Architecture

Overview

What I Do Today is a server-rendered Next.js app (App Router) with Prisma + PostgreSQL, supporting personal and team analytics workflows.

Stack

• Frontend + server: Next.js (React)
• Database: PostgreSQL
• ORM: Prisma
• Auth: JWT cookie sessions
• Export:
  • CSV: API route + scheduled runner
  • PDF: API route + pdf-lib
• Test framework: Vitest

High-Level Components

flowchart TD
  U["User (Browser)"] --> N["Next.js App"]
  N --> A["Server Actions"]
  N --> R["API Routes"]
  N --> P["Analytics/Team Pages"]
  A --> G["Security Guards (CSRF + Rate Limit)"]
  A --> L["Audit Logging"]
  R --> G
  A --> PR["Prisma Client"]
  R --> PR
  P --> PR
  C["Cron Runner (scheduled exports)"] --> PR
  PR --> D["PostgreSQL"]

App Modules

• src/app/page.tsx: daily dashboard, planning, drift, AI narrative
• src/app/analytics/*: range/weekly/monthly analytics
• src/app/team/page.tsx: team dashboard
• src/app/settings/team/page.tsx: team member RBAC management
• src/app/settings/automation/page.tsx: scheduled export management
• src/app/actions/index.ts: server actions (auth, CRUD, RBAC, planning, automation, AI)
• src/app/api/export/*/route.ts: CSV/PDF export APIs (personal/team + date/range)
• src/lib/security.ts: CSRF origin guard + action rate limiting
• src/lib/audit.ts: audit log writer
• src/lib/analytics.ts: range analytics, trend, drill-down aggregation
• src/lib/drift.ts: planned-vs-actual focus drift detection
• src/lib/export.ts: reusable CSV/PDF report generation
• src/lib/scheduled-exports.ts: due schedule processor
• scripts/run-scheduled-exports.ts: manual/cron runner entrypoint

Security Baseline

• Password hashes only (bcryptjs)
• HTTP-only signed JWT session cookie
• CSRF mitigation using origin/referer + fetch-site validation on mutating actions
• In-memory request rate limiting for auth/actions/export APIs
• Audit log table for sensitive/critical actions

Time Zone Handling

• App day and analytics windows are based on APP_TIME_ZONE
• Default timezone: Asia/Kuala_Lumpur
• Canonical date format: YYYY-MM-DD

Operational Notes

• Scheduled exports persist into exports/<userId>/...
• npm run cron:exports can be invoked via cron/PM2 scheduler
• OpenAI narrative generation is optional; fallback narrative is local deterministic logic