Skip to content
/ express-simple-access-control Public

This is a library for restricting access to applications implemented in express.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hyorimitsu/express-simple-access-control

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

71 Commits
.github/workflows
.github/workflows
 
 
example
example
 
 
src
src
 
 
tools
tools
 
 
.editorconfig
.editorconfig
 
 
.eslintignore
.eslintignore
 
 
.eslintrc.json
.eslintrc.json
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.prettierrc.js
.prettierrc.js
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

express-simple-access-control

npm version Test Code Style: Google License: MIT

This is a library for restricting access to applications implemented in express.

Supported Restriction Methods

  • Basic Authentication
  • IP Filter

Usage

Basic Authentication

An example of Basic Authentication is as follows.

import express from "express";
import useAccessControlMiddleware from "express-simple-access-control";

const app = express();

// apply access restrictions
useAccessControlMiddleware(app, {
  basicAuthOption: {
    users: [
      {username: 'username', password: 'password'},
    ],
  },
});

// ...

IP Filter

An example of IP Filter is as follows.

import express from "express";
import useAccessControlMiddleware from "express-simple-access-control";

const app = express();

// apply access restrictions
useAccessControlMiddleware(app, {
  ipFilterOption: {
    allowsIPs: ['XXX.XXX.XXX.XXX'],
    errStatusCode: 404,
    errMessage: 'Not Found',
  },
});

// ...

Combination of IP Filter and Basic Authentication

An example combination of IP Filter and Basic Authentication is as follows.

import express from "express";
import useAccessControlMiddleware from "express-simple-access-control";

const app = express();

// apply access restrictions
useAccessControlMiddleware(app, {
  basicAuthOption: {
    users: [
      {username: 'username', password: 'password'},
    ],
  },
  ipFilterOption: {
    allowsIPs: ['XXX.XXX.XXX.XXX'],
    errStatusCode: 404,
    errMessage: 'Not Found',
  },
});

// ...

In this case, if client IP is allowed, it is considered accessible, and if not allowed, it is shifted to Basic authentication.

flowchart LR
p1(IP Filter) -- ok --> s1((Success))
p1 -- invalid --> p2
p2(Basic Auth) -- ok --> s1
p2 -- invalid --> s2((Unauthorized))
Loading

Options

Basic Authentication

field name default description
users [] List of objects with Basic authentication username and password.

IP Filter

field name default description
allowIPs [] List of accessible IP addresses.
errStatusCode 401 Response status when an access is received from an IP address not included in allowIPs.
errMessage Unauthorized Response message when an access is received from an IP address not included in allowIPs.

How to get an IP address

Attempt to obtain an IP address in the following order.

  1. x-client-ip in header
  2. x-forwarded-for in header
  3. cf-connecting-ip in header
  4. fastly-client-ip in header
  5. true-client-ip in header
  6. x-real-ip in header
  7. x-cluster-client-ip in header
  8. x-forwarded in header
  9. forwarded-for in header
  10. forwarded in header
  11. remoteAddress in socket

License

The scripts and documentation in this repository are released under the MIT License.

About

This is a library for restricting access to applications implemented in express.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 4

1.1.0 Latest
Mar 5, 2023
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages