NextForgeDocs
Home

MongoDB

Mongoose-based auth and OTP storage with connection reuse, TTL cleanup for expired OTPs, and explicit input sanitization in server logic. This variant was validated end-to-end in a full credentials flow.

Setup

  1. Create a cluster in MongoDB Atlas.
  2. Create a database user with read and write access.
  3. Add your current IP to Network Access. For temporary local development, you can use 0.0.0.0/0.
  4. Copy the SRV connection string for your database.
  5. Paste it into .env.local as MONGODB_URI.
  6. Restart the dev server after changing env vars so Next.js reloads them.

Environment variables

.env.local
MONGODB_URI=mongodb+srv://username:password@cluster.mongodb.net/mydb?retryWrites=true&w=majority

Auth flow smoke test

  1. Register a new user from /register.
  2. Submit the verification OTP from your email.
  3. Log in from /login.
  4. Trigger forgot password from /forgot-password.
  5. Reset the password from /reset-password.
  6. Log in again with the new password.

That full sequence was validated during this release cycle and is the fastest way to prove your MongoDB variant is configured correctly.

Troubleshooting

Connection fails or times out

  • Re-check your Atlas IP allowlist. Local IP changes are a common cause of sudden connection failures.
  • Verify the username, password, database name, and cluster hostname in MONGODB_URI.
  • If you see an environment-variable error, confirm .env.local is present and restart the dev server.

Registration throws TypeError: next is not a function

That failure came from a legacy mongoose-sanitize plugin path. The current scaffold no longer depends on mongoose-sanitize. If you still see this, remove any old plugin registration from lib/db/mongo.ts and remove the package from your install.

Verification email arrives but password reset email does not

The current code now surfaces provider delivery failures instead of returning a false success. If reset emails still fail, inspect your Resend credentials, sender domain, and server logs rather than assuming MongoDB is the cause.

Sanitization

MongoDB sanitization is explicit in application logic. Server actions sanitize and validate input before any query runs, and stripMongoOperators removes operator-style keys such as $gt or dotted paths before they can reach Mongoose.

Previous

Overview

Next

Supabase