npm - @anomira/node-sdk - Versions diffs - 0.2.4 → 0.2.6 - Mend

@anomira/node-sdk 0.2.4 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -148,11 +148,17 @@ declare const EventName: {
     readonly SQL_ERROR: "db.sql.error";
     readonly FIREWALL_BLOCK: "http.firewall.block";
     readonly FIREWALL_FLAG: "http.firewall.flag";
+    readonly FIREWALL_RATE_LIMIT: "http.firewall.rate_limit";
+    readonly FIREWALL_REDIRECT_HONEYPOT: "http.firewall.redirect_honeypot";
+    readonly FIREWALL_TAG: "http.firewall.tag";
+    readonly FIREWALL_MONITOR: "http.firewall.monitor";
+    readonly FIREWALL_CHALLENGE: "http.firewall.challenge";
+    readonly FIREWALL_TEMP_BLOCK: "http.firewall.temporary_block";
 };
 type EventNameValue = typeof EventName[keyof typeof EventName];
 type FirewallField = "url" | "body" | "header" | "user_agent" | "ip";
 type FirewallOperator = "contains" | "equals" | "starts_with" | "ends_with" | "regex";
-type FirewallAction = "block" | "flag";
+type FirewallAction = "block" | "flag" | "rate_limit" | "challenge" | "redirect_honeypot" | "tag" | "monitor" | "temporary_block";
 interface EndpointDeclaration {
     /** HTTP method, e.g. "GET".  Use "*" to match any method. */
     method: string;
@@ -169,6 +175,8 @@ interface FirewallRule {
     value: string;
     action: FirewallAction;
     attackType: string;
+    redirectTarget?: string | null;
+    tempBlockMins?: number | null;
 }
 /**

package/dist/index.d.ts CHANGED Viewed

@@ -148,11 +148,17 @@ declare const EventName: {
     readonly SQL_ERROR: "db.sql.error";
     readonly FIREWALL_BLOCK: "http.firewall.block";
     readonly FIREWALL_FLAG: "http.firewall.flag";
+    readonly FIREWALL_RATE_LIMIT: "http.firewall.rate_limit";
+    readonly FIREWALL_REDIRECT_HONEYPOT: "http.firewall.redirect_honeypot";
+    readonly FIREWALL_TAG: "http.firewall.tag";
+    readonly FIREWALL_MONITOR: "http.firewall.monitor";
+    readonly FIREWALL_CHALLENGE: "http.firewall.challenge";
+    readonly FIREWALL_TEMP_BLOCK: "http.firewall.temporary_block";
 };
 type EventNameValue = typeof EventName[keyof typeof EventName];
 type FirewallField = "url" | "body" | "header" | "user_agent" | "ip";
 type FirewallOperator = "contains" | "equals" | "starts_with" | "ends_with" | "regex";
-type FirewallAction = "block" | "flag";
+type FirewallAction = "block" | "flag" | "rate_limit" | "challenge" | "redirect_honeypot" | "tag" | "monitor" | "temporary_block";
 interface EndpointDeclaration {
     /** HTTP method, e.g. "GET".  Use "*" to match any method. */
     method: string;
@@ -169,6 +175,8 @@ interface FirewallRule {
     value: string;
     action: FirewallAction;
     attackType: string;
+    redirectTarget?: string | null;
+    tempBlockMins?: number | null;
 }
 /**

package/dist/index.js CHANGED Viewed

@@ -71,7 +71,7 @@ var EventBuffer = class {
         headers: {
           Authorization: `Bearer ${apiKey}`,
           "Content-Type": "application/json",
-          "User-Agent": `@sentinelapi/node-sdk/0.1.0`
+          "User-Agent": `@anomira/node-sdk/0.2.5`
         },
         body: JSON.stringify(payload),
         signal: AbortSignal.timeout(8e3)
@@ -400,7 +400,13 @@ var EventName = {
   SQL_ERROR: "db.sql.error",
   // Firewall (emitted when a custom request filtering rule fires)
   FIREWALL_BLOCK: "http.firewall.block",
-  FIREWALL_FLAG: "http.firewall.flag"
+  FIREWALL_FLAG: "http.firewall.flag",
+  FIREWALL_RATE_LIMIT: "http.firewall.rate_limit",
+  FIREWALL_REDIRECT_HONEYPOT: "http.firewall.redirect_honeypot",
+  FIREWALL_TAG: "http.firewall.tag",
+  FIREWALL_MONITOR: "http.firewall.monitor",
+  FIREWALL_CHALLENGE: "http.firewall.challenge",
+  FIREWALL_TEMP_BLOCK: "http.firewall.temporary_block"
 };
 // src/agent-detection.ts
@@ -2034,6 +2040,27 @@ function createExpressMiddleware(client) {
     const fingerprint = computeBrowserFingerprint(headers ?? {}, ua);
     const h2settings = extractHttp2Settings(req);
     const upstreamTls = extractUpstreamTls(headers ?? {});
+    const cookieHeader = headers?.["cookie"];
+    const cookieToken = cookieHeader ? cookieHeader.split(";").map((c) => c.trim()).find((c) => c.startsWith("anomira_fp="))?.slice("anomira_fp=".length) ?? "" : "";
+    const browserFpRaw = cookieToken || headers?.["x-anomira-fp"] || "";
+    let browserFp = null;
+    if (browserFpRaw) {
+      try {
+        const raw = JSON.parse(Buffer.from(browserFpRaw, "base64").toString("utf8"));
+        if (typeof raw["v"] === "number" && typeof raw["fp"] === "string") {
+          browserFp = {
+            fp: raw["fp"],
+            bot: raw["bot"] ?? 0,
+            sigs: (raw["sigs"] ?? []).join(","),
+            uid: typeof raw["uid"] === "string" && raw["uid"] ? raw["uid"] : void 0,
+            pst: raw["frm"]?.pst,
+            ttf: raw["frm"]?.ttf,
+            tts: raw["frm"]?.tts
+          };
+        }
+      } catch {
+      }
+    }
     if (client["canaryTokenCache"] && client["canaryTokenCache"].size > 0) {
       const authHeader = (typeof headers?.["authorization"] === "string" ? headers["authorization"] : "") ?? "";
       if (authHeader.startsWith("Bearer ")) {
@@ -2128,11 +2155,39 @@ function createExpressMiddleware(client) {
         userId,
         meta: { url, method, ruleId: fwMatch.rule.id, attackType: fwMatch.rule.attackType }
       });
-      if (fwMatch.rule.action === "block") {
-        const res_ = res;
-        if (typeof res_["status"] === "function") res_["status"](403);
-        else res_["statusCode"] = 403;
-        if (typeof res_["end"] === "function") res_["end"]('{"error":"Blocked by firewall rule"}');
+      const res_ = res;
+      const setStatus = (code) => {
+        if (typeof res_["status"] === "function") res_["status"](code);
+        else res_["statusCode"] = code;
+      };
+      const sendBody = (body) => {
+        if (typeof res_["end"] === "function") res_["end"](body);
+      };
+      const setHeader = (k, v) => {
+        if (typeof res_["setHeader"] === "function") res_["setHeader"](k, v);
+      };
+      const action = fwMatch.rule.action;
+      if (action === "block" || action === "temporary_block") {
+        setStatus(403);
+        sendBody('{"error":"Blocked by firewall rule"}');
+        return;
+      }
+      if (action === "rate_limit") {
+        setStatus(429);
+        setHeader("Retry-After", "60");
+        sendBody('{"error":"Rate limit exceeded","retryAfter":60}');
+        return;
+      }
+      if (action === "redirect_honeypot") {
+        const target = fwMatch.rule.redirectTarget ?? "/.env";
+        setStatus(302);
+        setHeader("Location", target);
+        sendBody("");
+        return;
+      }
+      if (action === "challenge") {
+        setStatus(403);
+        sendBody('{"error":"Request challenge required"}');
         return;
       }
     }
@@ -2146,7 +2201,7 @@ function createExpressMiddleware(client) {
       }
     }
     const onFinish = () => {
-      const lateUserId = client.config.getUserId(req);
+      const lateUserId = client.config.getUserId(req) || browserFp?.uid || "";
       if (!userIdWarnFired && userIdCheckCount < 20) {
         userIdCheckCount++;
         if (!lateUserId) userIdMissCount++;
@@ -2201,6 +2256,14 @@ function createExpressMiddleware(client) {
           _fp: fingerprint.score,
           _fpSig: fingerprint.signals.join(","),
           ...fingerprint.knownClient ? { _fpClient: fingerprint.knownClient } : {},
+          ...browserFp ? {
+            _bfp: browserFp.fp,
+            _bbot: browserFp.bot,
+            _bsigs: browserFp.sigs,
+            ...browserFp.pst !== void 0 ? { _bpaste: browserFp.pst } : {},
+            ...browserFp.ttf !== void 0 && browserFp.ttf >= 0 ? { _bttf: browserFp.ttf } : {},
+            ...browserFp.tts !== void 0 && browserFp.tts >= 0 ? { _btts: browserFp.tts } : {}
+          } : {},
           ...h2settings ? {
             _h2Window: h2settings.initialWindowSize,
             _h2HdrTable: h2settings.headerTableSize,
@@ -2328,14 +2391,32 @@ function createFastifyPlugin(client) {
           userId,
           meta: { url, method, ruleId: fwMatch.rule.id, attackType: fwMatch.rule.attackType }
         });
-        if (fwMatch.rule.action === "block") {
-          const rep = reply;
-          if (typeof rep["code"] === "function") {
-            const chained = rep["code"](403);
-            if (chained && typeof chained["send"] === "function") {
-              chained["send"]({ error: "Blocked by firewall rule" });
-            }
-          }
+        const rep = reply;
+        const replyCode = (code) => typeof rep["code"] === "function" ? rep["code"](code) : rep;
+        const replyHeader = (k, v) => {
+          if (typeof rep["header"] === "function") rep["header"](k, v);
+        };
+        const replySend = (chained, body) => {
+          if (chained && typeof chained["send"] === "function") chained["send"](body);
+        };
+        const action = fwMatch.rule.action;
+        if (action === "block" || action === "temporary_block") {
+          replySend(replyCode(403), { error: "Blocked by firewall rule" });
+          return;
+        }
+        if (action === "rate_limit") {
+          replyHeader("Retry-After", "60");
+          replySend(replyCode(429), { error: "Rate limit exceeded", retryAfter: 60 });
+          return;
+        }
+        if (action === "redirect_honeypot") {
+          const target = fwMatch.rule.redirectTarget ?? "/.env";
+          replyHeader("Location", target);
+          replySend(replyCode(302), "");
+          return;
+        }
+        if (action === "challenge") {
+          replySend(replyCode(403), { error: "Request challenge required" });
           return;
         }
       }
@@ -2350,11 +2431,11 @@ function createFastifyPlugin(client) {
       const ip = client.config.getIp(req);
       const url = req["url"] ?? "/";
       const method = req["method"]?.toUpperCase() ?? "GET";
-      const userId = client.config.getUserId(req);
+      const serverUserId = client.config.getUserId(req);
       const status = reply["statusCode"] ?? 0;
       if (!userIdWarnFired && userIdCheckCount < 20) {
         userIdCheckCount++;
-        if (!userId) userIdMissCount++;
+        if (!serverUserId) userIdMissCount++;
         if (userIdCheckCount === 20 && userIdMissCount >= 18) {
           userIdWarnFired = true;
           console.warn(
@@ -2369,6 +2450,28 @@ function createFastifyPlugin(client) {
       const fingerprint = computeBrowserFingerprint(headers ?? {}, ua);
       const h2settings = extractHttp2Settings(req);
       const upstreamTls = extractUpstreamTls(headers ?? {});
+      const cookieHdrF = headers?.["cookie"];
+      const cookieTokF = cookieHdrF ? cookieHdrF.split(";").map((c) => c.trim()).find((c) => c.startsWith("anomira_fp="))?.slice("anomira_fp=".length) ?? "" : "";
+      const bfpRawF = cookieTokF || headers?.["x-anomira-fp"] || "";
+      let browserFpF = null;
+      if (bfpRawF) {
+        try {
+          const raw = JSON.parse(Buffer.from(bfpRawF, "base64").toString("utf8"));
+          if (typeof raw["v"] === "number" && typeof raw["fp"] === "string") {
+            browserFpF = {
+              fp: raw["fp"],
+              bot: raw["bot"] ?? 0,
+              sigs: (raw["sigs"] ?? []).join(","),
+              uid: typeof raw["uid"] === "string" && raw["uid"] ? raw["uid"] : void 0,
+              pst: raw["frm"]?.pst,
+              ttf: raw["frm"]?.ttf,
+              tts: raw["frm"]?.tts
+            };
+          }
+        } catch {
+        }
+      }
+      const userId = serverUserId || browserFpF?.uid || "";
       client.track(EventName.REQUEST, {
         ip,
         userId,
@@ -2382,6 +2485,14 @@ function createFastifyPlugin(client) {
           _fp: fingerprint.score,
           _fpSig: fingerprint.signals.join(","),
           ...fingerprint.knownClient ? { _fpClient: fingerprint.knownClient } : {},
+          ...browserFpF ? {
+            _bfp: browserFpF.fp,
+            _bbot: browserFpF.bot,
+            _bsigs: browserFpF.sigs,
+            ...browserFpF.pst !== void 0 ? { _bpaste: browserFpF.pst } : {},
+            ...browserFpF.ttf !== void 0 && browserFpF.ttf >= 0 ? { _bttf: browserFpF.ttf } : {},
+            ...browserFpF.tts !== void 0 && browserFpF.tts >= 0 ? { _btts: browserFpF.tts } : {}
+          } : {},
           ...h2settings ? {
             _h2Window: h2settings.initialWindowSize,
             _h2HdrTable: h2settings.headerTableSize,