npm - @anomira/node-sdk - Versions diffs - 0.2.4 → 0.2.5 - Mend

@anomira/node-sdk 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -404,7 +404,13 @@ var EventName = {
   SQL_ERROR: "db.sql.error",
   // Firewall (emitted when a custom request filtering rule fires)
   FIREWALL_BLOCK: "http.firewall.block",
-  FIREWALL_FLAG: "http.firewall.flag"
+  FIREWALL_FLAG: "http.firewall.flag",
+  FIREWALL_RATE_LIMIT: "http.firewall.rate_limit",
+  FIREWALL_REDIRECT_HONEYPOT: "http.firewall.redirect_honeypot",
+  FIREWALL_TAG: "http.firewall.tag",
+  FIREWALL_MONITOR: "http.firewall.monitor",
+  FIREWALL_CHALLENGE: "http.firewall.challenge",
+  FIREWALL_TEMP_BLOCK: "http.firewall.temporary_block"
 };
 // src/agent-detection.ts
@@ -2038,6 +2044,27 @@ function createExpressMiddleware(client) {
     const fingerprint = computeBrowserFingerprint(headers ?? {}, ua);
     const h2settings = extractHttp2Settings(req);
     const upstreamTls = extractUpstreamTls(headers ?? {});
+    const cookieHeader = headers?.["cookie"];
+    const cookieToken = cookieHeader ? cookieHeader.split(";").map((c) => c.trim()).find((c) => c.startsWith("anomira_fp="))?.slice("anomira_fp=".length) ?? "" : "";
+    const browserFpRaw = cookieToken || headers?.["x-anomira-fp"] || "";
+    let browserFp = null;
+    if (browserFpRaw) {
+      try {
+        const raw = JSON.parse(Buffer.from(browserFpRaw, "base64").toString("utf8"));
+        if (typeof raw["v"] === "number" && typeof raw["fp"] === "string") {
+          browserFp = {
+            fp: raw["fp"],
+            bot: raw["bot"] ?? 0,
+            sigs: (raw["sigs"] ?? []).join(","),
+            uid: typeof raw["uid"] === "string" && raw["uid"] ? raw["uid"] : void 0,
+            pst: raw["frm"]?.pst,
+            ttf: raw["frm"]?.ttf,
+            tts: raw["frm"]?.tts
+          };
+        }
+      } catch {
+      }
+    }
     if (client["canaryTokenCache"] && client["canaryTokenCache"].size > 0) {
       const authHeader = (typeof headers?.["authorization"] === "string" ? headers["authorization"] : "") ?? "";
       if (authHeader.startsWith("Bearer ")) {
@@ -2132,11 +2159,39 @@ function createExpressMiddleware(client) {
         userId,
         meta: { url, method, ruleId: fwMatch.rule.id, attackType: fwMatch.rule.attackType }
       });
-      if (fwMatch.rule.action === "block") {
-        const res_ = res;
-        if (typeof res_["status"] === "function") res_["status"](403);
-        else res_["statusCode"] = 403;
-        if (typeof res_["end"] === "function") res_["end"]('{"error":"Blocked by firewall rule"}');
+      const res_ = res;
+      const setStatus = (code) => {
+        if (typeof res_["status"] === "function") res_["status"](code);
+        else res_["statusCode"] = code;
+      };
+      const sendBody = (body) => {
+        if (typeof res_["end"] === "function") res_["end"](body);
+      };
+      const setHeader = (k, v) => {
+        if (typeof res_["setHeader"] === "function") res_["setHeader"](k, v);
+      };
+      const action = fwMatch.rule.action;
+      if (action === "block" || action === "temporary_block") {
+        setStatus(403);
+        sendBody('{"error":"Blocked by firewall rule"}');
+        return;
+      }
+      if (action === "rate_limit") {
+        setStatus(429);
+        setHeader("Retry-After", "60");
+        sendBody('{"error":"Rate limit exceeded","retryAfter":60}');
+        return;
+      }
+      if (action === "redirect_honeypot") {
+        const target = fwMatch.rule.redirectTarget ?? "/.env";
+        setStatus(302);
+        setHeader("Location", target);
+        sendBody("");
+        return;
+      }
+      if (action === "challenge") {
+        setStatus(403);
+        sendBody('{"error":"Request challenge required"}');
         return;
       }
     }
@@ -2150,7 +2205,7 @@ function createExpressMiddleware(client) {
       }
     }
     const onFinish = () => {
-      const lateUserId = client.config.getUserId(req);
+      const lateUserId = client.config.getUserId(req) || browserFp?.uid || "";
       if (!userIdWarnFired && userIdCheckCount < 20) {
         userIdCheckCount++;
         if (!lateUserId) userIdMissCount++;
@@ -2205,6 +2260,14 @@ function createExpressMiddleware(client) {
           _fp: fingerprint.score,
           _fpSig: fingerprint.signals.join(","),
           ...fingerprint.knownClient ? { _fpClient: fingerprint.knownClient } : {},
+          ...browserFp ? {
+            _bfp: browserFp.fp,
+            _bbot: browserFp.bot,
+            _bsigs: browserFp.sigs,
+            ...browserFp.pst !== void 0 ? { _bpaste: browserFp.pst } : {},
+            ...browserFp.ttf !== void 0 && browserFp.ttf >= 0 ? { _bttf: browserFp.ttf } : {},
+            ...browserFp.tts !== void 0 && browserFp.tts >= 0 ? { _btts: browserFp.tts } : {}
+          } : {},
           ...h2settings ? {
             _h2Window: h2settings.initialWindowSize,
             _h2HdrTable: h2settings.headerTableSize,
@@ -2332,14 +2395,32 @@ function createFastifyPlugin(client) {
           userId,
           meta: { url, method, ruleId: fwMatch.rule.id, attackType: fwMatch.rule.attackType }
         });
-        if (fwMatch.rule.action === "block") {
-          const rep = reply;
-          if (typeof rep["code"] === "function") {
-            const chained = rep["code"](403);
-            if (chained && typeof chained["send"] === "function") {
-              chained["send"]({ error: "Blocked by firewall rule" });
-            }
-          }
+        const rep = reply;
+        const replyCode = (code) => typeof rep["code"] === "function" ? rep["code"](code) : rep;
+        const replyHeader = (k, v) => {
+          if (typeof rep["header"] === "function") rep["header"](k, v);
+        };
+        const replySend = (chained, body) => {
+          if (chained && typeof chained["send"] === "function") chained["send"](body);
+        };
+        const action = fwMatch.rule.action;
+        if (action === "block" || action === "temporary_block") {
+          replySend(replyCode(403), { error: "Blocked by firewall rule" });
+          return;
+        }
+        if (action === "rate_limit") {
+          replyHeader("Retry-After", "60");
+          replySend(replyCode(429), { error: "Rate limit exceeded", retryAfter: 60 });
+          return;
+        }
+        if (action === "redirect_honeypot") {
+          const target = fwMatch.rule.redirectTarget ?? "/.env";
+          replyHeader("Location", target);
+          replySend(replyCode(302), "");
+          return;
+        }
+        if (action === "challenge") {
+          replySend(replyCode(403), { error: "Request challenge required" });
           return;
         }
       }
@@ -2354,11 +2435,11 @@ function createFastifyPlugin(client) {
       const ip = client.config.getIp(req);
       const url = req["url"] ?? "/";
       const method = req["method"]?.toUpperCase() ?? "GET";
-      const userId = client.config.getUserId(req);
+      const serverUserId = client.config.getUserId(req);
       const status = reply["statusCode"] ?? 0;
       if (!userIdWarnFired && userIdCheckCount < 20) {
         userIdCheckCount++;
-        if (!userId) userIdMissCount++;
+        if (!serverUserId) userIdMissCount++;
         if (userIdCheckCount === 20 && userIdMissCount >= 18) {
           userIdWarnFired = true;
           console.warn(
@@ -2373,6 +2454,28 @@ function createFastifyPlugin(client) {
       const fingerprint = computeBrowserFingerprint(headers ?? {}, ua);
       const h2settings = extractHttp2Settings(req);
       const upstreamTls = extractUpstreamTls(headers ?? {});
+      const cookieHdrF = headers?.["cookie"];
+      const cookieTokF = cookieHdrF ? cookieHdrF.split(";").map((c) => c.trim()).find((c) => c.startsWith("anomira_fp="))?.slice("anomira_fp=".length) ?? "" : "";
+      const bfpRawF = cookieTokF || headers?.["x-anomira-fp"] || "";
+      let browserFpF = null;
+      if (bfpRawF) {
+        try {
+          const raw = JSON.parse(Buffer.from(bfpRawF, "base64").toString("utf8"));
+          if (typeof raw["v"] === "number" && typeof raw["fp"] === "string") {
+            browserFpF = {
+              fp: raw["fp"],
+              bot: raw["bot"] ?? 0,
+              sigs: (raw["sigs"] ?? []).join(","),
+              uid: typeof raw["uid"] === "string" && raw["uid"] ? raw["uid"] : void 0,
+              pst: raw["frm"]?.pst,
+              ttf: raw["frm"]?.ttf,
+              tts: raw["frm"]?.tts
+            };
+          }
+        } catch {
+        }
+      }
+      const userId = serverUserId || browserFpF?.uid || "";
       client.track(EventName.REQUEST, {
         ip,
         userId,
@@ -2386,6 +2489,14 @@ function createFastifyPlugin(client) {
           _fp: fingerprint.score,
           _fpSig: fingerprint.signals.join(","),
           ...fingerprint.knownClient ? { _fpClient: fingerprint.knownClient } : {},
+          ...browserFpF ? {
+            _bfp: browserFpF.fp,
+            _bbot: browserFpF.bot,
+            _bsigs: browserFpF.sigs,
+            ...browserFpF.pst !== void 0 ? { _bpaste: browserFpF.pst } : {},
+            ...browserFpF.ttf !== void 0 && browserFpF.ttf >= 0 ? { _bttf: browserFpF.ttf } : {},
+            ...browserFpF.tts !== void 0 && browserFpF.tts >= 0 ? { _btts: browserFpF.tts } : {}
+          } : {},
           ...h2settings ? {
             _h2Window: h2settings.initialWindowSize,
             _h2HdrTable: h2settings.headerTableSize,