UNPKG

ip-filtering

Version:

A real-time ip filtering

github.com/pierreolivier/ip-filtering

pierreolivier/ip-filtering

105 lines (90 loc) 2.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
_clients = {}; /** * Test if n is an integer * * @param n * @return boolean is an integer * */ function isInt(n) { return n % 1 === 0; } /** * Initialize the ip filtering * * Arguments : * - maxFailure = 5 * - banTime = 300 (seconds) * - errorCode = 401 * - errorMessage = 'Unauthorized' * * @param {object} args * @return Function middleware function * */ module.exports.middleware = function (args) { if (typeof args != "object") { args = {maxFailure: 5, banTime: 300, errorCode: 401, errorMessage: 'Unauthorized'}; } else { if (!isInt(args.maxFailure)) { args.maxFailure = 5; } if (!isInt(args.banTime)) { args.banTime = 300; } if (!isInt(args.errorCode)) { args.errorCode = 401; } if (typeof args.errorMessage != "string") { args.errorMessage = 'Unauthorized'; } } return function (req, res, next) { var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || req.socket.remoteAddress || req.connection.socket.remoteAddress; var client = _clients[ip]; if (client != undefined) { var timestamp = Date.now(); if (client.failures > args.maxFailure) { if (client.ban == 0) { client.ban = timestamp + args.banTime * 1000; } if (client.ban < timestamp) { delete _clients[ip]; } else { client.ban = timestamp + args.banTime * 1000; res.statusCode = args.errorCode; return res.end(args.errorMessage); } } } return next(); } }; /** * Add a new failure for the specified ip * * @param {string} ip or {object} req */ module.exports.failure = function (ip) { var ipString = ''; if (typeof ip == "string") { ipString = ip; } else if (typeof ip == "object") { try { ipString = ip.headers['x-forwarded-for'] || ip.connection.remoteAddress || ip.socket.remoteAddress || ip.connection.socket.remoteAddress; } catch (e) { console.error(e.stack); return false; } } if (ipString == '') { return false; } var client = _clients[ipString]; if (client != undefined) { client.failures++; } else { client = {failures: 1, ban: 0}; _clients[ipString] = client; } return true; };