added new option to disable stack trace and error message

[veeraRaghavSanthosh]

This will help in hiding the middle ware footprint and, makes difficult to trace the system parameters. My default error message and stack trace is enabled.

[ryanbillingsley]

@veeraRaghavSanthosh is this pull request trying to suppress the stack trace from being shown to users? Trying to understand what you are hoping to accomplish. Thanks 👍

[veeraRaghavSanthosh]

Hi Rayn,

Stack trace is very helpful for understanding the error better, this helps a lot in development and testing phase of the application. But, I would say that the Production/live build might not need the Stack Trace and the trace will revel the middleware used for the ip blockage. This probably help the hackers to know the blocking mechanisms.

So, i would like to add an option to disable the stack trace and to add a custom message.

Thanks Veer

[ryanbillingsley]

@veeraRaghavSanthosh if you run the example app with the NODE_ENV set to production there is no stack trace shown to the end user. You will only see the stack trace in the server logs.

Here is the relevant error handling from express:

// error handlers

// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
  app.use(function(err, req, res, _next) {
    console.log('Error handler', err);
    if(err instanceof IpDeniedError){
      res.status(401);
    }else{
      res.status(err.status || 500);
    }

    res.render('error', {
      message: 'You shall not pass',
      error: err
    });
  });
}

// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, _next) {
  console.log('Error handler', err);
  res.status(err.status || 500);
  res.render('error', {
    message: err.message,
    error: {}
  });
});

[ryanbillingsley]

@veeraRaghavSanthosh I hope the above helped, if not feel free to open an issue or PR again.