GeoIPServer is a small, simple node.js module that allows simple IP geolocation requests. It also comes with a convenient command line utility for creating a standalone server.
GeoIPServer requires node.js, npm and the requisite data files.
You can install GeoIPServer for use in your own project:
npm install geoip-server
Or you can install GeoIPServer globally, making it easy to run the standalone server:
sudo npm install geoip-server -g
If you're already using express, you can attach GeoIPServer directly to your app:
var GeoIPServer = require( 'geoip-server' );
var geoIPServer = new GeoIPServer( {
url: '/ip/:ip',
secret: 'this is the secret key'
} );
geoIPServer.attach( app ); // attach to an existing express app
If you don't already have an express app, you can tell GeoIPServer to listen on its own:
geoIPServer.listen( {
port: 8888
} );
GeoIPServer also supports SSL:
geoIPServer.listen( {
port: 8888,
ssl: {
key: './path/to/ssl.key',
cert: './path/to/ssl.crt',
port: 4443
}
} );
Usage: geoip-server [options]
Options:
-h, --help output usage information
-s, --secret <secret key> Specify the secret key for the storehouse. !!REQUIRED!!
--url <url> Specify the upload url. Eg: --url "/uploadfile" Default: /upload
-p, --port <port> Specify the port to listen on. Default: 8888
--sslkey <keyfile> Specify an SSL key file.
--sslcert <certfile> Specify an SSL cert file.
--quiet Do not print out events.
Example:
geoip-server -s "this is the secret key" --url /test/:ip --quiet
This would start a GeoIPServer with the secret key "this is the secret key" that:
- Has an lookup endpoint url of: /test/:ip
- Will not print out request logs
That's where the secret key comes in: to make a request you must send a signature along for validation.
The signature is a SHA1 of some information about the request plus the secret key.
The signature you send match this signature. To generate a signature, you would execute:
var verification = '';
for ( var key in Object.keys( optionalQueryParams ).sort() ) {
verification += key + '=' + optionalQueryParams[ key ] + '&';
}
verification += 'ip=' + ipToLookup + '&';
verification += 'secret=' + 'your secret code';
var signature = crypto.createHash( 'sha1' ).update( verification ).digest( 'hex' );
Good question! GeoIPServer is mostly intended to be used as a part of an existing web infrastructure where you already have some kind of web service running.
If you're using GeoIPServer internally, you could skip the secret key altogether and just limit incoming connections to approved IPs.
If you'd like to expose it externally, though, you can calculate the signature for the client on your server:
ajaxCall( {
url: '/api/getipgeolocationsignature',
type: 'POST',
data: {
ip: ipAddressToLookup
},
success: function( signature ) {
// here your API has given us back a signature that allows this request
ajaxCall( {
url: '/ip/' + ipAddressToLookup,
type: 'GET',
data: {
signature: signature
},
success: function( lookup ) {
console.log( lookup );
}
} );
}
} );
Thanks to Philip Tellis (@bluesmoon) for his geoip-lite library, which GeoIPServer is mostly a small wrapper around.
- Initial release.