Setup and Installation of Zen Firewall for Node.js (JavaScript & TypeScript)

Install Zen Firewall by Aikido

First, you need to install the Zen package. Open your terminal and run:

# The --save-exact makes sure that you don't automatically install a newer version
$ npm install --save-exact @aikidosec/firewall

# The --exact makes sure that you don't automatically install a newer version
$ yarn add --exact @aikidosec/firewall

Next, you need to include Zen Firewall in your app.js file. This should be done before any other code or imports:

require('@aikidosec/firewall'); // <-- Include this before any other code or imports

const express = require('express');

const app = express();

// Your other middleware and routes

app.listen(3000, () => {
  console.log("Server is running on port 3000");
});

Alternatively, if you are using ESM import style:

import '@aikidosec/firewall';

import express from 'express';

const app = express();

// Your other middleware and routes

app.listen(3000, () => {
  console.log("Server is running on port 3000");
});

Create an app in the dashboard and generate a token

1. Create your Aikido account if you haven't done so already

2. Go to the Zen section in Aikido.

3. Click on Add app.

4. Choose a name for your app and click Generate token.

5. Copy the generated token

Start Zen Firewall in dry / detection-only mode

Set the token as the environment variable AIKIDO_TOKEN, using any method of your choosing. Start your app in dry mode to ensure it works as expected without blocking any requests:

$ AIKIDO_BLOCK=false node app.js

Tip: You can use AIKIDO_DEBUG=true to enable debug mode (To verify that you set AIKIDO_TOKEN correctly)

Test your app

Browse to your application and perform a couple of actions or open a couple of pages. Zen will automatically discover the routes in your application.

You can verify a working agent by looking at the following pages of your Zen application:

• Events: Should show an "Application started" event.

• Routes: After some time your application routes will start showing here with the method, route and requests.

• Instances: Should show the number of active instances for your application where Zen is installed.

Setup rate limiting in the dashboard

After you've added the Aikido middleware, you can test it out by logging in to your Aikido account and navigating to the Zen dashboard.

To protect a route from brute force attacks, set up rate limiting in the Aikido Dashboard:

1. Click on the created app.

2. Go to the Routes tab.

3. Find the route you would like to limit and click Setup rate limiting.

4. Follow the instructions to configure the rate limit (e.g., 5 requests per minute).

Verify Rate Limiting

Start your app and try to access the route you've rate limited 5 times within a minute. After the fifth attempt, you should receive a rate limit error: