UNPKG

@lock-sdk/vpn-detection

Version:

VPN and proxy detection module for Lock security framework

98 lines (75 loc) โ€ข 5.17 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# ๐Ÿ•ต๏ธโ€โ™‚๏ธ VPN Detector A pluggable VPN, proxy, Tor, and datacenter IP detection module for the Lock security framework. Protect your APIs and backend services from anonymous or malicious network traffic using external IP reputation services, caching, and flexible scoring thresholds. ## ๐Ÿš€ Features - ๐Ÿ” VPN, proxy, Tor, and datacenter detection - ๐ŸŒ Provider support: IPQualityScore and IPAPI - ๐Ÿง  Confidence score-based blocking (custom thresholds) - ๐Ÿ’พ Built-in caching with memory, Redis, or Upstash support ## ๐Ÿ›  Usage ### Basic Example (blocks VPN/proxy/Tor/Data centers) ```ts import { secure, vpnDetector } from '@lock-sdk/main'; const middleware = secure()( vpnDetector({ provider: 'ipapi', blockVpn: true, blockProxy: true, blockTor: true, blockDatacenter: true, }) ); ``` ## โš™๏ธ Configuration | Option | Type | Default | Description | | -------------------------- | -------------------------------------- | ------------------------------------------------------ | ---------------------------------------- | | `provider` | `'ipqualityscore'` \| `'ipapi'` | `'ipapi'` | IP intelligence service | | `blockVpn` | `boolean` | `true` | Block request if VPN is detected | | `blockProxy` | `boolean` | `true` | Block if proxy is detected | | `blockTor` | `boolean` | `true` | Block if Tor is detected | | `blockDatacenter` | `boolean` | `false` | Block known cloud/hosted IP ranges | | `vpnScoreThreshold` | `number` | `0.7` | Score โ‰ฅ this will be considered VPN | | `proxyScoreThreshold` | `number` | `0.7` | Threshold for proxy detection | | `torScoreThreshold` | `number` | `0.7` | Threshold for Tor exit nodes | | `datacenterScoreThreshold` | `number` | `0.7` | Threshold for datacenter classification | | `failBehavior` | `'open'` \| `'closed'` | `'open'` | Allow or block on provider/cache error | | `blockStatusCode` | `number` | `403` | HTTP status when request is blocked | | `blockMessage` | `string` | `'Access denied: VPN or proxy detected'` | Error message sent to client | | `logFunction` | `(msg, data) => void` | `undefined` | Optional logger hook | | `logResults` | `boolean` | `false` | Log all detection results | | `ipHeaders` | `string[]` | `['cf-connecting-ip', 'x-forwarded-for', 'x-real-ip']` | Headers to check for client IP | | `useRemoteAddress` | `boolean` | `true` | Fallback to socket IP if headers missing | | `storage` | `'memory'` \| `'redis'` \| `'upstash'` | `'memory'` | Caching backend | | `cacheTtl` | `number` (ms) | `3600000` | Time to live for cached entries | | `cacheSize` | `number` | `10000` | Max cached IPs for in-memory store | ## ๐ŸŒ Geo-aware Throttling? Pair `vpnDetector()` with `rateLimit()` and `geoBlock()` for advanced traffic policies. ## ๐Ÿงฉ Storage Backends ### Memory (Default) ```ts storage: 'memory', cacheTtl: 3600_000, cacheSize: 10000 ``` ### Redis ```ts storage: 'redis', redis: { url: 'redis://localhost:6379', password: 'secret', username: 'default', keyPrefix: 'vpn:', } ``` ### Upstash ```ts storage: 'upstash', upstash: { url: process.env.UPSTASH_REDIS_REST_URL!, token: process.env.UPSTASH_REDIS_REST_TOKEN!, keyPrefix: 'vpn:', } ``` ## ๐Ÿงช Testing Use tools like `curl`, `Postman`, or `k6` with VPN enabled IPs to simulate detection: ## ๐Ÿ›ก Maintained By **Lock Team**