Arcjet + Fly.io example app

Arcjet helps developers protect their apps in just a few lines of code. This is an example application demonstrating the use of multiple features.

This example is deployed at https://example.arcjet.com.

Features

• Signup form protection uses Arcjet's server-side email verification configured to block disposable providers and ensure that the domain has a valid MX record. It also includes rate limiting and bot protection to prevent automated abuse.
• Bot protection shows how a page can be protected from automated clients.
• Rate limiting shows the use of different rate limit configurations depending on the authenticated user. A logged-in user can make more requests than an anonymous user.
• Attack protection demonstrates Arcjet Shield, which detects suspicious behavior, such as SQL injection and cross-site scripting attacks.

 Deploy to Fly.io

1. Set up a new Fly.io app

fly launch --name $YOUR_APP_NAME --no-deploy

Replace $YOUR_APP_NAME with whatever name you'd like. This command will generate a Dockerfile and a fly.toml for you.

2. Create an Arcjet account and link it to your Fly.io app:

fly ext arcjet create

3. Deploy to Fly.io:

fly deploy

4. Open your app in your browser and try out the features.

5. Review the request details in your Arcjet dashboard:

fly ext arcjet dashboard

Run locally

1. Log into your Arcjet dashboard to get the ARCJET_KEY for your app.

fly ext arcjet dashboard

2. Install dependencies:

npm ci

3. Rename .env.local.example to .env.local and add your Arcjet key. If you want to test the rate limiting authentication, you will also need to add an Auth.js secret and create a GitHub OAuth app.

4. Start the dev server

npm run dev

5. Open http://localhost:3000 in your browser.

Stack

• Auth: Auth.js
• App: Next.js
• UI: shadcn/ui
• Form handling: React Hook Form (see also our full form protection example)
• Client-side validation: Zod
• Security: Arcjet
• Platform: Fly.io