0

I'm building a web site using ReactJs(for frontend) and NodeJS(for backend API service). Now I have an issue of authentication for my API service so I decided to add authentication using domain checking. Which means I want to accept the request to my API service from only specific domains those are my domain and and my localhost. So, help me to know the domain or URL of the web site from where we are getting request to access our API service.

I have tried this it works, but it is get URL of the domain where I have hosted my API service.

const url = require('url');
const dns = require('dns');


exports.checkip= (requestip) => {
   let link = requestip
   console.log(link)
   link == "/" ? link = "http://localhost" : link = link
   console.log(link) 
   const parsedUrl = url.parse(link); // Parse the URL
   const domain = parsedUrl.hostname; // Extract the domain from the parsed URL


   // return Apikeys.includes(link)
   return Apikeys.includes(domain)

   dns.lookup(domain, (err, address, family) => { // Use DNS module to look up IP address
       if (err) {
           console.error(err);
           res.status(500).json({ error: 'Failed to lookup IP address for the domain' });
           return false
       } else {
           res.json({ domain, ipAddress: address ,family});
           return true
       }
   });

}
Improve this question
1

1 Answer 1

Reset to default
0

You can use CORS policy to limit requests to specific domains.

However, note that relying solely on the request for security is not sufficient as attackers can forge a request from a trusted domain, and thus it cannot replace server protection (like authentication mechanism)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.