UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

67 lines (66 loc) 2.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.setUser = setUser; const isPlainObject_1 = require("../../helpers/isPlainObject"); const AgentSingleton_1 = require("../AgentSingleton"); const ContextStorage_1 = require("./ContextStorage"); function setUser(u) { const agent = (0, AgentSingleton_1.getInstance)(); if (!agent) { return; } const context = ContextStorage_1.ContextStorage.getStore(); if (!context) { logWarningSetUserCalledWithoutContext(); return; } const user = u; if (!(0, isPlainObject_1.isPlainObject)(user)) { agent.log(`setUser(...) expects an object with 'id' and 'name' properties, found ${typeof user} instead.`); return; } if (!("id" in user)) { agent.log(`setUser(...) expects an object with 'id' property.`); return; } if (typeof user.id !== "string" && typeof user.id !== "number") { agent.log(`setUser(...) expects an object with 'id' property of type string or number, found ${typeof user.id} instead.`); return; } if (typeof user.id === "string" && user.id.length === 0) { agent.log(`setUser(...) expects an object with 'id' property non-empty string.`); return; } const validatedUser = { id: user.id.toString() }; if (typeof user.name === "string" && user.name.length > 0) { validatedUser.name = user.name; } if (context.executedMiddleware) { logWarningSetUserCalledAfterMiddleware(); } context.user = validatedUser; const ipAddress = context.remoteAddress; agent.getUsers().addUser({ id: validatedUser.id, name: validatedUser.name, lastIpAddress: ipAddress, }); } let loggedWarningSetUserCalledAfterMiddleware = false; function logWarningSetUserCalledAfterMiddleware() { if (loggedWarningSetUserCalledAfterMiddleware) { return; } // eslint-disable-next-line no-console console.warn(`setUser(...) must be called before the Zen middleware is executed.`); loggedWarningSetUserCalledAfterMiddleware = true; } let loggedWarningSetUserCalledWithoutContext = false; function logWarningSetUserCalledWithoutContext() { if (loggedWarningSetUserCalledWithoutContext) { return; } // eslint-disable-next-line no-console console.warn("setUser(...) was called without a context. The user will not be tracked. Make sure to call setUser(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports)."); loggedWarningSetUserCalledWithoutContext = true; }