npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

crowdsec-http-middleware

v0.0.8

Published

HTTP server middleware that can act as a crowdsec bouncer/watcher

Downloads

36

Readme

crowdsec-http-middleware

NPM version CI codecov Downloads License Known Vulnerabilities

Donate GitHub stars Package Quality

Bugs Code Smells Duplicated Lines (%) Lines of Code Maintainability Rating Quality Gate Status Reliability Rating Security Rating Technical Debt Vulnerabilities

Dependencies update - renovate

NPM

This library is a Node.js client to talk with crowdsec rest API .

Start

install it

npm i crowdsec-http-middleware

and then read the documentation in the wiki

This package, support a default setup, with default scenarios . You can use the default mode by installing crowdsec-http-middleware and crowdsec-client-scenarios, and passing an empty scenarios configuration

npm i crowdsec-http-middleware crowdsec-client-scenarios

you can read what are the default scenarios enabled in crowdsec-client-scenarios

Usage

This package, is a base package to create HTTP Middleware for HTTP Servers

You can use it like :

import * as http from 'http';
import { CrowdSecHTTPMiddleware } from 'crowdsec-http-middleware';

// init the middleware (we will see the options later)
const middleware = new CrowdSecHTTPMiddleware(middlewareOptions);
//wait async stuff like connection to crowdsec LAPI
await middleware.start();

const server = http.createServer((req: IncomingMessage & { ip?: string; decision?: Decision }, res: ServerResponse) => {
    try {
        middleware.getMiddleware()(req, res);
    } catch (e) {
        console.error('middleware error', e);
    }

    if (!req.decision) {
        res.statusCode = 200;
        res.setHeader('Content-Type', 'text/plain');
        res.end('Hello, World!');
        return;
    }

    res.statusCode = 403;
    res.setHeader('Content-Type', 'text/plain');
    res.end(`You can't access this api, because you are : ${req.decision?.type}`);
});

const port: number = 3000;
server.listen(port, () => {
    console.log(`Server running at http://localhost:${port}/`);
});

options

options are described here : technical documentation

First the global options

const middlewareOptions: ICrowdSecHTTPMiddlewareOptions = {
    // this is the url of the crowdsec instances
    url: process.env.CROWDSEC_URL,
    // options to pass to the crowdsec-client
    clientOptions: {
        // for example, to disable ssl certificate verification
        strictSSL: false
    },
    // here, an optional function to extract Ip from request
    // you can also use a scenario with "extractIp" capability
    // getCurrentIp is prior to scenarios extractIp . If you want to use a default function, create a scenario with only extractIp
    getCurrentIp: (req: IncomingMessage) => req.socket.remoteAddress || '0.0.0.0',
    //we will see this configurations later
    watcher: watcherOptions,
    bouncer: bouncerOptions
}

Watcher options

the watcher options allow you to setup an optional watcher . The watcher, will connect with crowdsec LAPI, and run scenarios to send alerts when analyzing requests

you need to remember, that crowdSec is an IDS, it will detect the alert and block it the next time

about authentication, you can also use TLS certificates . Check the wiki

const watcherOptions = {
    machineID: 'myMachine',
    password: 'myPassword',
    // send heartbeat to LAPI ? it allow the LAPI to see the watcher "online"
    heartbeat: true,
    // a list of scenarios constructors that will be used
    scenarios: [],
    // options passed to the scenarions
    scenariosOptions: {}
}

you can read more about scenarios and scenarioOptions in the crowdsec-client-scenario package

Bouncer options

bouncer, will check if a decision is associated with the current IP .

about authentication, you can also use TLS certificates . Check the wiki

const bouncerOptions = {
    apiKey: process.env.CROWDSEC_API_KEY || ''
}

When a decision is found by the bouncer, req.decision will contain the decision

Debug

this library include debug, to debug, you can set the env variable :

DEBUG=crowdsec-http-middleware:*