@aikidosec/firewall
Version:
Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.
154 lines (153 loc) • 6.06 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getWrappers = getWrappers;
exports.protect = protect;
exports.lambda = lambda;
exports.cloudFunction = cloudFunction;
const ChildProcess_1 = require("../sinks/ChildProcess");
const Fetch_1 = require("../sinks/Fetch");
const FileSystem_1 = require("../sinks/FileSystem");
const HTTPRequest_1 = require("../sinks/HTTPRequest");
const MariaDB_1 = require("../sinks/MariaDB");
const MongoDB_1 = require("../sinks/MongoDB");
const MySQL_1 = require("../sinks/MySQL");
const MySQL2_1 = require("../sinks/MySQL2");
const Path_1 = require("../sinks/Path");
const Postgres_1 = require("../sinks/Postgres");
const Undici_1 = require("../sinks/Undici");
const Express_1 = require("../sources/Express");
const FunctionsFramework_1 = require("../sources/FunctionsFramework");
const Hono_1 = require("../sources/Hono");
const HTTPServer_1 = require("../sources/HTTPServer");
const Lambda_1 = require("../sources/Lambda");
const PubSub_1 = require("../sources/PubSub");
const Agent_1 = require("./Agent");
const AgentSingleton_1 = require("./AgentSingleton");
const ReportingAPINodeHTTP_1 = require("./api/ReportingAPINodeHTTP");
const ReportingAPIRateLimitedClientSide_1 = require("./api/ReportingAPIRateLimitedClientSide");
const ReportingAPIRateLimitedServerSide_1 = require("./api/ReportingAPIRateLimitedServerSide");
const ReportingAPIThatValidatesToken_1 = require("./api/ReportingAPIThatValidatesToken");
const Token_1 = require("./api/Token");
const getAPIURL_1 = require("./getAPIURL");
const LoggerConsole_1 = require("./logger/LoggerConsole");
const LoggerNoop_1 = require("./logger/LoggerNoop");
const GraphQL_1 = require("../sources/GraphQL");
const Xml2js_1 = require("../sources/Xml2js");
const FastXmlParser_1 = require("../sources/FastXmlParser");
const SQLite3_1 = require("../sinks/SQLite3");
const XmlMinusJs_1 = require("../sources/XmlMinusJs");
const Hapi_1 = require("../sources/Hapi");
const Shelljs_1 = require("../sinks/Shelljs");
const NodeSQLite_1 = require("../sinks/NodeSQLite");
const BetterSQLite3_1 = require("../sinks/BetterSQLite3");
const isDebugging_1 = require("../helpers/isDebugging");
const shouldBlock_1 = require("../helpers/shouldBlock");
const Postgresjs_1 = require("../sinks/Postgresjs");
const Fastify_1 = require("../sources/Fastify");
const Koa_1 = require("../sources/Koa");
const Restify_1 = require("../sources/Restify");
const ClickHouse_1 = require("../sinks/ClickHouse");
const Prisma_1 = require("../sinks/Prisma");
const AwsSDKVersion2_1 = require("../sinks/AwsSDKVersion2");
const OpenAI_1 = require("../sinks/OpenAI");
const AwsSDKVersion3_1 = require("../sinks/AwsSDKVersion3");
const AiSDK_1 = require("../sinks/AiSDK");
const Mistral_1 = require("../sinks/Mistral");
const Anthropic_1 = require("../sinks/Anthropic");
const GoogleGenAi_1 = require("../sinks/GoogleGenAi");
function getLogger() {
if ((0, isDebugging_1.isDebugging)()) {
return new LoggerConsole_1.LoggerConsole();
}
return new LoggerNoop_1.LoggerNoop();
}
function validatesToken(api) {
return new ReportingAPIThatValidatesToken_1.ReportingAPIThatValidatesToken(api);
}
function clientSideRateLimited(api) {
return new ReportingAPIRateLimitedClientSide_1.ReportingAPIRateLimitedClientSide(api, {
maxEventsPerInterval: 100,
intervalInMs: 60 * 60 * 1000,
});
}
function serverSideRateLimited(api) {
return new ReportingAPIRateLimitedServerSide_1.ReportingAPIRateLimitedServerSide(api);
}
function getAPI() {
return validatesToken(serverSideRateLimited(clientSideRateLimited(new ReportingAPINodeHTTP_1.ReportingAPINodeHTTP((0, getAPIURL_1.getAPIURL)()))));
}
function getTokenFromEnv() {
return process.env.AIKIDO_TOKEN
? new Token_1.Token(process.env.AIKIDO_TOKEN)
: undefined;
}
function startAgent({ serverless }) {
const current = (0, AgentSingleton_1.getInstance)();
if (current) {
return current;
}
const agent = new Agent_1.Agent((0, shouldBlock_1.shouldBlock)(), getLogger(), getAPI(), getTokenFromEnv(), serverless);
(0, AgentSingleton_1.setInstance)(agent);
agent.start(getWrappers());
return agent;
}
function getWrappers() {
return [
new Express_1.Express(),
new MongoDB_1.MongoDB(),
new Postgres_1.Postgres(),
new MySQL_1.MySQL(),
new MySQL2_1.MySQL2(),
new PubSub_1.PubSub(),
new FunctionsFramework_1.FunctionsFramework(),
new ChildProcess_1.ChildProcess(),
new FileSystem_1.FileSystem(),
new HTTPRequest_1.HTTPRequest(),
new Fetch_1.Fetch(),
new Undici_1.Undici(),
new Path_1.Path(),
new HTTPServer_1.HTTPServer(),
new Hono_1.Hono(),
new GraphQL_1.GraphQL(),
new OpenAI_1.OpenAI(),
new Mistral_1.Mistral(),
new Anthropic_1.Anthropic(),
new Xml2js_1.Xml2js(),
new FastXmlParser_1.FastXmlParser(),
new SQLite3_1.SQLite3(),
new XmlMinusJs_1.XmlMinusJs(),
new Shelljs_1.Shelljs(),
new Hapi_1.Hapi(),
new MariaDB_1.MariaDB(),
new NodeSQLite_1.NodeSQLite(),
new BetterSQLite3_1.BetterSQLite3(),
new Postgresjs_1.Postgresjs(),
new Fastify_1.Fastify(),
new Koa_1.Koa(),
new Restify_1.Restify(),
new ClickHouse_1.ClickHouse(),
new Prisma_1.Prisma(),
new AwsSDKVersion3_1.AwsSDKVersion3(),
// new Function(), Disabled because functionName.constructor === Function is false after patching global
new AwsSDKVersion2_1.AwsSDKVersion2(),
new AiSDK_1.AiSDK(),
new GoogleGenAi_1.GoogleGenAi(),
];
}
function protect() {
startAgent({
serverless: undefined,
});
}
function lambda() {
startAgent({
serverless: "lambda",
});
return Lambda_1.createLambdaWrapper;
}
function cloudFunction() {
startAgent({
serverless: "gcp",
});
return FunctionsFramework_1.createCloudFunctionWrapper;
}