Code coverage report for esecurity/lib/middleware/filterReq.js

Statements: 100% (45 / 45)      Branches: 100% (62 / 62)      Functions: 100% (9 / 9)      Lines: 100% (38 / 38)      Ignored: none     

All files » esecurity/lib/middleware/ » filterReq.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67  1   1   19 19 19 19 19 19 19 19 19   19   19     19 2   17     17 1 1       16 1 1     15 1 1     14 1 1     13 1 1     12 1 1     11 1 1     10        
 
var utils = require('../utils');
 
module.exports = function filterReqConstructor(opts) {
 
    opts = opts || {};
    opts.host = opts.host || function (host) { return true; };
    opts.agent = opts.agent || function (agent) { return true; };
    opts.referer = opts.referer || function (referer) { return true; };
    opts.method = opts.method || function (method) { return true; };
    opts.url = opts.url || function (url) { return true; };
    opts.ip = opts.ip || function (ip) { return true; };
    opts.custom = opts.custom || function (req, res) { return true; };
    opts.log = opts.log || false;
    
    var isLogEnable = "function" === typeof opts.log;
 
    return function filterReq(req, res, next) {
 
        // self-awareness
        if (req._esecurity_filterReq)
            return next();
 
        req._esecurity_filterReq = true;
      
        // limit by rules
        if (opts.host && !opts.host(req.get('host'))) {
            isLogEnable && opts.log('[' + req.ip + '] - 403 - Host <' + req.get('host') + '> not granted', req);
            return next(utils.error(403, 'Host not granted'));
        }
 
 
        if (opts.agent && !opts.agent(req.get('user-agent'))) {
            isLogEnable && opts.log('[' + req.ip + '] - 403 - User-Agent <' + req.get('user-agent') + '> not granted', req);
            return next(utils.error(403, 'User-Agent not granted'));
        }
 
        if (opts.referer && !opts.referer(req.get('referer'))) {
            isLogEnable && opts.log('[' + req.ip + '] - 403 - Referer <' + req.get('referer') + '> not granted', req);
            return next(utils.error(403, 'Referer not granted'));
        }
        
        if (opts.method && !opts.method(req.method)) {
            isLogEnable && opts.log('[' + req.ip + '] - 403 - Method <' + req.method + '> not granted', req);
            return next(utils.error(403, 'Method not granted'));
        }
        
        if (opts.url && !opts.url(req.url)) {
            isLogEnable && opts.log('[' + req.ip + '] - 403 - URL <' + req.url + '> not granted', req);
            return next(utils.error(403, 'URL not granted'));
        }
        
        if (opts.ip && !opts.ip(req.ip)) {
            isLogEnable && opts.log('[' + req.ip + '] - 403 - IP <' + req.ip + '> not granted', req);
            return next(utils.error(403, 'IP not granted'));
        }
        
        if (opts.custom && !opts.custom(req, res)) {
            isLogEnable && opts.log('[' + req.ip + '] - 403 - Forbidden by custom rule', req);
            return next(utils.error(403, 'Forbidden.'));
        }
 
        next();
    };
};