From b3c7f7cb5e12bcff24833acdcce98bad18fa77cc Mon Sep 17 00:00:00 2001 From: Kayne Ruse Date: Mon, 15 May 2023 10:34:09 +1000 Subject: [PATCH] Added ip-banning middleware, under development --- package-lock.json | 4 +-- package.json | 2 +- server/database/models/banned-ip-addresses.js | 15 +++++++++++ server/database/models/index.js | 3 ++- server/server.js | 3 +++ .../banned-up-addresses-middleware.js | 25 +++++++++++++++++++ 6 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 server/database/models/banned-ip-addresses.js create mode 100644 server/utilities/banned-up-addresses-middleware.js diff --git a/package-lock.json b/package-lock.json index ba70830..d8aeeaf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "auth-server", - "version": "1.7.5", + "version": "1.7.6", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "auth-server", - "version": "1.7.5", + "version": "1.7.6", "license": "ISC", "dependencies": { "bcryptjs": "^2.4.3", diff --git a/package.json b/package.json index b7d9e16..15d4af2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "auth-server", - "version": "1.7.5", + "version": "1.7.6", "description": "An API centric auth server. Uses Sequelize and mariaDB by default.", "main": "server/server.js", "scripts": { diff --git a/server/database/models/banned-ip-addresses.js b/server/database/models/banned-ip-addresses.js new file mode 100644 index 0000000..ebfc71e --- /dev/null +++ b/server/database/models/banned-ip-addresses.js @@ -0,0 +1,15 @@ +const Sequelize = require('sequelize'); +const sequelize = require('..'); + +module.exports = sequelize.define('bannedIPAddresses', { + content: { + type: 'varchar(320)', + unique: true + }, + + expiry: { + type: 'DATETIME', + allowNull: true, + defaultValue: null + }, +}); diff --git a/server/database/models/index.js b/server/database/models/index.js index 264f723..167194c 100644 --- a/server/database/models/index.js +++ b/server/database/models/index.js @@ -2,5 +2,6 @@ module.exports = { tokens: require('./tokens'), accounts: require('./accounts'), pendingSignups: require('./pending-signups'), - recovery: require('./recovery') + recovery: require('./recovery'), + bannedIPAddresses: require("./banned-ip-addresses"), }; \ No newline at end of file diff --git a/server/server.js b/server/server.js index 1927d24..8b830d7 100644 --- a/server/server.js +++ b/server/server.js @@ -23,6 +23,9 @@ app.use(cookieParser()); //database connection const database = require('./database'); +//ip-based management +app.use(require('./utilities/banned-up-addresses-middleware')); + //access the admin app.use('/admin', require('./admin')); diff --git a/server/utilities/banned-up-addresses-middleware.js b/server/utilities/banned-up-addresses-middleware.js new file mode 100644 index 0000000..c5ebd28 --- /dev/null +++ b/server/utilities/banned-up-addresses-middleware.js @@ -0,0 +1,25 @@ +const { Op } = require("sequelize"); +const { bannedIPAddresses } = require('../database/models'); + +//middleware to manage banned IP addresses +module.exports = async (req, res, next) => { + const address = req.header('x-forwarded-for') || req.socket.remoteAddress; + + const record = await bannedIPAddresses.findOne({ + where: { + content: address, + + expiry: { + [Op.gt]: Date.now() + } + } + }); + + if (!!record) { + return res.status(403).send("IP address banned"); + } + + console.log(`IP ${address}`); + + return next(); +}; \ No newline at end of file