@arcjet/decorate

@arcjet/decorate

Arcjet utilities for decorating responses with information.

Installation

npm install -S @arcjet/decorate

Example

import arcjet, { fixedWindow } from "@arcjet/next";
import { setRateLimitHeaders } from "@arcjet/decorate";
import { NextApiRequest, NextApiResponse } from "next";

const aj = arcjet({
  key: process.env.ARCJET_KEY!, // Get your site key from https://app.arcjet.com
  rules: [
    // Create a fixed window rate limit. Other algorithms are supported.
    fixedWindow({
      mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
      window: "1m", // 1 min fixed window
      max: 1, // allow a single request
    }),
  ],
});

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse,
) {
  const decision = await aj.protect(req);

  setRateLimitHeaders(res, decision);

  if (decision.isDenied()) {
    return res.status(429).json({
      error: "Too Many Requests",
      reason: decision.reason,
    });
  }

  res.status(200).json({ name: "Hello world" });
}

License

Licensed under the Apache License, Version 2.0.

Changelog

1.0.0-alpha.28 (2024-10-23)

⚠ BREAKING CHANGES

• ip: Accept Request or IncomingMessage directly (#2018)
• ip: Exit early if platform-specific headers are missing IP (#2021)
• Ensure performance metrics are scoped to same call (#2019)
• Return ERROR decision when fingerprint cannot be generated (#1990)
• protocol: Remove received_at and decision fields from Report (#1988)
• analyze: improve sensitive info string token accuracy (#1962)
• Update Wasm with phone-number fix and tokenizer update (#1854)
• Remove match option from rate limit rules (#1815)

🚀 New Features

• Add Remix adapter (#1866) (32d6d41), closes #1313
• analyze: improve sensitive info string token accuracy (#1962) (abad1bd)
• ip: Accept Request or IncomingMessage directly (#2018) (1704da8), closes #1904
• ip: Add Vercel platform-specific IP header detection (#2022) (d886c76)
• nextjs: Support Next.js Server Actions (#1991) (07e68dc), closes #1200
• Use waitUntil for Report call if available (#1838) (2851021), closes #884

🪲 Bug Fixes

• arcjet: Ensure performance measurements are 1-to-1 and always captured (#1858) (4d29f9a)
• Ensure performance metrics are scoped to same call (#2019) (e9f869c), closes #1865
• ip: Exit early if platform-specific headers are missing IP (#2021) (1a13d9c)
• nestjs: Lookup request from GraphQL context in ArcjetGuard (#1857) (c0b2903), closes #1856
• Return ERROR decision when fingerprint cannot be generated (#1990) (618a1ee), closes #1801
• Update Wasm with phone-number fix and tokenizer update (#1854) (f94f078)

🧹 Miscellaneous Chores

• Add README links for new adapters (#1831) (81885d9), closes #1813
• analyze: Regenerate Wasm with updated dependencies (#2067) (f96994c)
• examples: Reorganize examples for clarity and decoupling from Next.js version (#2017) (8568bf2)
• examples: Various cleanup (#2066) (c626228)
• protocol: Remove received_at and decision fields from Report (#1988) (3da543e)
• Remove match option from rate limit rules (#1815) (853119d), closes #1810