@aikidosec/firewall
Version:
Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks
42 lines (41 loc) • 1.89 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.shouldBlockRequest = shouldBlockRequest;
const AgentSingleton_1 = require("../agent/AgentSingleton");
const Context_1 = require("../agent/Context");
const shouldRateLimitRequest_1 = require("../ratelimiting/shouldRateLimitRequest");
function shouldBlockRequest() {
const context = (0, Context_1.getContext)();
if (!context) {
logWarningShouldBlockRequestCalledWithoutContext();
return { block: false };
}
const agent = (0, AgentSingleton_1.getInstance)();
if (!agent) {
return { block: false };
}
(0, Context_1.updateContext)(context, "executedMiddleware", true);
agent.onMiddlewareExecuted();
if (context.user && agent.getConfig().isUserBlocked(context.user.id)) {
return { block: true, type: "blocked", trigger: "user" };
}
const rateLimitResult = (0, shouldRateLimitRequest_1.shouldRateLimitRequest)(context, agent);
if (rateLimitResult.block) {
return {
block: true,
type: "ratelimited",
trigger: rateLimitResult.trigger,
ip: context.remoteAddress,
};
}
return { block: false };
}
let loggedWarningShouldBlockRequestCalledWithoutContext = false;
function logWarningShouldBlockRequestCalledWithoutContext() {
if (loggedWarningShouldBlockRequestCalledWithoutContext) {
return;
}
// eslint-disable-next-line no-console
console.warn("shouldBlockRequest() was called without a context. The request will not be blocked. Make sure to call shouldBlockRequest() within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports).");
loggedWarningShouldBlockRequestCalledWithoutContext = true;
}