express-endpoint-spam-protector

express-endpoint-spam-protector is a super lightweight, customizable middleware designed for security in ExpressJS. By configuration, you can block requests if too many are made by the same IP. Because of the nature of middleware, this can be applied to only desired routes, or all routes.

Installation

npm install express-endpoint-spam-protector

Usage

const express = require('express');
const app = express();
const EndpointSpamProtector = require('express-endpoint-spam-protector');

const config = {
      minuteInterval: 15, // default value is 15
      requestAmountBeforeBan: 50, // default value is 50
      rejectionCode: 401 // default value is 401
};
const protector = new EndpointSpamProtector(config);

app.use(protector.protect);

// The map for all requests can be modified directly
// A good use case for this is to clear requests
console.log(protector.accessMap);

Additional configurations

onReject

This executes right before rejection. It expects a function, and if it returns a promise, it will wait for that promise to finish before rejecting.

const config = {
      minuteInterval: 15,
      requestAmountBeforeBan: 50, 
      rejectionCode: 401,
      onReject: () => console.log('right before rejection')
};

onSuccess

This executes right before succeeding. It expects a function, and if it returns a promise, it will wait for that promise to finish before succeeding and calling next().

const config = {
      minuteInterval: 15,
      requestAmountBeforeBan: 50,
      rejectionCode: 401,
      onSuccess: () => console.log('right before succeeding')
};

rejectionResponse

Optional response to send when rejecting.
Defaults to "Access denied - too many requests."

additionalLoggedFields

You can add any other fields you want to be logged, that are directly in the req object
Defaults to ['method', 'headers', 'body']

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

MIT