api-decooyy

# Security Gateway A plug-and-play security gateway that detects malicious traffic and redirects it to a decoy API. This middleware/gateway sits between your clients and your actual API to protect against various types of attacks. ## Features - **Attack Detection**: Identifies SQL injection, XSS, path traversal, and command injection attempts - **Traffic Redirection**: Redirects suspicious traffic to a decoy API - **Rate Limiting**: Prevents brute force attacks - **Honeypot Features**: Adds misleading headers and response data - **Admin Dashboard**: Real-time monitoring of suspicious activities - **Configurable**: Easy configuration via environment variables or options object - **Docker Support**: Ready-to-use Docker configuration for quick deployment ## Installation ```bash npm install security-gateway ``` ## Usage ### As a standalone gateway The simplest way to use Security Gateway is as a standalone service: ```javascript // server.js const createSecurityGateway = require('security-gateway'); const gateway = createSecurityGateway({ server: { port: 3000 }, endpoints: { realApi: "http://your-real-api.com", decoyApi: "http://your-decoy-api.com" } }); gateway.start().then(() => { console.log('Security Gateway is running!'); }); ``` ### As Express middleware You can also use it as middleware in an existing Express application: ```javascript const express = require('express'); const createSecurityGateway = require('security-gateway'); const app = express(); const gateway = createSecurityGateway(); // Use the gateway's app as middleware app.use(gateway.app); app.listen(3000, () => { console.log('Application with Security Gateway is running on port 3000'); }); ``` ### Using Docker Compose For a quick setup with Docker: 1. Clone this repository 2. Configure your environment variables in a `.env` file (see `.env.example`) 3. Run with Docker Compose: ```bash docker-compose up -d ``` ## Configuration You can configure the Security Gateway using environment variables or by passing an options object. ### Available Options | Option | Environment Variable | Default | Description | |--------|---------------------|---------|-------------| | server.port | PORT | 3000 | Port for the gateway server | | server.logFormat | LOG_FORMAT | combined | Morgan log format | | endpoints.realApi | API_URL | http://localhost:8080 | URL of your real API | | endpoints.decoyApi | DECOY_URL | http://localhost:8081 | URL of the decoy API | | endpoints.adminDashboard | ADMIN_DASHBOARD_PATH | /admin/dashboard | Path to access the admin dashboard | | security.rateLimit.enabled | RATE_LIMIT_ENABLED | true | Enable/disable rate limiting | | security.rateLimit.max | RATE_LIMIT_MAX | 100 | Maximum requests per time window | | security.rateLimit.windowMs | RATE_LIMIT_WINDOW_MS | 900000 | Time window in milliseconds (15 minutes) | | security.attackPatterns.sqlInjection | DETECT_SQL_INJECTION | true | Enable SQL injection detection | | security.attackPatterns.xss | DETECT_XSS | true | Enable XSS detection | | security.attackPatterns.pathTraversal | DETECT_PATH_TRAVERSAL | true | Enable path traversal detection | | security.attackPatterns.commandInjection | DETECT_COMMAND_INJECTION | true | Enable command injection detection | | security.honeypot.addHeaders | ADD_HONEYPOT_HEADERS | true | Add fake server headers | | security.honeypot.modifyResponses | MODIFY_RESPONSES | true | Add honeypot data to responses | ## Admin Dashboard Access the admin dashboard at `/admin/dashboard` (or your configured path) to monitor: - Suspicious IP addresses - Attack history - Real-time statistics ## Creating a Decoy API The Security Gateway redirects suspicious traffic to a decoy API. You can use the included `decoy-api.js` file as a starting point or create your own. ## Contributing Contributions are welcome! Please feel free to submit a Pull Request. ## License This project is licensed under the MIT License.