angel_security 1.1.0

  • Installing
  • Versions
  • 25


version 1.0.2 build status

Angel middleware designed to enhance application security by patching common Web security holes.

Sanitizing HTML


// Or:

CSRF Tokens

app.chain(verifyCsrfToken()).post('/form', ...);

Banning by IP


// Or a range:

// Or multiple filters:
app.before.add(banIp(['', '192.*.*.*', new RegExp(r'1\.2.\3.\4')]));

// Also can ban origins

// By default, `banOrigin` forces users to have an `Origin` header.
// Use this flag to disable it:
app.before.add(banOrigin('', allowEmptyOrigin: true));

Trusted Proxy

Works well with Apache or Nginx.

// ONLY trust localhost X-Forwarded-* headers

Throttling Requests

Throws a 429 error if the given rate limit is exceeded.

// Example: 5 requests per minute
app.before.add(throttleRequests(5, new Duration(minutes: 1)));


Supplementary security library

Service Hooks

Also included are a set of service hooks, some ported from FeathersJS. Others are created just for Angel.

import 'package:angel_security/hooks.dart' as hooks;


  • addUserToParams
  • associateCurrentUser,
  • hashPassword
  • queryWithCurrentUser
  • restrictToAuthenticated
  • restrictToOwner
  • variantPermission

Also exported is the helper function isServerSide. Use this to determine whether a service method is being called by the server, or by a client.


Permissions are a great way to restrict access to resources.

They take the form of:

  • service:foo
  • service:create:*
  • some:arbitrary:permission:*:with:*:a:wild:*card

The specifics are up to you.

var permission = new Permission('admin | users:find');

// Or:
// PermissionBuilders support + and | operators. Operands can be Strings, Permissions or PermissionBuilders.
var permission = (new PermissionBuilder('admin') | (new PermissionBuilder('users') + 'find')).toPermission();

// Transform into middleware
app.chain(permission.toMiddleware()).get('/protected', ...);

// Or as a service hook

// Dynamically create a permission hook.
// This helps in situations where the resources you need to protect are dynamic.
// `variantPermission` is included in the `package:angel_security/hooks.dart` library.
app.service('posts').beforeModify(variantPermission((e) {
    return new PermissionBuilder('posts:modify:${}');

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:

  angel_security: ^1.1.0

2. Install it

You can install packages from the command line:

with pub:

$ pub get

Alternatively, your editor might support pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:

import 'package:angel_security/angel_security.dart';
Version Uploaded Documentation Archive
1.1.0 Dec 22, 2017 Go to the documentation of angel_security 1.1.0 Download angel_security 1.1.0 archive
1.0.2 Mar 29, 2017 Go to the documentation of angel_security 1.0.2 Download angel_security 1.0.2 archive
1.0.0 Mar 2, 2017 Go to the documentation of angel_security 1.0.0 Download angel_security 1.0.0 archive
0.0.7 Feb 1, 2017 Go to the documentation of angel_security 0.0.7 Download angel_security 0.0.7 archive
0.0.6 Jan 29, 2017 Go to the documentation of angel_security 0.0.6 Download angel_security 0.0.6 archive
0.0.5 Jan 28, 2017 Go to the documentation of angel_security 0.0.5 Download angel_security 0.0.5 archive
1.0.0-alpha+1 Mar 2, 2017 Go to the documentation of angel_security 1.0.0-alpha+1 Download angel_security 1.0.0-alpha+1 archive
1.0.0-alpha Feb 28, 2017 Go to the documentation of angel_security 1.0.0-alpha Download angel_security 1.0.0-alpha archive
0.0.0-alpha+4 Jan 21, 2017 Go to the documentation of angel_security 0.0.0-alpha+4 Download angel_security 0.0.0-alpha+4 archive
0.0.0-alpha+3 Jan 21, 2017 Go to the documentation of angel_security 0.0.0-alpha+3 Download angel_security 0.0.0-alpha+3 archive

All 13 versions...

Describes how popular the package is relative to other packages. [more]
Code health derived from static analysis. [more]
Reflects how tidy and up-to-date the package is. [more]
Weighted score of the above. [more]
Learn more about scoring.

The package version is not analyzed, because it does not support Dart 2. Until this is resolved, the package will receive a health and maintenance score of 0.

Analysis issues and suggestions

Fix dependencies in pubspec.yaml.

Running pub upgrade failed with the following output:

ERR: The current Dart SDK version is 2.1.0.
 Because angel_framework >=0.0.0-dev.1 <1.1.3 requires SDK version <2.0.0 and angel_framework >=1.1.3 <2.0.0-alpha depends on container ^0.1.2, angel_framework >=0.0.0-dev.1 <2.0.0-alpha requires container ^0.1.2.
 So, because container >=0.1.1 requires SDK version >=1.8.0 <2.0.0 and angel_security depends on angel_framework ^1.1.0, version solving failed.

Maintenance issues and suggestions

Fix platform conflicts. (-20 points)

Error(s) prevent platform classification:

Fix dependencies in pubspec.yaml.

Running dartdoc failed. (-10 points)

Make sure dartdoc runs without any issues.

Maintain (-20 points)

Changelog entries help clients to follow the progress in your code.

Maintain an example. (-10 points)

Create a short demo in the example/ directory to show how to use this package. Common file name patterns include: main.dart, example.dart or you could also use angel_security.dart.


Package Constraint Resolved Available
Direct dependencies
Dart SDK >=1.19.0