This plugin is an Express middleware that will permit to filter who has access to the http endpoints of your hubot bot.
In your hubot directory:
npm install hubot-restrict-ip --save
Then add hubot-restrict-ip
to external-scripts.json
HTTP_RESTRICTED
if set, protects all express endpoints by default, only the open_endpoints are reachable by everybody, and the ip_whitelistHTTP_LOG_RESTRICTED
if set, hubot will log (warning level) the unauthorized callsHTTP_IP_WHITELIST
only useful whenHTTP_RESTRICTED
is setHTTP_IP_BLACKLIST
overwrite the whitelist ifHTTP_RESTRICTED
is set, and blocks ips listed anyways if notHTTP_OPEN_ENDPOINTS
over-rules any other configuration to keep those endpoints openHTTP_CLOSED_ENDPOINTS
ifHTTP_RESTRICTED
is set andHTTP_OPEN_ENDPOINTS
are contradicted byHTTP_CLOSED_ENDPOINTS
, the closed one wins.HTTP_UNAUTHORIZED_MESSAGE
the message provided with the401
status triggered when access is restricted by any rule.
With
- The IP lists are separated by
,
commas, and use CIDR for range definition like192.168.0.0/24
. IP can also be IPv6 ranges. - the endpoints are a list of endpoints, separated by commas too, like
/hubot/help
but it can also be a regexp like/.*/help
npm install
# will run make test and coffeelint
npm test
# or
make test
# or, for watch-mode
make test-w
# or for more documentation-style output
make test-spec
# and to generate coverage
make test-cov
# and to run the lint
make lint
# run the lint and the coverage
make
All changes are listed in the CHANGELOG
Feel free to open a PR if you find any bug, typo, want to improve documentation, or think about a new feature.
Gandi loves Free and Open Source Software. This project is used internally at Gandi but external contributions are very welcome.
- @mose - author and maintainer
This source code is available under MIT license.
Copyright (c) 2016 - Gandi - https://gandi.net