Hapi.js plugin for authentication scheme of accepting connections only from certain IPs
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
.editorconfig
.gitignore
LICENSE
README.md
package.json
server.js
yarn.lock

README.md

hapi-auth-ip-whitelist

npm

Usage

Localhost

Only accept calls from localhost:

server.auth.strategy('localhost', 'ip-whitelist', ['127.0.0.1']);

NOTE: Third parameter of server.auth.strategy is options which must be an object.

To be used like

server.route({ 
  method: 'GET', 
  path: '/',
  handler(request, h) { return "That was from localhost!" }, 
  options: { auth: 'localhost' }
});

In the route receives a request from a different IP, it will respond a 401 unauthorized error with the message 192.168.0.102 is not a valid IP, where 192.168.0.102 is the IP of the request.

MercadoPago

You can also specify several IPs by passing a list instead. For example, consider the IPs to expect requests from, as specified by MercadoPago.

server.auth.strategy(
  'mercado-pago-webhook',
  'ip-whitelist',
  _.flatMap(
    ['209.225.49.*', '216.33.197.*', '216.33.196.*', '63.128.82.*', '63.128.83.*', '63.128.94.*'],
    (part) => _.times(256, (n) => _.replace(part, '*', _.toString(n)))
  )
);

Behind proxy

In case you are behind a proxy, use Hapi plugin therealyou. It will find the "real" IP in X-Forward headers and modify the request.info.remoteAddress.

server.register([
  {
    plugin: require('therealyou')
  },
  {
    plugin: require('hapi-auth-ip-whitelist')
  }
])

Example server

Start local example server with

npm start

then visit http://localhost:3000.

Successfully authenticated request http://localhost:3000/authenticated. Unauthenticated request http://localhost:3000/unauthenticated.