Arcjet example: Firebase functions

Arcjet helps developers protect their apps in just a few lines of code. Bot detection. Rate limiting. Email validation. Attack protection. Data redaction. A developer-first approach to security.

This is an example Firebase functions application demonstrating how to protect a website from abuse.

Features

• Bot protection shows how the site can be protected from automated clients.
• Rate limiting shows a rate limit configuration that limits the number of requests from a single IP.
• Attack protection demonstrates Arcjet Shield, which detects suspicious behavior, such as SQL injection and cross-site scripting attacks.

Run locally

1. Register for a free Arcjet account.

2. Install dependencies:

npm ci

3. Rename example.secret.local to .secret.local and add your Arcjet key.

4. Start the dev server

npm run dev

Firebase may prompt you to login; follow the instructions in the terminal.

Firebase will print the local URL of both the emulator UI and the function iteself. The function URL should end with /arcjetExample.

Deploy to Firebase

1. Register for a free Arcjet account.

2. Install dependencies:

npm ci

3. Login to Firebase:

npx firebase login

4. Configure ARCJET_KEY secret in Firebase:

npx firebase functions:secrets:set ARCJET_KEY

5. Deploy to Firebase:

npm run deploy

Firebase will provide the URL of your deployed function which should end with /arcjetExample.

Try it

1. Open the deployed function URL in your browser and you'll see a "Hello world" response.
2. Reload the page 6 or so times within a minute and you should see "Rate limit exceeded."
3. Add a user query parameter to the URL (for example https://<your functionurl>?user=david), and reload the page multiple times. You should see "Hello david" responses until you exceed the higher rate limit for authenticated users.
4. Make a curl request to the function and you should see a "Bots denied" message.
5. Try running following curl command a couple times to simulate a spoofed bot

curl -H "User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" <your function url>

Need help?

Check out the docs, contact support, or join our Discord server.

Contributing

All development for Arcjet examples is done in the arcjet/examples repository.

You are welcome to open an issue here or in arcjet/examples directly. However, please direct all pull requests to arcjet/examples. Take a look at our contributing guide for more information.