UNPKG

express-defender

Version:

Express middleware to enforce domain and country-based access, blocking direct IP requests and unwanted bots.

github.com/Mssjim/express-defender

Mssjim/express-defender

114 lines (94 loc) 4.23 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<div align="center"> <br /> <p> <img src="./logo.png" width="800" alt="express-defender" /> </p> <br /> <p> <a href="https://www.npmjs.com/package/express-defender"><img src="https://img.shields.io/npm/v/express-defender.svg?maxAge=3600" alt="NPM version" /></a> <a href="https://www.npmjs.com/package/express-defender"><img src="https://img.shields.io/npm/dt/express-defender.svg?maxAge=3600" alt="NPM downloads" /></a> <a href="https://github.com/Mssjim/express-defender"><img src="https://badge.fury.io/gh/Mssjim%2Fexpress-defender.svg" alt="GitHub Version" /></a> <a href="https://github.com/Mssjim/express-defender/blob/master/LICENSE"><img src="https://img.shields.io/github/license/Mssjim/express-defender.svg" alt="GitHub Version" /></a> </p> </div> ## About Express middleware to enforce domain and country-based access, blocking direct IP requests and unwanted bots. <div align="center"> ### ⭐ Like **Express Defender**? [Star it on GitHub](https://github.com/Mssjim/express-defender) to support the project! </div> ## Installation ```bash npm i express-defender ``` ## Basic Usage ```js const express = require('express'); const expressDefender = require('express-defender'); const app = express(); app.use(expressDefender({ allowedDomains: ['example.com'], allowedCountries: ['BR', 'US'] })); app.get('/', (req, res) => { res.json(req.expressDefender); }); app.listen(3000, () => console.log('Server running on http://localhost:3000')); ``` | Option | Type | Default | Description | | ------------------ | ---------- | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | | `allowedDomains` | `string[]` | `['*']` | List of allowed domains. Accepts `*` to allow all. E.g., `['example.com']` also allows `www.example.com` and `api.example.com`. | | `allowedCountries` | `string[]` | `['*']` | List of allowed countries (ISO Alpha-2). Use `*` to allow all. | | `allowedBots` | `RegExp[]` | Googlebot, Bingbot, Slurp, DuckDuckBot | List of User-Agents of bots authorized to ignore country/domain restrictions. | | `log` | `boolean` | `true` | Enables or disables logging in the console. | ## Examples > • Allow all domains and countries ```js app.use(expressDefender({ allowedDomains: ['*'], allowedCountries: ['*'] })); ``` > • Allow only the US and Canada ```js app.use(expressDefender({ allowedCountries: ['US', 'CA'] })); ``` > • Allow only direct requests from mysite.com and Googlebot ```js app.use(expressDefender({ allowedDomains: ['mysite.com'], allowedBots: [/Googlebot/] })); ``` ## Extra • Output of `req.expressDefender` ```json { "ip": "192.0.2.25", "country": "BR", "region": "SP", "city": "SP", "method": "GET", "url": "/home", "fromDomain": true, "isBot": false } ``` • Logs when > Bot Acess > Localhost Acess > Sucessful Acess > Blocked Acess by Country > Blocked Acess by direct IP traffic > Blocked Acess by Country and direct IP traffic respectively. <img src="./example.png" width="800" alt="express-defender example" /> ## Contributing - bug fixes Contributions are welcome! Please feel free to open an issue or submit a pull request, for bug fixes or new features. 1. Fork the repository 2. Create a new branch `git checkout -b <new-feature-name>` 3. Make the changes 4. Commit the changes `git commit -am "Add new feature"` 5. Push the changes `git push origin <new-feature-name>` 6. Create a pull request on GitHub