Vibe SecurityExpress.js Example

Express.js Middleware

Protect your Node.js Express APIs with Intent Firewall middleware. Block malicious requests before they reach your application logic.

Quick Setup

Get Intent Firewall protection running in your Express app in minutes

# Install the Node.js SDK

npm install @vibe-security/firewall-client

# or

yarn add @vibe-security/firewall-client

Complete Implementation

Full Express.js application with Intent Firewall protection

// app.js - Main Express application

const express = require('express')

const cors = require('cors')

const helmet = require('helmet')

const rateLimit = require('express-rate-limit')

const firewallMiddleware = require('./middleware/firewall')

const userRoutes = require('./routes/users')

const orderRoutes = require('./routes/orders')

const app = express()

// Basic middleware

app.use(helmet())

app.use(cors())

app.use(express.json({ limit: '10mb' }))

app.use(express.urlencoded({ extended: true }))

// Rate limiting

const limiter = rateLimit({

windowMs: 15 * 60 * 1000, // 15 minutes

max: 100 // limit each IP to 100 requests per windowMs

})

app.use('/api', limiter)

// Intent Firewall protection

app.use('/api', firewallMiddleware)

// Routes

app.use('/api/users', userRoutes)

app.use('/api/orders', orderRoutes)

// Health check (bypass firewall)

app.get('/health', (req, res) => {

res.json({ status: 'healthy', timestamp: new Date().toISOString() })

})

// Error handling

app.use((err, req, res, next) => {

console.error(err.stack)

res.status(500).json({ error: 'Something went wrong!' })

})

// Server port

const PORT = process.env.PORT || 3000

app.listen(PORT, () => {

`Server running on port ${PORT}`

})

Best Practices

Recommendations for production Express.js deployments

Environment Variables

Store API keys and configuration in environment variables, never in code.

Error Handling

Implement proper error handling for firewall failures. Decide whether to fail open or closed.

Logging

Log firewall decisions and request IDs for debugging and audit trails.

Performance

Set appropriate timeouts and consider caching for high-traffic applications.

Testing Your Integration

Verify that your firewall protection is working correctly

1. Test Allowed Requests

curl -X GET http://localhost:3000/api/users \

-H "Content-Type: application/json"

2. Test Blocked Requests

curl -X DELETE http://localhost:3000/api/users/admin \

-H "Content-Type: application/json" \

-d '{"malicious": "payload"}'

3. Check Logs

Monitor your application logs for firewall decisions:

Firewall check: ALLOWED - get users via API (45 ms)

Firewall check: BLOCKED - delete users admin via API (32 ms)