AI SummaryMazeway provides Cursor-specific rules for implementing authentication and authorization patterns in Next.js projects using Supabase, enabling developers to own their auth logic instead of relying on external packages. Ideal for developers building secure, self-contained authentication systems.
Install
Copy this and paste it into Claude Code, Cursor, or any AI assistant:
I want to add the "Mazeway — Cursor Rules" prompt rules to my project. Repository: https://github.com/mazeway-dev/Mazeway Please read the repo to find the rules/prompt file, then: 1. Download it to the correct location (.cursorrules, .windsurfrules, .github/prompts/, or project root — based on the file type) 2. If there's an existing rules file, merge the new rules in rather than overwriting 3. Confirm what was added
Description
Clerk but you own the code because authentication should live in your project, not a node_modules folder.
Device Trust Score Calculation
• MUST: Implement trust scoring using factors with exact weights: • Device name match: 30 points • Browser match: 20 points • OS match: 20 points • IP range match: 15 points • AVOID: Using custom weights or additional factors • WHY: Consistent evaluation of device trustworthiness across application • EXAMPLE: src/utils/auth/index.ts `ts const calculateTrustScore = (device: DeviceInfo) => { let score = 0; if (device.name === storedDevice.name) score += 30; if (device.browser === storedDevice.browser) score += 20; //...etc } `
Rate Limiting Tiers
• MUST: Implement the following rate limit tiers: • Auth operations: 10 requests/10 seconds • Authenticated operations: 100 requests/minute • General protection: 1000 requests/minute • SMS operations: IP + user-based limits • Data exports: 3 requests/day • AVOID: Custom rate limit values or alternative implementations • WHY: Protects against abuse while ensuring legitimate access • EXAMPLE: src/utils/rate-limit.ts
Verification Code Generation
• MUST: Generate verification codes using: • Authenticator: 6-digit numeric codes • SMS: 6-digit numeric codes • Email: Custom length alphanumeric codes • Backup codes: Word-based or alphanumeric format • AVOID: Custom code formats or lengths • WHY: Ensures compatibility with standard authenticator apps and SMS • EXAMPLE: src/utils/auth/verification-codes.ts
Recovery Token Generation
• MUST: Generate recovery tokens using: • 32 bytes of random data • URL-safe base64 encoding • 1 hour expiration • AVOID: Custom token formats or expiration times • WHY: Industry standard approach for secure recovery links • EXAMPLE: src/utils/auth/recovery-token.ts
Discussion
Health Signals
My Fox Den
Community Rating
Sign in to rate this booster
Works With
Any AI assistant that accepts custom rules or system prompts