webfirewall
Web firewall compatible with Express/Restify
Last updated 3 months ago by jkyberneees .
Apache-2.0 · Repository · Bugs · Original npm · Tarball
$ cnpm install webfirewall 
SYNC missed versions from official npm registry.

Introduction

Web firewall middleware compatible with Express/Restify frameworks.

Install

npm install --save webfirewall

Config params example

The values on the params 'paths', 'ipAddresses', 'roles', 'origin' and 'users', can be regular expressions (RegExp). If strings, the comparison is done using the wildcard module.

const config = {
    populationStrategy: 'restify', // supported values: express/restify
    defaultAction: 'DROP', // supported values: ACCEPT/DROP 
    getUserPhone: (req) => Promise.resolve(req.user ? req.user.phone: null), // custom population strategy for user phone (optional)
    getUserEmail: (req) => Promise.resolve(req.user ? req.user.email: null), // custom population strategy for user email (optional)
    getUserRoles: (req) => Promise.resolve(req.user ? req.user.roles: null), // custom population strategy for user roles (optional)
    rules: [{
        methods: ['GET'],
        paths: ['/system/login'],
        ipAddresses: ['*'], // optional
        roles: ['*'], // optional
        origin: ['*'], // optional
        users: ['*'], // optional
        secure: true, // optional
        action: 'ACCEPT', // supported values: ACCEPT/DROP
        handler: (req) => Promise.resolve(true) // optional
    }, {
        methods: ['POST'],
        paths: ['/comments'],
        users: ['*'], 
        secure: true,
        action: 'ACCEPT'
    }, {
        methods: ['POST'],
        paths: ['/system/restart'],
        roles: ['ADMIN'], 
        secure: true,
        action: 'ACCEPT'
    }]
}

Usage

const restify = require('restify');
const server = restify.createServer({
    name: 'yourapp.com',
    version: ['1.0.0']
});
const firewall = require('webfirewall');

server.use(firewall({
    populationStrategy: 'restify',
    defaultAction: 'ACCEPT',
    rules: []
}));


JWT authentication

JSON Web Token authentication is a great candidate to be used in collaboration with this module. This module is fully integrated with the com.kyberneees.auth.jwt module.

Maintainers (1)
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 0
Dependencies (2)
Dev Dependencies (0)
None
Dependents (0)
None

Copyright 2014 - 2017 © taobao.org |