chore(next): upgrade to Next.js 16.1.4 + React 19.2.3 — codemod, API fixes, and proxy migration

[umanda]

Summary: Upgrade the app to Next.js 16.1.4 and React 19.2.3 using the official Next codemod, apply required runtime fixes, and migrate middleware to the new proxy pattern so the app builds and runs under Next 16.

Why: Next 16 brings new server runtime behavior (Headers handling, route collection), codemod automates many changes but some call-sites and third-party integrations needed manual fixes to match the new context shapes.

Key changes:

• Upgraded dependencies: next → 16.1.4, react / react-dom → 19.2.3, and related dev & lint packages.
• Ran the official Next codemod and committed its automated transforms.
• Replaced legacy middleware usage with proxy export and updated matcher logic.
• Converted Headers instances returned by headers() into plain header objects before passing to server APIs.
• Ensured calls to auth.api.getSession receive an explicit context object that includes headers and query to satisfy the auth library's expectations.
• Fixed various server-route and server-component call-sites impacted by the runtime change (e.g., subscription, dashboard, and helper libraries).
• Updated lint config/script to the new flat ESLint layout produced by the codemod.

Files/areas touched (high level):

• Build/config: package.json, package-lock.json, eslint.config.mjs
• Runtime entry / middleware: added proxy.ts (replaces previous middleware)
• Server routes/components: multiple app/* server components and app/api/*/route.ts handlers
• Lib helpers: lib/* modules which call the auth API

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 63cc45624f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep Next middleware discoverable

Next.js only runs middleware when it finds a root middleware.ts/src/middleware.ts and an exported middleware function; renaming the file to proxy.ts and the export to proxy means this logic will never execute in a standard Next.js build. That removes the redirect guard for /sign-in, /sign-up, and /dashboard (logged-in users can see auth pages and unauthenticated requests won’t be intercepted until page-level checks run). If you’re not wiring a new proxy entrypoint elsewhere, this should stay as middleware.ts with an exported middleware function.

Useful? React with 👍 / 👎.

[greptile-apps]

Greptile Overview

Greptile Summary

Migrated the app from Next.js 15 to 16.1.4 and React 18 to 19.2.3, applying both automated codemod changes and manual runtime compatibility fixes.

Key changes:

• Replaced middleware.ts with proxy.ts export pattern (Next.js 16 requirement)
• Converted all headers() call-sites to pass plain objects instead of Headers instances to auth.api.getSession
• Added explicit query: {} parameter to all auth.api.getSession calls for better-auth compatibility
• Upgraded ESLint to v9 with flat config format
• Improved upload-image route with explicit nodejs runtime and better filename sanitization
• Updated TypeScript config to include Next.js 16 dev types

All auth integration points have been systematically updated to handle the new Next.js 16 server runtime behavior. The middleware logic remains unchanged, only the export pattern was updated.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The upgrade follows Next.js official migration patterns with systematic, well-understood changes. All auth integration points have been consistently updated to handle the new Headers behavior, the middleware-to-proxy migration is a straightforward rename, and the improvements to upload-image add safety. No breaking changes to business logic were introduced.
• No files require special attention

Important Files Changed

Filename	Overview
package.json	Successfully upgraded Next.js to 16.1.4, React to 19.2.3, and updated dev dependencies (ESLint 9, new type definitions)
proxy.ts	New proxy export pattern replaces middleware.ts (Next 16 requirement), identical auth logic preserved
app/api/subscription/route.ts	Converted Headers instance to plain object and added query parameter for better-auth compatibility
lib/subscription.ts	Converted Headers instance to plain object and added query parameter for better-auth compatibility
app/dashboard/page.tsx	Converted Headers instance to plain object and added query parameter for better-auth compatibility
app/api/upload-image/route.ts	Added nodejs runtime declaration, improved file validation (Set instead of Array.includes), better filename sanitization

Sequence Diagram

sequenceDiagram
    participant Client
    participant Proxy as proxy.ts
    participant Route as API Route
    participant Auth as better-auth
    participant DB as Database

    Note over Proxy: Next.js 16 middleware pattern
    Client->>Proxy: Request to protected route
    Proxy->>Proxy: Validate session cookie
    alt No session
        Proxy->>Client: Redirect to sign-in
    else Valid
        Proxy->>Route: Forward request
    end

    Note over Route,Auth: Updated auth integration
    Route->>Route: Convert Headers to plain object
    Route->>Auth: Call getSession with headers object
    Auth->>DB: Validate session
    DB->>Auth: Session data
    Auth->>Route: Return session
    Route->>Client: Send response

Loading

[michaelshimeles]

I'm rebuilding the template to a new version really soon, will be changing the tech stack so won't be merging this