DEV Community: Wade Thomas The latest articles on DEV Community by Wade Thomas (@wadethomastt). https://dev.to/wadethomastt https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3850437%2F8d98205a-0b4e-4e70-abeb-0bb759317abf.jpg DEV Community: Wade Thomas https://dev.to/wadethomastt en Protecting Routes in TanStack Start with Zustand Wade Thomas Mon, 30 Mar 2026 04:54:07 +0000 https://dev.to/wadethomastt/protecting-routes-in-tanstack-start-with-zustand-2ci9 https://dev.to/wadethomastt/protecting-routes-in-tanstack-start-with-zustand-2ci9 <p>Route protection in TanStack Start doesn't have a built-in auth guard out of the box, but combining a Zustand store with a layout route gives you a clean, reusable solution that works well with SSR and hydration.</p> <p>Here's the full setup.</p> <h2> The Auth Store </h2> <p>First, the Zustand store. It persists the user to localStorage via the <code>persist</code> middleware and uses a <code>hasHydrated</code> flag to track when the store has been rehydrated from storage. This is critical — without it you'll get a flash of redirect on page load even for logged-in users.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">User</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/types</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">create</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zustand</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">persist</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zustand/middleware</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">logoutUser</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/directus</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">AuthState</span> <span class="p">{</span> <span class="nl">user</span><span class="p">:</span> <span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">hasHydrated</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">setHasHydrated</span><span class="p">:</span> <span class="p">(</span><span class="nx">state</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">setUser</span><span class="p">:</span> <span class="p">(</span><span class="nx">user</span><span class="p">:</span> <span class="nx">User</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="nl">logout</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span><span class="p">;</span> <span class="nl">isLoggedIn</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">boolean</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">useAuthStore</span> <span class="o">=</span> <span class="nx">create</span><span class="o">&lt;</span><span class="nx">AuthState</span><span class="o">&gt;</span><span class="p">()(</span> <span class="nf">persist</span><span class="p">(</span> <span class="p">(</span><span class="kd">set</span><span class="p">,</span> <span class="kd">get</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">user</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="na">hasHydrated</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">setHasHydrated</span><span class="p">:</span> <span class="p">(</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">set</span><span class="p">({</span> <span class="na">hasHydrated</span><span class="p">:</span> <span class="nx">state</span> <span class="p">}),</span> <span class="na">setUser</span><span class="p">:</span> <span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">set</span><span class="p">({</span> <span class="nx">user</span> <span class="p">}),</span> <span class="na">logout</span><span class="p">:</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">logoutUser</span><span class="p">();</span> <span class="nf">set</span><span class="p">({</span> <span class="na">user</span><span class="p">:</span> <span class="kc">null</span> <span class="p">});</span> <span class="p">},</span> <span class="na">isLoggedIn</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="o">!!</span><span class="nf">get</span><span class="p">().</span><span class="nx">user</span><span class="p">,</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">auth-storage</span><span class="dl">'</span><span class="p">,</span> <span class="na">onRehydrateStorage</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="nx">state</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">state</span><span class="p">?.</span><span class="nf">setHasHydrated</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="p">},</span> <span class="p">},</span> <span class="p">),</span> <span class="p">);</span> </code></pre> </div> <p>The <code>onRehydrateStorage</code> callback fires once Zustand has finished reading from localStorage and sets <code>hasHydrated</code> to <code>true</code>. This is the signal your protected layout waits for before making any redirect decisions.</p> <h2> The User Type </h2> <p>The <code>User</code> type maps directly to the Directus user fields you need in your app.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kr">interface</span> <span class="nx">User</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">first_name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">last_name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">avatar</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">location</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">description</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> The Protected Layout Route </h2> <p>TanStack Start's file-based routing lets you create layout routes that wrap child routes. The <code>_protectedLayout</code> route acts as an auth guard — it checks the store and redirects to login if no user is present.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="nx">MainLayout</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/components/layouts/MainLayout</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createFileRoute</span><span class="p">,</span> <span class="nx">useNavigate</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@tanstack/react-router</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useAuthStore</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/store/authStore</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useEffect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">Route</span> <span class="o">=</span> <span class="nf">createFileRoute</span><span class="p">(</span><span class="dl">'</span><span class="s1">/auth/_protectedLayout</span><span class="dl">'</span><span class="p">)({</span> <span class="na">component</span><span class="p">:</span> <span class="nx">ProtectedLayout</span><span class="p">,</span> <span class="na">notFoundComponent</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>This page doesn't exist!<span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;;</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">function</span> <span class="nf">ProtectedLayout</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">hasHydrated</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuthStore</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">navigate</span> <span class="o">=</span> <span class="nf">useNavigate</span><span class="p">();</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">hasHydrated</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="nf">navigate</span><span class="p">({</span> <span class="na">to</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/auth/login</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="p">},</span> <span class="p">[</span><span class="nx">user</span><span class="p">,</span> <span class="nx">hasHydrated</span><span class="p">]);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">hasHydrated</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nc">MainLayout</span> <span class="p">/&gt;;</span> <span class="p">}</span> </code></pre> </div> <p>The two guard conditions are important:</p> <ul> <li> <code>if (!hasHydrated) return null</code> — waits for the store to rehydrate before rendering anything, preventing a flash of redirect</li> <li> <code>if (!user) return null</code> — prevents rendering the layout while the redirect is in flight</li> </ul> <p>Only when both conditions pass does <code>MainLayout</code> render.</p> <h2> The Main Layout </h2> <p><code>MainLayout</code> is a standard shell component that renders your header, footer and the current route's content via <code>Outlet</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Outlet</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@tanstack/react-router</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Header</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../Header</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Footer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../Footer</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">MainLayout</span><span class="p">()</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Header</span> <span class="p">/&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"max-w-7xl mx-auto p-4"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Outlet</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Footer</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Any route nested under <code>_protectedLayout</code> automatically gets the auth guard and the shared layout — no need to add protection logic to individual routes.</p> <h2> How It All Fits Together </h2> <ol> <li>User logs in → <code>setUser</code> is called → Zustand persists the user to localStorage</li> <li>User revisits the app → Zustand rehydrates from localStorage → <code>hasHydrated</code> is set to <code>true</code> </li> <li>Protected layout checks <code>hasHydrated</code> and <code>user</code> → renders <code>MainLayout</code> if both pass</li> <li>User logs out → <code>logout</code> calls Directus, clears the user from the store → redirect to login</li> </ol> <p>This pattern keeps auth logic in one place, works cleanly with SSR hydration, and scales to as many protected routes as you need without repeating any guard logic.</p> <p>Have questions about the setup? Drop a comment below.</p> tanstack zustand webdev typescript Directus Auth out of the Box — Registration, Login, Email Verification and Password Reset Wade Thomas Mon, 30 Mar 2026 04:37:13 +0000 https://dev.to/wadethomastt/directus-auth-out-of-the-box-registration-login-email-verification-and-password-reset-5dba https://dev.to/wadethomastt/directus-auth-out-of-the-box-registration-login-email-verification-and-password-reset-5dba <p>One of the things I appreciate most about Directus is that authentication is built in. Registration, login, email verification, and password reset — all handled without reaching for a third party auth service like Auth0 or Clerk.</p> <p>Here's how I implement the full auth flow in a TanStack Start app using the Directus SDK.</p> <h2> User Registration </h2> <p>The SDK's <code>registerUser</code> function handles registration. You pass the email, password and any additional fields. The <code>verification_url</code> tells Directus where to redirect the user after they click the link in their email — Directus appends the token to that URL automatically.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">registerUser</span><span class="p">(</span> <span class="nx">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">firstName</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">lastName</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">options</span> <span class="o">=</span> <span class="p">{</span> <span class="na">first_name</span><span class="p">:</span> <span class="nx">firstName</span><span class="p">,</span> <span class="na">last_name</span><span class="p">:</span> <span class="nx">lastName</span><span class="p">,</span> <span class="na">verification_url</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_TANSTACK_URL</span><span class="p">}</span><span class="s2">/auth/verify-email`</span><span class="p">,</span> <span class="p">};</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">directus</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span> <span class="nf">registerUserDirectus</span><span class="p">(</span><span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="nx">options</span><span class="p">),</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Directus sends the verification email automatically via your configured SMTP provider. I use Resend — SMTP is configured directly in the Docker Compose file via environment variables and the whole setup takes just a few minutes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">EMAIL_TRANSPORT</span><span class="pi">:</span> <span class="s">smtp</span> <span class="na">EMAIL_SMTP_HOST</span><span class="pi">:</span> <span class="s">smtp.resend.com</span> <span class="na">EMAIL_SMTP_PORT</span><span class="pi">:</span> <span class="m">465</span> <span class="na">EMAIL_SMTP_USER</span><span class="pi">:</span> <span class="s">resend</span> <span class="na">EMAIL_SMTP_PASSWORD</span><span class="pi">:</span> <span class="s">your_resend_api_key</span> <span class="na">EMAIL_FROM</span><span class="pi">:</span> <span class="s">noreply@yourdomain.com</span> </code></pre> </div> <h2> Login </h2> <p>Logging in is a single call on the Directus client. Session cookies are handled automatically thanks to the <code>credentials: 'include'</code> config set up on the client.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">loginUser</span><span class="p">(</span><span class="nx">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">directus</span><span class="p">.</span><span class="nf">login</span><span class="p">({</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Clean, no token management, no localStorage juggling. The session is maintained via cookie.</p> <h2> Email Verification </h2> <p>When the user clicks the link in their verification email, they land on your <code>/auth/verify-email</code> route with a <code>token</code> in the query string. You take that token and hit Directus's verify endpoint directly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">function</span> <span class="nf">VerifyEmailComponent</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">token</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">Route</span><span class="p">.</span><span class="nf">useSearch</span><span class="p">();</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">status</span><span class="p">,</span> <span class="nx">setStatus</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span> <span class="dl">'</span><span class="s1">verifying</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">pending</span><span class="dl">'</span> <span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">pending</span><span class="dl">'</span><span class="p">);</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">verify</span><span class="p">()</span> <span class="p">{</span> <span class="nf">setStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">verifying</span><span class="dl">'</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_DIRECTUS_URL</span><span class="p">}</span><span class="s2">/users/register/verify-email?token=</span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span> <span class="p">},</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">setStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">verify</span><span class="p">();</span> <span class="p">},</span> <span class="p">[</span><span class="nx">token</span><span class="p">]);</span> <span class="p">}</span> </code></pre> </div> <p>The <code>status</code> state drives your UI — show a spinner while verifying, a success message on completion, or an error state if the token is invalid or expired.</p> <h2> Password Reset </h2> <p>The password reset flow works the same way — Directus emails the user a reset link with a token, they land on your reset page, and you POST the new password along with the token to Directus's reset endpoint.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">const</span> <span class="nx">handleSubmit</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">e</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">FormEvent</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">e</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">password</span> <span class="o">!==</span> <span class="nx">confirm</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Passwords do not match.</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="nf">setError</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_DIRECTUS_URL</span><span class="p">}</span><span class="s2">/auth/password/reset`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">token</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span> <span class="o">||</span> <span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">204</span><span class="p">)</span> <span class="p">{</span> <span class="nf">navigate</span><span class="p">({</span> <span class="na">to</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/auth/login</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to reset password. The link may have expired.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Something went wrong. Please try again.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>A 204 response means success — redirect the user to login. Handle expired tokens gracefully with a clear error message.</p> <h2> What Directus Handles For You </h2> <ul> <li>✅ Sending the verification email — via your SMTP provider configured in Docker Compose</li> <li>✅ Generating and validating tokens</li> <li>✅ Sending the password reset email</li> <li>✅ Session management via cookies</li> <li>✅ Secure password storage</li> </ul> <p>All you need is your SMTP credentials added to your Docker Compose file. I use Resend for email delivery — it's straightforward to set up and works reliably. Everything else is handled by Directus out of the box.</p> <p>This is the auth setup I use across all my TanStack Start projects. Combined with Directus roles and permissions, it covers everything a production app needs without adding a separate auth service to your stack.</p> <p>Have questions about the setup? Drop a comment below.</p> directus typescript webdev react Why I Switched to a VPS with Coolify for Hosting My Full Stack Apps Wade Thomas Mon, 30 Mar 2026 04:22:24 +0000 https://dev.to/wadethomastt/why-i-switched-to-a-vps-with-coolify-for-hosting-my-full-stack-apps-3hce https://dev.to/wadethomastt/why-i-switched-to-a-vps-with-coolify-for-hosting-my-full-stack-apps-3hce <p>There are plenty of great hosting options out there — Netlify, Vercel, Railway and more. I've tried a few of them and they all have their place. But after going through a few different setups, I landed on a VPS managed with Coolify and it's been the best experience for my workflow.</p> <p>Here's how I got there.</p> <h2> Where I Started </h2> <p>I started with Netlify. It's beginner friendly, deployment is simple and it works well for frontend projects. I then tried Vercel and that was also a solid experience — great DX, fast deploys, good defaults.</p> <p>Both are genuinely good platforms. But as my projects grew more complex — running a frontend, a Directus instance, a database — the platform costs and constraints started to feel limiting.</p> <h2> The Raw VPS Experiment </h2> <p>I decided to try self-hosting on an Ubuntu VPS with Nginx as my web server and reverse proxy. Manually configuring everything — SSL, domains, process management, deployments. It was a solid learning experience and I'd recommend it to anyone who wants to understand how hosting actually works under the hood.</p> <p>But it wasn't the ideal long-term setup. Too much manual work, too much that could go wrong quietly.</p> <h2> Discovering Coolify </h2> <p>Coolify changed things. It's a self-hosted platform that sits on top of your VPS and gives you:</p> <ul> <li> <strong>Automatic deployments</strong> — push code and your frontend deploys automatically via Git integration</li> <li> <strong>Docker Compose support</strong> — I manage my Directus instance and PostgreSQL database through Coolify using Docker Compose, which keeps everything clean and reproducible</li> <li> <strong>Reverse proxy handled for you</strong> — no more manually writing Nginx configs</li> <li> <strong>SSL out of the box</strong> — certificates are handled automatically</li> <li> <strong>No hidden fees</strong> — you pay for the VPS, that's it. Coolify itself is free to self-host</li> </ul> <h2> Full Control, Your Way </h2> <p>With a VPS you decide how it's configured. You're not subject to platform pricing changes, compute limits, or vendor lock-in. Everything runs on infrastructure you control.</p> <p>The tradeoff is responsibility — you manage the server, handle updates, and own any issues that come up. It's not the right fit for everyone.</p> <h2> Is It Worth It? </h2> <p>If you're comfortable with a bit of server management and want a flexible, cost-effective setup for running full stack apps, a VPS with Coolify is hard to beat. It's the sweet spot between the ease of a managed platform and the control of raw infrastructure.</p> <p>For my stack — TanStack Start on the frontend, Directus as the backend, PostgreSQL as the database — it handles everything cleanly in one place.</p> <p>Have questions about the setup or want to know if it's a good fit for your project? Drop a comment below.</p> devops webdev selfhosted coolify Why I Use Directus as My Backend — Flexible, Self-Hosted and Production Ready Wade Thomas Mon, 30 Mar 2026 04:15:39 +0000 https://dev.to/wadethomastt/why-i-use-directus-as-my-backend-flexible-free-and-production-ready-g6g https://dev.to/wadethomastt/why-i-use-directus-as-my-backend-flexible-free-and-production-ready-g6g <p>If you're looking for a backend that's flexible, affordable and genuinely enjoyable to work with, Directus is worth a serious look.</p> <p>Here's why it's become my default choice for full stack projects.</p> <h2> Free to Self-Host (With a Sensible Threshold) </h2> <p>Directus uses a BSL 1.1 license. If your organization has less than $5M in total annual income — revenue and funding combined — you can self-host it for free across all your projects, including production and commercial ones. No feature paywalls, no artificial limits.</p> <p>Once you're past that threshold, a commercial license is required. But for the vast majority of indie developers, freelancers, startups and small teams, it's completely free.</p> <h2> Works with Any SQL Database </h2> <p>Directus sits on top of your existing database rather than replacing it. It supports PostgreSQL, MySQL, SQLite, MariaDB and more. My preference is PostgreSQL — pair them together and you get a rock solid data layer with Directus handling the API, auth, and admin UI on top.</p> <h2> Flexible Data Structures </h2> <p>Whether you're building a simple blog, an e-commerce store, or a complex multi-tenant app, Directus adapts to your data model. You define your collections and fields, and Directus generates a full REST and GraphQL API automatically. No rigid schema to fight against.</p> <h2> Built-In Features That Scale With You </h2> <p>Starting small? Directus is simple enough to get up and running fast. Ready to grow? It has you covered:</p> <ul> <li> <strong>Authentication</strong> — built in, with session and token support</li> <li> <strong>Roles and Permissions</strong> — granular access control per collection and field</li> <li> <strong>Automation</strong> — flows and webhooks for backend logic without extra services</li> <li> <strong>Dashboard</strong> — a full admin UI out of the box for managing your data</li> <li> <strong>File Management</strong> — upload, transform and serve assets directly</li> </ul> <h2> Actively Maintained </h2> <p>Directus is backed by a strong team of developers and an active open source community. It's regularly updated, well documented, and not going anywhere. That matters when you're building something you plan to maintain long term.</p> <h2> Who It's For </h2> <ul> <li> <strong>Startups</strong> — get a full backend running quickly without over-engineering</li> <li> <strong>Freelancers</strong> — one backend you can reuse across different client projects</li> <li> <strong>Growing products</strong> — the feature set scales as your requirements do</li> <li> <strong>Developers who want control</strong> — self-host it, own your data, no vendor lock-in</li> </ul> <p>I use Directus with TanStack Start on the frontend and the Directus SDK for all data fetching. If you're exploring it for your next project and want to see how the integration works in practice, I've covered the SDK setup and data fetching patterns in previous posts on my profile.</p> <p>Have a project in mind and want to know if Directus is the right fit? Drop a comment and I'm happy to help.</p> direct webdev opensource backend TanStack Start: Metadata, Data Loading and Loading Skeletons in One Route File Wade Thomas Mon, 30 Mar 2026 04:11:22 +0000 https://dev.to/wadethomastt/tanstack-start-metadata-data-loading-and-loading-skeletons-in-one-route-file-1cpi https://dev.to/wadethomastt/tanstack-start-metadata-data-loading-and-loading-skeletons-in-one-route-file-1cpi <p>TanStack Start has become my go-to for full stack React apps. One of the things I enjoy most about it is how cleanly it handles three things that are usually spread across multiple files and libraries — metadata, data fetching, and loading UI — all colocated in a single route.</p> <p>Here's how I use <code>head</code>, <code>loader</code>, and <code>pendingComponent</code> together.</p> <h2> head — Per-Route Metadata </h2> <p><code>head</code> lets you define document-level metadata per route. Page title, meta description, open graph tags — all scoped to that route without a global workaround or a third party head manager.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="nx">head</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">meta</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">All Articles — Big Cats</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">description</span><span class="dl">'</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Every story, every species.</span><span class="dl">'</span> <span class="p">},</span> <span class="p">],</span> <span class="p">}),</span> </code></pre> </div> <p>Each route owns its own SEO info. No context providers, no helmet libraries, no prop drilling.</p> <h2> loader — Data Fetching Before Render </h2> <p><code>loader</code> is where you fetch everything your route needs. It runs on the server or client depending on your SSR config, and the data it returns is available in your component via <code>useLoaderData</code>. Parallel fetches with <code>Promise.all</code> are the standard pattern here.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="nx">loader</span><span class="p">:</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">posts</span><span class="p">,</span> <span class="nx">categories</span><span class="p">]</span> <span class="o">=</span> <span class="k">await</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">all</span><span class="p">([</span> <span class="nf">getPosts</span><span class="p">(),</span> <span class="nf">getCategories</span><span class="p">()</span> <span class="p">])</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">posts</span><span class="p">,</span> <span class="nx">categories</span> <span class="p">}</span> <span class="p">},</span> </code></pre> </div> <p>Both fetches run in parallel — no waterfall, no useEffect, no loading state management in the component. The data is just there when the component renders.</p> <h2> pendingComponent — Skeleton While the Loader Resolves </h2> <p><code>pendingComponent</code> renders while the loader is still resolving. It's the right place for skeletons or placeholder UI. The <code>pendingMs</code> and <code>pendingMinMs</code> options give you timing control — useful for avoiding a skeleton flash on fast connections while still showing it on slow ones.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="nx">pendingComponent</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nt">main</span> <span class="na">className</span><span class="p">=</span><span class="s">"min-h-screen bg-black text-white"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">section</span> <span class="na">className</span><span class="p">=</span><span class="s">"border-b border-white/10 px-6 py-16 text-center"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-4xl font-bold tracking-tight md:text-6xl"</span><span class="p">&gt;</span> All Articles <span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span> <span class="na">className</span><span class="p">=</span><span class="s">"mt-3 text-white/50"</span><span class="p">&gt;</span>Every story, every species.<span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">section</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">section</span> <span class="na">className</span><span class="p">=</span><span class="s">"mx-auto max-w-6xl px-6 py-16"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">PostGridSkeleton</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nt">section</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">main</span><span class="p">&gt;</span> <span class="p">),</span> </code></pre> </div> <p>The layout and headings render immediately while <code>PostGridSkeleton</code> holds the place for the actual content. The page feels instant even on slower connections.</p> <h2> All Together in One Route </h2> <p>What I appreciate most is that all three live in the same route file. The metadata, the data fetching, and the loading UI are colocated — no jumping between files to understand what a route does.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">Route</span> <span class="o">=</span> <span class="nf">createFileRoute</span><span class="p">(</span><span class="dl">'</span><span class="s1">/articles</span><span class="dl">'</span><span class="p">)({</span> <span class="na">head</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">meta</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">All Articles — Big Cats</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">description</span><span class="dl">'</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Every story, every species.</span><span class="dl">'</span> <span class="p">},</span> <span class="p">],</span> <span class="p">}),</span> <span class="na">loader</span><span class="p">:</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">posts</span><span class="p">,</span> <span class="nx">categories</span><span class="p">]</span> <span class="o">=</span> <span class="k">await</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">all</span><span class="p">([</span> <span class="nf">getPosts</span><span class="p">(),</span> <span class="nf">getCategories</span><span class="p">()</span> <span class="p">])</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">posts</span><span class="p">,</span> <span class="nx">categories</span> <span class="p">}</span> <span class="p">},</span> <span class="na">pendingComponent</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nt">main</span> <span class="na">className</span><span class="p">=</span><span class="s">"min-h-screen bg-black text-white"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">section</span> <span class="na">className</span><span class="p">=</span><span class="s">"border-b border-white/10 px-6 py-16 text-center"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span> <span class="na">className</span><span class="p">=</span><span class="s">"text-4xl font-bold tracking-tight md:text-6xl"</span><span class="p">&gt;</span> All Articles <span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span> <span class="na">className</span><span class="p">=</span><span class="s">"mt-3 text-white/50"</span><span class="p">&gt;</span>Every story, every species.<span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">section</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">section</span> <span class="na">className</span><span class="p">=</span><span class="s">"mx-auto max-w-6xl px-6 py-16"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">PostGridSkeleton</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nt">section</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">main</span><span class="p">&gt;</span> <span class="p">),</span> <span class="p">})</span> </code></pre> </div> <p>If you're evaluating TanStack Start for your next full stack project, this colocation pattern alone is worth the look. Everything your route needs — SEO, data, loading UI — in one place.</p> <p>I pair this with Directus as my CMS and Tailwind CSS v4 for styling. The <code>getPosts()</code> and <code>getCategories()</code> calls come from a single <code>directus.ts</code> file using the Directus SDK — I covered that setup in a previous post if you want to see how that layer is structured.</p> tanstack react typescript webdev Rendering Rich Text Safely in TanStack Start with Directus, DOMPurify & Tailwind Typography Wade Thomas Mon, 30 Mar 2026 04:04:31 +0000 https://dev.to/wadethomastt/rendering-rich-text-safely-in-tanstack-start-with-directus-dompurify-tailwind-typography-16b6 https://dev.to/wadethomastt/rendering-rich-text-safely-in-tanstack-start-with-directus-dompurify-tailwind-typography-16b6 <p>If you're using Directus as a headless CMS, the built-in WYSIWYG editor outputs raw HTML. The challenge is rendering it in React safely, with proper styling, and without reaching for <code>dangerouslySetInnerHTML</code>.</p> <p>Here's how to solve it with three packages working together.</p> <h2> The Stack </h2> <ul> <li> <strong>DOMPurify</strong> — sanitizes HTML, stripping XSS vectors before they touch the DOM</li> <li> <strong>html-react-parser</strong> — converts sanitized HTML into React elements</li> <li> <strong>Tailwind CSS v4 Typography</strong> — styles everything automatically with the <code>prose</code> class</li> </ul> <h2> Installing the Packages </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>dompurify html-react-parser npm <span class="nb">install</span> @tailwindcss/typography </code></pre> </div> <h2> Step 1 — Sanitize the HTML </h2> <p>Create a reusable utility function that runs DOMPurify on any HTML string coming from Directus. The <code>typeof window === 'undefined'</code> guard handles SSR — DOMPurify is browser-only.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">sanitizeHtml</span> <span class="o">=</span> <span class="p">(</span><span class="nx">html</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nb">window</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">undefined</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="nx">html</span><span class="p">;</span> <span class="k">return</span> <span class="nx">DOMPurify</span><span class="p">.</span><span class="nf">sanitize</span><span class="p">(</span><span class="nx">html</span><span class="p">);</span> <span class="p">};</span> </code></pre> </div> <h2> Step 2 — Parse and Render </h2> <p>Pass the sanitized HTML through <code>html-react-parser</code> to convert it into React elements. Wrap it in a <code>prose</code> div and Tailwind Typography handles all the styling.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="nx">parse</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">html-react-parser</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">sanitizeHtml</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/utils/sanitizeHtml</span><span class="dl">'</span><span class="p">;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="err">"</span><span class="na">prose</span> <span class="na">dark</span><span class="err">:</span><span class="na">prose-invert</span> <span class="na">prose-ul</span><span class="err">:</span><span class="na">text-foreground</span> <span class="na">prose-li</span><span class="err">:</span><span class="na">marker</span><span class="err">:</span><span class="na">text-foreground</span> <span class="na">prose-strong</span><span class="err">:</span><span class="na">text-foreground</span> <span class="na">max-w-none</span><span class="err">"</span><span class="p">&gt;</span> <span class="si">{</span><span class="nf">parse</span><span class="p">(</span><span class="nf">sanitizeHtml</span><span class="p">(</span><span class="nx">product</span><span class="p">.</span><span class="nx">description</span><span class="p">))</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> </code></pre> </div> <h2> What You Get </h2> <ul> <li>✅ XSS safe — DOMPurify strips malicious scripts before rendering</li> <li>✅ No <code>dangerouslySetInnerHTML</code> — html-react-parser converts to React elements directly</li> <li>✅ Dark mode ready — <code>prose-invert</code> handles the color flip automatically</li> <li>✅ Design system aware — <code>prose-strong:text-foreground</code> and <code>prose-ul:text-foreground</code> pull from your CSS variables so text always matches your theme</li> <li>✅ Headings, lists, bold, spacing — all styled automatically by Tailwind Typography</li> </ul> <h2> Why Not Just Use dangerouslySetInnerHTML? </h2> <p><code>dangerouslySetInnerHTML</code> renders raw HTML with no sanitization. If your CMS content ever contains injected scripts — whether from a compromised editor, a bad import, or a malicious user — it executes directly in the browser. DOMPurify + html-react-parser gives you the same rendered output with none of the risk.</p> <p>This pattern works with any headless CMS that outputs HTML from a rich text editor — Directus, Payload, Strapi, or Contentful. One utility function and a prose wrapper is all it takes.</p> directus webdev typescript react Connecting TanStack Start to Directus with the SDK — Type-Safe Data Fetching in One File Wade Thomas Mon, 30 Mar 2026 03:45:05 +0000 https://dev.to/wadethomastt/connecting-tanstack-start-to-directus-with-the-sdk-type-safe-data-fetching-in-one-file-1e0c https://dev.to/wadethomastt/connecting-tanstack-start-to-directus-with-the-sdk-type-safe-data-fetching-in-one-file-1e0c <p>If you're using Directus as your headless CMS and TanStack Start for your frontend, you don't need to write manual fetch calls or build your own auth headers. The Directus SDK handles all of it cleanly.</p> <p>Here's how I structure a single <code>directus.ts</code> file that covers authentication, typed data fetching, filtering, CRUD operations and file uploads.</p> <h2> Installing the SDK </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @directus/sdk </code></pre> </div> <h2> Setting Up the Client </h2> <p>Create the client once and export it. Passing your schema type as a generic is what unlocks end-to-end type safety across every request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">Product</span><span class="p">,</span> <span class="nx">Navigation</span><span class="p">,</span> <span class="nx">CartItem</span><span class="p">,</span> <span class="nx">Order</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/types</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">authentication</span><span class="p">,</span> <span class="nx">createDirectus</span><span class="p">,</span> <span class="nx">rest</span><span class="p">,</span> <span class="nx">readItems</span><span class="p">,</span> <span class="nx">createItem</span><span class="p">,</span> <span class="nx">updateItem</span><span class="p">,</span> <span class="nx">deleteItem</span><span class="p">,</span> <span class="nx">readMe</span><span class="p">,</span> <span class="nx">updateMe</span><span class="p">,</span> <span class="nx">deleteUser</span><span class="p">,</span> <span class="nx">uploadFiles</span><span class="p">,</span> <span class="nx">registerUser</span> <span class="k">as</span> <span class="nx">registerUserDirectus</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@directus/sdk</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">directusUrl</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_DIRECTUS_URL</span> <span class="o">??</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_DIRECTUS_URL</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">https://your-directus-url.com</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">directus</span> <span class="o">=</span> <span class="nf">createDirectus</span><span class="p">(</span><span class="nx">directusUrl</span><span class="p">)</span> <span class="p">.</span><span class="nf">with</span><span class="p">(</span><span class="nf">authentication</span><span class="p">(</span><span class="dl">'</span><span class="s1">session</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">'</span><span class="s1">include</span><span class="dl">'</span> <span class="p">}))</span> <span class="p">.</span><span class="nf">with</span><span class="p">(</span><span class="nf">rest</span><span class="p">({</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">'</span><span class="s1">include</span><span class="dl">'</span> <span class="p">}));</span> </code></pre> </div> <p>Using <code>authentication('session')</code> with <code>credentials: 'include'</code> means cookies are handled automatically — no manual token management needed.</p> <h2> Fetching Data with Full Type Safety </h2> <p>Each collection gets its own exported async function with a typed return value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getProducts</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Product</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">items</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">directus</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span><span class="nf">readItems</span><span class="p">(</span><span class="dl">'</span><span class="s1">products</span><span class="dl">'</span><span class="p">));</span> <span class="k">return</span> <span class="nx">items</span> <span class="k">as</span> <span class="nx">Product</span><span class="p">[];</span> <span class="p">}</span> </code></pre> </div> <h2> Filtering is First-Class </h2> <p>The SDK's filter syntax maps directly to Directus's query engine — no raw query strings, no URL building.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getProductsByCategory</span><span class="p">(</span> <span class="nx">category</span><span class="p">:</span> <span class="kr">string</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Product</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">items</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">directus</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span> <span class="nf">readItems</span><span class="p">(</span><span class="dl">'</span><span class="s1">products</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">filter</span><span class="p">:</span> <span class="p">{</span> <span class="na">category</span><span class="p">:</span> <span class="p">{</span> <span class="na">_eq</span><span class="p">:</span> <span class="nx">category</span> <span class="p">}</span> <span class="p">},</span> <span class="p">})</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">items</span> <span class="k">as</span> <span class="nx">Product</span><span class="p">[];</span> <span class="p">}</span> </code></pre> </div> <h2> What Else is Covered </h2> <p>The same client and pattern covers the full CRUD surface:</p> <ul> <li> <code>readItems</code> — fetch collections</li> <li> <code>createItem</code> — insert records</li> <li> <code>updateItem</code> — update records</li> <li> <code>deleteItem</code> — delete records</li> <li> <code>uploadFiles</code> — handle file uploads</li> <li> <code>readMe</code> / <code>updateMe</code> / <code>deleteUser</code> — user profile management</li> <li> <code>registerUser</code> — user registration</li> </ul> <p>All importable directly from @directus/sdk — the SDK provides typed functions and you bring your own collection types for end-to-end type safety.</p> <h2> Using it in a TanStack Start Loader </h2> <p>TanStack Start's file-based routing and loader pattern pairs perfectly with this setup. Data is fetched server-side and ready before the component renders.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">Route</span> <span class="o">=</span> <span class="nf">createFileRoute</span><span class="p">(</span><span class="dl">'</span><span class="s1">/products</span><span class="dl">'</span><span class="p">)({</span> <span class="na">loader</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nf">getProducts</span><span class="p">()</span> <span class="p">});</span> </code></pre> </div> <p>No boilerplate, no custom wrappers, no type assertions. One file, full coverage.</p> <p>If you're evaluating Directus as a headless CMS for a TanStack Start project this setup gets you up and running quickly with a clean, maintainable data layer from day one.</p> directus tanstack typescript webdev