A very simple firewall for Meteor
The aim of this package is to only allow access to your Meteor application from a whitelist of IP addresses you define. Deploy your in-development application to a hosting service so you can test on different devices or perfect your deployment pipeline whilst keeping it safe from prying eyes.
Tested with Meteor v1.x.
meteor add simonrycroft:ip-whitelist
The package expects to find a private ipWhitelist key in your METEOR_SETTINGS environment variable e.g:
{
"ipWhitelist": [
"90.201.1.243",
"91.154.1.123"
]
}Your hosting provider may give you the ability to configure environment variables via their control panel. Alternatively if you are deploying to Meteor's free hosting service for non-production apps you can define your whitelist in a settings.json file and use:
meteor deploy yourapp.meteor.com --settings settings.json
Please don't commit your settings.json file to a public repository!
Add this line to your server-side code:
IPWhitelist();If you have defined a whitelist and the client's IP is in that list they will be granted access. If you have defined a whitelist but their IP is not in the list they will receive a 404 response with an empty body.
Note that if you do not define a whitelist all requests will be granted access.