UNPKG

z-secure-service

Version:

A rate-limiting and API protection middleware that helps developers add security features to their APIs effortlessly.

github.com/LEVIII007/z-secure-SDK.git

LEVIII007/z-secure-SDK

36 lines (35 loc) 1.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
import { randomBytes } from "crypto"; function getClientIp(request, options) { // First, try to get IP from the `x-forwarded-for` header (common in proxies like Cloudflare, Vercel) const forwardedFor = request.headers["x-forwarded-for"]; if (Array.isArray(forwardedFor)) { // If the header contains a list of IPs, the first one should be the original client IP return forwardedFor[0]; } else if (typeof forwardedFor === "string") { // If it's a single IP string, use it directly return forwardedFor.split(",")[0].trim(); } // Check the socket's remote address (useful if not behind a proxy) if (request.socket && request.socket.remoteAddress) { return request.socket.remoteAddress; } // Check requestContext.identity.sourceIp (used by AWS API Gateway, for example) if (request.requestContext && request.requestContext.identity?.sourceIp) { return request.requestContext.identity.sourceIp; } // Default fallback (use '127.0.0.1' if IP is not found) return "127.0.0.1"; } /** * Generate a unique API key. * @param length - The length of the generated API key (default is 32 bytes). * @returns A base64-encoded unique API key. */ function generateApiKey(length = 16) { // Generate a random buffer with the specified length const apiKeyBuffer = randomBytes(length); // Convert the buffer to a base64 string return apiKeyBuffer.toString("base64").replace(/\//g, "_").replace(/\+/g, "-"); } export { getClientIp, generateApiKey };