npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

express-ip-access-control

v1.1.3

Published

An express.js middleware for access control.

Downloads

20,832

Readme

Express IP Access Control

An express middleware for access control base on IP addresses.

Installation

npm i express-ip-access-control

Features

  • Control who can access resources base on IP addresses.
  • Support Express 4.
  • Support IPv4, IPv6, CIDR format & IPv4 mapped IPv6 addresses (using ipaddr.js).
  • Deny mode (Blacklist) & Allow mode (Whitelist).
  • Choose from connection address or real address. You may find it useful if you are behind proxy and needed to reject direct access.
  • Custom action on denied. (Redirect or show error message)
  • Custom log function.

Usage

You may want to know somethings about Express and Express's middleware first.

var AccessControl = require('express-ip-access-control');

// Create middleware.
var middleware = AccessControl(options);

// Or directly load it into the app.
var express = require('express');
var app = express();
app.use(AccessControl(options));

Options

var options = {
	mode: 'deny',
	denys: [],
	allows: [],
	forceConnectionAddress: false,
	log: function(clientIp, access) {
		console.log(clientIp + (access ? ' accessed.' : ' denied.'));
	},

	statusCode: 401,
	redirectTo: '',
	message: 'Unauthorized'
};

mode (default: 'deny')

'deny' mode (Blacklist)

Allow by default, only deny IPs in the blacklist (denys) and not excluded by the whitelist (allows).

'allow' mode (Whilelist)

Deny by default, only allow IPs in the whitelist (allows) and not excluded by the blacklist (denys).

denys (default: [])

The blacklist. Works differently in different mode. Support IPv4, IPv6, CIDR format or mixed. IPv4 mapped IPv6 addresses will be converted into IPv4.

allows (default: [])

The whitelist. Works differently in different mode. Support IPv4, IPv6, CIDR format or mixed. IPv4 mapped IPv6 addresses will be converted into IPv4.

forceConnectionAddress (default: false)

If set to true, the connection address (req.connection.remoteAddress) will be used even express.set('trust proxy', []) set the req.ip. So that you can reject direct access if you are behind proxy and needed to do so.

log (default: Simple log function)

Pass a log function or false to disable log. The function should have signature like this Function(String clientIp, Boolean access).

statusCode (default: 401)

The HTTP status code sent when denied. Set to 301 or 302 means redirect to redirectTo. Will be parseInt(statusCode, 10) to ensure it is a integer.

redirectTo (default: '')

The URL to redirect when denied and statusCode is set to redirect. It will be passed into res.redirect(statusCode, redirectTo) directly, without any validation or manipulation.

message (default: 'Unauthorized')

The message sent when denied and statusCode is not set to redirect. It will be passed into res.send(message) directly, without any validation or manipulation.

Functions

ipMatch()

AccessControl.ipMatch(clientIp, list);

Return true if clientIp is in the list, false if not. The function will return false if the clientIp is not valid or the list is empty.

  • (String) clientIp is the IP address (IPv4 / IPv6) to check. IPv4 mapped IPv6 addresses will be converted into IPv4.
  • (Array of String) list is the list / range of IP address. Support IPv4, IPv6, CIDR format or mixed. IPv4 mapped IPv6 addresses will be converted into IPv4.

Repository

You may find the source code on GitHub. Please feel free to report bugs and contribute your changes.

License

MIT