Discovering "App Template"
By
The Quable Team
This is a guide to help you understand the Quable App template built with Next.js 16 and React 19.
Project structure
The Quable App template is built with Next.js App Router, leveraging React Server Components, Server Actions, and file-based routing to provide a modern, performant architecture.
.
├── prisma/
│ ├── schema.prisma # Database schema definition
│ └── migrations/ # Database migration files
├── scripts/
│ └── banner.js # Dev server banner script
├── src/
│ ├── app/ # Next.js App Router
│ │ ├── layout.tsx # Root layout with providers
│ │ ├── globals.css # Global styles
│ │ ├── route.ts # Main API route (GET/POST /)
│ │ ├── error/
│ │ │ └── page.tsx # Error page
│ │ ├── readme/
│ │ │ └── page.tsx # Documentation page
│ │ ├── permission/
│ │ │ └── route.ts # GET /permission endpoint
│ │ ├── install/
│ │ │ └── route.ts # POST /install endpoint
│ │ └── [session]/ # Dynamic session routes
│ │ ├── (slots)/ # Grouped slot-based pages
│ │ │ ├── page/
│ │ │ │ └── page.tsx # Default page slot
│ │ │ ├── document.action.single/
│ │ │ │ └── page.tsx # Single document action slot
│ │ │ ├── document.action.bulk/
│ │ │ │ └── page.tsx # Bulk document action slot
│ │ │ └── document.page.tab/
│ │ │ └── page.tsx # Document page tab slot
│ │ └── product/
│ │ └── page.tsx # Product listing page
│ ├── components/ # Reusable React components
│ │ ├── SessionDetails.tsx # Session info display (Server Component)
│ │ └── ToastContainer/
│ │ ├── ToastContainer.tsx # Toast notification wrapper
│ │ └── ToastContainer.scss
│ ├── lib/ # Shared utilities
│ │ ├── prisma.ts # Prisma client singleton
│ │ ├── session.ts # Session management utilities
│ │ └── actions/ # Server Actions
│ │ ├── key-value.ts # Key-value operations
│ │ └── products.ts # Product fetching
│ ├── providers/
│ │ └── react-query.tsx # React Query provider
│ ├── proxy.ts # Middleware for session validation
│ └── i18n/
│ └── request.ts # next-intl configuration
├── translations/
│ ├── en.json # English translations
│ └── fr.json # French translations
├── .env # Environment variables
├── .env.dist # Environment template
├── next.config.ts # Next.js configuration
├── prisma.config.ts # Prisma configuration
├── tsconfig.json # TypeScript configuration
├── eslint.config.mjs # ESLint configuration
├── .prettierrc # Prettier configuration
├── quable.app.yml # Quable App manifest
└── package.json # Dependencies and scriptsConfiguration files
quable.app.yml
The quable.app.yml file at the root of the project is the Quable App manifest. It declares the application type and the required PIM permissions:
application_type: in_app
quable_pim_scope:
- full_accessapplication_type: Defines how the app integrates with the PIM (in_appmeans it runs inside the PIM interface).quable_pim_scope: The permissions your app needs from the PIM.
next.config.ts
The Next.js configuration handles CORS, Server Actions origins, and image optimization:
import type { NextConfig } from "next";
import createNextIntlPlugin from "next-intl/plugin";
const nextConfig: NextConfig = {
experimental: {
serverActions: {
allowedOrigins:
process.env.NODE_ENV === "development"
? (process.env.DEV_ALLOWED_ORIGINS || "").split(",")
: [],
},
},
images: {
remotePatterns: [
{
protocol: "https",
hostname: "**",
},
],
},
async headers() {
return [
{
source: "/:path*",
headers: [
{ key: "Access-Control-Allow-Origin", value: "*" },
{ key: "Vary", value: "Origin" },
{ key: "Access-Control-Allow-Methods", value: "*" },
{ key: "Access-Control-Allow-Headers", value: "*" },
{ key: "Access-Control-Max-Age", value: "86400" },
],
},
];
},
};
const withNextIntl = createNextIntlPlugin();
export default withNextIntl(nextConfig);Key points:
- Server Actions CORS: In development, allowed origins are read from
DEV_ALLOWED_ORIGINSenv variable. - Remote images: All HTTPS image hosts are allowed (needed for PIM asset thumbnails).
- CORS headers: Configured on all routes since the app runs inside the Quable PIM iframe.
Environment variables (.env)
DATABASE_URL="file:./prisma/dev.db"
NEXT_PUBLIC_APP_URL=https://<your-tunnel>.devtunnels.ms
DEV_ALLOWED_ORIGINS=<your-tunnel>.devtunnels.msDATABASE_URL: SQLite database file path.NEXT_PUBLIC_APP_URL: The public URL of your app (tunnel URL during development).DEV_ALLOWED_ORIGINS: Allowed origins for Server Actions during development.
package.json scripts
{
"scripts": {
"dev": "node scripts/banner.js && next dev",
"build": "node scripts/banner.js && next build",
"start": "node scripts/banner.js && next start",
"lint": "eslint",
"format": "prettier --write .",
"format:check": "prettier --check ."
}
}Root layout and providers
The root layout (src/app/layout.tsx) wraps the entire application with the necessary providers:
import type { Metadata } from "next";
import { Poppins } from "next/font/google";
import { NextIntlClientProvider } from "next-intl";
import { ThemeContextProvider } from "@quable/ui/theme";
import ReactQueryProvider from "@/providers/react-query";
import { ToastContainer } from "@/components/ToastContainer/ToastContainer";
import "@quable/ui/theme/index.css";
import "@quable/ui/index.css";
import "./globals.css";
const poppinsFont = Poppins({
variable: "--font-poppins-sans",
subsets: ["latin"],
weight: ["400", "500", "600", "700"],
});
export const metadata: Metadata = {
title: "Quable App Template",
description: "Quable App Template with Next.js and @quable/ui",
};
export default function RootLayout({
children,
}: Readonly<{ children: React.ReactNode }>) {
return (
<html lang="en">
<body className={`${poppinsFont.className} antialiased`}>
<ReactQueryProvider>
<ThemeContextProvider>
<NextIntlClientProvider>{children}</NextIntlClientProvider>
<ToastContainer />
</ThemeContextProvider>
</ReactQueryProvider>
</body>
</html>
);
}Provider chain (from outer to inner):
- ReactQueryProvider — Enables data fetching with
useQueryanduseMutationhooks. - ThemeContextProvider — Applies the Quable UI design system theme.
- NextIntlClientProvider — Provides internationalization to client components.
- ToastContainer — Renders toast notifications (react-toastify).
Routing
The template uses the Next.js App Router with file-based routing.
Session-based dynamic routes
All user-facing pages live under src/app/[session]/, where [session] is a dynamic parameter containing the session UUID:
src/app/[session]/
├── (slots)/ # Route group (no URL segment)
│ ├── page/page.tsx # → /:sessionId/page
│ ├── document.action.single/page.tsx # → /:sessionId/document.action.single
│ ├── document.action.bulk/page.tsx # → /:sessionId/document.action.bulk
│ └── document.page.tab/page.tsx # → /:sessionId/document.page.tab
└── product/page.tsx # → /:sessionId/productSlot system
Quable PIM uses a slot system to integrate apps into different areas of the interface:
When the PIM calls your app, it sends a POST request with the slot name. Your app creates a session and returns the URL for the appropriate slot page.
Middleware
The middleware file (src/proxy.ts) intercepts all requests to session-based routes and validates the session:
import { NextRequest, NextResponse } from "next/server";
import { getSession } from "./lib/session";
export const config = {
matcher: [
"/((?!api|_next/static|_next/image|assets|favicon.ico|sw.js|site.webmanifest).*)",
"/((?!_next|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)",
"/(api|trpc)(.*)",
],
};
export const proxy = async (request: NextRequest) => {
const { nextUrl } = request;
const pathname = nextUrl.pathname + (nextUrl.search || "");
let response: NextResponse;
if (pathname.match(/^\/[a-zA-Z0-9-]+\/.+$/)) {
const sessionId = pathname.split("/")[1];
const session = await getSession(sessionId);
if (!session) {
return NextResponse.redirect(new URL("/error", request.url));
}
const requestHeaders = new Headers(request.headers);
requestHeaders.set("x-session-id", sessionId);
response = NextResponse.next({
request: { headers: requestHeaders },
});
response.cookies.set("locale", session.interfaceLocale);
response.cookies.set("sessionId", sessionId, {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "strict",
});
} else {
response = NextResponse.next();
}
return response;
};For routes matching /:sessionId/*, the middleware:
- Extracts the session ID from the URL.
- Validates the session exists in the database and hasn't expired (24h TTL).
- Redirects to
/errorif the session is invalid. - Sets cookies:
locale(for i18n) andsessionId(httpOnly, secure). - Adds
x-session-idheader to the request for downstream use.
API routes
Root route (src/app/route.ts)
Handles two flows for session creation:
GET / — AppStore flow (user opens the app from the PIM AppStore):
export async function GET(request: NextRequest): Promise<NextResponse> {
const { searchParams } = new URL(request.url);
const applicationType = searchParams.get("applicationType");
const quableInstanceName = searchParams.get("quableInstanceName");
// ... extract interfaceLocale, dataLocale, userId
if (applicationType === "AppStore" && quableInstanceName && ...) {
const instanceData = await prisma.quableInstance.findUnique({
where: { name: quableInstanceName },
});
const session = await prisma.session.create({
data: { userId: parseInt(userId, 10), dataLocale, interfaceLocale, quableInstanceId: instanceData.id },
});
return NextResponse.redirect(
new URL(`${process.env.NEXT_PUBLIC_APP_URL}/${session.id}/page`, request.url)
);
}
return NextResponse.json({ message: "Service is running" });
}POST / — Slot flow (PIM triggers an app slot):
export async function POST(request: NextRequest): Promise<NextResponse> {
const body = await request.json();
const { searchParams } = new URL(request.url);
const slot = searchParams.get("slot");
const { data } = body;
// Validate instance, create session with documentIds
const session = await prisma.session.create({
data: {
userId: data.userId,
dataLocale: data.dataLocale,
interfaceLocale: data.interfaceLocale,
documentIds: data.documentIds ?? [],
quableInstanceId: instanceData.id,
},
});
return NextResponse.json({
url: `${process.env.NEXT_PUBLIC_APP_URL}/${session.id}/${slot}`,
err: 0,
});
}Install route (src/app/install/route.ts)
Called when the app is installed on a Quable PIM instance:
import prisma from "@/lib/prisma";
import { QuablePimClient } from "@quable/quable-pim-js";
import { NextResponse } from "next/server";
export async function POST(request: Request): Promise<NextResponse> {
const payload = await request.json();
const { quableInstanceName, quableAuthToken } = payload.data;
// Validate the token by making a test API call
const pimClient = new QuablePimClient({
apiToken: quableAuthToken,
instanceName: quableInstanceName,
});
await pimClient.API.REST.User.getAll({ limit: 1, type: "api" });
// Store or update the instance credentials
await prisma.quableInstance.upsert({
where: { name: quableInstanceName },
create: { name: quableInstanceName, token: quableAuthToken },
update: { name: quableInstanceName, token: quableAuthToken },
});
return NextResponse.json(
{ message: `QuableApp installed on ${quableInstanceName}.quable.com` },
{ status: 200 }
);
}Permission route (src/app/permission/route.ts)
Returns the app's required PIM permissions (read from quable.app.yml):
import { NextResponse } from "next/server";
import { readFile } from "fs/promises";
import * as yaml from "js-yaml";
import { join } from "path";
export async function GET(): Promise<NextResponse> {
const filePath = join(process.cwd(), "quable.app.yml");
const yamlContent = await readFile(filePath, "utf8");
const config = yaml.load(yamlContent) as { quable_pim_scope: string[] };
return NextResponse.json(config.quable_pim_scope);
}Server Actions
Server Actions replace the traditional controller/service pattern. They are functions marked with "use server" that run on the server and can be called directly from client components.
Server Actions are located in src/lib/actions/:
// src/lib/actions/products.ts
"use server";
import { QuablePimClient } from "@quable/quable-pim-js";
import prisma from "../prisma";
import { getCurrentSession } from "../session";
export async function getProducts() {
const session = await getCurrentSession();
if (!session) throw new Error("Session not found");
const quableInstance = await prisma.quableInstance.findUniqueOrThrow({
where: { id: session.quableInstanceId },
});
const quablePimClient = new QuablePimClient({
apiToken: quableInstance.token,
instanceName: quableInstance.name,
});
const products = await quablePimClient.API.REST.Document.getAll({});
return products.map((product) => ({
image: product.mainAssetThumbnailUrl,
name: product.attributes[`${product.documentType.id}_name`]?.[session.dataLocale] || product.id,
code: product.id,
productType: product.documentType.id,
}));
}Server Actions are then called from client components using React Query:
"use client";
import { useQuery } from "@tanstack/react-query";
import { getProducts } from "@/lib/actions/products";
const { data: products, isLoading } = useQuery({
queryKey: ["products"],
queryFn: () => getProducts(),
});Server vs Client Components
In Next.js App Router, components are Server Components by default. Add "use client" at the top of a file to make it a Client Component.
Example Server Component — SessionDetails.tsx:
import { getCurrentSession } from "@/lib/session";
export default async function SessionDetails() {
const session = await getCurrentSession();
if (!session) return <Typography>No active session</Typography>;
return (
<TableContainer component={Paper}>
{/* Render session data directly — no hooks needed */}
</TableContainer>
);
}Example Client Component — Form with mutations:
"use client";
import { useMutation } from "@tanstack/react-query";
import { useForm } from "react-hook-form";
export default function HomePage() {
const { register, handleSubmit } = useForm();
const { mutateAsync } = useMutation({
mutationFn: (data) => addKeyValue(data.key, data.value),
});
// ...
}State management
The template uses React Query (TanStack Query) for server state management.
The provider is set up in src/providers/react-query.tsx:
"use client";
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import { useState, type ReactNode } from "react";
function ReactQueryProvider({ children }: { children: ReactNode }) {
const [client] = useState(new QueryClient());
return <QueryClientProvider client={client}>{children}</QueryClientProvider>;
}
export default ReactQueryProvider;Fetching data with useQuery:
const { data, isLoading } = useQuery({
queryKey: ["products"],
queryFn: () => getProducts(),
});Mutating data with useMutation:
const { isPending, mutateAsync } = useMutation({
mutationFn: (data: { key: string; value: string }) =>
addKeyValue(data.key, data.value),
onSuccess: (data) => {
if (data.keyValue) toast.success("Success!");
},
});Internationalization
The template supports multiple languages using next-intl.
Configuration (src/i18n/request.ts)
import { getRequestConfig } from "next-intl/server";
import { cookies } from "next/headers";
const SUPPORTED_LOCALES = ["en", "fr"];
const DEFAULT_LOCALE = "en";
export default getRequestConfig(async () => {
const cookieStore = await cookies();
const sessionLocale = cookieStore.get("locale")?.value;
const locale = sessionLocale?.split("-")[0] ?? DEFAULT_LOCALE;
const selectedLocale = SUPPORTED_LOCALES.includes(locale) ? locale : DEFAULT_LOCALE;
const messages = (await import(`../../translations/${selectedLocale}.json`)).default;
return { locale: selectedLocale, messages };
});The locale is determined from the locale cookie, which is set by the middleware based on the user's interfaceLocale.
Translation files
Translations are stored in translations/en.json and translations/fr.json:
{
"common": {
"app_name": "Quable App Template",
"save": "Save",
"key_required": "Key is required",
"value_required": "Value is required"
},
"products_page": {
"title": "Products",
"columns": {
"product_name": "Product Name",
"product_code": "Product Code"
}
}
}Usage in components
Client components use the useTranslations hook:
"use client";
import { useTranslations } from "next-intl";
export default function MyComponent() {
const t = useTranslations("common");
return <Button>{t("save")}</Button>;
}Server Actions use getTranslations:
"use server";
import { getTranslations } from "next-intl/server";
export async function myAction() {
const t = await getTranslations("common");
return { error: t("toasts.error_message") };
}UI layer
The template uses @quable/ui (Quable's design system built on top of MUI) combined with Tailwind CSS for styling.
@quable/ui components
import { TextField, Button, DataTable, EmptyState, Chip } from "@quable/ui";MUI components
import { Box, Card, CardHeader, CardContent, Typography, Grid } from "@mui/material";
import { OpenInNew } from "@mui/icons-material";
import { GridColDef } from "@mui/x-data-grid-pro";Styling options
- Tailwind CSS: Utility classes (
className="p-4 flex items-center") - MUI sx prop: Inline styles (
sx={{ display: "flex", justifyContent: "center" }}) - Sass: Component-level styles (
.scssfiles) - CSS variables: Quable theme tokens (
var(--q-space-500))
You now have a complete overview of the Quable App template architecture. In the next steps, we'll dive deeper into database interactions, the Quable PIM API, and webhook events.