crowdsec-client
v1.0.0
Published
A Crowdsec client that allow you to easily create bouncer or watcher
Downloads
96
Readme
crowdsec-client
This library is a Node.js client to talk with crowdsec rest API .
Start
install it
npm i crowdsec-client
and then read the documentation in the wiki
Usage
as a Bouncer
First, create a client, pointing to your crowdsec instance . With a bouncer api key (doc)
const client = new BouncerClient({
url: process.env.CROWDSEC_URL,
auth: {
apiKey: process.env.CROWDSEC_API_KEY || ''
},
//use this option if you use a self signed ssl certificate
strictSSL: false
});
await client.login();
Second, ask for a decision
const stream = client.Decisions.getStream({
//the stream will poll the API at the interval . in ms
interval: 10000
});
//or with filters
const filteredStream = client.Decisions.getStream({
//the stream will poll the API at the interval . in ms
interval: 10000,
scopes: ['ip', 'range'],
origins: ['capi'] ,
scenarios_containing: ['bruteforce'],
scenarios_not_containing: ['slow'],
});
now, use this stream
import * as stream from "stream";
stream.on('added', (decision) => {
//will be emited when a new decision is added
});
stream.on('deleted', (decision) => {
//will be emitted when a decision is deleted
});
//you can control the stream
//start the stream
stream.resume();
//pause the stream
stream.pause()
//check if the stream is paused
if(stream.paused) {
}
as a Watcher
First, create a client, pointing to your crowdsec instance . With a machine login/password (doc)
const client = new WatcherClient({
url: process.env.CROWDSEC_URL,
auth: {
machineID: 'nameOfTheMachine',
password: 'password',
//the crowdsec token is valid for only 1h ... did you want to autorenew it ?
autoRenew: true,
},
//use this option if you use a self signed ssl certificate
strictSSL: false
});
await client.login();
Search for Alert
//get alerts with an active decision
const alerts = await client.Alerts.search({
has_active_decision: true
});
//select one alert
const alert = alerts[0]
if(!alert.id) {
//do something if no id
}
//delete it ?
await client.Alerts.deleteById(alert.id);
//or delete all the alerts about an ip
await client.Alerts.delete({
ip: '127.0.0.1'
});
More authentications options (like TLS) are documented in the wiki
Debug
this library include debug, to debug, you can set the env variable :
DEBUG=crowdsec-client:*