A production-quality portfolio website built with Next.js, featuring a Super Game Boy pea-green aesthetic with enhanced vibrant colors, modern portfolio design principles, full offline support (PWA), and comprehensive full-stack implementations. Optimized for Vercel Free Tier - no custom domain required!
- Framework: Next.js 16.0.7 (App Router)
- Runtime: Node.js
- Language: TypeScript
- Styling: Tailwind CSS
- Deployment: Vercel Free Tier (automatic
.vercel.appdomain) - PWA: Service Worker + IndexedDB for offline support
- Theme: Super Game Boy - Fixed color scheme, no theme switching
- ✅ Server-Side Rendering (SSR)
- ✅ Client hydration
- ✅ Request batching
- ✅ Local caching (SWR + IndexedDB)
- ✅ Polling / revalidation logic
- ✅ Offline asset / API caching
- ✅ Next.js Route Handlers (
/app/api/*) - ✅ CORS policy configuration
- ✅ Rate limiting using proxy (Next.js 16+)
- ✅ Input validation
- ✅ Logging / observability
- ✅ Security headers
- ✅ Database abstraction (in-memory with Redis-ready structure)
- ✅ Query optimization (pagination, indexing)
- ✅ Server-side caching (ISR / revalidate)
- ✅ Stale-while-revalidate strategy
- ✅ Stale-while-revalidate
- ✅ Cache invalidation
- ✅ Rate limiting thresholds
- ✅ Backpressure / error fallback behavior
- BOOT SCREEN - SSR loading screen with Super Game Boy boot sequence
- MAIN MENU - Keyboard navigation (↑↓ keys + Enter) - Desktop focused experience
- PROFILE - Tech skills as modules (enhanced Super Game Boy colors)
- PROJECTS - Cartridge list with batched APIs
- SYSTEM STATUS - Health checks
- NETWORK - Polling status with cache indicators
- DEBUG - SSR timing, cache stats, rate limit info
- Dark:
#0f380f(Deep forest green - background) - Medium:
#306230(Medium green - frames) - Light:
#8bac0f(Bright pea-green - buttons) - Lighter:
#9bbc0f(Light pea-green - screen/text) - Accent:
#c4cf9f(Super Game Boy accent - highlights) - Border:
#1a1a1a(Black borders) - Shadow:
#2d5016(Shadow green)
- ✅ Responsive design (mobile-first)
- ✅ Accessibility (ARIA labels, keyboard navigation)
- ✅ Smooth scrolling and transitions
- ✅ Enhanced typography and spacing
- ✅ Interactive hover states
- ✅ Better touch targets (min 44px)
- ✅ Semantic HTML structure
- ✅ No theme switching - Fixed Super Game Boy aesthetic
This project includes comprehensive mitigations for the critical RCE vulnerability in React Server Components and Next.js:
- Next.js: 16.0.7 (patched version)
- React: 19.2.1 (patched version)
- Request Body Size Limits: Maximum 10KB body size enforced
- Content-Type Validation: Whitelist of allowed content types
- Payload Validation: Whitelist schema validation for server actions
- Nested Object Depth Limits: Maximum 3 levels of nesting
- Prototype Pollution Prevention: Blocks
__proto__,constructor,prototypekeys - Suspicious Pattern Detection: Blocks
eval,Function,requirein payloads
See lib/security.ts for all security utilities. These are integrated into:
- API route handlers (
app/api/*/route.ts) - Middleware (
middleware.ts)
GABECZH/
├── app/
│ ├── api/ # API routes with CORS, rate limiting
│ │ ├── projects/
│ │ ├── status/
│ │ ├── network/
│ │ └── debug/
│ ├── profile/ # Profile page
│ ├── projects/ # Projects page
│ ├── status/ # System status
│ ├── network/ # Network status
│ ├── debug/ # Debug panel
│ ├── layout.tsx # Root layout with PWA registration
│ ├── page.tsx # Home page with boot screen
│ └── globals.css # Game Boy theme styles
├── components/ # React components
│ ├── BootScreen.tsx
│ ├── MainMenu.tsx
│ ├── ProjectsList.tsx
│ ├── SystemStatus.tsx
│ ├── NetworkStatus.tsx
│ └── DebugPanel.tsx
├── lib/
│ ├── cache.ts # IndexedDB caching utilities
│ └── security.ts # Security validation functions
├── public/
│ ├── sw.js # Service Worker
│ └── manifest.json # PWA manifest
├── proxy.ts # Rate limiting & CORS (Next.js 16+ proxy convention)
├── next.config.ts # Next.js config with security headers
└── package.json
-
Install dependencies:
npm install
-
Run development server:
npm run dev
-
Build for production:
npm run build npm start
-
Push to GitHub:
git add . git commit -m "Initial commit" git push origin main
-
Deploy to Vercel Free Tier:
- Sign up at https://vercel.com (free)
- Connect your GitHub repository
- Vercel will automatically detect Next.js
- Deploy!
- Your site will be live at
your-project.vercel.app(free tier)
-
Environment Variables (if needed):
- Add any required environment variables in Vercel dashboard
- Free tier supports unlimited environment variables
- ✅ Automatic
.vercel.appdomain (no custom domain purchase needed) - ✅ Unlimited deployments
- ✅ Preview deployments for every PR
- ✅ Serverless Functions (100GB-hours/month)
- ✅ Edge Network & CDN
- ✅ Automatic SSL certificates
- ✅ Environment variables
- ✅ Analytics (limited)
Note: This project is optimized for Vercel Free Tier - no custom domain configuration required!
- Dark:
#0f380f(Deep forest green - background) - Medium:
#306230(Medium green - frames) - Light:
#8bac0f(Bright pea-green - buttons) - Lighter:
#9bbc0f(Light pea-green - screen/text) - Accent:
#c4cf9f(Super Game Boy accent - highlights) - Border:
#1a1a1a(Black borders) - Shadow:
#2d5016(Shadow green)
Note: Fixed color scheme - no theme switching. Pure Super Game Boy aesthetic!
- Font: Monospace (pixel font for nostalgia)
- Size: 16px base (improved readability)
- Line height: 1.6 (better spacing)
- Letter spacing: 0.5px
- Text rendering: optimizeLegibility
- Font smoothing: antialiased
- SWR: React hooks for data fetching with revalidation
- IndexedDB: Persistent cache for API responses
- Service Worker: Cache-first for static assets, network-first for API
- ISR: Incremental Static Regeneration with 30s revalidate
- In-Memory Cache: API response caching (production: use Redis)
- Stale-While-Revalidate: Serve stale data while fetching fresh
- Limit: 100 requests per minute per IP
- Headers:
X-RateLimit-Limit,X-RateLimit-Remaining,X-RateLimit-Reset - Response: 429 Too Many Requests when exceeded
- Allowed Origins: Configurable in
proxy.ts - Methods: GET, POST, OPTIONS
- Headers: Content-Type, Authorization
- Query parameter validation
- Body size limits (10KB)
- Content-type whitelist
- Payload schema validation
- Static Assets: Cache-first strategy
- API Routes: Network-first with cache fallback
- Offline Fallback: Returns cached data or error message
- Stores API responses with TTL
- Automatic expiration
- Used by client components for offline access
- Boot screen displays correctly
- Navigation works with keyboard (↑↓ Enter)
- All pages load with SSR
- API routes respond correctly
- Rate limiting works
- Offline mode functions
- Service Worker registers
- Cache statistics update
- App Router: Using Next.js 16 App Router for modern SSR
- TypeScript: Full type safety
- Tailwind CSS: Utility-first CSS with custom Game Boy theme
- SWR: Data fetching with built-in caching and revalidation
- In-Memory Cache: Simple for demo, Redis-ready structure for production
- Service Worker: Custom implementation for full control
- Security Headers: Configured in
next.config.ts - Input Validation: All user input validated
- Rate Limiting: Prevents abuse
- CORS: Properly configured
- Body Size Limits: Prevents DoS
- Content-Type Validation: Prevents injection
- Payload Sanitization: Whitelist-based validation
- In-Memory Cache: Not persistent across server restarts (use Redis in production)
- Rate Limiting: In-memory (use Redis for distributed systems)
- Mock Data: Projects are hardcoded (replace with real database)
- Add real database (PostgreSQL/MongoDB)
- Implement Redis for distributed caching
- Add authentication
- Implement real-time updates
- Add more Game Boy sound effects
- Improve animations
MIT
Built with ❤️ and Game Boy nostalgia