Arcjet utilities for inspecting decisions made by an SDK.
npm install -S @arcjet/inspectimport arcjet, { detectBot } from "@arcjet/next";
import { isSpoofedBot, isMissingUserAgent } from "@arcjet/inspect";
import { NextApiRequest, NextApiResponse } from "next";
const aj = arcjet({
key: process.env.ARCJET_KEY!, // Get your site key from https://app.arcjet.com
rules: [
detectBot({
mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
allow: [], // "allow none" will block all detected bots
}),
],
});
export default async function handler(
req: NextApiRequest,
res: NextApiResponse,
) {
const decision = await aj.protect(req);
if (decision.isDenied()) {
return res.status(403).json({ error: "Forbidden" });
}
// We expect all non-bot clients to have the User-Agent header
if (decision.results.some(isMissingUserAgent)) {
return res.status(403).json({ error: "You are a bot!" });
}
if (decision.results.some(isSpoofedBot)) {
return res
.status(403)
.json({ error: "You are pretending to be a good bot!" });
}
res.status(200).json({ name: "Hello world" });
}Licensed under the Apache License, Version 2.0.