perimeter_x 1.0.6.pre.alpha → 1.1.0

data/lib/perimeterx/internal/perimeter_x_cookie_v3.rb

@@ -0,0 +1,37 @@
+module PxModule
+  class PerimeterxCookieV3 < PerimeterxCookie
+
+    attr_accessor :px_config, :px_ctx, :cookie_hash
+
+    def initialize(px_config, px_ctx)
+      super(px_config)
+      hash, cookie = px_ctx.get_px_cookie().split(':', 2)
+      @px_cookie = cookie
+      @cookie_hash = hash
+      @px_ctx = px_ctx
+      @cookie_secret = px_config[:cookie_key]
+      @logger.debug("PerimeterxCookieV3[initialize]")
+    end
+
+    def cookie_score
+      return @decoded_cookie[:s]
+    end
+
+    def cookie_hmac
+      return @cookie_hash
+    end
+
+    def valid_format?(cookie)
+      return cookie.key?(:t) && cookie.key?(:s) && cookie.key?(:u) && cookie.key?(:u) && cookie.key?(:a)
+    end
+
+    def cookie_block_action
+      @decoded_cookie[:a]
+    end
+
+    def secured?
+      hmac_string = "#{@px_cookie}#{@px_ctx.context[:user_agent]}"
+      return hmac_valid?(hmac_string, cookie_hmac)
+    end
+  end
+end

data/lib/perimeterx/internal/validators/perimeter_x_captcha_validator.rb

@@ -0,0 +1,65 @@
+require 'perimeterx/internal/clients/perimeter_x_risk_client'
+
+module PxModule
+  class PerimeterxCaptchaValidator < PerimeterxRiskClient
+
+    def initialize(px_config, http_client)
+      super(px_config, http_client)
+    end
+
+    def send_captcha_request(vid, uuid, captcha, px_ctx)
+
+      request_body = {
+        :request => {
+          :ip => px_ctx.context[:ip],
+          :headers => format_headers(px_ctx),
+          :uri => px_ctx.context[:uri]
+        },
+        :pxCaptcha => captcha,
+        :vid => vid,
+        :uuid => uuid,
+        :hostname => px_ctx.context[:hostname]
+      }
+
+      # Prepare request
+      headers = {
+          "Authorization" => "Bearer #{@px_config[:auth_token]}" ,
+          "Content-Type" => "application/json"
+      };
+
+      return @http_client.post(PxModule::API_V1_CAPTCHA, request_body, headers, @px_config[:api_timeout])
+
+    end
+
+    def verify(px_ctx)
+      captcha_validated = false
+      begin
+        if(!px_ctx.context.key?(:px_captcha))
+          return captcha_validated, px_ctx
+        end
+        captcha, vid, uuid = px_ctx.context[:px_captcha].split(':', 3)
+        if captcha.nil? || vid.nil? || uuid.nil?
+          return captcha_validated, px_ctx
+        end
+
+        px_ctx.context[:vid] = vid
+        px_ctx.context[:uuid] = uuid
+        response = send_captcha_request(vid, uuid, captcha, px_ctx)
+
+        if (response.status_code == 200)
+          response_body = eval(response.body)
+          if ( response_body[:status] == 0 )
+            captcha_validated = true
+          end
+        end
+
+        return captcha_validated, px_ctx
+
+      rescue Exception => e
+        @logger.error("PerimeterxCaptchaValidator[verify]: failed, returning false")
+        return captcha_validated, px_ctx
+      end
+    end
+
+  end
+end

data/lib/perimeterx/internal/validators/perimeter_x_cookie_validator.rb

@@ -0,0 +1,76 @@
+require 'perimeterx/utils/px_constants'
+require 'perimeterx/internal/perimeter_x_cookie'
+require 'perimeterx/internal/perimeter_x_cookie_v1'
+require 'perimeterx/internal/perimeter_x_cookie_v3'
+
+module PxModule
+  class PerimeterxCookieValidator
+
+    attr_accessor :px_config
+
+    def initialize(px_config)
+      @px_config = px_config
+      @logger = px_config[:logger]
+    end
+
+
+    def verify(px_ctx)
+      begin
+        # Case no cookie
+        if px_ctx.context[:px_cookie].empty?
+          @logger.warn("PerimeterxCookieValidator:[verify]: cookie not found")
+          px_ctx.context[:s2s_call_reason] = PxModule::NO_COOKIE
+          return false, px_ctx
+        end
+
+        # Deserialize cookie start
+        cookie = PerimeterxCookie.px_cookie_factory(px_ctx, @px_config)
+        if (!cookie.deserialize())
+          @logger.warn("PerimeterxCookieValidator:[verify]: invalid cookie")
+          px_ctx.context[:s2s_call_reason] =  PxModule::COOKIE_DECRYPTION_FAILED
+          return false, px_ctx
+        end
+        px_ctx.context[:decoded_cookie] = cookie.decoded_cookie
+        px_ctx.context[:score] = cookie.cookie_score()
+        px_ctx.context[:uuid] = cookie.decoded_cookie[:u]
+        px_ctx.context[:vid] = cookie.decoded_cookie[:v]
+        px_ctx.context[:block_action] = px_ctx.set_block_action_type(cookie.cookie_block_action())
+        px_ctx.context[:cookie_hmac] = cookie.cookie_hmac()
+
+        if (cookie.expired?)
+          @logger.warn("PerimeterxCookieValidator:[verify]: cookie expired")
+          px_ctx.context[:s2s_call_reason] = PxModule::EXPIRED_COOKIE
+          return false, px_ctx
+        end
+
+        if (cookie.high_score?)
+          @logger.warn("PerimeterxCookieValidator:[verify]: cookie high score")
+          px_ctx.context[:s2s_call_reason] = PxModule::COOKIE_HIGH_SCORE
+          return true, px_ctx
+        end
+
+        if (!cookie.secured?)
+          @logger.warn("PerimeterxCookieValidator:[verify]: cookie invalid hmac")
+          px_ctx.context[:s2s_call_reason] = PxModule::COOKIE_VALIDATION_FAILED
+          return false, px_ctx
+        end
+		
+	if (px_ctx.context[:sensitive_route])
+	  @logger.info("PerimeterxCookieValidator:[verify]: cookie was verified but route is sensitive")
+	  px_ctx.context[:s2s_call_reason] = PxModule::SENSITIVE_ROUTE
+	  return false, px_ctx
+	end
+
+        @logger.debug("PerimeterxCookieValidator:[verify]: cookie validation passed succesfully")
+
+        return true, px_ctx
+      rescue Exception => e
+        @logger.error("PerimeterxCookieValidator:[verify]: exception while verifying cookie => #{e.message}")
+        px_ctx.context[:px_orig_cookie] = cookie.px_cookie
+        px_ctx.context[:s2s_call_reason] = PxModule::COOKIE_DECRYPTION_FAILED
+        return false, px_ctx
+      end
+    end
+
+  end
+end

data/lib/perimeterx/internal/validators/perimeter_x_s2s_validator.rb

@@ -0,0 +1,114 @@
+require 'perimeterx/internal/clients/perimeter_x_risk_client'
+
+module PxModule
+  class PerimeterxS2SValidator < PerimeterxRiskClient
+
+    def initialize(px_config, http_client)
+      super(px_config, http_client)
+      @logger.debug("PerimeterxS2SValidator[initialize]")
+    end
+
+    def send_risk_request(px_ctx)
+      @logger.debug("PerimeterxS2SValidator[send_risk_request]: send_risk_request")
+
+      risk_mode = PxModule::RISK_MODE_ACTIVE
+      if @px_config[:module_mode] == PxModule::MONITOR_MODE
+        risk_mode = PxModule::RISK_MODE_MONITOR
+      end
+
+      request_body = {
+        :request => {
+          :ip      => px_ctx.context[:ip],
+          :headers => format_headers(px_ctx),
+          :uri     => px_ctx.context[:uri],
+          :url     => px_ctx.context[:full_url]
+        },
+        :additional => {
+          :s2s_call_reason => px_ctx.context[:s2s_call_reason],
+          :module_version => @px_config[:sdk_name],
+          :http_method => px_ctx.context[:http_method],
+          :http_version => px_ctx.context[:http_version],
+          :risk_mode => risk_mode
+        }
+      }
+      #Check for hmac
+      @logger.debug("px_ctx cookie_hmac key = #{px_ctx.context.key?(:cookie_hmac)}, value is: #{px_ctx.context[:cookie_hmac]}")
+      if px_ctx.context.key?(:cookie_hmac)
+        request_body[:additional][:px_cookie_hmac] = px_ctx.context[:cookie_hmac]
+      end
+
+
+      #Check for VID
+      if px_ctx.context.key?(:vid)
+        request_body[:vid] = px_ctx.context[:vid]
+      end
+
+      #Check for uuid
+      if px_ctx.context.key?(:uuid)
+        request_body[:uuid] = px_ctx.context[:uuid]
+      end
+
+      #S2S Call reason
+      decode_cookie_reasons = [PxModule::EXPIRED_COOKIE, PxModule::COOKIE_VALIDATION_FAILED]
+      if ( px_ctx.context[:s2s_call_reason] == PxModule::COOKIE_DECRYPTION_FAILED )
+        @logger.debug("PerimeterxS2SValidator[send_risk_request]: attaching px_orig_cookie to request")
+        request_body[:additional][:px_orig_cookie] = px_ctx.context[:px_orig_cookie]
+      elsif decode_cookie_reasons.include? (px_ctx.context[:s2s_call_reason])
+        if (px_ctx.context.key?(:decoded_cookie))
+          request_body[:additional][:px_cookie] = px_ctx.context[:decoded_cookie]
+        end
+      end
+
+      # Prepare request
+      headers = {
+          "Authorization" => "Bearer #{@px_config[:auth_token]}" ,
+          "Content-Type" => "application/json"
+      };
+
+      # Custom risk handler
+      if (risk_mode == PxModule::ACTIVE_MODE && @px_config.key?(:custom_risk_handler))
+        response = @px_config[:custom_risk_handler].call(PxModule::API_V2_RISK, request_body, headers, @px_config[:api_timeout])
+      else
+        response = @http_client.post(PxModule::API_V2_RISK , request_body, headers)
+      end
+      return response
+    end
+
+    def verify(px_ctx)
+      @logger.debug("PerimeterxS2SValidator[verify]")
+      response = send_risk_request(px_ctx)
+      if (!response)
+        return px_ctx
+      end
+      px_ctx.context[:made_s2s_risk_api_call] = true
+
+      # From here response should be valid, if success or error
+      response_body = eval(response.content);
+      # When success
+      if (response.status == 200 && response_body.key?(:score) && response_body.key?(:action))
+        @logger.debug("PerimeterxS2SValidator[verify]: response ok")
+        score = response_body[:score]
+        px_ctx.context[:score] = score
+        px_ctx.context[:uuid] = response_body[:uuid]
+        px_ctx.context[:block_action] = px_ctx.set_block_action_type(response_body[:action])
+        if (response_body[:action] == 'j' && response_body.key?(:action_data) && response_body[:action_data].key?(:body))
+          px_ctx.context[:block_action_data] = response_body[:action_data][:body]
+          px_ctx.context[:blocking_reason] = 'challenge'
+        elsif (score >= @px_config[:blocking_score])
+          px_ctx.context[:blocking_reason] = 's2s_high_score'
+        end #end challange or blocking score
+      end #end success response
+
+      # When error
+      if(response.status != 200)
+        @logger.warn("PerimeterxS2SValidator[verify]: bad response, return code #{response.code}")
+        px_ctx.context[:uuid] = ""
+        px_ctx.context[:s2s_error_msg] = response_body[:message]
+      end
+
+      @logger.debug("PerimeterxS2SValidator[verify]: done")
+      return px_ctx
+    end #end method
+
+  end
+end

data/lib/perimeterx/utils/px_constants.rb

@@ -0,0 +1,45 @@
+require 'perimeterx/version'
+
+module PxModule
+  # Misc
+  MONITOR_MODE = 1
+  ACTIVE_MODE = 2
+  RISK_MODE_ACTIVE = "active_blocking"
+  RISK_MODE_MONITOR = "monitor"
+  SDK_NAME = "RUBY SDK v#{PxModule::VERSION}"
+
+  # Routes
+  API_V1_S2S = "/api/v1/collector/s2s"
+  API_V1_CAPTCHA = "/api/v1/risk/captcha"
+  API_V2_RISK = "/api/v2/risk"
+
+  # Activity Types
+  BLOCK_ACTIVITY = "block"
+  PAGE_REQUESTED_ACTIVITY = "page_requested"
+
+  # PxContext
+  NO_COOKIE = "no_cookie"
+  INVALID_COOKIE = "invalid_cookie"
+  EXPIRED_COOKIE = "cookie_expired"
+  COOKIE_HIGH_SCORE = "cookie_high_score"
+  COOKIE_VALIDATION_FAILED = "cookie_validation_failed"
+  COOKIE_DECRYPTION_FAILED = "cookie_decryption_failed"
+  SENSITIVE_ROUTE = "sensitive_route"
+
+  # Templates
+  BLOCK_TEMPLATE = "block.mustache"
+  CAPTCHA_TEMPLATE = "captcha.mustache"
+
+  # Tempalte Props
+  PROP_REF_ID = :refId
+  PROP_APP_ID = :appId
+  PROP_VID = :vid
+  PROP_UUID = :uuid
+  PROP_LOGO_VISIBILITY = :logoVisibility
+  PROP_CUSTOM_LOGO = :customLogo
+  PROP_CSS_REF = :cssRef
+  PROP_JS_REF = :jsRef
+
+  VISIBLE = 'visible'
+  HIDDEN = 'hidden'
+end

data/lib/perimeterx/utils/px_http_client.rb

@@ -1,34 +1,55 @@
 require "perimeterx/utils/px_logger"
 require "httpclient"
 
-class PxHttpClient
-  L = PxLogger.instance
-  attr_accessor :px_config
-  attr_accessor :BASE_URL
-  attr_accessor :http_client
+module PxModule
+  class PxHttpClient
+    attr_accessor :px_config
+    attr_accessor :BASE_URL
+    attr_accessor :http_client
 
-  def initialize(px_config)
-    L.info("PxHttpClient[initialize]: HTTP client is being initilized with base_uri: #{px_config['perimeterx_server_host']}")
-    @px_config = px_config
-    @http_client = HTTPClient.new(:base_url => px_config['perimeterx_server_host'])
-  end
+    def initialize(px_config)
+      @px_config = px_config
+      @http_client = HTTPClient.new(:base_url => px_config[:perimeterx_server_host])
+      @logger = px_config[:logger]
+      @logger.debug("PxHttpClient[initialize]: HTTP client is being initilized with base_uri: #{px_config[:perimeterx_server_host]}")
+    end
 
-  def post(path, body, headers, connection_timeout = 0, timeoute = 0)
-    s = Time.now
-    begin
-      L.info("PxHttpClient[post]: posting to #{path} headers {#{headers.to_json()}} body: {#{body.to_json()}} ")
-      response = @http_client.post(path,
-                  :header => headers,
-                  :body => body.to_json(),
-                  :timeout => @px_config['api_timeout']
-                )
-    rescue Net::OpenTimeout, Net::ReadTimeout => error
-      L.warn("PerimeterxS2SValidator[verify]: request timedout")
-      return false
+    def post(path, body, headers, api_timeout = 0, timeoute = 0)
+      s = Time.now
+      begin
+        @logger.debug("PxHttpClient[post]: posting to #{path} headers {#{headers.to_json()}} body: {#{body.to_json()}} ")
+        response = @http_client.post(path,
+                    :header => headers,
+                    :body => body.to_json(),
+                    :timeout => api_timeout
+                  )
+      rescue Net::OpenTimeout, Net::ReadTimeout => error
+        @logger.warn("PerimeterxS2SValidator[verify]: request timedout")
+        return false
+      end
+      e = Time.now
+      @logger.debug("PxHttpClient[post]: runtime: #{e-s}")
+      return response
     end
-    e = Time.now
-    L.info("PxHttpClient[post]: runtime: #{e-s}")
-    return response
-  end
 
+    def async_post(path, body, headers, api_timeout = 0, timeoute = 0)
+      @logger.debug("PxHttpClient[async_post]: posting to #{path} headers {#{headers.to_json()}} body: {#{body.to_json()}} ")
+      s = Time.now
+      begin
+        @logger.debug("PxHttpClient[post]: posting to #{path} headers {#{headers.to_json()}} body: {#{body.to_json()}} ")
+        response = @http_client.post_async(path,
+                    :header => headers,
+                    :body => body.to_json(),
+                    :timeout => api_timeout
+                  )
+      rescue Net::OpenTimeout, Net::ReadTimeout => error
+        @logger.warn("PerimeterxS2SValidator[verify]: request timedout")
+        return false
+      end
+      e = Time.now
+      @logger.debug("PxHttpClient[post]: runtime: #{e-s}")
+      return response
+    end
+
+  end
 end

data/lib/perimeterx/utils/px_logger.rb

@@ -1,11 +1,17 @@
 require 'logger'
+module PxModule
 
-class PxLogger
-  @@instance = Logger.new(STDOUT)
+  class PxLogger < Logger
 
-  def self.instance
-    return @@instance
-  end
+    def initialize(debug)
+      if debug
+        super(STDOUT)
+      else
+        super(nil)
+      end
+
+    end
 
-  private_class_method :new
+  end
+  
 end