Added Arcjet Security and Updated Caching on Cards

2025-05-01 11:19:34 +00:00 · 2024-12-27 18:00:27 -05:00 · 2024-12-27 18:00:27 -05:00 · 611adcddff
commit 611adcddff
parent 06aac8524a
9 changed files with 261 additions and 19 deletions
--- a/app/api/cards/[cardId]/logs/route.ts
+++ b/app/api/cards/[cardId]/logs/route.ts
@ -37,8 +37,8 @@ export async function GET(
      status: 200,
      headers: {
        'Cache-Control': 'public, s-maxage=1',
-        'CDN-Cache-Control': 'public, s-maxage=60',
-        'Vercel-CDN-Cache-Control': 'public, s-maxage=120',
+        'CDN-Cache-Control': 'public, s-maxage=30',
+        'Vercel-CDN-Cache-Control': 'public, s-maxage=60',
      },
    });
  } catch (error) {
--- a/app/api/cards/[cardId]/route.ts
+++ b/app/api/cards/[cardId]/route.ts
@ -42,8 +42,8 @@ export async function GET(
      status: 200,
      headers: {
        'Cache-Control': 'public, s-maxage=1',
-        'CDN-Cache-Control': 'public, s-maxage=60',
-        'Vercel-CDN-Cache-Control': 'public, s-maxage=120',
+        'CDN-Cache-Control': 'public, s-maxage=30',
+        'Vercel-CDN-Cache-Control': 'public, s-maxage=60',
      },
    });
  } catch (error) {
--- a/app/api/unsplash/route.ts
+++ b/app/api/unsplash/route.ts
@ -1,8 +1,31 @@
+import arcjet, { fixedWindow } from '@/lib/arcjet';
 import { unsplash } from '@/lib/unsplash';
+
+import { auth } from '@clerk/nextjs/server';
 import { NextResponse } from 'next/server';

-export async function GET() {
+const aj = arcjet.withRule(
+  fixedWindow({
+    mode: 'LIVE',
+    max: 10,
+    window: '60s',
+  })
+);
+
+export async function GET(req: Request) {
  try {
+    const { orgId, userId } = await auth();
+    if (!orgId || !userId)
+      return new NextResponse(JSON.stringify({ error: 'Unauthorized' }), {
+        status: 401,
+      });
+
+    const decision = await aj.protect(req);
+    if (decision.isDenied())
+      return new NextResponse(
+        JSON.stringify({ error: 'Too many requests', reason: decision.reason }),
+        { status: 429 }
+      );
    const result = await unsplash.photos.getRandom({
      collectionIds: ['317099'],
      count: 9,
--- a/app/api/webhook/route.ts
+++ b/app/api/webhook/route.ts
@ -4,8 +4,24 @@ import { NextResponse } from 'next/server';

 import { db } from '@/lib/db';
 import { stripe } from '@/lib/stripe';
+import arcjet, { fixedWindow } from '@/lib/arcjet';
+
+const aj = arcjet.withRule(
+  fixedWindow({
+    mode: 'LIVE',
+    max: 10,
+    window: '60s',
+  })
+);

 export async function POST(req: Request) {
+  const decision = await aj.protect(req);
+  if (decision.isDenied())
+    return new NextResponse(
+      JSON.stringify({ error: 'Too many requests', reason: decision.reason }),
+      { status: 429 }
+    );
+
  const body = await req.text();
  const signature = (await headers()).get('Stripe-Signature') as string;