How to use the express-ipfilter.IpFilter function in express-ipfilter
To help you get started, we’ve selected a few express-ipfilter examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
nuclearspike / kivalensjs / cluster.js View on Github 
app.use(allowCrossDomain)
// compress all responses
app.use(compression()); //first!
if (typeof airbrake === 'object') {
console.log("**** adding airbrake to express")
app.use(airbrake.expressHandler());
}
app.use('/graphql', graphqlHTTP({ schema: schema, graphiql: true, pretty: true }));
if (process.env.BLOCKED_IPS) {
console.log('BLOCKING IPS: ' + process.env.BLOCKED_IPS)
var ipfilter = require('express-ipfilter').IpFilter;
app.use(ipfilter(process.env.BLOCKED_IPS.split(','), { log: false }))
}
//some security
app.use(helmet())
//TODO: RESTRICT TO SAME SERVER? Also let kiva calls happen from KLA
const proxyHandler = {
filter: req => req.xhr, //only proxy xhr requests
forwardPath: req => require('url').parse(req.url).path,
intercept: (rsp, data, req, res, callback) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, Accept, Origin, Referer, User-Agent, Content-Type, Authorization, X-Mindflash-SessionID');
res.set('Set-Cookie', 'ilove=kiva; Path=/; HttpOnly'); //don't pass back kiva's cookies.
// intercept OPTIONS method
if ('OPTIONS' == req.method) {'run_status': '',
'subnet_list': [],
};
global.oui_data = {};
var listening_to_log_file = 0;
var options = { 'interval': 1000 };
/* Dir for config file snapshots */
global.bkp_dir = "config_backups/" + global.anterius_config.current_server;
if (global.anterius_config.ip_ranges_to_allow != "") {
var ip_filter = require('express-ipfilter').IpFilter;
var ips = global.anterius_config.ip_ranges_to_allow;
app.use(ip_filter(ips, { mode: 'allow' }));
}
// TODO: Add Mechanism to retrieve following attibutes from remote machine - future release
if (global.anterius_config.server_addr == 'localhost' || global.anterius_config.server_addr == '127.0.0.1') {
global.kea_server.local_server = 1;
host_name = execSync("cat /etc/hostname").toString().replace("\n", "");
global.kea_server.run_status = execSync("keactrl status").toString();
/* Poll: CPU Utilization */
var cpu_utilization_poll = setInterval(function () {
global.kea_server.cpu_utilization = parseFloat(execSync("top -bn 1 | awk 'NR>7{s+=$9} END {print s/4}'").toString())
}, (15 * 1000));
}
/* Kea CA REST API call - config-get and statistics-get */module.exports = function(app, bodyParser, config) {
// do we need to filter ip ?
if (config.auth.ipFilter.enabled)
{
let opt = {mode:'allow', log:false};
if (config.auth.trustProxy.enabled)
{
// rely on the ip provided by express since we're filtering allowed proxies & don't use allowedHeaders (express will automatically use x-forwarded-for)
opt.detectIp = function(req){
return req.ip;
};
}
app.use(ipfilter(config.auth.ipFilter.allow, opt));
}
// handle authentication
app.use(function (req, res, next) {
if ('OPTIONS' == req.method)
{
res.status(200).end();
return;
}
// check apiKey
if (config.auth.apiKey.enabled)
{
let key = req.headers.apikey;
if (config.auth.apiKey.key != key)
{const app = express()
// view engine setup
app.set('views', path.join(__dirname, 'views'))
app.set('view engine', 'pug')
// uncomment after placing your favicon in /public
app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')))
app.use(logger('dev'))
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: false }))
app.use(cookieParser())
app.use(express.static(path.join(__dirname, 'public')))
const ips = ['::ffff:127.0.0.1']
app.use(ipfilter(ips, { mode: 'allow' }))
app.use('/', routes)
app.use('/users', users)
// catch 404 and forward to error handler
app.use((req, res, next) => {
const err = new Error('Not Found')
err.status = 404
next(err)
})
// error handlers
// development error handler
// will print stacktrace
if (app.get('env') === 'development') {function bootApp() {
if (PRODUCTION_ENV) {
app.set("forceSSLOptions", { trustXFPHeader: true }).use(forceSSL)
app.set("trust proxy", 1)
}
if (IP_BLACKLIST) {
app.use(
ipfilter(IP_BLACKLIST.split(","), {
allowedHeaders: ["x-forwarded-for"],
log: false,
mode: "deny",
})
)
}
app.use(bodyParser.json())
app.get("/favicon.ico", (_req, res) => {
res
.status(200)
.set({ "Content-Type": "image/x-icon" })
.end()
})app.use(function(req, res, next) {
var result = ipfilter(config.ipWhitelist, {mode: "allow", log: false})(req, res, function(err) {
if (err === undefined) {
return next();
}
console.log(err.message);
res.status(403).send("This device is not allowed to access your mirror. <br> Please check your config.js or config.js.sample to change this.");
});
});
app.use(helmet());private setupServer() {
this.app.use(this.adminPath, IpFilter(IP_ALLOWS, {
mode: "allow",
logLevel: "deny",
detectIp(req: express.Request) {
return req.headers["x-forwarded-for"] || IP_ALLOWS[0]
}
}));
this.app.use((err: any, req: express.Request, res: express.Response, _next: express.NextFunction) => {
if(err instanceof IpDeniedError){
res.status(401);
} else {
res.status(err.status || 500);
}
res.send({
error: err.message
});
})module.exports = (req, res, next) => {
ipfilter(req.app.whiteips, { mode: 'allow', allowedHeaders: ['x-forwarded-for'] })
next()
}express-ipfilter
A light-weight IP address based filtering system
