Add rate limiting by IP and privacy policy

screenshotone · Oct 29, 2024 · 9eed31e · 9eed31e
1 parent 1b80479
commit 9eed31e
Show file tree

Hide file tree

Showing 15 changed files with 321 additions and 49 deletions.
diff --git a/config/deploy.yml b/config/deploy.yml
@@ -20,6 +20,7 @@ volumes:
     - data:/app/data:rw
 
 proxy:
+    forward_headers: false
     healthcheck:
         interval: 3
         path: /health

diff --git a/next.config.mjs b/next.config.mjs
@@ -3,6 +3,9 @@ const nextConfig = {
     output: "standalone",
     compress: false,
     poweredByHeader: false,
+    experimental: {
+        instrumentationHook: true,
+    },
 };
 
 export default nextConfig;
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -19,9 +19,11 @@
     "clsx": "^2.1.1",
     "lucide-react": "^0.453.0",
     "next": "^14.2.2",
+    "pirsch-sdk": "^2.7.0",
     "rand-seed": "^2.1.7",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
+    "request-ip": "^3.3.0",
     "screenshotone-api-sdk": "^1.1.16",
     "tailwind-merge": "^2.5.4",
     "tailwindcss-animate": "^1.0.7",
@@ -31,6 +33,7 @@
     "@types/node": "^20",
     "@types/react": "^18",
     "@types/react-dom": "^18",
+    "@types/request-ip": "^0.0.41",
     "eslint": "^8",
     "eslint-config-next": "15.0.1",
     "postcss": "^8",

diff --git a/src/app/game/[session]/page.tsx b/src/app/game/[session]/page.tsx
@@ -1,6 +1,6 @@
 import Game from "@/components/Game";
 import { db } from "@/lib/db";
-import { getGameSession } from "@/lib/game";
+import { getActiveGameSession } from "@/lib/game";
 import { randomNumberGenerator } from "@/lib/utils";
 import { notFound } from "next/navigation";
 
@@ -13,7 +13,7 @@ export default async function GamePage({
 }) {
     const { session } = params;
 
-    const gameSession = await getGameSession(session);
+    const gameSession = await getActiveGameSession(session);
     if (!gameSession) {
         return notFound();
     }

diff --git a/src/app/game/new/route.ts b/src/app/game/new/route.ts
@@ -1,11 +1,31 @@
 import { createGameSession } from "@/lib/game";
 import { NextResponse } from "next/server";
 
+import requestIp from "request-ip";
+
 export const dynamic = "force-dynamic";
 
-export async function GET() {
+export async function GET(request: Request) {
     try {
-        const gameSessionId = await createGameSession();
+        let ipAddress =
+            request.headers.get("CF-Connecting-IP") ||
+            requestIp.getClientIp({
+                headers: Object.fromEntries(request.headers),
+            });
+        let countryCode = request.headers.get("CF-IPCountry") || null;
+
+        if (
+            ipAddress &&
+            !ipAddress.match(/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/) &&
+            !ipAddress.match(/^(?:[A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}$/)
+        ) {
+            ipAddress = null;
+        }
+        if (countryCode && !countryCode.match(/^[A-Z]{2}$/)) {
+            countryCode = null;
+        }
+
+        const gameSessionId = await createGameSession(ipAddress, countryCode);
 
         const redirectUrl =
             process.env.NEXT_PUBLIC_BASE_URL + "/game/" + gameSessionId;

diff --git a/src/app/layout.tsx b/src/app/layout.tsx
@@ -1,7 +1,6 @@
 import type { Metadata } from "next";
 import localFont from "next/font/local";
 import "./globals.css";
-import { Analytics } from "@/components/analytics";
 
 const geistSans = localFont({
     src: "./fonts/GeistVF.woff",
@@ -35,7 +34,6 @@ export default function RootLayout({
                 className={`${geistSans.variable} ${geistMono.variable} antialiased bg-orange-100`}
             >
                 {children}
-                <Analytics />
             </body>
         </html>
     );

diff --git a/src/app/page.tsx b/src/app/page.tsx
@@ -1,6 +1,6 @@
 import Link from "next/link";
-import { Button } from "@/components/ui/button";
 import Image from "next/image";
+import { StartGameButton } from "@/components/StartGameButton";
 
 export default function IndexPage() {
     return (
@@ -53,9 +53,17 @@ export default function IndexPage() {
                             than accepting them.
                         </p>
                     </div>
-                    <Button asChild size="lg" className="text-xl font-bold p-6">
-                        <Link href="/game/new">Accept</Link>
-                    </Button>
+                    <StartGameButton />
+                    <p className="text-sm mt-6">
+                        By starting the game, you accept the BlastBanners.com {" "}
+                        <Link
+                            className="underline hover:no-underline"
+                            href="/privacy"
+                        >
+                            Privacy Policy
+                        </Link>
+                        .
+                    </p>
                 </div>
             </div>
         </div>