This is a library for restricting access to applications implemented in express.
- Basic Authentication
- IP Filter
An example of Basic Authentication is as follows.
import express from "express";
import useAccessControlMiddleware from "express-simple-access-control";
const app = express();
// apply access restrictions
useAccessControlMiddleware(app, {
basicAuthOption: {
users: [
{username: 'username', password: 'password'},
],
},
});
// ...
An example of IP Filter is as follows.
import express from "express";
import useAccessControlMiddleware from "express-simple-access-control";
const app = express();
// apply access restrictions
useAccessControlMiddleware(app, {
ipFilterOption: {
allowsIPs: ['XXX.XXX.XXX.XXX'],
errStatusCode: 404,
errMessage: 'Not Found',
},
});
// ...
An example combination of IP Filter and Basic Authentication is as follows.
import express from "express";
import useAccessControlMiddleware from "express-simple-access-control";
const app = express();
// apply access restrictions
useAccessControlMiddleware(app, {
basicAuthOption: {
users: [
{username: 'username', password: 'password'},
],
},
ipFilterOption: {
allowsIPs: ['XXX.XXX.XXX.XXX'],
errStatusCode: 404,
errMessage: 'Not Found',
},
});
// ...
In this case, if client IP is allowed, it is considered accessible, and if not allowed, it is shifted to Basic authentication.
flowchart LR
p1(IP Filter) -- ok --> s1((Success))
p1 -- invalid --> p2
p2(Basic Auth) -- ok --> s1
p2 -- invalid --> s2((Unauthorized))
field name | default | description |
---|---|---|
users | [] | List of objects with Basic authentication username and password. |
field name | default | description |
---|---|---|
allowIPs | [] | List of accessible IP addresses. |
errStatusCode | 401 | Response status when an access is received from an IP address not included in allowIPs. |
errMessage | Unauthorized | Response message when an access is received from an IP address not included in allowIPs. |
Attempt to obtain an IP address in the following order.
x-client-ip
in headerx-forwarded-for
in headercf-connecting-ip
in headerfastly-client-ip
in headertrue-client-ip
in headerx-real-ip
in headerx-cluster-client-ip
in headerx-forwarded
in headerforwarded-for
in headerforwarded
in headerremoteAddress
in socket
The scripts and documentation in this repository are released under the MIT License.