express-simple-access-control

express-simple-access-control
---

![npm version](https://badge.fury.io/js/express-simple-access-control)
![Test](https://github.com/hyorimitsu/express-simple-access-control/actions/workflows/test.yaml)
![Code Style: Google](https://github.com/google/gts)
![License: MIT](https://opensource.org/licenses/MIT)

This is a library for restricting access to applications implemented in express.

Supported Restriction Methods

- Basic Authentication
- IP Filter

Usage

$3

An example of Basic Authentication is as follows.

``typescript import express from "express"; import useAccessControlMiddleware from "express-simple-access-control";

const app = express();

// apply access restrictions useAccessControlMiddleware(app, { basicAuthOption: { users: [ {username: 'username', password: 'password'}, ], }, });

// ...`

`$3`

An example of IP Filter is as follows.

`typescript import express from "express"; import useAccessControlMiddleware from "express-simple-access-control";

const app = express();

// apply access restrictions useAccessControlMiddleware(app, { ipFilterOption: { allowsIPs: ['XXX.XXX.XXX.XXX'], errStatusCode: 404, errMessage: 'Not Found', }, });

// ...`

`$3`

An example combination of IP Filter and Basic Authentication is as follows.

`typescript import express from "express"; import useAccessControlMiddleware from "express-simple-access-control";

const app = express();

// apply access restrictions useAccessControlMiddleware(app, { basicAuthOption: { users: [ {username: 'username', password: 'password'}, ], }, ipFilterOption: { allowsIPs: ['XXX.XXX.XXX.XXX'], errStatusCode: 404, errMessage: 'Not Found', }, });

// ...`

In this case, if client IP is allowed, it is considered accessible, and if not allowed, it is shifted to Basic authentication.

`mermaid flowchart LR p1(IP Filter) -- ok --> s1((Success)) p1 -- invalid --> p2 p2(Basic Auth) -- ok --> s1 p2 -- invalid --> s2((Unauthorized))`

`Options`

`$3`

| field name | default | description | |------------|---------|------------------------------------------------------------------| | users | [] | List of objects with Basic authentication username and password. |

`$3`

| field name | default | description | |---------------|--------------|------------------------------------------------------------------------------------------| | allowIPs | [] | List of accessible IP addresses. | | errStatusCode | 401 | Response status when an access is received from an IP address not included in allowIPs. | | errMessage | Unauthorized | Response message when an access is received from an IP address not included in allowIPs. |

`How to get an IP address`

Attempt to obtain an IP address in the following order.

1. x-client-ipin header 2.x-forwarded-forin header 3.cf-connecting-ipin header 4.fastly-client-ipin header 5.true-client-ipin header 6.x-real-ipin header 7.x-cluster-client-ipin header 8.x-forwardedin header 9.forwarded-forin header 10.forwardedin header 11.remoteAddress` in socket

License

The scripts and documentation in this repository are released under the MIT License.

express-simple-access-control
---

This is a library for restricting access to applications implemented in express.

Supported Restriction Methods

- Basic Authentication
- IP Filter

Usage

$3

An example of Basic Authentication is as follows.

``typescript import express from "express"; import useAccessControlMiddleware from "express-simple-access-control";

const app = express();

// apply access restrictions useAccessControlMiddleware(app, { basicAuthOption: { users: [ {username: 'username', password: 'password'}, ], }, });

// ...`

`$3`

An example of IP Filter is as follows.

`typescript import express from "express"; import useAccessControlMiddleware from "express-simple-access-control";

const app = express();

// apply access restrictions useAccessControlMiddleware(app, { ipFilterOption: { allowsIPs: ['XXX.XXX.XXX.XXX'], errStatusCode: 404, errMessage: 'Not Found', }, });

// ...`

`$3`

An example combination of IP Filter and Basic Authentication is as follows.

`typescript import express from "express"; import useAccessControlMiddleware from "express-simple-access-control";

const app = express();

// ...`

In this case, if client IP is allowed, it is considered accessible, and if not allowed, it is shifted to Basic authentication.

`mermaid flowchart LR p1(IP Filter) -- ok --> s1((Success)) p1 -- invalid --> p2 p2(Basic Auth) -- ok --> s1 p2 -- invalid --> s2((Unauthorized))`

`Options`

`$3`

`How to get an IP address`

Attempt to obtain an IP address in the following order.

License

The scripts and documentation in this repository are released under the MIT License.