Api-security-middleware NPM

Middlewares that protect your apis from common attacks like sql inject, xss e.t.c

Install

npm install api-security-middleware

Usage

// Import the different modules
import { contentMiddleware, ipFilterMiddleware, rateLimitMiddleware } from 'api-security-middleware';

// Initialize our app
const app = express();

// to parse incoming JSON data from the request body
app.use(express.json());
app.use(express.urlencoded({ extended: true }));

// Please check complete usage in the function description
// SQL Detection
app.use(contentMiddleware.sqlDetectionMiddleware());

// XSS Detection
app.use(contentMiddleware.xssDetectionMiddleware());

// Rate limit for every IP, maximum of 20 requests in 1 sec
app.use(rateLimitMiddleware(1000, 20));

// IP filter
// Use in block mode, blacklist the IP addresses listed in array
// These IPs will be blocked
app.use(ipFilterMiddleware({ mode: 'block', blacklist: ['1.2.3.4', '4.5.6.7', '9.8.7.6'] }));
// Use in allow mode, whitelist the IP addresses listed in array
// Only IP listed will be allowed
app.use(ipFilterMiddleware({ mode: 'allow', whitelist: ['1.2.3.4', '4.5.6.7', '9.8.7.6'] }));

Author

👤 Olivia Uchechukwu

Github: @oliviauchechukwu

Show your support

Give a ⭐️ if this project helped you!!

Disclaimer

Note: This middleware is designed to help mitigate SQL injection and XSS attacks; however, it may not protect against all possible attack vectors. Users are encouraged to update the signature patterns regularly to improve protection against emerging threats and zero-day attacks. While efforts have been made to create a robust and secure middleware, no security solution is perfect. It's important to implement multiple layers of security and follow best practices for securing APIs. By using this middleware, you acknowledge that you understand its limitations and are responsible for continuously monitoring and adapting your security strategy based on emerging threats.

This README was generated with ❤️ by readme-md-generator