perimeter_x 1.3.0 → 2.2.1

data/lib/perimeterx/internal/validators/hash_schema_validator.rb

@@ -0,0 +1,26 @@
+def validate_hash_schema(hash, schema)
+  hash.each do |key, value|
+    if schema.key?(key) && value != nil
+      # validate value types in hash are according to schema
+      if !schema[key][:types].include?(value.class)
+        raise PxConfigurationException.new("PerimeterX: Type of #{key} should be one of #{schema[key][:types]} but instead is #{value.class}")
+      end
+      
+      # validate arrays elments types are according to schema
+      if value.class == Array
+        value.each do |element|
+          if !schema[key][:allowed_element_types].include?(element.class)
+            raise PxConfigurationException.new("PerimeterX: #{key} may only contain elements of the following types: #{schema[key][:allowed_element_types]} but includes element of type #{element.class}")
+          end
+        end
+      end
+    end
+  end
+
+  # validate required fields exist in hash
+  schema.each do |key, value|
+    if value[:required] && hash[key].nil?
+      raise PxConfigurationException.new("PerimeterX: #{key} configuration is missing")
+    end
+  end
+end

data/lib/perimeterx/internal/validators/perimeter_x_cookie_validator.rb

@@ -18,47 +18,51 @@ module PxModule
 
     def verify(px_ctx)
       begin
-        # Case no cookie
         if px_ctx.context[:px_cookie].empty?
-          @logger.warn("PerimeterxCookieValidator:[verify]: cookie not found")
+          @logger.warn("PerimeterxCookieValidator:[verify]: no cookie")
           px_ctx.context[:s2s_call_reason] = PxModule::NO_COOKIE
           return false, px_ctx
         end
-
+        
         # Deserialize cookie start
         cookie = PerimeterxPayload.px_cookie_factory(px_ctx, @px_config)
-        if (!cookie.deserialize())
+        if !cookie.deserialize()
           @logger.warn("PerimeterxCookieValidator:[verify]: invalid cookie")
+          px_ctx.context[:px_orig_cookie] = px_ctx.get_px_cookie
           px_ctx.context[:s2s_call_reason] =  PxModule::COOKIE_DECRYPTION_FAILED
           return false, px_ctx
         end
         px_ctx.context[:decoded_cookie] = cookie.decoded_cookie
         px_ctx.context[:score] = cookie.cookie_score()
         px_ctx.context[:uuid] = cookie.decoded_cookie[:u]
-        px_ctx.context[:vid] = cookie.decoded_cookie[:v]
         px_ctx.context[:block_action] = px_ctx.set_block_action_type(cookie.cookie_block_action())
         px_ctx.context[:cookie_hmac] = cookie.cookie_hmac()
 
-        if (cookie.expired?)
+        vid = cookie.decoded_cookie[:v]
+        if vid.is_a?(String) && vid.match(PxModule::VID_REGEX)
+          px_ctx.context[:vid_source] = "risk_cookie"
+          px_ctx.context[:vid] = vid
+        end
+
+        if cookie.expired?
           @logger.warn("PerimeterxCookieValidator:[verify]: cookie expired")
           px_ctx.context[:s2s_call_reason] = PxModule::EXPIRED_COOKIE
           return false, px_ctx
         end
 
-        if (cookie.high_score?)
+        if cookie.high_score?
           @logger.warn("PerimeterxCookieValidator:[verify]: cookie high score")
-          px_ctx.context[:s2s_call_reason] = PxModule::COOKIE_HIGH_SCORE
           px_ctx.context[:blocking_reason] = 'cookie_high_score'
           return true, px_ctx
         end
 
-        if (!cookie.secured?)
+        if !cookie.secured?
           @logger.warn("PerimeterxCookieValidator:[verify]: cookie invalid hmac")
-          px_ctx.context[:s2s_call_reason] = PxModule::COOKIE_VALIDATION_FAILED
+          px_ctx.context[:s2s_call_reason] = PxModule:: COOKIE_VALIDATION_FAILED
           return false, px_ctx
         end
 
-        if (px_ctx.context[:sensitive_route])
+        if px_ctx.context[:sensitive_route]
           @logger.info("PerimeterxCookieValidator:[verify]: cookie was verified but route is sensitive")
           px_ctx.context[:s2s_call_reason] = PxModule::SENSITIVE_ROUTE
           return false, px_ctx
@@ -66,10 +70,11 @@ module PxModule
 
         @logger.debug("PerimeterxCookieValidator:[verify]: cookie validation passed succesfully")
 
+        px_ctx.context[:pass_reason] = 'cookie'
         return true, px_ctx
       rescue Exception => e
         @logger.error("PerimeterxCookieValidator:[verify]: exception while verifying cookie => #{e.message}")
-        px_ctx.context[:px_orig_cookie] = cookie.px_cookie
+        px_ctx.context[:px_orig_cookie] = px_ctx.context[:px_cookie]
         px_ctx.context[:s2s_call_reason] = PxModule::COOKIE_DECRYPTION_FAILED
         return false, px_ctx
       end

data/lib/perimeterx/internal/validators/perimeter_x_s2s_validator.rb

@@ -26,12 +26,22 @@ module PxModule
         :additional => {
           :s2s_call_reason => px_ctx.context[:s2s_call_reason],
           :module_version => @px_config[:sdk_name],
-          :cookie_origin => px_ctx.context[:cookie_origin],
           :http_method => px_ctx.context[:http_method],
           :http_version => px_ctx.context[:http_version],
           :risk_mode => risk_mode
         }
       }
+
+      #Check for cookie_origin
+      if !px_ctx.context[:px_cookie].empty?
+        request_body[:additional][:cookie_origin] = px_ctx.context[:cookie_origin]
+      end
+
+      #Override s2s_call_reason in case of mobile error
+      if !px_ctx.context[:mobile_error].nil?
+        request_body[:additional][:s2s_call_reason] = "mobile_error_#{px_ctx.context[:mobile_error]}"
+      end
+
       #Check for hmac
       @logger.debug("px_ctx cookie_hmac key = #{px_ctx.context.key?(:cookie_hmac)}, value is: #{px_ctx.context[:cookie_hmac]}")
       if px_ctx.context.key?(:cookie_hmac)
@@ -67,11 +77,19 @@ module PxModule
       };
 
       # Custom risk handler
+      risk_start = Time.now
       if (risk_mode == PxModule::ACTIVE_MODE && @px_config.key?(:custom_risk_handler))
-        response = @px_config[:custom_risk_handler].call(PxModule::API_V2_RISK, request_body, headers, @px_config[:api_timeout], @px_config[:api_timeout_connection])
+        response = @px_config[:custom_risk_handler].call(PxModule::API_V3_RISK, request_body, headers, @px_config[:api_timeout], @px_config[:api_timeout_connection])
       else
-        response = @http_client.post(PxModule::API_V2_RISK , request_body, headers, @px_config[:api_timeout], @px_config[:api_timeout_connection])
+        response = @http_client.post(PxModule::API_V3_RISK , request_body, headers, @px_config[:api_timeout], @px_config[:api_timeout_connection])
+      end
+
+      # Set risk_rtt
+      if(response)
+        risk_end = Time.now
+        px_ctx.context[:risk_rtt] = ((risk_end-risk_start)*1000).round
       end
+
       return response
     end
 
@@ -79,6 +97,7 @@ module PxModule
       @logger.debug("PerimeterxS2SValidator[verify]")
       response = send_risk_request(px_ctx)
       if (!response)
+        px_ctx.context[:pass_reason] = "s2s_timeout"
         return px_ctx
       end
       px_ctx.context[:made_s2s_risk_api_call] = true
@@ -86,7 +105,7 @@ module PxModule
       # From here response should be valid, if success or error
       response_body = eval(response.body);
       # When success
-      if (response.code == 200 && response_body.key?(:score) && response_body.key?(:action))
+      if (response.code == 200 && response_body.key?(:score) && response_body.key?(:action) && response_body.key?(:status) && response_body[:status] == 0 )
         @logger.debug("PerimeterxS2SValidator[verify]: response ok")
         score = response_body[:score]
         px_ctx.context[:score] = score
@@ -97,13 +116,17 @@ module PxModule
           px_ctx.context[:blocking_reason] = 'challenge'
         elsif (score >= @px_config[:blocking_score])
           px_ctx.context[:blocking_reason] = 's2s_high_score'
+        else
+          px_ctx.context[:pass_reason] = 's2s'
         end #end challange or blocking score
       end #end success response
 
       # When error
-      if(response.code != 200)
-        @logger.warn("PerimeterxS2SValidator[verify]: bad response, return code #{response.code}")
-        px_ctx.context[:uuid] = ""
+      risk_error_status = response_body && response_body.key?(:status) && response_body[:status] == -1
+      if(response.code != 200 || risk_error_status)
+        @logger.warn("PerimeterxS2SValidator[verify]: bad response, returned code #{response.code} #{risk_error_status ? "risk status: -1" : ""}")
+        px_ctx.context[:pass_reason] = 'request_failed'
+        px_ctx.context[:uuid] = (!response_body || response_body[:uuid].nil?)? "" : response_body[:uuid]
         px_ctx.context[:s2s_error_msg] = !response_body || response_body[:message].nil? ? 'unknown' : response_body[:message]
       end
 

data/lib/perimeterx/utils/px_constants.rb

@@ -10,8 +10,7 @@ module PxModule
 
   # Routes
   API_V1_S2S = '/api/v1/collector/s2s'
-  API_V1_CAPTCHA = '/api/v1/risk/captcha'
-  API_V2_RISK = '/api/v2/risk'
+  API_V3_RISK = '/api/v3/risk'
 
   # Activity Types
   BLOCK_ACTIVITY = 'block'
@@ -27,9 +26,9 @@ module PxModule
   SENSITIVE_ROUTE = 'sensitive_route'
 
   # Templates
-  BLOCK_TEMPLATE = 'block'
-  CAPTCHA_TEMPLATE = 'captcha'
+  CHALLENGE_TEMPLATE = 'block_template'
   TEMPLATE_EXT = '.mustache'
+  RATELIMIT_TEMPLATE = 'ratelimit'
 
 
   # Template Props
@@ -41,11 +40,24 @@ module PxModule
   PROP_CUSTOM_LOGO = :customLogo
   PROP_CSS_REF = :cssRef
   PROP_JS_REF = :jsRef
-  HOST_URL = :hostUrl
+  PROP_BLOCK_SCRIPT = :blockScript
+  PROP_JS_CLIENT_SRC = :jsClientSrc
+  PROP_HOST_URL = :hostUrl
+  PROP_FIRST_PARTY_ENABLED = :firstPartyEnabled
+
+  # Hosts
+  CLIENT_HOST = 'client.perimeterx.net'
+  CAPTCHA_HOST = 'captcha.px-cdn.net'
 
   VISIBLE = 'visible'
   HIDDEN = 'hidden'
 
   # Mobile SDK
   TOKEN_HEADER = 'X-PX-AUTHORIZATION'
+  ORIGINAL_TOKEN_HEADER = 'X-PX-ORIGINAL-TOKEN'
+
+  # Regular Expressions
+  VID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/
+  MOBILE_TOKEN_V3_REGEX = /\A3:(.*)\z/ 
+  MOBILE_ERROR_REGEX = /\A[0-9]\z/           
 end

data/lib/perimeterx/utils/px_http_client.rb

@@ -1,6 +1,7 @@
 require 'perimeterx/utils/px_logger'
 require 'typhoeus'
 require 'concurrent'
+require 'net/http'
 
 module PxModule
   class PxHttpClient
@@ -12,7 +13,7 @@ module PxModule
     def initialize(px_config)
       @px_config = px_config
       @logger = px_config[:logger]
-      @logger.debug("PxHttpClient[initialize]: HTTP client is being initilized with base_uri: #{px_config[:perimeterx_server_host]}")
+      @logger.debug("PxHttpClient[initialize]: HTTP client is being initilized with base_uri: #{px_config[:backend_url]}")
     end
 
     # Runs a POST command to Perimeter X servers
@@ -28,7 +29,7 @@ module PxModule
       begin
         @logger.debug("PxHttpClient[post]: posting to #{path} headers {#{headers.to_json()}} body: {#{body.to_json()}} ")
         response = Typhoeus.post(
-            "#{px_config[:perimeterx_server_host]}#{path}",
+            "#{px_config[:backend_url]}#{path}",
             headers: headers,
             body: body.to_json,
             timeout: api_timeout,
@@ -45,5 +46,61 @@ module PxModule
       return response
     end
 
+
+    def post_xhr(url, body, headers)
+      s = Time.now
+      begin
+        @logger.debug("PxHttpClient[post]: sending xhr post request to #{url} with headers {#{headers.to_json()}}")
+        
+        #set url
+        uri = URI(url)
+        req = Net::HTTP::Post.new(uri)
+        
+        # set body
+        req.body=body
+        
+        # set headers
+        headers.each do |key, value|
+          req[key] = value
+        end
+        
+        # send request   
+        response = Net::HTTP.start(uri.hostname, uri.port) {|http|
+          http.request(req)
+        }
+
+      ensure
+        e = Time.now
+        @logger.debug("PxHttpClient[get]: runtime: #{(e-s) * 1000.0}")
+      end
+      return response
+    end
+
+
+    def get(url, headers)
+      s = Time.now
+      begin
+        @logger.debug("PxHttpClient[get]: sending get request to #{url} with headers {#{headers.to_json()}}")
+        
+        #set url
+        uri = URI(url)
+        req = Net::HTTP::Get.new(uri)
+        
+        # set headers
+        headers.each do |key, value|
+          req[key] = value
+        end
+        
+        # send request   
+        response = Net::HTTP.start(uri.hostname, uri.port) {|http|
+          http.request(req)
+        }
+        
+      ensure
+        e = Time.now
+        @logger.debug("PxHttpClient[get]: runtime: #{(e-s) * 1000.0}")
+      end
+      return response
+    end
   end
 end

data/lib/perimeterx/utils/px_template_factory.rb

@@ -3,23 +3,24 @@ require 'perimeterx/utils/px_constants'
 module PxModule
   module PxTemplateFactory
 
-    def self.get_template(px_ctx, px_config)
+    def self.get_template(px_ctx, px_config, px_template_object)
       logger = px_config[:logger]
       if (px_config[:challenge_enabled] && px_ctx.context[:block_action] == 'challenge')
         logger.debug('PxTemplateFactory[get_template]: px challange triggered')
         return px_ctx.context[:block_action_data].html_safe
       end
 
-      logger.debug('PxTemplateFactory[get_template]: rendering template')
-      template_type = px_ctx.context[:block_action] == 'captcha' ? PxModule::CAPTCHA_TEMPLATE : BLOCK_TEMPLATE
+      view = Mustache.new
 
-      template_postfix = ''
-      if px_ctx.context[:cookie_origin] == 'header'
-        template_postfix = '.mobile'
+      if (px_ctx.context[:block_action] == 'rate_limit')
+        logger.debug('PxTemplateFactory[get_template]: rendering ratelimit template')
+        template_type = RATELIMIT_TEMPLATE
+      else
+        logger.debug('PxTemplateFactory[get_template]: rendering template')
+        template_type = CHALLENGE_TEMPLATE
       end
 
-      Mustache.template_file =  "#{File.dirname(__FILE__) }/templates/#{template_type}#{template_postfix}#{PxModule::TEMPLATE_EXT}"
-      view = Mustache.new
+      Mustache.template_file =  "#{File.dirname(__FILE__) }/templates/#{template_type}#{PxModule::TEMPLATE_EXT}"
 
       view[PxModule::PROP_APP_ID] = px_config[:app_id]
       view[PxModule::PROP_REF_ID] = px_ctx.context[:uuid]
@@ -28,8 +29,11 @@ module PxModule
       view[PxModule::PROP_CUSTOM_LOGO] = px_config[:custom_logo]
       view[PxModule::PROP_CSS_REF] = px_config[:css_ref]
       view[PxModule::PROP_JS_REF] = px_config[:js_ref]
-      view[PxModule::HOST_URL] = "https://collector-#{px_config[:app_id]}.perimeterx.net"
+      view[PxModule::PROP_HOST_URL] = px_template_object[:host_url]
       view[PxModule::PROP_LOGO_VISIBILITY] = px_config[:custom_logo] ? PxModule::VISIBLE : PxModule::HIDDEN
+      view[PxModule::PROP_BLOCK_SCRIPT] = px_template_object[:block_script]
+      view[PxModule::PROP_JS_CLIENT_SRC] = px_template_object[:js_client_src]
+      view[PxModule::PROP_FIRST_PARTY_ENABLED] = px_ctx.context[:first_party_enabled]
 
       return view.render.html_safe
     end

data/lib/perimeterx/utils/templates/{captcha.mobile.mustache → block_template.mustache}

@@ -6,19 +6,19 @@
     <title>Access to this page has been denied.</title>
     <link href="https://fonts.googleapis.com/css?family=Open+Sans:300" rel="stylesheet">
     <style>
-        html,body{
+        html, body {
             margin: 0;
             padding: 0;
             font-family: 'Open Sans', sans-serif;
             color: #000;
         }
 
-        a{
+        a {
             color: #c5c5c5;
             text-decoration: none;
         }
 
-        .container{
+        .container {
             align-items: center;
             display: flex;
             flex: 1;
@@ -30,7 +30,7 @@
         .container > div {
             width: 100%;
             display: flex;
-            justify-content:center;
+            justify-content: center;
         }
 
         .container > div > div {
@@ -38,38 +38,40 @@
             width: 80%;
         }
 
-        .customer-logo-wrapper{
+        .customer-logo-wrapper {
             padding-top: 2rem;
             flex-grow: 0;
             background-color: #fff;
             visibility: {{logoVisibility}};
         }
 
-        .customer-logo{
+        .customer-logo {
             border-bottom: 1px solid #000;
         }
 
-        .customer-logo > img{
+        .customer-logo > img {
             padding-bottom: 1rem;
             max-height: 50px;
-            max-width: auto;
+            max-width: 100%;
         }
 
-        .page-title-wrapper{
+        .page-title-wrapper {
             flex-grow: 2;
         }
+
         .page-title {
             flex-direction: column-reverse;
         }
 
-        .content-wrapper{
+        .content-wrapper {
             flex-grow: 5;
         }
-        .content{
+
+        .content {
             flex-direction: column;
         }
 
-        .page-footer-wrapper{
+        .page-footer-wrapper {
             align-items: center;
             flex-grow: 0.2;
             background-color: #000;
@@ -77,17 +79,16 @@
             font-size: 70%;
         }
 
-        @media (min-width:768px){
-            html,body{
+        @media (min-width: 768px) {
+            html, body {
                 height: 100%;
             }
         }
     </style>
     <!-- Custom CSS -->
     {{#cssRef}}
-        <link rel="stylesheet" type="text/css" href="{{cssRef}}" />
+        <link rel="stylesheet" type="text/css" href="{{{cssRef}}}"/>
     {{/cssRef}}
-    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
 </head>
 
 <body>
@@ -104,13 +105,12 @@
     </div>
     <div class="content-wrapper">
         <div class="content">
-            <p>
-                Please click "I am not a robot" to continue
-            </p>
-            <div class="g-recaptcha" data-sitekey="6Lcj-R8TAAAAABs3FrRPuQhLMbp5QrHsHufzLf7b" data-callback="handleCaptcha" data-theme="dark">
+
+            <div id="px-captcha">
             </div>
             <p>
-                Access to this page has been denied because we believe you are using automation tools to browse the website.
+                Access to this page has been denied because we believe you are using automation tools to browse the
+                website.
             </p>
             <p>
                 This may happen as a result of the following:
@@ -124,7 +124,8 @@
                 </li>
             </ul>
             <p>
-                Please make sure that Javascript and cookies are enabled on your browser and that you are not blocking them from loading.
+                Please make sure that Javascript and cookies are enabled on your browser and that you are not blocking
+                them from loading.
             </p>
             <p>
                 Reference ID: #{{refId}}
@@ -135,62 +136,40 @@
         <div class="page-footer">
             <p>
                 Powered by
-                <a href="https://www.perimeterx.com">PerimeterX</a>
+                <a href="https://www.perimeterx.com/whywasiblocked">PerimeterX</a>
                 , Inc.
             </p>
         </div>
     </div>
 </section>
-<!-- Captcha -->
+<!-- Px -->
 <script>
-    function captchaSolved(res) {
-        window.location.href = '/px/captcha_callback?status=' + res.status;
-    }
-
-    function handleCaptcha(response) {
-        var appId = '{{appId}}';
-        var vid = '{{vid}}';
-        var uuid = '{{uuid}}';
-        var collectorUrl = '{{{hostUrl}}}';
-        var req = new XMLHttpRequest();
-        req.open('POST', collectorUrl + '/api/v1/collector/captcha');
-        req.setRequestHeader('Content-Type', 'application/json');
-        req.addEventListener('error', function() {
-            captchaSolved({
-                status: 1
-            });
-        });
-        req.addEventListener('cancel', function() {
-            captchaSolved({
-                status: 2
-            });
-        });
-        req.addEventListener('load', function() {
-            if (req.status == 200) {
-                try {
-                    var responseJSON = JSON.parse(req.responseText);
-                    return captchaSolved(responseJSON);
-                } catch (ex) {}
-            }
-            captchaSolved({
-                status: 3
-            });
-        });
-        req.send(JSON.stringify({
-            appId: appId,
-            uuid: uuid,
-            vid: vid,
-            pxCaptcha: response,
-            hostname: window.location.hostname,
-            request: {
-                url: window.location.href
-            }
-        }));
+    window._pxAppId = '{{appId}}';
+    window._pxJsClientSrc = '{{{jsClientSrc}}}';
+    window._pxFirstPartyEnabled = {{firstPartyEnabled}};
+    window._pxVid = '{{vid}}';
+    window._pxUuid = '{{uuid}}';
+    window._pxHostUrl = '{{{hostUrl}}}';
+</script>
+<script>
+    var s = document.createElement('script');
+    s.src = '{{{blockScript}}}';
+    var p = document.getElementsByTagName('head')[0];
+    p.insertBefore(s, null);
+    if ({{firstPartyEnabled}}) {
+        s.onerror = function () {
+            s = document.createElement('script');
+            var suffixIndex = '{{{blockScript}}}'.indexOf('captcha.js');
+            var temperedBlockScript = '{{{blockScript}}}'.substring(suffixIndex);
+            s.src = '//captcha.px-cdn.net/{{appId}}/' + temperedBlockScript;
+            p.parentNode.insertBefore(s, p);
+        };
     }
 </script>
+
 <!-- Custom Script -->
 {{#jsRef}}
-    <script src="{{jsRef}}"></script>
+    <script src="{{{jsRef}}}"></script>
 {{/jsRef}}
 </body>
-</html>
+</html>