UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

69 lines (68 loc) 3.12 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.shouldBlockRequest = shouldBlockRequest; const AgentSingleton_1 = require("../agent/AgentSingleton"); const Context_1 = require("../agent/Context"); const shouldRateLimitRequest_1 = require("../ratelimiting/shouldRateLimitRequest"); function shouldBlockRequest() { const context = (0, Context_1.getContext)(); if (!context) { logWarningShouldBlockRequestCalledWithoutContext(); return { block: false }; } const agent = (0, AgentSingleton_1.getInstance)(); if (!agent) { return { block: false }; } if (agent.isServerless()) { logWarningServerlessNotSupported(); return { block: false }; } if (context.executedMiddleware) { logWarningAlreadyExecutedMiddleware(); } (0, Context_1.updateContext)(context, "executedMiddleware", true); agent.onMiddlewareExecuted(); if (context.user && agent.getConfig().isUserBlocked(context.user.id)) { return { block: true, type: "blocked", trigger: "user" }; } const rateLimitResult = (0, shouldRateLimitRequest_1.shouldRateLimitRequest)(context, agent); if (rateLimitResult.block) { // Mark the request as rate limited in the context (0, Context_1.updateContext)(context, "rateLimitedEndpoint", rateLimitResult.endpoint); return { block: true, type: "ratelimited", trigger: rateLimitResult.trigger, ip: context.remoteAddress, }; } return { block: false }; } let loggedWarningShouldBlockRequestCalledWithoutContext = false; function logWarningShouldBlockRequestCalledWithoutContext() { if (loggedWarningShouldBlockRequestCalledWithoutContext) { return; } // eslint-disable-next-line no-console console.warn("Zen.shouldBlockRequest() was called without a context. The request will not be blocked. Make sure to call shouldBlockRequest() within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports)."); loggedWarningShouldBlockRequestCalledWithoutContext = true; } let loggedWarningAlreadyExecutedMiddleware = false; function logWarningAlreadyExecutedMiddleware() { if (loggedWarningAlreadyExecutedMiddleware) { return; } // eslint-disable-next-line no-console console.warn("Zen.shouldBlockRequest() was called multiple times. The middleware should be executed once per request."); loggedWarningAlreadyExecutedMiddleware = true; } let loggedWarningServerlessMiddleware = false; function logWarningServerlessNotSupported() { if (loggedWarningServerlessMiddleware) { return; } // eslint-disable-next-line no-console console.warn("Zen.shouldBlockRequest() was called within a serverless function. Rate limiting and user blocking are only supported for traditional/long running apps due to the constraints of serverless environments."); loggedWarningServerlessMiddleware = true; }