Implement method whitelisting middleware to secure API endpoints

shardeum · Aug 30, 2024 · 9c7649c · 9c7649c
1 parent 7933f76
commit 9c7649c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/src/middlewares/methodWhitelist.ts b/src/middlewares/methodWhitelist.ts
@@ -0,0 +1,12 @@
+import { Request, Response, NextFunction } from 'express';
+import { methods } from '../api';
+
+const allowedMethods = Object.keys(methods);
+
+export const methodWhitelist = (req: Request, res: Response, next: NextFunction) => {
+  const method = req.body?.method;
+  if (method && !allowedMethods.includes(method)) {
+    return res.status(404).json({ error: 'Method not found' });
+  }
+  next();
+};
diff --git a/src/server.ts b/src/server.ts
@@ -34,6 +34,7 @@ import { setupEvmLogProviderConnectionStream } from './websocket/log_server'
 import { setupArchiverDiscovery } from '@shardus/archiver-discovery'
 import { setDefaultResultOrder } from 'dns'
 import { nestedCountersInstance } from './utils/nestedCounters'
+import { methodWhitelist } from './middlewares/methodWhitelist'
 setDefaultResultOrder('ipv4first')
 
 // const path = require('path');
@@ -195,6 +196,8 @@ app.use('/log', authorize, logRoute)
 app.use('/authenticate', authenticate)
 app.use('/', healthCheckRouter)
 app.use(injectIP)
+// Method Whitelisting Middleware
+app.use(methodWhitelist)
 // reject subscription methods from http
 app.use(rejectSubscription)
 app.use(server.middleware())