@aikidosec/firewall/middleware/express.js

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.addExpressMiddleware = addExpressMiddleware;
const shouldBlockRequest_1 = require("./shouldBlockRequest");
const escapeHTML_1 = require("../helpers/escapeHTML");
/**
 * Calling this function will setup rate limiting and user blocking for the provided Express app.
 * Attacks will still be blocked by Zen if you do not call this function.
 * Execute this function as early as possible in your Express app, but after the middleware that sets the user.
 */
function addExpressMiddleware(app) {
    app.use((req, res, next) => {
        const result = (0, shouldBlockRequest_1.shouldBlockRequest)();
        if (result.block) {
            if (result.type === "ratelimited") {
                let message = "You are rate limited by Zen.";
                if (result.trigger === "ip" && result.ip) {
                    message += ` (Your IP: ${(0, escapeHTML_1.escapeHTML)(result.ip)})`;
                }
                res.status(429).type("text").send(message);
                return;
            }
            if (result.type === "blocked") {
                res.status(403).type("text").send("You are blocked by Zen.");
                return;
            }
        }
        next();
    });
}