AI SummaryMazeway provides cursor-integrated authentication rules for building secure auth systems in Next.js projects using Supabase, emphasizing best practices for 2FA and device trust without external auth libraries.
Install
Copy this and paste it into Claude Code, Cursor, or any AI assistant:
I want to add the "Mazeway — Cursor Rules" prompt rules to my project. Repository: https://github.com/mazeway-dev/Mazeway Please read the repo to find the rules/prompt file, then: 1. Download it to the correct location (.cursorrules, .windsurfrules, .github/prompts/, or project root — based on the file type) 2. If there's an existing rules file, merge the new rules in rather than overwriting 3. Confirm what was added
Description
Clerk but you own the code because authentication should live in your project, not a node_modules folder.
Two-Factor Authentication (2FA) Implementation
• MUST: Implement 2FA using authenticator apps and SMS with the following flow: • Generate verification codes using src/utils/auth/verification-codes.ts • Validate codes against hashes • AVOID: • Storing raw verification codes • Using email as primary 2FA method • Implementing custom code generation • WHY: Ensures secure time-based verification while following industry standards • EXAMPLE: src/utils/auth/verification-codes.ts
Device Trust Calculation
• MUST: Calculate device trust scores using: • Device name match (30 points) • Browser match (20 points) • OS match (20 points) • IP range match (15 points) • AVOID: • Storing raw device identifiers • Using location as primary trust factor • Skipping verification for partially trusted devices • WHY: Provides risk-based authentication while protecting user privacy • EXAMPLE: src/utils/auth/index.ts
Session Management
• MUST: Implement sessions with: • Device fingerprinting via src/utils/auth/device-sessions/server.ts • Session revocation requiring 2FA via src/components/device-sessions-list.tsx • Location tracking for non-local IPs • AVOID: • Storing sessions without device context • Auto-extending expired sessions • Using client-side session storage • WHY: Enables secure multi-device access while maintaining user control • EXAMPLE: src/hooks/use-device-sessions.ts
Account Security Events
• MUST: Log security events with: • Device information • Event category (success/warning/error) • Verification method used • IP address and location • AVOID: • Logging sensitive data • Missing critical security events • Delayed event logging • WHY: Provides audit trail and security monitoring • EXAMPLE: src/utils/account-events/server.ts
Discussion
Health Signals
My Fox Den
Community Rating
Sign in to rate this booster
Works With
Any AI assistant that accepts custom rules or system prompts