Rill
@rill/forwarded-from
API stability Standard NPM version Downloads Gitter Chat

Safely handle the `X-Forwarded-For` header in [Rill](https://gitter.im/rill-js/rill). This middleware will update "ctx.req.ip" if a "X-Forwarded-For" header is present from a trusted ip. It will also update "ctx.req.host, ctx.req.hostname and ctx.req.port" if an "X-Forwarded-Host" header is provided from a trusted ip. # Installation ```console npm install @rill/forwarded-from ``` # Example #### app.js ```js const app = rill() const forwarded = require("@rill/forwarded-from") // This will only trust X-Forwarded-For from incomming requests with the provided ips and any local requests. app.use(forwarded({ from: ['184.1.2.3', '184.2.3.4'] })) // Example request with `X-Forwarded-For` and `X-Forwarded-Host` from valid ip. app.get('/test', ({ req, res })=> { req.forwarded //-> true req.get('X-Forwarded-For') //-> 178.1.2.3 req.ip //-> 178.1.2.3 req.get('X-Forwarded-Host') //-> test.com:3000 req.host //-> test.com:3000 req.hostname //-> test.com req.port //-> 3000 }) ``` # API + **forwarded({ from: String..., local: Boolean })** : Creates a middleware that will update `ctx.req.ip` with a valid `X-Forwarded-For` header. ```javascript // Without any options this will only allow `X-Forwarded-For` on local requests. app.use(forwarded()) // Any ip's specified in the `from` option will also be valid. app.use(forwarded({ from: '184.1.2.3' })) // You can disable local ip's by setting `options.local=false` (default true). app.use(forwarded({ from: '184.1.2.3', local: false })) ``` --- ### Contributions * Use `npm test` to run tests. Please feel free to create a PR!