perimeter_x 1.0.6.pre.alpha → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2d1e967ee5f87625d37e4c7ca523b00ae089f512
-  data.tar.gz: b08932769740ec74416a0072dc0313c12ce4ea78
+  metadata.gz: 8821c69fed2516694f5cfc66c4fd86cb8350e1c6
+  data.tar.gz: cb26bfa40459f6e0745c9d1d1bdb94a07ade258b
 SHA512:
-  metadata.gz: 52a63dd5557e73e43f7db668f804997d57c27dd3a609f252346353e264a85c8649254e5053e3cd3db86b6a531dd45f40a97bf9de3195daee89e4b21cce2dfb6b
-  data.tar.gz: 5d213eb7b31094d369959acbd2ea240d2f747298466a922a760836b1d706017a96a6f4a3b9bac7f6865c268ec70f7f718b53fb5b1bea04de61ec83a62f21b8aa
+  metadata.gz: 79d0af263099a0b1cc363546e26a2c7c3c42b80e71a7eb1b39c9f07a784ad5ad925598aa42be2036cc79620528762398c4ac58d1ee448ca792b55aa422bf2784
+  data.tar.gz: a13e5dab8ce2a5a9380996921799a5e90bb3b141f10b08b13821b07ff36efaa6cb12c1b853f7071e7ebcc3d2ffa84e21233d8442f07a01aa3607a80f287edf77

data/.gitignore

@@ -3,18 +3,20 @@ capybara-*.html
 .rspec
 /log
 /tmp
+/bin
 /dev
 /db/*.sqlite3
 /db/*.sqlite3-journal
 /public/system
 /coverage/
 /spec/tmp
-examples/home_controller.rb
+examples/config/initializers/perimeterx.rb
+examples/app/views/home/index.html.erb
 **.orig
 *.gem
 rerun.txt
 pickle-email-*.html
-dev
+
 # TODO Comment out these rules if you are OK with secrets being uploaded to the repo
 config/initializers/secret_token.rb
 config/secrets.yml
@@ -22,7 +24,7 @@ config/secrets.yml
 # dotenv
 # TODO Comment out this rule if environment variables can be committed
 .env
-.idea
+
 ## Environment normalization:
 /.bundle
 /vendor/bundle

data/Dockerfile

@@ -37,12 +37,14 @@ RUN /bin/bash -l -c "gem install bundler"
 RUN /bin/bash -l -c "gem install rails -v 4.2.0"
 RUN mkdir -p /tmp/ruby_sandbox
 WORKDIR /tmp/ruby_sandbox
+RUN git clone https://github.com/PerimeterX/perimeterx-ruby-sdk.git
 RUN /bin/bash -l -c "rails new webapp"
 WORKDIR /tmp/ruby_sandbox/webapp
 RUN /bin/bash -l -c "rails generate controller home index"
 WORKDIR /tmp/ruby_sandbox/webapp
 EXPOSE 3000
-RUN sed -i "2i gem 'perimeter_x', '~> 1.0.5.pre.alpha'" /tmp/ruby_sandbox/webapp/Gemfile
+# TODO: make it take the files from git
+RUN sed -i '2i gem "perimeter_x", :path => "/tmp/ruby_sandbox/perimeterx-ruby-sdk"' /tmp/ruby_sandbox/webapp/Gemfile
 RUN /bin/bash -l -c "bundler update"
-RUN /bin/bash -l -c "gem list|grep peri"
-CMD ["/bin/bash", "-l", "-c", "rails server -b 0.0.0.0;"]
+COPY ./examples/ /tmp/ruby_sandbox/webapp
+CMD ["/bin/bash", "-l", "-c", "rails server -b 0.0.0.0;"]

data/Gemfile

@@ -1,3 +1,3 @@
 source "https://rubygems.org"
 
-gem 'httpclient', '2.8.2.4'
+gemspec

data/Gemfile.lock

@@ -1,13 +1,55 @@
+PATH
+  remote: .
+  specs:
+    perimeter_x (1.0.5)
+      activesupport (>= 4.2.0)
+      httpclient (= 2.8.2.4)
+      mustache (~> 1.0, >= 1.0.3)
+
 GEM
   remote: https://rubygems.org/
   specs:
-    httpclient (2.8.3)
+    activesupport (5.0.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    concurrent-ruby (1.0.5)
+    diff-lcs (1.3)
+    httpclient (2.8.2.4)
+    i18n (0.8.1)
+    metaclass (0.0.4)
+    minitest (5.10.1)
+    mocha (1.2.1)
+      metaclass (~> 0.0.1)
+    mustache (1.0.4)
+    rake (10.4.2)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.4)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.3)
+      thread_safe (~> 0.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  httpclient (= 2.8.3)
+  bundler (~> 1.14)
+  mocha (~> 1.2, >= 1.2.1)
+  perimeter_x!
+  rake (~> 10.0)
+  rspec (~> 3.0)
 
 BUNDLED WITH
    1.14.6

data/LICENSE.txt

@@ -1,6 +1,4 @@
-The MIT License (MIT)
-
-Copyright (c) 2017 nitzanpx
+Copyright © 2016 PerimeterX, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -9,13 +7,12 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -1,2 +1,9 @@
-require "bundler/gem_tasks"
-task :default => :spec
+begin
+  require 'rspec/core/rake_task'
+
+  RSpec::Core::RakeTask.new(:spec)
+
+  task :test => :spec
+rescue LoadError
+  # no rspec available
+end

data/changelog.md

@@ -0,0 +1,20 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/)
+and this project adheres to [Semantic Versioning](http://semver.org/).
+
+## [1.1.0] - 2017-06-04
+### Added 
+    - Added support for sensitive routes
+
+## [1.0.5] - 2017-05-07
+### Fixed
+ - Added request format into context for custom callbacks
+
+## [1.0.4] - 2017-04-27
+### Fixed
+ - Constants on px_constants
+ - Cookie Validation flow when cookie score was over the configured threshold
+ - Using symbols instead of strings for requests body

data/examples/app/controllers/home_controller.rb

@@ -0,0 +1,9 @@
+class HomeController < ApplicationController
+  include PxModule
+
+  before_filter :px_verify_request
+
+  def index
+  end
+
+end

data/examples/app/views/home/index.html.erb.dist

@@ -0,0 +1,20 @@
+<h1>Home#index</h1>
+<p>Find me in app/views/home/index.html.erb</p>
+
+<script type="text/javascript">
+	(function(){
+		window._pxAppId ='APP_ID';
+		// Custom parameters
+		// window._pxParam1 = "<param1>";
+		var p = document.getElementsByTagName('script')[0],
+			s = document.createElement('script');
+		s.async = 1;
+		s.src = '//client.perimeterx.net/APP_ID/main.min.js';
+		p.parentNode.insertBefore(s,p);
+	}());
+</script>
+<noscript>
+	<div style="position:fixed; top:0; left:0; display:none" width="1" height="1">
+		<img src="//collector-APP_ID.perimeterx.net/api/v1/collector/noScript.gif?appId=APP_ID">
+	</div>
+</noscript>

data/examples/config/initializers/perimeterx.rb.dist

@@ -0,0 +1,8 @@
+params = {
+  :app_id => "APP_ID",
+  :cookie_key => "COOKIE_KEY",
+  :auth_token => "AUTH_TOKEN"
+}
+
+
+PxModule.configure(params)

data/lib/perimeter_x.rb

@@ -1,69 +1,145 @@
 require 'perimeterx/configuration'
 require 'perimeterx/utils/px_logger'
+require 'perimeterx/utils/px_constants'
 require 'perimeterx/utils/px_http_client'
+require 'perimeterx/utils/px_template_factory'
 require 'perimeterx/internal/perimeter_x_context'
-require 'perimeterx/internal/perimeter_x_s2s_validator'
+require 'perimeterx/internal/clients/perimeter_x_activity_client'
+require 'perimeterx/internal/validators/perimeter_x_s2s_validator'
+require 'perimeterx/internal/validators/perimeter_x_cookie_validator'
+require 'perimeterx/internal/validators/perimeter_x_captcha_validator'
 
-module PerimeterX
-  class PxModule
-    L = PxLogger.instance
+module PxModule
 
-    @@singleton__instance__ = nil
-    @@singleton__mutex__ = Mutex.new
+  # Module expose API
+  def px_verify_request
+    verified, px_ctx = PerimeterX.instance.verify(env)
+
+    # Invalidate _pxCaptcha, can be done only on the controller level
+    cookies[:_pxCaptcha] = { value: "", expires: -1.minutes.from_now }
+
+    if (!verified)
+      # In case custon block handler exists
+      if (PerimeterX.instance.px_config.key?(:custom_block_handler))
+        PerimeterX.instance.px_config[:logger].debug("PxModule[px_verify_request]: custom_block_handler triggered")
+        return instance_exec(px_ctx, &PerimeterX.instance.px_config[:custom_block_handler])
+      else
+        # Generate template
+        PerimeterX.instance.px_config[:logger].debug("PxModule[px_verify_request]: sending default block page")
+        html = PxTemplateFactory.get_template(px_ctx, PerimeterX.instance.px_config)
+        response.headers["Content-Type"] = "text/html"
+        response.status = 403
+        render :html => html
+      end
+    end
+
+    return verified
+  end
+
+  def self.configure(params)
+    @px_instance = PerimeterX.configure(params)
+  end
+
+
+  # PerimtereX Module
+  class PerimeterX
+    @@__instance = nil
+    @@mutex = Mutex.new
 
     attr_reader :px_config
     attr_accessor :px_http_client
+    attr_accessor :px_activity_client
 
-    def self.instance(params)
-      return @@singleton__instance__ if @@singleton__instance__
-      @@singleton__mutex__.synchronize {
-        return @@singleton__instance__ if @@singleton__instance__
-        @@singleton__instance__ = new(params)
+    #Static methods
+    def self.configure(params)
+      return true if @@__instance
+      @@mutex.synchronize {
+        return @@__instance if @@__instance
+        @@__instance = new(params)
       }
-      @@singleton__instance__
+      return true
     end
 
-
-    private def initialize(params)
-      L.info("PerimeterX[initialize]")
-      @px_config = Configuration.new(params).configuration
-      @px_http_client = PxHttpClient.new(@px_config)
+    def self.instance
+      return @@__instance if !@@__instance.nil?
+      raise Exception.new("Please initialize perimeter x first")
     end
 
-    def px_verify(env)
+
+    #Instance Methods
+    def verify(env)
       begin
-        L.info("PerimeterX[pxVerify]")
+        @logger.debug("PerimeterX[pxVerify]")
         req = ActionDispatch::Request.new(env)
-
-        if (!@px_config['module_enabled'])
-          L.warn("Module is disabled")
+        if (!@px_config[:module_enabled])
+          @logger.warn("Module is disabled")
           return true
         end
-
         px_ctx = PerimeterXContext.new(@px_config, req)
-        px_ctx.context[:s2s_call_reason] = "no_cookie"
 
-        s2sValidator = PerimeterxS2SValidator.new(px_ctx, @px_config, @px_http_client)
-        px_ctx = s2sValidator.verify()
+        # Captcha phase
+        captcha_verified, px_ctx = @px_captcha_validator.verify(px_ctx)
+        if (captcha_verified)
+          return handle_verification(px_ctx)
+        end
+
+        # Cookie phase
+        cookie_verified, px_ctx = @px_cookie_validator.verify(px_ctx)
+        if (!cookie_verified)
+          @px_s2s_validator.verify(px_ctx)
+        end
 
-        if (px_config.key?('custom_verification_handler'))
-          return px_config['custom_verification_handler'].call(px_ctx.context)
+        if (@px_config.key?(:custom_verification_handler))
+          return @px_config[:custom_verification_handler].call(px_ctx.context)
         else
           return handle_verification(px_ctx)
         end
       rescue Exception => e
-        puts("#{e.backtrace.first}: #{e.message} (#{e.class})", e.backtrace.drop(1).map { |s| "\t#{s}" })
+        @logger.error("#{e.backtrace.first}: #{e.message} (#{e.class})")
+        e.backtrace.drop(1).map { |s| @logger.error("\t#{s}") }
         return true
       end
     end
 
-    # private methods
+    private def initialize(params)
+      @px_config = Configuration.new(params).configuration
+      @logger = @px_config[:logger]
+      @px_http_client = PxHttpClient.new(@px_config)
+
+      @px_activity_client = PerimeterxActivitiesClient.new(@px_config, @px_http_client)
+
+      @px_cookie_validator = PerimeterxCookieValidator.new(@px_config)
+      @px_s2s_validator = PerimeterxS2SValidator.new(@px_config, @px_http_client)
+      @px_captcha_validator = PerimeterxCaptchaValidator.new(@px_config, @px_http_client)
+      @logger.debug("PerimeterX[initialize]")
+    end
+
     private def handle_verification(px_ctx)
-      L.info("perimeterx processing ended - score:#{px_ctx.context[:score]}, uuid:#{px_ctx.context[:uuid]}")
-      return true
+      @logger.debug("PerimeterX[handle_verification]")
+      @logger.debug("PerimeterX[handle_verification]: processing ended - score:#{px_ctx.context[:score]}, uuid:#{px_ctx.context[:uuid]}")
+
+      score = px_ctx.context[:score]
+      # Case PASS request
+      if (score < @px_config[:blocking_score])
+        @logger.debug("PerimeterX[handle_verification]: score:#{score} < blocking score, passing request")
+        @px_activity_client.send_page_requested_activity(px_ctx)
+        return true
+      end
+
+      # Case blocking activity
+      @px_activity_client.send_block_activity(px_ctx)
+
+      # In case were in monitor mode, end here
+      if(@px_config[:module_mode] == PxModule::MONITOR_MODE)
+        @logger.debug("PerimeterX[handle_verification]: monitor mode is on, passing request")
+        return true
+      end
+
+      @logger.debug("PerimeterX[handle_verification]: verification ended, the request should be blocked")
+
+      return false, px_ctx
     end
 
     private_class_method :new
   end
-
 end

data/lib/perimeterx/configuration.rb

@@ -1,30 +1,38 @@
-module PerimeterX
+require 'perimeterx/utils/px_logger'
+require 'perimeterx/utils/px_constants'
+
+module PxModule
   class Configuration
 
     attr_accessor :configuration
     attr_accessor :PX_DEFAULT
-    attr_accessor :MONITOR_MODE
-    attr_accessor :ACTIVE_MODE
-
-    MONITOR_MODE = 1
-    ACTIVE_MODE = 2
 
     PX_DEFAULT = {
-      "app_id"                   => nil,
-      "auth_token"               => nil,
-      "module_enabled"           => true,
-      "blocking_score"           => 70,
-      "sensitive_headers"        => ["cookie", "cookies"],
-      "api_connect_timeout"      => 1,
-      "api_timeout"              => 1,
-      "sdk_name"                 => "RUBY SLIM SDK v1.0.0",
-      "debug_mode"               => false,
-      "module_mode"              => MONITOR_MODE,
+      :app_id                   => nil,
+      :cookie_key               => nil,
+      :auth_token               => nil,
+      :module_enabled           => true,
+      :captcha_enabled          => true,
+      :challenge_enabled        => true,
+      :encryption_enabled       => true,
+      :blocking_score           => 70,
+      :sensitive_headers        => ["http-cookie", "http-cookies"],
+      :api_connect_timeout      => 0,
+      :api_timeout              => 0,
+      :max_buffer_len           => 30,
+      :send_page_activities     => false,
+      :send_block_activities    => true,
+      :sdk_name                 => PxModule::SDK_NAME,
+      :debug                    => false,
+      :module_mode              => PxModule::ACTIVE_MODE,
+      :local_proxy              => false,
+      :sensitive_routes         => []
     }
 
     def initialize(params)
-      PX_DEFAULT["perimeterx_server_host"] = "https://sapi-#{params['app_id'].downcase}.perimeterx.net"
+      PX_DEFAULT[:perimeterx_server_host] = "https://sapi-#{params[:app_id].downcase}.perimeterx.net"
       @configuration = PX_DEFAULT.merge(params);
+      @configuration[:logger] = PxLogger.new(@configuration[:debug])
     end
   end
 end