Git Product home page Git Product logo

connect-access's Introduction

connect-access

Access controls (ACLs) by location as a Connect middleware. Inspired by nginx's http_access_module.

Installation

$ npm install connect-access

Basic Usage

access(String path, Array rules)
var access = require('connect-access');

var rules = [
    '192.168.1.1',  // Allow 192.168.1.1
    '10.0.0.0/8',   // Allow entire 10.0.0.0/8 range
    '127.0.0.1',    // Allow localhost
    '-all',         // block everyone else
];

var app = connect()
  .use(access('/private/*', rules))  // Lock down all of /private/* to the ACLs we declared
  .use(function(req, res, next) {
    res.end('Hello world');
  });

ACLs

There are 2 ways to declare a list of acls.

  • Explicitly allow an IP/CIDR
  • Explicitly disallow an IP/CIDR

To allow or disallow, the ip rule is prefixed with a + or -. If no qualifier is specified, it's assumed to allow.

Rules are executed first to last and ends when the first rule is matched. If no match is found, assumes allow everything.

Example Rules

'all'          // Allow everything
'127.0.0.1'    // Allow just 127.0.0.1
'10.0.0.0/8'   // Allow a CIDR range
'-127.0.0.1'   // Disallow 127.0.0.1
'-10.0.0.0/8'  // Disallow a CIDR range
'-all'         // Disallow everything

connect-access's People

Contributors

mattrobenolt avatar

Stargazers

Rémi Becheras avatar Lsong avatar Owais Lone avatar gaurav patel avatar Matt Dennewitz avatar Pedro Oliveira avatar Pedro Esperança avatar

Watchers

 avatar James Cloos avatar  avatar

Forkers

lucascaro

connect-access's Issues

X-Forwarded-For

Hey there!

I'm thinking about using this middleware to replace some access rules that are currently on nginx. This seems like a good solution and I'd like to discuss the possibility of adding support for the X-Forwarded-For headers (or others) set by a proxy or load balancer in order to do the filtering.

In our case, our remoteAddress will always be the one of the reverse proxy, but it will send the actual client address in the mentioned header.

What do you think would be the best way to add support for that to this middleware? I can offer my help to make it happen, but I'm interested in what you think would be the best solution.

Let me know.

Cheers,
Lucas.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.