@netacea/cloudfront 7.0.8 → 7.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.d.ts +69 -48
  2. package/dist/index.js +1 -1
  3. package/package.json +2 -2
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  /// <reference types="node" />
2
2
  import aws4 from 'aws4';
3
- import { CloudFrontResultResponse, CloudFrontRequest, CloudFrontRequestEvent, CloudFrontResponseEvent, CloudFrontResponse } from 'aws-lambda';
3
+ import { CloudFrontResultResponse, CloudFrontRequest, CloudFrontRequestEvent, CloudFrontResponseEvent } from 'aws-lambda';
4
4
 
5
5
  interface KinesisIngestConfigArgs {
6
6
  kinesisStreamName: string;
@@ -193,39 +193,39 @@ interface InjectHeaders {
193
193
  'x-netacea-captcha': string;
194
194
  'x-netacea-event-id'?: string;
195
195
  }
196
- interface IngestArgs {
197
- bytesSent: string | number;
198
- cookieFingerprint?: string;
199
- gqlOpName?: string;
200
- gqlOpType?: string;
201
- headerFingerprint?: string;
202
- integrationMode?: string;
203
- integrationType?: string;
204
- integrationVersion?: string;
205
- ip: string;
206
- ipHeader?: string;
207
- method: string;
208
- mitataCookie?: string;
209
- mitigationLatency?: number;
210
- mitigationStatus?: number;
211
- netaceaCookieStatus?: number;
212
- path: string;
213
- protocol: string | null;
214
- query?: string;
215
- referer: string;
216
- reqHandlerId?: string;
217
- reqHandlerMs?: number;
218
- requestHost?: string;
219
- requestId?: string;
220
- requestTime: string | number;
221
- resHandlerId?: string;
222
- resHandlerMs?: number;
223
- sessionStatus?: string;
224
- status: string;
225
- timeUnixMsUTC?: number;
226
- userAgent: string;
227
- workerInstanceId?: string;
228
- xForwardedFor?: string;
196
+ interface WebLog {
197
+ BytesReceived?: number;
198
+ BytesSent: number | string;
199
+ GraphQL?: Record<string, string>;
200
+ HeaderHash?: string;
201
+ IntegrationType?: string;
202
+ IntegrationVersion?: string;
203
+ IpFromHeader?: string;
204
+ NetaceaMitigationApplied: string;
205
+ NetaceaUserIdCookie?: string;
206
+ NetaceaUserIdCookieStatus?: number;
207
+ optional?: Record<string, unknown>;
208
+ ProtectionMode?: string;
209
+ ProtectorLatencyMs?: number;
210
+ ProtectorStatus?: number;
211
+ Query?: string;
212
+ RealIp: string;
213
+ Referer: string;
214
+ ReqHandlerId?: string;
215
+ ReqHandlerMs?: number;
216
+ Request: string;
217
+ RequestHost?: string;
218
+ RequestId?: string;
219
+ RequestTime: string;
220
+ ResHandlerId?: string;
221
+ ResHandlerMs?: number;
222
+ Status: string;
223
+ TimeLocal: string;
224
+ TimeUnixMsUTC?: number;
225
+ UserAgent: string;
226
+ UserId?: string;
227
+ WorkerInstanceId?: string;
228
+ XForwardedFor?: string;
229
229
  }
230
230
  interface NetaceaResponseBase {
231
231
  /**
@@ -303,6 +303,19 @@ interface CheckCookieResponse {
303
303
  userId?: string | undefined;
304
304
  }
305
305
 
306
+ interface GraphQLParserConfig {
307
+ includePaths: string[];
308
+ parserRegex: RegExp;
309
+ maxParsableBytes: number;
310
+ maxValueLength: number;
311
+ }
312
+ interface GraphQLParserArgs extends Omit<GraphQLParserConfig, 'parserRegex'> {
313
+ parserRegex: RegExp | {
314
+ regex: string;
315
+ flags: string;
316
+ };
317
+ }
318
+
306
319
  interface KinesisIngestWebLog {
307
320
  apiKey: string;
308
321
  }
@@ -354,22 +367,23 @@ interface NetaceaHandleRequestResult {
354
367
  respondWith?: CloudFrontResultResponse;
355
368
  }
356
369
  interface CloudfrontConstructorArgs extends NetaceaBaseArgs, KinesisIngestArgs$1 {
357
- ingestEnabled?: boolean;
358
- cookieEncryptionKey?: string;
359
- netaceaCaptchaPath?: string;
360
- captchaHeader?: CustomHeader;
361
370
  captchaFeedbackHeaderName?: string;
371
+ captchaHeader?: CustomHeader;
372
+ cookieEncryptionKey?: string;
362
373
  dynamicCaptchaContentType?: boolean;
363
- netaceaCookieAttributes?: string;
364
- netaceaCaptchaCookieAttributes?: string;
365
- logBatchSize?: number | undefined;
374
+ graphQL?: GraphQLParserArgs;
375
+ ingestEnabled?: boolean;
366
376
  ipHeaderName?: string;
367
- netaceaBlockedResponseRedirectLocation?: string;
368
- netaceaCheckpointSignalPath?: string;
369
- netaceaCaptchaVerificationPath?: string;
370
- netaceaBlockedResponseStatus?: string | number;
377
+ logBatchSize?: number | undefined;
371
378
  netaceaBlockedResponseBody?: string;
372
379
  netaceaBlockedResponseContentType?: string;
380
+ netaceaBlockedResponseRedirectLocation?: string;
381
+ netaceaBlockedResponseStatus?: string | number;
382
+ netaceaCaptchaCookieAttributes?: string;
383
+ netaceaCaptchaPath?: string;
384
+ netaceaCaptchaVerificationPath?: string;
385
+ netaceaCheckpointSignalPath?: string;
386
+ netaceaCookieAttributes?: string;
373
387
  }
374
388
  interface CustomHeader {
375
389
  name: string;
@@ -394,13 +408,17 @@ interface NetaceaSessionDetails {
394
408
  userId: string;
395
409
  }
396
410
  interface NetaceaRequestDetails {
411
+ bytesReceived: number;
397
412
  clientIp: string;
413
+ graphQL?: Record<string, string>;
398
414
  method: string;
399
415
  requestId: string;
400
416
  sessionDetails: NetaceaSessionDetails;
401
417
  url: string;
418
+ headerFingerprint: string;
402
419
  headers: {
403
420
  accept: string | undefined;
421
+ contentType: string | undefined;
404
422
  host: string | undefined;
405
423
  userAgent: string;
406
424
  };
@@ -439,6 +457,7 @@ declare class CloudfrontConfig {
439
457
  readonly netaceaCaptchaCookieAttributes: string;
440
458
  readonly netaceaCaptchaVerificationPath: string;
441
459
  readonly captchaFeedbackHeaderName?: string;
460
+ readonly graphQL: GraphQLParserConfig;
442
461
  readonly netaceaBlockedResponseRedirectLocation: string | undefined;
443
462
  readonly netaceaBlockedResponseStatus: number;
444
463
  readonly netaceaBlockedResponseBody: string;
@@ -472,6 +491,8 @@ interface InitialState {
472
491
  shouldSetSessionCookie?: boolean;
473
492
  eventId?: string;
474
493
  headerFingerprint?: string;
494
+ bytesReceived?: number;
495
+ graphQLFields?: Record<string, string>;
475
496
  }
476
497
  declare class RequestState {
477
498
  eventId: string | undefined;
@@ -488,6 +509,8 @@ declare class RequestState {
488
509
  sessionStatus: string | undefined;
489
510
  setCookies: string[];
490
511
  shouldSetSessionCookie: boolean;
512
+ bytesReceived: number | undefined;
513
+ graphQLFields: Record<string, string> | undefined;
491
514
  constructor(initState: InitialState);
492
515
  saveToRequest(request: CloudFrontRequest, encryptionKey?: string): Promise<void>;
493
516
  recordProtectorApiError(err: ProtectorApiError): void;
@@ -517,7 +540,6 @@ declare class Cloudfront {
517
540
  private ingestUsingContext;
518
541
  private setNetaceaCookies;
519
542
  private getValueFromHeaderOrDefault;
520
- private getSetSessionCookieValue;
521
543
  private handleCaptchaPostRequest;
522
544
  private handleCaptchaGetRequest;
523
545
  private addNetaceaInjectHeadersToRequest;
@@ -534,14 +556,13 @@ declare class Cloudfront {
534
556
  * @returns the value of the cookie, if found.
535
557
  */
536
558
  protected readCookie(cookieName: string, cookies: string | string[] | null | undefined): Promise<string | undefined>;
537
- protected shouldSetCaptchaPass(request: CloudFrontRequest, response: CloudFrontResponse | CloudFrontResultResponse): boolean;
538
559
  private makeCaptchaAPICall;
539
560
  private getApiCallResponseFromResponse;
540
561
  protected APIError(response: APICallResponse): Error;
541
562
  protected createSetSessionCookie(clientIP: string, userId: string | undefined, match: string, mitigate: string, captcha: string, maxAge?: number, expiry?: number | undefined): Promise<string>;
542
563
  protected createMitataCaptcha(headers: Record<string, string | string[]>): Promise<string | undefined>;
543
564
  private buildCookieFromValues;
544
- protected callIngest(args: IngestArgs): Promise<void>;
565
+ protected callIngest(body: WebLog): Promise<void>;
545
566
  private makeIngestApiCall;
546
567
  protected processIngest(context: NetaceaContext): Promise<NetaceaResponseBase>;
547
568
  protected setIngestOnlyMitataCookie(userId: string | undefined): Promise<NetaceaResponseBase>;
package/dist/index.js CHANGED
@@ -1,2 +1,2 @@
1
- "use strict";var e=require("node:crypto"),t=require("node:buffer"),i=require("aws4"),a=require("jose"),s=require("uuid");function o(e){var t=Object.create(null);return e&&Object.keys(e).forEach((function(i){if("default"!==i){var a=Object.getOwnPropertyDescriptor(e,i);Object.defineProperty(t,i,a.get?a:{enumerable:!0,get:function(){return e[i]}})}})),t.default=e,Object.freeze(t)}var n,r,c,d=o(a),h=o(s);!function(e){e.ORIGIN="ORIGIN",e.HTTP="HTTP",e.KINESIS="KINESIS",e.NATIVE="NATIVE"}(n||(n={})),function(e){e.MITIGATE="MITIGATE",e.INJECT="INJECT",e.INGEST="INGEST"}(r||(r={})),function(e){e.CAPTCHA_GET="captcha_get",e.CAPTCHA_POST="captcha_post",e.EXPIRED_SESSION="expired_session",e.FORCED_REVALIDATION="forced_revalidation",e.INVALID_SESSION="invalid_session",e.IP_CHANGE="ip_change",e.NO_SESSION="no_session"}(c||(c={}));function u(e,t=0){return isNaN(e)?t:parseInt(e)}const l=3e3;const p="_/@#/",g={none:"",block:"block",captcha:"captcha",allow:"allow",captchaPass:"captchapass"},f={0:g.none,1:g.block,2:g.none,3:g.block,4:g.none},m={1:g.captcha,2:g.captchaPass,3:g.captcha,4:g.allow,5:g.captcha,6:g.allow,7:g.captcha,a:g.captcha,b:g.captchaPass,c:g.captcha,d:g.allow,e:g.captcha};var y=Object.freeze({__proto__:null,COOKIEDELIMITER:p,bestMitigationCaptchaMap:m,bestMitigationMap:f,captchaMap:{0:"",1:"captcha_serve",2:"captcha_pass",3:"captcha_fail",4:"captcha_cookiepass",5:"captcha_cookiefail",6:"checkpoint_signal",7:"checkpoint_post",a:"checkpoint_serve",b:"checkpoint_pass",c:"checkpoint_fail",d:"checkpoint_cookiepass",e:"checkpoint_cookiefail"},captchaStatusCodes:{"":0,captchaServe:1,captchaPass:2,captchaFail:3,captchaCookiePass:4,captchaCookieFail:5,checkpointSignal:6,checkpointPost:7,checkpointServe:"a",checkpointPass:"b",checkpointFail:"c",checkpointCookiePass:"d",checkpointCookieFail:"e"},matchMap:{0:"",1:"ua_",2:"ip_",3:"visitor_",4:"datacenter_",5:"sev_",6:"organisation_",7:"asn_",8:"country_",9:"combination_",b:"headerFP_"},mitigateMap:{0:"",1:"blocked",2:"allow",3:"hardblocked",4:"flagged"},mitigationTypes:g,netaceaCookieV3KeyMap:{clientIP:"cip",userId:"uid",gracePeriod:"grp",cookieId:"cid",match:"mat",mitigate:"mit",captcha:"cap",issueTimestamp:"ist",issueReason:"isr"},netaceaCookieV3OptionalKeyMap:{checkAllPostRequests:"fCAPR"},netaceaHeaders:{match:"x-netacea-match",mitigate:"x-netacea-mitigate",captcha:"x-netacea-captcha",mitata:"x-netacea-mitata-value",mitataExpiry:"x-netacea-mitata-expiry",mitataCaptcha:"x-netacea-mitatacaptcha-value",mitataCaptchaExpiry:"x-netacea-mitatacaptcha-expiry",eventId:"x-netacea-event-id"},netaceaSettingsMap:{checkAllPostRequests:"checkAllPostRequests"}});const S="ignored",k="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".split(""),C=/^(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/((\d|[a-z])(\d)(\d|[a-z]))$/i;function v(e){if(void 0===e)return;const t=e.match(C);if(null!=t){const[,e,i,a,s,o,n,r,c]=t;return{signature:e,expiry:i,userId:a,ipHash:s,mitigationType:o,match:n,mitigate:r,captcha:c}}}function I(t=16,i=k){const a=e.randomBytes(t-1);return`c${Array.from(a).map((e=>i[e%i.length])).join("")}`}function w(i,a){const s=e.createHmac("sha256",a);return s.update(i),t.Buffer.from(s.digest("hex")).toString("base64")}function b(e,t,i){const a={mitata:void 0,requiresReissue:!1,isExpired:!1,shouldExpire:!1,isSameIP:!1,isPrimaryHashValid:!1,captcha:"0",match:"0",mitigate:"0"};if("string"!=typeof e||""===e)return a;const s=v(e);if(void 0!==s){const e=[s.expiry,s.userId,s.ipHash,s.mitigationType].join(p),a=Math.floor(Date.now()/1e3),o=parseInt(s.expiry)<a,n=["1","3","5","a","c","e"].includes(s.captcha),r="3"===s.mitigate,c=n||r,d=w(t+"|"+s.expiry,i),h=s.ipHash===d;return{mitata:s,requiresReissue:o||!h,isExpired:o,shouldExpire:c,isSameIP:h,isPrimaryHashValid:s.signature===w(e,i),match:s.match,mitigate:s.mitigate,captcha:s.captcha,userId:s.userId}}return a}function A(e,t){const i=e.split(";").map((e=>e.trim())).filter((e=>e.toLowerCase().startsWith(t.toLowerCase())))[0];return void 0!==i&&i.length>0?i?.replace(`${t}=`,""):void 0}function q(e,t=!1){return"string"!=typeof e&&(e=e.join("; ")),""===e?"":N(e.split(";"),t).join("; ")}function N(e,t=!1){if(t)return N(e.reverse()).reverse();const i=new Set,a=[];for(let t of e){if(t=t.trimStart(),""===t.trim())continue;const e=t.split("=")[0].toUpperCase();i.has(e)||(i.add(e),a.push(t))}return a}var T=Object.freeze({__proto__:null,configureCookiesDomain:function(e,t){let i=e=q(e??"",!0),a=t=q(t??"",!0);if(void 0!==e&&void 0!==t){const s=A(e,"Domain"),o=A(t,"Domain");void 0!==s&&void 0!==o?a=t.replace(o,s):void 0!==s&&void 0===o?a=t+(""!==t?`; Domain=${s}`:`Domain=${s}`):void 0===s&&void 0!==o&&(i=e+(""!==e?`; Domain=${o}`:`Domain=${o}`))}else if(void 0!==e&&void 0===t){const t=A(e,"Domain");void 0!==t&&(a=`Domain=${t}`)}else if(void 0===e&&void 0!==t){const e=A(t,"Domain");void 0!==e&&(i=`Domain=${e}`)}return{cookieAttributes:""!==i?i:void 0,captchaCookieAttributes:""!==a?a:void 0}},extractAndRemoveCookieAttr:function(e,t){const i=A(e,t);if(void 0!==i){return{extractedAttribute:i,cookieAttributes:e.replace(/ /g,"").replace(`${t}=${i}`,"").split(";").filter((e=>e.length>0)).join("; ")}}return{extractedAttribute:void 0,cookieAttributes:e}},extractCookieAttr:A,removeDuplicateAttrs:q});var E=Object.freeze({__proto__:null,parseSetCookie:function(e){const t=e.indexOf("=");if(t<0)throw new Error("Could not parse the given set-cookie value.");const i=e.slice(0,t),a=e.slice(t+1),s=a.indexOf(";");if(s<0){return{name:i,value:a,attributes:""}}return{name:i,value:a.slice(0,s),attributes:a.slice(s).trimStart()}}});const P={cookie:{parse:E,attributes:T}};class H{constructor(e){this.crypto=e}async hashString(e,t,i=!1){const a=i?[...t].sort():[...t],s=(new TextEncoder).encode(a.join(",")),o=await this.crypto.subtle.digest(e,s),n=Array.from(new Uint8Array(o)).map((e=>e.toString(16).padStart(2,"0"))).join("").substring(0,12);return"h"+(i?"s":"")+`_${t.length}_${n}`}static filterHeaderNames(e){return e.filter((e=>{const t=e.toLowerCase();return!["","cookie","referer"].includes(t)&&null===t.match(/^(x-netacea-|cloudfront-)/i)}))}async hashHeaders(e,t=!1){const i=H.filterHeaderNames(e);if(0===i.length)return"";try{return await this.hashString("SHA-256",i,t)}catch(e){return console.error(e),""}}}const O=globalThis.fetch.bind(globalThis);var _="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},x={},R={};Object.defineProperty(R,"__esModule",{value:!0}),R.validateRedirectLocation=void 0,R.validateRedirectLocation=function(e){if(""!==(e=e??""))try{return new URL(e).toString()}catch{if(/^https?:\/\//i.test(e))return;return e.startsWith("/")?e:`/${e}`}};var K={},M={};function D(e,t){for(const i of Object.keys(e)){if("cookie"!==i&&"Cookie"!==i)continue;const a=e[i]??"",s=j("string"==typeof a?a:a.join("; "),t);if(void 0!==s)return s}}function L(e,t){const i=[];for(const a of Object.keys(e)){if("cookie"!==a&&"Cookie"!==a)continue;const s=e[a]??"",o="string"==typeof s?s:s.join("; ");i.push(...F(o,t))}return i}function j(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).find((e=>e.startsWith(i)))}function F(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).filter((e=>e.startsWith(i)))}Object.defineProperty(M,"__esModule",{value:!0}),M.findAllInCookieString=M.findFirstInCookieString=M.findAllInHeaders=M.findFirstInHeaders=M.findOnlyValueInHeaders=M.findAllValuesInHeaders=M.findFirstValueInHeaders=void 0,M.findFirstValueInHeaders=function(e,t){const i=D(e,t);if(void 0!==i)return i.slice(t.length+1)},M.findAllValuesInHeaders=function(e,t){return L(e,t).map((e=>e.slice(t.length+1)))},M.findOnlyValueInHeaders=function(e,t){const i=L(e,t);if(i.length>1)throw new Error(`Found more than one cookie with name ${t}`);return i[0]?.slice(t.length+1)},M.findFirstInHeaders=D,M.findAllInHeaders=L,M.findFirstInCookieString=j,M.findAllInCookieString=F;var B={};function V(e){return"set-cookie"===e||"Set-Cookie"===e}function U(e,t){const i=t+"=";return e.startsWith(i)}function $(e,t){const i=e[t]??[];return"string"==typeof i?[i]:i}function z(e,t){for(const i of Object.keys(e)){if(!V(i))continue;const a=G($(e,i),t);if(void 0!==a)return a}}function G(e,t){return e.map((e=>e.trimStart())).find((e=>U(e,t)))}function W(e,t){const i=[];for(const a of Object.keys(e)){if(!V(a))continue;const s=$(e,a);i.push(...J(s,t))}return i}function J(e,t){return e.map((e=>e.trimStart())).filter((e=>U(e,t)))}Object.defineProperty(B,"__esModule",{value:!0}),B.findAllInSetCookieStrings=B.findAllInHeaders=B.findFirstInSetCookieStrings=B.findFirstInHeaders=B.findOnlyValueInHeaders=B.findFirstValueInHeaders=void 0,B.findFirstValueInHeaders=function(e,t){const i=z(e,t);return i?.slice(t.length+1)?.split(";")[0]},B.findOnlyValueInHeaders=function(e,t){const i=W(e,t);if(i.length>1)throw new Error(`Found more than one set-cookie with name ${t}`);return i[0]?.slice(t.length+1)?.split(";")[0]},B.findFirstInHeaders=z,B.findFirstInSetCookieStrings=G,B.findAllInHeaders=W,B.findAllInSetCookieStrings=J;var X=_&&_.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),Y=_&&_.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),Q=_&&_.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&X(t,e,i);return Y(t,e),t};Object.defineProperty(K,"__esModule",{value:!0}),K.setCookie=K.cookie=void 0,K.cookie=Q(M),K.setCookie=Q(B);var Z={},ee={},te={};Object.defineProperty(te,"__esModule",{value:!0}),te.KINESIS_URL=te.API_VERSION=te.REGION=te.PAYLOAD_TYPE=te.STATE=void 0,te.STATE={ACTIVE:"ACTIVE",UPDATING:"UPDATING",CREATING:"CREATING",DELETING:"DELETING"},te.PAYLOAD_TYPE="string",te.REGION="eu-west-1",te.API_VERSION="2013-12-02",te.KINESIS_URL="https://kinesis.eu-west-1.amazonaws.com";var ie={};Object.defineProperty(ie,"__esModule",{value:!0}),ie.headersToRecord=ie.increaseBatchSize=ie.handleFailedLogs=ie.batchArrayForKinesis=ie.sleep=void 0,ie.sleep=async function(e){await new Promise((t=>{setTimeout(t,e)}))},ie.batchArrayForKinesis=function(e,t,i){const a=[];for(let s=0;s<e.length;s+=t){const o=e.slice(s,s+t);a.push({Data:i.from(JSON.stringify(o)).toString("base64"),PartitionKey:Date.now().toString()})}return a},ie.handleFailedLogs=function(e,t,i){const a=2*i,s=[...e,...t],o=s.length-a;return o>0&&(console.error(`Netacea Error :: failed to send ${o} log(s) to Kinesis ingest.`),s.splice(0,o)),s},ie.increaseBatchSize=function(e,t){return e!==t?Math.min(t,2*e):e},ie.headersToRecord=function(e){const t={};return e.forEach(((e,i)=>{t[i]=e})),t},Object.defineProperty(ee,"__esModule",{value:!0}),ee.WebStandardKinesis=void 0;const ae=te,se=ie;ee.WebStandardKinesis=class{constructor({deps:e,kinesisIngestArgs:t}){if(this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e,void 0===t.kinesisAccessKey)throw new Error("kinesisAccessKey is required for kinesis ingest");if(void 0===t.kinesisSecretKey)throw new Error("kinesisSecretKey is required for kinesis ingest");this.kinesisStreamName=t.kinesisStreamName,this.kinesisAccessKey=t.kinesisAccessKey,this.kinesisSecretKey=t.kinesisSecretKey,this.maxAwaitTimePerIngestCallMs=t.maxAwaitTimePerIngestCallMs,void 0!==t.maxLogAgeSeconds&&t.maxLogAgeSeconds<this.maxLogAgeSeconds&&t.maxLogAgeSeconds>0&&(this.maxLogAgeSeconds=t.maxLogAgeSeconds),void 0!==t.logBatchSize&&(this.maxLogBatchSize=t.logBatchSize),this.logBatchSize=!0===t.rampUpBatchSize?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=new this.deps.AwsClient({accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey}),i=await this.signRequest(t,{streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);await this.deps.makeRequest({headers:(0,se.headersToRecord)(i.headers),host:ae.KINESIS_URL,method:"POST",path:"/",body:i.body}),this.logBatchSize=(0,se.increaseBatchSize)(this.logBatchSize,this.maxLogBatchSize)}catch(t){this.logCache=(0,se.handleFailedLogs)(this.logCache,e,this.maxLogBatchSize)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push((0,se.sleep)(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=(0,se.sleep)(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}async signRequest(e,t,i,a){const s={Records:(0,se.batchArrayForKinesis)(i,a,this.deps.Buffer),PartitionKey:Date.now().toString(),StreamName:t.streamName};return await e.sign(ae.KINESIS_URL,{body:JSON.stringify(s),method:"POST",headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"}})}};var oe={};Object.defineProperty(oe,"__esModule",{value:!0}),oe.Kinesis=void 0;const ne=te,re=ie;oe.Kinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e,this.kinesisStreamName=t.kinesisStreamName,this.kinesisAccessKey=t.kinesisAccessKey,this.kinesisSecretKey=t.kinesisSecretKey,this.maxAwaitTimePerIngestCallMs=t.maxAwaitTimePerIngestCallMs,void 0!==t.maxLogAgeSeconds&&t.maxLogAgeSeconds<this.maxLogAgeSeconds&&t.maxLogAgeSeconds>0&&(this.maxLogAgeSeconds=t.maxLogAgeSeconds),void 0!==t.logBatchSize&&(this.maxLogBatchSize=t.logBatchSize),this.logBatchSize=!0===t.rampUpBatchSize?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=this.signRequest({streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);if("POST"!==t.method)throw new Error(`Unexpected method. Expected POST but got ${t.method}`);await this.deps.makeRequest({headers:t.headers??{},host:`https://${t.hostname}`,method:t.method,path:t.path??"/",body:t.body}),this.logBatchSize=(0,re.increaseBatchSize)(this.logBatchSize,this.maxLogBatchSize)}catch(t){this.logCache=(0,re.handleFailedLogs)(this.logCache,e,this.maxLogBatchSize)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push((0,re.sleep)(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=(0,re.sleep)(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}signRequest(e,t,i){const{accessKeyId:a,secretAccessKey:s}=e,o={Records:(0,re.batchArrayForKinesis)(t,i,this.deps.Buffer),PartitionKey:Date.now().toString(),StreamName:e.streamName};return this.deps.aws4.sign({service:"kinesis",body:JSON.stringify(o),headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"},region:ne.REGION},{accessKeyId:a,secretAccessKey:s})}},function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.Kinesis=e.WebStandardKinesis=void 0;var t=ee;Object.defineProperty(e,"WebStandardKinesis",{enumerable:!0,get:function(){return t.WebStandardKinesis}});var i=oe;Object.defineProperty(e,"Kinesis",{enumerable:!0,get:function(){return i.Kinesis}})}(Z);var ce={};function de(e,t){let i=null;if("number"==typeof e)i=e;else if("string"==typeof e){const t=parseFloat(e);isNaN(t)||(i=t)}if(null===i){if("number"!=typeof t.defaultValue)return t.defaultValue;i=t.defaultValue}return void 0!==t.minValue&&(i=Math.max(t.minValue,i)),void 0!==t.maxValue&&(i=Math.min(t.maxValue,i)),i}Object.defineProperty(ce,"__esModule",{value:!0}),ce.parseHttpHeaderName=ce.stringOrDefault=ce.parseIntOrDefault=he=ce.parseNumberOrDefault=void 0;var he=ce.parseNumberOrDefault=de;ce.parseIntOrDefault=function(e,t){const i=de(e,t);return"number"==typeof i?Math.floor(i):i},ce.stringOrDefault=function(e,t){return"string"==typeof e&&""!==e?e:"number"==typeof e?e.toString():t},ce.parseHttpHeaderName=function(e){if("string"!=typeof e)return;return/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(e)?e:void 0};var ue={};Object.defineProperty(ue,"__esModule",{value:!0}),ue.searchParamsFromRecord=void 0,ue.searchParamsFromRecord=function(e){const t=new URLSearchParams;for(const[i,a]of Object.entries(e))t.append(i,a);return t};var le={},pe={},ge=_&&_.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),fe=_&&_.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),me=_&&_.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&ge(t,e,i);return fe(t,e),t};Object.defineProperty(pe,"__esModule",{value:!0}),pe.isJweEncrypted=pe.decrypt=pe.encrypt=void 0;const ye=me(a);pe.encrypt=async function(e,t){const i=ye.base64url.decode(t),a=(new TextEncoder).encode(e);return await new ye.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A128CBC-HS256"}).encrypt(i)},pe.decrypt=async function(e,t){const i=ye.base64url.decode(t),{plaintext:a}=await ye.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM","A128CBC-HS256"]});return(new TextDecoder).decode(a)},pe.isJweEncrypted=function(e){return 5===e.split(".").length&&e.includes("..")};var Se=_&&_.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),ke=_&&_.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),Ce=_&&_.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&Se(t,e,i);return ke(t,e),t};Object.defineProperty(le,"__esModule",{value:!0}),le.jwe=void 0,le.jwe=Ce(pe);var ve=_&&_.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),Ie=_&&_.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),we=_&&_.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&ve(t,e,i);return Ie(t,e),t};Object.defineProperty(x,"__esModule",{value:!0}),x.webcrypto=qe=x.url=Ae=x.parsing=be=x.ingest=x.headers=x.configValidation=void 0,x.configValidation=we(R),x.headers=we(K);var be=x.ingest=we(Z),Ae=x.parsing=we(ce),qe=x.url=we(ue);async function Ne(e,t){const i=d.base64url.decode(t),a=(new TextEncoder).encode(e);return await new d.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(i)}async function Te(e,t){const i=d.base64url.decode(t),{plaintext:a}=await d.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM"]});return(new TextDecoder).decode(a)}function Ee(e){const t={"set-cookie":[]};for(const i of e)t["set-cookie"]?.push({key:"set-cookie",value:i});return t}function Pe(e,t,i){return e===i&&"post"===t.toLowerCase()}function He(e,t,i){let a=e;try{a=new URL(e).pathname}catch(e){}return void 0!==i&&i.length>0&&a===i&&"get"===t.toLowerCase()}function Oe(e,t){const i=e[t];return"string"==typeof i?i:i?.[0]}function _e(e,t){const i=Oe(e,t);if(void 0!==i)return parseInt(i,10)}function xe(e){return e.bytesSent=""===e.bytesSent?"0":e.bytesSent,function({bytesSent:e,headerFingerprint:t,integrationMode:i,integrationType:a,integrationVersion:s,ip:o,method:n,mitataCookie:r,mitigationLatency:c,mitigationStatus:d,netaceaCookieStatus:h,path:u,protocol:l,query:p,referer:g,reqHandlerId:f,reqHandlerMs:m,requestHost:y,requestId:S,requestTime:k,resHandlerId:C,resHandlerMs:v,sessionStatus:I,status:w,timeUnixMsUTC:b,userAgent:A,workerInstanceId:q,xForwardedFor:N}){const{request:T}=function(e,t,i){"/"!==t[0]&&(t=`/${t}`);const a=t.split("?"),s=a[0],o=a.length>1?`?${a[1]}`:void 0;return{path:s,query:o,request:`${e} ${s}${o??""}${""!==(i??"")?` ${i}`:""}`}}(n,u,l);return{BytesSent:e?.toString(),HeaderHash:t,IntegrationType:a??"",IntegrationVersion:s??"",NetaceaMitigationApplied:I??"",NetaceaUserIdCookie:r??"",NetaceaUserIdCookieStatus:h,ProtectionMode:i,ProtectorLatencyMs:c,ProtectorStatus:d,Query:p,RealIp:o,Referer:""===g?"-":g,ReqHandlerId:f,ReqHandlerMs:m,Request:T,RequestHost:y,RequestId:S??"",RequestTime:k?.toString(),ResHandlerId:C,ResHandlerMs:v,Status:w,TimeLocal:new Date(b??Date.now()).toUTCString(),TimeUnixMsUTC:b??Date.now(),UserAgent:A,WorkerInstanceId:q,XForwardedFor:N}}(e)}x.webcrypto=we(le);const Re="unknown";function Ke(e,t,i,a,s,o=!1){a=function(e,t){let i=e;return t||("2"===e?i="4":"3"===e?i="5":"b"===e?i="d":"c"===e&&(i="e")),i}(a,s),o&&(a="6");let n=y.matchMap[t]??Re+"_";n+=y.mitigateMap[i]??Re;let c=y.bestMitigationMap[i];if("0"!==a){n+=","+(y.captchaMap[a]??Re);const e=y.bestMitigationCaptchaMap[a];void 0!==e&&(c=e)}return e===r.INJECT&&(c=y.mitigationTypes.none),{sessionStatus:n,mitigation:c,parts:{match:t,mitigate:i,captcha:a}}}function Me(e){if(void 0===e)return;const t={...e.headers??{}};if(""!==(e.body??"")){void 0===Object.entries(t).find((([e])=>"content-type"===e.toLowerCase()))&&(t["content-type"]=[{key:"content-type",value:"text/html; charset=UTF-8"}])}return{...e,headers:t}}function De(e,t){return{"x-netacea-match":e.match,"x-netacea-mitigate":e.mitigate,"x-netacea-captcha":e.captcha}}class Le extends Error{protectorApiResponse;latencyMs;constructor(e,t){super(`Got status ${e.status} when calling protector API with ${t}ms latency.`),this.protectorApiResponse=e,this.latencyMs=t}}const{configureCookiesDomain:je}=P.cookie.attributes;class Fe{static NetaceaTrueUserAgentHeader="x-netacea-true-useragent-header";static HeadersInOriginalOrderHeader="cloudfront-viewer-header-order";cookieEncryptionKey;ingestEnabled=!0;netaceaCaptchaPath;netaceaCheckpointSignalPath;captchaHeader;dynamicCaptchaContentType;ipHeaderName;mitataCookieExpirySeconds;apiKey;secretKey;mitigationServiceUrl="https://mitigations.netacea.net";ingestServiceUrl;timeout;captchaSiteKey;captchaSecretKey;ingestType;mitigationType;kinesisConfigArgs;encryptedCookies=[];netaceaCookieName;netaceaCaptchaCookieName;netaceaCookieAttributes;netaceaCaptchaCookieAttributes;netaceaCaptchaVerificationPath;captchaFeedbackHeaderName;netaceaBlockedResponseRedirectLocation;netaceaBlockedResponseStatus=403;netaceaBlockedResponseBody="Forbidden";netaceaBlockedResponseContentType="text/plain; charset=utf-8";constructor(e){if(e.ingestType=n.KINESIS,this.kinesisConfigArgs=e.kinesis,void 0===e.kinesis&&(console.warn(['NETACEA :: Please move kinesis params to "kinesis" object in config.',"Backwards compatibility will soon be removed."].join(" ")),this.kinesisConfigArgs={kinesisStreamName:e.kinesisStreamName,kinesisAccessKey:e.kinesisAccessKey,kinesisSecretKey:e.kinesisSecretKey,maxLogAgeSeconds:1},void 0!==e.logBatchSize&&(this.kinesisConfigArgs.logBatchSize=e.logBatchSize)),null===e.apiKey||void 0===e.apiKey)throw new Error("apiKey is a required parameter");if(this.apiKey=e.apiKey,this.secretKey=e.secretKey,void 0!==e.mitigationServiceUrl){const t=e.mitigationServiceUrl;this.mitigationServiceUrl=t.endsWith("/")?t.slice(0,-1):t}var t;this.ingestServiceUrl=e.ingestServiceUrl??"https://ingest.netacea.net",this.mitigationType=e.mitigationType??r.INGEST,this.ingestType=e.ingestType??n.HTTP,void 0===e.captchaSiteKey&&void 0===e.captchaSecretKey||(this.captchaSiteKey=e.captchaSiteKey,this.captchaSecretKey=e.captchaSecretKey),this.timeout=(t=e.timeout??3e3)<=0?l:t,this.netaceaCookieName=Be(e.netaceaCookieName)??"_mitata",this.netaceaCaptchaCookieName=Be(e.netaceaCaptchaCookieName)??"_mitatacaptcha",this.netaceaCaptchaPath=e.netaceaCaptchaPath,this.dynamicCaptchaContentType=e.dynamicCaptchaContentType??!1;const i=je(e.netaceaCookieAttributes??"",e.netaceaCaptchaCookieAttributes??"");var a,s;if(this.netaceaCookieAttributes=i.cookieAttributes??"",this.netaceaCaptchaCookieAttributes=i.captchaCookieAttributes??"",this.captchaHeader=e.captchaHeader,this.ipHeaderName=e.ipHeaderName?.toLowerCase()?.trim(),this.encryptedCookies=[this.netaceaCookieName,this.netaceaCaptchaCookieName],this.mitataCookieExpirySeconds=(a=this.mitigationType,void 0===(s=e.netaceaCookieExpirySeconds??e.mitataCookieExpirySeconds)?a===r.INGEST?3600:60:s),this.ingestEnabled=e.ingestEnabled??!0,this.cookieEncryptionKey=e.cookieEncryptionKey,this.netaceaBlockedResponseRedirectLocation=Be(e.netaceaBlockedResponseRedirectLocation),void 0!==e.netaceaBlockedResponseStatus){const t=he(e.netaceaBlockedResponseStatus,{defaultValue:403});!isNaN(t)&&t>=100&&t<=599&&(this.netaceaBlockedResponseStatus=t)}void 0!==e.netaceaBlockedResponseBody&&(this.netaceaBlockedResponseBody=e.netaceaBlockedResponseBody);const o=e.netaceaBlockedResponseContentType;void 0!==o&&""!==o&&(this.netaceaBlockedResponseContentType=o),this.netaceaCheckpointSignalPath=e.netaceaCheckpointSignalPath,this.netaceaCaptchaVerificationPath=e.netaceaCaptchaVerificationPath??"/AtaVerifyCaptcha",""===this.netaceaCaptchaVerificationPath&&(this.netaceaCaptchaVerificationPath="/AtaVerifyCaptcha"),this.netaceaCaptchaVerificationPath?.startsWith("/")||(this.netaceaCaptchaVerificationPath="/"+this.netaceaCaptchaVerificationPath),this.captchaFeedbackHeaderName=Ae.parseHttpHeaderName(e.captchaFeedbackHeaderName)}}function Be(e){if("string"==typeof e&&""!==e){const t=e.trim();if(t.length>0)return t}}const Ve="x-netacea-integration-state";function Ue(e){return Ae.parseIntOrDefault(e,{defaultValue:void 0})}function $e(e){return"string"==typeof e?e:void 0}class ze{constructor(e){this.sessionCookieMaxAge=e.sessionCookieMaxAge,this.protectorApiLatency=e.protectorApiLatency,this.protectorApiStatus=e.protectorApiStatus,this.reqHandlerId=e.reqHandlerId,this.reqHandlerMs=e.reqHandlerMs,this.requestStartTimestamp=e.requestStartTimestamp??Date.now(),this.resHandlerId=e.resHandlerId,this.resHandlerStartTime=e.resHandlerStartTime,this.sessionStatus=e.sessionStatus,this.setCookies=e.setCookie??[],this.sessionCodes=e.sessionCodes??{match:"0",mitigate:"0",captcha:"0"},this.shouldSetSessionCookie=e.shouldSetSessionCookie??!1,this.eventId=e.eventId,this.headerFingerprint=e.headerFingerprint}async saveToRequest(e,t){const i=JSON.stringify({protectorApiLatency:this.protectorApiLatency,protectorApiStatus:this.protectorApiStatus,reqHandlerId:this.reqHandlerId,reqHandlerMs:this.reqHandlerMs,requestStartTimestamp:this.requestStartTimestamp,resHandlerId:this.resHandlerId,resHandlerStartTime:this.resHandlerStartTime,sessionStatus:this.sessionStatus,setCookies:this.setCookies,sessionCodes:this.sessionCodes,sessionCookieMaxAge:this.sessionCookieMaxAge,shouldSetSessionCookie:this.shouldSetSessionCookie,eventId:this.eventId,headerFingerprint:this.headerFingerprint});e.headers[Ve]=void 0!==t?[{key:Ve,value:await Ne(i,t)}]:[{key:Ve,value:Buffer.from(i).toString("base64")}]}recordProtectorApiError(e){this.sessionStatus="error_open",this.protectorApiLatency=e.latencyMs,this.protectorApiStatus=e.protectorApiResponse.status}static async fromRequest(e,t){let i=e.headers[Ve]?.[0]?.value;if(void 0===i)return new ze({});try{i=void 0!==t?await Te(i,t):Buffer.from(i,"base64").toString();const e=JSON.parse(i);if("object"==typeof e&&null!==e)return new ze({requestStartTimestamp:"requestStartTimestamp"in e?Ae.parseIntOrDefault(e.requestStartTimestamp,{defaultValue:Date.now()}):Date.now(),sessionStatus:"sessionStatus"in e?$e(e.sessionStatus):void 0,protectorApiLatency:"protectorApiLatency"in e?Ue(e.protectorApiLatency):void 0,protectorApiStatus:"protectorApiStatus"in e?Ue(e.protectorApiStatus):void 0,reqHandlerId:"reqHandlerId"in e?$e(e.reqHandlerId):void 0,reqHandlerMs:"reqHandlerMs"in e?Ue(e.reqHandlerMs):void 0,resHandlerId:"resHandlerId"in e?$e(e.resHandlerId):void 0,resHandlerStartTime:"resHandlerStartTime"in e?Ue(e.resHandlerStartTime):void 0,setCookie:"setCookies"in e&&Array.isArray(e.setCookies)?e.setCookies.filter((e=>"string"==typeof e)):[],sessionCodes:"sessionCodes"in e&&"object"==typeof e.sessionCodes&&null!==e.sessionCodes?{match:$e(e.sessionCodes.match)??"0",mitigate:$e(e.sessionCodes.mitigate)??"0",captcha:$e(e.sessionCodes.captcha)??"0"}:{match:"0",mitigate:"0",captcha:"0"},sessionCookieMaxAge:"sessionCookieMaxAge"in e?Ue(e.sessionCookieMaxAge):void 0,shouldSetSessionCookie:"shouldSetSessionCookie"in e&&Boolean(e.shouldSetSessionCookie),eventId:"eventId"in e?$e(e.eventId):void 0,headerFingerprint:"headerFingerprint"in e?$e(e.headerFingerprint):void 0})}catch{}return new ze({})}static getFreshState(e){return delete e.headers["x-netacea-integration-state"],new ze({})}}var Ge;!function(e){e[e.NEW_SESSION=1]="NEW_SESSION",e[e.EXISTING_SESSION=2]="EXISTING_SESSION",e[e.RENEW_SESSION=3]="RENEW_SESSION"}(Ge||(Ge={}));class We{config;constructor(e){this.config=e}async getNetaceaRequestDetails(e){const{request:t}=e.cf,{uri:i,method:a}=t,s=await this.readCookie(t,this.config.sessionCookieName),o=await this.readCookie(t,this.config.captchaCookieName),n=function(e,t){const{clientIp:i}=e;if(void 0===t||""===t)return i;const a=e.headers[t]?.[0]?.value;return void 0===a||""===a?i:"x-forwarded-for"===t?a.split(/, ?/).pop()??i:a}(t,this.config.ipHeaderName),{sessionCookieDetails:c,sessionCookieStatus:d,sessionStatus:h,userId:u}=function(e,t,i,a,s){const o=b(a,s,e.secretKey);if(void 0!==o.userId&&o.isPrimaryHashValid){const a=o.userId,{isExpired:s,shouldExpire:n,isSameIP:c}=o,d=s||n||!c&&e.mitigationType!==r.INGEST?Ge.RENEW_SESSION:Ge.EXISTING_SESSION,{sessionStatus:h}=Ke(e.mitigationType,o.match,o.mitigate,o.captcha,Pe(t,i,e.netaceaCaptchaVerificationPath));return{userId:a,sessionCookieStatus:d,sessionStatus:h,sessionCookieDetails:o}}return{sessionStatus:"",userId:I(),sessionCookieStatus:Ge.NEW_SESSION,sessionCookieDetails:void 0}}(this.config,i,a,s,n);return{clientIp:n,method:a,requestId:e.cf.config.requestId,url:i,headers:{host:t.headers.host?.[0]?.value,accept:t.headers.accept?.[0]?.value,userAgent:t.headers["user-agent"]?.[0]?.value??""},sessionDetails:{sessionCookie:s,sessionStatus:h,captchaToken:o,sessionCookieDetails:c,sessionCookieStatus:d,userId:u}}}async readCookie(e,t){const i=Je(e.headers,t,"set-cookie"),a=""!==i?i:Je(e.headers,t,"cookie");if(null==a)return;const s=a.split(/; ?/g),o=`${t}=`;for(const e of s)if(e.startsWith(o)){const i=e.slice(o.length),a=this.config.encryptedCookies??[];if(void 0!==this.config.cookieEncryptionKey&&a.includes(t))try{return await Te(i,this.config.cookieEncryptionKey)}catch(e){return}return i}}}function Je(e,t,i,a=""){if(void 0!==e?.[i]){const a=e[i];if(void 0!==a){const e=a.find((e=>e.value.includes(t)));if(void 0!==e)return e.value}}return a}async function Xe(e,t,i){const a=t.Records[0],s=await Ye(e,t),o={config:e,request:a.cf.request,requestState:ze.getFreshState(a.cf.request),requestDetails:s};return function(e,t){const i=e.requestState;i.reqHandlerId=t.reqHandlerId,i.headerFingerprint=t.headerFingerprint;const{sessionCookieDetails:a}=e.requestDetails.sessionDetails;void 0!==a&&(i.sessionCodes={match:a.match,mitigate:a.mitigate,captcha:a.captcha})}(o,i),o}async function Ye(e,t){return await new We({cookieEncryptionKey:e.cookieEncryptionKey,encryptedCookies:e.encryptedCookies,mitigationType:e.mitigationType,secretKey:e.secretKey,sessionCookieName:e.netaceaCookieName,captchaCookieName:e.netaceaCaptchaCookieName,ipHeaderName:e.ipHeaderName,netaceaCaptchaVerificationPath:e.netaceaCaptchaVerificationPath}).getNetaceaRequestDetails(t.Records[0])}async function Qe(t){const i=new H(e),a=t.headers[Fe.HeadersInOriginalOrderHeader]?.[0].value??"";let s="";if(""!==a)s=await i.hashHeaders(a.split(":"));else{const e=Object.entries(t.headers).flatMap((([e,t])=>t.map((({key:t})=>t??e))));s=await i.hashHeaders(e,!0)}return s}const{extractCookieAttr:Ze,extractAndRemoveCookieAttr:et,removeDuplicateAttrs:tt}=P.cookie.attributes,it=P.cookie.parse.parseSetCookie,{mitigationTypes:at,netaceaHeaders:st}=y;exports.Cloudfront=class{workerInstanceId;config;kinesis;constructor(e){this.config=new Fe(e),this.config.ingestType===n.KINESIS&&(void 0===this.config.kinesisConfigArgs?console.warn(`NETACEA WARN: no kinesis args provided, when ingestType is ${this.config.ingestType}`):this.kinesis=new be.Kinesis({deps:{aws4:i,Buffer:t.Buffer,makeRequest:this.makeRequest.bind(this)},kinesisIngestArgs:{...this.config.kinesisConfigArgs,apiKey:this.config.apiKey,rampUpBatchSize:!0,maxAwaitTimePerIngestCallMs:0}})),this.workerInstanceId=h.v4()}async handleRequest(e){let t;try{t=await Xe(this.config,e,{reqHandlerId:this.workerInstanceId,headerFingerprint:await Qe(e.Records[0].cf.request)});const i=await this.handleNetaceaRoutes(t),{respondWith:a}=i;if(void 0!==a){const{shouldSetSessionCookie:e}=t.requestState;if(e){const e=await this.createSetSessionCookie(t.requestDetails.clientIp,t.requestDetails.sessionDetails.userId,t.requestState.sessionCodes.match,t.requestState.sessionCodes.mitigate,t.requestState.sessionCodes.captcha,t.requestState.sessionCookieMaxAge);void 0===a.headers&&(a.headers={});const i=a.headers["set-cookie"]??[];i.push({key:"set-cookie",value:e}),a.headers["set-cookie"]=i}this.ingestUsingContext(t,a)}return i}catch(e){return console.error("Netacea FailOpen - ",e.message),void 0!==t?.request&&e instanceof Le&&t?.requestState.recordProtectorApiError(e),{}}finally{try{if(void 0!==t){const e=t.requestState.requestStartTimestamp;void 0!==e&&(t.requestState.reqHandlerMs=Date.now()-e),await t.requestState.saveToRequest(t.request,this.config.cookieEncryptionKey)}}catch(e){console.error("Netacea Error:",e)}}}async handleResponse(e){try{const t=await async function(e,t){const i=Date.now(),{request:a}=t.Records[0].cf,s=await ze.fromRequest(a,e.cookieEncryptionKey);return s.resHandlerStartTime=i,{config:e,request:a,requestState:s,requestDetails:await Ye(e,t)}}(this.config,e);try{const i=e.Records[0].cf.response;await this.handleCaptchaFeedback(t,i)}catch(e){console.error("Netacea Error: captcha feedback failed",e)}if(t.requestState.shouldSetSessionCookie){const e=await this.createSetSessionCookie(t.requestDetails.clientIp,t.requestDetails.sessionDetails.userId,t.requestState.sessionCodes.match,t.requestState.sessionCodes.mitigate,t.requestState.sessionCodes.captcha,t.requestState.sessionCookieMaxAge);t.requestState.setCookies.push(e)}const{response:i}=e.Records[0].cf;this.setNetaceaCookies(i,t.requestState),this.ingestUsingContext(t,i)}catch(e){console.error("Netacea Error:",e)}}async handleCaptchaFeedback(e,t){const{captchaFeedbackHeaderName:i}=this.config;if(void 0===i)return;const a=t.headers,s=a[i]?.[0].value;if(delete t.headers[i],void 0===s)return;const o=JSON.parse(s),n=o?.status;if(!["pass","fail"].includes(n))throw new Error("Netacea Error: Invalid captcha feedback status "+String(n));const r=await this.makeRequest({host:this.config.mitigationServiceUrl,method:"POST",path:"/UpdateCaptcha",headers:{"content-type":"application/json; charset=utf-8","x-netacea-api-key":e.config.apiKey,"x-netacea-client-ip":e.requestDetails.clientIp,"x-netacea-userid":e.requestDetails.sessionDetails.userId},body:JSON.stringify({result:"pass"===o.status})});if(200!==r.status)throw new Error(`Netacea Error: Got status ${r.status} for /UpdateCaptcha`);const c=await this.createMitataCaptcha(r.headers);void 0!==c&&e.requestState.setCookies.push(c);let d=r.headers["x-netacea-captcha"];d=Array.isArray(d)?d[0]:d;let h=_e(r.headers,st.mitataExpiry)??NaN;isNaN(h)&&(h=86400);const u=e.requestState;u.sessionCodes.captcha=d,u.sessionCookieMaxAge=h,u.shouldSetSessionCookie=!0;const l=y.captchaMap[d]??"unknown",[p]=e.requestState.sessionStatus?.split(",")??"";e.requestState.sessionStatus=p+","+l}async handleNetaceaRoutes(e){const{uri:t,method:i}=e.request;if(He(t,i,this.config.netaceaCheckpointSignalPath)){return{respondWith:Me({status:"200",headers:{}})}}if(function(e,t,i){return void 0!==i&&e.toLowerCase().includes(i.toLowerCase())&&"get"===t.toLowerCase()}(t,i,this.config.netaceaCaptchaPath)){return{respondWith:Me(await this.handleCaptchaGetRequest(e))}}const a=function(e,t){if(void 0===t)return!1;const i=e.uri;if(t.startsWith("/"))return t===i;try{const a=e.headers.host?.[0]?.value,s=new URL(t);return s.host===a&&s.pathname===i}catch{return!1}}(e.request,this.config.netaceaBlockedResponseRedirectLocation);let s={injectHeaders:De(e.requestState.sessionCodes),sessionStatus:""};return a||(s=await this.runMitigation(e)),void 0!==s&&"injectHeaders"in s&&(this.addNetaceaInjectHeadersToRequest(e.request,s?.injectHeaders),e.requestState.setCookies.push(...s.setCookie??[])),e.request.headers[Fe.NetaceaTrueUserAgentHeader]=[{key:Fe.NetaceaTrueUserAgentHeader,value:this.getValueFromHeaderOrDefault(e.request.headers,"user-agent","-")}],void 0!==s&&(void 0!==s.apiCallLatency&&(e.requestState.protectorApiLatency=s.apiCallLatency),void 0!==s.apiCallStatus&&(e.requestState.protectorApiStatus=s.apiCallStatus),void 0!==s.sessionStatus&&(e.requestState.sessionStatus=s.sessionStatus),void 0!==s.setCookie&&(e.requestState.setCookies=s.setCookie)),{respondWith:Me(s?.response)}}async makeRequest({host:e,method:t,path:i,headers:a,body:s,params:o}){const n=new URL(e);n.pathname=i,void 0!==o&&(o instanceof URLSearchParams?n.search=o.toString():"object"==typeof o&&null!==o&&(n.search=qe.searchParamsFromRecord(o).toString()));const r=n.toString(),c=new Request(r,{...{method:t,body:s,headers:a},duplex:"half"}),d=await O(r,c),h={};return d.headers.forEach(((e,t)=>{null!==e&&(h[t]=e)})),{status:d.status,body:await d.text(),headers:h}}async mitigate(e){const t=Pe(e.request.uri,e.request.method,this.config.netaceaCaptchaVerificationPath);try{const a=t?await this.handleCaptchaPostRequest(e):await this.check(e),s=Ke(this.config.mitigationType,a.match,a.mitigate,a.captcha,t);let o;if([at.block,at.captcha,at.captchaPass].includes(s.mitigation)){const r={"cache-control":[{key:"cache-control",value:["no-store","no-cache","must-revalidate","max-age=0"].join(", ")}],pragma:[{key:"pragma",value:"no-cache"}],"set-cookie":[]};for(const e of a.setCookie)r["set-cookie"]=r["set-cookie"]??[],r["set-cookie"].push({key:"set-cookie",value:e});const c="captcha"===s.mitigation;c&&void 0!==this.config.captchaHeader&&(r[this.config.captchaHeader.name]=[{key:this.config.captchaHeader.name,value:this.config.captchaHeader.value}]);let d={status:"200",statusDescription:"OK",body:""};if(t||(d={status:String(this.config.netaceaBlockedResponseStatus),statusDescription:"Forbidden",body:this.config.netaceaBlockedResponseBody},r["content-type"]=[{key:"content-type",value:this.config.netaceaBlockedResponseContentType}]),o={headers:r,...d},void 0!==this.config.netaceaBlockedResponseRedirectLocation&&!c&&function(e){if("GET"!==e.method?.toUpperCase())return!1;const t=(e.headers["sec-fetch-mode"]??[]).map((e=>e.value));return!(t.length>0&&!t.includes("navigate"))&&(e.headers.accept??[]).map((e=>e.value.split(/, ?/))).flat().includes("text/html")}(e.request)&&(o.status="303",r.Location=[{key:"Location",value:this.config.netaceaBlockedResponseRedirectLocation}]),c&&void 0!==a.body&&a.body.length>0){const e=(i=a.body).includes("captchaRelativeURL")&&i.includes("captchaAbsoluteURL");o.status=e?"403":"200",o.statusDescription=e?"Forbidden":"OK",o.body=a.body,o.bodyEncoding="text",r["content-type"]=e?[{key:"content-type",value:"application/json"}]:[{key:"content-type",value:"text/html; charset=UTF-8"}]}this.config.ingestType===n.KINESIS&&(e.requestState.protectorApiLatency=a.apiCallLatency,e.requestState.protectorApiStatus=a.apiCallStatus,e.requestState.sessionStatus=s.sessionStatus)}return"4"===s.parts.mitigate&&this.addNetaceaInjectHeadersToRequest(e.request,De(s.parts)),{response:o,sessionStatus:s.sessionStatus,setCookie:a.setCookie,apiCallLatency:a.apiCallLatency,apiCallStatus:a.apiCallStatus}}catch(i){if(i instanceof Le&&e.requestState.recordProtectorApiError(i),t){return{response:{status:"500",statusDescription:"Internal Server Error",body:"",headers:{}},sessionStatus:"error_open"}}return console.error("Netacea FailOpen Error: ",i),{sessionStatus:"error_open"}}var i}async inject(e){try{const t=Pe(e.request.uri,e.request.method,this.config.netaceaCaptchaVerificationPath),i=t?await this.handleCaptchaPostRequest(e):await this.check(e),a=Ke(this.config.mitigationType,i.match,i.mitigate,i.captcha,t);return{injectHeaders:this.config.mitigationType===r.INJECT||"4"===a.parts.mitigate?De(a.parts):void 0,sessionStatus:a.sessionStatus,setCookie:i.setCookie,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}catch(e){return console.error("Netacea FailOpen Error: ",e),{sessionStatus:"",injectHeaders:void 0,setCookie:void 0}}}async ingestUsingContext(e,t=void 0){const i=e.request;if(!this.config.ingestEnabled)return;if(null==t)throw new Error("Cloudfront response is required to ingest");const a=await this.getSetSessionCookieValue(t.headers,"set-cookie")??"",s=""!==a?a:e.requestDetails.sessionDetails.sessionCookie;let o="0",n="0",r="0";const c=v(s);void 0!==c&&(o=c.match,n=c.mitigate,r=c.captcha);const d=e.requestState,h=d.sessionStatus,l=d.protectorApiLatency,p=d.protectorApiStatus,g=Date.now()-e.requestState.requestStartTimestamp,f=this.shouldSetCaptchaPass(i,t),m=He(i.uri,i.method,this.config.netaceaCheckpointSignalPath),y=e.requestDetails,S=void 0!==d.sessionStatus?void 0:Ke(this.config.mitigationType,o,n,r,f,m).sessionStatus,k=this.getValueFromHeaderOrDefault(i.headers,Fe.NetaceaTrueUserAgentHeader,y.headers.userAgent);await this.callIngest({bytesSent:this.getValueFromHeaderOrDefault(t.headers,"content-length","0"),headerFingerprint:e.requestState.headerFingerprint??"-",integrationMode:this.config.mitigationType,integrationType:"@netacea/cloudfront".replace("@netacea/",""),integrationVersion:"7.0.8",ip:y.clientIp,method:y.method,mitataCookie:s,mitigationLatency:void 0!==l?u(l):void 0,mitigationStatus:void 0!==p?u(p):void 0,netaceaCookieStatus:y.sessionDetails.sessionCookieStatus,path:y.url,protocol:null,query:i.querystring,referer:this.getValueFromHeaderOrDefault(i.headers,"referer"),requestHost:this.getValueFromHeaderOrDefault(i.headers,"host",void 0),requestId:y.requestId,requestTime:g,reqHandlerMs:d.reqHandlerMs??g,reqHandlerId:d.reqHandlerId,resHandlerMs:void 0!==d.resHandlerStartTime?Date.now()-d.resHandlerStartTime:0,resHandlerId:this.workerInstanceId,sessionStatus:h??S,status:t.status,userAgent:k,workerInstanceId:this.workerInstanceId,xForwardedFor:this.getValueFromHeaderOrDefault(i.headers,"x-forwarded-for")})}setNetaceaCookies(e,t){if(void 0===e)throw new Error("Response required to add cookies to response");if(null!=e.headers){let i=!1;if(i=void 0!==(e.headers["set-cookie"]??[]).find((e=>!!e.value.startsWith(`${this.config.netaceaCookieName}=`)||!!e.value.startsWith(`${this.config.netaceaCaptchaCookieName}=`))),!i&&t.setCookies.length>0){void 0===e.headers["set-cookie"]&&(e.headers["set-cookie"]=[]);for(const i of t.setCookies)e.headers["set-cookie"].push({key:"set-cookie",value:i})}}}getValueFromHeaderOrDefault(e,t,i=""){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i)return i[0].value}return i}async getSetSessionCookieValue(e,t){if(void 0!==e?.[t]){const i=e[t];if(void 0!==i){const e=i.find((e=>e.value.startsWith(this.config.netaceaCookieName+"=")));if(void 0!==e){const t=e.value.slice(this.config.netaceaCookieName.length+1).split(";")[0],{cookieEncryptionKey:i,encryptedCookies:a}=this.config;if(void 0===i||!a.includes(this.config.netaceaCookieName))return t;try{return await Te(t,i)}catch{return t}}}}}async handleCaptchaPostRequest(e){const{status:t,match:i,mitigate:a,captcha:s,body:o,setCookie:n,latency:c,mitataMaxAge:d}=await this.makeCaptchaAPICall(e),h=e.requestState;h.sessionCodes={match:i,mitigate:a,captcha:s},h.sessionCookieMaxAge=d,h.shouldSetSessionCookie=String(s)!==String(y.captchaStatusCodes.checkpointPost);const u=Ke(this.config.mitigationType,i,a,s,!0),l={body:o,apiCallStatus:t,apiCallLatency:c,setCookie:n,sessionStatus:u.sessionStatus,mitigation:u.mitigation,injectHeaders:void 0,match:i,mitigate:a,captcha:s};return(this.config.mitigationType===r.INJECT||"4"===u.parts.mitigate)&&(l.injectHeaders=De(u.parts)),l}async handleCaptchaGetRequest(e){const{querystring:t}=e.request,i=t.split("&").find((e=>e.includes("trackingId=")))?.replace("trackingId=",""),a=await this.makeMitigateAPICall(e,{isCaptchaGet:!0,defaultMitataCodes:{match:"0",mitigate:"0",captcha:"1"},trackingId:i}),{match:s,mitigate:o,captcha:n}=a,c=Ke(e.config.mitigationType,s,o,n,!1),d={body:a.body,apiCallStatus:a.status,apiCallLatency:a.latency,setCookie:a.setCookie,sessionStatus:c.sessionStatus,injectHeaders:void 0,mitigated:[at.block,at.captcha,at.captchaPass].includes(c.mitigation)};(e.config.mitigationType===r.INJECT||"4"===c.parts.mitigate)&&(d.injectHeaders=De(c.parts));const h=e.requestState;h.sessionStatus=d.sessionStatus,h.protectorApiLatency=d.apiCallLatency,h.protectorApiStatus=d.apiCallStatus;return{headers:Ee(d.setCookie),status:"403",body:d.body,statusDescription:"Forbidden"}}addNetaceaInjectHeadersToRequest(e,t){if(void 0===t)return e;for(const[i,a]of Object.entries(t))e.headers[i]=[{key:i,value:a}];return e}async encryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await Ne(e,this.config.cookieEncryptionKey):e}async decryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await Te(e,this.config.cookieEncryptionKey):e}async runMitigation(e){try{switch(this.config.mitigationType){case r.MITIGATE:return await this.mitigate(e);case r.INJECT:return await this.inject(e);case r.INGEST:return await this.processIngest(e);default:throw new Error(`Netacea Error: Mitigation type ${this.config.mitigationType} not recognised`)}}catch(t){return console.error("Netacea FAILOPEN Error:",t),{injectHeaders:De(e.requestState.sessionCodes),sessionStatus:""}}}async readCookie(e,t){if(null==t)return;if("string"==typeof t)return await this.readCookie(e,t.split(";"));const i=`${e}=`;for(const a of t){const t=a.split(";")[0].trimStart();if(t.startsWith(i)){const a=t.slice(i.length);if(this.config.encryptedCookies.includes(e))try{return await this.decryptCookieValue(a)}catch(e){return}return a}}}shouldSetCaptchaPass(e,t){if(Pe(e.uri,e.method,this.config.netaceaCaptchaVerificationPath))return!0;if(void 0===t)return!1;const i=null!=t.headers?t.headers["set-cookie"]:void 0,a=i?.find((e=>e.value.split("=")[0]===this.config.netaceaCaptchaCookieName)),s=void 0!==a;return this.config.mitigationType===r.INJECT&&s}async makeCaptchaAPICall(e){const t=e.requestDetails.sessionDetails.userId,i=this.getValueFromHeaderOrDefault(e.request.headers,"content-type","application/x-www-form-urlencoded; charset=UTF-8"),a={"X-Netacea-UserId":t,"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.requestDetails.clientIp,"X-Netacea-Request-Id":e.requestDetails.requestId,"user-agent":e.requestDetails.headers.userAgent,"Content-Type":i};void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(a["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,a["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey);const s=new URLSearchParams,o=e.requestState.headerFingerprint??"";""!==o&&s.append("headerFP",o),s.append("netaceaHeaders","request-id");const n=function(e,t){if(void 0!==e&&""!==e&&0!==e.trim().length){if(!t.includes("application/json"))return e;try{return JSON.parse(e),e}catch(t){return console.warn("Invalid JSON in captcha data, attempting to serialize:",t),JSON.stringify({data:e})}}}(function(e){if(void 0===e.body?.data||0===e.body.data.length)return"";if(e.body?.inputTruncated)throw new Error("Netacea Error :: Request body is too large.");let t;if("text"===e.body.encoding)t=e.body.data;else try{t=Buffer.from(e.body.data,"base64").toString("utf-8")}catch(i){console.warn("Failed to decode base64 request body:",i),t=e.body.data}if((e.headers["content-type"]?.[0]?.value?.toLowerCase()??"").includes("application/json"))try{JSON.parse(t)}catch(e){console.warn("Request body is not valid JSON despite content-type header:",e)}return t}(e.request),i),r=Date.now(),c=await this.makeRequest({host:this.config.mitigationServiceUrl,path:"/AtaVerifyCaptcha",headers:a,method:"POST",body:n,timeout:this.config.timeout,params:s}),d=Date.now()-r;return await this.getApiCallResponseFromResponse(c,d,void 0)}async getApiCallResponseFromResponse(e,t,i){if(200!==e.status)throw new Le(e,t);const a=Oe(e.headers,st.match)??i?.match??"0",s=Oe(e.headers,st.mitigate)??i?.mitigate??"0",o=Oe(e.headers,st.captcha)??i?.captcha??"0";let n=_e(e.headers,st.mitataExpiry)??NaN;isNaN(n)&&(n=86400);const r=[];if(String(o)!==String(y.captchaStatusCodes.checkpointPost)){const t=await this.createMitataCaptcha(e.headers);void 0!==t&&r.push(t)}const c=Oe(e.headers,st.eventId);return{status:e.status,match:a,mitigate:s,captcha:o,setCookie:r,body:e.body,eventId:c,mitataMaxAge:n,latency:t}}APIError(e){let t="Unknown error";switch(e.status){case 403:t="Invalid credentials";break;case 500:t="Server error";break;case 502:t="Bad Gateway";break;case 503:t="Service Unavailable";break;case 400:t="Invalid request"}return new Error(`Error reaching Netacea API (${t}), status: ${e.status}`)}async createSetSessionCookie(e,t,i,a,s,o=86400,n=void 0){const r=["1","3","5","a","c","e"].includes(s)||"3"===a?-60:this.config.mitataCookieExpirySeconds,c=n??Math.floor(Date.now()/1e3)+r;if(void 0===this.config.secretKey)throw new Error("Cannot build cookie without secret key.");const d=[i,a,s].join(""),h=function(e,t,i,a,s="000"){void 0===t&&(t=I());const o=[i,t,w(e+"|"+String(i),a),s].join(p);return`${w(o,a)}${p}${o}`}(e,t,c,this.config.secretKey,d);let u,l,g=o;if(""!==this.config.netaceaCookieAttributes){const{extractedAttribute:e,cookieAttributes:t}=et(this.config.netaceaCookieAttributes,"Max-Age");g=void 0!==e?Number(e):o;const{extractedAttribute:i,cookieAttributes:a}=et(t,"Path");u=i??"/",l=a??void 0}return await this.buildCookieFromValues(this.config.netaceaCookieName,h,g,l,u)}async createMitataCaptcha(e){let t=e["set-cookie"]??[];t="string"==typeof t?[t]:t;const i=t.find((e=>e.startsWith("_mitatacaptcha=")));let a,s="86400";if(void 0!==i&&""!==i)try{const e=it(i);a=e.value,s=Ze(e.attributes,"Max-Age")??"86400"}catch(e){return}if(""===a||void 0===a)return;const o=tt([this.config.netaceaCaptchaCookieAttributes,"Path=/",`Max-Age=${s}`]);return a=this.config.encryptedCookies.includes(this.config.netaceaCaptchaCookieName)?await this.encryptCookieValue(a):a,`${this.config.netaceaCaptchaCookieName}=${a}; ${o}`}async buildCookieFromValues(e,t,i,a,s="/"){const o=`${e}=${this.config.encryptedCookies.includes(e)?await this.encryptCookieValue(t):t}; Max-Age=${i}; Path=${s}`;return void 0!==a&&""!==a?`${o}; ${a}`:o}async callIngest(e){const t=xe(e);if(this.config.ingestType===n.KINESIS){if(void 0===this.kinesis)return void console.error("Netacea Error: Unable to log as Kinesis has not been defined.");if(void 0!==this.config.kinesisConfigArgs){const{kinesisStreamName:e,kinesisAccessKey:t,kinesisSecretKey:i}=this.config.kinesisConfigArgs;if(void 0===e||void 0===t||void 0===i)return void console.error("Netacea Error: Unable to log as Kinesis configuration misses credentials.")}try{await this.kinesis.ingest({...t,apiKey:this.config.apiKey})}catch(e){console.error("NETACEA Error: ",e.message)}}else{const e={"X-Netacea-API-Key":this.config.apiKey,"content-type":"application/json"},i=await this.makeIngestApiCall(e,t);if(200!==i.status&&202!==i.status)throw this.APIError(i)}}async makeIngestApiCall(e,t){return await this.makeRequest({host:this.config.ingestServiceUrl,method:"POST",path:"/",headers:e,body:JSON.stringify(t),timeout:this.config.timeout})}async processIngest(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required for ingest");const t=e.request.headers.cookie?.[0].value??"",i=b(await this.readCookie(this.config.netaceaCookieName,t),S,this.config.secretKey);return i.isPrimaryHashValid?i.requiresReissue?await this.setIngestOnlyMitataCookie(i.mitata?.userId):{sessionStatus:"",setCookie:[]}:await this.setIngestOnlyMitataCookie(void 0)}async setIngestOnlyMitataCookie(e){return{sessionStatus:"",setCookie:[await this.createSetSessionCookie(S,e,"0","0","0",86400)]}}async check(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");const t=e.requestDetails.sessionDetails.sessionCookieDetails;if(void 0===t||!t.isPrimaryHashValid||t.requiresReissue){const t=await this.makeMitigateAPICall(e,{}),i=e.requestState,{match:a,mitigate:s,captcha:o}=t;return i.sessionCodes={match:a,mitigate:s,captcha:o},i.sessionCookieMaxAge=t.mitataMaxAge,i.shouldSetSessionCookie=!0,{body:t.body,apiCallStatus:t.status,apiCallLatency:t.latency,setCookie:[],match:t.match,mitigate:t.mitigate,captcha:t.captcha}}return{body:void 0,apiCallStatus:void 0,apiCallLatency:void 0,setCookie:[],match:t.match,mitigate:t.mitigate,captcha:t.captcha}}async makeMitigateAPICall(e,{isCaptchaGet:t=!1,defaultMitataCodes:i,trackingId:a}){const s={"user-agent":e.requestDetails.headers.userAgent,"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.requestDetails.clientIp,"X-Netacea-Request-Id":e.requestDetails.requestId,"X-Netacea-UserId":e.requestDetails.sessionDetails.userId,cookie:this.buildCookieHeader({_mitatacaptcha:e.requestDetails.sessionDetails.captchaToken})};void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(s["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,s["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey),this.config.dynamicCaptchaContentType&&void 0!==this.config.netaceaCaptchaPath&&(s["X-Netacea-Captcha-Content-Type"]=function(e){const t=e?.toLowerCase()??"text/html",i=t?.includes("text/html")||t?.includes("application/html"),a=t?.includes("application/json");return a&&!i?"application/json":"text/html"}(e.requestDetails.headers.accept??"text/html"));const o="application/json"===s["X-Netacea-Captcha-Content-Type"],n=new URLSearchParams,r=e.requestState.headerFingerprint;"string"==typeof r&&n.set("headerFP",r),n.append("netaceaHeaders","request-id"),t&&void 0!==a&&n.append("trackingId",a);const c=Date.now(),d=await this.makeRequest({host:this.config.mitigationServiceUrl,path:t?"/captcha":"/",headers:s,method:"GET",timeout:this.config.timeout,params:n}),h=Date.now()-c;return o&&void 0!==this.config.netaceaCaptchaPath&&(d.body=function(e,t,i){let a;if(void 0===e||""===e)return"";if("string"==typeof e&&(a=JSON.parse(e)),!function(e){if(null==e)return!1;const t=e;return void 0!==t?.trackingId}(a))throw new Error("Body is not a Mitigation Service JSON response!");const s=`${i}?trackingId=${a.trackingId}`,o=void 0!==t?`https://${t}${s}`:void 0;return JSON.stringify({captchaRelativeURL:s,captchaAbsoluteURL:o})}(d.body,e.requestDetails.headers.host,this.config.netaceaCaptchaPath)),await this.getApiCallResponseFromResponse(d,h,i)}buildCookieHeader(e){let t="",i="";for(const a in e){const s=e[a];void 0!==s&&(t=`${t}${i}${a}=${s}`,i="; ")}return t}};
1
+ "use strict";var e=require("node:crypto"),t=require("node:buffer"),a=require("aws4"),i=require("jose"),s=require("uuid");function o(e){var t=Object.create(null);return e&&Object.keys(e).forEach((function(a){if("default"!==a){var i=Object.getOwnPropertyDescriptor(e,a);Object.defineProperty(t,a,i.get?i:{enumerable:!0,get:function(){return e[a]}})}})),t.default=e,Object.freeze(t)}var n,r,c,d=o(i),h=o(s);!function(e){e.ORIGIN="ORIGIN",e.HTTP="HTTP",e.KINESIS="KINESIS",e.NATIVE="NATIVE"}(n||(n={})),function(e){e.MITIGATE="MITIGATE",e.INJECT="INJECT",e.INGEST="INGEST"}(r||(r={})),function(e){e.CAPTCHA_GET="captcha_get",e.CAPTCHA_POST="captcha_post",e.EXPIRED_SESSION="expired_session",e.FORCED_REVALIDATION="forced_revalidation",e.INVALID_SESSION="invalid_session",e.IP_CHANGE="ip_change",e.NO_SESSION="no_session"}(c||(c={}));const u=3e3;const l="_/@#/",p={none:"",block:"block",captcha:"captcha",allow:"allow",captchaPass:"captchapass"},g={0:p.none,1:p.block,2:p.none,3:p.block,4:p.none},f={1:p.captcha,2:p.captchaPass,3:p.captcha,4:p.allow,5:p.captcha,6:p.allow,7:p.captcha,a:p.captcha,b:p.captchaPass,c:p.captcha,d:p.allow,e:p.captcha};var y=Object.freeze({__proto__:null,COOKIEDELIMITER:l,bestMitigationCaptchaMap:f,bestMitigationMap:g,captchaMap:{0:"",1:"captcha_serve",2:"captcha_pass",3:"captcha_fail",4:"captcha_cookiepass",5:"captcha_cookiefail",6:"checkpoint_signal",7:"checkpoint_post",a:"checkpoint_serve",b:"checkpoint_pass",c:"checkpoint_fail",d:"checkpoint_cookiepass",e:"checkpoint_cookiefail"},captchaStatusCodes:{"":0,captchaServe:1,captchaPass:2,captchaFail:3,captchaCookiePass:4,captchaCookieFail:5,checkpointSignal:6,checkpointPost:7,checkpointServe:"a",checkpointPass:"b",checkpointFail:"c",checkpointCookiePass:"d",checkpointCookieFail:"e"},matchMap:{0:"",1:"ua_",2:"ip_",3:"visitor_",4:"datacenter_",5:"sev_",6:"organisation_",7:"asn_",8:"country_",9:"combination_",b:"headerFP_"},mitigateMap:{0:"",1:"blocked",2:"allow",3:"hardblocked",4:"flagged"},mitigationTypes:p,netaceaCookieV3KeyMap:{clientIP:"cip",userId:"uid",gracePeriod:"grp",cookieId:"cid",match:"mat",mitigate:"mit",captcha:"cap",issueTimestamp:"ist",issueReason:"isr"},netaceaCookieV3OptionalKeyMap:{checkAllPostRequests:"fCAPR"},netaceaHeaders:{match:"x-netacea-match",mitigate:"x-netacea-mitigate",captcha:"x-netacea-captcha",mitata:"x-netacea-mitata-value",mitataExpiry:"x-netacea-mitata-expiry",mitataCaptcha:"x-netacea-mitatacaptcha-value",mitataCaptchaExpiry:"x-netacea-mitatacaptcha-expiry",eventId:"x-netacea-event-id"},netaceaSettingsMap:{checkAllPostRequests:"checkAllPostRequests"}});const m="ignored",S="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".split(""),k=/^(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/((\d|[a-z])(\d)(\d|[a-z]))$/i;function C(e){if(void 0===e)return;const t=e.match(k);if(null!=t){const[,e,a,i,s,o,n,r,c]=t;return{signature:e,expiry:a,userId:i,ipHash:s,mitigationType:o,match:n,mitigate:r,captcha:c}}}function v(t=16,a=S){const i=e.randomBytes(t-1);return`c${Array.from(i).map((e=>a[e%a.length])).join("")}`}function b(a,i){const s=e.createHmac("sha256",i);return s.update(a),t.Buffer.from(s.digest("hex")).toString("base64")}function I(e,t,a){const i={mitata:void 0,requiresReissue:!1,isExpired:!1,shouldExpire:!1,isSameIP:!1,isPrimaryHashValid:!1,captcha:"0",match:"0",mitigate:"0"};if("string"!=typeof e||""===e)return i;const s=C(e);if(void 0!==s){const e=[s.expiry,s.userId,s.ipHash,s.mitigationType].join(l),i=Math.floor(Date.now()/1e3),o=parseInt(s.expiry)<i,n=["1","3","5","a","c","e"].includes(s.captcha),r="3"===s.mitigate,c=n||r,d=b(t+"|"+s.expiry,a),h=s.ipHash===d;return{mitata:s,requiresReissue:o||!h,isExpired:o,shouldExpire:c,isSameIP:h,isPrimaryHashValid:s.signature===b(e,a),match:s.match,mitigate:s.mitigate,captcha:s.captcha,userId:s.userId}}return i}function w(e,t){const a=e.split(";").map((e=>e.trim())).filter((e=>e.toLowerCase().startsWith(t.toLowerCase())))[0];return void 0!==a&&a.length>0?a?.replace(`${t}=`,""):void 0}function A(e,t=!1){return"string"!=typeof e&&(e=e.join("; ")),""===e?"":N(e.split(";"),t).join("; ")}function N(e,t=!1){if(t)return N(e.reverse()).reverse();const a=new Set,i=[];for(let t of e){if(t=t.trimStart(),""===t.trim())continue;const e=t.split("=")[0].toUpperCase();a.has(e)||(a.add(e),i.push(t))}return i}var q=Object.freeze({__proto__:null,configureCookiesDomain:function(e,t){let a=e=A(e??"",!0),i=t=A(t??"",!0);if(void 0!==e&&void 0!==t){const s=w(e,"Domain"),o=w(t,"Domain");void 0!==s&&void 0!==o?i=t.replace(o,s):void 0!==s&&void 0===o?i=t+(""!==t?`; Domain=${s}`:`Domain=${s}`):void 0===s&&void 0!==o&&(a=e+(""!==e?`; Domain=${o}`:`Domain=${o}`))}else if(void 0!==e&&void 0===t){const t=w(e,"Domain");void 0!==t&&(i=`Domain=${t}`)}else if(void 0===e&&void 0!==t){const e=w(t,"Domain");void 0!==e&&(a=`Domain=${e}`)}return{cookieAttributes:""!==a?a:void 0,captchaCookieAttributes:""!==i?i:void 0}},extractAndRemoveCookieAttr:function(e,t){const a=w(e,t);if(void 0!==a){return{extractedAttribute:a,cookieAttributes:e.replace(/ /g,"").replace(`${t}=${a}`,"").split(";").filter((e=>e.length>0)).join("; ")}}return{extractedAttribute:void 0,cookieAttributes:e}},extractCookieAttr:w,removeDuplicateAttrs:A});var T=Object.freeze({__proto__:null,parseSetCookie:function(e){const t=e.indexOf("=");if(t<0)throw new Error("Could not parse the given set-cookie value.");const a=e.slice(0,t),i=e.slice(t+1),s=i.indexOf(";");if(s<0){return{name:a,value:i,attributes:""}}return{name:a,value:i.slice(0,s),attributes:i.slice(s).trimStart()}}});const E={cookie:{parse:T,attributes:q}};class P{constructor(e){this.crypto=e}async hashString(e,t,a=!1){const i=a?[...t].sort():[...t],s=(new TextEncoder).encode(i.join(",")),o=await this.crypto.subtle.digest(e,s),n=Array.from(new Uint8Array(o)).map((e=>e.toString(16).padStart(2,"0"))).join("").substring(0,12);return"h"+(a?"s":"")+`_${t.length}_${n}`}static filterHeaderNames(e){return e.filter((e=>{const t=e.toLowerCase();return!["","cookie","referer"].includes(t)&&null===t.match(/^(x-netacea-|cloudfront-)/i)}))}async hashHeaders(e,t=!1){const a=P.filterHeaderNames(e);if(0===a.length)return"";try{return await this.hashString("SHA-256",a,t)}catch(e){return console.error(e),""}}}const R=globalThis.fetch.bind(globalThis);var x="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},O={},_={};Object.defineProperty(_,"__esModule",{value:!0}),_.validateRedirectLocation=void 0,_.validateRedirectLocation=function(e){if(""!==(e=e??""))try{return new URL(e).toString()}catch{if(/^https?:\/\//i.test(e))return;return e.startsWith("/")?e:`/${e}`}};var L={},K={};function H(e,t){for(const a of Object.keys(e)){if("cookie"!==a&&"Cookie"!==a)continue;const i=e[a]??"",s=D("string"==typeof i?i:i.join("; "),t);if(void 0!==s)return s}}function M(e,t){const a=[];for(const i of Object.keys(e)){if("cookie"!==i&&"Cookie"!==i)continue;const s=e[i]??"",o="string"==typeof s?s:s.join("; ");a.push(...j(o,t))}return a}function D(e,t){const a=t+"=";return e.split(";").map((e=>e.trimStart())).find((e=>e.startsWith(a)))}function j(e,t){const a=t+"=";return e.split(";").map((e=>e.trimStart())).filter((e=>e.startsWith(a)))}Object.defineProperty(K,"__esModule",{value:!0}),K.findAllInCookieString=K.findFirstInCookieString=K.findAllInHeaders=K.findFirstInHeaders=K.findOnlyValueInHeaders=K.findAllValuesInHeaders=K.findFirstValueInHeaders=void 0,K.findFirstValueInHeaders=function(e,t){const a=H(e,t);if(void 0!==a)return a.slice(t.length+1)},K.findAllValuesInHeaders=function(e,t){return M(e,t).map((e=>e.slice(t.length+1)))},K.findOnlyValueInHeaders=function(e,t){const a=M(e,t);if(a.length>1)throw new Error(`Found more than one cookie with name ${t}`);return a[0]?.slice(t.length+1)},K.findFirstInHeaders=H,K.findAllInHeaders=M,K.findFirstInCookieString=D,K.findAllInCookieString=j;var F={};function B(e){return"set-cookie"===e||"Set-Cookie"===e}function V(e,t){const a=t+"=";return e.startsWith(a)}function U(e,t){if(!V(e,t))throw new Error(`Cookie '${t}' not found in '${e}'`);return e.slice(t.length+1).split(";")[0]}function $(e,t){const a=e[t]??[];return"string"==typeof a?[a]:a}function z(e,t){for(const a of Object.keys(e)){if(!B(a))continue;const i=G($(e,a),t);if(void 0!==i)return i}}function G(e,t){return e.map((e=>e.trimStart())).find((e=>V(e,t)))}function Q(e,t){const a=[];for(const i of Object.keys(e)){if(!B(i))continue;const s=$(e,i);a.push(...W(s,t))}return a}function W(e,t){return e.map((e=>e.trimStart())).filter((e=>V(e,t)))}Object.defineProperty(F,"__esModule",{value:!0}),F.findAllInSetCookieStrings=F.findAllInHeaders=F.findValueInSetCookieStrings=F.findFirstInSetCookieStrings=F.findFirstInHeaders=F.findOnlyValueInHeaders=F.findFirstValueInHeaders=F.parseValueFromString=void 0,F.parseValueFromString=U,F.findFirstValueInHeaders=function(e,t){const a=z(e,t);return void 0!==a?U(a,t):void 0},F.findOnlyValueInHeaders=function(e,t){const a=Q(e,t);if(a.length>1)throw new Error(`Found more than one set-cookie with name ${t}`);return void 0!==a[0]?U(a[0],t):void 0},F.findFirstInHeaders=z,F.findFirstInSetCookieStrings=G,F.findValueInSetCookieStrings=function(e,t){const a=G(e,t);if(void 0!==a)return U(a,t)},F.findAllInHeaders=Q,F.findAllInSetCookieStrings=W;var J=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),X=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),Y=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var a in e)"default"!==a&&Object.prototype.hasOwnProperty.call(e,a)&&J(t,e,a);return X(t,e),t};Object.defineProperty(L,"__esModule",{value:!0}),L.setCookie=L.cookie=void 0,L.cookie=Y(K),L.setCookie=Y(F);var Z={},ee={},te={};Object.defineProperty(te,"__esModule",{value:!0}),te.KINESIS_URL=te.API_VERSION=te.REGION=te.PAYLOAD_TYPE=te.STATE=void 0,te.STATE={ACTIVE:"ACTIVE",UPDATING:"UPDATING",CREATING:"CREATING",DELETING:"DELETING"},te.PAYLOAD_TYPE="string",te.REGION="eu-west-1",te.API_VERSION="2013-12-02",te.KINESIS_URL="https://kinesis.eu-west-1.amazonaws.com";var ae={};Object.defineProperty(ae,"__esModule",{value:!0}),ae.headersToRecord=ae.increaseBatchSize=ae.handleFailedLogs=ae.batchArrayForKinesis=ae.sleep=void 0,ae.sleep=async function(e){await new Promise((t=>{setTimeout(t,e)}))},ae.batchArrayForKinesis=function(e,t,a){const i=[];for(let s=0;s<e.length;s+=t){const o=e.slice(s,s+t);i.push({Data:a.from(JSON.stringify(o)).toString("base64"),PartitionKey:Date.now().toString()})}return i},ae.handleFailedLogs=function(e,t,a){const i=2*a,s=[...e,...t],o=s.length-i;return o>0&&(console.error(`Netacea Error :: failed to send ${o} log(s) to Kinesis ingest.`),s.splice(0,o)),s},ae.increaseBatchSize=function(e,t){return e!==t?Math.min(t,2*e):e},ae.headersToRecord=function(e){const t={};return e.forEach(((e,a)=>{t[a]=e})),t},Object.defineProperty(ee,"__esModule",{value:!0}),ee.WebStandardKinesis=void 0;const ie=te,se=ae;ee.WebStandardKinesis=class{constructor({deps:e,kinesisIngestArgs:t}){if(this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e,void 0===t.kinesisAccessKey)throw new Error("kinesisAccessKey is required for kinesis ingest");if(void 0===t.kinesisSecretKey)throw new Error("kinesisSecretKey is required for kinesis ingest");this.kinesisStreamName=t.kinesisStreamName,this.kinesisAccessKey=t.kinesisAccessKey,this.kinesisSecretKey=t.kinesisSecretKey,this.maxAwaitTimePerIngestCallMs=t.maxAwaitTimePerIngestCallMs,void 0!==t.maxLogAgeSeconds&&t.maxLogAgeSeconds<this.maxLogAgeSeconds&&t.maxLogAgeSeconds>0&&(this.maxLogAgeSeconds=t.maxLogAgeSeconds),void 0!==t.logBatchSize&&(this.maxLogBatchSize=t.logBatchSize),this.logBatchSize=!0===t.rampUpBatchSize?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=new this.deps.AwsClient({accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey}),a=await this.signRequest(t,{streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);await this.deps.makeRequest({headers:(0,se.headersToRecord)(a.headers),host:ie.KINESIS_URL,method:"POST",path:"/",body:a.body}),this.logBatchSize=(0,se.increaseBatchSize)(this.logBatchSize,this.maxLogBatchSize)}catch(t){this.logCache=(0,se.handleFailedLogs)(this.logCache,e,this.maxLogBatchSize)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push((0,se.sleep)(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=(0,se.sleep)(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}async signRequest(e,t,a,i){const s={Records:(0,se.batchArrayForKinesis)(a,i,this.deps.Buffer),PartitionKey:Date.now().toString(),StreamName:t.streamName};return await e.sign(ie.KINESIS_URL,{body:JSON.stringify(s),method:"POST",headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"}})}};var oe={};Object.defineProperty(oe,"__esModule",{value:!0}),oe.Kinesis=void 0;const ne=te,re=ae;oe.Kinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e,this.kinesisStreamName=t.kinesisStreamName,this.kinesisAccessKey=t.kinesisAccessKey,this.kinesisSecretKey=t.kinesisSecretKey,this.maxAwaitTimePerIngestCallMs=t.maxAwaitTimePerIngestCallMs,void 0!==t.maxLogAgeSeconds&&t.maxLogAgeSeconds<this.maxLogAgeSeconds&&t.maxLogAgeSeconds>0&&(this.maxLogAgeSeconds=t.maxLogAgeSeconds),void 0!==t.logBatchSize&&(this.maxLogBatchSize=t.logBatchSize),this.logBatchSize=!0===t.rampUpBatchSize?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=this.signRequest({streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);if("POST"!==t.method)throw new Error(`Unexpected method. Expected POST but got ${t.method}`);await this.deps.makeRequest({headers:t.headers??{},host:`https://${t.hostname}`,method:t.method,path:t.path??"/",body:t.body}),this.logBatchSize=(0,re.increaseBatchSize)(this.logBatchSize,this.maxLogBatchSize)}catch(t){this.logCache=(0,re.handleFailedLogs)(this.logCache,e,this.maxLogBatchSize)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push((0,re.sleep)(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=(0,re.sleep)(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}signRequest(e,t,a){const{accessKeyId:i,secretAccessKey:s}=e,o={Records:(0,re.batchArrayForKinesis)(t,a,this.deps.Buffer),PartitionKey:Date.now().toString(),StreamName:e.streamName};return this.deps.aws4.sign({service:"kinesis",body:JSON.stringify(o),headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"},region:ne.REGION},{accessKeyId:i,secretAccessKey:s})}},function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.Kinesis=e.WebStandardKinesis=void 0;var t=ee;Object.defineProperty(e,"WebStandardKinesis",{enumerable:!0,get:function(){return t.WebStandardKinesis}});var a=oe;Object.defineProperty(e,"Kinesis",{enumerable:!0,get:function(){return a.Kinesis}})}(Z);var ce={};function de(e,t){let a=null;if("number"==typeof e)a=e;else if("string"==typeof e){const t=parseFloat(e);isNaN(t)||(a=t)}if(null===a){if("number"!=typeof t.defaultValue)return t.defaultValue;a=t.defaultValue}return void 0!==t.minValue&&(a=Math.max(t.minValue,a)),void 0!==t.maxValue&&(a=Math.min(t.maxValue,a)),a}Object.defineProperty(ce,"__esModule",{value:!0}),ce.parseHttpHeaderName=ce.stringOrDefault=ce.parseIntOrDefault=ce.parseNumberOrDefault=void 0,ce.parseNumberOrDefault=de,ce.parseIntOrDefault=function(e,t){const a=de(e,t);return"number"==typeof a?Math.floor(a):a},ce.stringOrDefault=function(e,t){return"string"==typeof e&&""!==e?e:"number"==typeof e?e.toString():t},ce.parseHttpHeaderName=function(e){if("string"!=typeof e)return;return/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(e)?e:void 0};var he={};Object.defineProperty(he,"__esModule",{value:!0}),he.searchParamsFromRecord=void 0,he.searchParamsFromRecord=function(e){const t=new URLSearchParams;for(const[a,i]of Object.entries(e))t.append(a,i);return t};var ue={},le={},pe=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),ge=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),fe=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var a in e)"default"!==a&&Object.prototype.hasOwnProperty.call(e,a)&&pe(t,e,a);return ge(t,e),t};Object.defineProperty(le,"__esModule",{value:!0}),le.isJweEncrypted=le.decrypt=le.encrypt=void 0;const ye=fe(i);le.encrypt=async function(e,t){const a=ye.base64url.decode(t),i=(new TextEncoder).encode(e);return await new ye.CompactEncrypt(i).setProtectedHeader({alg:"dir",enc:"A128CBC-HS256"}).encrypt(a)},le.decrypt=async function(e,t){const a=ye.base64url.decode(t),{plaintext:i}=await ye.compactDecrypt(e,a,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM","A128CBC-HS256"]});return(new TextDecoder).decode(i)},le.isJweEncrypted=function(e){return 5===e.split(".").length&&e.includes("..")};var me=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),Se=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),ke=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var a in e)"default"!==a&&Object.prototype.hasOwnProperty.call(e,a)&&me(t,e,a);return Se(t,e),t};Object.defineProperty(ue,"__esModule",{value:!0}),ue.jwe=void 0,ue.jwe=ke(le);var Ce,ve,be={};function Ie(){if(ve)return O;ve=1;var e=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),t=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),a=x&&x.__importStar||function(a){if(a&&a.__esModule)return a;var i={};if(null!=a)for(var s in a)"default"!==s&&Object.prototype.hasOwnProperty.call(a,s)&&e(i,a,s);return t(i,a),i};return Object.defineProperty(O,"__esModule",{value:!0}),O.graphql=O.webcrypto=O.url=O.parsing=O.ingest=O.headers=O.configValidation=void 0,O.configValidation=a(_),O.headers=a(L),O.ingest=a(Z),O.parsing=a(ce),O.url=a(he),O.webcrypto=a(ue),O.graphql=a(function(){if(Ce)return be;Ce=1,Object.defineProperty(be,"__esModule",{value:!0}),be.truncateLongFields=be.parseGraphQl=be.parseGraphQlRequestBody=be.getGraphQLParserConfig=void 0;const e=Ie();function t(e,t){const a=e.parserRegex;return t.match(a)?.groups??{}}function a(e,t){const a=e.maxValueLength;for(const e of Object.keys(t)){const o=t[e];t[e]=(s=a,(i=o).length<=s?i:i.slice(0,s)+"…")}var i,s;return t}return be.getGraphQLParserConfig=function(t){const a={includePaths:[],maxParsableBytes:e.parsing.parseIntOrDefault(t?.maxParsableBytes,{defaultValue:1e6,minValue:1e3}),maxValueLength:e.parsing.parseIntOrDefault(t?.maxValueLength,{defaultValue:256,minValue:8}),parserRegex:/^\s*(?<OpType>query|mutation|subscription)\s+(?<OpName>[_A-Za-z][_0-9A-Za-z]+)?/};if(Array.isArray(t?.includePaths))for(const e of t.includePaths)"string"==typeof e&&a.includePaths.push(e);try{if(t?.parserRegex instanceof RegExp)a.parserRegex=t?.parserRegex;else if("object"==typeof t?.parserRegex){const{regex:e,flags:i}=t?.parserRegex;"string"==typeof e&&(a.parserRegex=new RegExp(e,i))}}catch{}return a},be.parseGraphQlRequestBody=function(e,i){if(""===i)throw new Error("Netacea Error: Empty GraphQL body received");const s=JSON.parse(i);if("object"!=typeof s)throw new Error("Netacea Error: Invalid GraphQL JSON");const o={...t(e,s?.query??"")},n=(s?.operationName??"").trim();return""!==n&&(o.OpName=n),a(e,o)},be.parseGraphQl=t,be.truncateLongFields=a,be}()),O}var we=Ie();async function Ae(e,t){const a=d.base64url.decode(t),i=(new TextEncoder).encode(e);return await new d.CompactEncrypt(i).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(a)}async function Ne(e,t){const a=d.base64url.decode(t),{plaintext:i}=await d.compactDecrypt(e,a,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM"]});return(new TextDecoder).decode(i)}function qe(e){const t={"set-cookie":[]};for(const a of e)t["set-cookie"]?.push({key:"set-cookie",value:a});return t}function Te(e,t,a){return e===a&&"post"===t.toLowerCase()}function Ee(e,t,a){let i=e;try{i=new URL(e).pathname}catch(e){}return void 0!==a&&a.length>0&&i===a&&"get"===t.toLowerCase()}function Pe(e,t){const a=e[t];return"string"==typeof a?a:a?.[0]}function Re(e,t){const a=Pe(e,t);if(void 0!==a)return parseInt(a,10)}const{configureCookiesDomain:xe}=E.cookie.attributes;class Oe{static NetaceaTrueUserAgentHeader="x-netacea-true-useragent-header";static HeadersInOriginalOrderHeader="cloudfront-viewer-header-order";cookieEncryptionKey;ingestEnabled=!0;netaceaCaptchaPath;netaceaCheckpointSignalPath;captchaHeader;dynamicCaptchaContentType;ipHeaderName;mitataCookieExpirySeconds;apiKey;secretKey;mitigationServiceUrl="https://mitigations.netacea.net";ingestServiceUrl;timeout;captchaSiteKey;captchaSecretKey;ingestType;mitigationType;kinesisConfigArgs;encryptedCookies=[];netaceaCookieName;netaceaCaptchaCookieName;netaceaCookieAttributes;netaceaCaptchaCookieAttributes;netaceaCaptchaVerificationPath;captchaFeedbackHeaderName;graphQL;netaceaBlockedResponseRedirectLocation;netaceaBlockedResponseStatus=403;netaceaBlockedResponseBody="Forbidden";netaceaBlockedResponseContentType="text/plain; charset=utf-8";constructor(e){if(e.ingestType=n.KINESIS,this.kinesisConfigArgs=e.kinesis,void 0===e.kinesis&&(console.warn(['NETACEA :: Please move kinesis params to "kinesis" object in config.',"Backwards compatibility will soon be removed."].join(" ")),this.kinesisConfigArgs={kinesisStreamName:e.kinesisStreamName,kinesisAccessKey:e.kinesisAccessKey,kinesisSecretKey:e.kinesisSecretKey,maxLogAgeSeconds:1},void 0!==e.logBatchSize&&(this.kinesisConfigArgs.logBatchSize=e.logBatchSize)),null===e.apiKey||void 0===e.apiKey)throw new Error("apiKey is a required parameter");if(this.apiKey=e.apiKey,this.secretKey=e.secretKey,void 0!==e.mitigationServiceUrl){const t=e.mitigationServiceUrl;this.mitigationServiceUrl=t.endsWith("/")?t.slice(0,-1):t}var t;this.ingestServiceUrl=e.ingestServiceUrl??"https://ingest.netacea.net",this.mitigationType=e.mitigationType??r.INGEST,this.ingestType=e.ingestType??n.HTTP,void 0===e.captchaSiteKey&&void 0===e.captchaSecretKey||(this.captchaSiteKey=e.captchaSiteKey,this.captchaSecretKey=e.captchaSecretKey),this.timeout=(t=e.timeout??3e3)<=0?u:t,this.netaceaCookieName=_e(e.netaceaCookieName)??"_mitata",this.netaceaCaptchaCookieName=_e(e.netaceaCaptchaCookieName)??"_mitatacaptcha",this.netaceaCaptchaPath=e.netaceaCaptchaPath,this.dynamicCaptchaContentType=e.dynamicCaptchaContentType??!1;const a=xe(e.netaceaCookieAttributes??"",e.netaceaCaptchaCookieAttributes??"");var i,s;if(this.netaceaCookieAttributes=a.cookieAttributes??"",this.netaceaCaptchaCookieAttributes=a.captchaCookieAttributes??"",this.captchaHeader=e.captchaHeader,this.ipHeaderName=e.ipHeaderName?.toLowerCase()?.trim(),this.encryptedCookies=[this.netaceaCookieName,this.netaceaCaptchaCookieName],this.mitataCookieExpirySeconds=(i=this.mitigationType,void 0===(s=e.netaceaCookieExpirySeconds??e.mitataCookieExpirySeconds)?i===r.INGEST?3600:60:s),this.ingestEnabled=e.ingestEnabled??!0,this.cookieEncryptionKey=e.cookieEncryptionKey,this.netaceaBlockedResponseRedirectLocation=_e(e.netaceaBlockedResponseRedirectLocation),void 0!==e.netaceaBlockedResponseStatus){const t=we.parsing.parseNumberOrDefault(e.netaceaBlockedResponseStatus,{defaultValue:403});!isNaN(t)&&t>=100&&t<=599&&(this.netaceaBlockedResponseStatus=t)}void 0!==e.netaceaBlockedResponseBody&&(this.netaceaBlockedResponseBody=e.netaceaBlockedResponseBody);const o=e.netaceaBlockedResponseContentType;void 0!==o&&""!==o&&(this.netaceaBlockedResponseContentType=o),this.netaceaCheckpointSignalPath=e.netaceaCheckpointSignalPath,this.netaceaCaptchaVerificationPath=e.netaceaCaptchaVerificationPath??"/AtaVerifyCaptcha",""===this.netaceaCaptchaVerificationPath&&(this.netaceaCaptchaVerificationPath="/AtaVerifyCaptcha"),this.netaceaCaptchaVerificationPath?.startsWith("/")||(this.netaceaCaptchaVerificationPath="/"+this.netaceaCaptchaVerificationPath),this.captchaFeedbackHeaderName=we.parsing.parseHttpHeaderName(e.captchaFeedbackHeaderName),this.graphQL=we.graphql.getGraphQLParserConfig(e.graphQL)}}function _e(e){if("string"==typeof e&&""!==e){const t=e.trim();if(t.length>0)return t}}const Le="unknown";function Ke(e,t,a,i,s,o=!1){i=function(e,t){let a=e;return t||("2"===e?a="4":"3"===e?a="5":"b"===e?a="d":"c"===e&&(a="e")),a}(i,s),o&&(i="6");let n=y.matchMap[t]??Le+"_";n+=y.mitigateMap[a]??Le;let c=y.bestMitigationMap[a];if("0"!==i){n+=","+(y.captchaMap[i]??Le);const e=y.bestMitigationCaptchaMap[i];void 0!==e&&(c=e)}return e===r.INJECT&&(c=y.mitigationTypes.none),{sessionStatus:n,mitigation:c,parts:{match:t,mitigate:a,captcha:i}}}function He(e){if(void 0===e)return;const t={...e.headers??{}};if(""!==(e.body??"")){void 0===Object.entries(t).find((([e])=>"content-type"===e.toLowerCase()))&&(t["content-type"]=[{key:"content-type",value:"text/html; charset=UTF-8"}])}return{...e,headers:t}}function Me(e,t){return{"x-netacea-match":e.match,"x-netacea-mitigate":e.mitigate,"x-netacea-captcha":e.captcha}}const De=we.headers.setCookie;function je(e,t,a){"/"!==t[0]&&(t=`/${t}`);const i=t.split("?");return`${e} ${i[0]}${(i.length>1?`?${i[1]}`:void 0)??""}`}async function Fe({config:e,request:t,requestState:a,requestDetails:i},s,o){const n=await async function(e,t,a){const i=t?.["set-cookie"]??[],s=i.map((e=>e.value)),o=De.findValueInSetCookieStrings(s,a);if(void 0===o)return;const{cookieEncryptionKey:n,encryptedCookies:r}=e,c=r.includes(a);if(void 0===n||!c)return o;try{return await Ne(o,n)}catch{return o}}(e,s.headers,e.netaceaCookieName)??"",c=""!==n?n:i.sessionDetails.sessionCookie;let d="0",h="0",u="0";const l=C(c);void 0!==l&&(d=l.match,h=l.mitigate,u=l.captcha);const p=a.sessionStatus,g=a.protectorApiLatency,f=a.protectorApiStatus,y=Date.now()-a.requestStartTimestamp,m=function(e,t,a){if(Te(t.uri,t.method,e.netaceaCaptchaVerificationPath))return!0;if(void 0===a)return!1;const i=null!=a.headers?a.headers["set-cookie"]:void 0,s=i?.find((t=>t.value.split("=")[0]===e.netaceaCaptchaCookieName)),o=void 0!==s;return e.mitigationType===r.INJECT&&o}(e,t,s),S=Ee(t.uri,t.method,e.netaceaCheckpointSignalPath),k=void 0!==a.sessionStatus?void 0:Ke(e.mitigationType,d,h,u,m,S).sessionStatus,{sessionCookieStatus:v}=i.sessionDetails,b=t.headers[Oe.NetaceaTrueUserAgentHeader]?.[0]?.value??i.headers.userAgent,I=t.headers.referer?.[0]?.value,w=void 0!==a.resHandlerStartTime?Date.now()-a.resHandlerStartTime:0;return{BytesSent:t.headers["content-length"]?.[0]?.value??"0",GraphQL:i.graphQL,HeaderHash:a.headerFingerprint??"-",IntegrationType:"@netacea/cloudfront".replace("@netacea/","")??"",IntegrationVersion:"7.0.10",NetaceaMitigationApplied:p??k??"",NetaceaUserIdCookie:c??"",NetaceaUserIdCookieStatus:v,ProtectionMode:e.mitigationType,ProtectorLatencyMs:g,ProtectorStatus:f,Query:t.querystring,RealIp:i.clientIp,Referer:""===I?"-":I,ReqHandlerId:a.reqHandlerId,ReqHandlerMs:a.reqHandlerMs??y,Request:je(i.method,i.url),RequestHost:t.headers.host?.[0]?.value,RequestId:i.requestId??"",RequestTime:y?.toString(),ResHandlerId:o,ResHandlerMs:w,Status:s.status,TimeLocal:(new Date).toUTCString(),TimeUnixMsUTC:Date.now(),UserAgent:b,WorkerInstanceId:o,XForwardedFor:t.headers["x-forwarded-for"]?.[0]?.value}}class Be extends Error{protectorApiResponse;latencyMs;constructor(e,t){super(`Got status ${e.status} when calling protector API with ${t}ms latency.`),this.protectorApiResponse=e,this.latencyMs=t}}const Ve="x-netacea-integration-state";function Ue(e){return we.parsing.parseIntOrDefault(e,{defaultValue:void 0})}function $e(e){return"string"==typeof e?e:void 0}class ze{constructor(e){this.sessionCookieMaxAge=e.sessionCookieMaxAge,this.protectorApiLatency=e.protectorApiLatency,this.protectorApiStatus=e.protectorApiStatus,this.reqHandlerId=e.reqHandlerId,this.reqHandlerMs=e.reqHandlerMs,this.requestStartTimestamp=e.requestStartTimestamp??Date.now(),this.resHandlerId=e.resHandlerId,this.resHandlerStartTime=e.resHandlerStartTime,this.sessionStatus=e.sessionStatus,this.setCookies=e.setCookie??[],this.sessionCodes=e.sessionCodes??{match:"",mitigate:"",captcha:""},this.shouldSetSessionCookie=e.shouldSetSessionCookie??!1,this.eventId=e.eventId,this.headerFingerprint=e.headerFingerprint,this.bytesReceived=e.bytesReceived,this.graphQLFields=e.graphQLFields}async saveToRequest(e,t){const a=JSON.stringify({protectorApiLatency:this.protectorApiLatency,protectorApiStatus:this.protectorApiStatus,reqHandlerId:this.reqHandlerId,reqHandlerMs:this.reqHandlerMs,requestStartTimestamp:this.requestStartTimestamp,resHandlerId:this.resHandlerId,resHandlerStartTime:this.resHandlerStartTime,sessionStatus:this.sessionStatus,setCookies:this.setCookies,sessionCodes:this.sessionCodes,sessionCookieMaxAge:this.sessionCookieMaxAge,shouldSetSessionCookie:this.shouldSetSessionCookie,eventId:this.eventId,headerFingerprint:this.headerFingerprint,bytesReceived:this.bytesReceived,graphQLFields:this.graphQLFields});e.headers[Ve]=void 0!==t?[{key:Ve,value:await Ae(a,t)}]:[{key:Ve,value:Buffer.from(a).toString("base64")}]}recordProtectorApiError(e){this.sessionStatus="error_open",this.protectorApiLatency=e.latencyMs,this.protectorApiStatus=e.protectorApiResponse.status}static async fromRequest(e,t){let a=e.headers[Ve]?.[0]?.value;if(void 0===a)return new ze({});try{a=void 0!==t?await Ne(a,t):Buffer.from(a,"base64").toString();const e=JSON.parse(a);if("object"==typeof e&&null!==e)return new ze({requestStartTimestamp:"requestStartTimestamp"in e?we.parsing.parseIntOrDefault(e.requestStartTimestamp,{defaultValue:Date.now()}):Date.now(),sessionStatus:"sessionStatus"in e?$e(e.sessionStatus):void 0,protectorApiLatency:"protectorApiLatency"in e?Ue(e.protectorApiLatency):void 0,protectorApiStatus:"protectorApiStatus"in e?Ue(e.protectorApiStatus):void 0,reqHandlerId:"reqHandlerId"in e?$e(e.reqHandlerId):void 0,reqHandlerMs:"reqHandlerMs"in e?Ue(e.reqHandlerMs):void 0,resHandlerId:"resHandlerId"in e?$e(e.resHandlerId):void 0,resHandlerStartTime:"resHandlerStartTime"in e?Ue(e.resHandlerStartTime):void 0,setCookie:"setCookies"in e&&Array.isArray(e.setCookies)?e.setCookies.filter((e=>"string"==typeof e)):[],sessionCodes:"sessionCodes"in e&&"object"==typeof e.sessionCodes&&null!==e.sessionCodes?{match:$e(e.sessionCodes.match)??"0",mitigate:$e(e.sessionCodes.mitigate)??"0",captcha:$e(e.sessionCodes.captcha)??"0"}:{match:"",mitigate:"",captcha:""},sessionCookieMaxAge:"sessionCookieMaxAge"in e?Ue(e.sessionCookieMaxAge):void 0,shouldSetSessionCookie:"shouldSetSessionCookie"in e&&Boolean(e.shouldSetSessionCookie),eventId:"eventId"in e?$e(e.eventId):void 0,headerFingerprint:"headerFingerprint"in e?$e(e.headerFingerprint):void 0,bytesReceived:"bytesReceived"in e?Ue(e.bytesReceived):void 0,graphQLFields:"graphQLFields"in e&&"object"==typeof e.graphQLFields&&null!==e.graphQLFields?e.graphQLFields:void 0})}catch{}return new ze({})}static getFreshState(e){return delete e.headers["x-netacea-integration-state"],new ze({})}}var Ge;!function(e){e[e.NEW_SESSION=1]="NEW_SESSION",e[e.EXISTING_SESSION=2]="EXISTING_SESSION",e[e.RENEW_SESSION=3]="RENEW_SESSION"}(Ge||(Ge={}));class Qe{config;constructor(e){this.config=e}async getNetaceaRequestDetails(t,a){const{request:i}=t.cf,{uri:s,method:o}=i,n=await this.readCookie(i,this.config.sessionCookieName),c=await this.readCookie(i,this.config.captchaCookieName),d=function(e,t){const{clientIp:a}=e;if(void 0===t||""===t)return a;const i=e.headers[t]?.[0]?.value;return void 0===i||""===i?a:"x-forwarded-for"===t?i.split(/, ?/).pop()??a:i}(i,this.config.ipHeaderName),h=we.parsing.parseIntOrDefault(i.headers["content-length"]?.[0]?.value,{defaultValue:0}),{sessionCookieDetails:u,sessionCookieStatus:l,sessionStatus:p,userId:g}=function(e,t,a,i,s){const o=I(i,s,e.secretKey);if(void 0!==o.userId&&o.isPrimaryHashValid){const i=o.userId,{isExpired:s,shouldExpire:n,isSameIP:c}=o,d=s||n||!c&&e.mitigationType!==r.INGEST?Ge.RENEW_SESSION:Ge.EXISTING_SESSION,{sessionStatus:h}=Ke(e.mitigationType,o.match,o.mitigate,o.captcha,Te(t,a,e.netaceaCaptchaVerificationPath));return{userId:i,sessionCookieStatus:d,sessionStatus:h,sessionCookieDetails:o}}return{sessionStatus:"",userId:v(),sessionCookieStatus:Ge.NEW_SESSION,sessionCookieDetails:void 0}}(this.config,s,o,n,d);let f=a.headerFingerprint;void 0===f&&(f=await async function(t){const a=new P(e),i=t.headers[Oe.HeadersInOriginalOrderHeader]?.[0].value??"";let s="";if(""!==i)s=await a.hashHeaders(i.split(":"));else{const e=Object.entries(t.headers).flatMap((([e,t])=>t.map((({key:t})=>t??e))));s=await a.hashHeaders(e,!0)}return s}(i),a.headerFingerprint=f);const y={bytesReceived:Math.max(h,i.body?.data.length??0),clientIp:d,graphQL:void 0,method:o,requestId:t.cf.config.requestId,url:s,headerFingerprint:f,headers:{accept:i.headers.accept?.[0]?.value,contentType:i.headers["content-type"]?.[0]?.value,host:i.headers.host?.[0]?.value,userAgent:i.headers["user-agent"]?.[0]?.value??""},sessionDetails:{sessionCookie:n,sessionStatus:p,captchaToken:c,sessionCookieDetails:u,sessionCookieStatus:l,userId:g}};""===a.sessionCodes.match&&(a.sessionCodes.match=u?.match??"0"),""===a.sessionCodes.mitigate&&(a.sessionCodes.mitigate=u?.mitigate??"0"),""===a.sessionCodes.captcha&&(a.sessionCodes.captcha=u?.captcha??"0"),void 0!==a.bytesReceived&&(y.bytesReceived=a.bytesReceived),void 0!==a.graphQLFields&&(y.graphQL=a.graphQLFields);const m=t?.cf?.config?.eventType?.toLowerCase();if(m?.includes("response"))return y;if(void 0===y.graphQL)try{const e=function(e,t){const a=e.includePaths;return t.bytesReceived<=e.maxParsableBytes&&a.includes(t.url)&&"POST"===t.method&&void 0!==t.headers.accept&&t.headers.accept.toLocaleLowerCase().includes("graphql")&&"application/json"===t.headers.contentType}(this.config.graphQL,y);if(e){const{graphQL:e,bytesReceived:t}=await async function(e,t){const a="base64"===t.body?.encoding?Buffer.from(t.body?.data??"","base64").toString():t.body?.data??"";if(""===a)throw new Error("Netacea Error: No GraphQL Body");return{bytesReceived:a.length,graphQL:we.graphql.parseGraphQlRequestBody(e,a)}}(this.config.graphQL,i);y.bytesReceived=t,a.bytesReceived=t,y.graphQL=e,a.graphQLFields=e}}catch(e){if(console.error(e),e instanceof Je){const t=e.bodySize;t>y.bytesReceived&&(y.bytesReceived=t)}}return y}async readCookie(e,t){const a=We(e.headers,t,"set-cookie"),i=""!==a?a:We(e.headers,t,"cookie");if(null==i)return;const s=i.split(/; ?/g),o=`${t}=`;for(const e of s)if(e.startsWith(o)){const a=e.slice(o.length),i=this.config.encryptedCookies??[];if(void 0!==this.config.cookieEncryptionKey&&i.includes(t))try{return await Ne(a,this.config.cookieEncryptionKey)}catch(e){return}return a}}}function We(e,t,a,i=""){if(void 0!==e?.[a]){const i=e[a];if(void 0!==i){const e=i.find((e=>e.value.includes(t)));if(void 0!==e)return e.value}}return i}class Je extends Error{bodySize;constructor(e,t){super(e),this.bodySize=t}}function Xe(e){return new Qe({captchaCookieName:e.netaceaCaptchaCookieName,cookieEncryptionKey:e.cookieEncryptionKey,encryptedCookies:e.encryptedCookies,graphQL:e.graphQL,ipHeaderName:e.ipHeaderName,mitigationType:e.mitigationType,netaceaCaptchaVerificationPath:e.netaceaCaptchaVerificationPath,secretKey:e.secretKey,sessionCookieName:e.netaceaCookieName})}const{extractCookieAttr:Ye,extractAndRemoveCookieAttr:Ze,removeDuplicateAttrs:et}=E.cookie.attributes,tt=E.cookie.parse.parseSetCookie,{mitigationTypes:at,netaceaHeaders:it}=y;exports.Cloudfront=class{workerInstanceId;config;kinesis;constructor(e){this.config=new Oe(e),this.config.ingestType===n.KINESIS&&(void 0===this.config.kinesisConfigArgs?console.warn(`NETACEA WARN: no kinesis args provided, when ingestType is ${this.config.ingestType}`):this.kinesis=new we.ingest.Kinesis({deps:{aws4:a,Buffer:t.Buffer,makeRequest:this.makeRequest.bind(this)},kinesisIngestArgs:{...this.config.kinesisConfigArgs,apiKey:this.config.apiKey,rampUpBatchSize:!0,maxAwaitTimePerIngestCallMs:0}})),this.workerInstanceId=h.v4()}async handleRequest(e){let t;try{t=await async function(e,t){const a=t.Records[0],i=ze.getFreshState(a.cf.request),s=Xe(e),o=await s.getNetaceaRequestDetails(a,i);return{config:e,request:a.cf.request,requestState:i,requestDetails:o}}(this.config,e),t.requestState.reqHandlerId=this.workerInstanceId;const a=await this.handleNetaceaRoutes(t),{respondWith:i}=a;if(void 0!==i){const{shouldSetSessionCookie:e}=t.requestState;if(e){const e=await this.createSetSessionCookie(t.requestDetails.clientIp,t.requestDetails.sessionDetails.userId,t.requestState.sessionCodes.match,t.requestState.sessionCodes.mitigate,t.requestState.sessionCodes.captcha,t.requestState.sessionCookieMaxAge);void 0===i.headers&&(i.headers={});const a=i.headers["set-cookie"]??[];a.push({key:"set-cookie",value:e}),i.headers["set-cookie"]=a}this.ingestUsingContext(t,i)}return a}catch(e){return console.error("Netacea FailOpen - ",e.message),void 0!==t?.request&&e instanceof Be&&t?.requestState.recordProtectorApiError(e),{}}finally{try{if(void 0!==t){const e=t.requestState.requestStartTimestamp;void 0!==e&&(t.requestState.reqHandlerMs=Date.now()-e),await t.requestState.saveToRequest(t.request,this.config.cookieEncryptionKey)}}catch(e){console.error("Netacea Error:",e)}}}async handleResponse(e){try{const t=await async function(e,t){const a=Date.now(),{request:i}=t.Records[0].cf,s=await ze.fromRequest(i,e.cookieEncryptionKey);s.resHandlerStartTime=a;const o=Xe(e);return{config:e,request:i,requestState:s,requestDetails:await o.getNetaceaRequestDetails(t.Records[0],s)}}(this.config,e);try{const a=e.Records[0].cf.response;await this.handleCaptchaFeedback(t,a)}catch(e){console.error("Netacea Error: captcha feedback failed",e)}if(t.requestState.shouldSetSessionCookie){const e=await this.createSetSessionCookie(t.requestDetails.clientIp,t.requestDetails.sessionDetails.userId,t.requestState.sessionCodes.match,t.requestState.sessionCodes.mitigate,t.requestState.sessionCodes.captcha,t.requestState.sessionCookieMaxAge);t.requestState.setCookies.push(e)}const{response:a}=e.Records[0].cf;this.setNetaceaCookies(a,t.requestState),this.ingestUsingContext(t,a)}catch(e){console.error("Netacea Error:",e)}}async handleCaptchaFeedback(e,t){const{captchaFeedbackHeaderName:a}=this.config;if(void 0===a)return;const i=t.headers,s=i[a]?.[0].value??"";if(delete t.headers[a],""===s)return;const o=JSON.parse(s),n=o?.status;if(!["pass","fail"].includes(n))throw new Error("Netacea Error: Invalid captcha feedback status "+String(n));const r=await this.makeRequest({host:this.config.mitigationServiceUrl,method:"POST",path:"/UpdateCaptcha",headers:{"content-type":"application/json; charset=utf-8","x-netacea-api-key":e.config.apiKey,"x-netacea-client-ip":e.requestDetails.clientIp,"x-netacea-userid":e.requestDetails.sessionDetails.userId},body:JSON.stringify({result:"pass"===o.status})});if(200!==r.status)throw new Error(`Netacea Error: Got status ${r.status} for /UpdateCaptcha`);const c=await this.createMitataCaptcha(r.headers);void 0!==c&&e.requestState.setCookies.push(c);let d=r.headers["x-netacea-captcha"];d=Array.isArray(d)?d[0]:d;let h=Re(r.headers,it.mitataExpiry)??NaN;isNaN(h)&&(h=86400);const u=e.requestState;u.sessionCodes.captcha=d,u.sessionCookieMaxAge=h,u.shouldSetSessionCookie=!0;const l=y.captchaMap[d]??"unknown",[p]=e.requestState.sessionStatus?.split(",")??"";e.requestState.sessionStatus=p+","+l}async handleNetaceaRoutes(e){const{uri:t,method:a}=e.request;if(Ee(t,a,this.config.netaceaCheckpointSignalPath)){return{respondWith:He({status:"200",headers:{}})}}if(function(e,t,a){return void 0!==a&&e.toLowerCase().includes(a.toLowerCase())&&"get"===t.toLowerCase()}(t,a,this.config.netaceaCaptchaPath)){return{respondWith:He(await this.handleCaptchaGetRequest(e))}}const i=function(e,t){if(void 0===t)return!1;const a=e.uri;if(t.startsWith("/"))return t===a;try{const i=e.headers.host?.[0]?.value,s=new URL(t);return s.host===i&&s.pathname===a}catch{return!1}}(e.request,this.config.netaceaBlockedResponseRedirectLocation);let s={injectHeaders:Me(e.requestState.sessionCodes),sessionStatus:""};return i||(s=await this.runMitigation(e)),void 0!==s&&"injectHeaders"in s&&(this.addNetaceaInjectHeadersToRequest(e.request,s?.injectHeaders),e.requestState.setCookies.push(...s.setCookie??[])),e.request.headers[Oe.NetaceaTrueUserAgentHeader]=[{key:Oe.NetaceaTrueUserAgentHeader,value:this.getValueFromHeaderOrDefault(e.request.headers,"user-agent","-")}],void 0!==s&&(void 0!==s.apiCallLatency&&(e.requestState.protectorApiLatency=s.apiCallLatency),void 0!==s.apiCallStatus&&(e.requestState.protectorApiStatus=s.apiCallStatus),void 0!==s.sessionStatus&&(e.requestState.sessionStatus=s.sessionStatus),void 0!==s.setCookie&&(e.requestState.setCookies=s.setCookie)),{respondWith:He(s?.response)}}async makeRequest({host:e,method:t,path:a,headers:i,body:s,params:o}){const n=new URL(e);n.pathname=a,void 0!==o&&(o instanceof URLSearchParams?n.search=o.toString():"object"==typeof o&&null!==o&&(n.search=we.url.searchParamsFromRecord(o).toString()));const r=n.toString(),c=new Request(r,{...{method:t,body:s,headers:i},duplex:"half"}),d=await R(r,c),h={};return d.headers.forEach(((e,t)=>{null!==e&&(h[t]=e)})),{status:d.status,body:await d.text(),headers:h}}async mitigate(e){const t=Te(e.request.uri,e.request.method,this.config.netaceaCaptchaVerificationPath);try{const i=t?await this.handleCaptchaPostRequest(e):await this.check(e),s=Ke(this.config.mitigationType,i.match,i.mitigate,i.captcha,t);let o;if([at.block,at.captcha,at.captchaPass].includes(s.mitigation)){const r={"cache-control":[{key:"cache-control",value:["no-store","no-cache","must-revalidate","max-age=0"].join(", ")}],pragma:[{key:"pragma",value:"no-cache"}],"set-cookie":[]};for(const e of i.setCookie)r["set-cookie"]=r["set-cookie"]??[],r["set-cookie"].push({key:"set-cookie",value:e});const c="captcha"===s.mitigation;c&&void 0!==this.config.captchaHeader&&(r[this.config.captchaHeader.name]=[{key:this.config.captchaHeader.name,value:this.config.captchaHeader.value}]);let d={status:"200",statusDescription:"OK",body:""};if(t||(d={status:String(this.config.netaceaBlockedResponseStatus),statusDescription:"Forbidden",body:this.config.netaceaBlockedResponseBody},r["content-type"]=[{key:"content-type",value:this.config.netaceaBlockedResponseContentType}]),o={headers:r,...d},void 0!==this.config.netaceaBlockedResponseRedirectLocation&&!c&&function(e){if("GET"!==e.method?.toUpperCase())return!1;const t=(e.headers["sec-fetch-mode"]??[]).map((e=>e.value));return!(t.length>0&&!t.includes("navigate"))&&(e.headers.accept??[]).map((e=>e.value.split(/, ?/))).flat().includes("text/html")}(e.request)&&(o.status="303",r.Location=[{key:"Location",value:this.config.netaceaBlockedResponseRedirectLocation}]),c&&void 0!==i.body&&i.body.length>0){const e=(a=i.body).includes("captchaRelativeURL")&&a.includes("captchaAbsoluteURL");o.status=e?"403":"200",o.statusDescription=e?"Forbidden":"OK",o.body=i.body,o.bodyEncoding="text",r["content-type"]=e?[{key:"content-type",value:"application/json"}]:[{key:"content-type",value:"text/html; charset=UTF-8"}]}this.config.ingestType===n.KINESIS&&(e.requestState.protectorApiLatency=i.apiCallLatency,e.requestState.protectorApiStatus=i.apiCallStatus,e.requestState.sessionStatus=s.sessionStatus)}return"4"===s.parts.mitigate&&this.addNetaceaInjectHeadersToRequest(e.request,Me(s.parts)),{response:o,sessionStatus:s.sessionStatus,setCookie:i.setCookie,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}catch(a){if(a instanceof Be&&e.requestState.recordProtectorApiError(a),t){return{response:{status:"500",statusDescription:"Internal Server Error",body:"",headers:{}},sessionStatus:"error_open"}}return console.error("Netacea FailOpen Error: ",a),{sessionStatus:"error_open"}}var a}async inject(e){try{const t=Te(e.request.uri,e.request.method,this.config.netaceaCaptchaVerificationPath),a=t?await this.handleCaptchaPostRequest(e):await this.check(e),i=Ke(this.config.mitigationType,a.match,a.mitigate,a.captcha,t);return{injectHeaders:this.config.mitigationType===r.INJECT||"4"===i.parts.mitigate?Me(i.parts):void 0,sessionStatus:i.sessionStatus,setCookie:a.setCookie,apiCallLatency:a.apiCallLatency,apiCallStatus:a.apiCallStatus}}catch(e){return console.error("Netacea FailOpen Error: ",e),{sessionStatus:"",injectHeaders:void 0,setCookie:void 0}}}async ingestUsingContext(e,t=void 0){if(!this.config.ingestEnabled)return;if(null==t)throw new Error("Cloudfront response is required to ingest");const a=await Fe(e,t,this.workerInstanceId);await this.callIngest(a)}setNetaceaCookies(e,t){if(void 0===e)throw new Error("Response required to add cookies to response");if(null!=e.headers){let a=!1;if(a=void 0!==(e.headers["set-cookie"]??[]).find((e=>!!e.value.startsWith(`${this.config.netaceaCookieName}=`)||!!e.value.startsWith(`${this.config.netaceaCaptchaCookieName}=`))),!a&&t.setCookies.length>0){void 0===e.headers["set-cookie"]&&(e.headers["set-cookie"]=[]);for(const a of t.setCookies)e.headers["set-cookie"].push({key:"set-cookie",value:a})}}}getValueFromHeaderOrDefault(e,t,a=""){if(void 0!==e?.[t]){const a=e[t];if(void 0!==a)return a[0].value}return a}async handleCaptchaPostRequest(e){const{status:t,match:a,mitigate:i,captcha:s,body:o,setCookie:n,latency:c,mitataMaxAge:d}=await this.makeCaptchaAPICall(e),h=e.requestState;h.sessionCodes={match:a,mitigate:i,captcha:s},h.sessionCookieMaxAge=d,h.shouldSetSessionCookie=String(s)!==String(y.captchaStatusCodes.checkpointPost);const u=Ke(this.config.mitigationType,a,i,s,!0),l={body:o,apiCallStatus:t,apiCallLatency:c,setCookie:n,sessionStatus:u.sessionStatus,mitigation:u.mitigation,injectHeaders:void 0,match:a,mitigate:i,captcha:s};return(this.config.mitigationType===r.INJECT||"4"===u.parts.mitigate)&&(l.injectHeaders=Me(u.parts)),l}async handleCaptchaGetRequest(e){const{querystring:t}=e.request,a=t.split("&").find((e=>e.includes("trackingId=")))?.replace("trackingId=",""),i=await this.makeMitigateAPICall(e,{isCaptchaGet:!0,defaultMitataCodes:{match:"0",mitigate:"0",captcha:"1"},trackingId:a}),{match:s,mitigate:o,captcha:n}=i,c=Ke(e.config.mitigationType,s,o,n,!1),d={body:i.body,apiCallStatus:i.status,apiCallLatency:i.latency,setCookie:i.setCookie,sessionStatus:c.sessionStatus,injectHeaders:void 0,mitigated:[at.block,at.captcha,at.captchaPass].includes(c.mitigation)};(e.config.mitigationType===r.INJECT||"4"===c.parts.mitigate)&&(d.injectHeaders=Me(c.parts));const h=e.requestState;h.sessionStatus=d.sessionStatus,h.protectorApiLatency=d.apiCallLatency,h.protectorApiStatus=d.apiCallStatus;return{headers:qe(d.setCookie),status:"403",body:d.body,statusDescription:"Forbidden"}}addNetaceaInjectHeadersToRequest(e,t){if(void 0===t)return e;for(const[a,i]of Object.entries(t))e.headers[a]=[{key:a,value:i}];return e}async encryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await Ae(e,this.config.cookieEncryptionKey):e}async decryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await Ne(e,this.config.cookieEncryptionKey):e}async runMitigation(e){try{switch(this.config.mitigationType){case r.MITIGATE:return await this.mitigate(e);case r.INJECT:return await this.inject(e);case r.INGEST:return await this.processIngest(e);default:throw new Error(`Netacea Error: Mitigation type ${this.config.mitigationType} not recognised`)}}catch(t){return console.error("Netacea FAILOPEN Error:",t),{injectHeaders:Me(e.requestState.sessionCodes),sessionStatus:""}}}async readCookie(e,t){if(null==t)return;if("string"==typeof t)return await this.readCookie(e,t.split(";"));const a=`${e}=`;for(const i of t){const t=i.split(";")[0].trimStart();if(t.startsWith(a)){const i=t.slice(a.length);if(this.config.encryptedCookies.includes(e))try{return await this.decryptCookieValue(i)}catch(e){return}return i}}}async makeCaptchaAPICall(e){const t=e.requestDetails.sessionDetails.userId,a=this.getValueFromHeaderOrDefault(e.request.headers,"content-type","application/x-www-form-urlencoded; charset=UTF-8"),i={"X-Netacea-UserId":t,"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.requestDetails.clientIp,"X-Netacea-Request-Id":e.requestDetails.requestId,"user-agent":e.requestDetails.headers.userAgent,"Content-Type":a};void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(i["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,i["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey);const s=new URLSearchParams,o=e.requestState.headerFingerprint??"";""!==o&&s.append("headerFP",o),s.append("netaceaHeaders","request-id");const n=function(e,t){if(void 0!==e&&""!==e&&0!==e.trim().length){if(!t.includes("application/json"))return e;try{return JSON.parse(e),e}catch(t){return console.warn("Invalid JSON in captcha data, attempting to serialize:",t),JSON.stringify({data:e})}}}(function(e){if(void 0===e.body?.data||0===e.body.data.length)return"";if(e.body?.inputTruncated)throw new Error("Netacea Error :: Request body is too large.");let t;if("text"===e.body.encoding)t=e.body.data;else try{t=Buffer.from(e.body.data,"base64").toString("utf-8")}catch(a){console.warn("Failed to decode base64 request body:",a),t=e.body.data}if((e.headers["content-type"]?.[0]?.value?.toLowerCase()??"").includes("application/json"))try{JSON.parse(t)}catch(e){console.warn("Request body is not valid JSON despite content-type header:",e)}return t}(e.request),a),r=Date.now(),c=await this.makeRequest({host:this.config.mitigationServiceUrl,path:"/AtaVerifyCaptcha",headers:i,method:"POST",body:n,timeout:this.config.timeout,params:s}),d=Date.now()-r;return await this.getApiCallResponseFromResponse(c,d,void 0)}async getApiCallResponseFromResponse(e,t,a){if(200!==e.status)throw new Be(e,t);const i=Pe(e.headers,it.match)??a?.match??"0",s=Pe(e.headers,it.mitigate)??a?.mitigate??"0",o=Pe(e.headers,it.captcha)??a?.captcha??"0";let n=Re(e.headers,it.mitataExpiry)??NaN;isNaN(n)&&(n=86400);const r=[];if(String(o)!==String(y.captchaStatusCodes.checkpointPost)){const t=await this.createMitataCaptcha(e.headers);void 0!==t&&r.push(t)}const c=Pe(e.headers,it.eventId);return{status:e.status,match:i,mitigate:s,captcha:o,setCookie:r,body:e.body,eventId:c,mitataMaxAge:n,latency:t}}APIError(e){let t="Unknown error";switch(e.status){case 403:t="Invalid credentials";break;case 500:t="Server error";break;case 502:t="Bad Gateway";break;case 503:t="Service Unavailable";break;case 400:t="Invalid request"}return new Error(`Error reaching Netacea API (${t}), status: ${e.status}`)}async createSetSessionCookie(e,t,a,i,s,o=86400,n=void 0){const r=["1","3","5","a","c","e"].includes(s)||"3"===i?-60:this.config.mitataCookieExpirySeconds,c=n??Math.floor(Date.now()/1e3)+r;if(void 0===this.config.secretKey)throw new Error("Cannot build cookie without secret key.");const d=[a,i,s].join(""),h=function(e,t,a,i,s="000"){void 0===t&&(t=v());const o=[a,t,b(e+"|"+String(a),i),s].join(l);return`${b(o,i)}${l}${o}`}(e,t,c,this.config.secretKey,d);let u,p,g=o;if(""!==this.config.netaceaCookieAttributes){const{extractedAttribute:e,cookieAttributes:t}=Ze(this.config.netaceaCookieAttributes,"Max-Age");g=void 0!==e?Number(e):o;const{extractedAttribute:a,cookieAttributes:i}=Ze(t,"Path");u=a??"/",p=i??void 0}return await this.buildCookieFromValues(this.config.netaceaCookieName,h,g,p,u)}async createMitataCaptcha(e){let t=e["set-cookie"]??[];t="string"==typeof t?[t]:t;const a=t.find((e=>e.startsWith("_mitatacaptcha=")));let i,s="86400";if(void 0!==a&&""!==a)try{const e=tt(a);i=e.value,s=Ye(e.attributes,"Max-Age")??"86400"}catch(e){return}if(""===i||void 0===i)return;const o=et([this.config.netaceaCaptchaCookieAttributes,"Path=/",`Max-Age=${s}`]);return i=this.config.encryptedCookies.includes(this.config.netaceaCaptchaCookieName)?await this.encryptCookieValue(i):i,`${this.config.netaceaCaptchaCookieName}=${i}; ${o}`}async buildCookieFromValues(e,t,a,i,s="/"){const o=`${e}=${this.config.encryptedCookies.includes(e)?await this.encryptCookieValue(t):t}; Max-Age=${a}; Path=${s}`;return void 0!==i&&""!==i?`${o}; ${i}`:o}async callIngest(e){if(this.config.ingestType===n.KINESIS){if(void 0===this.kinesis)return void console.error("Netacea Error: Unable to log as Kinesis has not been defined.");if(void 0!==this.config.kinesisConfigArgs){const{kinesisStreamName:e,kinesisAccessKey:t,kinesisSecretKey:a}=this.config.kinesisConfigArgs;if(void 0===e||void 0===t||void 0===a)return void console.error("Netacea Error: Unable to log as Kinesis configuration misses credentials.")}try{await this.kinesis.ingest({...e,apiKey:this.config.apiKey})}catch(e){console.error("NETACEA Error: ",e.message)}}else{const t={"X-Netacea-API-Key":this.config.apiKey,"content-type":"application/json"},a=await this.makeIngestApiCall(t,e);if(200!==a.status&&202!==a.status)throw this.APIError(a)}}async makeIngestApiCall(e,t){return await this.makeRequest({host:this.config.ingestServiceUrl,method:"POST",path:"/",headers:e,body:JSON.stringify(t),timeout:this.config.timeout})}async processIngest(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required for ingest");const t=e.request.headers.cookie?.[0].value??"",a=I(await this.readCookie(this.config.netaceaCookieName,t),m,this.config.secretKey);return a.isPrimaryHashValid?a.requiresReissue?await this.setIngestOnlyMitataCookie(a.mitata?.userId):{sessionStatus:"",setCookie:[]}:await this.setIngestOnlyMitataCookie(void 0)}async setIngestOnlyMitataCookie(e){return{sessionStatus:"",setCookie:[await this.createSetSessionCookie(m,e,"0","0","0",86400)]}}async check(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");const t=e.requestDetails.sessionDetails.sessionCookieDetails;if(void 0===t||!t.isPrimaryHashValid||t.requiresReissue){const t=await this.makeMitigateAPICall(e,{}),a=e.requestState,{match:i,mitigate:s,captcha:o}=t;return a.sessionCodes={match:i,mitigate:s,captcha:o},a.sessionCookieMaxAge=t.mitataMaxAge,a.shouldSetSessionCookie=!0,{body:t.body,apiCallStatus:t.status,apiCallLatency:t.latency,setCookie:[],match:t.match,mitigate:t.mitigate,captcha:t.captcha}}return{body:void 0,apiCallStatus:void 0,apiCallLatency:void 0,setCookie:[],match:t.match,mitigate:t.mitigate,captcha:t.captcha}}async makeMitigateAPICall(e,{isCaptchaGet:t=!1,defaultMitataCodes:a,trackingId:i}){const s={"user-agent":e.requestDetails.headers.userAgent,"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.requestDetails.clientIp,"X-Netacea-Request-Id":e.requestDetails.requestId,"X-Netacea-UserId":e.requestDetails.sessionDetails.userId,cookie:this.buildCookieHeader({_mitatacaptcha:e.requestDetails.sessionDetails.captchaToken})};void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(s["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,s["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey),this.config.dynamicCaptchaContentType&&void 0!==this.config.netaceaCaptchaPath&&(s["X-Netacea-Captcha-Content-Type"]=function(e){const t=e?.toLowerCase()??"text/html",a=t?.includes("text/html")||t?.includes("application/html"),i=t?.includes("application/json");return i&&!a?"application/json":"text/html"}(e.requestDetails.headers.accept??"text/html"));const o="application/json"===s["X-Netacea-Captcha-Content-Type"],n=new URLSearchParams,r=e.requestState.headerFingerprint;"string"==typeof r&&n.set("headerFP",r),n.append("netaceaHeaders","request-id"),t&&void 0!==i&&n.append("trackingId",i);const c=Date.now(),d=await this.makeRequest({host:this.config.mitigationServiceUrl,path:t?"/captcha":"/",headers:s,method:"GET",timeout:this.config.timeout,params:n}),h=Date.now()-c;return o&&void 0!==this.config.netaceaCaptchaPath&&(d.body=function(e,t,a){let i;if(void 0===e||""===e)return"";if("string"==typeof e&&(i=JSON.parse(e)),!function(e){if(null==e)return!1;const t=e;return void 0!==t?.trackingId}(i))throw new Error("Body is not a Mitigation Service JSON response!");const s=`${a}?trackingId=${i.trackingId}`,o=void 0!==t?`https://${t}${s}`:void 0;return JSON.stringify({captchaRelativeURL:s,captchaAbsoluteURL:o})}(d.body,e.requestDetails.headers.host,this.config.netaceaCaptchaPath)),await this.getApiCallResponseFromResponse(d,h,a)}buildCookieHeader(e){let t="",a="";for(const i in e){const s=e[i];void 0!==s&&(t=`${t}${a}${i}=${s}`,a="; ")}return t}};
2
2
  //# sourceMappingURL=index.js.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@netacea/cloudfront",
3
- "version": "7.0.8",
3
+ "version": "7.0.10",
4
4
  "description": "Netacea Cloudfront CDN integration",
5
5
  "files": [
6
6
  "dist/index.js",
@@ -23,5 +23,5 @@
23
23
  "jose": "^4.11.2",
24
24
  "uuid": "^10.0.0"
25
25
  },
26
- "gitHead": "f22dd07acf2b56c0bb4b0bfea72036f0601342dd"
26
+ "gitHead": "1a3b1bac3dc61a9dceac0659e7b0cf85fab81fd2"
27
27
  }