perimeter_x 1.3.0 → 1.4.0

data/lib/perimeterx/utils/templates/funcaptcha.mustache

@@ -0,0 +1,191 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Access to this page has been denied.</title>
+    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300" rel="stylesheet">
+    <style>
+        html, body {
+            margin: 0;
+            padding: 0;
+            font-family: 'Open Sans', sans-serif;
+            color: #000;
+        }
+
+        a {
+            color: #c5c5c5;
+            text-decoration: none;
+        }
+
+        .container {
+            align-items: center;
+            display: flex;
+            flex: 1;
+            justify-content: space-between;
+            flex-direction: column;
+            height: 100%;
+        }
+
+        .container > div {
+            width: 100%;
+            display: flex;
+            justify-content: center;
+        }
+
+        .container > div > div {
+            display: flex;
+            width: 80%;
+        }
+
+        .customer-logo-wrapper {
+            padding-top: 2rem;
+            flex-grow: 0;
+            background-color: #fff;
+            visibility: {{logoVisibility}};
+        }
+
+        .customer-logo {
+            border-bottom: 1px solid #000;
+        }
+
+        .customer-logo > img {
+            padding-bottom: 1rem;
+            max-height: 50px;
+            max-width: 100%;
+        }
+
+        .page-title-wrapper {
+            flex-grow: 2;
+        }
+
+        .page-title {
+            flex-direction: column-reverse;
+        }
+
+        .content-wrapper {
+            flex-grow: 5;
+        }
+
+        .content {
+            flex-direction: column;
+        }
+
+        .page-footer-wrapper {
+            align-items: center;
+            flex-grow: 0.2;
+            background-color: #000;
+            color: #c5c5c5;
+            font-size: 70%;
+        }
+
+        @media (min-width: 768px) {
+            html, body {
+                height: 100%;
+            }
+        }
+    </style>
+    <!-- Custom CSS -->
+    {{# cssRef }}
+        <link rel="stylesheet" type="text/css" href="{{ . }}"/>
+    {{/ cssRef }}
+    <script src="https://funcaptcha.com/fc/api/?onload=loadFunCaptcha" async defer></script>
+</head>
+
+<body>
+<section class="container">
+    <div class="customer-logo-wrapper">
+        <div class="customer-logo">
+            <img src="{{customLogo}}" alt="Logo"/>
+        </div>
+    </div>
+    <div class="page-title-wrapper">
+        <div class="page-title">
+            <h1>Please verify you are a human</h1>
+        </div>
+    </div>
+    <div class="content-wrapper">
+        <div class="content">
+            <p>
+                Please click "Verify" to continue
+            </p>
+            <div id="CAPTCHA"></div>
+            <p>
+                Access to this page has been denied because we believe you are using automation tools to browse the
+                website.
+            </p>
+            <p>
+                This may happen as a result of the following:
+            </p>
+            <ul>
+                <li>
+                    Javascript is disabled or blocked by an extension (ad blockers for example)
+                </li>
+                <li>
+                    Your browser does not support cookies
+                </li>
+            </ul>
+            <p>
+                Please make sure that Javascript and cookies are enabled on your browser and that you are not blocking
+                them from loading.
+            </p>
+            <p>
+                Reference ID: #{{refId}}
+            </p>
+        </div>
+    </div>
+    <div class="page-footer-wrapper">
+        <div class="page-footer">
+            <p>
+                Powered by
+                <a href="https://www.perimeterx.com/whywasiblocked">PerimeterX</a>
+                , Inc.
+            </p>
+        </div>
+    </div>
+</section>
+<!-- Px -->
+<script>
+    (
+            function () {
+                window._pxAppId = '{{appId}}';
+                var p = document.getElementsByTagName("script")[0], s = document.createElement("script");
+
+                s.async = 1;
+                s.src = '//client.perimeterx.net/{{appId}}/main.min.js';
+                p.parentNode.insertBefore(s, p);
+            }()
+    );
+</script>
+<!-- Captcha -->
+<script>
+
+    function loadFunCaptcha() {
+        var vid = '{{vid}}';
+        var uuid = '{{uuid}}';
+
+        new FunCaptcha({
+            public_key: "19E4B3B8-6CBE-35CC-4205-FC79ECDDA765",
+            target_html: "CAPTCHA",
+            callback: function () {
+                var expiryUtc = new Date(Date.now() + 1000 * 10).toUTCString();
+                var pxCaptcha = "_pxCaptcha=" + btoa(JSON.stringify({r: document.getElementById("FunCaptcha-Token").value, u: uuid, v: vid}));
+                var cookieParts = [
+                    pxCaptcha,
+                    "; expires=",
+                    expiryUtc,
+                    "; path=/"
+                ];
+
+                document.cookie = cookieParts.join("");
+                location.reload();
+            }
+        });
+    }
+</script>
+<!-- Custom Script -->
+{{# jsRef }}
+    <script src="{{ . }}"></script>
+{{/ jsRef }}
+</body>
+</html>

data/lib/perimeterx/utils/templates/{captcha.mobile.mustache → recaptcha.mobile.mustache}

@@ -135,7 +135,7 @@
         <div class="page-footer">
             <p>
                 Powered by
-                <a href="https://www.perimeterx.com">PerimeterX</a>
+                <a href="https://www.perimeterx.com/whywasiblocked">PerimeterX</a>
                 , Inc.
             </p>
         </div>
@@ -193,4 +193,4 @@
     <script src="{{jsRef}}"></script>
 {{/jsRef}}
 </body>
-</html>
+</html>

data/lib/perimeterx/utils/templates/recaptcha.mustache

@@ -0,0 +1,176 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Access to this page has been denied.</title>
+    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300" rel="stylesheet">
+    <style>
+        html, body {
+            margin: 0;
+            padding: 0;
+            font-family: 'Open Sans', sans-serif;
+            color: #000;
+        }
+        a {
+            color: #c5c5c5;
+            text-decoration: none;
+        }
+        .container {
+            align-items: center;
+            display: flex;
+            flex: 1;
+            justify-content: space-between;
+            flex-direction: column;
+            height: 100%;
+        }
+        .container > div {
+            width: 100%;
+            display: flex;
+            justify-content: center;
+        }
+        .container > div > div {
+            display: flex;
+            width: 80%;
+        }
+        .customer-logo-wrapper {
+            padding-top: 2rem;
+            flex-grow: 0;
+            background-color: #fff;
+            visibility: {{logoVisibility}};
+        }
+        .customer-logo {
+            border-bottom: 1px solid #000;
+        }
+        .customer-logo > img {
+            padding-bottom: 1rem;
+            max-height: 50px;
+            max-width: 100%;
+        }
+        .page-title-wrapper {
+            flex-grow: 2;
+        }
+        .page-title {
+            flex-direction: column-reverse;
+        }
+        .content-wrapper {
+            flex-grow: 5;
+        }
+        .content {
+            flex-direction: column;
+        }
+        .page-footer-wrapper {
+            align-items: center;
+            flex-grow: 0.2;
+            background-color: #000;
+            color: #c5c5c5;
+            font-size: 70%;
+        }
+        @media (min-width: 768px) {
+            html, body {
+                height: 100%;
+            }
+        }
+    </style>
+    <!-- Custom CSS -->
+    {{#cssRef}}
+        <link rel="stylesheet" type="text/css" href="{{cssRef}}" />
+    {{/cssRef}}
+    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+</head>
+
+<body>
+<section class="container">
+    <div class="customer-logo-wrapper">
+        <div class="customer-logo">
+            <img src="{{customLogo}}" alt="Logo"/>
+        </div>
+    </div>
+    <div class="page-title-wrapper">
+        <div class="page-title">
+            <h1>Please verify you are a human</h1>
+        </div>
+    </div>
+    <div class="content-wrapper">
+        <div class="content">
+            <p>
+                Please click "I am not a robot" to continue
+            </p>
+            <div class="g-recaptcha" data-sitekey="6Lcj-R8TAAAAABs3FrRPuQhLMbp5QrHsHufzLf7b"
+                 data-callback="handleCaptcha" data-theme="dark">
+            </div>
+            <p>
+                Access to this page has been denied because we believe you are using automation tools to browse the
+                website.
+            </p>
+            <p>
+                This may happen as a result of the following:
+            </p>
+            <ul>
+                <li>
+                    Javascript is disabled or blocked by an extension (ad blockers for example)
+                </li>
+                <li>
+                    Your browser does not support cookies
+                </li>
+            </ul>
+            <p>
+                Please make sure that Javascript and cookies are enabled on your browser and that you are not blocking
+                them from loading.
+            </p>
+            <p>
+                Reference ID: #{{refId}}
+            </p>
+        </div>
+    </div>
+    <div class="page-footer-wrapper">
+        <div class="page-footer">
+            <p>
+                Powered by
+                <a href="https://www.perimeterx.com/whywasiblocked">PerimeterX</a>
+                , Inc.
+            </p>
+        </div>
+    </div>
+</section>
+<!-- Px -->
+<script>
+    (
+            function () {
+                window._pxAppId = '{{appId}}';
+                var p = document.getElementsByTagName("script")[0], s = document.createElement("script");
+                s.async = 1;
+                s.src = '//client.perimeterx.net/{{appId}}/main.min.js';
+                p.parentNode.insertBefore(s, p);
+            }()
+    );
+</script>
+<!-- Captcha -->
+<script>
+    window.px_vid = '{{vid}}';
+    function handleCaptcha(response){
+        var vid = '{{vid}}';
+        var uuid = '{{uuid}}';
+        var name = "_pxCaptcha";
+
+        var expiryUtc = new Date(Date.now() + 1000 * 10).toUTCString();
+
+        var cookieParts = [
+            name,
+            "=",
+            btoa(JSON.stringify({r: response, v: vid, u: uuid})),
+            "; expires=",
+            expiryUtc,
+            "; path=/"
+        ];
+
+        document.cookie = cookieParts.join("");
+        location.reload();
+    }
+</script>
+<!-- Custom Script -->
+{{#jsRef}}
+    <script src="{{jsRef}}"></script>
+{{/jsRef}}
+</body>
+</html>

data/lib/perimeterx/version.rb

@@ -1,3 +1,3 @@
 module PxModule
-  VERSION = '1.3.0'
+  VERSION = '1.4.0'
 end

data/readme.md

@@ -1,20 +1,26 @@
+[![Build Status](https://travis-ci.org/PerimeterX/perimeterx-ruby-sdk.svg?branch=master)](https://travis-ci.org/PerimeterX/perimeterx-ruby-sdk)
+
 ![image](http://media.marketwire.com/attachments/201604/34215_PerimeterX_logo.jpg)
 #
 [PerimeterX](http://www.perimeterx.com) Ruby SDK
 =============================================================
 
+> Latest stable version: [v1.3.0](https://rubygems.org/gems/perimeter_x/versions/1.3.0)
+
 Table of Contents
 -----------------
--   [Usage](#usage)
+  **[Usage](#usage)**
   *   [Dependencies](#dependencies)
   *   [Installation](#installation)
   *   [Basic Usage Example](#basic-usage)
--   [Configuration](#configuration)
+  
+  **[Configuration](#configuration)**
   *   [Configuring Required Parameters](#requireied-params)
   *   [Blocking Score](#blocking-score)
+  *   [Custom Verification Action](#custom-verification-action)
   *   [Custom Block Page](#custom-block-page)
-  *   [Custom Block Action](#custom-block-action)
   *   [Enable/Disable Captcha](#captcha-support)
+  *   [Select Captcha Provider](#captcha-provider)
   *   [Extracting Real IP Address](#real-ip)
   *   [Custom URI](#custom-uri)
   *   [Filter Sensitive Headers](#sensitive-headers)
@@ -23,7 +29,8 @@ Table of Contents
   *   [Additional Page Activity Handler](#additional-page-activity-handler)
   *   [Monitor Only](#logging)
   *   [Debug Mode](#debug-mode)
--   [Contributing](#contributing)
+  
+  **[Contributing](#contributing)**
 
 <a name="Usage"></a>
 <a name="dependencies"></a> Dependencies
@@ -90,42 +97,46 @@ params = {
 }
 ```
 
+<a name="custom-verification-action"></a>**Custom Verification Handler**
 
+> Note: This handler replaces the now deprecated `custom_block_handler`.
 
-<a name="custom-block-action"></a>**Custom Verification Handler**
-
-A custom verification handler is being executed inside ``px_verify_request`` instead of the the default behavior and allows a user to use a custom action based on the risk score returned by PerimeterX.
+A custom verification handler is being executed inside `px_verify_request` instead of the the default behavior and allows a user to use a custom action based on the risk score returned by PerimeterX.
 
-When implemented, this method receives  a hash variable as input which represents data from the PerimeterX context of the request (px_ctx).
+When implemented, this method receives a hash variable as input which represents data from the PerimeterX context of the request (px_ctx).
 
-- `px_ctx[:score] ` contains the risk score
-- `px_ctx[:uuid] ` contains the request UUID
+- `px_ctx.context[:score]` - contains the risk score
+- `px_ctx.context[:uuid]` - contains the request UUID
+- `px_ctx.context[:verified]` - contains indication whether the request passed verification or was blocked (inspect `px_ctx.context[:block_reason]` for block reason) 
 
->> Note: to determine whether to return a captcha/block page (HTML) or block JSON payload a reference key on the context will be available:  ```px_ctx.context[:format]```
+> Note: to determine whether to return a captcha/block page (HTML) or block JSON payload a reference key on the context will be available:  ```px_ctx.context[:format]```
 
 To replace the default verification behavior, add the configuration a lambda member as shown in the example below.
 
-The method must return boolen value.
-
 ```ruby
 params = {
   :app_id => <APP_ID>,
   :auth_token => <AUTH_TOKEN>,
-  :custom_block_handler => -> (px_ctx) {
+  :custom_verification_handler => -> (px_ctx) {
     if px_ctx.context[:score] >= 60
-        # take your action and retun a message or JSON with a status code of 403 and option UUID of the request. Can return false and include action in the px_middleware method.  
+      # take your action and render an html page or JSON with applicable status code.    
+      render json: { :score => px_ctx.context[:score] }
     end
-    return true
   }
 }
 ```
 
+> Note: Unlike previous versions, the method no longer needs to return a boolean value. 
+
 **Example**
-### Serving a Custom HTML Page ###
+#### Serving a Custom HTML Page ####
 ```ruby
 
-params[:custom_block_handler] = -> (px_ctx)
-{
+params = {
+  :app_id => <APP_ID>,
+  :auth_token => <AUTH_TOKEN>,
+  ...
+  :custom_verification_handler => -> (px_ctx) {
     block_score = px_ctx.context[:score];
     block_uuid = px_ctx.context[:uuid];
     full_url = px_ctx.context[:full_url];
@@ -140,19 +151,17 @@ params[:custom_block_handler] = -> (px_ctx)
     response.headers["Content-Type"] = "text/html"
     response.status = 403
     render :html => html
-    return false
-};
-
-PxModule.configure(params)
+  }
+}
 ```
 
-<a name="real-ip"></a>** Custom User IP **
+<a name="real-ip"></a>**Custom User IP**
 
 > Note: IP extraction, according to your network setup, is very important. It is common to have a load balancer/proxy on top of your applications, in which case the PerimeterX module will send the system's internal IP as the user's. In order to properly perform processing and detection on server-to-server calls, PerimeterX module needs the real user's IP.
 
 By default the clients IP is taken from the ``REMOTE_ADDR`` header, in case the user decides to use different header or custom function that extract the header the following key should be added to the configuration
 
-*** Custom header ***
+***Custom header***
 ```ruby
 configuration = {
   "app_id" => <APP_ID>,
@@ -160,7 +169,7 @@ configuration = {
   "custom_user_ip" => <HTTP_HEADER_NAME>,
 ```
 
-*** Custom Function ***
+***Custom Function***
 > Note: the function receive as a first parameter the controller request and must return the ip at the end as string
 
 ```ruby
@@ -222,6 +231,18 @@ By enabling CAPTCHA support, a CAPTCHA will be served as part of the block page,
 params[:captcha_enabled] = false
 ```
 
+<a name="captcha-provider"></a>**Select CAPTCHA Provider**
+
+The CAPTCHA part of the block page can use one of the following:
+* [reCAPTCHA](https://www.google.com/recaptcha)
+* [FunCaptcha](https://www.funcaptcha.com/)
+
+Default: 'reCaptcha'
+
+```ruby
+captchaProvider = "funCaptcha"
+```
+
 <a name="custom-uri"></a>**Custom URI**
 
 Default: 'REQUEST_URI'