@rill/forwarded-from
Safely handle the X-Forwarded-For header in Rill.
This middleware will update "ctx.req.ip" if a "X-Forwarded-For" header is present from a trusted ip.
It will also update "ctx.req.host, ctx.req.hostname and ctx.req.port" if an "X-Forwarded-Host" header is provided from a trusted ip.
Installation
npm install @rill/forwarded-fromExample
app.js
const app = rill()
const forwarded = require("@rill/forwarded-from")
// This will only trust X-Forwarded-For from incomming requests with the provided ips and any local requests.
app.use(forwarded({ from: ['184.1.2.3', '184.2.3.4'] }))
// Example request with `X-Forwarded-For` and `X-Forwarded-Host` from valid ip.
app.get('/test', ({ req, res })=> {
req.forwarded //-> true
req.get('X-Forwarded-For') //-> 178.1.2.3
req.ip //-> 178.1.2.3
req.get('X-Forwarded-Host') //-> test.com:3000
req.host //-> test.com:3000
req.hostname //-> test.com
req.port //-> 3000
})API
-
forwarded({ from: String..., local: Boolean }) : Creates a middleware that will update
ctx.req.ipwith a validX-Forwarded-Forheader.
// Without any options this will only allow `X-Forwarded-For` on local requests.
app.use(forwarded())
// Any ip's specified in the `from` option will also be valid.
app.use(forwarded({ from: '184.1.2.3' }))
// You can disable local ip's by setting `options.local=false` (default true).
app.use(forwarded({ from: '184.1.2.3', local: false }))Contributions
- Use
npm testto run tests.
Please feel free to create a PR!