Vacation Request App Development

Expert guidance for developing and maintaining a Next.js 15 vacation request application with enterprise authentication and comprehensive testing.

Project Overview

This skill provides specialized knowledge for working with a vacation request application built with:

**Next.js 15.3.0** (App Router) with TypeScript

**Prisma ORM** with PostgreSQL (custom output path)

**NextAuth.js v5** for authentication (Microsoft Entra ID)

**shadcn/ui** components with Tailwind CSS v4

**Vitest** and **Playwright** for testing

Essential Commands Reference

Development Commands

```bash

npm run dev # Start development server with Turbopack

npm run build # Build for production (runs prisma generate first)

npm start # Start production server

```

Testing Commands

```bash

npm test # Run unit tests

npm run test:ui # Run tests with Vitest UI

npm run coverage # Generate coverage report

npm run test:e2e # Run Playwright E2E tests

npm run test:e2e:ui # Run Playwright with UI

```

Database Commands

```bash

npm run migrate:dev # Run Prisma migrations in development

npm run db:reset # Reset database and re-seed

npm run prisma:seed # Seed database with initial data

```

Code Quality Commands

```bash

npm run lint # Run ESLint

```

Instructions for AI Agent

When working with this vacation request application codebase, follow these guidelines:

1. Understanding the Architecture

**Authentication Flow:**

Use server-side authentication via NextAuth.js with Microsoft Entra ID

Implement secure httpOnly session cookies (never expose tokens client-side)

Apply middleware-based route protection in `src/middleware.ts`

Enforce role-based access control (ADMIN, MANAGER, EMPLOYEE)

**Data Models (Prisma):**

User: Employees with roles, departments, and manager relationships

Department: Organizational units

TimeOffRequest: Requests with approval workflow states

TimeOffBalance: Available days by type and year

RequestComment: Comments on requests

**Service Layer Pattern:**

All business logic must be in services (`src/lib/services/`)

Available services:

- `user.service.ts` - User management and authentication

- `time-off-request.service.ts` - Request creation and approval workflow

- `time-off-balance.service.ts` - Balance tracking and updates

- `department.service.ts` - Department management

Never put business logic directly in components or API routes

**API Structure:**

Next.js API routes in `/app/api/`

Authentication endpoints: `/api/auth/[...nextauth]`

RESTful patterns for all other endpoints

2. Development Workflow

**Environment Configuration:**

Before starting development, ensure these environment variables are set:

```

DATABASE_URL="postgresql://..."

NEXTAUTH_URL="http://localhost:3000"

NEXTAUTH_SECRET="..."

AZURE_AD_CLIENT_ID="..."

AZURE_AD_CLIENT_SECRET="..."

AZURE_AD_TENANT_ID="..."

```

**Prisma Workflow:**

1. Schema location: `prisma/schema.prisma`

2. Generated client outputs to: `src/lib/generated/prisma/` (custom path)

3. After schema changes:

- Run `npm run migrate:dev` to create migration

- Run `npm run build` to regenerate Prisma client

4. Import Prisma client from: `src/lib/generated/prisma/`

3. Testing Requirements

**Unit Tests (Vitest):**

Write unit tests for all new services

Use React Testing Library for component tests

Run `npm test` before completing any task

**E2E Tests (Playwright):**

Write E2E tests for critical user flows

Test authentication flows thoroughly

Run `npm run test:e2e` before marking features complete

**Coverage:**

Generate coverage reports with `npm run coverage`

Aim for high coverage on service layer

4. Code Style and Standards

**Service Layer:**

Always create services for business logic

Services should be stateless and testable

Export clear, typed interfaces

**Component Structure:**

Follow shadcn/ui patterns for components

Keep components presentational

Delegate business logic to services

**TypeScript:**

Leverage TypeScript's strict mode

Define types for all function parameters and returns

Use Prisma-generated types where applicable

**Date Handling:**

Use date-fns library for all date/time operations

Maintain consistency across the codebase

5. Git and Version Control

**Branch Strategy:**

Create feature branches off `main`

Use descriptive branch names (e.g., `feature/add-vacation-approval`)

**Before Committing:**

1. Run `npm run lint` to check code style

2. Run `npm test` to verify unit tests pass

3. Run `npm run test:e2e` for critical features

4. Write descriptive commit messages

**Pull Requests:**

Ensure all tests pass before creating PR

Include description of changes

Reference any related issues

6. Security Considerations

**Authentication:**

Never expose authentication tokens to client-side code

Always use server-side session validation

Implement proper role checks for protected routes

**Data Access:**

Validate user permissions in services

Use Prisma's query filtering for access control

Sanitize user inputs

7. Important Technical Notes

Project uses ES modules (`"type": "module"` in package.json)

Prisma client has custom output path: `src/lib/generated/prisma/`

Import Prisma from custom path, not `@prisma/client`

Always run `npm run build` after Prisma schema changes

Authentication uses NextAuth.js v5 (not v4)

Project follows Phase 1 MVP feature roadmap

8. Common Tasks

**Adding a New Feature:**

1. Create service layer functions with tests

2. Add API routes if needed

3. Build UI components following shadcn/ui patterns

4. Add E2E tests for user flows

5. Update documentation

**Modifying Database Schema:**

1. Edit `prisma/schema.prisma`

2. Run `npm run migrate:dev`

3. Run `npm run build` to regenerate client

4. Update affected services and types

5. Run tests to verify changes

**Debugging Authentication:**

1. Check environment variables are set

2. Verify Microsoft Entra ID configuration

3. Review `src/middleware.ts` for route protection

4. Check session data in NextAuth callbacks

Examples

**Example 1: Adding a New Service Function**

```typescript

// src/lib/services/time-off-request.service.ts

export async function approveRequest(

requestId: string,

approverId: string

): Promise<TimeOffRequest> {

const request = await prisma.timeOffRequest.findUnique({

where: { id: requestId }

});

if (!request) {

throw new Error('Request not found');

}

return await prisma.timeOffRequest.update({

where: { id: requestId },

data: {

status: 'APPROVED',

approverId,

approvedAt: new Date()

}

});

}

```

**Example 2: Creating an API Route**

```typescript

// app/api/requests/[id]/approve/route.ts

import { approveRequest } from '@/lib/services/time-off-request.service';

import { getServerSession } from 'next-auth';

export async function POST(

request: Request,

{ params }: { params: { id: string } }

) {

const session = await getServerSession();

if (!session?.user) {

return new Response('Unauthorized', { status: 401 });

}

try {

const result = await approveRequest(params.id, session.user.id);

return Response.json(result);

} catch (error) {

return new Response('Error approving request', { status: 500 });

}

```

Constraints

Do not expose authentication tokens or secrets to client-side code

Do not put business logic in API routes or components

Do not import Prisma client from `@prisma/client` (use custom path)

Do not skip tests when completing features

Do not modify Prisma schema without running migrations

Always run `npm run build` after Prisma schema changes

Follow existing code patterns and service layer architecture

Vacation Request App Development

Vacation Request App Development

Project Overview

Essential Commands Reference

Development Commands

Testing Commands

Database Commands

Code Quality Commands

Instructions for AI Agent

1. Understanding the Architecture

2. Development Workflow

3. Testing Requirements

4. Code Style and Standards

5. Git and Version Control

6. Security Considerations

7. Important Technical Notes

8. Common Tasks

Examples

Constraints

Reviews (0)