import { serve } from "https://deno.land/std@0.168.0/http/server.ts"; const corsHeaders = { 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type', }; interface IPLocationResponse { country: string; countryCode: string; measurementSystem: 'metric' | 'imperial'; } // Simple in-memory rate limiter const rateLimitMap = new Map(); const RATE_LIMIT_WINDOW = 60000; // 1 minute in milliseconds const MAX_REQUESTS = 10; // 10 requests per minute per IP const MAX_MAP_SIZE = 10000; // Maximum number of IPs to track function cleanupExpiredEntries() { try { const now = Date.now(); let deletedCount = 0; for (const [ip, data] of rateLimitMap.entries()) { if (now > data.resetAt) { rateLimitMap.delete(ip); deletedCount++; } } if (deletedCount > 0) { console.log(`Cleaned up ${deletedCount} expired rate limit entries`); } } catch (error) { console.error('Error during cleanup:', error); } } function checkRateLimit(ip: string): { allowed: boolean; retryAfter?: number } { const now = Date.now(); const existing = rateLimitMap.get(ip); // Handle existing entries (most common case - early return for performance) if (existing && now <= existing.resetAt) { if (existing.count >= MAX_REQUESTS) { const retryAfter = Math.ceil((existing.resetAt - now) / 1000); return { allowed: false, retryAfter }; } existing.count++; return { allowed: true }; } // Need to add new entry or reset expired one // Only perform cleanup if we're at capacity AND adding a new IP if (!existing && rateLimitMap.size >= MAX_MAP_SIZE) { // First try cleaning expired entries cleanupExpiredEntries(); // If still at capacity after cleanup, remove oldest entries (LRU eviction) if (rateLimitMap.size >= MAX_MAP_SIZE) { const toDelete = Math.floor(MAX_MAP_SIZE * 0.3); // Remove 30% of entries const sortedEntries = Array.from(rateLimitMap.entries()) .sort((a, b) => a[1].resetAt - b[1].resetAt); for (let i = 0; i < toDelete && i < sortedEntries.length; i++) { rateLimitMap.delete(sortedEntries[i][0]); } console.warn(`Rate limit map reached ${MAX_MAP_SIZE} entries. Cleared ${toDelete} oldest entries.`); } } // Create new entry or reset expired entry rateLimitMap.set(ip, { count: 1, resetAt: now + RATE_LIMIT_WINDOW }); return { allowed: true }; } // Clean up old entries periodically to prevent memory leak // Run cleanup more frequently to catch expired entries sooner setInterval(cleanupExpiredEntries, Math.min(RATE_LIMIT_WINDOW / 2, 30000)); // Every 30 seconds or half the window serve(async (req) => { // Handle CORS preflight requests if (req.method === 'OPTIONS') { return new Response(null, { headers: corsHeaders }); } try { // Get the client's IP address const forwarded = req.headers.get('x-forwarded-for'); const realIP = req.headers.get('x-real-ip'); const clientIP = forwarded?.split(',')[0] || realIP || '8.8.8.8'; // fallback to Google DNS for testing // Check rate limit const rateLimit = checkRateLimit(clientIP); if (!rateLimit.allowed) { return new Response( JSON.stringify({ error: 'Rate limit exceeded', message: 'Too many requests. Please try again later.', retryAfter: rateLimit.retryAfter }), { status: 429, headers: { ...corsHeaders, 'Content-Type': 'application/json', 'Retry-After': String(rateLimit.retryAfter || 60) } } ); } console.log('Detecting location for IP:', clientIP); // Use configurable geolocation service with proper error handling // Defaults to ip-api.com if not configured const geoApiUrl = Deno.env.get('GEOLOCATION_API_URL') || 'http://ip-api.com/json'; const geoApiFields = Deno.env.get('GEOLOCATION_API_FIELDS') || 'status,country,countryCode'; let geoResponse; try { geoResponse = await fetch(`${geoApiUrl}/${clientIP}?fields=${geoApiFields}`); } catch (fetchError) { console.error('Network error fetching location data:', fetchError); throw new Error('Network error: Unable to reach geolocation service'); } if (!geoResponse.ok) { throw new Error(`Geolocation service returned ${geoResponse.status}: ${geoResponse.statusText}`); } let geoData; try { geoData = await geoResponse.json(); } catch (parseError) { console.error('Failed to parse geolocation response:', parseError); throw new Error('Invalid response format from geolocation service'); } if (geoData.status !== 'success') { throw new Error(`Geolocation failed: ${geoData.message || 'Invalid location data'}`); } // Countries that primarily use imperial system const imperialCountries = ['US', 'LR', 'MM']; // USA, Liberia, Myanmar const measurementSystem = imperialCountries.includes(geoData.countryCode) ? 'imperial' : 'metric'; const result: IPLocationResponse = { country: geoData.country, countryCode: geoData.countryCode, measurementSystem }; console.log('Location detected:', result); return new Response( JSON.stringify(result), { headers: { ...corsHeaders, 'Content-Type': 'application/json' } } ); } catch (error) { console.error('Error detecting location:', error); // Return default (metric) with 500 status to indicate error occurred // This allows proper error monitoring while still providing fallback data const defaultResult: IPLocationResponse = { country: 'Unknown', countryCode: 'XX', measurementSystem: 'metric' }; return new Response( JSON.stringify({ ...defaultResult, error: error instanceof Error ? error.message : 'Failed to detect location', fallback: true }), { headers: { ...corsHeaders, 'Content-Type': 'application/json' }, status: 500 } ); } });