Added ip-banning middleware, under development
This commit is contained in:
Generated
+2
-2
@@ -1,12 +1,12 @@
|
|||||||
{
|
{
|
||||||
"name": "auth-server",
|
"name": "auth-server",
|
||||||
"version": "1.7.5",
|
"version": "1.7.6",
|
||||||
"lockfileVersion": 3,
|
"lockfileVersion": 3,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"packages": {
|
"packages": {
|
||||||
"": {
|
"": {
|
||||||
"name": "auth-server",
|
"name": "auth-server",
|
||||||
"version": "1.7.5",
|
"version": "1.7.6",
|
||||||
"license": "ISC",
|
"license": "ISC",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bcryptjs": "^2.4.3",
|
"bcryptjs": "^2.4.3",
|
||||||
|
|||||||
+1
-1
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "auth-server",
|
"name": "auth-server",
|
||||||
"version": "1.7.5",
|
"version": "1.7.6",
|
||||||
"description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
|
"description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
|
||||||
"main": "server/server.js",
|
"main": "server/server.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
|||||||
@@ -0,0 +1,15 @@
|
|||||||
|
const Sequelize = require('sequelize');
|
||||||
|
const sequelize = require('..');
|
||||||
|
|
||||||
|
module.exports = sequelize.define('bannedIPAddresses', {
|
||||||
|
content: {
|
||||||
|
type: 'varchar(320)',
|
||||||
|
unique: true
|
||||||
|
},
|
||||||
|
|
||||||
|
expiry: {
|
||||||
|
type: 'DATETIME',
|
||||||
|
allowNull: true,
|
||||||
|
defaultValue: null
|
||||||
|
},
|
||||||
|
});
|
||||||
@@ -2,5 +2,6 @@ module.exports = {
|
|||||||
tokens: require('./tokens'),
|
tokens: require('./tokens'),
|
||||||
accounts: require('./accounts'),
|
accounts: require('./accounts'),
|
||||||
pendingSignups: require('./pending-signups'),
|
pendingSignups: require('./pending-signups'),
|
||||||
recovery: require('./recovery')
|
recovery: require('./recovery'),
|
||||||
|
bannedIPAddresses: require("./banned-ip-addresses"),
|
||||||
};
|
};
|
||||||
@@ -23,6 +23,9 @@ app.use(cookieParser());
|
|||||||
//database connection
|
//database connection
|
||||||
const database = require('./database');
|
const database = require('./database');
|
||||||
|
|
||||||
|
//ip-based management
|
||||||
|
app.use(require('./utilities/banned-up-addresses-middleware'));
|
||||||
|
|
||||||
//access the admin
|
//access the admin
|
||||||
app.use('/admin', require('./admin'));
|
app.use('/admin', require('./admin'));
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,25 @@
|
|||||||
|
const { Op } = require("sequelize");
|
||||||
|
const { bannedIPAddresses } = require('../database/models');
|
||||||
|
|
||||||
|
//middleware to manage banned IP addresses
|
||||||
|
module.exports = async (req, res, next) => {
|
||||||
|
const address = req.header('x-forwarded-for') || req.socket.remoteAddress;
|
||||||
|
|
||||||
|
const record = await bannedIPAddresses.findOne({
|
||||||
|
where: {
|
||||||
|
content: address,
|
||||||
|
|
||||||
|
expiry: {
|
||||||
|
[Op.gt]: Date.now()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!!record) {
|
||||||
|
return res.status(403).send("IP address banned");
|
||||||
|
}
|
||||||
|
|
||||||
|
console.log(`IP ${address}`);
|
||||||
|
|
||||||
|
return next();
|
||||||
|
};
|
||||||
Reference in New Issue
Block a user