E-commerce store on Next.js 16 (App Router) + Postgres (Neon) + Better Auth

Type-checked against the real SDKs, migration applied to a live Postgres, pooling tested — then tracked for upstream drift and re-verified when it moves. How we verify →

What you're getting

• Next.js 16 App Router — file-based routing, server components, and the Edge proxy (Next 16's renamed middleware).
• Postgres on Neon via Drizzle ORM and the postgres-js driver.
• Better Auth — self-hosted auth running inside your app against your Postgres (Drizzle adapter).
• E-commerce storefront — product catalog with per-SKU variants, guest-compatible carts, and price-snapshotting orders.

Setup

bun add next react react-dom drizzle-orm postgres better-auth

Environment variables:

• DATABASE_URL — Neon pooled (-pooler) connection string
• BETTER_AUTH_SECRET — generate with `openssl rand -base64 32`
• BETTER_AUTH_URL — your app's base URL

Apply the schema: bunx drizzle-kit push

Initialization

import { drizzle } from "drizzle-orm/postgres-js";
import postgres from "postgres";

// Neon pooled endpoint = PgBouncer transaction mode → prepared statements off.
// ponytail: single module-level client; the serverless runtime + PgBouncer do
// the pooling, so no custom pool/globalThis singleton dance needed.
const client = postgres(process.env.DATABASE_URL!, { prepare: false });

export const db = drizzle({ client });

// Better Auth instance (self-hosted, Next.js 16 (App Router)).
import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
// Reuse the SAME postgres-js/Drizzle client the db slice exported in
// src/lib/db.ts — Better Auth shares the pooled `DATABASE_URL` connection.
import { db } from "./db";

export const auth = betterAuth({
  // Drizzle adapter over the shared client; provider "pg" => Postgres DDL
  // for Better Auth's own user/session/account/verification tables.
  database: drizzleAdapter(db, { provider: "pg" }),
  // ponytail: email+password is the shortest real auth that works out of
  // the box — add socialProviders / plugins here when the app needs them.
  emailAndPassword: { enabled: true },
  secret: process.env.BETTER_AUTH_SECRET,
  baseURL: process.env.BETTER_AUTH_URL,
});

export type Session = typeof auth.$Infer.Session;

// Mount Better Auth on Next's route layer.
import { toNextJsHandler } from "better-auth/next-js";
import { auth } from "@/lib/auth";

export const { GET, POST } = toNextJsHandler(auth);

// Session-protection proxy for Next.js 16 (App Router) (Next 16 renamed middleware.ts → proxy.ts).
// ponytail: getSessionCookie only checks the cookie EXISTS (no DB hit at
// the Edge runtime) — do the real auth.api.getSession() check inside
// protected Server Components / route handlers. This just bounces
// logged-out users before render.
import { NextResponse, type NextRequest } from "next/server";
import { getSessionCookie } from "better-auth/cookies";

export function proxy(request: NextRequest) {
  const sessionCookie = getSessionCookie(request);
  if (!sessionCookie) {
    return NextResponse.redirect(new URL("/sign-in", request.url));
  }
  return NextResponse.next();
}

export const config = {
  // ponytail: guard the SaaS app surface; widen the matcher per app-type.
  matcher: ["/dashboard/:path*", "/settings/:path*"],
};

E-commerce schema: product catalog, carts & orders

• Product catalog & variants — products (display unit) and product_variants (buyable SKUs carrying price_cents and inventory_qty)
• Cart & checkout — carts (nullable user_id for guest shoppers) and cart_items (one row per variant per cart, quantity-bumped on re-add)
• Orders & line items — orders (captured totalCents + status walk) and order_items (frozen sku + unitPriceCents snapshot, variantId set-null on delete)

import { relations, sql } from "drizzle-orm";
import {
  check,
  index,
  integer,
  pgTable,
  text,
  timestamp,
  unique,
  uuid,
} from "drizzle-orm/pg-core";
// Better Auth owns identity; we only reference its `user` table by id.
import { user } from "./auth-schema";

export type OrderStatus = "pending" | "paid" | "shipped" | "cancelled";

/** Catalog product — the marketing/display unit. Money + stock live on the
 *  variant below, never here, so a product can have many priced SKUs. */
export const products = pgTable(
  "products",
  {
    id: uuid("id").primaryKey().defaultRandom(),
    slug: text("slug").notNull().unique(),
    name: text("name").notNull(),
    description: text("description"),
    createdAt: timestamp("created_at", { withTimezone: true })
      .notNull()
      .defaultNow(),
  },
  (t) => [index("idx_product_slug").on(t.slug)],
);

/** A buyable SKU under a product. Price (integer cents) and inventory live here
 *  because that's what a customer actually adds to a cart and pays for. */
export const productVariants = pgTable(
  "product_variants",
  {
    id: uuid("id").primaryKey().defaultRandom(),
    productId: uuid("product_id")
      .notNull()
      .references(() => products.id, { onDelete: "cascade" }),
    sku: text("sku").notNull().unique(),
    name: text("name").notNull(), // e.g. "Large / Black"
    // Money as integer cents — no float money in the catalog.
    priceCents: integer("price_cents").notNull().default(0),
    inventoryQty: integer("inventory_qty").notNull().default(0),
    createdAt: timestamp("created_at", { withTimezone: true })
      .notNull()
      .defaultNow(),
  },
  (t) => [index("idx_variant_product").on(t.productId)],
);

/** One open cart per shopper. userId is nullable so guests can shop before they
 *  authenticate; on login the app reassigns the guest cart to user.id. */
export const carts = pgTable(
  "carts",
  {
    id: uuid("id").primaryKey().defaultRandom(),
    // Better Auth's user.id is text — match it, don't recast. Nullable: a guest
    // cart has no user yet.
    userId: text("user_id").references(() => user.id, { onDelete: "cascade" }),
    createdAt: timestamp("created_at", { withTimezone: true })
      .notNull()
      .defaultNow(),
  },
  (t) => [index("idx_cart_user").on(t.userId)],
);

/** A variant + quantity in a cart. The composite unique keeps one row per
 *  variant per cart (the app bumps quantity instead of inserting duplicates). */
export const cartItems = pgTable(
  "cart_items",
  {
    id: uuid("id").primaryKey().defaultRandom(),
    cartId: uuid("cart_id")
      .notNull()
      .references(() => carts.id, { onDelete: "cascade" }),
    variantId: uuid("variant_id")
      .notNull()
      .references(() => productVariants.id, { onDelete: "cascade" }),
    quantity: integer("quantity").notNull().default(1),
  },
  (t) => [
    unique("cart_items_cart_variant_unique").on(t.cartId, t.variantId),
    index("idx_cart_item_cart").on(t.cartId),
  ],
);

/** A placed order. totalCents is the captured total at checkout; status walks
 *  the fulfilment states. userId is nullable to allow guest checkout. */
export const orders = pgTable(
  "orders",
  {
    id: uuid("id").primaryKey().defaultRandom(),
    userId: text("user_id").references(() => user.id, { onDelete: "set null" }),
    status: text("status").$type<OrderStatus>().notNull().default("pending"),
    totalCents: integer("total_cents").notNull().default(0),
    // ponytail: opaque payment-provider id (Stripe/etc.) — no provider FK needed.
    providerPaymentId: text("provider_payment_id"),
    createdAt: timestamp("created_at", { withTimezone: true })
      .notNull()
      .defaultNow(),
  },
  (t) => [
    index("idx_order_user").on(t.userId),
    index("idx_order_status").on(t.status),
    check(
      "orders_status_check",
      sql`${t.status} in ('pending','paid','shipped','cancelled')`,
    ),
  ],
);

/** Order line item. Snapshots unitPriceCents (and the SKU string) at purchase
 *  time so re-pricing or deleting a variant never rewrites order history — the
 *  variant FK is set null on delete, the snapshot stays. */
export const orderItems = pgTable(
  "order_items",
  {
    id: uuid("id").primaryKey().defaultRandom(),
    orderId: uuid("order_id")
      .notNull()
      .references(() => orders.id, { onDelete: "cascade" }),
    // Keep the line even if the catalog variant is later removed.
    variantId: uuid("variant_id").references(() => productVariants.id, {
      onDelete: "set null",
    }),
    // Frozen at checkout — the SKU and price as they were when bought.
    sku: text("sku").notNull(),
    unitPriceCents: integer("unit_price_cents").notNull(),
    quantity: integer("quantity").notNull().default(1),
  },
  (t) => [
    // Drives the "line items for this order" lookup.
    index("idx_order_item_order").on(t.orderId),
  ],
);

export const productsRelations = relations(products, ({ many }) => ({
  variants: many(productVariants),
}));

export const productVariantsRelations = relations(
  productVariants,
  ({ one, many }) => ({
    product: one(products, {
      fields: [productVariants.productId],
      references: [products.id],
    }),
    cartItems: many(cartItems),
    orderItems: many(orderItems),
  }),
);

export const cartsRelations = relations(carts, ({ one, many }) => ({
  user: one(user, { fields: [carts.userId], references: [user.id] }),
  items: many(cartItems),
}));

export const cartItemsRelations = relations(cartItems, ({ one }) => ({
  cart: one(carts, { fields: [cartItems.cartId], references: [carts.id] }),
  variant: one(productVariants, {
    fields: [cartItems.variantId],
    references: [productVariants.id],
  }),
}));

export const ordersRelations = relations(orders, ({ one, many }) => ({
  user: one(user, { fields: [orders.userId], references: [user.id] }),
  items: many(orderItems),
}));

export const orderItemsRelations = relations(orderItems, ({ one }) => ({
  order: one(orders, { fields: [orderItems.orderId], references: [orders.id] }),
  variant: one(productVariants, {
    fields: [orderItems.variantId],
    references: [productVariants.id],
  }),
}));

Connection & security

## Next.js 16 ↔ Postgres pooling (Neon pooled endpoint, PgBouncer transaction mode)

Connect through Neon's **pooled** endpoint (`-pooler` host) via `DATABASE_URL`. Serverless
functions are short-lived and concurrent, so PgBouncer in **transaction mode** is what keeps
Postgres' connection ceiling from being blown.

### `prepare: false` is mandatory
Transaction-mode PgBouncer hands each transaction a different backend, so server-side prepared
statements (postgres-js' default) silently break across the pool. Disable them on the client:
`postgres(url, { prepare: false })`. This is also why **Drizzle, not Prisma**, is paired here —
Prisma's prepared-statement reliance is a blocked intersection on this endpoint.

### Connection reuse
- Construct the postgres-js client at **module scope** (`src/lib/db.ts`) so warm function
  instances reuse one socket instead of opening one per request.
- Cap the driver pool small — `max: 1` per instance. The shared pool lives in PgBouncer, not in
  your function; a large per-instance `max` just multiplies idle connections across instances.
- Keep `idle_timeout` ~20s and `connect_timeout` ~10s so frozen instances release backends fast.

### No session-level features
Transaction mode forbids anything that spans transactions on one backend: `LISTEN/NOTIFY`,
session-scoped `SET`, advisory-lock sessions, server-side cursors, and `WITH HOLD`. Need any of
those? Use Neon's **direct** (non-pooled) endpoint for that path only.

### Thresholds
- Drizzle/postgres-js: `prepare: false`, `max: 1`, `idle_timeout: 20`, `connect_timeout: 10`.
- Neon Free pooled budget is ~10k client connections; keep concurrency well under the project's
  `max_connections` (often 100–900 by plan) by leaning on PgBouncer, never on driver pooling.

Decisions & compatibility

• Auth runs in proxy.ts (Next 16's renamed middleware) on the Edge runtime: it gates on the session cookie's presence only — full session validation happens in Server Components and route handlers, not in the proxy.
• prepare: false is mandatory — Neon's pooled endpoint is PgBouncer in transaction mode, where server-side prepared statements break across the pool.
• Drizzle is paired here (not Prisma): Prisma's prepared-statement reliance is incompatible with transaction-mode pooling.
• Self-hosted: Better Auth creates and owns the user/session/account tables in your database, so app-type schemas can foreign-key to `user` directly.
• Money is stored as integer cents on product_variants (price_cents) and snapshotted onto order_items (unit_price_cents) at checkout — repricing or deleting a variant never rewrites order history.
• cart_items carries a composite unique on (cart_id, variant_id) so the app bumps quantity rather than inserting duplicate rows; orders.status is a text + CHECK column (pending/paid/shipped/cancelled) to avoid ALTER TYPE migrations.

Related stacks

• Same stack, built for SaaS
• Same stack, built for AI Wrapper
• Same stack, built for Marketplace
• Same stack, built for Blog / CMS
• Same stack, built for CRM
• Same stack, with Clerk instead of Better Auth
• Same stack, built for LMS (learning platform)
• Same stack, built for Project management
• Same stack, built for Helpdesk / support
• Same stack, built for Booking / scheduling
• Same stack, built for Social network
• Same stack, built for Forum / community
• Same stack, built for Newsletter platform
• Same stack, built for Job board
• Same stack, built for Fintech ledger
• Same stack, built for Notes / knowledge base
• Same stack, built for Video platform
• Same stack, built for Product analytics
• Same stack, built for Fitness tracker
• Same stack, built for IoT telemetry