Closed ghost closed 2 years ago
Hey @thomaswang, thanks for letting us know. I've updated the example to this:
import { NextFetchEvent, NextRequest, NextResponse } from "next/server";
import { Ratelimit } from "@upstash/ratelimit";
import { Redis } from "@upstash/redis";
const ratelimit = new Ratelimit({
redis: Redis.fromEnv(),
limiter: Ratelimit.fixedWindow(10, "10 s"),
});
export default async function middleware(
request: NextRequest,
event: NextFetchEvent,
): Promise<Response | undefined> {
const ip = request.ip ?? "127.0.0.1";
const { success, pending, limit, reset, remaining } = await ratelimit.limit(`mw_${ip}`);
event.waitUntil(pending);
const res = success
? NextResponse.next(request)
: NextResponse.rewrite(new URL("/api/blocked", request.url), request);
res.headers.set("X-RateLimit-Limit", limit.toString());
res.headers.set("X-RateLimit-Remaining", remaining.toString());
res.headers.set("X-RateLimit-Reset", reset.toString());
return res;
}
export const config = {
matcher: "/api/hello",
};
Important difference from your suggestion: The ratelimit instance is outside the handler, allowing to cache limits between invocations.
Hey guys! Figured I'd throw an issue in here to comment on the new middleware changes from: https://nextjs.org/docs/messages/middleware-upgrade-guide#no-response-body
The following patterns will no longer work (used in examples/nextjs/pages/api/_middleware.ts):
Is below an appropriate replacement given the new middleware? In the docs, they say: