@netacea/cloudfront 6.0.64 → 6.0.65
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +10 -8
- package/dist/index.js +1 -1
- package/package.json +2 -2
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
2
|
import aws4 from 'aws4';
|
|
3
|
-
import { CloudFrontRequestEvent, CloudFrontResultResponse, CloudFrontRequest, CloudFrontResponseEvent, CloudFrontResponse } from 'aws-lambda';
|
|
3
|
+
import { CloudFrontRequestEvent, CloudFrontResultResponse, CloudFrontRequest, CloudFrontRequestEventRecord, CloudFrontResponseEvent, CloudFrontResponse } from 'aws-lambda';
|
|
4
4
|
|
|
5
5
|
interface KinesisIngestConfigArgs$1 {
|
|
6
6
|
kinesisStreamName: string;
|
|
@@ -289,6 +289,7 @@ interface IngestArgs {
|
|
|
289
289
|
mitigationStatus?: number;
|
|
290
290
|
netaceaCookieStatus?: number;
|
|
291
291
|
requestHost?: string;
|
|
292
|
+
requestId?: string;
|
|
292
293
|
workerInstanceId?: string;
|
|
293
294
|
xForwardedFor?: string;
|
|
294
295
|
}
|
|
@@ -485,14 +486,14 @@ declare class Cloudfront {
|
|
|
485
486
|
protected getFingerprints(cfRequest: CloudFrontRequest): Promise<{
|
|
486
487
|
headerFingerprint: string;
|
|
487
488
|
}>;
|
|
488
|
-
protected mitigate(
|
|
489
|
-
protected inject(
|
|
490
|
-
ingest(requestOrEvent: CloudFrontRequestEvent | CloudFrontResponseEvent |
|
|
489
|
+
protected mitigate(cfEventRecord: CloudFrontRequestEventRecord): Promise<MitigateResponse<CloudFrontResultResponse>>;
|
|
490
|
+
protected inject(cfEventRecord: CloudFrontRequestEventRecord): Promise<InjectResponse>;
|
|
491
|
+
ingest(requestOrEvent: CloudFrontRequestEvent | CloudFrontResponseEvent | CloudFrontRequestEventRecord, response?: CloudFrontResultResponse | CloudFrontResponse | undefined): Promise<any>;
|
|
491
492
|
addNetaceaCookiesToResponse(cloudfrontEvent: CloudFrontResponseEvent): void;
|
|
492
493
|
private setInjectHeaders;
|
|
493
494
|
private getValueFromHeaderOrDefault;
|
|
494
495
|
private getMitataValueFromHeaderOrDefault;
|
|
495
|
-
private
|
|
496
|
+
private getRecordFromEvent;
|
|
496
497
|
private getMitigationResponse;
|
|
497
498
|
private addNetaceaCookiesToRequest;
|
|
498
499
|
getCookieHeader(request: CloudFrontRequest): string | null;
|
|
@@ -501,7 +502,7 @@ declare class Cloudfront {
|
|
|
501
502
|
/**
|
|
502
503
|
* START -- NETACEA BASE METHODS
|
|
503
504
|
*/
|
|
504
|
-
runMitigation(
|
|
505
|
+
runMitigation(eventRecord: CloudFrontRequestEventRecord): Promise<NetaceaMitigationResponse<CloudFrontResultResponse>>;
|
|
505
506
|
/**
|
|
506
507
|
* Returns the value of the cookie with the given name from a string or list of cookies.
|
|
507
508
|
* If the cookie name is included in the encryptedCookies class property,
|
|
@@ -517,6 +518,7 @@ declare class Cloudfront {
|
|
|
517
518
|
headerFingerprint: string;
|
|
518
519
|
contentType: string;
|
|
519
520
|
accept: string;
|
|
521
|
+
requestId: string;
|
|
520
522
|
}): Promise<ComposeResultResponse>;
|
|
521
523
|
protected shouldSetCaptchaPass(request: CloudFrontRequest, response: CloudFrontResponse | CloudFrontResultResponse): boolean;
|
|
522
524
|
private processCaptcha;
|
|
@@ -528,9 +530,9 @@ declare class Cloudfront {
|
|
|
528
530
|
private buildCookieFromValues;
|
|
529
531
|
protected callIngest(args: IngestArgs): Promise<void>;
|
|
530
532
|
private makeIngestApiCall;
|
|
531
|
-
protected processIngest(
|
|
533
|
+
protected processIngest(cfEventRecord: CloudFrontRequestEventRecord): Promise<NetaceaResponseBase>;
|
|
532
534
|
protected setIngestOnlyMitataCookie(userId: string | undefined): Promise<NetaceaResponseBase>;
|
|
533
|
-
protected check(netaceaCookie: string | undefined, clientIP: string, userAgent: string, accept: string, host: string, captchaCookie?: string, headerFingerprint?: string): Promise<ComposeResultResponse>;
|
|
535
|
+
protected check(netaceaCookie: string | undefined, clientIP: string, userAgent: string, accept: string, host: string, requestId: string, captchaCookie?: string, headerFingerprint?: string): Promise<ComposeResultResponse>;
|
|
534
536
|
private makeMitigateAPICall;
|
|
535
537
|
private buildCookieHeader;
|
|
536
538
|
private composeResult;
|
package/dist/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";var e=require("node:crypto"),t=require("node:buffer"),i=require("axios"),a=require("aws4"),s=require("jose"),o=require("uuid");function n(e){var t=Object.create(null);return e&&Object.keys(e).forEach((function(i){if("default"!==i){var a=Object.getOwnPropertyDescriptor(e,i);Object.defineProperty(t,i,a.get?a:{enumerable:!0,get:function(){return e[i]}})}})),t.default=e,Object.freeze(t)}var r,c,h,u=n(s),d=n(o);!function(e){e.ORIGIN="ORIGIN",e.HTTP="HTTP",e.KINESIS="KINESIS",e.NATIVE="NATIVE"}(r||(r={})),function(e){e.MITIGATE="MITIGATE",e.INJECT="INJECT",e.INGEST="INGEST"}(c||(c={})),function(e){e.CAPTCHA_GET="captcha_get",e.CAPTCHA_POST="captcha_post",e.EXPIRED_SESSION="expired_session",e.FORCED_REVALIDATION="forced_revalidation",e.INVALID_SESSION="invalid_session",e.IP_CHANGE="ip_change",e.NO_SESSION="no_session"}(h||(h={}));function l(e,t=0){return isNaN(e)?t:parseInt(e)}const p=3e3;const g="_/@#/",f={none:"",block:"block",captcha:"captcha",allow:"allow",captchaPass:"captchapass"},m={0:f.none,1:f.block,2:f.none,3:f.block,4:f.block},y={1:f.captcha,2:f.captchaPass,3:f.captcha,4:f.allow,5:f.captcha,6:f.captcha,7:f.captcha};var k=Object.freeze({__proto__:null,COOKIEDELIMITER:g,bestMitigationCaptchaMap:y,bestMitigationMap:m,captchaMap:{0:"",1:"captcha_serve",2:"captcha_pass",3:"captcha_fail",4:"captcha_cookiepass",5:"captcha_cookiefail",6:"checkpoint_signal",7:"checkpoint_post"},captchaStatusCodes:{"":0,captchaServe:1,captchaPass:2,captchaFail:3,captchaCookiePass:4,captchaCookieFail:5,checkpointSignal:6,checkpointPost:7},matchMap:{0:"",1:"ua_",2:"ip_",3:"visitor_",4:"datacenter_",5:"sev_",6:"organisation_",7:"asn_",8:"country_",9:"combination_",b:"headerFP_"},mitigateMap:{0:"",1:"blocked",2:"allow",3:"hardblocked",4:"block"},mitigationTypes:f,netaceaCookieV3KeyMap:{clientIP:"cip",userId:"uid",gracePeriod:"grp",cookieId:"cid",match:"mat",mitigate:"mit",captcha:"cap",issueTimestamp:"ist",issueReason:"isr"},netaceaCookieV3OptionalKeyMap:{checkAllPostRequests:"fCAPR"},netaceaHeaders:{match:"x-netacea-match",mitigate:"x-netacea-mitigate",captcha:"x-netacea-captcha",mitata:"x-netacea-mitata-value",mitataExpiry:"x-netacea-mitata-expiry",mitataCaptcha:"x-netacea-mitatacaptcha-value",mitataCaptchaExpiry:"x-netacea-mitatacaptcha-expiry",eventId:"x-netacea-event-id"},netaceaSettingsMap:{checkAllPostRequests:"checkAllPostRequests"}});const S="ignored",C="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".split(""),v=/^(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/((\d|[a-z])(\d)(\d))$/i;function I(e){if(void 0===e)return;const t=e.match(v);if(null!=t){const[,e,i,a,s,o,n,r,c]=t;return{signature:e,expiry:i,userId:a,ipHash:s,mitigationType:o,match:n,mitigate:r,captcha:c}}}function w(t=16,i=C){const a=e.randomBytes(t-1);return`c${Array.from(a).map((e=>i[e%i.length])).join("")}`}function b(i,a){const s=e.createHmac("sha256",a);return s.update(i),t.Buffer.from(s.digest("hex")).toString("base64")}function A(e,t,i){const a={mitata:void 0,requiresReissue:!1,isExpired:!1,shouldExpire:!1,isSameIP:!1,isPrimaryHashValid:!1,captcha:"0",match:"0",mitigate:"0"};if("string"!=typeof e||""===e)return a;const s=I(e);if(void 0!==s){const e=[s.expiry,s.userId,s.ipHash,s.mitigationType].join(g),a=Math.floor(Date.now()/1e3),o=parseInt(s.expiry)<a,n=["1","3","5"].includes(s.captcha),r="3"===s.mitigate,c=n||r,h=b(t+"|"+s.expiry,i),u=s.ipHash===h;return{mitata:s,requiresReissue:o||!u,isExpired:o,shouldExpire:c,isSameIP:u,isPrimaryHashValid:s.signature===b(e,i),match:s.match,mitigate:s.mitigate,captcha:s.captcha,userId:s.userId}}return a}function N(e,t){const i=e.split(";").map((e=>e.trim())).filter((e=>e.toLowerCase().startsWith(t.toLowerCase())))[0];return void 0!==i&&i.length>0?i?.replace(`${t}=`,""):void 0}function E(e,t=!1){return"string"!=typeof e&&(e=e.join("; ")),""===e?"":T(e.split(";"),t).join("; ")}function T(e,t=!1){if(t)return T(e.reverse()).reverse();const i=new Set,a=[];for(let t of e){if(t=t.trimStart(),""===t.trim())continue;const e=t.split("=")[0].toUpperCase();i.has(e)||(i.add(e),a.push(t))}return a}var P=Object.freeze({__proto__:null,configureCookiesDomain:function(e,t){let i=e=E(e??"",!0),a=t=E(t??"",!0);if(void 0!==e&&void 0!==t){const s=N(e,"Domain"),o=N(t,"Domain");void 0!==s&&void 0!==o?a=t.replace(o,s):void 0!==s&&void 0===o?a=t+(""!==t?`; Domain=${s}`:`Domain=${s}`):void 0===s&&void 0!==o&&(i=e+(""!==e?`; Domain=${o}`:`Domain=${o}`))}else if(void 0!==e&&void 0===t){const t=N(e,"Domain");void 0!==t&&(a=`Domain=${t}`)}else if(void 0===e&&void 0!==t){const e=N(t,"Domain");void 0!==e&&(i=`Domain=${e}`)}return{cookieAttributes:""!==i?i:void 0,captchaCookieAttributes:""!==a?a:void 0}},extractAndRemoveCookieAttr:function(e,t){const i=N(e,t);if(void 0!==i){return{extractedAttribute:i,cookieAttributes:e.replace(/ /g,"").replace(`${t}=${i}`,"").split(";").filter((e=>e.length>0)).join("; ")}}return{extractedAttribute:void 0,cookieAttributes:e}},extractCookieAttr:N,removeDuplicateAttrs:E});var O=Object.freeze({__proto__:null,parseSetCookie:function(e){const t=e.indexOf("=");if(t<0)throw new Error("Could not parse the given set-cookie value.");const i=e.slice(0,t),a=e.slice(t+1),s=a.indexOf(";");return{name:i,value:a.slice(0,s),attributes:a.slice(s).trimStart()}}});const K={cookie:{parse:O,attributes:P}};class _{constructor(e){this.crypto=e}async hashString(e,t,i=!1){const a=i?[...t].sort():[...t],s=(new TextEncoder).encode(a.join(",")),o=await this.crypto.subtle.digest(e,s),n=Array.from(new Uint8Array(o)).map((e=>e.toString(16).padStart(2,"0"))).join("").substring(0,12);return"h"+(i?"s":"")+`_${t.length}_${n}`}static filterHeaderNames(e){return e.filter((e=>{const t=e.toLowerCase();return!["","cookie","referer"].includes(t)&&null===t.match(/^(x-netacea-|cloudfront-)/i)}))}async hashHeaders(e,t=!1){const i=_.filterHeaderNames(e);if(0===i.length)return"";try{return await this.hashString("SHA-256",i,t)}catch(e){return console.error(e),""}}}var x="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},R={},H={},M={},F=x&&x.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),D=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),j=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&F(t,e,i);return D(t,e),t};Object.defineProperty(M,"__esModule",{value:!0}),M.isJweEncrypted=M.decrypt=M.encrypt=void 0;const L=j(s);M.encrypt=async function(e,t){const i=L.base64url.decode(t),a=(new TextEncoder).encode(e);return await new L.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A128CBC-HS256"}).encrypt(i)},M.decrypt=async function(e,t){const i=L.base64url.decode(t),{plaintext:a}=await L.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM","A128CBC-HS256"]});return(new TextDecoder).decode(a)},M.isJweEncrypted=function(e){return 5===e.split(".").length&&e.includes("..")};var q=x&&x.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),V=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),$=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&q(t,e,i);return V(t,e),t};Object.defineProperty(H,"__esModule",{value:!0}),H.jwe=void 0,H.jwe=$(M);var B={},U={};function z(e,t){for(const i of Object.keys(e)){if("cookie"!==i&&"Cookie"!==i)continue;const a=e[i]??"",s=W("string"==typeof a?a:a.join("; "),t);if(void 0!==s)return s}}function G(e,t){const i=[];for(const a of Object.keys(e)){if("cookie"!==a&&"Cookie"!==a)continue;const s=e[a]??"",o="string"==typeof s?s:s.join("; ");i.push(...X(o,t))}return i}function W(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).find((e=>e.startsWith(i)))}function X(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).filter((e=>e.startsWith(i)))}Object.defineProperty(U,"__esModule",{value:!0}),U.findAllInCookieString=U.findFirstInCookieString=U.findAllInHeaders=U.findFirstInHeaders=U.findOnlyValueInHeaders=U.findAllValuesInHeaders=U.findFirstValueInHeaders=void 0,U.findFirstValueInHeaders=function(e,t){const i=z(e,t);if(void 0!==i)return i.slice(t.length+1)},U.findAllValuesInHeaders=function(e,t){return G(e,t).map((e=>e.slice(t.length+1)))},U.findOnlyValueInHeaders=function(e,t){const i=G(e,t);if(i.length>1)throw new Error(`Found more than one cookie with name ${t}`);return i[0]?.slice(t.length+1)},U.findFirstInHeaders=z,U.findAllInHeaders=G,U.findFirstInCookieString=W,U.findAllInCookieString=X;var J={};function Y(e){return"set-cookie"===e||"Set-Cookie"===e}function Q(e,t){const i=t+"=";return e.startsWith(i)}function Z(e,t){const i=e[t]??[];return"string"==typeof i?[i]:i}function ee(e,t){for(const i of Object.keys(e)){if(!Y(i))continue;const a=te(Z(e,i),t);if(void 0!==a)return a}}function te(e,t){return e.map((e=>e.trimStart())).find((e=>Q(e,t)))}function ie(e,t){const i=[];for(const a of Object.keys(e)){if(!Y(a))continue;const s=Z(e,a);i.push(...ae(s,t))}return i}function ae(e,t){return e.map((e=>e.trimStart())).filter((e=>Q(e,t)))}Object.defineProperty(J,"__esModule",{value:!0}),J.findAllInSetCookieStrings=J.findAllInHeaders=J.findFirstInSetCookieStrings=J.findFirstInHeaders=J.findOnlyValueInHeaders=J.findFirstValueInHeaders=void 0,J.findFirstValueInHeaders=function(e,t){const i=ee(e,t);return i?.slice(t.length+1)?.split(";")[0]},J.findOnlyValueInHeaders=function(e,t){const i=ie(e,t);if(i.length>1)throw new Error(`Found more than one set-cookie with name ${t}`);return i[0]?.slice(t.length+1)?.split(";")[0]},J.findFirstInHeaders=ee,J.findFirstInSetCookieStrings=te,J.findAllInHeaders=ie,J.findAllInSetCookieStrings=ae;var se=x&&x.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),oe=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),ne=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&se(t,e,i);return oe(t,e),t};Object.defineProperty(B,"__esModule",{value:!0}),B.setCookie=B.cookie=void 0,B.cookie=ne(U),B.setCookie=ne(J);var re={},ce={},he={};Object.defineProperty(he,"__esModule",{value:!0}),he.KINESIS_URL=he.API_VERSION=he.REGION=he.PAYLOAD_TYPE=he.STATE=void 0,he.STATE={ACTIVE:"ACTIVE",UPDATING:"UPDATING",CREATING:"CREATING",DELETING:"DELETING"},he.PAYLOAD_TYPE="string",he.REGION="eu-west-1",he.API_VERSION="2013-12-02",he.KINESIS_URL="https://kinesis.eu-west-1.amazonaws.com",Object.defineProperty(ce,"__esModule",{value:!0}),ce.WebStandardKinesis=void 0;const ue=he;async function de(e){await new Promise((t=>{setTimeout(t,e)}))}function le(e){const t={};return e.forEach(((e,i)=>{t[i]=e})),t}ce.WebStandardKinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e;const{kinesisStreamName:i,kinesisAccessKey:a,kinesisSecretKey:s,maxLogAgeSeconds:o,logBatchSize:n,rampUpBatchSize:r,maxAwaitTimePerIngestCallMs:c}=t;if(void 0===a)throw new Error("kinesisAccessKey is required for kinesis ingest");if(void 0===s)throw new Error("kinesisSecretKey is required for kinesis ingest");this.kinesisStreamName=i,this.kinesisAccessKey=a,this.kinesisSecretKey=s,this.maxAwaitTimePerIngestCallMs=c,void 0!==o&&o<this.maxLogAgeSeconds&&o>0&&(this.maxLogAgeSeconds=o),void 0!==n&&(this.maxLogBatchSize=n),this.logBatchSize=!0===r?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=new this.deps.AwsClient({accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey}),i=await this.signRequest(t,{streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);await this.deps.makeRequest({headers:le(i.headers),host:ue.KINESIS_URL,method:"POST",path:"/",body:i.body}),this.logBatchSize!==this.maxLogBatchSize&&(this.logBatchSize=Math.min(this.maxLogBatchSize,2*this.logBatchSize))}catch(t){this.logCache.push(...e),console.error(t)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push(de(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=de(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}batchArrayForKinesis(e,t){const i=[];for(let a=0;a<e.length;a+=t){const s=e.slice(a,a+t);i.push({Data:this.deps.Buffer.from(JSON.stringify(s)).toString("base64"),PartitionKey:Date.now().toString()})}return i}async signRequest(e,t,i,a){const s={Records:this.batchArrayForKinesis(i,a),PartitionKey:Date.now().toString(),StreamName:t.streamName};return await e.sign(ue.KINESIS_URL,{body:JSON.stringify(s),method:"POST",headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"}})}};var pe={};Object.defineProperty(pe,"__esModule",{value:!0}),pe.Kinesis=void 0;const ge=he;async function fe(e){await new Promise((t=>{setTimeout(t,e)}))}pe.Kinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e;const{kinesisStreamName:i,kinesisAccessKey:a,kinesisSecretKey:s,maxLogAgeSeconds:o,logBatchSize:n,rampUpBatchSize:r,maxAwaitTimePerIngestCallMs:c}=t;this.kinesisStreamName=i,this.kinesisAccessKey=a,this.kinesisSecretKey=s,this.maxAwaitTimePerIngestCallMs=c,void 0!==o&&o<this.maxLogAgeSeconds&&o>0&&(this.maxLogAgeSeconds=o),void 0!==n&&(this.maxLogBatchSize=n),this.logBatchSize=!0===r?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=this.signRequest({streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);if("POST"!==t.method)throw new Error(`Unexpected method. Expected POST but got ${t.method}`);await this.deps.makeRequest({headers:t.headers??{},host:`https://${t.hostname}`,method:t.method,path:t.path??"/",body:t.body}),this.logBatchSize!==this.maxLogBatchSize&&(this.logBatchSize=Math.min(this.maxLogBatchSize,2*this.logBatchSize))}catch(t){this.logCache.push(...e),console.error(t)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push(fe(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=fe(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}signRequest(e,t,i){const{accessKeyId:a,secretAccessKey:s}=e,o={Records:this.batchArrayForKinesis(t,i),PartitionKey:Date.now().toString(),StreamName:e.streamName};return this.deps.aws4.sign({service:"kinesis",body:JSON.stringify(o),headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"},region:ge.REGION},{accessKeyId:a,secretAccessKey:s})}batchArrayForKinesis(e,t){const i=[];for(let a=0;a<e.length;a+=t){const s=e.slice(a,a+t);i.push({Data:this.deps.Buffer.from(JSON.stringify(s)).toString("base64"),PartitionKey:Date.now().toString()})}return i}},function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.Kinesis=e.WebStandardKinesis=void 0;var t=ce;Object.defineProperty(e,"WebStandardKinesis",{enumerable:!0,get:function(){return t.WebStandardKinesis}});var i=pe;Object.defineProperty(e,"Kinesis",{enumerable:!0,get:function(){return i.Kinesis}})}(re);var me={};function ye(e,t){let i=null;if("number"==typeof e)i=e;else if("string"==typeof e){const t=parseFloat(e);isNaN(t)||(i=t)}if(null===i){if("number"!=typeof t.defaultValue)return t.defaultValue;i=t.defaultValue}return void 0!==t.minValue&&(i=Math.max(t.minValue,i)),void 0!==t.maxValue&&(i=Math.min(t.maxValue,i)),i}Object.defineProperty(me,"__esModule",{value:!0}),me.parseIntOrDefault=me.parseNumberOrDefault=void 0,me.parseNumberOrDefault=ye,me.parseIntOrDefault=function(e,t){const i=ye(e,t);return"number"==typeof i?Math.floor(i):i};var ke={};Object.defineProperty(ke,"__esModule",{value:!0}),ke.validateRedirectLocation=void 0,ke.validateRedirectLocation=function(e){if(""!==(e=e??""))try{return new URL(e).toString()}catch{if(/^https?:\/\//i.test(e))return;return e.startsWith("/")?e:`/${e}`}};var Se=x&&x.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),Ce=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),ve=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&Se(t,e,i);return Ce(t,e),t};Object.defineProperty(R,"__esModule",{value:!0}),R.configValidation=R.parsing=Ie=R.ingest=R.headers=R.webcrypto=void 0,R.webcrypto=ve(H),R.headers=ve(B);var Ie=R.ingest=ve(re);async function we(e,t){const i=u.base64url.decode(t),{plaintext:a}=await u.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM"]});return(new TextDecoder).decode(a)}function be(e,t){const{clientIp:i}=e;if(void 0===t||""===t)return i;const a=e.headers[t]?.[0]?.value;return void 0===a||""===a?i:"x-forwarded-for"===t?a.split(/, ?/).pop()??i:a}R.parsing=ve(me),R.configValidation=ve(ke);const Ae={sessionStatus:"x-netacea-session-status",mitigationLatency:"x-netacea-api-call-latency",mitigationStatus:"x-netacea-api-call-status"};function Ne(e,t){Ee(e,t.protectorApiResponse.status,t.latencyMs),e.headers[Ae.sessionStatus]=[{key:Ae.sessionStatus,value:"error_open"}]}function Ee(e,t,i,a=void 0){i!==t&&(e.headers[Ae.mitigationStatus]=[{key:Ae.mitigationStatus,value:String(t)}]),void 0!==i&&(e.headers[Ae.mitigationLatency]=[{key:Ae.mitigationLatency,value:String(i)}]),void 0!==a&&(e.headers[Ae.sessionStatus]=[{key:Ae.sessionStatus,value:String(a)}])}function Te(e,t){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i)return i[0].value}}async function Pe(e,t,i){const a=t.cookie?.[0].value.split(";"),s=a?.find((t=>t.includes(`${e}=`)))?.trimStart()?.replace(`${e}=`,"");if(void 0!==s){if(void 0!==i)try{return await we(s,i)}catch(e){return}return s}}function Oe(e){const t={"set-cookie":[]};for(const i of e)t["set-cookie"]?.push({key:"set-cookie",value:i});return t}function Ke(e,t){return e.includes("/AtaVerifyCaptcha")&&"post"===t.toLowerCase()}function _e(e,t,i){let a=e;try{a=new URL(e).pathname}catch(e){}return void 0!==i&&i.length>0&&a===i&&"get"===t.toLowerCase()}function xe(e,t){const i=e[t];return"string"==typeof i?i:i?.[0]}function Re(e){return e.bytesSent=""===e.bytesSent?"0":e.bytesSent,function({bytesSent:e,headerFingerprint:t,integrationMode:i,integrationType:a,integrationVersion:s,ip:o,method:n,mitataCookie:r,mitigationLatency:c,mitigationStatus:h,netaceaCookieStatus:u,path:d,protocol:l,referer:p,requestHost:g,requestTime:f,sessionStatus:m,status:y,timeUnixMsUTC:k,userAgent:S,workerInstanceId:C,xForwardedFor:v}){const{request:I}=function(e,t,i){"/"!==t[0]&&(t=`/${t}`);const a=t.split("?"),s=a[0],o=a.length>1?`?${a[1]}`:void 0;return{path:s,query:o,request:`${e} ${s}${o??""}${""!==(i??"")?` ${i}`:""}`}}(n,d,l);return{BytesSent:e?.toString(),HeaderHash:t,IntegrationType:a??"",IntegrationVersion:s??"",NetaceaMitigationApplied:m??"",NetaceaUserIdCookie:r??"",NetaceaUserIdCookieStatus:u,ProtectionMode:i,ProtectorLatencyMs:c,ProtectorStatus:h,RealIp:o,Referer:""===p?"-":p,Request:I,RequestHost:g,RequestTime:f?.toString(),Status:y,TimeLocal:new Date(k??Date.now()).toUTCString(),TimeUnixMsUTC:k??Date.now(),UserAgent:S,WorkerInstanceId:C,XForwardedFor:v}}(e)}const He="unknown";function Me(e,t,i,a,s,o=!1){a=function(e,t){let i=e;return t||("2"===e?i="4":"3"===e&&(i="5")),i}(a,s),o&&(a="6");let n=k.matchMap[t]??He+"_";n+=k.mitigateMap[i]??He;let r=k.bestMitigationMap[i];if("0"!==a){n+=","+(k.captchaMap[a]??He);const e=k.bestMitigationCaptchaMap[a];void 0!==e&&(r=e)}return e===c.INJECT&&(r=k.mitigationTypes.none),{sessionStatus:n,mitigation:r,parts:{match:t,mitigate:i,captcha:a}}}class Fe extends Error{protectorApiResponse;latencyMs;constructor(e,t){super(`Got status ${e.status} when calling protector API with ${t}ms latency.`),this.protectorApiResponse=e,this.latencyMs=t}}var De;!function(e){e[e.NEW_SESSION=1]="NEW_SESSION",e[e.EXISTING_SESSION=2]="EXISTING_SESSION",e[e.RENEW_SESSION=3]="RENEW_SESSION"}(De||(De={}));class je{config;constructor(e){this.config=e}async getNetaceaRequestDetails(e){const{uri:t,method:i}=e,a=await this.readCookie(e,this.config.sessionCookieName),s=await this.readCookie(e,this.config.captchaCookieName),o=be(e,this.config.ipHeaderName),{sessionCookieDetails:n,sessionCookieStatus:r,sessionStatus:h,userId:u}=function(e,t,i,a,s){const o=A(a,s,e.secretKey);if(void 0!==o.userId&&o.isPrimaryHashValid){const a=o.userId,{isExpired:s,shouldExpire:n,isSameIP:r}=o,h=s||n||!r&&e.mitigationType!==c.INGEST?De.RENEW_SESSION:De.EXISTING_SESSION,{sessionStatus:u}=Me(e.mitigationType,o.match,o.mitigate,o.captcha,Ke(t,i));return{userId:a,sessionCookieStatus:h,sessionStatus:u,sessionCookieDetails:o}}return{sessionStatus:"",userId:w(),sessionCookieStatus:De.NEW_SESSION,sessionCookieDetails:void 0}}(this.config,t,i,a,o);return{clientIp:o,method:i,url:t,userAgent:qe(e.headers,"user-agent"),sessionDetails:{sessionStatus:h,captchaToken:s,sessionCookieDetails:n,sessionCookieStatus:r,userId:u},fingerprints:{headerFingerprint:qe(e.headers,this.config.headerFingerprintHeaderName)}}}async readCookie(e,t){const i=Le(e.headers,t,"set-cookie"),a=""!==i?i:Le(e.headers,t,"cookie");if(null==a)return;const s=a.split(/; ?/g),o=`${t}=`;for(const e of s)if(e.startsWith(o)){const i=e.slice(o.length),a=this.config.encryptedCookies??[];if(void 0!==this.config.cookieEncryptionKey&&a.includes(t))try{return await we(i,this.config.cookieEncryptionKey)}catch(e){return}return i}}}function Le(e,t,i,a=""){if(void 0!==e?.[i]){const a=e[i];if(void 0!==a){const e=a.find((e=>e.value.includes(t)));if(void 0!==e)return e.value}}return a}function qe(e,t,i=""){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i)return i[0].value}return i}const{configureCookiesDomain:Ve}=K.cookie.attributes;class $e{static NetaceaCookieHeader="x-netacea-cloudfront-mitata-cookie";static NetaceaTrueUserAgentHeader="x-netacea-true-useragent-header";static HeadersInOriginalOrderHeader="cloudfront-viewer-header-order";static NetaceaHeaderFingerPrintHeader="x-netacea-header-fingerprint";cookieEncryptionKey;ingestEnabled=!0;netaceaCaptchaPath;netaceaCheckpointSignalPath;captchaHeader;dynamicCaptchaContentType;ipHeaderName;mitataCookieExpirySeconds;apiKey;secretKey;mitigationServiceUrl="https://mitigations.netacea.net";ingestServiceUrl;timeout;captchaSiteKey;captchaSecretKey;ingestType;mitigationType;kinesisConfigArgs;encryptedCookies=[];netaceaCookieName;netaceaCaptchaCookieName;netaceaCookieAttributes;netaceaCaptchaCookieAttributes;netaceaBlockedResponseRedirectLocation;constructor(e){if(e.ingestType=r.KINESIS,this.kinesisConfigArgs=e.kinesis,void 0===e.kinesis&&(console.warn(['NETACEA :: Please move kinesis params to "kinesis" object in config.',"Backwards compatibility will soon be removed."].join(" ")),this.kinesisConfigArgs={kinesisStreamName:e.kinesisStreamName,kinesisAccessKey:e.kinesisAccessKey,kinesisSecretKey:e.kinesisSecretKey,maxLogAgeSeconds:1},void 0!==e.logBatchSize&&(this.kinesisConfigArgs.logBatchSize=e.logBatchSize)),null===e.apiKey||void 0===e.apiKey)throw new Error("apiKey is a required parameter");if(this.apiKey=e.apiKey,this.secretKey=e.secretKey,void 0!==e.mitigationServiceUrl){const t=e.mitigationServiceUrl;this.mitigationServiceUrl=t.endsWith("/")?t.slice(0,-1):t}var t;this.ingestServiceUrl=e.ingestServiceUrl??"https://ingest.netacea.net",this.mitigationType=e.mitigationType??c.INGEST,this.ingestType=e.ingestType??r.HTTP,void 0===e.captchaSiteKey&&void 0===e.captchaSecretKey||(this.captchaSiteKey=e.captchaSiteKey,this.captchaSecretKey=e.captchaSecretKey),this.timeout=(t=e.timeout??3e3)<=0?p:t,this.netaceaCookieName=e.netaceaCookieName??"_mitata",this.netaceaCaptchaCookieName=e.netaceaCaptchaCookieName??"_mitatacaptcha",this.netaceaCaptchaPath=e.netaceaCaptchaPath,this.dynamicCaptchaContentType=e.dynamicCaptchaContentType??!1;const i=Ve(e.netaceaCookieAttributes??"",e.netaceaCaptchaCookieAttributes??"");var a,s;this.netaceaCookieAttributes=i.cookieAttributes??"",this.netaceaCaptchaCookieAttributes=i.captchaCookieAttributes??"",this.captchaHeader=e.captchaHeader,this.ipHeaderName=e.ipHeaderName?.toLowerCase()?.trim(),this.encryptedCookies=[this.netaceaCookieName,this.netaceaCaptchaCookieName],this.mitataCookieExpirySeconds=(a=this.mitigationType,void 0===(s=e.netaceaCookieExpirySeconds??e.mitataCookieExpirySeconds)?a===c.INGEST?3600:60:s),this.ingestEnabled=e.ingestEnabled??!0,this.cookieEncryptionKey=e.cookieEncryptionKey,this.netaceaBlockedResponseRedirectLocation=e.netaceaBlockedResponseRedirectLocation,this.netaceaCheckpointSignalPath=e.netaceaCheckpointSignalPath}}const{extractCookieAttr:Be,extractAndRemoveCookieAttr:Ue,removeDuplicateAttrs:ze}=K.cookie.attributes,Ge=K.cookie.parse.parseSetCookie,{mitigationTypes:We,netaceaHeaders:Xe}=k;exports.Cloudfront=class{config;kinesis;requestAnalyser;workerInstanceId;hashGenerator;constructor(i){this.config=new $e(i),this.config.ingestType===r.KINESIS&&(void 0===this.config.kinesisConfigArgs?console.warn(`NETACEA WARN: no kinesis args provided, when ingestType is ${this.config.ingestType}`):this.kinesis=new Ie.Kinesis({deps:{aws4:a,Buffer:t.Buffer,makeRequest:this.makeRequest.bind(this)},kinesisIngestArgs:{...this.config.kinesisConfigArgs,apiKey:this.config.apiKey,rampUpBatchSize:!0,maxAwaitTimePerIngestCallMs:0}})),this.requestAnalyser=new je({cookieEncryptionKey:this.config.cookieEncryptionKey,encryptedCookies:this.config.encryptedCookies,mitigationType:this.config.mitigationType,secretKey:this.config.secretKey,sessionCookieName:this.config.netaceaCookieName,captchaCookieName:this.config.netaceaCaptchaCookieName,ipHeaderName:this.config.ipHeaderName,headerFingerprintHeaderName:$e.NetaceaHeaderFingerPrintHeader}),this.workerInstanceId=d.v4(),this.hashGenerator=new _(e)}async run(e){let t;try{t=this.getRequestResponseFromEvent(e).request,function(e){for(const t of Object.values(Ae))delete e.headers[t.toLowerCase()]}(t);const{uri:i,method:a}=t;if(_e(i,a,this.config.netaceaCheckpointSignalPath)){const t={status:"200",headers:{}};return await this.ingest(e,t),{respondWith:t}}if(function(e,t,i){return void 0!==i&&e.toLowerCase().includes(i.toLowerCase())&&"get"===t.toLowerCase()}(i,a,this.config.netaceaCaptchaPath)){const i=await async function({request:e,secretKey:t,mitigationCallFn:i,composeResultFn:a,cookieEncryptionKey:s,netaceaCookieName:o,netaceaCaptchaCookieName:n,ipHeaderName:r}){const{querystring:c}=e,h=be(e,r),u=e.headers["user-agent"]?.[0].value??"",d=e.headers.accept?.[0].value??"text/html",l=e.headers.host?.[0].value??"";if(void 0===t)throw new Error("Secret key needs to be defined to make mitigation calls.");const p=c.split("&").find((e=>e.includes("trackingId=")))?.replace("trackingId=",""),{headers:g}=e,f=await Pe(o,g,s),m=await Pe(n,g,s),{userId:y}=I(f)??{},k=await async function({userId:e,clientIp:t,userAgent:i,trackingId:a,accept:s,host:o,captchaCookie:n,mitigationCallFn:r,composeResultFn:c}){const h={match:"0",mitigate:"0",captcha:"1"},u=await r({userId:e,clientIP:t,userAgent:i,captchaCookie:n,accept:s,host:o,isCaptchaGet:!0,defaultMitataCodes:h,trackingId:a});return c(u.body,u.setCookie,u.status,u.match,u.mitigate,u.captcha,!0,u.latency??0)}({userId:y,clientIp:h,userAgent:u,captchaCookie:m,accept:d,host:l,trackingId:p,mitigationCallFn:i,composeResultFn:a});return Ee(e,k.apiCallStatus,k.apiCallLatency),{headers:Oe(k.setCookie),status:"403",body:k.body,statusDescription:"Forbidden"}}({request:t,secretKey:this.config.secretKey,mitigationCallFn:this.makeMitigateAPICall.bind(this),composeResultFn:this.composeResult.bind(this),cookieEncryptionKey:this.config.cookieEncryptionKey,netaceaCookieName:this.config.netaceaCookieName,netaceaCaptchaCookieName:this.config.netaceaCaptchaCookieName,ipHeaderName:this.config.ipHeaderName});return await this.ingest(e,i),{respondWith:i}}const s=await this.runMitigation(t);return this.addNetaceaCookiesToRequest(t,s),t.headers[$e.NetaceaTrueUserAgentHeader]=[{key:$e.NetaceaTrueUserAgentHeader,value:this.getValueFromHeaderOrDefault(t.headers,"user-agent","-")}],void 0!==s&&this.config.ingestType===r.KINESIS&&Ee(t,s.apiCallStatus,s.apiCallLatency,s.sessionStatus),{respondWith:s?.response}}catch(e){return console.error("Netacea FailOpen - ",e.message),void 0!==t&&e instanceof Fe&&Ne(t,e),{}}}async makeRequest({host:e,path:t,method:a,body:s,headers:o,timeout:n,params:r}){const c=`${e}${t}`,h=await i.request({url:c,data:s,headers:o,method:a,timeout:n,params:r,transformResponse:e=>e,validateStatus:()=>!0});return{headers:h.headers,status:h.status,body:h.data}}async getFingerprints(e){const t=this.getValueFromHeaderOrDefault(e.headers,$e.HeadersInOriginalOrderHeader,"");let i="";if(""!==t)i=await this.hashGenerator.hashHeaders(t.split(":"));else{const t=Object.entries(e.headers).flatMap((([e,t])=>t.map((({key:t})=>t??e))));i=await this.hashGenerator.hashHeaders(t,!0)}return{headerFingerprint:i}}async mitigate(e){try{const{netaceaResult:i,request:a}=await this.getMitigationResponse(e);let s;if(i.mitigated){const o={"set-cookie":[]};for(const e of i.setCookie)o["set-cookie"]=o["set-cookie"]??[],o["set-cookie"].push({key:"set-cookie",value:e});const n="captcha"===i.mitigation;n&&void 0!==this.config.captchaHeader&&(o[this.config.captchaHeader.name]=[{key:this.config.captchaHeader.name,value:this.config.captchaHeader.value}]);s={headers:o,...Ke(a.uri,a.method)?{status:"200",statusDescription:"OK",body:""}:{status:"403",statusDescription:"Forbidden",body:"Forbidden"}},void 0!==this.config.netaceaBlockedResponseRedirectLocation&&!n&&function(e){if("GET"!==e.method?.toUpperCase())return!1;const t=(e.headers["sec-fetch-mode"]??[]).map((e=>e.value));return!(t.length>0&&!t.includes("navigate"))&&(e.headers.accept??[]).map((e=>e.value.split(/, ?/))).flat().includes("text/html")}(e)&&(s.status="303",o.Location=[{key:"Location",value:this.config.netaceaBlockedResponseRedirectLocation}]);let c=0;if(n&&void 0!==i.body&&i.body.length>0){c=i.body.length;const e=(t=i.body).includes("captchaRelativeURL")&&t.includes("captchaAbsoluteURL");s.status=e?"403":"200",s.statusDescription=e?"Forbidden":"OK",s.body=i.body,s.bodyEncoding="text"}const h={status:s.status,statusDescription:s.statusDescription??"",headers:{"content-length":[{key:"content-length",value:c.toString()}],"set-cookie":i.setCookie.map((e=>({key:"set-cookie",value:e})))}};this.config.ingestType===r.KINESIS&&Ee(a,i.apiCallStatus,i.apiCallLatency,i.sessionStatus),await this.ingest(a,h)}return this.addNetaceaCookiesToRequest(a,i),{response:s,sessionStatus:i.sessionStatus,setCookie:i.setCookie,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}catch(t){if(t instanceof Fe&&Ne(e,t),Ke(e.uri,e.method)){const t={status:"500",statusDescription:"Internal Server Error",body:"",headers:{}},i={response:t,sessionStatus:"error_open"};return await this.ingest(e,t),i}return console.error("Netacea FailOpen Error: ",t),{sessionStatus:"error_open"}}var t}async inject(e){try{const{netaceaResult:t}=await this.getMitigationResponse(e);return{injectHeaders:t.injectHeaders,sessionStatus:t.sessionStatus,setCookie:t.setCookie,apiCallLatency:t.apiCallLatency,apiCallStatus:t.apiCallStatus}}catch(e){return console.error("Netacea FailOpen Error: ",e),{sessionStatus:"",injectHeaders:void 0,setCookie:void 0}}}async ingest(e,t=void 0){let i;if(Object.prototype.hasOwnProperty.call(e,"Records")){const a=this.getRequestResponseFromEvent(e);i=a.request,void 0===t&&(t=a.response)}else i=e;if(!this.config.ingestEnabled)return;if(null==t)throw new Error("Cloudfront response is required to ingest");const a=this.getMitataValueFromHeaderOrDefault(t.headers,"set-cookie"),s=""!==a?a:this.getMitataValueFromHeaderOrDefault(i.headers,"cookie");let o=await this.readCookie(this.config.netaceaCookieName,s)??"";if(void 0===o||""===o){const e=this.getMitataValueFromHeaderOrDefault(i.headers,"cookie");o=await this.readCookie(this.config.netaceaCookieName,e)??""}let n="0",r="0",c="0";const h=I(o);void 0!==h&&(n=h.match,r=h.mitigate,c=h.captcha);const{sessionStatus:u,mitigationLatency:d,mitigationStatus:p}=function(e){return{sessionStatus:Te(e.headers,Ae.sessionStatus),mitigationLatency:Te(e.headers,Ae.mitigationLatency),mitigationStatus:Te(e.headers,Ae.mitigationStatus)}}(i),g=this.shouldSetCaptchaPass(i,t),f=_e(i.uri,i.method,this.config.netaceaCheckpointSignalPath),m=await this.requestAnalyser.getNetaceaRequestDetails(i),y=void 0!==u?void 0:Me(this.config.mitigationType,n,r,c,g,f).sessionStatus,k=this.getValueFromHeaderOrDefault(i.headers,$e.NetaceaTrueUserAgentHeader,m.userAgent);await this.callIngest({bytesSent:this.getValueFromHeaderOrDefault(t.headers,"content-length","0"),headerFingerprint:m.fingerprints.headerFingerprint,integrationMode:this.config.mitigationType,integrationType:"@netacea/cloudfront".replace("@netacea/",""),integrationVersion:"6.0.64",ip:m.clientIp,method:m.method,mitataCookie:o,mitigationLatency:void 0!==d?l(d):void 0,mitigationStatus:void 0!==p?l(p):void 0,netaceaCookieStatus:m.sessionDetails.sessionCookieStatus,path:m.url,protocol:null,referer:this.getValueFromHeaderOrDefault(i.headers,"referer"),requestHost:this.getValueFromHeaderOrDefault(i.headers,"host",void 0),requestTime:"0",sessionStatus:u??y,status:t.status,userAgent:k,workerInstanceId:this.workerInstanceId,xForwardedFor:this.getValueFromHeaderOrDefault(i.headers,"x-forwarded-for")})}addNetaceaCookiesToResponse(e){const{response:t,request:i}=this.getRequestResponseFromEvent(e);if(void 0===t)throw new Error("Response required to add cookies to response");const a=i.headers[$e.NetaceaCookieHeader];if(null!=a&&null!=t.headers){let e=!1;if(void 0===t.headers["set-cookie"]?t.headers["set-cookie"]=[]:e=void 0!==t.headers["set-cookie"].find((e=>e.value.includes(this.config.netaceaCookieName)||e.value.includes(this.config.netaceaCaptchaCookieName))),!e)for(const e of a)t.headers["set-cookie"].push({key:"set-cookie",value:e.value})}this.setInjectHeaders(e)}setInjectHeaders(e){const{response:t,request:i}=this.getRequestResponseFromEvent(e);void 0!==t&&(i.headers["x-netacea-captcha"]=this.shouldSetCaptchaPass(i,t)?[{key:"x-netacea-captcha",value:"2"}]:i.headers["x-netacea-captcha"])}getValueFromHeaderOrDefault(e,t,i=""){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i)return i[0].value}return i}getMitataValueFromHeaderOrDefault(e,t,i=""){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i){const e=i.find((e=>e.value.includes(this.config.netaceaCookieName)));if(void 0!==e)return e.value}}return i}getRequestResponseFromEvent(e){return e.Records[0].cf}async getMitigationResponse(e){const t=this.getMitataValueFromHeaderOrDefault(e.headers,"cookie"),i=await this.readCookie(this.config.netaceaCookieName,t),a=await this.readCookie(this.config.netaceaCaptchaCookieName,t),s=be(e,this.config.ipHeaderName),o=this.getValueFromHeaderOrDefault(e.headers,"user-agent"),n=this.getValueFromHeaderOrDefault(e.headers,"accept","text/html"),r=this.getValueFromHeaderOrDefault(e.headers,"host"),c=this.getValueFromHeaderOrDefault(e.headers,"content-type","application/x-www-form-urlencoded; charset=UTF-8"),{headerFingerprint:h}=await this.getFingerprints(e);return e.headers[$e.NetaceaHeaderFingerPrintHeader]=[{key:$e.NetaceaHeaderFingerPrintHeader,value:""===h?"-":h}],{netaceaResult:await this.processMitigateRequest({getBodyFn:async()=>await function(e){if(void 0===e.body)return"";if(e.body?.inputTruncated)throw new Error("Netacea Error :: Request body is too large.");return"text"===e.body?.encoding&&e.body?.data.length>0?e.body.data:Buffer.from(e.body.data,"base64").toString("utf-8")}(e),clientIp:s,method:e.method,url:e.uri,userAgent:o,accept:n,host:r,mitata:i,mitataCaptcha:a,headerFingerprint:h,contentType:c}),request:e}}addNetaceaCookiesToRequest(e,t){if(void 0===t)return e;if(e.headers[$e.NetaceaCookieHeader]=[],void 0!==t.setCookie)for(const i of t.setCookie){const t=e.headers[$e.NetaceaCookieHeader]??[];t.push({key:$e.NetaceaCookieHeader,value:i}),e.headers[$e.NetaceaCookieHeader]=t}if(this.config.mitigationType===c.INJECT)for(const[i,a]of Object.entries(t.injectHeaders??{}))e.headers[i]=[{key:i,value:a}];return e}getCookieHeader(e){return this.getMitataValueFromHeaderOrDefault(e.headers,"cookie")}async encryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await async function(e,t){const i=u.base64url.decode(t),a=(new TextEncoder).encode(e);return await new u.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(i)}(e,this.config.cookieEncryptionKey):e}async decryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await we(e,this.config.cookieEncryptionKey):e}async runMitigation(e){const t={"x-netacea-captcha":"0","x-netacea-match":"0","x-netacea-mitigate":"0"};try{if(function(e,t){if(void 0===t)return!1;const i=e.uri;if(t.startsWith("/"))return t===i;try{const a=e.headers.host?.[0]?.value,s=new URL(t);return s.host===a&&s.pathname===i}catch{return!1}}(e,this.config.netaceaBlockedResponseRedirectLocation))return{injectHeaders:t,sessionStatus:""};switch(this.config.mitigationType){case c.MITIGATE:return await this.mitigate(e);case c.INJECT:return await this.inject(e);case c.INGEST:return await this.processIngest(e);default:throw new Error(`Netacea Error: Mitigation type ${this.config.mitigationType} not recognised`)}}catch(e){return console.error("Netacea FAILOPEN Error:",e),{injectHeaders:t,sessionStatus:""}}}async readCookie(e,t){if(null==t)return;if("string"==typeof t)return await this.readCookie(e,t.split(";"));const i=`${e}=`;for(const a of t){const t=a.split(";")[0].trimStart();if(t.startsWith(i)){const a=t.slice(i.length);if(this.config.encryptedCookies.includes(e))try{return await this.decryptCookieValue(a)}catch(e){return}return a}}}async processMitigateRequest(e){const t=Ke(e.url,e.method);return await(t?this.processCaptcha({...e,netaceaCookie:e.mitata,captchaData:await e.getBodyFn()}):this.check(e.mitata,e.clientIp,e.userAgent,e.accept,e.host,e.mitataCaptcha,e.headerFingerprint))}shouldSetCaptchaPass(e,t){if(Ke(e.uri,e.method))return!0;if(void 0===t)return!1;const i=null!=t.headers?t.headers["set-cookie"]:void 0,a=i?.find((e=>e.value.split("=")[0]===this.config.netaceaCaptchaCookieName)),s=void 0!==a;return this.config.mitigationType===c.INJECT&&s}async processCaptcha(e){const{status:t,match:i,mitigate:a,captcha:s,body:o,setCookie:n,latency:r}=await this.makeCaptchaAPICall(e);return this.composeResult(o,n,t,i,a,s,!0,r)}async makeCaptchaAPICall(e){const{netaceaCookie:t,clientIp:i,userAgent:a,headerFingerprint:s,captchaData:o,contentType:n}=e,r={"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":i,"user-agent":a,"Content-Type":n},c=I(t);void 0!==c&&(r["X-Netacea-UserId"]=c.userId),void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(r["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,r["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey);const h=new URLSearchParams;""!==s&&h.append("headerFP",s);const u=Date.now(),d=await this.makeRequest({host:this.config.mitigationServiceUrl,path:"/AtaVerifyCaptcha",headers:r,method:"POST",body:o,timeout:this.config.timeout,params:h}),l=Date.now()-u;return await this.getApiCallResponseFromResponse(d,c?.userId,i,l)}async getApiCallResponseFromResponse(e,t,i,a,s){if(200!==e.status)throw new Fe(e,a);const o=xe(e.headers,Xe.match)??s?.match??"0",n=xe(e.headers,Xe.mitigate)??s?.mitigate??"0",r=xe(e.headers,Xe.captcha)??s?.captcha??"0";let c=function(e,t){const i=xe(e,t);if(void 0!==i)return parseInt(i,36)}(e.headers,Xe.mitataExpiry)??NaN;isNaN(c)&&(c=86400);const h=[];if(String(r)!==String(k.captchaStatusCodes.checkpointPost)){const a=await this.createMitata(i,t,o,n,r);void 0!==a&&h.push(a);const s=await this.createMitataCaptcha(e.headers);void 0!==s&&h.push(s)}const u=xe(e.headers,Xe.eventId);return{status:e.status,match:o,mitigate:n,captcha:r,setCookie:h,body:e.body,eventId:u,mitataMaxAge:c,latency:a}}APIError(e){let t="Unknown error";switch(e.status){case 403:t="Invalid credentials";break;case 500:t="Server error";break;case 502:t="Bad Gateway";break;case 503:t="Service Unavailable";break;case 400:t="Invalid request"}return new Error(`Error reaching Netacea API (${t}), status: ${e.status}`)}async createMitata(e,t,i,a,s,o=86400,n=void 0){const r=["1","3","5"].includes(s)||"3"===a?-60:this.config.mitataCookieExpirySeconds,c=n??Math.floor(Date.now()/1e3)+r;if(void 0===this.config.secretKey)throw new Error("Cannot build cookie without secret key.");const h=[i,a,s].join(""),u=function(e,t,i,a,s="000"){void 0===t&&(t=w());const o=[i,t,b(e+"|"+String(i),a),s].join(g);return`${b(o,a)}${g}${o}`}(e,t,c,this.config.secretKey,h);let d,l,p=o;if(""!==this.config.netaceaCookieAttributes){const{extractedAttribute:e,cookieAttributes:t}=Ue(this.config.netaceaCookieAttributes,"Max-Age");p=void 0!==e?Number(e):o;const{extractedAttribute:i,cookieAttributes:a}=Ue(t,"Path");d=i??"/",l=a??void 0}return await this.buildCookieFromValues(this.config.netaceaCookieName,u,p,l,d)}async createMitataCaptcha(e){let t=e["set-cookie"]??[];t="string"==typeof t?[t]:t;const i=t.find((e=>e.startsWith("_mitatacaptcha=")));let a,s="86400";if(void 0!==i&&""!==i)try{const e=Ge(i);a=e.value,s=Be(e.attributes,"Max-Age")??"86400"}catch(e){return}if(""===a||void 0===a)return;const o=ze([this.config.netaceaCaptchaCookieAttributes,"Path=/",`Max-Age=${s}`]);return a=this.config.encryptedCookies.includes(this.config.netaceaCaptchaCookieName)?await this.encryptCookieValue(a):a,`${this.config.netaceaCaptchaCookieName}=${a}; ${o}`}async buildCookieFromValues(e,t,i,a,s="/"){const o=`${e}=${this.config.encryptedCookies.includes(e)?await this.encryptCookieValue(t):t}; Max-Age=${i}; Path=${s}`;return void 0!==a&&""!==a?`${o}; ${a}`:o}async callIngest(e){const t=Re(e);if(this.config.ingestType===r.KINESIS){if(void 0===this.kinesis)return void console.error("Netacea Error: Unable to log as Kinesis has not been defined.");if(void 0!==this.config.kinesisConfigArgs){const{kinesisStreamName:e,kinesisAccessKey:t,kinesisSecretKey:i}=this.config.kinesisConfigArgs;if(void 0===e||void 0===t||void 0===i)return void console.error("Netacea Error: Unable to log as Kinesis configuration misses credentials.")}try{await this.kinesis.ingest({...t,apiKey:this.config.apiKey})}catch(e){console.error("NETACEA Error: ",e.message)}}else{const e={"X-Netacea-API-Key":this.config.apiKey,"content-type":"application/json"},i=await this.makeIngestApiCall(e,t);if(200!==i.status&&202!==i.status)throw this.APIError(i)}}async makeIngestApiCall(e,t){return await this.makeRequest({host:this.config.ingestServiceUrl,method:"POST",path:"/",headers:e,body:JSON.stringify(t),timeout:this.config.timeout})}async processIngest(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required for ingest");const t=this.getCookieHeader(e),i=A(await this.readCookie(this.config.netaceaCookieName,t),S,this.config.secretKey);return i.isPrimaryHashValid?i.requiresReissue?await this.setIngestOnlyMitataCookie(i.mitata?.userId):{sessionStatus:"",setCookie:[]}:await this.setIngestOnlyMitataCookie(void 0)}async setIngestOnlyMitataCookie(e){return{sessionStatus:"",setCookie:[await this.createMitata(S,e,"0","0","0",86400)]}}async check(e,t,i,a,s,o,n){let r,c,h,u,d,l,p,g;if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");const f=A(e,t,this.config.secretKey);if(!f.isPrimaryHashValid||f.requiresReissue){const e=await this.makeMitigateAPICall({userId:f.mitata?.userId,clientIP:t,userAgent:i,captchaCookie:o,accept:a,host:s,headerFingerprint:n});r=e.status,c=e.match,h=e.mitigate,u=e.captcha,d=e.body,g=e.latency,l=[await this.createMitata(t,f.mitata?.userId,c,h,u,e.mitataMaxAge)],p=e.eventId}else c=f.match,h=f.mitigate,u=f.captcha,d=void 0,l=[];return this.composeResult(d,l,r,c,h,u,!1,g,p)}async makeMitigateAPICall({userId:e,clientIP:t,userAgent:i,captchaCookie:a,accept:s,host:o,isCaptchaGet:n=!1,defaultMitataCodes:r,trackingId:c,headerFingerprint:h}){const u={"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":t,"user-agent":i,cookie:this.buildCookieHeader({_mitatacaptcha:a})};void 0!==e&&(u["X-Netacea-UserId"]=e),void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(u["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,u["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey),this.config.dynamicCaptchaContentType&&void 0!==this.config.netaceaCaptchaPath&&(u["X-Netacea-Captcha-Content-Type"]=function(e){const t=e?.toLowerCase()??"text/html",i=t?.includes("text/html")||t?.includes("application/html"),a=t?.includes("application/json");return a&&!i?"application/json":"text/html"}(s));const d="application/json"===u["X-Netacea-Captcha-Content-Type"],l=void 0!==c?`?trackingId=${c}`:"",p=new URLSearchParams;"string"==typeof h&&p.set("headerFP",h);const g=Date.now(),f=await this.makeRequest({host:this.config.mitigationServiceUrl,path:n?`/captcha${l}`:"/",headers:u,method:"GET",timeout:this.config.timeout,params:p}),m=Date.now()-g;return d&&void 0!==this.config.netaceaCaptchaPath&&(f.body=function(e,t,i){let a;if(void 0===e||""===e)return"";if("string"==typeof e&&(a=JSON.parse(e)),!function(e){if(null==e)return!1;const t=e;return void 0!==t?.captchaSiteKey&&void 0!==t?.trackingId&&void 0!==t?.captchaURL}(a))throw new Error("Body is not a Mitigation Service JSON response!");const s=`${i}?trackingId=${a.trackingId}`,o=`https://${t}${s}`;return JSON.stringify({captchaRelativeURL:s,captchaAbsoluteURL:o})}(f.body,o,this.config.netaceaCaptchaPath)),await this.getApiCallResponseFromResponse(f,e,t,m,r)}buildCookieHeader(e){let t="",i="";for(const a in e){const s=e[a];void 0!==s&&(t=`${t}${i}${a}=${s}`,i="; ")}return t}composeResult(e,t,i,a,s,o,n,r,h){const u=Me(this.config.mitigationType,a,s,o,n),d={body:e,apiCallStatus:i,apiCallLatency:r,setCookie:t,sessionStatus:u.sessionStatus,mitigation:u.mitigation,mitigated:[We.block,We.captcha,We.captchaPass].includes(u.mitigation)};if(this.config.mitigationType===c.INJECT){const e={"x-netacea-match":u.parts.match,"x-netacea-mitigate":u.parts.mitigate,"x-netacea-captcha":u.parts.captcha};void 0!==h&&(e["x-netacea-event-id"]=h),d.injectHeaders=e}return d}};
|
|
1
|
+
"use strict";var e=require("node:crypto"),t=require("node:buffer"),i=require("axios"),a=require("aws4"),s=require("jose"),o=require("uuid");function n(e){var t=Object.create(null);return e&&Object.keys(e).forEach((function(i){if("default"!==i){var a=Object.getOwnPropertyDescriptor(e,i);Object.defineProperty(t,i,a.get?a:{enumerable:!0,get:function(){return e[i]}})}})),t.default=e,Object.freeze(t)}var r,c,u,h=n(s),d=n(o);!function(e){e.ORIGIN="ORIGIN",e.HTTP="HTTP",e.KINESIS="KINESIS",e.NATIVE="NATIVE"}(r||(r={})),function(e){e.MITIGATE="MITIGATE",e.INJECT="INJECT",e.INGEST="INGEST"}(c||(c={})),function(e){e.CAPTCHA_GET="captcha_get",e.CAPTCHA_POST="captcha_post",e.EXPIRED_SESSION="expired_session",e.FORCED_REVALIDATION="forced_revalidation",e.INVALID_SESSION="invalid_session",e.IP_CHANGE="ip_change",e.NO_SESSION="no_session"}(u||(u={}));function l(e,t=0){return isNaN(e)?t:parseInt(e)}const p=3e3;const g="_/@#/",f={none:"",block:"block",captcha:"captcha",allow:"allow",captchaPass:"captchapass"},m={0:f.none,1:f.block,2:f.none,3:f.block,4:f.block},y={1:f.captcha,2:f.captchaPass,3:f.captcha,4:f.allow,5:f.captcha,6:f.captcha,7:f.captcha};var k=Object.freeze({__proto__:null,COOKIEDELIMITER:g,bestMitigationCaptchaMap:y,bestMitigationMap:m,captchaMap:{0:"",1:"captcha_serve",2:"captcha_pass",3:"captcha_fail",4:"captcha_cookiepass",5:"captcha_cookiefail",6:"checkpoint_signal",7:"checkpoint_post"},captchaStatusCodes:{"":0,captchaServe:1,captchaPass:2,captchaFail:3,captchaCookiePass:4,captchaCookieFail:5,checkpointSignal:6,checkpointPost:7},matchMap:{0:"",1:"ua_",2:"ip_",3:"visitor_",4:"datacenter_",5:"sev_",6:"organisation_",7:"asn_",8:"country_",9:"combination_",b:"headerFP_"},mitigateMap:{0:"",1:"blocked",2:"allow",3:"hardblocked",4:"block"},mitigationTypes:f,netaceaCookieV3KeyMap:{clientIP:"cip",userId:"uid",gracePeriod:"grp",cookieId:"cid",match:"mat",mitigate:"mit",captcha:"cap",issueTimestamp:"ist",issueReason:"isr"},netaceaCookieV3OptionalKeyMap:{checkAllPostRequests:"fCAPR"},netaceaHeaders:{match:"x-netacea-match",mitigate:"x-netacea-mitigate",captcha:"x-netacea-captcha",mitata:"x-netacea-mitata-value",mitataExpiry:"x-netacea-mitata-expiry",mitataCaptcha:"x-netacea-mitatacaptcha-value",mitataCaptchaExpiry:"x-netacea-mitatacaptcha-expiry",eventId:"x-netacea-event-id"},netaceaSettingsMap:{checkAllPostRequests:"checkAllPostRequests"}});const S="ignored",C="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".split(""),v=/^(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/((\d|[a-z])(\d)(\d))$/i;function I(e){if(void 0===e)return;const t=e.match(v);if(null!=t){const[,e,i,a,s,o,n,r,c]=t;return{signature:e,expiry:i,userId:a,ipHash:s,mitigationType:o,match:n,mitigate:r,captcha:c}}}function w(t=16,i=C){const a=e.randomBytes(t-1);return`c${Array.from(a).map((e=>i[e%i.length])).join("")}`}function b(i,a){const s=e.createHmac("sha256",a);return s.update(i),t.Buffer.from(s.digest("hex")).toString("base64")}function A(e,t,i){const a={mitata:void 0,requiresReissue:!1,isExpired:!1,shouldExpire:!1,isSameIP:!1,isPrimaryHashValid:!1,captcha:"0",match:"0",mitigate:"0"};if("string"!=typeof e||""===e)return a;const s=I(e);if(void 0!==s){const e=[s.expiry,s.userId,s.ipHash,s.mitigationType].join(g),a=Math.floor(Date.now()/1e3),o=parseInt(s.expiry)<a,n=["1","3","5"].includes(s.captcha),r="3"===s.mitigate,c=n||r,u=b(t+"|"+s.expiry,i),h=s.ipHash===u;return{mitata:s,requiresReissue:o||!h,isExpired:o,shouldExpire:c,isSameIP:h,isPrimaryHashValid:s.signature===b(e,i),match:s.match,mitigate:s.mitigate,captcha:s.captcha,userId:s.userId}}return a}function N(e,t){const i=e.split(";").map((e=>e.trim())).filter((e=>e.toLowerCase().startsWith(t.toLowerCase())))[0];return void 0!==i&&i.length>0?i?.replace(`${t}=`,""):void 0}function E(e,t=!1){return"string"!=typeof e&&(e=e.join("; ")),""===e?"":T(e.split(";"),t).join("; ")}function T(e,t=!1){if(t)return T(e.reverse()).reverse();const i=new Set,a=[];for(let t of e){if(t=t.trimStart(),""===t.trim())continue;const e=t.split("=")[0].toUpperCase();i.has(e)||(i.add(e),a.push(t))}return a}var P=Object.freeze({__proto__:null,configureCookiesDomain:function(e,t){let i=e=E(e??"",!0),a=t=E(t??"",!0);if(void 0!==e&&void 0!==t){const s=N(e,"Domain"),o=N(t,"Domain");void 0!==s&&void 0!==o?a=t.replace(o,s):void 0!==s&&void 0===o?a=t+(""!==t?`; Domain=${s}`:`Domain=${s}`):void 0===s&&void 0!==o&&(i=e+(""!==e?`; Domain=${o}`:`Domain=${o}`))}else if(void 0!==e&&void 0===t){const t=N(e,"Domain");void 0!==t&&(a=`Domain=${t}`)}else if(void 0===e&&void 0!==t){const e=N(t,"Domain");void 0!==e&&(i=`Domain=${e}`)}return{cookieAttributes:""!==i?i:void 0,captchaCookieAttributes:""!==a?a:void 0}},extractAndRemoveCookieAttr:function(e,t){const i=N(e,t);if(void 0!==i){return{extractedAttribute:i,cookieAttributes:e.replace(/ /g,"").replace(`${t}=${i}`,"").split(";").filter((e=>e.length>0)).join("; ")}}return{extractedAttribute:void 0,cookieAttributes:e}},extractCookieAttr:N,removeDuplicateAttrs:E});var O=Object.freeze({__proto__:null,parseSetCookie:function(e){const t=e.indexOf("=");if(t<0)throw new Error("Could not parse the given set-cookie value.");const i=e.slice(0,t),a=e.slice(t+1),s=a.indexOf(";");return{name:i,value:a.slice(0,s),attributes:a.slice(s).trimStart()}}});const K={cookie:{parse:O,attributes:P}};class _{constructor(e){this.crypto=e}async hashString(e,t,i=!1){const a=i?[...t].sort():[...t],s=(new TextEncoder).encode(a.join(",")),o=await this.crypto.subtle.digest(e,s),n=Array.from(new Uint8Array(o)).map((e=>e.toString(16).padStart(2,"0"))).join("").substring(0,12);return"h"+(i?"s":"")+`_${t.length}_${n}`}static filterHeaderNames(e){return e.filter((e=>{const t=e.toLowerCase();return!["","cookie","referer"].includes(t)&&null===t.match(/^(x-netacea-|cloudfront-)/i)}))}async hashHeaders(e,t=!1){const i=_.filterHeaderNames(e);if(0===i.length)return"";try{return await this.hashString("SHA-256",i,t)}catch(e){return console.error(e),""}}}var x="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},H={},R={},M={},F=x&&x.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),q=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),D=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&F(t,e,i);return q(t,e),t};Object.defineProperty(M,"__esModule",{value:!0}),M.isJweEncrypted=M.decrypt=M.encrypt=void 0;const j=D(s);M.encrypt=async function(e,t){const i=j.base64url.decode(t),a=(new TextEncoder).encode(e);return await new j.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A128CBC-HS256"}).encrypt(i)},M.decrypt=async function(e,t){const i=j.base64url.decode(t),{plaintext:a}=await j.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM","A128CBC-HS256"]});return(new TextDecoder).decode(a)},M.isJweEncrypted=function(e){return 5===e.split(".").length&&e.includes("..")};var L=x&&x.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),V=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),$=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&L(t,e,i);return V(t,e),t};Object.defineProperty(R,"__esModule",{value:!0}),R.jwe=void 0,R.jwe=$(M);var B={},U={};function z(e,t){for(const i of Object.keys(e)){if("cookie"!==i&&"Cookie"!==i)continue;const a=e[i]??"",s=W("string"==typeof a?a:a.join("; "),t);if(void 0!==s)return s}}function G(e,t){const i=[];for(const a of Object.keys(e)){if("cookie"!==a&&"Cookie"!==a)continue;const s=e[a]??"",o="string"==typeof s?s:s.join("; ");i.push(...X(o,t))}return i}function W(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).find((e=>e.startsWith(i)))}function X(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).filter((e=>e.startsWith(i)))}Object.defineProperty(U,"__esModule",{value:!0}),U.findAllInCookieString=U.findFirstInCookieString=U.findAllInHeaders=U.findFirstInHeaders=U.findOnlyValueInHeaders=U.findAllValuesInHeaders=U.findFirstValueInHeaders=void 0,U.findFirstValueInHeaders=function(e,t){const i=z(e,t);if(void 0!==i)return i.slice(t.length+1)},U.findAllValuesInHeaders=function(e,t){return G(e,t).map((e=>e.slice(t.length+1)))},U.findOnlyValueInHeaders=function(e,t){const i=G(e,t);if(i.length>1)throw new Error(`Found more than one cookie with name ${t}`);return i[0]?.slice(t.length+1)},U.findFirstInHeaders=z,U.findAllInHeaders=G,U.findFirstInCookieString=W,U.findAllInCookieString=X;var J={};function Y(e){return"set-cookie"===e||"Set-Cookie"===e}function Q(e,t){const i=t+"=";return e.startsWith(i)}function Z(e,t){const i=e[t]??[];return"string"==typeof i?[i]:i}function ee(e,t){for(const i of Object.keys(e)){if(!Y(i))continue;const a=te(Z(e,i),t);if(void 0!==a)return a}}function te(e,t){return e.map((e=>e.trimStart())).find((e=>Q(e,t)))}function ie(e,t){const i=[];for(const a of Object.keys(e)){if(!Y(a))continue;const s=Z(e,a);i.push(...ae(s,t))}return i}function ae(e,t){return e.map((e=>e.trimStart())).filter((e=>Q(e,t)))}Object.defineProperty(J,"__esModule",{value:!0}),J.findAllInSetCookieStrings=J.findAllInHeaders=J.findFirstInSetCookieStrings=J.findFirstInHeaders=J.findOnlyValueInHeaders=J.findFirstValueInHeaders=void 0,J.findFirstValueInHeaders=function(e,t){const i=ee(e,t);return i?.slice(t.length+1)?.split(";")[0]},J.findOnlyValueInHeaders=function(e,t){const i=ie(e,t);if(i.length>1)throw new Error(`Found more than one set-cookie with name ${t}`);return i[0]?.slice(t.length+1)?.split(";")[0]},J.findFirstInHeaders=ee,J.findFirstInSetCookieStrings=te,J.findAllInHeaders=ie,J.findAllInSetCookieStrings=ae;var se=x&&x.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),oe=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),ne=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&se(t,e,i);return oe(t,e),t};Object.defineProperty(B,"__esModule",{value:!0}),B.setCookie=B.cookie=void 0,B.cookie=ne(U),B.setCookie=ne(J);var re={},ce={},ue={};Object.defineProperty(ue,"__esModule",{value:!0}),ue.KINESIS_URL=ue.API_VERSION=ue.REGION=ue.PAYLOAD_TYPE=ue.STATE=void 0,ue.STATE={ACTIVE:"ACTIVE",UPDATING:"UPDATING",CREATING:"CREATING",DELETING:"DELETING"},ue.PAYLOAD_TYPE="string",ue.REGION="eu-west-1",ue.API_VERSION="2013-12-02",ue.KINESIS_URL="https://kinesis.eu-west-1.amazonaws.com",Object.defineProperty(ce,"__esModule",{value:!0}),ce.WebStandardKinesis=void 0;const he=ue;async function de(e){await new Promise((t=>{setTimeout(t,e)}))}function le(e){const t={};return e.forEach(((e,i)=>{t[i]=e})),t}ce.WebStandardKinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e;const{kinesisStreamName:i,kinesisAccessKey:a,kinesisSecretKey:s,maxLogAgeSeconds:o,logBatchSize:n,rampUpBatchSize:r,maxAwaitTimePerIngestCallMs:c}=t;if(void 0===a)throw new Error("kinesisAccessKey is required for kinesis ingest");if(void 0===s)throw new Error("kinesisSecretKey is required for kinesis ingest");this.kinesisStreamName=i,this.kinesisAccessKey=a,this.kinesisSecretKey=s,this.maxAwaitTimePerIngestCallMs=c,void 0!==o&&o<this.maxLogAgeSeconds&&o>0&&(this.maxLogAgeSeconds=o),void 0!==n&&(this.maxLogBatchSize=n),this.logBatchSize=!0===r?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=new this.deps.AwsClient({accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey}),i=await this.signRequest(t,{streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);await this.deps.makeRequest({headers:le(i.headers),host:he.KINESIS_URL,method:"POST",path:"/",body:i.body}),this.logBatchSize!==this.maxLogBatchSize&&(this.logBatchSize=Math.min(this.maxLogBatchSize,2*this.logBatchSize))}catch(t){this.logCache.push(...e),console.error(t)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push(de(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=de(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}batchArrayForKinesis(e,t){const i=[];for(let a=0;a<e.length;a+=t){const s=e.slice(a,a+t);i.push({Data:this.deps.Buffer.from(JSON.stringify(s)).toString("base64"),PartitionKey:Date.now().toString()})}return i}async signRequest(e,t,i,a){const s={Records:this.batchArrayForKinesis(i,a),PartitionKey:Date.now().toString(),StreamName:t.streamName};return await e.sign(he.KINESIS_URL,{body:JSON.stringify(s),method:"POST",headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"}})}};var pe={};Object.defineProperty(pe,"__esModule",{value:!0}),pe.Kinesis=void 0;const ge=ue;async function fe(e){await new Promise((t=>{setTimeout(t,e)}))}pe.Kinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e;const{kinesisStreamName:i,kinesisAccessKey:a,kinesisSecretKey:s,maxLogAgeSeconds:o,logBatchSize:n,rampUpBatchSize:r,maxAwaitTimePerIngestCallMs:c}=t;this.kinesisStreamName=i,this.kinesisAccessKey=a,this.kinesisSecretKey=s,this.maxAwaitTimePerIngestCallMs=c,void 0!==o&&o<this.maxLogAgeSeconds&&o>0&&(this.maxLogAgeSeconds=o),void 0!==n&&(this.maxLogBatchSize=n),this.logBatchSize=!0===r?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=this.signRequest({streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);if("POST"!==t.method)throw new Error(`Unexpected method. Expected POST but got ${t.method}`);await this.deps.makeRequest({headers:t.headers??{},host:`https://${t.hostname}`,method:t.method,path:t.path??"/",body:t.body}),this.logBatchSize!==this.maxLogBatchSize&&(this.logBatchSize=Math.min(this.maxLogBatchSize,2*this.logBatchSize))}catch(t){this.logCache.push(...e),console.error(t)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push(fe(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=fe(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}signRequest(e,t,i){const{accessKeyId:a,secretAccessKey:s}=e,o={Records:this.batchArrayForKinesis(t,i),PartitionKey:Date.now().toString(),StreamName:e.streamName};return this.deps.aws4.sign({service:"kinesis",body:JSON.stringify(o),headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"},region:ge.REGION},{accessKeyId:a,secretAccessKey:s})}batchArrayForKinesis(e,t){const i=[];for(let a=0;a<e.length;a+=t){const s=e.slice(a,a+t);i.push({Data:this.deps.Buffer.from(JSON.stringify(s)).toString("base64"),PartitionKey:Date.now().toString()})}return i}},function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.Kinesis=e.WebStandardKinesis=void 0;var t=ce;Object.defineProperty(e,"WebStandardKinesis",{enumerable:!0,get:function(){return t.WebStandardKinesis}});var i=pe;Object.defineProperty(e,"Kinesis",{enumerable:!0,get:function(){return i.Kinesis}})}(re);var me={};function ye(e,t){let i=null;if("number"==typeof e)i=e;else if("string"==typeof e){const t=parseFloat(e);isNaN(t)||(i=t)}if(null===i){if("number"!=typeof t.defaultValue)return t.defaultValue;i=t.defaultValue}return void 0!==t.minValue&&(i=Math.max(t.minValue,i)),void 0!==t.maxValue&&(i=Math.min(t.maxValue,i)),i}Object.defineProperty(me,"__esModule",{value:!0}),me.parseIntOrDefault=me.parseNumberOrDefault=void 0,me.parseNumberOrDefault=ye,me.parseIntOrDefault=function(e,t){const i=ye(e,t);return"number"==typeof i?Math.floor(i):i};var ke={};Object.defineProperty(ke,"__esModule",{value:!0}),ke.validateRedirectLocation=void 0,ke.validateRedirectLocation=function(e){if(""!==(e=e??""))try{return new URL(e).toString()}catch{if(/^https?:\/\//i.test(e))return;return e.startsWith("/")?e:`/${e}`}};var Se=x&&x.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),Ce=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),ve=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&Se(t,e,i);return Ce(t,e),t};Object.defineProperty(H,"__esModule",{value:!0}),H.configValidation=H.parsing=Ie=H.ingest=H.headers=H.webcrypto=void 0,H.webcrypto=ve(R),H.headers=ve(B);var Ie=H.ingest=ve(re);async function we(e,t){const i=h.base64url.decode(t),{plaintext:a}=await h.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM"]});return(new TextDecoder).decode(a)}function be(e,t){const{clientIp:i}=e;if(void 0===t||""===t)return i;const a=e.headers[t]?.[0]?.value;return void 0===a||""===a?i:"x-forwarded-for"===t?a.split(/, ?/).pop()??i:a}H.parsing=ve(me),H.configValidation=ve(ke);const Ae={sessionStatus:"x-netacea-session-status",mitigationLatency:"x-netacea-api-call-latency",mitigationStatus:"x-netacea-api-call-status"};function Ne(e,t){Ee(e,t.protectorApiResponse.status,t.latencyMs),e.headers[Ae.sessionStatus]=[{key:Ae.sessionStatus,value:"error_open"}]}function Ee(e,t,i,a=void 0){i!==t&&(e.headers[Ae.mitigationStatus]=[{key:Ae.mitigationStatus,value:String(t)}]),void 0!==i&&(e.headers[Ae.mitigationLatency]=[{key:Ae.mitigationLatency,value:String(i)}]),void 0!==a&&(e.headers[Ae.sessionStatus]=[{key:Ae.sessionStatus,value:String(a)}])}function Te(e,t){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i)return i[0].value}}async function Pe(e,t,i){const a=t.cookie?.[0].value.split(";"),s=a?.find((t=>t.includes(`${e}=`)))?.trimStart()?.replace(`${e}=`,"");if(void 0!==s){if(void 0!==i)try{return await we(s,i)}catch(e){return}return s}}function Oe(e){const t={"set-cookie":[]};for(const i of e)t["set-cookie"]?.push({key:"set-cookie",value:i});return t}function Ke(e,t){return e.includes("/AtaVerifyCaptcha")&&"post"===t.toLowerCase()}function _e(e,t,i){let a=e;try{a=new URL(e).pathname}catch(e){}return void 0!==i&&i.length>0&&a===i&&"get"===t.toLowerCase()}function xe(e,t){const i=e[t];return"string"==typeof i?i:i?.[0]}function He(e){return e.bytesSent=""===e.bytesSent?"0":e.bytesSent,function({bytesSent:e,headerFingerprint:t,integrationMode:i,integrationType:a,integrationVersion:s,ip:o,method:n,mitataCookie:r,mitigationLatency:c,mitigationStatus:u,netaceaCookieStatus:h,path:d,protocol:l,referer:p,requestHost:g,requestId:f,requestTime:m,sessionStatus:y,status:k,timeUnixMsUTC:S,userAgent:C,workerInstanceId:v,xForwardedFor:I}){const{request:w}=function(e,t,i){"/"!==t[0]&&(t=`/${t}`);const a=t.split("?"),s=a[0],o=a.length>1?`?${a[1]}`:void 0;return{path:s,query:o,request:`${e} ${s}${o??""}${""!==(i??"")?` ${i}`:""}`}}(n,d,l);return{BytesSent:e?.toString(),HeaderHash:t,IntegrationType:a??"",IntegrationVersion:s??"",NetaceaMitigationApplied:y??"",NetaceaUserIdCookie:r??"",NetaceaUserIdCookieStatus:h,ProtectionMode:i,ProtectorLatencyMs:c,ProtectorStatus:u,RealIp:o,Referer:""===p?"-":p,Request:w,RequestHost:g,RequestId:f??"",RequestTime:m?.toString(),Status:k,TimeLocal:new Date(S??Date.now()).toUTCString(),TimeUnixMsUTC:S??Date.now(),UserAgent:C,WorkerInstanceId:v,XForwardedFor:I}}(e)}const Re="unknown";function Me(e,t,i,a,s,o=!1){a=function(e,t){let i=e;return t||("2"===e?i="4":"3"===e&&(i="5")),i}(a,s),o&&(a="6");let n=k.matchMap[t]??Re+"_";n+=k.mitigateMap[i]??Re;let r=k.bestMitigationMap[i];if("0"!==a){n+=","+(k.captchaMap[a]??Re);const e=k.bestMitigationCaptchaMap[a];void 0!==e&&(r=e)}return e===c.INJECT&&(r=k.mitigationTypes.none),{sessionStatus:n,mitigation:r,parts:{match:t,mitigate:i,captcha:a}}}class Fe extends Error{protectorApiResponse;latencyMs;constructor(e,t){super(`Got status ${e.status} when calling protector API with ${t}ms latency.`),this.protectorApiResponse=e,this.latencyMs=t}}var qe;!function(e){e[e.NEW_SESSION=1]="NEW_SESSION",e[e.EXISTING_SESSION=2]="EXISTING_SESSION",e[e.RENEW_SESSION=3]="RENEW_SESSION"}(qe||(qe={}));class De{config;constructor(e){this.config=e}async getNetaceaRequestDetails(e){const{uri:t,method:i}=e,a=await this.readCookie(e,this.config.sessionCookieName),s=await this.readCookie(e,this.config.captchaCookieName),o=be(e,this.config.ipHeaderName),{sessionCookieDetails:n,sessionCookieStatus:r,sessionStatus:u,userId:h}=function(e,t,i,a,s){const o=A(a,s,e.secretKey);if(void 0!==o.userId&&o.isPrimaryHashValid){const a=o.userId,{isExpired:s,shouldExpire:n,isSameIP:r}=o,u=s||n||!r&&e.mitigationType!==c.INGEST?qe.RENEW_SESSION:qe.EXISTING_SESSION,{sessionStatus:h}=Me(e.mitigationType,o.match,o.mitigate,o.captcha,Ke(t,i));return{userId:a,sessionCookieStatus:u,sessionStatus:h,sessionCookieDetails:o}}return{sessionStatus:"",userId:w(),sessionCookieStatus:qe.NEW_SESSION,sessionCookieDetails:void 0}}(this.config,t,i,a,o);return{clientIp:o,method:i,url:t,userAgent:Le(e.headers,"user-agent"),sessionDetails:{sessionStatus:u,captchaToken:s,sessionCookieDetails:n,sessionCookieStatus:r,userId:h},fingerprints:{headerFingerprint:Le(e.headers,this.config.headerFingerprintHeaderName)}}}async readCookie(e,t){const i=je(e.headers,t,"set-cookie"),a=""!==i?i:je(e.headers,t,"cookie");if(null==a)return;const s=a.split(/; ?/g),o=`${t}=`;for(const e of s)if(e.startsWith(o)){const i=e.slice(o.length),a=this.config.encryptedCookies??[];if(void 0!==this.config.cookieEncryptionKey&&a.includes(t))try{return await we(i,this.config.cookieEncryptionKey)}catch(e){return}return i}}}function je(e,t,i,a=""){if(void 0!==e?.[i]){const a=e[i];if(void 0!==a){const e=a.find((e=>e.value.includes(t)));if(void 0!==e)return e.value}}return a}function Le(e,t,i=""){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i)return i[0].value}return i}const{configureCookiesDomain:Ve}=K.cookie.attributes;class $e{static NetaceaCookieHeader="x-netacea-cloudfront-mitata-cookie";static NetaceaTrueUserAgentHeader="x-netacea-true-useragent-header";static HeadersInOriginalOrderHeader="cloudfront-viewer-header-order";static NetaceaHeaderFingerPrintHeader="x-netacea-header-fingerprint";cookieEncryptionKey;ingestEnabled=!0;netaceaCaptchaPath;netaceaCheckpointSignalPath;captchaHeader;dynamicCaptchaContentType;ipHeaderName;mitataCookieExpirySeconds;apiKey;secretKey;mitigationServiceUrl="https://mitigations.netacea.net";ingestServiceUrl;timeout;captchaSiteKey;captchaSecretKey;ingestType;mitigationType;kinesisConfigArgs;encryptedCookies=[];netaceaCookieName;netaceaCaptchaCookieName;netaceaCookieAttributes;netaceaCaptchaCookieAttributes;netaceaBlockedResponseRedirectLocation;constructor(e){if(e.ingestType=r.KINESIS,this.kinesisConfigArgs=e.kinesis,void 0===e.kinesis&&(console.warn(['NETACEA :: Please move kinesis params to "kinesis" object in config.',"Backwards compatibility will soon be removed."].join(" ")),this.kinesisConfigArgs={kinesisStreamName:e.kinesisStreamName,kinesisAccessKey:e.kinesisAccessKey,kinesisSecretKey:e.kinesisSecretKey,maxLogAgeSeconds:1},void 0!==e.logBatchSize&&(this.kinesisConfigArgs.logBatchSize=e.logBatchSize)),null===e.apiKey||void 0===e.apiKey)throw new Error("apiKey is a required parameter");if(this.apiKey=e.apiKey,this.secretKey=e.secretKey,void 0!==e.mitigationServiceUrl){const t=e.mitigationServiceUrl;this.mitigationServiceUrl=t.endsWith("/")?t.slice(0,-1):t}var t;this.ingestServiceUrl=e.ingestServiceUrl??"https://ingest.netacea.net",this.mitigationType=e.mitigationType??c.INGEST,this.ingestType=e.ingestType??r.HTTP,void 0===e.captchaSiteKey&&void 0===e.captchaSecretKey||(this.captchaSiteKey=e.captchaSiteKey,this.captchaSecretKey=e.captchaSecretKey),this.timeout=(t=e.timeout??3e3)<=0?p:t,this.netaceaCookieName=e.netaceaCookieName??"_mitata",this.netaceaCaptchaCookieName=e.netaceaCaptchaCookieName??"_mitatacaptcha",this.netaceaCaptchaPath=e.netaceaCaptchaPath,this.dynamicCaptchaContentType=e.dynamicCaptchaContentType??!1;const i=Ve(e.netaceaCookieAttributes??"",e.netaceaCaptchaCookieAttributes??"");var a,s;this.netaceaCookieAttributes=i.cookieAttributes??"",this.netaceaCaptchaCookieAttributes=i.captchaCookieAttributes??"",this.captchaHeader=e.captchaHeader,this.ipHeaderName=e.ipHeaderName?.toLowerCase()?.trim(),this.encryptedCookies=[this.netaceaCookieName,this.netaceaCaptchaCookieName],this.mitataCookieExpirySeconds=(a=this.mitigationType,void 0===(s=e.netaceaCookieExpirySeconds??e.mitataCookieExpirySeconds)?a===c.INGEST?3600:60:s),this.ingestEnabled=e.ingestEnabled??!0,this.cookieEncryptionKey=e.cookieEncryptionKey,this.netaceaBlockedResponseRedirectLocation=e.netaceaBlockedResponseRedirectLocation,this.netaceaCheckpointSignalPath=e.netaceaCheckpointSignalPath}}const{extractCookieAttr:Be,extractAndRemoveCookieAttr:Ue,removeDuplicateAttrs:ze}=K.cookie.attributes,Ge=K.cookie.parse.parseSetCookie,{mitigationTypes:We,netaceaHeaders:Xe}=k;exports.Cloudfront=class{config;kinesis;requestAnalyser;workerInstanceId;hashGenerator;constructor(i){this.config=new $e(i),this.config.ingestType===r.KINESIS&&(void 0===this.config.kinesisConfigArgs?console.warn(`NETACEA WARN: no kinesis args provided, when ingestType is ${this.config.ingestType}`):this.kinesis=new Ie.Kinesis({deps:{aws4:a,Buffer:t.Buffer,makeRequest:this.makeRequest.bind(this)},kinesisIngestArgs:{...this.config.kinesisConfigArgs,apiKey:this.config.apiKey,rampUpBatchSize:!0,maxAwaitTimePerIngestCallMs:0}})),this.requestAnalyser=new De({cookieEncryptionKey:this.config.cookieEncryptionKey,encryptedCookies:this.config.encryptedCookies,mitigationType:this.config.mitigationType,secretKey:this.config.secretKey,sessionCookieName:this.config.netaceaCookieName,captchaCookieName:this.config.netaceaCaptchaCookieName,ipHeaderName:this.config.ipHeaderName,headerFingerprintHeaderName:$e.NetaceaHeaderFingerPrintHeader}),this.workerInstanceId=d.v4(),this.hashGenerator=new _(e)}async run(e){let t,i;try{t=this.getRecordFromEvent(e),i=t.cf.request,function(e){for(const t of Object.values(Ae))delete e.headers[t.toLowerCase()]}(i);const{uri:a,method:s}=i;if(_e(a,s,this.config.netaceaCheckpointSignalPath)){const t={status:"200",headers:{}};return await this.ingest(e,t),{respondWith:t}}if(function(e,t,i){return void 0!==i&&e.toLowerCase().includes(i.toLowerCase())&&"get"===t.toLowerCase()}(a,s,this.config.netaceaCaptchaPath)){const a=await async function({request:e,requestId:t,secretKey:i,mitigationCallFn:a,composeResultFn:s,cookieEncryptionKey:o,netaceaCookieName:n,netaceaCaptchaCookieName:r,ipHeaderName:c}){const{querystring:u}=e,h=be(e,c),d=e.headers["user-agent"]?.[0].value??"",l=e.headers.accept?.[0].value??"text/html",p=e.headers.host?.[0].value??"";if(void 0===i)throw new Error("Secret key needs to be defined to make mitigation calls.");const g=u.split("&").find((e=>e.includes("trackingId=")))?.replace("trackingId=",""),{headers:f}=e,m=await Pe(n,f,o),y=await Pe(r,f,o),{userId:k}=I(m)??{},S=await async function({userId:e,requestId:t,clientIp:i,userAgent:a,trackingId:s,accept:o,host:n,captchaCookie:r,mitigationCallFn:c,composeResultFn:u}){const h={match:"0",mitigate:"0",captcha:"1"},d=await c({userId:e,requestId:t,clientIP:i,userAgent:a,captchaCookie:r,accept:o,host:n,isCaptchaGet:!0,defaultMitataCodes:h,trackingId:s});return u(d.body,d.setCookie,d.status,d.match,d.mitigate,d.captcha,!0,d.latency??0)}({userId:k,requestId:t,clientIp:h,userAgent:d,captchaCookie:y,accept:l,host:p,trackingId:g,mitigationCallFn:a,composeResultFn:s});return Ee(e,S.apiCallStatus,S.apiCallLatency),{headers:Oe(S.setCookie),status:"403",body:S.body,statusDescription:"Forbidden"}}({request:i,requestId:t.cf.config.requestId,secretKey:this.config.secretKey,mitigationCallFn:this.makeMitigateAPICall.bind(this),composeResultFn:this.composeResult.bind(this),cookieEncryptionKey:this.config.cookieEncryptionKey,netaceaCookieName:this.config.netaceaCookieName,netaceaCaptchaCookieName:this.config.netaceaCaptchaCookieName,ipHeaderName:this.config.ipHeaderName});return await this.ingest(e,a),{respondWith:a}}const o=await this.runMitigation(t);return this.addNetaceaCookiesToRequest(i,o),i.headers[$e.NetaceaTrueUserAgentHeader]=[{key:$e.NetaceaTrueUserAgentHeader,value:this.getValueFromHeaderOrDefault(i.headers,"user-agent","-")}],void 0!==o&&this.config.ingestType===r.KINESIS&&Ee(i,o.apiCallStatus,o.apiCallLatency,o.sessionStatus),{respondWith:o?.response}}catch(e){return console.error("Netacea FailOpen - ",e.message),void 0!==i&&e instanceof Fe&&Ne(i,e),{}}}async makeRequest({host:e,path:t,method:a,body:s,headers:o,timeout:n,params:r}){const c=`${e}${t}`,u=await i.request({url:c,data:s,headers:o,method:a,timeout:n,params:r,transformResponse:e=>e,validateStatus:()=>!0});return{headers:u.headers,status:u.status,body:u.data}}async getFingerprints(e){const t=this.getValueFromHeaderOrDefault(e.headers,$e.HeadersInOriginalOrderHeader,"");let i="";if(""!==t)i=await this.hashGenerator.hashHeaders(t.split(":"));else{const t=Object.entries(e.headers).flatMap((([e,t])=>t.map((({key:t})=>t??e))));i=await this.hashGenerator.hashHeaders(t,!0)}return{headerFingerprint:i}}async mitigate(e){try{const{netaceaResult:i,request:a}=await this.getMitigationResponse(e);let s;if(i.mitigated){const o={"set-cookie":[]};for(const e of i.setCookie)o["set-cookie"]=o["set-cookie"]??[],o["set-cookie"].push({key:"set-cookie",value:e});const n="captcha"===i.mitigation;n&&void 0!==this.config.captchaHeader&&(o[this.config.captchaHeader.name]=[{key:this.config.captchaHeader.name,value:this.config.captchaHeader.value}]);s={headers:o,...Ke(a.uri,a.method)?{status:"200",statusDescription:"OK",body:""}:{status:"403",statusDescription:"Forbidden",body:"Forbidden"}},void 0!==this.config.netaceaBlockedResponseRedirectLocation&&!n&&function(e){if("GET"!==e.method?.toUpperCase())return!1;const t=(e.headers["sec-fetch-mode"]??[]).map((e=>e.value));return!(t.length>0&&!t.includes("navigate"))&&(e.headers.accept??[]).map((e=>e.value.split(/, ?/))).flat().includes("text/html")}(e.cf.request)&&(s.status="303",o.Location=[{key:"Location",value:this.config.netaceaBlockedResponseRedirectLocation}]);let c=0;if(n&&void 0!==i.body&&i.body.length>0){c=i.body.length;const e=(t=i.body).includes("captchaRelativeURL")&&t.includes("captchaAbsoluteURL");s.status=e?"403":"200",s.statusDescription=e?"Forbidden":"OK",s.body=i.body,s.bodyEncoding="text"}const u={status:s.status,statusDescription:s.statusDescription??"",headers:{"content-length":[{key:"content-length",value:c.toString()}],"set-cookie":i.setCookie.map((e=>({key:"set-cookie",value:e})))}};this.config.ingestType===r.KINESIS&&Ee(a,i.apiCallStatus,i.apiCallLatency,i.sessionStatus),await this.ingest(e,u)}return this.addNetaceaCookiesToRequest(a,i),{response:s,sessionStatus:i.sessionStatus,setCookie:i.setCookie,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}catch(t){if(t instanceof Fe&&Ne(e.cf.request,t),Ke(e.cf.request.uri,e.cf.request.method)){const t={status:"500",statusDescription:"Internal Server Error",body:"",headers:{}},i={response:t,sessionStatus:"error_open"};return await this.ingest(e,t),i}return console.error("Netacea FailOpen Error: ",t),{sessionStatus:"error_open"}}var t}async inject(e){try{const{netaceaResult:t}=await this.getMitigationResponse(e);return{injectHeaders:t.injectHeaders,sessionStatus:t.sessionStatus,setCookie:t.setCookie,apiCallLatency:t.apiCallLatency,apiCallStatus:t.apiCallStatus}}catch(e){return console.error("Netacea FailOpen Error: ",e),{sessionStatus:"",injectHeaders:void 0,setCookie:void 0}}}async ingest(e,t=void 0){let i,a;if(Object.prototype.hasOwnProperty.call(e,"Records")){const s=this.getRecordFromEvent(e);a=s,i=s.cf.request,void 0===t&&(t=s.cf.response)}else a=e,i=a.cf.request;if(!this.config.ingestEnabled)return;if(null==t)throw new Error("Cloudfront response is required to ingest");const s=this.getMitataValueFromHeaderOrDefault(t.headers,"set-cookie"),o=""!==s?s:this.getMitataValueFromHeaderOrDefault(i.headers,"cookie");let n=await this.readCookie(this.config.netaceaCookieName,o)??"";if(void 0===n||""===n){const e=this.getMitataValueFromHeaderOrDefault(i.headers,"cookie");n=await this.readCookie(this.config.netaceaCookieName,e)??""}let r="0",c="0",u="0";const h=I(n);void 0!==h&&(r=h.match,c=h.mitigate,u=h.captcha);const{sessionStatus:d,mitigationLatency:p,mitigationStatus:g}=function(e){return{sessionStatus:Te(e.headers,Ae.sessionStatus),mitigationLatency:Te(e.headers,Ae.mitigationLatency),mitigationStatus:Te(e.headers,Ae.mitigationStatus)}}(i),f=this.shouldSetCaptchaPass(i,t),m=_e(i.uri,i.method,this.config.netaceaCheckpointSignalPath),y=await this.requestAnalyser.getNetaceaRequestDetails(i),k=void 0!==d?void 0:Me(this.config.mitigationType,r,c,u,f,m).sessionStatus,S=this.getValueFromHeaderOrDefault(i.headers,$e.NetaceaTrueUserAgentHeader,y.userAgent),C=a.cf.config.requestId??"";await this.callIngest({bytesSent:this.getValueFromHeaderOrDefault(t.headers,"content-length","0"),headerFingerprint:y.fingerprints.headerFingerprint,integrationMode:this.config.mitigationType,integrationType:"@netacea/cloudfront".replace("@netacea/",""),integrationVersion:"6.0.65",ip:y.clientIp,method:y.method,mitataCookie:n,mitigationLatency:void 0!==p?l(p):void 0,mitigationStatus:void 0!==g?l(g):void 0,netaceaCookieStatus:y.sessionDetails.sessionCookieStatus,path:y.url,protocol:null,referer:this.getValueFromHeaderOrDefault(i.headers,"referer"),requestHost:this.getValueFromHeaderOrDefault(i.headers,"host",void 0),requestId:C,requestTime:"0",sessionStatus:d??k,status:t.status,userAgent:S,workerInstanceId:this.workerInstanceId,xForwardedFor:this.getValueFromHeaderOrDefault(i.headers,"x-forwarded-for")})}addNetaceaCookiesToResponse(e){const{response:t,request:i}=this.getRecordFromEvent(e).cf;if(void 0===t)throw new Error("Response required to add cookies to response");const a=i.headers[$e.NetaceaCookieHeader];if(null!=a&&null!=t.headers){let e=!1;if(void 0===t.headers["set-cookie"]?t.headers["set-cookie"]=[]:e=void 0!==t.headers["set-cookie"].find((e=>e.value.includes(this.config.netaceaCookieName)||e.value.includes(this.config.netaceaCaptchaCookieName))),!e)for(const e of a)t.headers["set-cookie"].push({key:"set-cookie",value:e.value})}this.setInjectHeaders(e)}setInjectHeaders(e){const{response:t,request:i}=this.getRecordFromEvent(e).cf;void 0!==t&&(i.headers["x-netacea-captcha"]=this.shouldSetCaptchaPass(i,t)?[{key:"x-netacea-captcha",value:"2"}]:i.headers["x-netacea-captcha"])}getValueFromHeaderOrDefault(e,t,i=""){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i)return i[0].value}return i}getMitataValueFromHeaderOrDefault(e,t,i=""){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i){const e=i.find((e=>e.value.includes(this.config.netaceaCookieName)));if(void 0!==e)return e.value}}return i}getRecordFromEvent(e){return e.Records[0]}async getMitigationResponse(e){const{request:t,config:i}=e.cf,a=i.requestId,s=this.getMitataValueFromHeaderOrDefault(t.headers,"cookie"),o=await this.readCookie(this.config.netaceaCookieName,s),n=await this.readCookie(this.config.netaceaCaptchaCookieName,s),r=be(t,this.config.ipHeaderName),c=this.getValueFromHeaderOrDefault(t.headers,"user-agent"),u=this.getValueFromHeaderOrDefault(t.headers,"accept","text/html"),h=this.getValueFromHeaderOrDefault(t.headers,"host"),d=this.getValueFromHeaderOrDefault(t.headers,"content-type","application/x-www-form-urlencoded; charset=UTF-8"),{headerFingerprint:l}=await this.getFingerprints(t);return t.headers[$e.NetaceaHeaderFingerPrintHeader]=[{key:$e.NetaceaHeaderFingerPrintHeader,value:""===l?"-":l}],{netaceaResult:await this.processMitigateRequest({getBodyFn:async()=>await function(e){if(void 0===e.body)return"";if(e.body?.inputTruncated)throw new Error("Netacea Error :: Request body is too large.");return"text"===e.body?.encoding&&e.body?.data.length>0?e.body.data:Buffer.from(e.body.data,"base64").toString("utf-8")}(t),clientIp:r,method:t.method,url:t.uri,userAgent:c,accept:u,host:h,mitata:o,mitataCaptcha:n,requestId:a,headerFingerprint:l,contentType:d}),request:t}}addNetaceaCookiesToRequest(e,t){if(void 0===t)return e;if(e.headers[$e.NetaceaCookieHeader]=[],void 0!==t.setCookie)for(const i of t.setCookie){const t=e.headers[$e.NetaceaCookieHeader]??[];t.push({key:$e.NetaceaCookieHeader,value:i}),e.headers[$e.NetaceaCookieHeader]=t}if(this.config.mitigationType===c.INJECT)for(const[i,a]of Object.entries(t.injectHeaders??{}))e.headers[i]=[{key:i,value:a}];return e}getCookieHeader(e){return this.getMitataValueFromHeaderOrDefault(e.headers,"cookie")}async encryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await async function(e,t){const i=h.base64url.decode(t),a=(new TextEncoder).encode(e);return await new h.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(i)}(e,this.config.cookieEncryptionKey):e}async decryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await we(e,this.config.cookieEncryptionKey):e}async runMitigation(e){const t={"x-netacea-captcha":"0","x-netacea-match":"0","x-netacea-mitigate":"0"};try{if(function(e,t){if(void 0===t)return!1;const i=e.uri;if(t.startsWith("/"))return t===i;try{const a=e.headers.host?.[0]?.value,s=new URL(t);return s.host===a&&s.pathname===i}catch{return!1}}(e.cf.request,this.config.netaceaBlockedResponseRedirectLocation))return{injectHeaders:t,sessionStatus:""};switch(this.config.mitigationType){case c.MITIGATE:return await this.mitigate(e);case c.INJECT:return await this.inject(e);case c.INGEST:return await this.processIngest(e);default:throw new Error(`Netacea Error: Mitigation type ${this.config.mitigationType} not recognised`)}}catch(e){return console.error("Netacea FAILOPEN Error:",e),{injectHeaders:t,sessionStatus:""}}}async readCookie(e,t){if(null==t)return;if("string"==typeof t)return await this.readCookie(e,t.split(";"));const i=`${e}=`;for(const a of t){const t=a.split(";")[0].trimStart();if(t.startsWith(i)){const a=t.slice(i.length);if(this.config.encryptedCookies.includes(e))try{return await this.decryptCookieValue(a)}catch(e){return}return a}}}async processMitigateRequest(e){const t=Ke(e.url,e.method);return await(t?this.processCaptcha({...e,netaceaCookie:e.mitata,captchaData:await e.getBodyFn()}):this.check(e.mitata,e.clientIp,e.userAgent,e.accept,e.host,e.requestId,e.mitataCaptcha,e.headerFingerprint))}shouldSetCaptchaPass(e,t){if(Ke(e.uri,e.method))return!0;if(void 0===t)return!1;const i=null!=t.headers?t.headers["set-cookie"]:void 0,a=i?.find((e=>e.value.split("=")[0]===this.config.netaceaCaptchaCookieName)),s=void 0!==a;return this.config.mitigationType===c.INJECT&&s}async processCaptcha(e){const{status:t,match:i,mitigate:a,captcha:s,body:o,setCookie:n,latency:r}=await this.makeCaptchaAPICall(e);return this.composeResult(o,n,t,i,a,s,!0,r)}async makeCaptchaAPICall(e){const{netaceaCookie:t,clientIp:i,userAgent:a,headerFingerprint:s,captchaData:o,contentType:n,requestId:r}=e,c={"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":i,"X-Netacea-Request-Id":r,"user-agent":a,"Content-Type":n},u=I(t);void 0!==u&&(c["X-Netacea-UserId"]=u.userId),void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(c["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,c["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey);const h=new URLSearchParams;""!==s&&h.append("headerFP",s),h.append("netaceaHeaders","request-id");const d=Date.now(),l=await this.makeRequest({host:this.config.mitigationServiceUrl,path:"/AtaVerifyCaptcha",headers:c,method:"POST",body:o,timeout:this.config.timeout,params:h}),p=Date.now()-d;return await this.getApiCallResponseFromResponse(l,u?.userId,i,p)}async getApiCallResponseFromResponse(e,t,i,a,s){if(200!==e.status)throw new Fe(e,a);const o=xe(e.headers,Xe.match)??s?.match??"0",n=xe(e.headers,Xe.mitigate)??s?.mitigate??"0",r=xe(e.headers,Xe.captcha)??s?.captcha??"0";let c=function(e,t){const i=xe(e,t);if(void 0!==i)return parseInt(i,36)}(e.headers,Xe.mitataExpiry)??NaN;isNaN(c)&&(c=86400);const u=[];if(String(r)!==String(k.captchaStatusCodes.checkpointPost)){const a=await this.createMitata(i,t,o,n,r);void 0!==a&&u.push(a);const s=await this.createMitataCaptcha(e.headers);void 0!==s&&u.push(s)}const h=xe(e.headers,Xe.eventId);return{status:e.status,match:o,mitigate:n,captcha:r,setCookie:u,body:e.body,eventId:h,mitataMaxAge:c,latency:a}}APIError(e){let t="Unknown error";switch(e.status){case 403:t="Invalid credentials";break;case 500:t="Server error";break;case 502:t="Bad Gateway";break;case 503:t="Service Unavailable";break;case 400:t="Invalid request"}return new Error(`Error reaching Netacea API (${t}), status: ${e.status}`)}async createMitata(e,t,i,a,s,o=86400,n=void 0){const r=["1","3","5"].includes(s)||"3"===a?-60:this.config.mitataCookieExpirySeconds,c=n??Math.floor(Date.now()/1e3)+r;if(void 0===this.config.secretKey)throw new Error("Cannot build cookie without secret key.");const u=[i,a,s].join(""),h=function(e,t,i,a,s="000"){void 0===t&&(t=w());const o=[i,t,b(e+"|"+String(i),a),s].join(g);return`${b(o,a)}${g}${o}`}(e,t,c,this.config.secretKey,u);let d,l,p=o;if(""!==this.config.netaceaCookieAttributes){const{extractedAttribute:e,cookieAttributes:t}=Ue(this.config.netaceaCookieAttributes,"Max-Age");p=void 0!==e?Number(e):o;const{extractedAttribute:i,cookieAttributes:a}=Ue(t,"Path");d=i??"/",l=a??void 0}return await this.buildCookieFromValues(this.config.netaceaCookieName,h,p,l,d)}async createMitataCaptcha(e){let t=e["set-cookie"]??[];t="string"==typeof t?[t]:t;const i=t.find((e=>e.startsWith("_mitatacaptcha=")));let a,s="86400";if(void 0!==i&&""!==i)try{const e=Ge(i);a=e.value,s=Be(e.attributes,"Max-Age")??"86400"}catch(e){return}if(""===a||void 0===a)return;const o=ze([this.config.netaceaCaptchaCookieAttributes,"Path=/",`Max-Age=${s}`]);return a=this.config.encryptedCookies.includes(this.config.netaceaCaptchaCookieName)?await this.encryptCookieValue(a):a,`${this.config.netaceaCaptchaCookieName}=${a}; ${o}`}async buildCookieFromValues(e,t,i,a,s="/"){const o=`${e}=${this.config.encryptedCookies.includes(e)?await this.encryptCookieValue(t):t}; Max-Age=${i}; Path=${s}`;return void 0!==a&&""!==a?`${o}; ${a}`:o}async callIngest(e){const t=He(e);if(this.config.ingestType===r.KINESIS){if(void 0===this.kinesis)return void console.error("Netacea Error: Unable to log as Kinesis has not been defined.");if(void 0!==this.config.kinesisConfigArgs){const{kinesisStreamName:e,kinesisAccessKey:t,kinesisSecretKey:i}=this.config.kinesisConfigArgs;if(void 0===e||void 0===t||void 0===i)return void console.error("Netacea Error: Unable to log as Kinesis configuration misses credentials.")}try{await this.kinesis.ingest({...t,apiKey:this.config.apiKey})}catch(e){console.error("NETACEA Error: ",e.message)}}else{const e={"X-Netacea-API-Key":this.config.apiKey,"content-type":"application/json"},i=await this.makeIngestApiCall(e,t);if(200!==i.status&&202!==i.status)throw this.APIError(i)}}async makeIngestApiCall(e,t){return await this.makeRequest({host:this.config.ingestServiceUrl,method:"POST",path:"/",headers:e,body:JSON.stringify(t),timeout:this.config.timeout})}async processIngest(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required for ingest");const t=this.getCookieHeader(e.cf.request),i=A(await this.readCookie(this.config.netaceaCookieName,t),S,this.config.secretKey);return i.isPrimaryHashValid?i.requiresReissue?await this.setIngestOnlyMitataCookie(i.mitata?.userId):{sessionStatus:"",setCookie:[]}:await this.setIngestOnlyMitataCookie(void 0)}async setIngestOnlyMitataCookie(e){return{sessionStatus:"",setCookie:[await this.createMitata(S,e,"0","0","0",86400)]}}async check(e,t,i,a,s,o,n,r){let c,u,h,d,l,p,g,f;if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");const m=A(e,t,this.config.secretKey);if(!m.isPrimaryHashValid||m.requiresReissue){const e=await this.makeMitigateAPICall({userId:m.mitata?.userId,clientIP:t,userAgent:i,captchaCookie:n,accept:a,host:s,requestId:o,headerFingerprint:r});c=e.status,u=e.match,h=e.mitigate,d=e.captcha,l=e.body,f=e.latency,p=[await this.createMitata(t,m.mitata?.userId,u,h,d,e.mitataMaxAge)],g=e.eventId}else u=m.match,h=m.mitigate,d=m.captcha,l=void 0,p=[];return this.composeResult(l,p,c,u,h,d,!1,f,g)}async makeMitigateAPICall({userId:e,clientIP:t,userAgent:i,captchaCookie:a,accept:s,host:o,isCaptchaGet:n=!1,defaultMitataCodes:r,trackingId:c,requestId:u,headerFingerprint:h}){const d={"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":t,"X-Netacea-Request-Id":u,"user-agent":i,cookie:this.buildCookieHeader({_mitatacaptcha:a})};void 0!==e&&(d["X-Netacea-UserId"]=e),void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(d["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,d["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey),this.config.dynamicCaptchaContentType&&void 0!==this.config.netaceaCaptchaPath&&(d["X-Netacea-Captcha-Content-Type"]=function(e){const t=e?.toLowerCase()??"text/html",i=t?.includes("text/html")||t?.includes("application/html"),a=t?.includes("application/json");return a&&!i?"application/json":"text/html"}(s));const l="application/json"===d["X-Netacea-Captcha-Content-Type"],p=void 0!==c?`?trackingId=${c}`:"",g=new URLSearchParams;"string"==typeof h&&g.set("headerFP",h),g.append("netaceaHeaders","request-id");const f=Date.now(),m=await this.makeRequest({host:this.config.mitigationServiceUrl,path:n?`/captcha${p}`:"/",headers:d,method:"GET",timeout:this.config.timeout,params:g}),y=Date.now()-f;return l&&void 0!==this.config.netaceaCaptchaPath&&(m.body=function(e,t,i){let a;if(void 0===e||""===e)return"";if("string"==typeof e&&(a=JSON.parse(e)),!function(e){if(null==e)return!1;const t=e;return void 0!==t?.captchaSiteKey&&void 0!==t?.trackingId&&void 0!==t?.captchaURL}(a))throw new Error("Body is not a Mitigation Service JSON response!");const s=`${i}?trackingId=${a.trackingId}`,o=`https://${t}${s}`;return JSON.stringify({captchaRelativeURL:s,captchaAbsoluteURL:o})}(m.body,o,this.config.netaceaCaptchaPath)),await this.getApiCallResponseFromResponse(m,e,t,y,r)}buildCookieHeader(e){let t="",i="";for(const a in e){const s=e[a];void 0!==s&&(t=`${t}${i}${a}=${s}`,i="; ")}return t}composeResult(e,t,i,a,s,o,n,r,u){const h=Me(this.config.mitigationType,a,s,o,n),d={body:e,apiCallStatus:i,apiCallLatency:r,setCookie:t,sessionStatus:h.sessionStatus,mitigation:h.mitigation,mitigated:[We.block,We.captcha,We.captchaPass].includes(h.mitigation)};if(this.config.mitigationType===c.INJECT){const e={"x-netacea-match":h.parts.match,"x-netacea-mitigate":h.parts.mitigate,"x-netacea-captcha":h.parts.captcha};void 0!==u&&(e["x-netacea-event-id"]=u),d.injectHeaders=e}return d}};
|
|
2
2
|
//# sourceMappingURL=index.js.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@netacea/cloudfront",
|
|
3
|
-
"version": "6.0.
|
|
3
|
+
"version": "6.0.65",
|
|
4
4
|
"description": "Netacea Cloudfront CDN integration",
|
|
5
5
|
"files": [
|
|
6
6
|
"dist/index.js",
|
|
@@ -24,5 +24,5 @@
|
|
|
24
24
|
"jose": "^4.11.2",
|
|
25
25
|
"uuid": "^10.0.0"
|
|
26
26
|
},
|
|
27
|
-
"gitHead": "
|
|
27
|
+
"gitHead": "d9c7a6daae5a08001a22facaf6d10cb1eba1baa8"
|
|
28
28
|
}
|