nextjs-data-access-layer

Name: nextjs-data-access-layer
Author: HoangNguyen0403/agent-skills-standard

$npx mdskill add HoangNguyen0403/agent-skills-standard/nextjs-data-access-layer

Centralize all data access (Database & External APIs) to ensure consistent security, authorization, and caching.

SKILL.md

.github/skills/nextjs-data-access-layerView on GitHub ↗

---
name: nextjs-data-access-layer
description: Build secure, reusable data access patterns with DTOs, taint checks, and colocated authorization in Next.js. Use when centralizing database queries, transforming raw data to DTOs, adding server-only guards, or preventing sensitive data from reaching Client Components.
metadata:
  triggers:
    files:
    - '**/lib/data.ts'
    - '**/services/*.ts'
    - '**/dal/**'
    keywords:
    - DAL
    - Data Access Layer
    - server-only
    - DTO
---
# Data Access Layer (DAL)

## **Priority: P1 (HIGH)**

Centralize all data access (Database & External APIs) to ensure consistent security, authorization, and caching.

## Workflow

1. **Create DAL module** in `services/` or `lib/data.ts` with `import 'server-only'`.
2. **Verify auth** inside every DAL function using `await auth()`.
3. **Transform** raw DB/API data into DTOs before returning to components.
4. **Wrap** with `cache()` from React to deduplicate requests within render cycle.
5. **Taint-check** sensitive objects to prevent accidental client exposure.

See [implementation examples](references/implementation.md)

## Implementation Guidelines

- **DTOs**: Always transform raw data into plain objects. Never return ORM model instances.
- **Security**: Use `taintObjectReference` or `taintUniqueValue` from experimental taint API to guard sensitive data.
- **Authorization**: Colocate auth checks inside every DAL function. Never rely on UI layer.
- **Caching**: Wrap DAL functions in `cache()` to deduplicate within single render.
- **Error Handling**: Throw standardized errors (`NotFoundError`, `UnauthorizedError`) caught by `error.tsx` or `notFound()`.

## Limitations

- **Client Components** cannot import DAL files. Use Server Actions or Route Handlers as bridges.

## Anti-Patterns

- **No auth checks outside DAL**: Auth verification must live inside DAL functions.
- **No raw ORM instances returned**: Transform to plain DTO objects before returning.
- **No `fetch('localhost/api')` in Server Components**: Call DAL functions directly.
- **No DAL imports in Client Components**: Use Server Actions or Route Handlers as bridges.

More from HoangNguyen0403/agent-skills-standard

Skill	Description
android-agp-upgrade	Upgrade an Android project to Android Gradle Plugin (AGP) 9. Use when migrating to AGP 9, updating Gradle build files, migrating to built-in Kotlin, or adopting the new AGP DSL.
android-architecture	Apply Clean Architecture layering, modularization, and Unidirectional Data Flow in Android projects. Use when setting up project structure, placing code in layers, configuring feature/core modules, or implementing UDF patterns.
android-background-work	Implement WorkManager and background processing correctly on Android. Use when creating Worker classes, scheduling tasks, choosing between WorkManager and Foreground Services, or setting up Hilt in workers.
android-compose	Build high-performance declarative UI with Jetpack Compose. Use when writing Composable functions, optimizing recomposition, hoisting state, or working with LazyColumn and side effects.
android-compose-migration	Migrate an Android XML View to Jetpack Compose following a structured 10-step workflow. Use when converting XML layouts to Compose, setting up Compose in an existing View-based project, or incrementally adopting Compose.
android-concurrency	Write correct coroutine scopes, Flow collection, and dispatcher injection in Android. Use when writing suspend functions, choosing between StateFlow and SharedFlow, or injecting Dispatchers for testability.
android-deployment	Configure release signing, R8 obfuscation, and App Bundle publishing for Android. Use when setting up signing configs, enabling minification, adding ProGuard keep rules, or preparing for Play Store submission.
android-design-system	Enforce Material Design 3 theming and design token usage in Jetpack Compose. Use when implementing M3 components, color schemes, typography, or design tokens.
android-di	Configure Hilt dependency injection with proper scoping, modules, and constructor injection in Android. Use when setting up Hilt DI, defining modules, or configuring component scoping.
android-edge-to-edge	Migrate a Jetpack Compose app to edge-to-edge display and fix system bar inset issues. Use when UI components are obscured by navigation/status bars, fixing IME insets, or enabling edge-to-edge for SDK 35+.