arcjet · trunk-io · Nov 19, 2024 · Nov 14, 2024 · Nov 14, 2024 · Nov 14, 2024
@@ -17,6 +17,9 @@
   "headers": "1.0.0-alpha.28",
   "ip": "1.0.0-alpha.28",
   "logger": "1.0.0-alpha.28",
+  "nosecone": "1.0.0-alpha.28",
+  "nosecone-next": "1.0.0-alpha.28",
+  "nosecone-sveltekit": "1.0.0-alpha.28",
   "protocol": "1.0.0-alpha.28",
   "redact": "1.0.0-alpha.28",
   "redact-wasm": "1.0.0-alpha.28",

@@ -96,6 +96,18 @@
       "component": "@arcjet/logger",
       "skip-github-release": true
     },
+    "nosecone": {
+      "component": "nosecone",
+      "skip-github-release": true
+    },
+    "nosecone-next": {
+      "component": "@nosecone/next",
+      "skip-github-release": true
+    },
+    "nosecone-sveltekit": {
+      "component": "@nosecone/sveltekit",
+      "skip-github-release": true
+    },
     "protocol": {
       "component": "@arcjet/protocol",
       "skip-github-release": true
@@ -156,6 +168,9 @@
         "@arcjet/ip",
         "@arcjet/body",
         "@arcjet/logger",
+        "nosecone",
+        "@nosecone/next",
+        "@nosecone/sveltekit",
         "@arcjet/protocol",
         "@arcjet/redact",
         "@arcjet/redact-wasm",

@@ -18,4 +18,4 @@ const aj = arcjet({
   ],
 });
 
-export default createMiddleware(aj);
+export default createMiddleware(aj);
@@ -1,4 +1,5 @@
 import type { Metadata } from "next";
+import { connection } from "next/server";
 import { Inter } from "next/font/google";
 import "./globals.css";
 
@@ -9,11 +10,14 @@ export const metadata: Metadata = {
   description: "Generated by create next app",
 };
 
-export default function RootLayout({
+export default async function RootLayout({
   children,
 }: {
   children: React.ReactNode;
 }) {
+  // Opt-out of static generation for every page so the CSP nonce can be applied
+  await connection()
+
   return (
     <html lang="en">
       <body className={inter.className}>{children}</body>

@@ -0,0 +1,8 @@
+import { createMiddleware } from "@nosecone/next";
+
+export const config = {
+  // matcher tells Next.js which routes to run the middleware on
+  matcher: ["/(.*)"],
+};
+
+export default createMiddleware();
@@ -10,6 +10,7 @@
   },
   "dependencies": {
     "@arcjet/next": "file:../../arcjet-next",
+    "@nosecone/next": "file:../../nosecone-next",
     "next": "15.0.1",
     "react": "^18",
     "react-dom": "^18"

@@ -13,7 +13,8 @@
     "format": "prettier --write ."
   },
   "dependencies": {
-    "@arcjet/sveltekit": "file:../../arcjet-sveltekit"
+    "@arcjet/sveltekit": "file:../../arcjet-sveltekit",
+    "@nosecone/sveltekit": "file:../../nosecone-sveltekit"
   },
   "devDependencies": {
     "@sveltejs/adapter-auto": "^3.3.1",

@@ -1,27 +1,25 @@
 import { aj } from "$lib/server/arcjet";
 import { error } from "@sveltejs/kit";
-import type { RequestEvent } from "@sveltejs/kit";
+import { createHook } from "@nosecone/sveltekit";
+import { sequence } from "@sveltejs/kit/hooks";
 
-export async function handle({
-  event,
-  resolve,
-}: {
-  event: RequestEvent;
-  resolve: (event: RequestEvent) => Response | Promise<Response>;
-}): Promise<Response> {
-  // Ignore routes that extend the Arcjet rules - they will call `.protect` themselves
-  const filteredRoutes = ["/api/rate-limited", "/rate-limited"];
-  if (filteredRoutes.includes(event.url.pathname)) {
-    // return - route will handle protection
-    return resolve(event);
-  }
+export const handle = sequence(
+  createHook(),
+  async ({ event, resolve }) => {
+    // Ignore routes that extend the Arcjet rules - they will call `.protect` themselves
+    const filteredRoutes = ["/api/rate-limited", "/rate-limited"];
+    if (filteredRoutes.includes(event.url.pathname)) {
+      // return - route will handle protection
+      return resolve(event);
+    }
 
-  // Ensure every other route is protected with shield
-  const decision = await aj.protect(event);
-  if (decision.isDenied()) {
-    return error(403, "Forbidden");
-  }
+    // Ensure every other route is protected with shield
+    const decision = await aj.protect(event);
+    if (decision.isDenied()) {
+      return error(403, "Forbidden");
+    }
 
-  // Continue with the route
-  return resolve(event);
-}
+    // Continue with the route
+    return await resolve(event);
+  }
+)
@@ -1,5 +1,6 @@
 import adapter from "@sveltejs/adapter-auto";
 import { vitePreprocess } from "@sveltejs/vite-plugin-svelte";
+import { csp } from "@nosecone/sveltekit"
 
 /** @type {import('@sveltejs/kit').Config} */
 const config = {
@@ -8,6 +9,7 @@ const config = {
   preprocess: vitePreprocess(),
 
   kit: {
+    csp: csp(),
     // adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list.
     // If your environment is not supported, or you settled on a specific environment, switch out the adapter.
     // See https://kit.svelte.dev/docs/adapters for more information about adapters.

@@ -0,0 +1,6 @@
+/.turbo/
+/coverage/
+/node_modules/
+*.d.ts
+*.js
+!*.config.js
@@ -0,0 +1,4 @@
+module.exports = {
+  root: true,
+  extends: ["@arcjet/eslint-config"],
+};
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,4 +18,4 @@ const aj = arcjet({ @@
       ],
     });
-    export default createMiddleware(aj);
+    export default createMiddleware(aj);