// Create new Next.js API route handlers with rate limiting, auth, and validation. Use when: adding REST endpoints, webhook handlers, public API routes, or authenticated API routes. Covers GET/POST handlers, rate limiting with Redis, Zod validation, and error responses.
Machine-readable project skill file for Memescope Monday — a community-driven memecoin discovery and voting platform.
Add new external coin/token data API integrations. Use when: integrating DexScreener, PumpFun, CoinGecko, or any new blockchain data API. Covers fetch patterns, response types, caching, error handling, and chain mapping.
Add or modify database tables, columns, enums, and relations in Drizzle ORM. Use when: adding new tables, adding columns to existing tables, creating indexes, defining relations, or running migrations. Covers the full workflow: schema edit → generate → migrate.
Scaffold React components using shadcn/ui and project patterns. Use when: creating new UI components, feature components, client components with interactivity, or server components for data display. Covers props, imports, Tailwind styling, and optimistic updates.
Create new server actions following Memescope Monday patterns. Use when: adding data mutations, server-side fetches, authenticated operations, or new app/actions/ files. Handles session checks, Drizzle queries, revalidation, and error returns.
| name | api-route |
| description | Create new Next.js API route handlers with rate limiting, auth, and validation. Use when: adding REST endpoints, webhook handlers, public API routes, or authenticated API routes. Covers GET/POST handlers, rate limiting with Redis, Zod validation, and error responses. |
| argument-hint | Describe the API route (e.g., 'GET endpoint to list trending coins') |
Create Next.js App Router API routes in app/api/.
app/api/<route-name>/route.tsGET, POST, PUT, DELETE@/lib/rate-limitNextResponse.json() with appropriate status codesimport { headers } from "next/headers"
import { NextRequest, NextResponse } from "next/server"
import { db } from "@/drizzle/db"
import { project } from "@/drizzle/db/schema"
import { desc } from "drizzle-orm"
import { API_RATE_LIMITS } from "@/lib/constants"
import { checkRateLimit } from "@/lib/rate-limit"
export async function GET(request: NextRequest) {
try {
// Rate limiting
const headersList = await headers()
const forwardedFor = headersList.get("x-forwarded-for")
const ip = forwardedFor ? forwardedFor.split(",")[0].trim() : "127.0.0.1"
const rateLimitResult = await checkRateLimit(
`my-route:${ip}`,
API_RATE_LIMITS.DEFAULT.REQUESTS, // 10
API_RATE_LIMITS.DEFAULT.WINDOW, // 60000ms
)
if (!rateLimitResult.success) {
return NextResponse.json(
{
error: "rate_limit_exceeded",
message: `Too many requests. Please wait ${rateLimitResult.reset}s.`,
reset: rateLimitResult.reset,
},
{
status: 429,
headers: {
"X-RateLimit-Limit": API_RATE_LIMITS.DEFAULT.REQUESTS.toString(),
"X-RateLimit-Remaining": rateLimitResult.remaining.toString(),
"X-RateLimit-Reset": rateLimitResult.reset.toString(),
},
},
)
}
// Query params
const searchParams = request.nextUrl.searchParams
const limit = parseInt(searchParams.get("limit") || "10", 10)
// Database query
const results = await db
.select()
.from(project)
.orderBy(desc(project.createdAt))
.limit(Math.min(limit, 50))
return NextResponse.json({ results })
} catch (error) {
console.error("[MyRoute API]", error)
return NextResponse.json(
{ error: "internal_error", message: "An error occurred." },
{ status: 500 },
)
}
}
import { NextRequest, NextResponse } from "next/server"
import { z } from "zod"
import { db } from "@/drizzle/db"
import { auth } from "@/lib/auth"
import { headers } from "next/headers"
const inputSchema = z.object({
name: z.string().min(1).max(100),
chain: z.enum(["solana", "base", "bnb", "ethereum"]),
})
export async function POST(request: NextRequest) {
try {
// Auth check
const session = await auth.api.getSession({ headers: await headers() })
if (!session?.user?.id) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
}
// Validate body
const body = await request.json()
const parsed = inputSchema.safeParse(body)
if (!parsed.success) {
return NextResponse.json(
{ error: "validation_error", details: parsed.error.flatten() },
{ status: 400 },
)
}
// Process request
const { name, chain } = parsed.data
// ... db operations ...
return NextResponse.json({ success: true }, { status: 201 })
} catch (error) {
console.error("[MyRoute API]", error)
return NextResponse.json(
{ error: "internal_error", message: "An error occurred." },
{ status: 500 },
)
}
}
app/api/<route-name>/route.tsGET, POST, PUT, DELETE (not default)checkRateLimit() from @/lib/rate-limitroute-name:${ip} — unique per routeX-RateLimit-* headers in rate-limited responsesauth.api.getSession({ headers: await headers() }) for protected routes{ error: "error_code", message: "Human text" }console.error("[RouteName API]", error)Math.min(limit, 50)) to prevent abuseunstable_cache from next/cache for expensive read queries