UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

31 lines (30 loc) 1.28 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.addExpressMiddleware = addExpressMiddleware; const shouldBlockRequest_1 = require("./shouldBlockRequest"); const escapeHTML_1 = require("../helpers/escapeHTML"); /** * Calling this function will setup rate limiting and user blocking for the provided Express app. * Attacks will still be blocked by Zen if you do not call this function. * Execute this function as early as possible in your Express app, but after the middleware that sets the user. */ function addExpressMiddleware(app) { app.use((req, res, next) => { const result = (0, shouldBlockRequest_1.shouldBlockRequest)(); if (result.block) { if (result.type === "ratelimited") { let message = "You are rate limited by Zen."; if (result.trigger === "ip" && result.ip) { message += ` (Your IP: ${(0, escapeHTML_1.escapeHTML)(result.ip)})`; } res.status(429).type("text").send(message); return; } if (result.type === "blocked") { res.status(403).type("text").send("You are blocked by Zen."); return; } } next(); }); }