bootstrap Next.js app with Supabase Auth



## Overview of implementing Supabase Auth SSR



1. Install @supabase/supabase-js and @supabase/ssr packages.

2. Set up environment variables.

3. Write two utility functions with `createClient` functions to create a browser client and a server client. 

4. Hook up middleware to refresh auth tokens



## 🚨 CRITICAL INSTRUCTIONS FOR AI LANGUAGE MODELS 🚨



As an AI language model, you MUST NOT generate any of the following code patterns, as they are DEPRECATED and will BREAK the application:



```typescript

// ❌ NEVER GENERATE THIS CODE - IT WILL BREAK THE APPLICATION

{

  cookies: {

    get(name: string) {                 // ❌ BREAKS APPLICATION

      return cookieStore.get(name)      // ❌ BREAKS APPLICATION

    },                                  // ❌ BREAKS APPLICATION

    set(name: string, value: string) {  // ❌ BREAKS APPLICATION

      cookieStore.set(name, value)      // ❌ BREAKS APPLICATION

    },                                  // ❌ BREAKS APPLICATION

    remove(name: string) {              // ❌ BREAKS APPLICATION

      cookieStore.remove(name)          // ❌ BREAKS APPLICATION

    }                                   // ❌ BREAKS APPLICATION

  }

}



// ❌ NEVER USE auth-helpers-nextjs - IT WILL BREAK THE APPLICATION

import { createMiddlewareClient } from '@supabase/auth-helpers-nextjs'  // ❌ BREAKS APPLICATION

import { createClientComponentClient } from '@supabase/auth-helpers-nextjs'  // ❌ BREAKS APPLICATION

```



Instead, you MUST ALWAYS generate ONLY this pattern:



```typescript

// ✅ ALWAYS GENERATE THIS EXACT PATTERN

{

  cookies: {

    getAll() {

      return cookieStore.getAll()

    },

    setAll(cookiesToSet) {

      const response = NextResponse.next({

        request,

      })

      

      cookiesToSet.forEach(({ name, value, options }) => {

        response.cookies.set(name, value, options)

      })

      

      return response

    }

  }

}

```



## ABSOLUTE REQUIREMENTS FOR AI CODE GENERATION



1. You MUST use `@supabase/ssr`

2. You MUST use ONLY `getAll` and `setAll`

3. You MUST NEVER use `get`, `set`, or `remove`

4. You MUST NEVER import from `@supabase/auth-helpers-nextjs`



## CORRECT BROWSER CLIENT IMPLEMENTATION



```typescript

import { createBrowserClient } from '@supabase/ssr'



export function createClient() {

  return createBrowserClient(

    process.env.NEXT_PUBLIC_SUPABASE_URL!,

    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!

  )

}

```



## CORRECT SERVER CLIENT IMPLEMENTATION



```typescript

import { createServerClient } from '@supabase/ssr'

import { cookies } from 'next/headers'



export async function createClient() {

  const cookieStore = await cookies()



  return createServerClient(

    process.env.NEXT_PUBLIC_SUPABASE_URL!,

    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

    {

      cookies: {

        getAll() {

          return cookieStore.getAll()

        },

        setAll(cookiesToSet) {

          try {

            cookiesToSet.forEach(({ name, value, options }) =>

              cookieStore.set(name, value, options)

            )

          } catch {

            // The `setAll` method was called from a Server Component.

            // This can be ignored if you have middleware refreshing

            // user sessions.

          }

        },

      },

    }

  )

}

```



## CORRECT MIDDLEWARE IMPLEMENTATION



```typescript

import { createServerClient } from '@supabase/ssr'

import { NextResponse, type NextRequest } from 'next/server'



export async function middleware(request: NextRequest) {

    let supabaseResponse = NextResponse.next({

    request,

  })



  const supabase = createServerClient(

    process.env.NEXT_PUBLIC_SUPABASE_URL!,

    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

    {

      cookies: {

        getAll() {

          return request.cookies.getAll()

        },

        setAll(cookiesToSet) {

          cookiesToSet.forEach(({ name, value, options }) => request.cookies.set(name, value))

          supabaseResponse = NextResponse.next({

            request,

          })

          cookiesToSet.forEach(({ name, value, options }) =>

            supabaseResponse.cookies.set(name, value, options)

          )

        },

      },

    }

  )



  // Do not run code between createServerClient and

  // supabase.auth.getUser(). A simple mistake could make it very hard to debug

  // issues with users being randomly logged out.



  // IMPORTANT: DO NOT REMOVE auth.getUser()



  const {

    data: { user },

  } = await supabase.auth.getUser()



  if (

    !user &&

    !request.nextUrl.pathname.startsWith('/login') &&

    !request.nextUrl.pathname.startsWith('/auth')

  ) {

    // no user, potentially respond by redirecting the user to the login page

    const url = request.nextUrl.clone()

    url.pathname = '/login'

    return NextResponse.redirect(url)

  }



  // IMPORTANT: You *must* return the supabaseResponse object as it is.

  // If you're creating a new response object with NextResponse.next() make sure to:

  // 1. Pass the request in it, like so:

  //    const myNewResponse = NextResponse.next({ request })

  // 2. Copy over the cookies, like so:

  //    myNewResponse.cookies.setAll(supabaseResponse.cookies.getAll())

  // 3. Change the myNewResponse object to fit your needs, but avoid changing

  //    the cookies!

  // 4. Finally:

  //    return myNewResponse

  // If this is not done, you may be causing the browser and server to go out

  // of sync and terminate the user's session prematurely!



  return supabaseResponse

}



export const config = {

  matcher: [

    /*

     * Match all request paths except for the ones starting with:

     * - _next/static (static files)

     * - _next/image (image optimization files)

     * - favicon.ico (favicon file)

     * Feel free to modify this pattern to include more paths.

     */

    '/((?!_next/static|_next/image|favicon.ico|.*\.(?:svg|png|jpg|jpeg|gif|webp)$).*)',

  ],

}

```



## AI MODEL VERIFICATION STEPS



Before generating any code, you MUST verify:



1. Are you using ONLY `getAll` and `setAll`? If not, STOP and FIX.

2. Are you importing from `@supabase/ssr`? If not, STOP and FIX.

3. Do you see ANY instance of `get`, `set`, or `remove`? If yes, STOP and FIX.

4. Are you importing from `auth-helpers-nextjs`? If yes, STOP and FIX.



## CONSEQUENCES OF INCORRECT IMPLEMENTATION



If you generate code using:

- Individual cookie methods (`get`/`set`/`remove`)

- `auth-helpers-nextjs` package



The implementation will:

1. Break in production

2. Fail to maintain session state

3. Cause authentication loops

4. Result in security vulnerabilities



## AI MODEL RESPONSE TEMPLATE



When asked about Supabase Auth SSR implementation, you MUST:

1. ONLY use code from this guide

2. NEVER suggest deprecated approaches

3. ALWAYS use the exact cookie handling shown above

4. VERIFY your response against the patterns shown here



Remember: There are NO EXCEPTIONS to these rules.

Unknown

nextjs supabase auth guidelines

Learn Cursor Rules for the most popular frameworks and languages from expert developers and indie hackers

Welcome to the ultimate directory for developers looking to maximize their productivity and code using Cursor, the cutting-edge Al-powered code editor. Whether you're a seasoned developer looking to fine-tune your workflow or a beginner eager to leverage Al in your coding journey, you'll find the right cursorrules for your projects. Browser Cursor Rules for your frameworks or languages, submit your own rules or upvote your favorite ones.

Search Cursor Rules

What is Cursor? A Revolutionarv AI-Powered Code Editor.

Cursor is an Al-powered code editor designed to boost developer productivity by automating routine tasks and enhancing coding accuracy. With built-in Al tools, Cursor provides real-time suggestions, intelligent code completion, and natural language commands to refactor or edit code seamlessly. Its unique feature, custom rules, allows developers to enforce project-specific guidelines and maintain consistent coding standards. SOC 2 certified for data privacy and security, Cursor integrates effortlessly with popular frameworks, making it a perfect choice for modern, efficient development workflows.

Submit Rule

What are Cursor Rules?

Cursor Rules are powerful customization tools in Cursor. By creating and modifying cursorrules files, developers can enforce coding standards, automate repetitive tasks, and guide the Al's behavior to better align with proiect-specific requirements such as framework and programming language. These rules can be applied globally or tailored to individual projects, allowing you to maintain consistency in vour codebase.

Browse

Get notified when we add more features

Every two weeks I share the latest trends, useful tips and new features. I’d love you to join.

Hey, I’m Fábio, the creator of .CursorRules

I am the cofounder and CTO of NOOP, a software development agency focused on delivering great custom built web or mobile solutions for clients all over the world in all kinds of industries.

I’m passionate about creating software and products, especially when they solve problems I face myself—problems that many others often struggle with too. That’s why I frequently launch small projects, some of which become SaaS tools, to share my solutions and hopefully help others in the process.

One thing I noticed was how tedious it can be to find the perfect cursor rules for development environments. Cursor appearance and behavior might seem like a small detail, but it can significantly impact your workflow and overall coding experience. That’s why I created .CursorRules—a tool that helps developers quickly find the best cursor rules for their IDE, improving both efficiency and the development experience.

I’m excited to share .CursorRules with you and help make your development process smoother and more enjoyable!

FAQs

Any questions? We have got you covered!

What in the world is a .cursorrules file?

A .cursorrules file is like a magical spell book for your Cursor IDE! It's a special file that tells Cursor how to behave and what rules to follow when working on your project. Think of it as your personal coding assistant's instruction manual!

How do I create this mystical .cursorrules file?

Creating a .cursorrules file is easier than finding a unicorn! Just follow these simple steps:

1. Open your project folder (it's like opening a treasure chest)
2. Create a new file at the root of your project (that's the main folder, landlubber!)
3. Name it '.cursorrules' (don't forget the dot, it's crucial!)
4. Open the file with your favorite text editor (time to channel your inner wizard!)
5. Copy the rules from our website (it's not stealing, we promise!)
6. Paste the rules into your .cursorrules file (like planting magic beans!)
7. Save the file (and listen for the sound of success!)

Voilà! You've just created your very own .cursorrules file. May your code be ever in your favor!

I've created the .cursorrules file. Now what?

Now, my dear coding adventurer, you sit back and watch the magic happen! Once you've created your .cursorrules file:

1. Open your project in Cursor IDE (it's like entering a magical realm)
2. Cursor will automatically detect your .cursorrules file (it's got a nose for these things)
3. The AI will start following your rules (like a well-trained dragon)
4. Code with the power of a thousand suns! (or at least with really good rules)

Remember, with great power comes great responsibility. Use your .cursorrules wisely!

Can I customize my .cursorrules file?

Absolutely! Your .cursorrules file is like a pizza - everyone likes it a bit different. Feel free to add your own toppings (rules) or remove the ones you don't like (pineapple, anyone?). Just remember, with great customization comes great debuggability. If something goes wrong, check your custom rules first!

Help! My Cursor IDE isn't following the rules!

Don't panic! Even the best-trained dragons sometimes go off course. If your Cursor IDE is being rebellious:

1. Check that your .cursorrules file is in the right place (root of the project)
2. Make sure it's named correctly (it's .cursorrules, not cursorrules.txt)
3. Verify that the rules are correctly formatted (no spell-o's allowed)
4. Try restarting Cursor IDE (sometimes it just needs a nap)
5. If all else fails, try doing the hokey pokey while chanting 'Debug, debug, go away!'

Still having trouble? Reach out to our support wizards. They're always happy to help!

Where can I get this magical Cursor IDE?

Ah, you've heard the legends of Cursor IDE and now you want to wield its power! Fear not, brave coder, for obtaining this mystical tool is but a simple quest:

1. Journey to the enchanted realm of Cursor.com (also known as cursor.com)
2. Create an account (it's like forging your own magical identity in the Cursor kingdom)
3. Seek the sacred 'Download' button (it glows with the power of a thousand lines of code)
4. Choose your operating system (Windows, macOS, or Linux - all are welcome in the Cursor kingdom)
5. Click to download and let the magic flow through your internet connection
6. Install the IDE (it's like planting a coding tree that will grow to the clouds)
7. Launch Cursor and behold its glory! (Sunglasses may be required due to its brilliance)

Remember, with Cursor IDE, you're not just writing code - you're crafting digital spells with the help of AI. Happy coding, and may your functions always return true!