Added ip-banning middleware, under development

server/database/models/banned-ip-addresses.js

@@ -0,0 +1,15 @@
+const Sequelize = require('sequelize');
+const sequelize = require('..');
+
+module.exports = sequelize.define('bannedIPAddresses', {
+	content: {
+		type: 'varchar(320)',
+		unique: true
+	},
+
+	expiry: {
+		type: 'DATETIME',
+		allowNull: true,
+		defaultValue: null
+	},
+});

server/database/models/index.js

@@ -2,5 +2,6 @@ module.exports = {
 	tokens: require('./tokens'),
 	accounts: require('./accounts'),
 	pendingSignups: require('./pending-signups'),
-	recovery: require('./recovery')
+	recovery: require('./recovery'),
+	bannedIPAddresses: require("./banned-ip-addresses"),
 };

server/server.js

@@ -23,6 +23,9 @@ app.use(cookieParser());
 //database connection
 const database = require('./database');
 
+//ip-based management
+app.use(require('./utilities/banned-up-addresses-middleware'));
+
 //access the admin
 app.use('/admin', require('./admin'));
 

server/utilities/banned-up-addresses-middleware.js

@@ -0,0 +1,25 @@
+const { Op } = require("sequelize");
+const { bannedIPAddresses } = require('../database/models');
+
+//middleware to manage banned IP addresses
+module.exports = async (req, res, next) => {
+	const address = req.header('x-forwarded-for') || req.socket.remoteAddress;
+
+	const record = await bannedIPAddresses.findOne({
+		where: {
+			content: address,
+
+			expiry: {
+				[Op.gt]: Date.now()
+			}
+		}
+	});
+
+	if (!!record) {
+		return res.status(403).send("IP address banned");
+	}
+
+	console.log(`IP      ${address}`);
+
+	return next();
+};