Hapi.js plugin for authentication scheme of accepting connections only from certain IPs
npm install hapi-auth-ip-whitelist
Only accept calls from localhost:
``js`
server.auth.strategy('localhost', 'ip-whitelist', ['127.0.0.1']);
NOTE: Third parameter of server.auth.strategy is options which must be an object.
To be used like
`js`
server.route({
method: 'GET',
path: '/',
handler(request, h) { return "That was from localhost!" },
options: { auth: 'localhost' }
});
In the route receives a request from a different IP, it will respond a 401 unauthorized error with the message 192.168.0.102 is not a valid IP, where 192.168.0.102 is the IP of the request.
You can also specify several IPs by passing a list instead. CIDR notation is supported.
For example, consider the IPs to expect requests from, as specified by MercadoPago.
`js`
server.auth.strategy(
'mercado-pago-webhook',
'ip-whitelist',
['209.225.49.0/24', '216.33.197.0/24', '216.33.196.0/24', '63.128.82.0/24', '63.128.83.0/24', '63.128.94.0/24']
);
In case you are behind a proxy, use Hapi plugin therealyou.
It will find the "real" IP in X-Forward headers and modify the request.info.remoteAddress.
`js`
server.register([
{
plugin: require('therealyou')
},
{
plugin: require('hapi-auth-ip-whitelist')
}
])
Start local example server with
`bash``
npm start
then visit http://localhost:3000.
Successfully authenticated request http://localhost:3000/authenticated.
Unauthenticated request http://localhost:3000/unauthenticated.