1. Home
2. Questions
3. AI Assist
4. Tags
5. Challenges
6. Chat
7. Articles
8. Users
9. Companies
11. Communities for your favorite technologies. Explore all Collectives
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Bring the best of human thought and AI automation together at your work. Learn more

How to secure a simple GET request using Express js

Asked 6 years, 5 months ago

Viewed 592 times

I have build a simple web server using Express js. There I have one GET request to send any json response. Now this request can be accessed from anywhere by anyone.

How can I restrict this GET request from having public access and what approach should I follow to restrict this public access?

Please note, I don't have the login or logout feature, only simple GET request.

Below is my code ---

const express = require('express');
const app = express();
app.get('/', (req, res) => { res.send('Test response'); });
app.listen(3000, () => console.log('Listening on port 3000!'));

Improve this question

edited Jul 17, 2019 at 20:09

Aritra Chakraborty's user avatar

Aritra Chakraborty

12.6k3 gold badges30 silver badges37 bronze badges

asked Jul 17, 2019 at 20:05

Timir Baran Kundu's user avatar

Timir Baran Kundu

314 bronze badges

2

You will need to implement Authentication if you want it to not be public. And then use Express Middleware to verify the tokens coming up are valid users. You've got some work ahead of you.

caden311
– caden311

2019年07月17日 20:10:41 +00:00
Commented Jul 17, 2019 at 20:10

Add a comment |

1 Answer 1

Sorted by: Reset to default

There are multiple ways to secure a route. One way can be IP whitelisting.

So basically, you can give particular IPs access to the route. For that you can use express-ipfilter

// Init dependencies
const express = require('express')
const ipfilter = require('express-ipfilter').IpFilter
// Whitelist the following IPs
const ips = ['127.0.0.1']//add the IPs here
// Create the server
app.use(ipfilter(ips, { mode: 'allow' }))
app.get('/', (req, res) => { res.send('Test response'); });
app.listen(3000, () => console.log('Listening on port 3000!'));

There are countless ways to give access to certain person your route:

Private key encryption, sharing a secret key with someone you want access. Whenever your route is called you check the secret key
Public key, You can share your certificate with them, they need to pin the certificate in their request module and hit the route etc.

Improve this answer

answered Jul 17, 2019 at 20:13

Aritra Chakraborty's user avatar

Aritra Chakraborty

12.6k3 gold badges30 silver badges37 bronze badges

Comments

Your Answer

Draft saved

Draft discarded

Sign up or log in

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

lang-js

CollectivesTM on Stack Overflow

How to secure a simple GET request using Express js

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Hot Network Questions

CollectivesTM on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Related