plebdevs/src/middleware.js

import { NextResponse } from 'next/server';
import { Ratelimit } from '@upstash/ratelimit';
import { kv } from '@vercel/kv';

const FRONTEND_HOSTNAME = process.env.FRONTEND_HOSTNAME
const FRONTEND_STAGING_HOSTNAME = process.env.FRONTEND_STAGING_HOSTNAME
const BACKEND_URL = process.env.BACKEND_URL
const BACKEND_STAGING_URL = process.env.BACKEND_STAGING_URL

const ratelimit = new Ratelimit({
  redis: kv,
  limiter: Ratelimit.slidingWindow(5, '10 s'),
});

export const config = {
  matcher: ['/api/:path*'],
};

export default async function combinedMiddleware(request) {
  const ip = request.ip ?? '127.0.0.1';
  const pathname = request.nextUrl.pathname;
  const host = request.headers.get('host');
  console.log("Host", host)
  // Allow access to .well-known paths
  if (pathname.startsWith('/.well-known')) {
    const { success } = await ratelimit.limit(ip);
    return success
      ? NextResponse.next()
      : NextResponse.redirect(new URL('/blocked', request.url));
  }

  // Check if the request is coming from allowed hosts
  const allowedHosts = [
    FRONTEND_HOSTNAME,
    FRONTEND_STAGING_HOSTNAME,
    new URL(BACKEND_URL).host,
    new URL(BACKEND_STAGING_URL).host
  ].filter(Boolean);
  console.log("Allowed hosts", allowedHosts)

  if (!allowedHosts.includes(host)) {
    return new NextResponse(JSON.stringify({ error: 'Forbidden' }), { 
      status: 403,
      headers: { 'Content-Type': 'application/json' }
    });
  }

  // Apply rate limiting for allowed hosts
  const { success } = await ratelimit.limit(ip);
  return success
    ? NextResponse.next()
    : NextResponse.redirect(new URL('/blocked', request.url));
}
Add rate limiting / origin middleware using vercel kv and upstash, need to deploy to fully test 2024-09-29 16:40:23 -05:00			`import { NextResponse } from 'next/server';`
			`import { Ratelimit } from '@upstash/ratelimit';`
			`import { kv } from '@vercel/kv';`

			`const FRONTEND_HOSTNAME = process.env.FRONTEND_HOSTNAME`
			`const FRONTEND_STAGING_HOSTNAME = process.env.FRONTEND_STAGING_HOSTNAME`
update middleware to check origin for now 2024-09-30 19:09:55 -05:00			`const BACKEND_URL = process.env.BACKEND_URL`
			`const BACKEND_STAGING_URL = process.env.BACKEND_STAGING_URL`
Add rate limiting / origin middleware using vercel kv and upstash, need to deploy to fully test 2024-09-29 16:40:23 -05:00
			`const ratelimit = new Ratelimit({`
			`redis: kv,`
			`limiter: Ratelimit.slidingWindow(5, '10 s'),`
			`});`

			`export const config = {`
			`matcher: ['/api/:path*'],`
			`};`

			`export default async function combinedMiddleware(request) {`
			`const ip = request.ip ?? '127.0.0.1';`
update middleware to check origin for now 2024-09-30 19:09:55 -05:00			`const pathname = request.nextUrl.pathname;`
Check host on middleware instead 2024-09-30 19:16:35 -05:00			`const host = request.headers.get('host');`
			`console.log("Host", host)`
update middleware to check origin for now 2024-09-30 19:09:55 -05:00			`// Allow access to .well-known paths`
			`if (pathname.startsWith('/.well-known')) {`
Add rate limiting / origin middleware using vercel kv and upstash, need to deploy to fully test 2024-09-29 16:40:23 -05:00			`const { success } = await ratelimit.limit(ip);`
			`return success`
			`? NextResponse.next()`
			`: NextResponse.redirect(new URL('/blocked', request.url));`
			`}`

Check host on middleware instead 2024-09-30 19:16:35 -05:00			`// Check if the request is coming from allowed hosts`
			`const allowedHosts = [`
update middleware to check origin for now 2024-09-30 19:09:55 -05:00			`FRONTEND_HOSTNAME,`
			`FRONTEND_STAGING_HOSTNAME,`
Check host on middleware instead 2024-09-30 19:16:35 -05:00			`new URL(BACKEND_URL).host,`
			`new URL(BACKEND_STAGING_URL).host`
update middleware to check origin for now 2024-09-30 19:09:55 -05:00			`].filter(Boolean);`
Check host on middleware instead 2024-09-30 19:16:35 -05:00			`console.log("Allowed hosts", allowedHosts)`
update middleware to check origin for now 2024-09-30 19:09:55 -05:00
Check host on middleware instead 2024-09-30 19:16:35 -05:00			`if (!allowedHosts.includes(host)) {`
update middleware to check origin for now 2024-09-30 19:09:55 -05:00			`return new NextResponse(JSON.stringify({ error: 'Forbidden' }), {`
			`status: 403,`
			`headers: { 'Content-Type': 'application/json' }`
			`});`
Add rate limiting / origin middleware using vercel kv and upstash, need to deploy to fully test 2024-09-29 16:40:23 -05:00			`}`

Check host on middleware instead 2024-09-30 19:16:35 -05:00			`// Apply rate limiting for allowed hosts`
Add rate limiting / origin middleware using vercel kv and upstash, need to deploy to fully test 2024-09-29 16:40:23 -05:00			`const { success } = await ratelimit.limit(ip);`
			`return success`
			`? NextResponse.next()`
			`: NextResponse.redirect(new URL('/blocked', request.url));`
			`}`