0.0.2 • Published 10 years ago

httptables v0.0.2

Weekly downloads
1
License
MIT
Repository
github
Last release
10 years ago

HTTPTables

Important Note

Do not use yet in production This module won't probably be heavily maintained. Fork at will or claim ownership ! Okay now you can keep reading :)

Module Status

NPM version Build status Dependency Status devDependency Status Coverage Status Code Climate

Description

Kind of a firewall for http requests based on headers. It parses a set of rules for each HTTP header and apply the matching policy

Usage

NB: This module makes the assumption your request object looks like this

req = {
  headers : {
    'method' : 'PUT',
    'url' : '/kung/foo/panda/',
    'any-other-header' : 'of_any_value'
  }
}

If it does not, use the setAccessFieldFunction (look around the end of this readme to see an example)

Example 1: a rule could be represented as such

rule = {
  policy : HTTPTables.policies.DROP,
  conditions : {
    'method' : ['POST', 'GET'],
    'user-agent' : /Android/,
    'url' : "/api/v2/users/1"
  }
}

In this case it will drop every POST or GET requests from android on /api/v2/users/1 url

var HTTPTables = require('httptables');
var httptables = HTTPTables({
  defaultPolicy : HTTPTables.policies.DROP // Drop all not matching requests
})

Example 2: In Express

var HTTPTables = require('httptables');
var httptables = HTTPTables({
  defaultPolicy : HTTPTables.policies.DROP // Drop all not matching requests
})
// Override the way to access a header field for an express request object
httptables.setAccessFieldFunction = function (req, field) {
  var _field = (field || "").toUpperCase();
  if(field === 'URL') {
    return req.url;
  } else if(field === 'METHOD') {
    return req.method;
  } else {
    return req.get(field);
  }
}
//...
//...
//...
app.use(function (req, res, next) {
  req.mySetOfRules = [
    {
      policy : HTTPTables.policies.ACCEPT,
      conditions : {
        'method' : ['POST', 'GET'],
        'user-agent' : /Android/,
        'url' : "/api/v2/users/1"
      }
    },
    {
      policy : HTTPTables.policies.ACCEPT,
      conditions : {
        'method' : ['POST', 'GET', 'PUT', 'DELETE'],
        'url' : "/api/v2/organizations/1/billing"
      }
    }
  ];
  next();
})

// Comming Soon, see commented code in source to implement yourself
// only if you want/need
app.use(httptables.toExpressMiddleware({rulesPropertyName : 'mySetOfRules'}))
debug
@everything-registry/sub-chunk-1872@zalastax/nolb-httptexpress-httptables
0.0.2

10 years ago

0.0.1

10 years ago