tor-detect-middleware

    1.0.2 • Public • Published

    tor-detect-middleware

    Tor detect middleware for Express

    npm version license downloads Known Vulnerabilities

    About

    Tor detect middleware for Express.

    ❤️ Awesome Features:

    • Easy to redirect Tor or Surface users. 🔥
    • Easy to recognize TorUsers at inside the req object, req.isTorUser 🍺
    • No infra required, the database is json based using lowdb 🎉
    • The strictMode won't allow any request to access until the relays IPs are collected 📦
    • The purge allow you to dump the database at startup ☣️
    • debug is supported 💪
    • Refresh time is customizable 🧐
    • Easy to use and great test coverage
    const express = require('express');
    const torUserHandler = require('tor-detect-middleware')
    const app = express();
    
    app.use(torUserHandler())
    
    app.get('/', (req, res) => {
      const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
      res.send(`Are you (${ip}) a TOR user? ${req.isTorUser}`);
    });
    
    app.listen(3000, () => {
      console.log('We are in port 3000!');
    });

    Usage

    Install

    npm install tor-detect-middleware

    simple example

    const express = require('express');
    const torUserHandler = require('tor-detect-middleware')
    const app = express();
    
    app.use(torUserHandler())
    
    app.get('/', (req, res) => {
      const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
      res.send(`Are you (${ip}) a TOR user? ${req.isTorUser}`);
    });
    
    app.listen(3000, () => {
      console.log('We are in port 3000!');
    });

    Redirect Users

    In this example we redirect the surface users to https://www.nytimes.com and Tor users to https://www.nytimes3xbfgragh.onion/. You can use both ways to redirect.

    const express = require('express');
    const torUserHandler = require('tor-detect-middleware')
    const app = express();
    
    app.use(torUserHandler({
        surface: "https://www.nytimes.com",
        tor: "https://www.nytimes3xbfgragh.onion/"
    }))
    
    app.listen(3000, () => {
      console.log('We are in port 3000!');
    });

    Ban users from surface or TOR

    const express = require('express');
    const torUserHandler = require('tor-detect-middleware')
    const app = express();
    
    app.use(torUserHandler())
    
    app.get('/surface-only', (req, res) => {
      if(req.isTorUser) return res.status(401).send("You can't access from TOR here")
      res.send('Welcome surface user!');
    });
    
    app.get('/tor-only', (req, res) => {
      if(!req.isTorUser) return res.status(401).send("You can't access from the surface here")
      res.send('Welcome to the dark side. We have cookies!');
    });
    
    app.listen(3000, () => {
      console.log('We are in port 3000!');
    });

    Custom Cron Jobs

    By default we refresh the IP list every hour, but you can modify the ms as you wish.

    const express = require('express');
    const torUserHandler = require('tor-detect-middleware')
    const app = express();
    
    app.use(torUserHandler({refreshMs: 600000}))
    
    //...

    Strict Mode

    Special behaviour in Strict mode:

    • The server will stop at startup if https://onionoo.torproject.org/details url is down
    • The server will wait until there is a list ready to dispatch requests. (Few seconds)

    Note: if there is a list stored you wont surfer any problem, as we start the service from the previous list.

    const express = require('express');
    const torUserHandler = require('tor-detect-middleware')
    const app = express();
    
    app.use(torUserHandler({
        strictMode: true
    }))
    
    //...

    Purge list at start

    You can purge the list by default at the startup of the service.

    const express = require('express');
    const torUserHandler = require('tor-detect-middleware')
    const app = express();
    
    app.use(torUserHandler({
        purge: true
    }))
    
    //...

    Built With

    Development only:

    Production only:

    • debug - Debug the app
    • got - Download TOR infra data
    • ip-regex - Validate relays IPs
    • lowdb - Store and query IPs

    Contributing

    Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

    Versioning

    We use SemVer for versioning. For the versions available, see the tags on this repository.

    Authors

    See also the list of contributors who participated in this project.

    License

    This project is licensed under the GNU AGPL3.0 License - see the LICENSE.md file for details

    Acknowledgments

    • This project is under development, but you can help us to improve it! We ❤️ FOSS!

    Install

    npm i tor-detect-middleware

    DownloadsWeekly Downloads

    11

    Version

    1.0.2

    License

    AGPL-3.0

    Unpacked Size

    60 kB

    Total Files

    20

    Last publish

    Collaborators

    • ulisesgascon