Skip to main content
stigterhq.nl
How To Use Express Middleware To Filter Traffic In Node.js
  1. Blog/

How To Use Express Middleware To Filter Traffic In Node.js

·3 mins·
TIBCO
Table of Contents

With Node.js in TIBCO Cloud Integration you have a solid toolset for building APIs. Here we’ll create a custom Express middleware that checks if the IP address of the sender matches a predefined list. In this tutorial we’ll use the list of TIBCO Mashery Traffic Managers as a ‘whitelist’ (so traffic from all other IP addresses will be blocked).

Some assumptions
#

A few assumptions going in, which should cover most readers. If you have questions, post them below or at the TIBCO Community.

Express middleware
#

Middleware functions in Node.js have access to the request and response objects in your Express app. From the Express docs, middleware can:

  • Execute any code.
  • Make changes to the request and the response objects.
  • End the request-response cycle.
  • Call the next middleware in the stack.

We care about the third and fourth bullet here. If the request doesn’t come from Mashery we end the cycle. If it does, we call the next middleware in the stack.

The code
#

Our middleware needs to do one thing: check whether the request IP is a Mashery Traffic Manager IP. Three requirements:

  • We need to check both x-forwarded-for and remoteAddress so the same code works locally and in TIBCO Cloud Integration.
  • Mashery publishes IPs in CIDR format, so we need to translate those into ranges and check for matches.
  • Following Node.js best practices, we’ll put this in its own file. I’ve called it mashery.js and stored it in the ‘util’ folder.
'use strict';

var ip = require('ip');
var Logger = require('./logger');

/**
* To test locally add '::1/32' or '127.0.0.1/32' to the list.
*/
var trafficManagerIPs = ['64.94.14.0/27',
   '64.94.228.128/28',
   '216.52.39.0/24',
   '216.52.244.96/27',
   '216.133.249.0/24',
   '23.23.79.128/25',
   '107.22.159.192/28',
   '54.82.131.0/25',
   '75.101.137.168/32',
   '75.101.142.168/32',
   '75.101.146.168/32',
   '75.101.141.43/32',
   '75.101.129.141/32',
   '174.129.251.74/32',
   '174.129.251.80/32',
   '50.18.151.192/28',
   '50.112.119.192/28',
   '54.193.255.0/25',
   '204.236.130.149/32',
   '204.236.130.201/32',
   '204.236.130.207/32',
   '176.34.239.192/28',
   '54.247.111.192/26',
   '54.93.255.128/27',
   '54.252.79.192/27'];

module.exports = function (req, res, next) {
   var invalidMasheryIP = true;
   var reqIp = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

   for (var i = 0, len = trafficManagerIPs.length; i < len; i++) {
       if (ip.cidrSubnet(trafficManagerIPs[i]).contains(reqIp)) {
           invalidMasheryIP = false;
           next();
       }
   }

   if (invalidMasheryIP) {
       Logger.log(Logger.LOG_WARN, `An unauthorized IP address ${reqIp} has tried to access the service`);
       res.status(403).end();
   }
};

Using it in your Node.js app
#

To make sure every request goes through the Mashery check first, require the new file and add an App.use line above all other middleware. Here’s what that looks like:

'use strict';

var Http = require('http');
var mashery = require('./util/mashery');

...

App.use(mashery);

...

Wrapping up
#

A few lines of code (and some copy/paste) and you can validate whether requests come from a specific set of IPs. The only thing left is to deploy your Node.js app.

Related

The Art Of Getting Back To Your Data Securely!

·2 mins
TIBCO
If you are like me, the data I need to do my job exists not only in the cloud. It can be hard to get to all data sources, especially when those are on-premises and behind a firewall. I am not alone, as pretty much everyone is facing these challenges. In fact, Gartner predicted that over sixty-five percent of all integration flows will be created outside of the control of IT departments as a result of the growing number of integration related tasks that they need to take care of. Simply put, organizations today are integrating to everything. The ‘everything’ in the last sentence not only includes Software-as-a-Service applications like Salesforce.com or NetSuite, but also includes applications and services hosted in private networks and datacenters.

The Art Of Building Node.js Microservices in TIBCO Cloud Integration

·2 mins
TIBCO
The world of integration is hybrid. Not only hybrid in the sense that you have on-premise and cloud-based applications, but also hybrid in the types of people that connect systems together or build something completely new. What really doesn’t change is the fact that people want to use the tools that fit their purpose. There is quite a good chance that you know Node.js. According to Techworm, it is the number 7 programming language. If you’ve ever built a Node.js app, chances are pretty good that your first app said “Hello World” every time. In fact, that might even have been your first API!

The Secret Of The Ultimate Valentine’s API

·3 mins
TIBCO
Integration is red (it is my heart, after all), clouds are blue, interconnect everything and I’ll 💙 you! With the theme of TIBCO NOW this year being “Digital Smarter”, I wanted to see if I could build the ultimate Valentine’s Day API using our own technology while considering the requirements that might impose on one’s choice of tech. Valentine’s Day is traditionally the holiday where people receive cards from their significant others and secret admirers and is also a great day to have a first date. What to do on a first date? Catch a movie. According to research, one in ten people would ask someone out based on their movie preferences, so having the ability to connect to different film APIs could make or break that first date.