deter
v2.0.0
Published
Send a request to a default route using an IP whitelist/blacklist
Downloads
332
Maintainers
Readme
deter
Send a request to a default route using an IP whitelist/blacklist
Example
const filterRoute = deter(
{whitelist: ['127.0.0.1', '172.16.18.0/24', '::1']}, // ipv6! wow!
onBadIp
)
const server = http.createServer(filterRoute(onGoodIp))
server.listen(8080)
function onBadIp(req, res) {
res.statusCode = 403
res.end()
}
function onGoodIp(req, res) {
res.statusCode = 200
res.end(`you're in!`)
}
API
deter(options, [defaultRoute], [lookup]) -> function
options
(object) an options object, with only one of the following keys; you can choose a whitelist or a blacklist, but not both:whitelist
(array) a list of CIDR strings that should be allowed throughblacklist
(array) a list of CIDR strings that should be denied
onFail
(function) a route to be processed if a request fails the whitelist/blacklist. It will be passed all parameters sent through the route when called on failure.lookup
(optional, function) a lookup function that gets the IP address from the request object; by default, this looks at any place the node http server might put an address (see the section on addresses for details). If you need to get an IP from ax-forwarded-for
header, say, you can provide your own lookup function, with this form:lookup(requestObject) -> ip (string)
Notes
- If you provide an invalid IP or CIDR in the whitelist/blacklist, the
constructor will
throw
; if this is a problem for you, be sure totry/catch
- ipv6 is supported, including CIDR notation
deter
expects to route on a message whose first parameter is either ahttp.IncomingMessage
or anet.Socket
, conforming to the node.js HTTP/HTTPS and socket servers. It does not care what any of the other parameters are, and will pass them through to your route/failure function.- Deter looks for addresses in the following places, which should cover all of
the major node versions; you should be able to pass it your
request or socket and have the right thing occur:
request.connection.remoteAddress
request.socket.remoteAddress
request.connection.socket.remoteAddress
socket.remoteAddress
If you need to look elsewhere for an address: don't fret, just provide your own lookup function:
const filterRoute = deter(
{whitelist: ['127.0.0.1', '172.16.18.0/24']},
onBadIp,
lookup
)
const server = http.createServer(filterRoute(onGoodIp))
server.listen(8080)
function lookup(req) {
if (req.headers && req.headers['x-forwarded-for']) {
return req.headers['x-forwarded-for'].split(',')[0]
}
}
License
Apache 2.0, see LICENSE for details.