feat: add geolocation data to Netlify Dev

[eduardoboucas]

Summary

Adds geolocation data to Netlify Dev when using Edge Functions. It retrieves the geolocation data from https://netlifind.netlify.app/ and caches it locally for 24h, to avoid making a request every time the app starts.

When the request fails, or when CLI is used with the --offline flag, we use a mock location (San Francisco).

A new --geo flag is added to the dev command with the following values:

• cache (default): Uses the geolocation cached locally if it's not older than 24h. Otherwise, it retrieves it from the API.
• update: Retrieves geolocation data from the API, even if there is a cached version.
• mock: Does not make any requests to the API and uses the mock location.

[github-actions]

📊 Benchmark results

Comparing with 2c58896

Package size: 273 MB

(no change)

^  380 MB  380 MB  380 MB  380 MB  380 MB  380 MB  380 MB  380 MB  380 MB  380 MB  380 MB  380 MB         
│   ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐          
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |          
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |          
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |          
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |          
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |   273 MB 
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    ┌──┐  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
└───┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴──>
    T-12    T-11    T-10    T-9     T-8     T-7     T-6     T-5     T-4     T-3     T-2     T-1      T    

Legend

• T-30 (2c58896): 273 MB
• T-29 (8945228): 273 MB
• T-28 (9998550): 273 MB
• T-27 (d9bb192): 273 MB
• T-26 (129216e): 273 MB
• T-25 (59c3670): 273 MB
• T-24 (fbd4510): 380 MB
• T-23 (47181a4): 380 MB
• T-22 (d8bc64e): 380 MB
• T-21 (02c8c8a): 380 MB
• T-20 (15d351e): 380 MB
• T-19 (647ad4d): 380 MB
• T-18 (c285dbc): 380 MB
• T-17 (4ad0b45): 380 MB
• T-16 (a668861): 380 MB
• T-15 (1cb5a91): 380 MB
• T-14 (15f34db): 380 MB
• T-13 (3725113): 380 MB
• T-12 (62e64c4): 380 MB
• T-11 (3840cc4): 380 MB
• T-10 (0f69bb5): 380 MB
• T-9 (ccd26a5): 380 MB
• T-8 (6866549): 380 MB
• T-7 (6a16b6e): 380 MB
• T-6 (1fd0c2c): 380 MB
• T-5 (84fa9f6): 380 MB
• T-4 (e4f6ef0): 380 MB
• T-3 (ec31485): 380 MB
• T-2 (14d3714): 380 MB
• T-1 (0b40103): 380 MB
• T (current commit): 273 MB

[ascorbic]

It might be good to add a check for user-agent in the API, to stop somebody deciding to use it as a free, unlimited geoip service

[eduardoboucas]

It might be good to add a check for user-agent in the API, to stop somebody deciding to use it as a free, unlimited geoip service

The service will return geolocation data only for the requesting IP, as opposed to accepting an IP address as input, so it will be less useful as a service? Also, I'm not sure that checking the UA will help, since it can be easily spoofed.

[ascorbic]

The scenario I'm thinking about is somebody using it in their site to get the visitor's IP. It wouldn;t be spoofable then as it's the user's browser.

[mraerino]

long-term we should require an api token from the user. We can't easily build that in right now because the api tokens can only be verified by bitballoon and not as stateless JWTs.
if it should become a problem soon, we should build the endpoint into bitballoon instead.

technically anybody could build such an api with edge functions though. it would just be easier for us to kick them off our service.

[mraerino]

you don't need to verify the user-agent though since CORS prevents usage from other websites through browsers

[ascorbic]

I do forget that CORS exists for purposes other than wasting mornings on broken header configurations.

[mraerino]

LGTM

still slightly terrified of reviewing non-typescript code 🙈

[eduardoboucas]

still slightly terrified of reviewing non-typescript code 🙈

And I'm terrified of writing it! 🙊

[ascorbic]

It's not quite the same, but // @ts-check with JSDoc types are better than nothing.

[eduardoboucas]

It's not quite the same, but // @ts-check with JSDoc types are better than nothing.

Totally. We've been doing this in every new file we add to the CLI, and it was missing from this PR. Added in 2f6c520.

I've also fixed some tests.

Could I get another ✅ , please?