Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
crowdsec-client-scenarios
Advanced tools
crowdsec-client-scenarios - npm Package Compare versions
Comparing version 0.0.7 to 0.0.8
| { | ||
| "name": "crowdsec-client-scenarios", | ||
| "version": "0.0.7", | ||
| "version": "0.0.8", | ||
| "description": "tmp", | ||
@@ -41,5 +41,5 @@ "main": "./lib/index.cjs", | ||
| "dependencies": { | ||
| "@laverdet/beaugunderson-ip-address": "^8.1.0", | ||
| "debug": "^4.3.4", | ||
| "@laverdet/beaugunderson-ip-address": "^8.1.0", | ||
| "lru-cache": "^10.0.0", | ||
| "lru-cache": "^10.0.1", | ||
| "maxmind": "^4.3.11" | ||
@@ -51,9 +51,9 @@ }, | ||
| "devDependencies": { | ||
| "@jest/globals": "29.5.0", | ||
| "@jest/globals": "29.6.2", | ||
| "@types/debug": "4.1.8", | ||
| "dotenv": "16.3.1", | ||
| "esbuild": "0.18.11", | ||
| "jest": "29.5.0", | ||
| "esbuild": "0.19.2", | ||
| "jest": "29.6.2", | ||
| "jest-sonar": "0.2.16", | ||
| "mmdb-lib": "^2.0.2", | ||
| "mmdb-lib": "2.0.2", | ||
| "rimraf": "5.0.1", | ||
@@ -63,3 +63,3 @@ "source-map-support": "0.5.21", | ||
| "ts-node": "10.9.1", | ||
| "crowdsec-client": "^0.1.1" | ||
| "crowdsec-client": "^0.1.2" | ||
| }, | ||
@@ -77,3 +77,3 @@ "funding": [ | ||
| "peerDependencies": { | ||
| "crowdsec-client": "^0.1.1" | ||
| "crowdsec-client": "^0.1.2" | ||
| }, | ||
@@ -86,3 +86,3 @@ "scripts": { | ||
| "ts-types": "tsc --emitDeclarationOnly --outDir lib/types", | ||
| "build": "rimraf lib && node ./esbuild.js --analyze && npm run ts-types", | ||
| "build": "rimraf lib && node ./esbuild.js && npm run ts-types", | ||
| "debug": "npm run build && node -r source-map-support/register ./lib/esm/debug.mjs", | ||
@@ -89,0 +89,0 @@ "jest": "node --experimental-vm-modules node_modules/jest/bin/jest.js", |
183
readme.md
@@ -1,1 +0,182 @@ | ||
| first alpha version, to be used with [crowdsec-http-middleware](../crowdsec-http-middleware) | ||
| # crowdsec-client-scenarios | ||
| [](https://www.npmjs.com/package/crowdsec-client-scenarios) | ||
| [](https://github.com/thib3113/node-crowdsec/actions/workflows/CI.yml) | ||
| [](https://codecov.io/gh/thib3113/node-crowdsec) | ||
| [](https://www.npmjs.com/package/crowdsec-client-scenarios) | ||
| [](https://github.com/thib3113/node-crowdsec/blob/main/LICENSE) | ||
| [](https://snyk.io/test/github/thib3113/node-crowdsec) | ||
| [//]: # ([](https://snyk.io/advisor/npm-package/crowdsec-client-scenarios)) | ||
| [](https://paypal.me/thib3113) | ||
| [](https://github.com/thib3113/node-crowdsec/stargazers/) | ||
| [](https://packagequality.com/#?package=crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
| [](https://sonarcloud.io/dashboard?id=thib3113_crowdsec-client-scenarios) | ||
|  | ||
| [](https://nodei.co/npm/crowdsec-client-scenarios/) | ||
| This library is a Node.js client to talk with crowdsec rest API . | ||
| # Start | ||
| install it | ||
| ``` | ||
| npm i crowdsec-client-scenarios | ||
| ``` | ||
| and then read the documentation in the [wiki](https://github.com/thib3113/node-crowdsec/wiki) | ||
| # Usage | ||
| This package, is planned to host scenarios used by [crowdsec-http-middleware](../crowdsec-http-middleware) and other middleware that extend it | ||
| # Scenarios | ||
| in this part, we will use the variables `scenarios` and `scenariosOptions`, to illustrate the use in the middlewares | ||
| ## Defaults scenarios | ||
| the defaults scenarios are ([defined here](./src/index.ts#L8)) : | ||
| - [AllowListEnricher](#allowlist) : allow you to skip alerts on your local ips | ||
| - [XForwardedForChecker](#xforwardedforchecker) : allow to extract visitor ip | ||
| - [HTTPEnricher](#httpenricher) : enrich alerts with informations from the http request | ||
| ## Available scenarios | ||
| The available scenarios are : | ||
| ### XForwardedForChecker | ||
| This scenario will validate the XForwardedFor header . Some malicious persons will send you a fake `X-Forwarded-For` header, to hide their real IP . | ||
| This scenario will trigger an alert, if an untrusted IP try to pass `X-Forwarded-For` | ||
| ````typescript | ||
| const scenarios = [XForwardedForChecker]; | ||
| const scenariosOptions = { | ||
| 'x-forwarded-for': { | ||
| //list of trusted CIDR, you need to setup here that all the trusted proxies, else, it will trigger alert for your reverse proxies, and extract incorrect ip | ||
| trustedProxies: [], | ||
| //trigger alert if an untrusted ip set the header (true by default) | ||
| alertOnNotTrustedIps: true | ||
| } | ||
| } | ||
| ```` | ||
| this scenario support the extractIp capability, so, if you enable it, it will extract the IP automatically from the headers, will use set it on `req.ip`, and will use it to trigger alerts and check if decisions exists | ||
| #### Example | ||
| you are using cloudflare (you can get cloudflare [ips](https://www.cloudflare.com/fr-fr/ips/) here, then traefik in subnet 10.0.3.0/24, and finally your webserver | ||
| on your server, you will configure : | ||
| ````typescript | ||
| const scenarios = [XForwardedForChecker]; | ||
| const scenariosOptions = { | ||
| 'x-forwarded-for': { | ||
| //list of trusted CIDR, you need to setup here that all the trusted proxies, else, it will trigger alert for your reverse proxies, and extract incorrect ip | ||
| trustedProxies: [ | ||
| //cloudflare ips | ||
| "173.245.48.0/20", | ||
| "103.21.244.0/22", | ||
| "103.22.200.0/22", | ||
| "103.31.4.0/22", | ||
| "141.101.64.0/18", | ||
| "108.162.192.0/18", | ||
| "190.93.240.0/20", | ||
| "188.114.96.0/20", | ||
| "197.234.240.0/22", | ||
| "198.41.128.0/17", | ||
| "162.158.0.0/15", | ||
| "104.16.0.0/13", | ||
| "104.24.0.0/14", | ||
| "172.64.0.0/13", | ||
| "131.0.72.0/22", | ||
| "2400:cb00::/32", | ||
| "2606:4700::/32", | ||
| "2803:f800::/32", | ||
| "2405:b500::/32", | ||
| "2405:8100::/32", | ||
| "2a06:98c0::/29", | ||
| "2c0f:f248::/32", | ||
| //traefik ip | ||
| "10.0.3.0/24" | ||
| ], | ||
| //trigger alert if an untrusted ip set the header | ||
| alertOnNotTrustedIps: true | ||
| } | ||
| } | ||
| ```` | ||
| so, if someone with ip `1.2.3.4` it will produce an `X-Forwarded-For` like `1.2.3.4, 173.245.48.2`, and your webserver will detect a remote address like `10.0.3.1` . | ||
| This scenario will parse the information, and so set `req.ip = "1.2.3.4"`, so you now know the real ip of your visitor . | ||
| I need to warn you, if you miss configured the list of allowed ips, it can ban your reverse proxy . | ||
| you can test it before, by setting `alertOnNotTrustedIps` to false, and log `req.ip`, if the IP is correct, you can enable the alerts | ||
| ### AllowList | ||
| This scenario allow you to exclude some ips from alerts | ||
| ````typescript | ||
| const scenarios = [AllowListEnricher]; | ||
| const scenariosOptions = { | ||
| 'allow-list': { | ||
| //list of CIDR/IP to allow to skip alert checks | ||
| allowed: ['127.0.0.1'] | ||
| } | ||
| } | ||
| ```` | ||
| by default, the CIDR allowed are the [RFC 1918](https://en.wikipedia.org/wiki/Private_network) one (private network) | ||
| ````typescript | ||
| const scenariosOptions = { | ||
| 'allow-list': { | ||
| allowed: ['127.0.0.1', '::1', '192.168.0.0/16', '10.0.0.0/8', '172.16.0.0/12'] | ||
| } | ||
| } | ||
| ```` | ||
| ### HTTPEnricher | ||
| this scenario will add context to your alert, linked with the current http request | ||
| ````typescript | ||
| const scenarios = [AllowListEnricher]; | ||
| //no options | ||
| const scenariosOptions = {} | ||
| ```` | ||
| ### MaxMindEnricher | ||
| this scenario will add context to your alert with the help of the maxmind databases | ||
| ````typescript | ||
| const scenarios = [MaxMindEnricher]; | ||
| const scenariosOptions = { | ||
| maxmind: { | ||
| //specify path to ASN or city databases . you need need to set one, or the two databases | ||
| paths: { | ||
| ASN: 'path/to/geoLite2-ASN.mmdb', | ||
| city: 'path/to/geoLite2-City.mmdb' | ||
| }, | ||
| //you can watch for updates, and so, updating the database on the filesytem will automatically reload the database | ||
| watchForUpdates: true | ||
| } | ||
| } | ||
| ```` | ||
| to use this scenario, you will need to download free databases available [here](http://dev.maxmind.com/geoip/geoip2/geolite2/). | ||
| If you need better accuracy you should consider buying [commercial subscription](https://www.maxmind.com/en/geoip2-databases). | ||
| ## Debug | ||
| this library include [debug](https://www.npmjs.com/package/debug), to debug, you can set the env variable : | ||
| ````dotenv | ||
| DEBUG=crowdsec-client-scenarios:* | ||
| ```` |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by9.7%
132764
- Number of lines in readme file
- increased by9050%
183
Dependency changes
Updatedlru-cache@^10.0.1