npm - @arcjet/astro - Versions diffs - 1.0.0-beta.9 → 1.1.0-rc - Mend

@arcjet/astro 1.0.0-beta.9 → 1.1.0-rc

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/internal.js CHANGED Viewed

@@ -1,13 +1,15 @@
 import core__default from 'arcjet';
 export * from 'arcjet';
-import findIP, { parseProxy } from '@arcjet/ip';
-import ArcjetHeaders from '@arcjet/headers';
-import { baseUrl, isDevelopment, logLevel, platform } from '@arcjet/env';
+import { readBodyWeb } from '@arcjet/body';
+import findIp, { parseProxy } from '@arcjet/ip';
+import { ArcjetHeaders } from '@arcjet/headers';
+import { logLevel, isDevelopment, baseUrl, platform } from '@arcjet/env';
 import { Logger } from '@arcjet/logger';
 import { createClient } from '@arcjet/protocol/client.js';
 import { createTransport } from '@arcjet/transport';
-import { VERCEL, FLY_APP_NAME, ARCJET_LOG_LEVEL, ARCJET_KEY, ARCJET_ENV, ARCJET_BASE_URL } from 'astro:env/server';
+import { VERCEL, RENDER, FLY_APP_NAME, FIREBASE_CONFIG, ARCJET_LOG_LEVEL, ARCJET_KEY, ARCJET_ENV, ARCJET_BASE_URL } from 'astro:env/server';
+let warnedForAutomaticBodyRead = false;
 // We use a middleware to store the IP address on a `Request` with this symbol.
 // This is due to Astro inconsistently using `Symbol.for("astro.clientAddress")`
 // to store the client address and not exporting it from their module.
@@ -17,36 +19,28 @@ const env = {
     ARCJET_ENV,
     ARCJET_KEY,
     ARCJET_LOG_LEVEL,
+    FIREBASE_CONFIG,
     FLY_APP_NAME,
-    VERCEL,
     // `MODE` is only set on `import.meta.env`.
     MODE: import.meta.env.MODE,
+    RENDER,
+    VERCEL,
 };
-// TODO: Deduplicate with other packages
-function errorMessage(err) {
-    if (err) {
-        if (typeof err === "string") {
-            return err;
-        }
-        if (typeof err === "object" &&
-            "message" in err &&
-            typeof err.message === "string") {
-            return err.message;
-        }
-    }
-    return "Unknown problem";
-}
+/**
+ * Create a remote client.
+ *
+ * @param options
+ *   Configuration (optional).
+ * @returns
+ *   Client.
+ */
 function createRemoteClient(options) {
-    // The base URL for the Arcjet API. Will default to the standard production
-    // API unless environment variable `ARCJET_BASE_URL` is set.
     const url = options?.baseUrl ?? baseUrl(env);
-    // The timeout for the Arcjet API in milliseconds. This is set to a low value
-    // in production so calls fail open.
     const timeout = options?.timeout ?? (isDevelopment(env) ? 1000 : 500);
     // Transport is the HTTP client that the client uses to make requests.
     const transport = createTransport(url);
     const sdkStack = "ASTRO";
-    const sdkVersion = "1.0.0-beta.9";
+    const sdkVersion = "1.1.0-rc";
     return createClient({
         transport,
         baseUrl: url,
@@ -56,12 +50,16 @@ function createRemoteClient(options) {
     });
 }
 /**
- * Create a new {@link ArcjetAstro} client. Always build your initial client
- * outside of a request handler so it persists across requests. If you need to
- * augment a client inside a handler, call the `withRule()` function on the base
- * client.
+ * Create a new Astro integration of Arcjet.
  *
- * @param options - Arcjet configuration options to apply to all requests.
+ * @template Rules
+ *   List of rules.
+ * @template Characteristics
+ *   Characteristics to track a user by.
+ * @param options
+ *   Configuration.
+ * @returns
+ *   Astro integration of Arcjet.
  */
 function createArcjetClient(options) {
     const client = options.client ?? createRemoteClient();
@@ -81,14 +79,15 @@ function createArcjetClient(options) {
         if (!clientAddress) {
             throw new Error("`protect()` cannot be used in prerendered pages");
         }
-        const cookies = request.headers.get("cookie") ?? undefined;
+        const cookies = request.headers.get("cookie") ?? "";
         // We construct an ArcjetHeaders to normalize over Headers
         const headers = new ArcjetHeaders(request.headers);
         const url = new URL(request.url);
-        let ip = findIP({
-            ip: clientAddress,
-            headers,
-        }, { platform: platform(env), proxies });
+        const xArcjetIp = isDevelopment(env)
+            ? headers.get("x-arcjet-ip")
+            : undefined;
+        let ip = xArcjetIp ||
+            findIp({ ip: clientAddress, headers }, { platform: platform(env), proxies });
         if (ip === "") {
             // If the `ip` is empty but we're in development mode, we default the IP
             // so the request doesn't fail.
@@ -112,31 +111,35 @@ function createArcjetClient(options) {
         };
     }
     function withClient(aj) {
-        return Object.freeze({
+        const client = {
             withRule(rule) {
                 const client = aj.withRule(rule);
                 return withClient(client);
             },
-            async protect(request, ...[props]) {
-                // TODO(#220): The generic manipulations get really mad here, so we cast
-                // Further investigation makes it seem like it has something to do with
-                // the definition of `props` in the signature but it's hard to track down
-                const req = toArcjetRequest(request, props ?? {});
+            async protect(request, props) {
+                // Cast of `{}` because here we switch from `undefined` to `Properties`.
+                const req = toArcjetRequest(request, props || {});
                 const getBody = async () => {
-                    try {
-                        const clonedRequest = request.clone();
-                        // Awaited to throw if it rejects and we'll just return undefined
-                        const body = await clonedRequest.text();
-                        return body;
+                    const clonedRequest = request.clone();
+                    let expectedLength;
+                    const expectedLengthString = request.headers.get("content-length");
+                    if (typeof expectedLengthString === "string") {
+                        expectedLength = parseInt(expectedLengthString, 10);
                     }
-                    catch (e) {
-                        log.error("failed to get request body: %s", errorMessage(e));
-                        return;
+                    // HEAD and GET requests do not have a body.
+                    if (!clonedRequest.body) {
+                        throw new Error("Cannot read body: body is missing");
                     }
+                    if (!warnedForAutomaticBodyRead) {
+                        warnedForAutomaticBodyRead = true;
+                        log.warn("Automatically reading the request body is deprecated; please pass an explicit `sensitiveInfoValue` field. See <https://docs.arcjet.com/upgrading/sdk-migration>.");
+                    }
+                    return readBodyWeb(clonedRequest.body, { expectedLength });
                 };
                 return aj.protect({ getBody }, req);
             },
-        });
+        };
+        return Object.freeze(client);
     }
     const aj = core__default({ ...options, client, log });
     return withClient(aj);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@arcjet/astro",
-  "version": "1.0.0-beta.9",
+  "version": "1.1.0-rc",
   "description": "Arcjet helps developers protect their Astro sites in just a few lines of code. Bot detection. Rate limiting. Email validation. Attack protection. Data redaction. A developer-first approach to security.",
   "keywords": [
     "analyze",
@@ -46,29 +46,30 @@
   "scripts": {
     "build": "rollup --config rollup.config.js",
     "lint": "eslint .",
-    "prepublishOnly": "npm run build",
-    "test": "npm run build && npm run lint"
+    "test-api": "node --test -- test/*.test.js",
+    "test-coverage": "node --experimental-test-coverage --test -- test/*.test.js",
+    "test": "npm run build && npm run lint && npm run test-coverage"
   },
   "dependencies": {
-    "@arcjet/env": "1.0.0-beta.9",
-    "@arcjet/headers": "1.0.0-beta.9",
-    "@arcjet/ip": "1.0.0-beta.9",
-    "@arcjet/logger": "1.0.0-beta.9",
-    "@arcjet/protocol": "1.0.0-beta.9",
-    "@arcjet/transport": "1.0.0-beta.9",
-    "arcjet": "1.0.0-beta.9"
+    "@arcjet/body": "1.1.0-rc",
+    "@arcjet/env": "1.1.0-rc",
+    "@arcjet/headers": "1.1.0-rc",
+    "@arcjet/ip": "1.1.0-rc",
+    "@arcjet/logger": "1.1.0-rc",
+    "@arcjet/protocol": "1.1.0-rc",
+    "@arcjet/transport": "1.1.0-rc",
+    "arcjet": "1.1.0-rc"
   },
   "peerDependencies": {
     "astro": "^5.9.3"
   },
   "devDependencies": {
-    "@arcjet/eslint-config": "1.0.0-beta.9",
-    "@arcjet/rollup-config": "1.0.0-beta.9",
-    "@arcjet/tsconfig": "1.0.0-beta.9",
-    "@rollup/wasm-node": "4.44.2",
-    "astro": "5.11.0",
-    "eslint": "9.30.1",
-    "typescript": "5.8.3"
+    "@arcjet/eslint-config": "1.1.0-rc",
+    "@arcjet/rollup-config": "1.1.0-rc",
+    "@rollup/wasm-node": "4.57.0",
+    "astro": "5.16.15",
+    "eslint": "9.39.2",
+    "typescript": "5.9.3"
   },
   "publishConfig": {
     "access": "public",