Table of Contents
With the introduction of Node.js in TIBCO Cloud Integration, you have an amazing toolset to connect to almost anything and build APIs. In fact, there is a good chance that if you know Node.js that your first application was a simple application that said "Hello World" every time (your first API!).
Let's create a custom Express middleware that checks if the IP address of the sender matches a predefined list. In this tutorial, we'll use the list of TIBCO Mashery Traffic Managers as a 'whitelist' (so traffic from all other IP addresses will be blocked).
Some assumptions
There are a few assumptions that I've made while writing this tutorial, which should cover the majority of the people reading it. If you have any questions, feel free to post them below or at the TIBCO Community!
- You're using the generated Node.js code from TIBCO Cloud Integration (You can check this link for more details)
- You're kinda familiar with Express and Node.js
- You know the Mashery IP addresses can be found at http://support.mashery.com/docs/read/proxy_information/Security_Options (if you didn?t know that, you do now :-))
Express middleware
Middleware is functions in Node.js that have access to the request and response objects in your Express app. From the website of Express, you can find that middleware is very useful for performing certain tasks, like:
- Execute any code.
- Make changes to the request and the response objects. E* nd the request-response cycle.
- Call the next middleware in the stack.
In this case, we?re very interested in the third and fourth bullet. If the request doesn?t come from Mashery we need to end the cycle and if it does come from Mashery we can call the next middleware in the stack.
Let?s write some code!
In essence, we need our new middleware to do one very simple thing, check whether the IP address the request comes from is a Mashery Traffic Manager IP address. The code we create should fulfill three requirements:
- As we want to test locally and run the same code in TIBCO Cloud Integration we need to check two parameters. We need to check the
x-forwarded-for
and we need to check theremoteAddress
. - The list of IP addresses published by Mashery is in CIDR format so we also need to translate those into ?normal? IP addresses to see whether or not the IP addresses match.
- We want to be compliant with the Node.js best practices so we?ll put this new middleware into a new file. In my case, I've called it
mashery.js
and stored it in the ?util? folder.
'use strict'; var ip = require('ip'); var Logger = require('./logger'); /** * To test locally add '::1/32' or '127.0.0.1/32' to the list. */ var trafficManagerIPs = ['64.94.14.0/27', '64.94.228.128/28', '216.52.39.0/24', '216.52.244.96/27', '216.133.249.0/24', '23.23.79.128/25', '107.22.159.192/28', '54.82.131.0/25', '75.101.137.168/32', '75.101.142.168/32', '75.101.146.168/32', '75.101.141.43/32', '75.101.129.141/32', '174.129.251.74/32', '174.129.251.80/32', '50.18.151.192/28', '50.112.119.192/28', '54.193.255.0/25', '204.236.130.149/32', '204.236.130.201/32', '204.236.130.207/32', '176.34.239.192/28', '54.247.111.192/26', '54.93.255.128/27', '54.252.79.192/27']; module.exports = function (req, res, next) { var invalidMasheryIP = true; var reqIp = req.headers['x-forwarded-for'] || req.connection.remoteAddress; for (var i = 0, len = trafficManagerIPs.length; i < len; i++) { if (ip.cidrSubnet(trafficManagerIPs[i]).contains(reqIp)) { invalidMasheryIP = false; next(); } } if (invalidMasheryIP) { Logger.log(Logger.LOG_WARN, `An unauthorized IP address ${reqIp} has tried to access the service`); res.status(403).end(); } };
Use it in your Node.js app
We want to make sure that our Node.js app first checks if the request was forwarded by Mashery or not. To do that you need to 'require' the new file and add a new App.use
line above all others. For my Node.js app it looks like the below:
'
use strict'; var Http = require('http'); var mashery = require('./util/mashery'); ... App.use(mashery); ...
Conclusion
With a few lines of code (and a bit of copy/paste) you can very easily confirm whether or not the request was sent from a particular IP. The only thing left is to deploy your Node.js app.
Originally from: https://retgits.github.io/custom-express-middleware-to-only-allow-traffic-from-mashery/
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now