UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

aikido.dev/zen

AikidoSec/firewall-node

29 lines (28 loc) 1.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.addHapiMiddleware = addHapiMiddleware; const shouldBlockRequest_1 = require("./shouldBlockRequest"); const escapeHTML_1 = require("../helpers/escapeHTML"); /** * Calling this function will setup rate limiting and user blocking for the provided Hapi app. * Attacks will still be blocked by Zen if you do not call this function. * Execute this function as early as possible in your Hapi app, but after the middleware that sets the user. */ function addHapiMiddleware(app) { app.ext("onRequest", function onRequest(request, h) { const result = (0, shouldBlockRequest_1.shouldBlockRequest)(); if (result.block) { if (result.type === "ratelimited") { let message = "You are rate limited by Zen."; if (result.trigger === "ip" && result.ip) { message += ` (Your IP: ${(0, escapeHTML_1.escapeHTML)(result.ip)})`; } return h.response(message).code(429).takeover(); } if (result.type === "blocked") { return h.response("You are blocked by Zen.").code(403).takeover(); } } return h.continue; }); }