feat(ip)!: Accept Request or IncomingMessage directly (#2018)

This changes the `findIP` API so it can accept a `Request` object directly. This is achieved by requiring the `headers` field on the first argument. I've combined the separate "request-like" and "headers" argument into one. This is primarily being done so `@arcjet/ip` can be used with Next.js 15 which [removed the `ip` property from `NextRequest`](https://nextjs.org/docs/canary/app/building-your-application/upgrading/version-15#nextrequest-geolocation). Ref #1904
arcjet · Oct 23, 2024 · 1704da8 · 1704da8
1 parent d886c76
commit 1704da8
Show file tree

Hide file tree

Showing 19 changed files with 363 additions and 173 deletions.
diff --git a/arcjet-bun/index.ts b/arcjet-bun/index.ts
@@ -203,8 +203,8 @@ export default function arcjet<
         // workaround to the API design in Bun that requires access to the
         // `Server` to lookup an IP.
         ip: ipCache.get(request),
+        headers,
       },
-      headers,
       { platform: platform(env) },
     );
     if (ip === "") {

diff --git a/arcjet-deno/index.ts b/arcjet-deno/index.ts
@@ -205,8 +205,8 @@ export default function arcjet<
         // workaround to the API design in Deno that requires access to the
         // `ServeHandlerInfo` to lookup an IP.
         ip: ipCache.get(request),
+        headers,
       },
-      headers,
       { platform: platform(env) },
     );
     if (ip === "") {

diff --git a/arcjet-nest/index.ts b/arcjet-nest/index.ts
@@ -216,7 +216,14 @@ function arcjet<
     // We construct an ArcjetHeaders to normalize over Headers
     const headers = new ArcjetHeaders(request.headers);
 
-    let ip = findIP(request, headers, { platform: platform(process.env) });
+    let ip = findIP(
+      {
+        ip: request.ip,
+        socket: request.socket,
+        headers,
+      },
+      { platform: platform(process.env) },
+    );
     if (ip === "") {
       // If the `ip` is empty but we're in development mode, we default the IP
       // so the request doesn't fail.

diff --git a/arcjet-next/index.ts b/arcjet-next/index.ts
@@ -255,7 +255,16 @@ export default function arcjet<
     // We construct an ArcjetHeaders to normalize over Headers
     const headers = new ArcjetHeaders(request.headers);
 
-    let ip = findIP(request, headers, { platform: platform(process.env) });
+    let ip = findIP(
+      {
+        ip: request.ip,
+        socket: request.socket,
+        info: request.info,
+        requestContext: request.requestContext,
+        headers,
+      },
+      { platform: platform(process.env) },
+    );
     if (ip === "") {
       // If the `ip` is empty but we're in development mode, we default the IP
       // so the request doesn't fail.

diff --git a/arcjet-node/index.ts b/arcjet-node/index.ts
@@ -205,7 +205,13 @@ export default function arcjet<
     // We construct an ArcjetHeaders to normalize over Headers
     const headers = new ArcjetHeaders(request.headers);
 
-    let ip = findIP(request, headers, { platform: platform(process.env) });
+    let ip = findIP(
+      {
+        socket: request.socket,
+        headers,
+      },
+      { platform: platform(process.env) },
+    );
     if (ip === "") {
       // If the `ip` is empty but we're in development mode, we default the IP
       // so the request doesn't fail.

diff --git a/arcjet-remix/index.ts b/arcjet-remix/index.ts
@@ -180,8 +180,8 @@ export default function arcjet<
       {
         // The `getLoadContext` API will attach the `ip` to the context
         ip: context?.ip,
+        headers,
       },
-      headers,
       { platform: platform(process.env) },
     );
     if (ip === "") {

diff --git a/arcjet-sveltekit/index.ts b/arcjet-sveltekit/index.ts
@@ -194,8 +194,8 @@ export default function arcjet<
     let ip = findIP(
       {
         ip: event.getClientAddress(),
+        headers,
       },
-      headers,
       { platform: platform(process.env) },
     );
     if (ip === "") {

diff --git a/examples/nextjs-14-clerk-rl/app/api/arcjet/route.ts b/examples/nextjs-14-clerk-rl/app/api/arcjet/route.ts
@@ -1,6 +1,7 @@
 import arcjet, { ArcjetDecision, tokenBucket, shield } from "@arcjet/next";
 import { NextRequest, NextResponse } from "next/server";
 import { currentUser } from "@clerk/nextjs/server";
+import ip from "@arcjet/ip";
 
 // The root Arcjet client is created outside of the handler.
 const aj = arcjet({
@@ -49,7 +50,7 @@ export async function GET(req: NextRequest) {
       })
     );
 
-    const fingerprint = req.ip!
+    const fingerprint = ip(req);
 
     // Deduct 5 tokens from the token bucket
     decision = await rl.protect(req, { fingerprint, requested: 5 });

diff --git a/examples/nextjs-14-clerk-rl/package-lock.json b/examples/nextjs-14-clerk-rl/package-lock.json
diff --git a/examples/nextjs-14-clerk-rl/package.json b/examples/nextjs-14-clerk-rl/package.json
@@ -9,6 +9,7 @@
     "lint": "next lint"
   },
   "dependencies": {
+    "@arcjet/ip": "file:../../ip",
     "@arcjet/next": "file:../../arcjet-next",
     "@clerk/nextjs": "^5.7.5",
     "next": "^14.2.15",

diff --git a/examples/nextjs-14-nextauth-4/app/api/arcjet/route.ts b/examples/nextjs-14-nextauth-4/app/api/arcjet/route.ts
@@ -1,3 +1,4 @@
+import ip from "@arcjet/ip";
 import arcjet, { ArcjetDecision, tokenBucket, detectBot, shield} from "@arcjet/next";
 import { getServerSession } from "next-auth";
 import GithubProvider from "next-auth/providers/github";
@@ -64,7 +65,7 @@ export async function GET(req: NextRequest, res: Response) {
     decision = await rl.protect(req, { fingerprint, requested: 5 });
     console.log("Arcjet logged in decision", decision)
   } else {
-    const fingerprint = req.ip!;
+    const fingerprint = ip(req);
 
     // Limit the amount of requests for anonymous users.
     const rl = aj.withRule(

diff --git a/examples/nextjs-14-nextauth-4/package-lock.json b/examples/nextjs-14-nextauth-4/package-lock.json
diff --git a/examples/nextjs-14-nextauth-4/package.json b/examples/nextjs-14-nextauth-4/package.json
@@ -8,6 +8,7 @@
     "lint": "next lint"
   },
   "dependencies": {
+    "@arcjet/ip": "file:../../ip",
     "@arcjet/next": "file:../../arcjet-next",
     "next": "^14.2.15",
     "next-auth": "^4.24.8",

diff --git a/examples/nextjs-14-permit/package-lock.json b/examples/nextjs-14-permit/package-lock.json
diff --git a/examples/nextjs-14-permit/package.json b/examples/nextjs-14-permit/package.json
@@ -9,6 +9,7 @@
     "lint": "next lint"
   },
   "dependencies": {
+    "@arcjet/ip": "file:../../ip",
     "@arcjet/next": "file:../../arcjet-next",
     "@clerk/nextjs": "^5.7.5",
     "next": "14.2.15",

diff --git a/examples/nextjs-14-permit/src/app/api/stats/route.ts b/examples/nextjs-14-permit/src/app/api/stats/route.ts
@@ -5,6 +5,7 @@ import { arcjet } from "@/lib/arcjet";
 import { permit } from "@/lib/permit";
 import { getLastFriday } from "@/lib/dateHelper";
 import { getOrderCount, getToppings } from "@/data/stats";
+import ip from "@arcjet/ip";
 
 // Returns ad-hoc rules depending on whether the user is logged in, and if they
 // are, whether they have permission to update stats.
@@ -41,7 +42,7 @@ export async function GET(req: NextRequest) {
   // Get the user's ID if they are logged in, otherwise use
   // their IP address as a fingerprint
   const user = await currentUser();
-  const fingerprint: string = user ? user.id : req.ip!;
+  const fingerprint: string = user ? user.id : ip(req);
 
   // Get the Arcjet client and request a decision
   const aj = await getClient();