GeoIPServer
GeoIPServer is a small, simple node.js module that allows simple IP geolocation requests. It also comes with a convenient command line utility for creating a standalone server.
Installation
GeoIPServer requires node.js, npm and the requisite data files.
You can install GeoIPServer for use in your own project:
npm install geoip-server
Or you can install GeoIPServer globally, making it easy to run the standalone server:
sudo npm install geoip-server -g
Usage
In your project:
If you're already using express, you can attach GeoIPServer directly to your app:
var GeoIPServer = ; var geoIPServer = url: '/ip/:ip' secret: 'this is the secret key' ; geoIPServer; // attach to an existing express app
If you don't already have an express app, you can tell GeoIPServer to listen on its own:
geoIPServer;
GeoIPServer also supports SSL:
geoIPServer;
As a standalone server:
Usage: geoip-server [options]
Options:
-h, --help output usage information
-s, --secret <secret key> Specify the secret key for the storehouse. !!REQUIRED!!
--url <url> Specify the upload url. Eg: --url "/uploadfile" Default: /upload
-p, --port <port> Specify the port to listen on. Default: 8888
--sslkey <keyfile> Specify an SSL key file.
--sslcert <certfile> Specify an SSL cert file.
--quiet Do not print out events.
Example:
geoip-server -s "this is the secret key" --url /test/:ip --quiet
This would start a GeoIPServer with the secret key "this is the secret key" that:
- Has an lookup endpoint url of: /test/:ip
- Will not print out request logs
Cool, how do I keep everyone on the internet from querying my server?
That's where the secret key comes in: to make a request you must send a signature along for validation.
The signature is a SHA1 of some information about the request plus the secret key.
The signature you send match this signature. To generate a signature, you would execute:
var verification = '';for var key in Object verification += key + '=' + optionalQueryParams key + '&'; verification += 'ip=' + ipToLookup + '&';verification += 'secret=' + 'your secret code'; var signature = crypto;
That's great, but how do I generate a signature without leaking my secret key?
Good question! GeoIPServer is mostly intended to be used as a part of an existing web infrastructure where you already have some kind of web service running.
If you're using GeoIPServer internally, you could skip the secret key altogether and just limit incoming connections to approved IPs.
If you'd like to expose it externally, though, you can calculate the signature for the client on your server:
;
CREDIT WHERE CREDIT IS DUE
Thanks to Philip Tellis (@bluesmoon) for his geoip-lite library, which GeoIPServer is mostly a small wrapper around.
CHANGELOG
v0.0.1
- Initial release.