@aikidosec/firewall
Version:
Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.
47 lines (46 loc) • 1.9 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.enableIdorProtection = enableIdorProtection;
const isPlainObject_1 = require("../helpers/isPlainObject");
const AgentSingleton_1 = require("./AgentSingleton");
function enableIdorProtection(config) {
const agent = (0, AgentSingleton_1.getInstance)();
if (!agent) {
logWarningAgentNotStarted();
return;
}
const rawConfig = config;
if (!(0, isPlainObject_1.isPlainObject)(rawConfig)) {
agent.log(`enableIdorProtection(...) expects an object, found ${typeof rawConfig} instead.`);
return;
}
if (!("tenantColumnName" in rawConfig) ||
typeof rawConfig.tenantColumnName !== "string" ||
rawConfig.tenantColumnName.length === 0) {
agent.log(`enableIdorProtection(...) expects a non-empty 'tenantColumnName' string property.`);
return;
}
let excludedTables = [];
if ("excludedTables" in rawConfig) {
if (!Array.isArray(rawConfig.excludedTables) ||
rawConfig.excludedTables.some((t) => typeof t !== "string")) {
agent.log(`enableIdorProtection(...) expects 'excludedTables' to be an array of strings.`);
return;
}
excludedTables = rawConfig.excludedTables.filter((t) => typeof t === "string" && t.length > 0);
}
const validatedConfig = {
tenantColumnName: rawConfig.tenantColumnName,
excludedTables: excludedTables,
};
agent.setIdorProtectionConfig(validatedConfig);
}
let loggedWarning = false;
function logWarningAgentNotStarted() {
if (loggedWarning) {
return;
}
// eslint-disable-next-line no-console
console.warn("enableIdorProtection(...) was called before the Zen agent was started. Make sure to import Zen at the top of your main app file (before any other imports).");
loggedWarning = true;
}