fix: Correct Next.js sensitive info examples (#98)

* fix: Correct Next.js sensitive info examples * Dont use a real ID
arcjet · Sep 30, 2024 · d4d55dd · d4d55dd
1 parent 69ccde1
commit d4d55dd
Show file tree

Hide file tree

Showing 9 changed files with 43 additions and 76 deletions.
diff --git a/src/content/docs/sensitive-info/quick-start/nextjs.mdx b/src/content/docs/sensitive-info/quick-start/nextjs.mdx
@@ -100,36 +100,31 @@ it in middleware to protect every route, but we'll start with a single route.
 </TabItem>
 </Tabs>
 
-### 4. Start app
+### 4. Test sending personal info
 
-Start your app and load `http://localhost:3000`. Refresh the page and you will
-see the requests showing up in the [Arcjet dashboard](https://app.arcjet.com).
-
-### 5. Test sending personal info
-
-To see Arcjet Sensitive Information detection in action, try making a request
-with a blocked entity in the body of the request. For example if you have configured
-Arcjet to block requests containing email addresses then try and send an email address.
+To see Arcjet Sensitive Information detection in action, start your app and try
+making a request with an email address in the body of the request:
 
 ```sh
-curl -v http://localhost:3000 --data "My email address is [email protected]"
+curl -v http://localhost:3000/api/arcjet --data "My email address is [email protected]"
 ```
 
 You should see this in your logs
 
 ```text
-Rule Result ArcjetRuleResult {
-  ruleId: '',
+Arcjet decision ArcjetDenyDecision {
+  id: '', // This will contain the Arcjet request ID
   ttl: 0,
-  state: 'RUN',
-  conclusion: 'DENY',
-  reason: ArcjetSensitiveInfoReason {
-    type: 'SENSITIVE_INFO',
-    denied: [ { start: 5, end: 21, identifiedType: 'EMAIL' } ],
-    allowed: []
-  }
-},
-Conclusion ALLOW
+  results: [
+    ArcjetRuleResult {
+      ruleId: '',
+      ttl: 0,
+      state: 'RUN',
+      conclusion: 'DENY',
+      reason: [ArcjetSensitiveInfoReason]
+    }
+  ],
+...
 ```
 
 The final conclusion is `ALLOW` even though the rule result conclusion is

diff --git a/src/snippets/sensitive-info/quick-start/nextjs/PerRouteApp.js b/src/snippets/sensitive-info/quick-start/nextjs/PerRouteApp.js
@@ -13,28 +13,22 @@ const aj = arcjet({
   ],
 });
 
-export async function GET(req) {
+export async function POST(req) {
   const decision = await aj.protect(req);
-
-  for (const result of decision.results) {
-    console.log("Rule Result", result);
-  }
-
-  console.log("Conclusion", decision.conclusion);
+  console.log("Arcjet decision", decision);
 
   if (decision.isDenied() && decision.reason.isSensitiveInfo()) {
     return NextResponse.json(
       {
-        error: "The requests body contains unexpected sensitive information",
-        // Useful for debugging, but don't return it to the client in
-        // production
-        //reason: decision.reason,
+        error: "Sensitive Information Identified",
+        reason: decision.reason,
+      },
+      {
+        status: 400,
       },
-      { status: 400 },
     );
   }
 
-  return NextResponse.json({
-    message: "Hello world",
-  });
+  const message = await req.text();
+  return NextResponse.json({ message: `You said: ${message}` });
 }
diff --git a/src/snippets/sensitive-info/quick-start/nextjs/PerRouteApp.ts b/src/snippets/sensitive-info/quick-start/nextjs/PerRouteApp.ts
@@ -13,28 +13,22 @@ const aj = arcjet({
   ],
 });
 
-export async function GET(req: Request) {
+export async function POST(req: Request) {
   const decision = await aj.protect(req);
-
-  for (const result of decision.results) {
-    console.log("Rule Result", result);
-  }
-
-  console.log("Conclusion", decision.conclusion);
+  console.log("Arcjet decision", decision);
 
   if (decision.isDenied() && decision.reason.isSensitiveInfo()) {
     return NextResponse.json(
       {
-        error: "The requests body contains unexpected sensitive information",
-        // Useful for debugging, but don't return it to the client in
-        // production
-        //reason: decision.reason,
+        error: "Sensitive Information Identified",
+        reason: decision.reason,
+      },
+      {
+        status: 400,
       },
-      { status: 400 },
     );
   }
 
-  return NextResponse.json({
-    message: "Hello world",
-  });
+  const message = await req.text();
+  return NextResponse.json({ message: `You said: ${message}` });
 }
diff --git a/src/snippets/sensitive-info/quick-start/nextjs/PerRoutePages.js b/src/snippets/sensitive-info/quick-start/nextjs/PerRoutePages.js
@@ -14,20 +14,12 @@ const aj = arcjet({
 
 export default async function handler(req, res) {
   const decision = await aj.protect(req);
-
-  for (const result of decision.results) {
-    console.log("Rule Result", result);
-  }
-
-  console.log("Conclusion", decision.conclusion);
+  console.log("Arcjet decision", decision);
 
   if (decision.isDenied() && decision.reason.isSensitiveInfo()) {
     return res.status(400).json({
-      error: "The requests body contains unexpected sensitive information",
+      error: "The request body contains unexpected sensitive information",
     });
-    // Returning the reason is useful for debugging, but don't return it to the
-    // client in production
-    // .json({ error: "You are suspicious!", reason: decision.reason });
   }
 
   res.status(200).json({ name: "Hello world" });

diff --git a/src/snippets/sensitive-info/quick-start/nextjs/PerRoutePages.ts b/src/snippets/sensitive-info/quick-start/nextjs/PerRoutePages.ts
@@ -18,20 +18,12 @@ export default async function handler(
   res: NextApiResponse,
 ) {
   const decision = await aj.protect(req);
+  console.log("Arcjet decision", decision);
 
-  for (const result of decision.results) {
-    console.log("Rule Result", result);
-  }
-
-  console.log("Conclusion", decision.conclusion);
-
-  if (decision.isDenied() && decision.reason.isShield()) {
+  if (decision.isDenied() && decision.reason.isSensitiveInfo()) {
     return res.status(400).json({
-      error: "The requests body contains unexpected sensitive information",
+      error: "The request body contains unexpected sensitive information",
     });
-    // Returning the reason is useful for debugging, but don't return it to the
-    // client in production
-    // .json({ error: "You are suspicious!", reason: decision.reason });
   }
 
   res.status(200).json({ name: "Hello world" });

diff --git a/src/snippets/sensitive-info/reference/nextjs/ErrorsApp.js b/src/snippets/sensitive-info/reference/nextjs/ErrorsApp.js
@@ -11,7 +11,7 @@ const aj = arcjet({
   ],
 });
 
-export async function GET(req) {
+export async function POST(req) {
   const decision = await aj.protect(req);
 
   if (decision.isErrored()) {

diff --git a/src/snippets/sensitive-info/reference/nextjs/ErrorsApp.ts b/src/snippets/sensitive-info/reference/nextjs/ErrorsApp.ts
@@ -11,7 +11,7 @@ const aj = arcjet({
   ],
 });
 
-export async function GET(req: Request) {
+export async function POST(req: Request) {
   const decision = await aj.protect(req);
 
   if (decision.isErrored()) {

diff --git a/src/snippets/sensitive-info/reference/nextjs/PerRouteApp.js b/src/snippets/sensitive-info/reference/nextjs/PerRouteApp.js
@@ -11,7 +11,7 @@ const aj = arcjet({
   ],
 });
 
-export async function GET(req) {
+export async function POST(req) {
   const decision = await aj.protect(req);
 
   if (decision.isDenied() && decision.reason.isSensitiveInfo()) {

diff --git a/src/snippets/sensitive-info/reference/nextjs/PerRouteApp.ts b/src/snippets/sensitive-info/reference/nextjs/PerRouteApp.ts
@@ -11,7 +11,7 @@ const aj = arcjet({
   ],
 });
 
-export async function GET(req: Request) {
+export async function POST(req: Request) {
   const decision = await aj.protect(req);
 
   if (decision.isDenied() && decision.reason.isSensitiveInfo()) {