@aikidosec/firewall/agent/api/fetchBlockedLists.js

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.fetchBlockedLists = fetchBlockedLists;
const fetch_1 = require("../../helpers/fetch");
const getAPIURL_1 = require("../getAPIURL");
async function fetchBlockedLists(token) {
    const baseUrl = (0, getAPIURL_1.getAPIURL)();
    const { body, statusCode } = await (0, fetch_1.fetch)({
        url: new URL(`${baseUrl.toString()}api/runtime/firewall/lists`),
        method: "GET",
        headers: {
            // We need to set the Accept-Encoding header to "gzip" to receive the response in gzip format
            "Accept-Encoding": "gzip",
            Authorization: token.asString(),
        },
        timeoutInMS: 60 * 1000,
    });
    if (statusCode !== 200) {
        if (statusCode === 401) {
            throw new Error(`Unable to access the Aikido platform, please check your token.`);
        }
        throw new Error(`Failed to fetch blocked lists: ${statusCode}`);
    }
    const result = JSON.parse(body);
    return {
        blockedIPAddresses: result && Array.isArray(result.blockedIPAddresses)
            ? result.blockedIPAddresses
            : [],
        allowedIPAddresses: result && Array.isArray(result.allowedIPAddresses)
            ? result.allowedIPAddresses
            : [],
        // Blocked user agents are stored as a string pattern for usage in a regex (e.g. "Googlebot|Bingbot")
        blockedUserAgents: result && typeof result.blockedUserAgents === "string"
            ? result.blockedUserAgents
            : "",
    };
}