@arcjet/decorate

[Arcjet][arcjet] utilities for decorating responses with information.

- npm package (@arcjet/decorate)
- GitHub source code (decorate/ in arcjet/arcjet-js)

What is this?

This is a utility that lets you decorate responses based on Arcjet decisions.
It currently supports experimental rate limit headers.

When should I use this?

You can use this package if you use the rate limit rule and want to set
experimental RateLimit-Policy and RateLimit headers.
See [_RateLimit header fields for HTTP_ on ietf.org][ietf-rate-limit] for
more info.

Install

This package is ESM only.
Install with npm in Node.js:

``sh
npm install @arcjet/decorate
`

Example

`ts
import http from "node:http";
import { setRateLimitHeaders } from "@arcjet/decorate";
import arcjet, { shield } from "@arcjet/node";

// Get your Arcjet key at .
// Set it as an environment variable instead of hard coding it.
const arcjetKey = process.env.ARCJET_KEY;

if (!arcjetKey) {
throw new Error("Cannot find ARCJET_KEY environment variable");
}

const aj = arcjet({
key: arcjetKey,
rules: [
// Shield protects your app from common attacks.
// Use DRY_RUN instead of LIVE to only log.
shield({ mode: "LIVE" }),
],
});

const server = http.createServer(async function (
request: http.IncomingMessage,
response: http.ServerResponse,
) {
const decision = await aj.protect(request);

setRateLimitHeaders(response, decision);

if (decision.isDenied()) {
response.writeHead(403, { "Content-Type": "application/json" });
response.end(JSON.stringify({ message: "Forbidden" }));
return;
}

response.writeHead(200, { "Content-Type": "application/json" });
response.end(JSON.stringify({ message: "Hello world" }));
});

server.listen(8000);
``

License

[Apache License, Version 2.0][apache-license] © [Arcjet Labs, Inc.][arcjet]

[arcjet]: https://arcjet.com
[apache-license]: http://www.apache.org/licenses/LICENSE-2.0
[ietf-rate-limit]: https://datatracker.ietf.org/doc/html/draft-ietf-httpapi-ratelimit-headers-08