npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

wafjs

v1.0.3

Published

Simple WAF to integrate with Node.js web systems

Downloads

29

Readme

WAF-JS Simple WAF to integrate with Node.js web systems


Build Status Coverage Status License: MIT npm node Gitter


Description

WAF-JS is a simple WAF developed for basic protection on Node.JS web systems, providing basic bot detection, HTTP method checking and some HTTP headers analysis. With a simple package install and passing some arguments, it can check if you want to continue handling the request, or simply drop it, log it or redirect it somewhere else.

It can be configurable by passing the allowed / desirable HTTP request methods and content types, and it also makes it possible to extend the current bot signatures.


Instalation

In order to install WAF-JS package, simply run: npm install wafjs --save


Available Methods

  • isBotCheck({'user-agent'}) Based on pre-defined rules / signatures (with the possibility of extending them), and taking the user-agent field from the request headers, it tries to check of the request is from a known bot / crawler / spider, etc.. Receives the user-agent as argument and returns a boolean value (if bot: true | not bot: false)

  • extendBotSigs({signatures}) Allows the extension of pre-defined bot / crawlers, spiders, etc... signatures. Receives an array of signatures to be added to the pre-defined ones.

  • removeBotSig({signature}) Removes a signature from the list.

  • reqCheck({request method}, {content-type}) Checks the request, analysing the HTTP request method and content type, and matching it with the given config (allowed methods & content types). Receives the request method and request headers content-type property and returns a boolean value (valid / allowed request: true | invalid / forbidden request: false)

  • wafChecks({user-agent}, {request method}, {content-type}) Performs both checks (bot and requests) returning a boolean value as response, according with the validity of the request components. Receives the request headers user-agent property, the request method and the request headers content-type property as parameters. Returns a boolean (not a bot AND valid request: true | is bot OR invalid request: false)


Configuration & Usage

The following arguments are required to be passed to WAFJS

  • Configuration object containing the allowedMethods & contentTypes

example of base config:


const baseConfig = {
  allowedMethods: ['GET', 'POST', 'PATCH', 'DELETE'], // allowed / desired HTTP methods
  contentTypes: ['application/json', 'multipart/form-data'] // allowed / desired content-types
}

The wafjs package exports a class (WAFJS), wich can be instantiated as follows:

// package requirement
const { WAFJS } = require('wafjs') 

// declaring new WAFJS class instance
let _wafjs = new WAFJS(baseConfig)

// usage example | bot check
if(_wafjs.isBotCheck(req.headers['user-agent'])){
  res.statusCode = 403
  res.end()
}


// usage example | extend bot signatures
_wafjs.extendBotSigs(['newSig#1', 'newSig#2'])


// usage example | remove signature
_wafjs.removeBotSig('newSig#1')


// usage example | request check
if(_wafjs.reqCheck(req.method, req.headers['content-type'])){
  res.statusCode = 403
  res.end()
}


// usage example | waf checks
if(_wafjs.wafChecks(req.headers['user-agent'], req.method, req.headers['content-type'])){
  res.statusCode = 403
  res.end()
}

Express.JS (and other frameworks) integration example

WAFJS can easily be integrated into ExpressJS as middleware, analysing the request before any further handling by the web system:

  // WAF middleware validation & request id injection on every request
  express.use(async (req, res, next) => {
    if(_wafjs.reqCheck(req.method, req.headers['content-type']))
      res.status(403).send()
  });

WAFJS may also be easily integrated in other frameworks (Loopback, etc..) using the same approach as described above.