@aikidosec/firewall/middleware/restify.js

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.addRestifyMiddleware = addRestifyMiddleware;
const shouldBlockRequest_1 = require("./shouldBlockRequest");
const escapeHTML_1 = require("../helpers/escapeHTML");
/**
 * Calling this function will setup rate limiting and user blocking for the provided Restify server.
 * Attacks will still be blocked by Zen if you do not call this function.
 * Execute this function as early as possible in your Restify server, but after the middleware that sets the user.
 */
function addRestifyMiddleware(server) {
    server.use((req, res, next) => {
        const result = (0, shouldBlockRequest_1.shouldBlockRequest)();
        if (result.block) {
            if (result.type === "ratelimited") {
                let message = "You are rate limited by Zen.";
                if (result.trigger === "ip" && result.ip) {
                    message += ` (Your IP: ${(0, escapeHTML_1.escapeHTML)(result.ip)})`;
                }
                res.status(429);
                res.setHeader("Content-Type", "text/plain");
                res.send(message);
                return next(false);
            }
            if (result.type === "blocked") {
                res.status(403);
                res.setHeader("Content-Type", "text/plain");
                res.send("You are blocked by Zen.");
                return next(false);
            }
        }
        next();
    });
}