npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

nestjs-ip-filter

v0.2.0

Published

A NestJS Guard for filtering IP addresses

Downloads

673

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

awesometicawesometic

Keywords

nestjsip filterwhitelistblacklist

Readme

NestJS IP Filter

Now we can filter the incoming requests by setting the whitelist and the blacklist IP addresses.

It will work using the built-in feature in NestJS, Guard, so it works like a charm as it should be and as much as it should do.

The Guard recognizes the requester's IP address using @supercharge/request-ip package.

How to install

Simply, install using NPM by the following command.

npm install nestjs-ip-filter

Usage

Use Regex for the IP list

In Express-based framework, the incoming IP address will have prefix ::ffff: characters. So if you have put (^192.168.) into the whitelist, it won't work because that regex describes it must have number 1 as a first character. So for now, you should put that prefix for your regex string like (^::ffff:192.168.). Will patch the source codes in the near future.

You can use the Regex format string for the IP ranges.

For a simple example, if you want to allow the private network hosts in 192.168.0.1/16, you can write the Regex string like the below.

# 192.168.0.0 ~ 192.168.255.255
(^192.168.)

Check the other use cases.

# 192.168.0.100 ~ 192.168.0.110
(^192.168.0.1[0-1]0)

# 172.16.16.10, 172.16.17.10, 172.16.18.10
(^172.16.1[6-8].10)

# 110~119.*
(^11[0-9].*)

And, writing in this way also works on this package.

But be aware of that you should write the Regex string very carefully to avoid allowing unwanted incoming IP addresses.

Basic usage for Whitelist

You can initialize the dedicated Guard using non-async or async mode, as the other NestJS packages support.

Use register for the static IP address list.

IpFilter.register({
  whitelist: [
    '(^::1)',
    '(^192.168.)',
    '127.0.0.1',
  ],
}),

Or, use registerAsync for the provided IP addresses from the other Provider, such as ConfigModule or RepositoryModule for your database.

// If it would like to get the whitelist IPs from a config file,
// and if MyConfigModule provides that

IpFilter.registerAsync({
  imports: [ MyConfigModule ],
  inject: [ MyConfigService ],
  useFactory: async (myConfigService: MyConfigService) => ({
    whitelist: myConfigService.getWhitelist(),
  }),
}),

Yeah, you can use your method to provide some async data.

After setting up the IpFilter module with the register* method, this will accept only the incoming requests for the given whitelist IP addresses.

Blacklist

You can deny the requests that are from the blacklist IPs.

Use blacklist option to let the Guard know the list.

// If it would like to get the whitelist IPs from a config file,
// and if MyConfigModule provides that

IpFilter.registerAsync({
  imports: [ MyConfigModule ],
  inject: [ MyConfigService ],
  useFactory: async (myConfigService: MyConfigService) => ({
    whitelist: myConfigService.getWhitelist(),
    blacklist: myConfigService.getBlacklist(),
  }),
}),

Then its NestJS Guard will deny all the IPs which are from the blacklist.

Use IpFilterDenyException when denying a request

You can handle the denial condition by catching the HTTP exception.

If you want to throw that IpFilterDenyException when denial, set the option useDenyException to true.

// If it would like to get the whitelist IPs from a config file,
// and if MyConfigModule provides that

IpFilter.registerAsync({
  imports: [ MyConfigModule ],
  inject: [ MyConfigService ],
  useFactory: async (myConfigService: MyConfigService) => ({
    whitelist: myConfigService.getWhitelist(),
    blacklist: myConfigService.getBlacklist(),
    useDenyException: true,
  }),
}),

Then it will throw IpFilterDenyException when the request is denied for the given whitelist or the blacklist.

So that, you can handle the denied request and can send a custom response on that handler, using NestJS Exception Filter.

When the Guard throws an exception, it will also carry some informative data like the incoming IP address, current whitelist and blacklist.

Inject IpFilterService

If you want, you can inject IpFilterService into your code and can see current options you put when you initialize it. And, you can set the whitelist and the blacklist too.

Inject the service using the IPFILTER_TOKEN module.

@Injectable()
export class SomeService {
  constructor(
    @inject(IPFILTER_TOKEN)
    private readonly ipFilterService: IpFilterService
  ) {}
  // ...
}

Then you can edit the whitelist, blacklist IP addresses dynamically.

this.ipFilterService.whitelist = [ {NEW_WHITELIST} ];
this.ipFilterService.blacklist = [ {NEW_BLACKLIST} ];

Example project

This repository contains an example project of this nestjs-ip-filter package.

Move to example directory and run the following commands.

npm ci
npm start:debug

Then, the example project will run in 3001 port.

With the curl command, you can do a simple test for the project.

curl -X GET -H "Content-Type: application/json" http://localhost:3001/ipfilter

It will result like the below, if your localhost IP is accepted for the whitelist.

{"whitelist":["(^::1)","(^192.168.)","127.0.0.1"],"blacklist":[]}

If it denies, it will result like the below. Check the ipFilterData field.

{"statusCode":403,"timestamp":"2022-06-13T09:29:40.452Z","ipFilterData":{"clientIp":"::ffff:127.0.0.1","whitelist":["(^::1)","(^192.168.)"],"blacklist":[]},"path":"/ipfilter"}

Our exception filter put that additional field on the typical HttpException results.

You can test the projects with your local host IP address, by editing the whitelist and the blacklist.

License

It follows the MIT license.