perimeter_x 1.3.0 → 2.2.1

data/lib/perimeterx/utils/templates/ratelimit.mustache

@@ -0,0 +1,9 @@
+<html>
+<head>
+    <title>Too Many Requests</title>
+</head>
+<body>
+    <h1>Too Many Requests</h1>
+    <p>Reached maximum requests limitation, try again soon.</p>
+</body>
+</html>

data/lib/perimeterx/version.rb

@@ -1,3 +1,3 @@
 module PxModule
-  VERSION = '1.3.0'
+  VERSION = '2.2.1'
 end

data/perimeter_x.gemspec

@@ -22,8 +22,8 @@ Gem::Specification.new do |gem|
   gem.bindir        = "exe"
   gem.executables   = gem.files.grep(%r{^exe/}) { |f| File.basename(f) }
   gem.require_paths = ["lib"]
-  gem.add_development_dependency "bundler", "~> 1.14"
-  gem.add_development_dependency "rake", "~> 10.0"
+  gem.add_development_dependency "bundler", ">= 2.1"
+  gem.add_development_dependency "rake", ">= 12.3"
 
   gem.extra_rdoc_files = ["readme.md", "changelog.md"]
   gem.rdoc_options     = ["--line-numbers", "--inline-source", "--title", "PerimeterX"]
@@ -33,7 +33,7 @@ Gem::Specification.new do |gem|
   gem.add_dependency('concurrent-ruby', '~> 1.0', '>= 1.0.5')
   gem.add_dependency('typhoeus', '~> 1.1', '>= 1.1.2')
   gem.add_dependency('mustache', '~> 1.0', '>= 1.0.3')
-  gem.add_dependency('activesupport', '>= 4.2.0')
+  gem.add_dependency('activesupport', '>= 5.2.4.3')
 
   gem.add_development_dependency 'rspec', '~> 3.0'
   gem.add_development_dependency 'mocha', '~> 1.2', '>= 1.2.1'

data/readme.md

@@ -1,20 +1,24 @@
-![image](http://media.marketwire.com/attachments/201604/34215_PerimeterX_logo.jpg)
+[![Build Status](https://travis-ci.org/PerimeterX/perimeterx-ruby-sdk.svg?branch=master)](https://travis-ci.org/PerimeterX/perimeterx-ruby-sdk)
+
+![image](https://storage.googleapis.com/perimeterx-logos/primary_logo_red_cropped.png)
 #
 [PerimeterX](http://www.perimeterx.com) Ruby SDK
 =============================================================
 
+> Latest stable version: [v2.2.1](https://rubygems.org/gems/perimeter_x)
+
 Table of Contents
 -----------------
--   [Usage](#usage)
+  **[Usage](#usage)**
   *   [Dependencies](#dependencies)
   *   [Installation](#installation)
   *   [Basic Usage Example](#basic-usage)
--   [Configuration](#configuration)
+  
+  **[Configuration](#configuration)**
   *   [Configuring Required Parameters](#requireied-params)
   *   [Blocking Score](#blocking-score)
+  *   [Custom Verification Action](#custom-verification-action)
   *   [Custom Block Page](#custom-block-page)
-  *   [Custom Block Action](#custom-block-action)
-  *   [Enable/Disable Captcha](#captcha-support)
   *   [Extracting Real IP Address](#real-ip)
   *   [Custom URI](#custom-uri)
   *   [Filter Sensitive Headers](#sensitive-headers)
@@ -23,7 +27,11 @@ Table of Contents
   *   [Additional Page Activity Handler](#additional-page-activity-handler)
   *   [Monitor Only](#logging)
   *   [Debug Mode](#debug-mode)
--   [Contributing](#contributing)
+  *   [Whitelist Routes](#whitelist-routes)
+  *   [Update Configuration on Runtime](#update-config)
+  *   [First Party](#first-party)
+  
+  **[Contributing](#contributing)**
 
 <a name="Usage"></a>
 <a name="dependencies"></a> Dependencies
@@ -80,7 +88,7 @@ All parameters are obtainable via the PerimeterX Portal. (Applications and Polic
 
 <a name="blocking-score"></a>**Changing the Minimum Score for Blocking**
 
->Note:  Default blocking value: 70
+>Note:  Default blocking value: 100
 
 ```ruby
 params = {
@@ -90,69 +98,71 @@ params = {
 }
 ```
 
+<a name="custom-verification-action"></a>**Custom Verification Handler**
 
+> Note: This handler replaces the now deprecated `custom_block_handler`.
 
-<a name="custom-block-action"></a>**Custom Verification Handler**
+A custom verification handler is being executed inside `px_verify_request` instead of the the default behavior and allows a user to use a custom action based on the risk score returned by PerimeterX.
 
-A custom verification handler is being executed inside ``px_verify_request`` instead of the the default behavior and allows a user to use a custom action based on the risk score returned by PerimeterX.
+When implemented, this method receives a hash variable as input which represents data from the PerimeterX context of the request (px_ctx).
 
-When implemented, this method receives  a hash variable as input which represents data from the PerimeterX context of the request (px_ctx).
+- `px_ctx.context[:score]` - contains the risk score
+- `px_ctx.context[:uuid]` - contains the request UUID
+- `px_ctx.context[:verified]` - contains indication whether the request passed verification or was blocked (inspect `px_ctx.context[:block_reason]` for block reason) 
 
-- `px_ctx[:score] ` contains the risk score
-- `px_ctx[:uuid] ` contains the request UUID
-
->> Note: to determine whether to return a captcha/block page (HTML) or block JSON payload a reference key on the context will be available:  ```px_ctx.context[:format]```
+> Note: to determine whether to return a captcha/block page (HTML) or block JSON payload a reference key on the context will be available:  ```px_ctx.context[:format]```
 
 To replace the default verification behavior, add the configuration a lambda member as shown in the example below.
 
-The method must return boolen value.
-
 ```ruby
 params = {
   :app_id => <APP_ID>,
   :auth_token => <AUTH_TOKEN>,
-  :custom_block_handler => -> (px_ctx) {
+  :custom_verification_handler => -> (px_ctx) {
     if px_ctx.context[:score] >= 60
-        # take your action and retun a message or JSON with a status code of 403 and option UUID of the request. Can return false and include action in the px_middleware method.  
+      # take your action and render an html page or JSON with applicable status code.    
+      render json: { :score => px_ctx.context[:score] }
     end
-    return true
   }
 }
 ```
 
+> Note: Unlike previous versions, the method no longer needs to return a boolean value. 
+
 **Example**
-### Serving a Custom HTML Page ###
+#### Serving a Custom HTML Page ####
 ```ruby
 
-params[:custom_block_handler] = -> (px_ctx)
-{
+params = {
+  :app_id => <APP_ID>,
+  :auth_token => <AUTH_TOKEN>,
+  ...
+  :custom_verification_handler => -> (px_ctx) {
     block_score = px_ctx.context[:score];
-    block_uuid = px_ctx.context[:uuid];
+    client_uuid = px_ctx.context[:uuid];
     full_url = px_ctx.context[:full_url];
 
     html = "<html>
             <body>
             <div>Access to #{full_url} has been blocked.</div>    
-            <div>Block reference - #{block_uuid} </div>
+            <div>Block reference - #{client_uuid} </div>
             <div>Block score - #{block_score} </div>
             </body>
             </html>".html_safe
     response.headers["Content-Type"] = "text/html"
     response.status = 403
     render :html => html
-    return false
-};
-
-PxModule.configure(params)
+  }
+}
 ```
 
-<a name="real-ip"></a>** Custom User IP **
+<a name="real-ip"></a>**Custom User IP**
 
 > Note: IP extraction, according to your network setup, is very important. It is common to have a load balancer/proxy on top of your applications, in which case the PerimeterX module will send the system's internal IP as the user's. In order to properly perform processing and detection on server-to-server calls, PerimeterX module needs the real user's IP.
 
 By default the clients IP is taken from the ``REMOTE_ADDR`` header, in case the user decides to use different header or custom function that extract the header the following key should be added to the configuration
 
-*** Custom header ***
+***Custom header***
 ```ruby
 configuration = {
   "app_id" => <APP_ID>,
@@ -160,7 +170,7 @@ configuration = {
   "custom_user_ip" => <HTTP_HEADER_NAME>,
 ```
 
-*** Custom Function ***
+***Custom Function***
 > Note: the function receive as a first parameter the controller request and must return the ip at the end as string
 
 ```ruby
@@ -213,15 +223,6 @@ Default mode: PxModule::ACTIVE_MODE
 params[:module_mode] = PxModule::MONITOR_MODE
 ```
 
-<a name="captcha-support"></a>**Enable/Disable CAPTCHA on the block page**
-Default mode: enabled
-
-By enabling CAPTCHA support, a CAPTCHA will be served as part of the block page, giving real users the ability to identify as a human. By solving the CAPTCHA, the user's score is then cleaned up and the user is allowed to continue normal use.
-
-```ruby
-params[:captcha_enabled] = false
-```
-
 <a name="custom-uri"></a>**Custom URI**
 
 Default: 'REQUEST_URI'
@@ -285,6 +286,71 @@ Enables debug logging mode to STDOUT
   params[:debug] = true
 ```
 
+<a name="whitelist-routes"></a>**Whitelist Routes**
+Default: []
+
+An array of route prefixes and/or regular expressions that are always whitelisted and not validated by PerimeterX.
+A string value of a path will be treated as a prefix.
+A regexp value of a path will be treated as is.
+
+```ruby
+  params[:whitelist_routes] = ["/example", /\A\/example\z/]
+```
+
+<a name="update-config"></a>**Update Configuration on Runtime**
+
+As mentioned before, PerimeterX Module should be configured in `<rails_app>/config/initializers/perimeterx.rb`.
+However, it is possible to override configuration options on each request.
+To do so, send the configuration options as an argument when calling to `px_verify_request` as described in the following example.
+Notice that in case of an invalid argument, the module will raise an error. Therefore, when using this feature, make sure to wrap the call to `px_verify_request` with begin and rescue. It is highly recommended to log the error message to follow such errors.
+
+Usage example:
+
+```ruby
+class HomeController < ApplicationController
+  include PxModule
+
+  before_action do call_perimeterx_verify_request end
+
+  def call_perimeterx_verify_request
+    params = {
+    :blocking_score => 70,
+    :module_mode => 2
+    }
+    begin
+      px_verify_request(params) 
+    rescue StandardError => e
+      # $stdout.write(e.message)
+    end
+  end
+
+end
+```
+
+<a name="first-party"></a>**First Party**
+
+To enable first party on your enforcer, add the following routes to your `config/routes.rb` file:
+
+```ruby
+  get '/:appid_postfix/init.js', to: 'home#index', constraints: { appid_postfix: /XXXXXXXX/ }
+  get '/:appid_postfix/captcha/:all', to: 'home#index', constraints: { appid_postfix: /XXXXXXXX/, all:/.*/ }
+  post '/:appid_postfix/xhr/:all', to: 'home#index', constraints: { appid_postfix: /XXXXXXXX/, all:/.*/  }  
+```
+
+Notice that all occurences of `XXXXXXXX` should be replaced with your px_app_id without the "PX" prefix. For example, if your px_app_id is `PX2H4seK9L`, replace `XXXXXXXX` with `2H4seK9L`.
+
+In case you are using more than one px_app_id, provide all of them with a `|` sign between them. For example:  2H4seK9L|9bMs6K94|Lc5kPMNx
+
+
+First Party configuration:
+
+Default: true
+
+```ruby
+  params[:first_party_enabled] = false
+```
+
+
 <a name="contributing"></a># Contributing #
 ------------------------------
 The following steps are welcome when contributing to our project.

metadata

@@ -1,43 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: perimeter_x
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 2.2.1
 platform: ruby
 authors:
 - Nitzan Goldfeder
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-07-27 00:00:00.000000000 Z
+date: 2020-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -104,14 +104,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.2.0
+        version: 5.2.4.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.2.0
+        version: 5.2.4.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -171,24 +171,24 @@ files:
 - lib/perimeterx/configuration.rb
 - lib/perimeterx/internal/clients/perimeter_x_activity_client.rb
 - lib/perimeterx/internal/clients/perimeter_x_risk_client.rb
+- lib/perimeterx/internal/exceptions/px_config_exception.rb
 - lib/perimeterx/internal/exceptions/px_cookie_decryption_exception.rb
+- lib/perimeterx/internal/first_party/px_first_party.rb
 - lib/perimeterx/internal/payload/perimeter_x_cookie_v1.rb
 - lib/perimeterx/internal/payload/perimeter_x_cookie_v3.rb
 - lib/perimeterx/internal/payload/perimeter_x_payload.rb
 - lib/perimeterx/internal/payload/perimeter_x_token_v1.rb
 - lib/perimeterx/internal/payload/perimeter_x_token_v3.rb
 - lib/perimeterx/internal/perimeter_x_context.rb
-- lib/perimeterx/internal/validators/perimeter_x_captcha_validator.rb
+- lib/perimeterx/internal/validators/hash_schema_validator.rb
 - lib/perimeterx/internal/validators/perimeter_x_cookie_validator.rb
 - lib/perimeterx/internal/validators/perimeter_x_s2s_validator.rb
 - lib/perimeterx/utils/px_constants.rb
 - lib/perimeterx/utils/px_http_client.rb
 - lib/perimeterx/utils/px_logger.rb
 - lib/perimeterx/utils/px_template_factory.rb
-- lib/perimeterx/utils/templates/block.mobile.mustache
-- lib/perimeterx/utils/templates/block.mustache
-- lib/perimeterx/utils/templates/captcha.mobile.mustache
-- lib/perimeterx/utils/templates/captcha.mustache
+- lib/perimeterx/utils/templates/block_template.mustache
+- lib/perimeterx/utils/templates/ratelimit.mustache
 - lib/perimeterx/version.rb
 - perimeter_x.gemspec
 - readme.md
@@ -215,8 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: PerimeterX ruby implmentation

data/lib/perimeterx/internal/validators/perimeter_x_captcha_validator.rb

@@ -1,65 +0,0 @@
-require 'perimeterx/internal/clients/perimeter_x_risk_client'
-
-module PxModule
-  class PerimeterxCaptchaValidator < PerimeterxRiskClient
-
-    def initialize(px_config, http_client)
-      super(px_config, http_client)
-    end
-
-    def send_captcha_request(vid, uuid, captcha, px_ctx)
-
-      request_body = {
-        :request => {
-          :ip => px_ctx.context[:ip],
-          :headers => format_headers(px_ctx),
-          :uri => px_ctx.context[:uri]
-        },
-        :pxCaptcha => captcha,
-        :vid => vid,
-        :uuid => uuid,
-        :hostname => px_ctx.context[:hostname]
-      }
-
-      # Prepare request
-      headers = {
-          "Authorization" => "Bearer #{@px_config[:auth_token]}" ,
-          "Content-Type" => "application/json"
-      };
-
-      return @http_client.post(PxModule::API_V1_CAPTCHA, request_body, headers, @px_config[:api_timeout], @px_config[:api_timeout_connection])
-
-    end
-
-    def verify(px_ctx)
-      captcha_validated = false
-      begin
-        if(!px_ctx.context.key?(:px_captcha))
-          return captcha_validated, px_ctx
-        end
-        captcha, vid, uuid = px_ctx.context[:px_captcha].split(':', 3)
-        if captcha.nil? || vid.nil? || uuid.nil?
-          return captcha_validated, px_ctx
-        end
-
-        px_ctx.context[:vid] = vid
-        px_ctx.context[:uuid] = uuid
-        response = send_captcha_request(vid, uuid, captcha, px_ctx)
-
-        if (response.status_code == 200)
-          response_body = eval(response.body)
-          if ( response_body[:code] == 0 )
-            captcha_validated = true
-          end
-        end
-
-        return captcha_validated, px_ctx
-
-      rescue Exception => e
-        @logger.error("PerimeterxCaptchaValidator[verify]: failed, returning false")
-        return captcha_validated, px_ctx
-      end
-    end
-
-  end
-end