Express IP Whitelist

An express middleware for access permissions based on Host/IP addresses. Hosts/IPs of the clients that are not on the whitelist have access blocked.

Features

• Create a list of permissions with hostnames and IP addresses and control who can access the resources of your API;
• Support IPv4, IPv6, CIDR format & IPv4 mapped IPv6 addresses;
• Custom log function;
• Custom message function.

Installation

npm i @nutes-uepb/express-ip-whitelist

Usage

To use middleware is very simple, just import and then define your list of permissions and available options, such as log and message.

const whitelist = require('@nutes-uepb/express-ip-whitelist');

// Create middleware.
const middleware = whitelist(['127.0.0.1', 'www.client.com'], options);

// Injecting middleware into instance express
const express = require('express');
const app = express();
app.use(middleware);

Options

const options = {  
  log: (clientIp, accessDenied) => {
      console.log(`${clientIp} access ${accessDenied ? 'denied!' : 'allowed!'}`)  
 }, message: function (err, clientIp) {  
	  return {error: `Client with IP address ${clientIp} is not allowed!`}  
 }};

The options are not mandatory and have default values.

• log: Allows you to manipulate the log on each request. To disable log assign its value equal to false.
  • Valor default:

    function (clientIp, accessDenied) {	
        console.log(`Access ${accessDenied ? 'denied' : 'allowed'} for ip address ${clientIp}`)  
    }

• message: Allows you to handle the error message when the client IP is not on the whitelist. The status code will always be 401.
  • Valor default:

    function (err, clientIp) {  
        return {  
            code: '401',  
            message: 'Unauthorized',  
            description: `Access denied for IP address ${clientIp}`  
        }  
    }