Overview
Next.js 16 + React 19TypeScript + Prisma ORMJWT Sessions + CSRF ChecksRate Limiting + Password HardeningRentCast Data Sync PipelineVercel + Neon Production Path
Stack
- Next.js 16 (App Router), React 19, and TypeScript
- Prisma ORM with SQLite local and Postgres-ready production schema
- Tailwind CSS v4 UI layer
- JOSE JWT handling and Resend email integration
Security
- Signed HttpOnly session cookie with SameSite=Lax and Secure in production
- Server-side authorization tied to session user, never trusting client userId
- CSRF checks using sec-fetch-site plus origin validation
- Per-IP and per-identifier rate limits on auth and password reset routes
- scrypt + salt hashing, timing-safe verification, and strong password policy
- SHA-256 reset-code storage with 10-minute TTL and attempt limits
- Internal sync endpoint protection via x-internal-token
- Security headers: nosniff, frame deny, strict referrer, restrictive permissions
Features
- Listing search with city/state/ZIP/neighborhood and price/bed/bath filters
- Sorting by newest and price direction
- Property detail pages with media, facts, coordinates, and source links
- Saved homes, account preferences, profile/password management
- Email-based forgot-password request, verify, and reset flow
- Markets and insights dashboards
Data + Ops
- Batch RentCast sync with defensive normalization and optional media/source requirements
- Upsert by externalId with relational image normalization
- Prisma migration and deployment workflow
- Internal sync and seed tooling for ingestion and enrichment
Project Screenshots
Click any screenshot to enlarge.