country-block-extradeprecated

country and Tor blocking middleware for Express.js

Usage no npm install needed!

<script type="module">
  import countryBlockExtra from 'https://cdn.skypack.dev/country-block-extra';
</script>

README

country-block-extra

Two Express.JS middleware pieces to restrict access for certain remote clients, which might e.g. conflict with export regulations.

Installation

npm

npm install country-block-extra

yarn

yarn add country-block-extra

Usage

Country Blocking

The country blocker gets the remote IP address of a client request and uses geoip-lite to determine if access should be granted or not. An exclusion list of country codes configures the set of countries from which access should be denied:

var CountryBlocker = require('country-block-extra').CountryBlocker;
var blocker = new CountryBlocker({
  blockedCountries: ['de', 'fr']
}); 
app.use(blocker.check.bind(blocker));

In this example access from Germany and France would be denied for any URL hitting the site. The response status code is then 451.

Make sure that geoip-lite has the latest database installed:

cd node_modules/geoip-lite
npm run-script updatedb

For more details please read this module's documentation.

Tor Blocking

Tor blocking is based on using the remote IP address and the server's external IP address and port to determine if a request came through the Tor network. This only works for IPv4 at this moment, so if you prefer not to block those you might want to go for the lenient flag (see below).

This is how to put the Tor blocking middleware into action:

var TorBlocker = require('country-block-extra').TorBlocker;
var blocker = new TorBlocker({
    server: {
        host: 'www.that-web-server.net',
        port: 80
    }
});
app.use(blocker.check.bind(blocker));

The server host can either be an IP address or the DNS name. If you open a Tor browser and try to access http://www.that-web-server.net you should be blocked.

Customization

For any blocker a few options can be passed in to change its behavior.

If you don't want to block if things are uncertain, for instance if the IP address cannot be determined you can use the lenient flag:

new CountryBlocker({
  blockedCountries: ['de', 'fr'],
  lenient: true
});

By default false it will allow requests to pass if for some technical reasons the block determination wasn't possible. You shown your best effort, but you don't want to exclude those valid clients either.

And if in case of blocking you want to have a different status code than 451 being issued:

new CountryBlocker({
  blockedCountries: ['de', 'fr'],
  statusCode: 403
});

Events

In case of blocking every blocker emits an event with a reason string, useful e.g. for logging:

var blocker = new TorBlocker({
  server: { host: "1.2.3.4", port: 8080 }
});
blocker.on("blocked", function (reason) {
  console.log(reason);
});

Typings

This package comes with typings, so you can use it in TypeScript directly:

let blocker = new CountryBlocker({
    blockedCountries: ["de", "fr"]
});
blocker.on(EVENT_BLOCKED, (reason: string) => console.log(reason));
app.use(blocker.check.bind(blocker));

blocker = new TorBlocker({
    lenient: true,
    server: { host: "1.2.3.4", port: 8080 }
});
blocker.on(EVENT_BLOCKED, (reason: string) => console.log(reason));
app.use(blocker.check.bind(blocker));

Notice that the country-code-extra module itself is written in TypeScript.