Publish arcjet/examples@192251b

Author: qw-in

.env.local.example

@@ -1,8 +1,2 @@
 # Get your Arcjet key from https://app.arcjet.com
-ARCJET_KEY=
-# Generate your Auth.js secret by running `npx auth secret`
-AUTH_SECRET=
-# Add your GitHub OAuth app credentials
-# See https://authjs.dev/guides/configuring-github
-AUTH_GITHUB_ID=
-AUTH_GITHUB_SECRET=
+ARCJET_KEY=

README.md

@@ -48,10 +48,7 @@ features. It is deployed at
 npm ci
 ```
 
-3. Rename `.env.local.example` to `.env.local` and add your Arcjet key. If you
-   want to test the rate limiting authentication, you will also need to add an
-   Auth.js secret and [create a GitHub OAuth
-   app](https://authjs.dev/guides/configuring-github).
+3. Rename `.env.local.example` to `.env.local` and add your Arcjet key
 
 4. Start the dev server
 
@@ -69,7 +66,6 @@ server](https://arcjet.com/discord).
 
 ## Stack
 
-- Auth: [Auth.js](https://authjs.dev/)
 - App: [Next.js](https://nextjs.org/)
 - Form handling: [React Hook Form](https://react-hook-form.com/) (see also [our
   full form protection

app/api/auth/[...nextauth]/route.ts

@@ -2,18 +2,13 @@ import type { Metadata } from "next";
 import Link from "next/link";
 import { WhatNext } from "@/components/compositions/WhatNext";
 import { RLForm } from "@/components/RLForm";
-import { SignIn } from "@/components/SignIn";
-import { SignOut } from "@/components/SignOut";
-import { auth } from "@/lib/auth";
 
 export const metadata: Metadata = {
   title: "Rate limiting example",
   description: "An example of Arcjet's rate limiting for Next.js.",
 };
 
 export default async function IndexPage() {
-  const session = await auth();
-
   return (
     <main className="page">
       <div className="section">
@@ -36,28 +31,7 @@ export default async function IndexPage() {
         <h2 className="heading-secondary">Try it</h2>
         <RLForm />
 
-        {session?.user ? (
-          <>
-            <p className="typography--description">
-              You are authenticated as {session.user?.email}
-              <span className="typography--subtitle">
-                {" "}
-                – the limit is set to 5 requests every 60 seconds.
-              </span>
-            </p>
-          </>
-        ) : (
-          <>
-            <p className="typography--description">
-              You are not authenticated
-              <span className="typography--subtitle">
-                {" "}
-                – the limit is set to 2 requests every 60 seconds.
-              </span>
-            </p>
-          </>
-        )}
-
+        <p>The limit is set to 2 requests every 60 seconds.</p>
         <p className="typography--subtitle">
           Rate limits can be{" "}
           <Link
@@ -68,8 +42,6 @@ export default async function IndexPage() {
           </Link>{" "}
           e.g. to set a limit based on the authenticated user.
         </p>
-
-        {session?.user ? <SignOut /> : <SignIn />}
       </div>
 
       <hr className="divider" />

app/rate-limiting/page.tsx

@@ -1,57 +1,31 @@
 import { setRateLimitHeaders } from "@arcjet/decorate";
-import type { ArcjetDecision } from "@arcjet/next";
 import { type NextRequest, NextResponse } from "next/server";
 import arcjet, { fixedWindow, shield } from "@/lib/arcjet";
-import { auth } from "@/lib/auth";
 
 // Opt out of caching
 export const dynamic = "force-dynamic";
 
 // Add rules to the base Arcjet instance outside of the handler function
-const aj = arcjet.withRule(
-  // Shield detects suspicious behavior, such as SQL injection and cross-site
-  // scripting attacks. We want to ru nit on every request
-  shield({
-    mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
-  }),
-);
-
-// Define an augmented client for rate limiting users
-const ajForUser = aj.withRule(
-  fixedWindow({
-    // fingerprint requests by user ID
-    characteristics: ["userId"],
-    mode: "LIVE",
-    max: 5,
-    window: "60s",
-  }),
-);
-
-// Define an augmented client for rate limiting guests
-const ajForGuest = aj.withRule(
-  fixedWindow({
-    // fingerprint requests by ip address (default unless set globally)
-    characteristics: ["ip.src"],
-    mode: "LIVE",
-    max: 2,
-    window: "60s",
-  }),
-);
+const aj = arcjet
+  .withRule(
+    // Shield detects suspicious behavior, such as SQL injection and cross-site
+    // scripting attacks. We want to ru nit on every request
+    shield({
+      mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
+    }),
+  )
+  .withRule(
+    fixedWindow({
+      // fingerprint requests by ip address (default unless set globally)
+      characteristics: ["ip.src"],
+      mode: "LIVE",
+      max: 2,
+      window: "60s",
+    }),
+  );
 
 export async function POST(req: NextRequest) {
-  // Get the session
-  const session = await auth();
-
-  console.log("Session: ", session);
-
-  let decision: ArcjetDecision;
-
-  // Use the user ID if the user is logged in, otherwise use the IP address
-  if (session?.user?.id) {
-    decision = await ajForUser.protect(req, { userId: session.user.id });
-  } else {
-    decision = await ajForGuest.protect(req);
-  }
+  const decision = await aj.protect(req);
 
   console.log("Arcjet decision: ", decision);