npm - @netacea/vercel - Versions diffs - 0.1.7 → 0.1.9 - Mend

@netacea/vercel 0.1.7 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -222,17 +222,18 @@ interface IngestArgs {
      */
     integrationVersion?: string;
     /**
-     * IP values set by a CDN under "x-fowarded-for" header
+     * IP values set by a CDN under "x-forwarded-for" header
      */
-    xForwardedFor?: string;
-    headerFingerprint?: string;
     cookieFingerprint?: string;
+    headerFingerprint?: string;
     integrationMode?: string;
-    requestHost?: string;
+    ipHeader?: string;
     mitigationLatency?: number;
     mitigationStatus?: number;
     netaceaCookieStatus?: number;
+    requestHost?: string;
     workerInstanceId?: string;
+    xForwardedFor?: string;
 }
 interface NetaceaResponseBase {
     /**
@@ -304,6 +305,8 @@ interface NetaceaSessionDetails {
 }
 interface NetaceaRequestDetails {
     clientIp: string;
+    xForwardedForHeaderValue?: string;
+    ipHeader?: string;
     method: string;
     protocol: string | undefined;
     sessionDetails: NetaceaSessionDetails;
@@ -316,40 +319,42 @@ interface NetaceaRequestDetails {
 }
 type NetaceaVercelIntegrationArgs = NetaceaBaseArgs & {
+    captchaHeader?: CustomHeader | undefined;
     cookieEncryptionKey?: string;
     enableDynamicCaptchaContentType?: boolean | string;
+    ipHeaderName?: string;
+    mitigationServiceTimeoutMs?: number | string;
+    netaceaCaptchaCookieAttributes?: string;
     netaceaCaptchaPath?: string;
-    captchaHeader?: CustomHeader | undefined;
     netaceaCookieAttributes?: string;
-    netaceaCaptchaCookieAttributes?: string;
-    mitigationServiceTimeoutMs?: number | string;
 };
 interface CustomHeader {
     name: string;
     value: string;
 }
 declare class ValidatedConfig {
-    readonly mitataCookieExpirySeconds: number;
     readonly apiKey: string;
-    readonly secretKey: string;
-    readonly mitigationServiceUrl: string;
+    readonly captchaHeader: CustomHeader | undefined;
+    readonly captchaSecretKey?: string;
+    readonly captchaSiteKey?: string;
+    readonly cookieEncryptionKey: string | undefined;
+    readonly enableDynamicCaptchaContentType: boolean;
+    readonly encryptedCookies: string[];
     readonly ingestServiceUrl: string;
+    readonly ingestType: NetaceaIngestType;
+    readonly ipHeaderName: string | undefined;
     readonly kinesisConfigArgs?: KinesisIngestConfigArgs$1;
-    readonly timeout: number;
+    readonly mitataCookieExpirySeconds: number;
     readonly mitigationServiceTimeoutMs: number;
-    readonly captchaSiteKey?: string;
-    readonly captchaSecretKey?: string;
-    readonly ingestType: NetaceaIngestType;
+    readonly mitigationServiceUrl: string;
     readonly mitigationType: NetaceaMitigationType;
-    readonly encryptedCookies: string[];
-    readonly netaceaCookieName: string;
+    readonly netaceaCaptchaCookieAttributes: string;
     readonly netaceaCaptchaCookieName: string;
-    readonly cookieEncryptionKey: string | undefined;
-    readonly enableDynamicCaptchaContentType: boolean;
     readonly netaceaCaptchaPath: string | undefined;
-    readonly captchaHeader: CustomHeader | undefined;
     readonly netaceaCookieAttributes: string;
-    readonly netaceaCaptchaCookieAttributes: string;
+    readonly netaceaCookieName: string;
+    readonly secretKey: string;
+    readonly timeout: number;
     constructor(args: Partial<NetaceaVercelIntegrationArgs>);
 }

package/dist/index.js CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("aws4fetch"),t=require("buffer/"),i=require("jose"),a=require("uuid");function n(e){var t=Object.create(null);return e&&Object.keys(e).forEach((function(i){if("default"!==i){var a=Object.getOwnPropertyDescriptor(e,i);Object.defineProperty(t,i,a.get?a:{enumerable:!0,get:function(){return e[i]}})}})),t.default=e,Object.freeze(t)}var s,o,r,c=n(i),u=n(a);exports.NetaceaIngestType=void 0,(s=exports.NetaceaIngestType||(exports.NetaceaIngestType={})).ORIGIN="ORIGIN",s.HTTP="HTTP",s.KINESIS="KINESIS",s.NATIVE="NATIVE",exports.NetaceaMitigationType=void 0,(o=exports.NetaceaMitigationType||(exports.NetaceaMitigationType={})).MITIGATE="MITIGATE",o.INJECT="INJECT",o.INGEST="INGEST",function(e){e.CAPTCHA_GET="captcha_get",e.CAPTCHA_POST="captcha_post",e.EXPIRED_SESSION="expired_session",e.FORCED_REVALIDATION="forced_revalidation",e.INVALID_SESSION="invalid_session",e.IP_CHANGE="ip_change",e.NO_SESSION="no_session"}(r||(r={}));const p=3e3;function h(e,t){const i=e.split(";").map((e=>e.trim())).filter((e=>e.toLowerCase().startsWith(t.toLowerCase())))[0];return void 0!==i&&i.length>0?i?.replace(`${t}=`,""):void 0}function l(e,t=!1){return"string"!=typeof e&&(e=e.join("; ")),""===e?"":d(e.split(";"),t).join("; ")}function d(e,t=!1){if(t)return d(e.reverse()).reverse();const i=new Set,a=[];for(let t of e){if(t=t.trimStart(),""===t.trim())continue;const e=t.split("=")[0].toUpperCase();i.has(e)||(i.add(e),a.push(t))}return a}var f=Object.freeze({__proto__:null,configureCookiesDomain:function(e,t){let i=e=l(e??"",!0),a=t=l(t??"",!0);if(void 0!==e&&void 0!==t){const n=h(e,"Domain"),s=h(t,"Domain");void 0!==n&&void 0!==s?a=t.replace(s,n):void 0!==n&&void 0===s?a=t+(""!==t?`; Domain=${n}`:`Domain=${n}`):void 0===n&&void 0!==s&&(i=e+(""!==e?`; Domain=${s}`:`Domain=${s}`))}else if(void 0!==e&&void 0===t){const t=h(e,"Domain");void 0!==t&&(a=`Domain=${t}`)}else if(void 0===e&&void 0!==t){const e=h(t,"Domain");void 0!==e&&(i=`Domain=${e}`)}return{cookieAttributes:""!==i?i:void 0,captchaCookieAttributes:""!==a?a:void 0}},extractAndRemoveCookieAttr:function(e,t){const i=h(e,t);if(void 0!==i){return{extractedAttribute:i,cookieAttributes:e.replace(/ /g,"").replace(`${t}=${i}`,"").split(";").filter((e=>e.length>0)).join("; ")}}return{extractedAttribute:void 0,cookieAttributes:e}},extractCookieAttr:h,removeDuplicateAttrs:l});function g(e){const t=l([e.otherAttributes??"",`Max-Age=${e.maxAgeAttribute??86400}`,"Path=/"].join("; "));return`${e.cookieName}=${e.cookieValue}; ${t}`}var y=Object.freeze({__proto__:null,createNetaceaCaptchaSetCookieString:function(e){return g({...e,cookieName:e.cookieName??"_mitatacaptcha"})},createNetaceaSetCookieString:function(e){return g({...e,cookieName:e.cookieName??"_mitata"})},createSetCookieString:g});var m=Object.freeze({__proto__:null,parseSetCookie:function(e){const t=e.indexOf("=");if(t<0)throw new Error("Could not parse the given set-cookie value.");const i=e.slice(0,t),a=e.slice(t+1),n=a.indexOf(";");return{name:i,value:a.slice(0,n),attributes:a.slice(n).trimStart()}}});const S={cookie:{parse:m,attributes:f,netaceaSession:y}};var C="@netacea/vercel",k="0.1.7";const I=globalThis.fetch.bind(globalThis),w={none:"",block:"block",captcha:"captcha",allow:"allow",captchaPass:"captchapass"},E="x-netacea-match",v="x-netacea-mitigate",T="x-netacea-captcha",N="x-netacea-mitata-expiry",A="x-netacea-mitatacaptcha-value",_="x-netacea-mitatacaptcha-expiry",b="x-netacea-event-id",O={0:"",1:"ua_",2:"ip_",3:"visitor_",4:"datacenter_",5:"sev_",6:"organisation_",7:"asn_",8:"country_",9:"combination_",b:"headerFP_"},K={0:"",1:"blocked",2:"allow",3:"hardblocked",4:"block"},P={0:"",1:"captcha_serve",2:"captcha_pass",3:"captcha_fail",4:"captcha_cookiepass",5:"captcha_cookiefail"},x={0:w.none,1:w.block,2:w.none,3:w.block,4:w.block},R={1:w.captcha,2:w.captchaPass,3:w.captcha,4:w.allow,5:w.captcha},M="_/@#/",D="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".split(""),j=/^(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(([a-zA-Z\d])(\d)(\d))$/;function H(e){if(void 0===e)return;const t=e.match(j);if(null!=t){const[,e,i,a,n,s,o,r,c]=t;return{signature:e,expiry:i,userId:a,ipHash:n,mitigationType:s,protectorCheckCodes:{match:o,mitigate:r,captcha:c}}}}function L(e=16,t=D){const i=new Uint16Array(e-1);crypto.getRandomValues(i);return`c${Array.from(i).map((e=>t[e%t.length])).join("")}`}async function U(e,t){const i=await async function(e){return await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:"SHA-256"},!1,["sign","verify"])}(function(e){return"string"==typeof e?(new TextEncoder).encode(e):e}(t));return new Uint8Array(await crypto.subtle.sign("HMAC",i,e))}async function q(e,i){const a=await U(t.Buffer.from(e),i),n=t.Buffer.from(a).toString("hex");return t.Buffer.from(n).toString("base64")}var F;async function $(e,t){const i=c.base64url.decode(t),a=(new TextEncoder).encode(e);return await new c.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(i)}async function V(e,t){const i=c.base64url.decode(t),{plaintext:a}=await c.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM"]});return(new TextDecoder).decode(a)}function G(e){if(void 0===e)return"text/html";const t=e.toLowerCase(),i=t.includes("application/html")||t.includes("text/html"),a=t.includes("application/json");return!i&&a?"application/json":"text/html"}async function B(e,t,i){if(void 0===i||""===i)return!1;i.startsWith("/")||(i="/"+i);const{pathname:a,search:n}=e;return a.includes(i)&&n.includes("trackingId")&&"get"===t.toLowerCase()}function W(e,t){return"/AtaVerifyCaptcha"===e.pathname&&"post"===t.toLowerCase()}function z(e,t){if(void 0===t)return e;const i=e.headers.get("set-cookie")??"",a=new Headers(e.headers);if(void 0!==t.setCookie)for(const e of t.setCookie)i.includes(e.split("=")[0])||a.append("set-cookie",e);return new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})}function X(e,t,i=""){return e.get(t)??i}function Y(e){let t="",i="";for(const a in e){const n=e[a];void 0!==n&&(t=`${t}${i}${a}=${n}`,i="; ")}return t}!function(e){e[e.NEW_SESSION=1]="NEW_SESSION",e[e.EXISTING_SESSION=2]="EXISTING_SESSION",e[e.RENEW_SESSION=3]="RENEW_SESSION"}(F||(F={}));class J extends Error{protectorApiResponse;latencyMs;constructor(e,t){super(`Got status ${e.status} when calling protector API with ${t}ms latency.`),this.protectorApiResponse=e,this.latencyMs=t}}function Z(e){return e.bytesSent=""===e.bytesSent?"0":e.bytesSent,function({bytesSent:e,cookieFingerprint:t,headerFingerprint:i,integrationMode:a,integrationType:n,integrationVersion:s,ip:o,method:r,mitataCookie:c,mitigationLatency:u,mitigationStatus:p,netaceaCookieStatus:h,path:l,referer:d,requestHost:f,requestTime:g,sessionStatus:y,status:m,timeUnixMsUTC:S,userAgent:C,workerInstanceId:k,xForwardedFor:I}){return{Request:`${r} ${l}`,TimeLocal:new Date(S??Date.now()).toUTCString(),TimeUnixMsUTC:S,RealIp:o,UserAgent:C,Status:m,RequestTime:g?.toString(),BytesSent:e?.toString(),Referer:""===d?"-":d,NetaceaUserIdCookie:c??"",NetaceaMitigationApplied:y??"",ProtectorLatencyMs:u,ProtectorStatus:p,IntegrationType:n??"",IntegrationVersion:s??"",ProtectionMode:a??"",RequestHost:f,XForwardedFor:I,WorkerInstanceId:k,NetaceaUserIdCookieStatus:h,optional:{headerFingerprint:i,cookieFingerprint:t}}}(e)}const Q="unknown";function ee(e,t,i){let{match:a,mitigate:n,captcha:s}=t;i||("2"===s?s="4":"3"===s&&(s="5"));let o=O[a]??Q+"_";o+=K[n]??Q;let r=x[n];if("0"!==s){o+=","+(P[s]??Q);const e=R[s];void 0!==e&&(r=e)}return e===exports.NetaceaMitigationType.INJECT&&(r=w.none),{sessionStatus:o,mitigation:r,parts:{match:a,mitigate:n,captcha:s}}}async function te(e){let t="";try{t=await async function(e,t){const i=(new TextEncoder).encode(t),a=await crypto.subtle.digest(e,i);return Array.from(new Uint8Array(a)).map((e=>e.toString(16).padStart(2,"0"))).join("")}("SHA-256",e)}catch(e){t=""}return t}class ie{config;constructor(e){this.config=e}async getNetaceaRequestDetails(e){const t=new URL(e.url),i=e.method,a=await this.readCookie(e,this.config.sessionCookieName),n=await this.readCookie(e,this.config.captchaCookieName),s=(e.headers.get("x-forwarded-for")??"").split(/, ?/)[0],{sessionCookieDetails:o,sessionCookieStatus:r,sessionStatus:c,userId:u}=await async function(e,t,i,a,n){const s=await async function(e,t,i){const a={userId:void 0,requiresReissue:!1,isExpired:!1,shouldExpire:!1,isSameIP:!1,isPrimaryHashValid:!1,protectorCheckCodes:{captcha:"0",match:"0",mitigate:"0"}};if("string"!=typeof e||""===e)return a;const n=H(e);if(void 0!==n){const e=[n.expiry,n.userId,n.ipHash,n.mitigationType].join(M),a=Math.floor(Date.now()/1e3),s=parseInt(n.expiry)<a,o=["1","3","5"].includes(n.protectorCheckCodes.captcha),r="3"===n.protectorCheckCodes.mitigate,c=o||r,u=await q(t+"|"+n.expiry,i),p=n.ipHash===u,h=n.signature===await q(e,i);return{userId:n.userId,requiresReissue:s||!p,isExpired:s,shouldExpire:c,isSameIP:p,isPrimaryHashValid:h,protectorCheckCodes:n.protectorCheckCodes}}return a}(a,n,e.secretKey);if(void 0!==s.userId&&s.isPrimaryHashValid){const a=s.userId,{isExpired:n,shouldExpire:o,isSameIP:r}=s,c=n||o||!r&&e.mitigationType!==exports.NetaceaMitigationType.INGEST?F.RENEW_SESSION:F.EXISTING_SESSION,{sessionStatus:u}=ee(e.mitigationType,s.protectorCheckCodes,W(t,i));return{userId:a,sessionCookieStatus:c,sessionStatus:u,sessionCookieDetails:s}}return{sessionStatus:"",userId:L(),sessionCookieStatus:F.NEW_SESSION,sessionCookieDetails:void 0}}(this.config,t,i,a,s);return{clientIp:s,fingerprints:await ae(e),method:i,protocol:void 0,url:t,userAgent:e.headers.get("user-agent")??"",sessionDetails:{sessionStatus:c,captchaToken:n,sessionCookieDetails:o,sessionCookieStatus:r,userId:u}}}async readCookie(e,t){const i=e.headers.get("Cookie");if(null==i)return;const a=i.split(/; ?/g),n=`${t}=`;for(const e of a)if(e.startsWith(n)){const i=e.slice(n.length),a=this.config.encryptedCookies??[];if(void 0!==this.config.cookieEncryptionKey&&a.includes(t))try{return await V(i,this.config.cookieEncryptionKey)}catch(e){return}return i}}}async function ae(e){const{headers:t}=e,i=await async function(e){const t=function(e){const t=[];return e.forEach(((e,i)=>{const a=i.toLowerCase();"cookie"===a||"referer"===a||a.startsWith("x-netacea-")||t.push(i)})),t.join(",")}(e);return await te(t)}(t),a=function(e,t){return e.get(t)?.split(/; ?/)??[]}(t,"cookie").map((e=>e.split("=")[0])).flat(),n=await async function(e){const t=e.join(",");return await te(t)}(a);return{headerFingerprint:""===i?i:`h_${i.substring(1,15)}`,cookieFingerprint:""===n?n:`c_${n.substring(1,15)}`}}var ne="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},se={},oe={},re={},ce=ne&&ne.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,n)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),ue=ne&&ne.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),pe=ne&&ne.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&ce(t,e,i);return ue(t,e),t};Object.defineProperty(re,"__esModule",{value:!0}),re.isJweEncrypted=re.decrypt=re.encrypt=void 0;const he=pe(i);re.encrypt=async function(e,t){const i=he.base64url.decode(t),a=(new TextEncoder).encode(e);return await new he.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A128CBC-HS256"}).encrypt(i)},re.decrypt=async function(e,t){const i=he.base64url.decode(t),{plaintext:a}=await he.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM","A128CBC-HS256"]});return(new TextDecoder).decode(a)},re.isJweEncrypted=function(e){return 5===e.split(".").length&&e.includes("..")};var le=ne&&ne.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,n)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),de=ne&&ne.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),fe=ne&&ne.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&le(t,e,i);return de(t,e),t};Object.defineProperty(oe,"__esModule",{value:!0}),oe.jwe=void 0,oe.jwe=fe(re);var ge={},ye={};function me(e,t){for(const i of Object.keys(e)){if("cookie"!==i&&"Cookie"!==i)continue;const a=e[i]??"",n=Ce("string"==typeof a?a:a.join("; "),t);if(void 0!==n)return n}}function Se(e,t){const i=[];for(const a of Object.keys(e)){if("cookie"!==a&&"Cookie"!==a)continue;const n=e[a]??"",s="string"==typeof n?n:n.join("; ");i.push(...ke(s,t))}return i}function Ce(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).find((e=>e.startsWith(i)))}function ke(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).filter((e=>e.startsWith(i)))}Object.defineProperty(ye,"__esModule",{value:!0}),ye.findAllInCookieString=ye.findFirstInCookieString=ye.findAllInHeaders=ye.findFirstInHeaders=ye.findOnlyValueInHeaders=ye.findAllValuesInHeaders=ye.findFirstValueInHeaders=void 0,ye.findFirstValueInHeaders=function(e,t){const i=me(e,t);if(void 0!==i)return i.slice(t.length+1)},ye.findAllValuesInHeaders=function(e,t){return Se(e,t).map((e=>e.slice(t.length+1)))},ye.findOnlyValueInHeaders=function(e,t){const i=Se(e,t);if(i.length>1)throw new Error(`Found more than one cookie with name ${t}`);return i[0]?.slice(t.length+1)},ye.findFirstInHeaders=me,ye.findAllInHeaders=Se,ye.findFirstInCookieString=Ce,ye.findAllInCookieString=ke;var Ie={};function we(e){return"set-cookie"===e||"Set-Cookie"===e}function Ee(e,t){const i=t+"=";return e.startsWith(i)}function ve(e,t){const i=e[t]??[];return"string"==typeof i?[i]:i}function Te(e,t){for(const i of Object.keys(e)){if(!we(i))continue;const a=Ne(ve(e,i),t);if(void 0!==a)return a}}function Ne(e,t){return e.map((e=>e.trimStart())).find((e=>Ee(e,t)))}function Ae(e,t){const i=[];for(const a of Object.keys(e)){if(!we(a))continue;const n=ve(e,a);i.push(..._e(n,t))}return i}function _e(e,t){return e.map((e=>e.trimStart())).filter((e=>Ee(e,t)))}Object.defineProperty(Ie,"__esModule",{value:!0}),Ie.findAllInSetCookieStrings=Ie.findAllInHeaders=Ie.findFirstInSetCookieStrings=Ie.findFirstInHeaders=Ie.findOnlyValueInHeaders=Ie.findFirstValueInHeaders=void 0,Ie.findFirstValueInHeaders=function(e,t){const i=Te(e,t);return i?.slice(t.length+1)?.split(";")[0]},Ie.findOnlyValueInHeaders=function(e,t){const i=Ae(e,t);if(i.length>1)throw new Error(`Found more than one set-cookie with name ${t}`);return i[0]?.slice(t.length+1)?.split(";")[0]},Ie.findFirstInHeaders=Te,Ie.findFirstInSetCookieStrings=Ne,Ie.findAllInHeaders=Ae,Ie.findAllInSetCookieStrings=_e;var be=ne&&ne.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,n)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),Oe=ne&&ne.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),Ke=ne&&ne.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&be(t,e,i);return Oe(t,e),t};Object.defineProperty(ge,"__esModule",{value:!0}),ge.setCookie=ge.cookie=void 0,ge.cookie=Ke(ye),ge.setCookie=Ke(Ie);var Pe={},xe={},Re={};Object.defineProperty(Re,"__esModule",{value:!0}),Re.KINESIS_URL=Re.API_VERSION=Re.REGION=Re.PAYLOAD_TYPE=Re.STATE=void 0,Re.STATE={ACTIVE:"ACTIVE",UPDATING:"UPDATING",CREATING:"CREATING",DELETING:"DELETING"},Re.PAYLOAD_TYPE="string",Re.REGION="eu-west-1",Re.API_VERSION="2013-12-02",Re.KINESIS_URL="https://kinesis.eu-west-1.amazonaws.com",Object.defineProperty(xe,"__esModule",{value:!0}),xe.WebStandardKinesis=void 0;const Me=Re;async function De(e){await new Promise((t=>{setTimeout(t,e)}))}function je(e){const t={};return e.forEach(((e,i)=>{t[i]=e})),t}xe.WebStandardKinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e;const{kinesisStreamName:i,kinesisAccessKey:a,kinesisSecretKey:n,maxLogAgeSeconds:s,logBatchSize:o,rampUpBatchSize:r,maxAwaitTimePerIngestCallMs:c}=t;if(void 0===a)throw new Error("kinesisAccessKey is required for kinesis ingest");if(void 0===n)throw new Error("kinesisSecretKey is required for kinesis ingest");this.kinesisStreamName=i,this.kinesisAccessKey=a,this.kinesisSecretKey=n,this.maxAwaitTimePerIngestCallMs=c,void 0!==s&&s<this.maxLogAgeSeconds&&s>0&&(this.maxLogAgeSeconds=s),void 0!==o&&(this.maxLogBatchSize=o),this.logBatchSize=!0===r?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=new this.deps.AwsClient({accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey}),i=await this.signRequest(t,{streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);await this.deps.makeRequest({headers:je(i.headers),host:Me.KINESIS_URL,method:"POST",path:"/",body:i.body}),this.logBatchSize!==this.maxLogBatchSize&&(this.logBatchSize=Math.min(this.maxLogBatchSize,2*this.logBatchSize))}catch(t){this.logCache.push(...e),console.error(t)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push(De(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=De(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}batchArrayForKinesis(e,t){const i=[];for(let a=0;a<e.length;a+=t){const n=e.slice(a,a+t);i.push({Data:this.deps.Buffer.from(JSON.stringify(n)).toString("base64"),PartitionKey:Date.now().toString()})}return i}async signRequest(e,t,i,a){const n={Records:this.batchArrayForKinesis(i,a),PartitionKey:Date.now().toString(),StreamName:t.streamName};return await e.sign(Me.KINESIS_URL,{body:JSON.stringify(n),method:"POST",headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"}})}},function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.WebStandardKinesis=void 0;var t=xe;Object.defineProperty(e,"WebStandardKinesis",{enumerable:!0,get:function(){return t.WebStandardKinesis}})}(Pe);var He={};function Le(e,t){let i=null;if("number"==typeof e)i=e;else if("string"==typeof e){const t=parseFloat(e);isNaN(t)||(i=t)}if(null===i){if("number"!=typeof t.defaultValue)return t.defaultValue;i=t.defaultValue}return void 0!==t.minValue&&(i=Math.max(t.minValue,i)),void 0!==t.maxValue&&(i=Math.min(t.maxValue,i)),i}Object.defineProperty(He,"__esModule",{value:!0}),He.parseIntOrDefault=He.parseNumberOrDefault=void 0,He.parseNumberOrDefault=Le,He.parseIntOrDefault=function(e,t){const i=Le(e,t);return"number"==typeof i?Math.floor(i):i};var Ue=ne&&ne.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,n)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),qe=ne&&ne.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),Fe=ne&&ne.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&Ue(t,e,i);return qe(t,e),t};Object.defineProperty(se,"__esModule",{value:!0});var $e=se.parsing=Ve=se.ingest=se.headers=se.webcrypto=void 0;se.webcrypto=Fe(oe),se.headers=Fe(ge);var Ve=se.ingest=Fe(Pe);$e=se.parsing=Fe(He);const{configureCookiesDomain:Ge}=S.cookie.attributes;class Be{mitataCookieExpirySeconds;apiKey;secretKey;mitigationServiceUrl;ingestServiceUrl;kinesisConfigArgs;timeout;mitigationServiceTimeoutMs;captchaSiteKey;captchaSecretKey;ingestType;mitigationType;encryptedCookies=[];netaceaCookieName;netaceaCaptchaCookieName;cookieEncryptionKey;enableDynamicCaptchaContentType=!1;netaceaCaptchaPath;captchaHeader;netaceaCookieAttributes;netaceaCaptchaCookieAttributes;constructor(e){if(null===e.apiKey||void 0===e.apiKey)throw new Error("apiKey is a required parameter");if(this.apiKey=e.apiKey,null===e.secretKey||void 0===e.secretKey)throw new Error("secretKey is a required parameter");this.secretKey=e.secretKey;const{mitigationServiceUrl:t="https://mitigations.netacea.net"}=e;var i;this.mitigationServiceUrl=t.endsWith("/")?t.slice(0,-1):t,this.ingestServiceUrl=e.ingestServiceUrl??"https://ingest.netacea.net",this.mitigationType=e.mitigationType??exports.NetaceaMitigationType.INGEST,this.ingestType=e.ingestType??exports.NetaceaIngestType.KINESIS,this.kinesisConfigArgs=e.kinesis,void 0===e.captchaSiteKey&&void 0===e.captchaSecretKey||(this.captchaSiteKey=e.captchaSiteKey,this.captchaSecretKey=e.captchaSecretKey),this.timeout=(i=e.timeout??3e3)<=0?p:i,this.mitigationServiceTimeoutMs=$e.parseIntOrDefault(e.mitigationServiceTimeoutMs,{defaultValue:1e3,minValue:100,maxValue:1e4}),this.netaceaCookieName=e.netaceaCookieName??"_mitata",this.netaceaCaptchaCookieName=e.netaceaCaptchaCookieName??"_mitatacaptcha";const{cookieAttributes:a,captchaCookieAttributes:n}=Ge(e.netaceaCookieAttributes,e.netaceaCaptchaCookieAttributes);var s,o;this.netaceaCookieAttributes=a??"",this.netaceaCaptchaCookieAttributes=n??"",this.encryptedCookies=[this.netaceaCookieName,this.netaceaCaptchaCookieName],this.mitataCookieExpirySeconds=(s=this.mitigationType,void 0===(o=e.netaceaCookieExpirySeconds??e.mitataCookieExpirySeconds)?s===exports.NetaceaMitigationType.INGEST?3600:60:o),this.cookieEncryptionKey=e.cookieEncryptionKey,this.netaceaCaptchaPath=function(e){if(Boolean(e)&&"string"==typeof e)return e.startsWith("/")?e:`/${e}`}(e.netaceaCaptchaPath),void 0!==this.netaceaCaptchaPath&&(this.enableDynamicCaptchaContentType="boolean"==typeof e.enableDynamicCaptchaContentType?e.enableDynamicCaptchaContentType:"true"===e.enableDynamicCaptchaContentType),this.captchaHeader=e.captchaHeader}}class We{config;kinesis;requestAnalyser;workerInstanceId;constructor(i){this.config=new Be(i),this.config.ingestType===exports.NetaceaIngestType.KINESIS&&(void 0===this.config.kinesisConfigArgs?console.warn(`NETACEA WARN: no kinesis args provided, when ingestType is ${this.config.ingestType}`):this.kinesis=new Ve.WebStandardKinesis({deps:{AwsClient:e.AwsClient,Buffer:t.Buffer,makeRequest:this.makeRequest.bind(this)},kinesisIngestArgs:{...this.config.kinesisConfigArgs,apiKey:this.config.apiKey}})),this.requestAnalyser=new ie({cookieEncryptionKey:this.config.cookieEncryptionKey,encryptedCookies:this.config.encryptedCookies,mitigationType:this.config.mitigationType,secretKey:this.config.secretKey,sessionCookieName:this.config.netaceaCookieName,captchaCookieName:this.config.netaceaCaptchaCookieName}),this.workerInstanceId=""}async run(e,t){""===this.workerInstanceId&&(this.workerInstanceId=u.v4());const i=new Request(e.request),a=await this.requestAnalyser.getNetaceaRequestDetails(i);let n=await async function(e,t){const i=new Promise(((e,i)=>{const a=Date.now();setTimeout((()=>{const t=Date.now()-a;e(t)}),t)}));return await Promise.race([e,i])}(this.runMitigation(i,a),this.config.mitigationServiceTimeoutMs);return"number"==typeof n&&(n={sessionStatus:"error_open",apiCallLatency:n}),await this.handleResponse(i,n,t)}async inject(e,t){const i=await this.getMitigationResponse(e,t);return{injectHeaders:i.injectHeaders,sessionStatus:i.sessionStatus,setCookie:i.setCookie,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}async mitigate(e,t){const i=await this.getMitigationResponse(e,t);if(i.mitigated){const a=new Headers;if(!await B(t.url,e.method,this.config.netaceaCaptchaPath))for(const e of i.setCookie)a.append("set-cookie",e);let n="Forbidden";return"captcha"===i.mitigation&&(void 0!==this.config.captchaHeader&&a.append(this.config.captchaHeader.name,this.config.captchaHeader.value),a.append("content-type","text/html; charset=UTF-8"),n=i.body),{response:new Response(n,{status:403,statusText:"Forbidden",headers:a}),setCookie:i.setCookie,sessionStatus:i.sessionStatus,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}if(W(t.url,e.method)){const e=new Headers;for(const t of i.setCookie)e.append("set-cookie",t);return{response:new Response(i.body,{status:200,statusText:"OK",headers:e}),setCookie:i.setCookie,sessionStatus:i.sessionStatus,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}return{setCookie:i.setCookie,sessionStatus:i.sessionStatus,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}async getNetaceaSession(e,t){const i=(void 0!==t?await this.getNetaceaCookieFromResponse(t):void 0)??await this.getNetaceaCookieFromRequest(e),{protectorCheckCodes:a,userId:n}=H(i??"")??{userId:"",protectorCheckCodes:{match:"0",mitigate:"0",captcha:"0"}},{sessionStatus:s}=ee(this.config.mitigationType,a,W(new URL(e.url),e.method));return{userId:n,sessionStatus:s,netaceaCookie:i}}getResponseDetails(e){return e instanceof Response?{rawResponse:e}:{rawResponse:e.response,mitigationLatency:e.protectorLatencyMs,mitigationStatus:e.protectorStatus,sessionStatus:e.sessionStatus}}async ingest(e,t){""===this.workerInstanceId&&(this.workerInstanceId=u.v4());const i=this.getResponseDetails(t),{netaceaCookie:a}=await this.getNetaceaSession(e,i.rawResponse),n=await this.requestAnalyser.getNetaceaRequestDetails(e);await this.callIngest({bytesSent:X(i.rawResponse.headers,"content-length","0"),cookieFingerprint:n.fingerprints.cookieFingerprint,headerFingerprint:n.fingerprints.headerFingerprint,integrationMode:this.config.mitigationType,integrationType:C.replace("@netacea/",""),integrationVersion:k,ip:n.clientIp,method:e.method,mitataCookie:a,mitigationLatency:i.mitigationLatency,mitigationStatus:i.mitigationStatus,netaceaCookieStatus:n.sessionDetails.sessionCookieStatus,path:new URL(e.url).pathname,protocol:null,referer:X(e.headers,"referer"),requestHost:new URL(e.url).hostname,requestTime:"0",sessionStatus:i.sessionStatus??n.sessionDetails.sessionStatus,status:i.rawResponse.status.toString(),timeUnixMsUTC:Date.now(),userAgent:X(e.headers,"user-agent","-"),workerInstanceId:this.workerInstanceId,xForwardedFor:X(e.headers,"x-forwarded-for")})}async handleGetCaptchaRequest(e,t,i){if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");const a=await this.makeMitigateAPICall(e,t,!0,i);return{body:a.body,apiCallStatus:a.status,apiCallLatency:a.latency,setCookie:[],sessionStatus:"",mitigation:"captcha",mitigated:!0}}async makeRequest({host:e,method:t,path:i,headers:a,body:n}){const s=`${e}${i}`,o=new Request(s,{...{method:t,body:n,headers:a},duplex:"half"}),r=await I(s,o),c={};return r.headers.forEach(((e,t)=>{null!==e&&(c[t]=e)})),{status:r.status,body:await r.text(),headers:c}}async handleResponse(e,t,i){if(this.config.mitigationType===exports.NetaceaMitigationType.MITIGATE&&void 0!==t?.response)return{sessionStatus:t?.sessionStatus??"",response:t.response,protectorLatencyMs:t?.apiCallLatency,protectorStatus:t?.apiCallStatus};if(this.config.mitigationType===exports.NetaceaMitigationType.INJECT&&(e=function(e,t){if(void 0===t.injectHeaders)return e;const i=new Headers(e.headers);for(const[e,a]of Object.entries(t.injectHeaders))i.set(e,a);return new Request(e,{headers:i})}(e,t)),this.config.ingestType===exports.NetaceaIngestType.ORIGIN){const{sessionStatus:i,userId:a}=await this.getNetaceaSession(e,t);!function(e,t,i){e.headers.set("x-netacea-integration-type",C.replace("@netacea/","")),e.headers.set("x-netacea-integration-version",k),e.headers.set("x-netacea-userid",i),e.headers.set("x-netacea-bc-type",t)}(e,i,a)}const a=await i(e);return{sessionStatus:t?.sessionStatus??"",response:z(a,t),protectorLatencyMs:t?.apiCallLatency,protectorStatus:t?.apiCallStatus}}async getMitigationResponse(e,t){const i=this.config.enableDynamicCaptchaContentType?G(e.headers.get("Accept")??void 0):G();return await this.processMitigateRequest({getBodyFn:async()=>await Promise.resolve(e.body)??void 0,requestDetails:t,captchaPageContentType:i})}async runMitigation(e,t){try{switch(this.config.mitigationType){case exports.NetaceaMitigationType.MITIGATE:return await this.mitigate(e,t);case exports.NetaceaMitigationType.INJECT:return await this.inject(e,t);case exports.NetaceaMitigationType.INGEST:return await this.processIngest(t);default:throw new Error(`Netacea Error: Mitigation type ${String(this.config.mitigationType)} not recognised`)}}catch(i){let a,n;i instanceof Error&&console.error("Netacea FAILOPEN Error:",i,i.stack),i instanceof J&&(n=i.latencyMs,a=i.protectorApiResponse?.status);return{response:W(t.url,e.method)?new Response("",{status:500,statusText:"Internal Server Error",headers:{}}):void 0,injectHeaders:{"x-netacea-captcha":"0","x-netacea-match":"0","x-netacea-mitigate":"0"},sessionStatus:"error_open",apiCallLatency:n,apiCallStatus:a}}}async readCookie(e,t){if(null==t)return;if("string"==typeof t)return await this.readCookie(e,t.split(";"));const i=`${e}=`;for(const a of t){const t=a.split(";")[0].trimStart();if(t.startsWith(i)){const a=t.slice(i.length);if(void 0!==this.config.cookieEncryptionKey&&this.config.encryptedCookies.includes(e))try{return await V(a,this.config.cookieEncryptionKey)}catch(e){return}return a}}}async getNetaceaCookieFromResponse(e){if(void 0===e)return;const t=e instanceof Response?e.headers.getSetCookie():e.setCookie;if(void 0!==t){const e=`${this.config.netaceaCookieName}=`;for(const i of t)if(i.startsWith(e))return await this.readCookie(this.config.netaceaCookieName,i)}}async getNetaceaCookieFromRequest(e){const t=X(e.headers,"cookie");return await this.readCookie(this.config.netaceaCookieName,t)??""}async callIngest(e){const t=Z(e);if(this.config.ingestType===exports.NetaceaIngestType.KINESIS){if(void 0===this.kinesis)return void console.error("Netacea Error: Unable to log as Kinesis has not been defined.");try{await this.kinesis.ingest({...t,apiKey:this.config.apiKey})}catch(e){console.error("NETACEA Error: ",e.message)}}else{const e={"X-Netacea-API-Key":this.config.apiKey,"content-type":"application/json"},i=await this.makeIngestApiCall(e,t);if(200!==i.status)throw function(e){let t="Unknown error";switch(e.status){case 403:t="Invalid credentials";break;case 500:t="Server error";break;case 502:t="Bad Gateway";break;case 503:t="Service Unavailable";break;case 400:t="Invalid request"}return new Error(`Error reaching Netacea API (${t}), status: ${e.status}`)}(i)}}async makeIngestApiCall(e,t){return await this.makeRequest({host:this.config.ingestServiceUrl,method:"POST",path:"/",headers:e,body:JSON.stringify(t),timeout:this.config.timeout})}async check(e,t){let i,a,n,s,o,r,c,u;if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");if([F.NEW_SESSION,F.RENEW_SESSION].includes(e.sessionDetails.sessionCookieStatus)){const p=e.sessionDetails.userId,h=await this.makeMitigateAPICall(e,t,!1,null);i=h.status,a=h.match,n=h.mitigate,s=h.captcha,o=h.body,u=h.latency,r=[await this.createMitata(e.clientIp,p,a,n,s,h.mitataMaxAge)],c=h.eventId}else{const t=e.sessionDetails.sessionCookieDetails?.protectorCheckCodes;a=t?.match??"0",n=t?.mitigate??"0",s=t?.captcha??"0",o=void 0,r=[]}const p={match:a,mitigate:n,captcha:s};return this.composeResult(o,r,i,p,!1,u,c)}async createMitata(e,t,i,a,n,s=86400,o=void 0){const r=["1","3","5"].includes(n)||"3"===a?-60:this.config.mitataCookieExpirySeconds,c=o??Math.floor(Date.now()/1e3)+r;if(void 0===this.config.secretKey)throw new Error("Cannot build cookie without secret key.");const u=[i,a,n].join("");let p=await async function(e,t,i,a,n="000"){const s=[i,t,await q(e+"|"+String(i),a),n].join(M);return`${await q(s,a)}${M}${s}`}(e,t,c,this.config.secretKey,u);return void 0!==this.config.cookieEncryptionKey&&this.config.encryptedCookies.includes(this.config.netaceaCookieName)&&(p=await $(p,this.config.cookieEncryptionKey)),S.cookie.netaceaSession.createNetaceaSetCookieString({cookieName:this.config.netaceaCookieName,cookieValue:p,otherAttributes:this.config.netaceaCookieAttributes})}async processCaptcha(e,t){const{status:i,match:a,mitigate:n,captcha:s,body:o,setCookie:r,latency:c}=await this.makeCaptchaAPICall(e,t),u={match:a,mitigate:n,captcha:s};return this.composeResult(o,r,i,u,!0,c)}async getMitataCaptchaFromHeaders(e){let t=e[A];const i=parseInt(e[_]);if(void 0!==t)return void 0!==this.config.cookieEncryptionKey&&this.config.encryptedCookies.includes(this.config.netaceaCaptchaCookieName)&&(t=await $(t,this.config.cookieEncryptionKey)),S.cookie.netaceaSession.createNetaceaCaptchaSetCookieString({cookieName:this.config.netaceaCaptchaCookieName,cookieValue:t,maxAgeAttribute:String(i),otherAttributes:this.config.netaceaCaptchaCookieAttributes})}async makeCaptchaAPICall(e,t){const i={"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.clientIp,"user-agent":e.userAgent,"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8"},a=e.sessionDetails.userId;e.sessionDetails.sessionCookieStatus!==F.NEW_SESSION&&(i["X-Netacea-UserId"]=a),void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(i["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,i["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey);const n=new URLSearchParams;n.append("headerFP",e.fingerprints.headerFingerprint);const s=Date.now(),o=await this.makeRequest({host:this.config.mitigationServiceUrl,path:`/AtaVerifyCaptcha?${n.toString()}`,headers:i,method:"POST",body:t,timeout:this.config.mitigationServiceTimeoutMs}),r=Date.now()-s;return await this.getApiCallResponseFromResponse(o,e,r)}async getApiCallResponseFromResponse(e,t,i){if(200!==e.status)throw new J(e,i);const a=e.headers[E],n=e.headers[v],s=e.headers[T];let o=parseInt(e.headers[N]);isNaN(o)&&(o=86400);const r=t.sessionDetails.userId,c=[await this.createMitata(t.clientIp,r,a,n,s,o),await this.getMitataCaptchaFromHeaders(e.headers)].filter((e=>void 0!==e)),u=e.headers[b];if("application/json"===e.headers["content-type"]?.toLowerCase()){if(void 0===this.config.netaceaCaptchaPath)throw new Error("netaceaCaptchaPath and URL must be defined to handle JSON captcha");e.body=await async function(e,t,i){const a=e.length>0?JSON.parse(e).trackingId:void 0,{hostname:n}=new URL(i);return t.length<2||void 0===a?"":JSON.stringify({captchaRelativeURL:`${t}?trackingId=${a}`,captchaAbsoluteURL:`https://${n}${t}?trackingId=${a}`})}(e.body??"",this.config.netaceaCaptchaPath,t.url.toString())}return{status:e.status,match:a,mitigate:n,captcha:s,setCookie:c,body:e.body,eventId:u,mitataMaxAge:o,latency:i}}async makeMitigateAPICall(e,t,i,a){const n={"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.clientIp,"user-agent":e.userAgent,cookie:Y({_mitatacaptcha:e.sessionDetails.captchaToken})};e.sessionDetails.sessionCookieStatus!==F.NEW_SESSION&&(n["X-Netacea-UserId"]=e.sessionDetails.userId),void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(n["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,n["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey),n["X-Netacea-Captcha-Content-Type"]=t;let s="/";const o=new URLSearchParams;o.append("headerFP",e.fingerprints.headerFingerprint),i&&(s="/captcha",null!==a&&o.append("trackingId",a));const r=Date.now(),c=await this.makeRequest({host:this.config.mitigationServiceUrl,path:`${s}?${o.toString()}`,headers:n,method:"GET",timeout:this.config.mitigationServiceTimeoutMs}),u=Date.now()-r;return await this.getApiCallResponseFromResponse(c,e,u)}composeResult(e,t,i,a,n,s,o){const r=ee(this.config.mitigationType,a,n),c={body:e,apiCallStatus:i,apiCallLatency:s,setCookie:t,sessionStatus:r.sessionStatus,mitigation:r.mitigation,mitigated:[w.block,w.captcha].includes(r.mitigation)};if(this.config.mitigationType===exports.NetaceaMitigationType.INJECT){const e={"x-netacea-match":r.parts.match.toString(),"x-netacea-mitigate":r.parts.mitigate.toString(),"x-netacea-captcha":r.parts.captcha.toString()};void 0!==o&&(e["x-netacea-event-id"]=o),c.injectHeaders=e}return c}async processMitigateRequest(e){if(await B(e.requestDetails.url,e.requestDetails.method,this.config.netaceaCaptchaPath)){const t=await async function(e){try{const{searchParams:t}=e;return t.get("trackingId")}catch(e){return null}}(e.requestDetails.url);return await this.handleGetCaptchaRequest(e.requestDetails,e.captchaPageContentType,t)}if(W(e.requestDetails.url,e.requestDetails.method)){const t=await e.getBodyFn()??"";return await this.processCaptcha(e.requestDetails,t)}return await this.check(e.requestDetails,e.captchaPageContentType)}async setIngestOnlyMitataCookie(e){return{sessionStatus:"",setCookie:[await this.createMitata("ignored",e,"0","0","0",86400)]}}async processIngest(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required for ingest");const t=e.sessionDetails.sessionCookieStatus,i=t===F.NEW_SESSION,a=t===F.RENEW_SESSION;return i||a?await this.setIngestOnlyMitataCookie(e.sessionDetails.userId):{sessionStatus:"",setCookie:[]}}}const ze=e=>$e.parseIntOrDefault(e,{defaultValue:void 0});function Xe(e){return Object.fromEntries(Object.entries(e).filter((([e,t])=>void 0!==t)))}function Ye(e,t,i){if("string"==typeof i)return e[`${t}_${i}`];for(const a of i){const i=Ye(e,t,a);if(void 0!==i)return i}}function Je(e,t){const i=Ye(e,t,"CAPTCHA_HEADER_NAME"),a=Ye(e,t,"CAPTCHA_HEADER_VALUE");if(void 0!==i&&void 0!==a)return{name:i,value:a}}function Ze(e,t){const i=Ye(e,t,"KINESIS_STREAM_NAME"),a=Ye(e,t,"KINESIS_ACCESS_KEY"),n=Ye(e,t,"KINESIS_SECRET_KEY"),s=Xe({logBatchSize:ze(Ye(e,t,"KINESIS_LOG_BATCH_SIZE")),maxLogAgeSeconds:ze(Ye(e,t,"KINESIS_MAX_LOG_AGE_SECONDS"))});if(void 0!==i&&void 0!==a&&void 0!==n)return{kinesisStreamName:i,kinesisAccessKey:a,kinesisSecretKey:n,...s}}exports.NetaceaVercelIntegration=We,exports.default=We,exports.getNetaceaArgsFromEnv=function(e,t="NETACEA"){return Xe({apiKey:Ye(e,t,"API_KEY"),secretKey:Ye(e,t,"SECRET_KEY"),captchaSiteKey:Ye(e,t,"CAPTCHA_SITE_KEY"),captchaSecretKey:Ye(e,t,"CAPTCHA_SECRET_KEY"),timeout:ze(Ye(e,t,"TIMEOUT")),ingestServiceUrl:Ye(e,t,"INGEST_SERVICE_URL"),mitigationServiceUrl:Ye(e,t,["PROTECTOR_API_URL","MITIGATION_SERVICE_URL"]),mitigationType:Ye(e,t,["PROTECTION_MODE","MITIGATION_TYPE"]),ingestType:Ye(e,t,"INGEST_TYPE"),kinesis:Ze(e,t),mitataCookieExpirySeconds:ze(Ye(e,t,"MITATA_COOKIE_EXPIRY_SECONDS")),netaceaCookieExpirySeconds:ze(Ye(e,t,"COOKIE_EXPIRY_SECONDS")),netaceaCookieName:Ye(e,t,"COOKIE_NAME"),netaceaCaptchaCookieName:Ye(e,t,"CAPTCHA_COOKIE_NAME"),cookieEncryptionKey:Ye(e,t,"COOKIE_ENCRYPTION_KEY"),enableDynamicCaptchaContentType:Ye(e,t,"ENABLE_DYNAMIC_CAPTCHA_CONTENT_TYPE"),netaceaCaptchaPath:Ye(e,t,"CAPTCHA_PATH"),captchaHeader:Je(e,t),netaceaCookieAttributes:Ye(e,t,"COOKIE_ATTRIBUTES"),netaceaCaptchaCookieAttributes:Ye(e,t,"CAPTCHA_COOKIE_ATTRIBUTES"),mitigationServiceTimeoutMs:Ye(e,t,"MITIGATION_SERVICE_TIMEOUT_MS")})};
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("aws4fetch"),t=require("buffer/"),i=require("jose"),a=require("uuid");function s(e){var t=Object.create(null);return e&&Object.keys(e).forEach((function(i){if("default"!==i){var a=Object.getOwnPropertyDescriptor(e,i);Object.defineProperty(t,i,a.get?a:{enumerable:!0,get:function(){return e[i]}})}})),t.default=e,Object.freeze(t)}var n,o,r,c=s(i),u=s(a);exports.NetaceaIngestType=void 0,(n=exports.NetaceaIngestType||(exports.NetaceaIngestType={})).ORIGIN="ORIGIN",n.HTTP="HTTP",n.KINESIS="KINESIS",n.NATIVE="NATIVE",exports.NetaceaMitigationType=void 0,(o=exports.NetaceaMitigationType||(exports.NetaceaMitigationType={})).MITIGATE="MITIGATE",o.INJECT="INJECT",o.INGEST="INGEST",function(e){e.CAPTCHA_GET="captcha_get",e.CAPTCHA_POST="captcha_post",e.EXPIRED_SESSION="expired_session",e.FORCED_REVALIDATION="forced_revalidation",e.INVALID_SESSION="invalid_session",e.IP_CHANGE="ip_change",e.NO_SESSION="no_session"}(r||(r={}));const h=3e3;function p(e,t){const i=e.split(";").map((e=>e.trim())).filter((e=>e.toLowerCase().startsWith(t.toLowerCase())))[0];return void 0!==i&&i.length>0?i?.replace(`${t}=`,""):void 0}function d(e,t=!1){return"string"!=typeof e&&(e=e.join("; ")),""===e?"":l(e.split(";"),t).join("; ")}function l(e,t=!1){if(t)return l(e.reverse()).reverse();const i=new Set,a=[];for(let t of e){if(t=t.trimStart(),""===t.trim())continue;const e=t.split("=")[0].toUpperCase();i.has(e)||(i.add(e),a.push(t))}return a}var g=Object.freeze({__proto__:null,configureCookiesDomain:function(e,t){let i=e=d(e??"",!0),a=t=d(t??"",!0);if(void 0!==e&&void 0!==t){const s=p(e,"Domain"),n=p(t,"Domain");void 0!==s&&void 0!==n?a=t.replace(n,s):void 0!==s&&void 0===n?a=t+(""!==t?`; Domain=${s}`:`Domain=${s}`):void 0===s&&void 0!==n&&(i=e+(""!==e?`; Domain=${n}`:`Domain=${n}`))}else if(void 0!==e&&void 0===t){const t=p(e,"Domain");void 0!==t&&(a=`Domain=${t}`)}else if(void 0===e&&void 0!==t){const e=p(t,"Domain");void 0!==e&&(i=`Domain=${e}`)}return{cookieAttributes:""!==i?i:void 0,captchaCookieAttributes:""!==a?a:void 0}},extractAndRemoveCookieAttr:function(e,t){const i=p(e,t);if(void 0!==i){return{extractedAttribute:i,cookieAttributes:e.replace(/ /g,"").replace(`${t}=${i}`,"").split(";").filter((e=>e.length>0)).join("; ")}}return{extractedAttribute:void 0,cookieAttributes:e}},extractCookieAttr:p,removeDuplicateAttrs:d});function f(e){const t=d([e.otherAttributes??"",`Max-Age=${e.maxAgeAttribute??86400}`,"Path=/"].join("; "));return`${e.cookieName}=${e.cookieValue}; ${t}`}var y=Object.freeze({__proto__:null,createNetaceaCaptchaSetCookieString:function(e){return f({...e,cookieName:e.cookieName??"_mitatacaptcha"})},createNetaceaSetCookieString:function(e){return f({...e,cookieName:e.cookieName??"_mitata"})},createSetCookieString:f});var m=Object.freeze({__proto__:null,parseSetCookie:function(e){const t=e.indexOf("=");if(t<0)throw new Error("Could not parse the given set-cookie value.");const i=e.slice(0,t),a=e.slice(t+1),s=a.indexOf(";");return{name:i,value:a.slice(0,s),attributes:a.slice(s).trimStart()}}});const S={cookie:{parse:m,attributes:g,netaceaSession:y}};var C="@netacea/vercel",k="0.1.9";const I=globalThis.fetch.bind(globalThis),w={none:"",block:"block",captcha:"captcha",allow:"allow",captchaPass:"captchapass"},v="x-netacea-match",E="x-netacea-mitigate",N="x-netacea-captcha",A="x-netacea-mitata-expiry",T="x-netacea-mitatacaptcha-value",_="x-netacea-mitatacaptcha-expiry",b="x-netacea-event-id",O={0:"",1:"ua_",2:"ip_",3:"visitor_",4:"datacenter_",5:"sev_",6:"organisation_",7:"asn_",8:"country_",9:"combination_",b:"headerFP_"},K={0:"",1:"blocked",2:"allow",3:"hardblocked",4:"block"},x={0:"",1:"captcha_serve",2:"captcha_pass",3:"captcha_fail",4:"captcha_cookiepass",5:"captcha_cookiefail"},P={0:w.none,1:w.block,2:w.none,3:w.block,4:w.block},M={1:w.captcha,2:w.captchaPass,3:w.captcha,4:w.allow,5:w.captcha},R="_/@#/",D="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".split(""),H=/^(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(([a-zA-Z\d])(\d)(\d))$/;function j(e){if(void 0===e)return;const t=e.match(H);if(null!=t){const[,e,i,a,s,n,o,r,c]=t;return{signature:e,expiry:i,userId:a,ipHash:s,mitigationType:n,protectorCheckCodes:{match:o,mitigate:r,captcha:c}}}}function L(e=16,t=D){const i=new Uint16Array(e-1);crypto.getRandomValues(i);return`c${Array.from(i).map((e=>t[e%t.length])).join("")}`}async function F(e,t){const i=await async function(e){return await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:"SHA-256"},!1,["sign","verify"])}(function(e){return"string"==typeof e?(new TextEncoder).encode(e):e}(t));return new Uint8Array(await crypto.subtle.sign("HMAC",i,e))}async function q(e,i){const a=await F(t.Buffer.from(e),i),s=t.Buffer.from(a).toString("hex");return t.Buffer.from(s).toString("base64")}var U;async function $(e,t){const i=c.base64url.decode(t),a=(new TextEncoder).encode(e);return await new c.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(i)}async function B(e,t){const i=c.base64url.decode(t),{plaintext:a}=await c.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM"]});return(new TextDecoder).decode(a)}function V(e){if(void 0===e)return"text/html";const t=e.toLowerCase(),i=t.includes("application/html")||t.includes("text/html"),a=t.includes("application/json");return!i&&a?"application/json":"text/html"}async function G(e,t,i){if(void 0===i||""===i)return!1;i.startsWith("/")||(i="/"+i);const{pathname:a,search:s}=e;return a.includes(i)&&s.includes("trackingId")&&"get"===t.toLowerCase()}function z(e,t){return"/AtaVerifyCaptcha"===e.pathname&&"post"===t.toLowerCase()}function W(e,t){if(void 0===t)return e;const i=e.headers.get("set-cookie")??"",a=new Headers(e.headers);if(void 0!==t.setCookie)for(const e of t.setCookie)i.includes(e.split("=")[0])||a.append("set-cookie",e);return new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})}function X(e,t,i=""){return e.get(t)??i}function Y(e){let t="",i="";for(const a in e){const s=e[a];void 0!==s&&(t=`${t}${i}${a}=${s}`,i="; ")}return t}!function(e){e[e.NEW_SESSION=1]="NEW_SESSION",e[e.EXISTING_SESSION=2]="EXISTING_SESSION",e[e.RENEW_SESSION=3]="RENEW_SESSION"}(U||(U={}));class J extends Error{protectorApiResponse;latencyMs;constructor(e,t){super(`Got status ${e.status} when calling protector API with ${t}ms latency.`),this.protectorApiResponse=e,this.latencyMs=t}}function Z(e){return e.bytesSent=""===e.bytesSent?"0":e.bytesSent,function({bytesSent:e,cookieFingerprint:t,headerFingerprint:i,integrationMode:a,integrationType:s,integrationVersion:n,ip:o,method:r,mitataCookie:c,mitigationLatency:u,mitigationStatus:h,netaceaCookieStatus:p,path:d,referer:l,requestHost:g,requestTime:f,sessionStatus:y,status:m,timeUnixMsUTC:S,userAgent:C,workerInstanceId:k,xForwardedFor:I,ipHeader:w}){return{Request:`${r} ${d}`,TimeLocal:new Date(S??Date.now()).toUTCString(),TimeUnixMsUTC:S,RealIp:o,UserAgent:C,Status:m,RequestTime:f?.toString(),BytesSent:e?.toString(),Referer:""===l?"-":l,NetaceaUserIdCookie:c??"",NetaceaMitigationApplied:y??"",ProtectorLatencyMs:u,ProtectorStatus:h,IntegrationType:s??"",IntegrationVersion:n??"",ProtectionMode:a??"",RequestHost:g,XForwardedFor:I,IpHeader:w,WorkerInstanceId:k,NetaceaUserIdCookieStatus:p,optional:{headerFingerprint:i,cookieFingerprint:t}}}(e)}const Q="unknown";function ee(e,t,i){let{match:a,mitigate:s,captcha:n}=t;i||("2"===n?n="4":"3"===n&&(n="5"));let o=O[a]??Q+"_";o+=K[s]??Q;let r=P[s];if("0"!==n){o+=","+(x[n]??Q);const e=M[n];void 0!==e&&(r=e)}return e===exports.NetaceaMitigationType.INJECT&&(r=w.none),{sessionStatus:o,mitigation:r,parts:{match:a,mitigate:s,captcha:n}}}async function te(e){let t="";try{t=await async function(e,t){const i=(new TextEncoder).encode(t),a=await crypto.subtle.digest(e,i);return Array.from(new Uint8Array(a)).map((e=>e.toString(16).padStart(2,"0"))).join("")}("SHA-256",e)}catch(e){t=""}return t}class ie{config;constructor(e){this.config=e}async getNetaceaRequestDetails(e){const t=new URL(e.url),i=e.method,a=await this.readCookie(e,this.config.sessionCookieName),s=await this.readCookie(e,this.config.captchaCookieName),n=e.headers.get("x-forwarded-for")??void 0;let o,r=n?.split(/, ?/)[0]??"";void 0!==this.config.ipHeaderName&&(o=e.headers.get(this.config.ipHeaderName)??void 0,r=o??r);const{sessionCookieDetails:c,sessionCookieStatus:u,sessionStatus:h,userId:p}=await async function(e,t,i,a,s){const n=await async function(e,t,i){const a={userId:void 0,requiresReissue:!1,isExpired:!1,shouldExpire:!1,isSameIP:!1,isPrimaryHashValid:!1,protectorCheckCodes:{captcha:"0",match:"0",mitigate:"0"}};if("string"!=typeof e||""===e)return a;const s=j(e);if(void 0!==s){const e=[s.expiry,s.userId,s.ipHash,s.mitigationType].join(R),a=Math.floor(Date.now()/1e3),n=parseInt(s.expiry)<a,o=["1","3","5"].includes(s.protectorCheckCodes.captcha),r="3"===s.protectorCheckCodes.mitigate,c=o||r,u=await q(t+"|"+s.expiry,i),h=s.ipHash===u,p=s.signature===await q(e,i);return{userId:s.userId,requiresReissue:n||!h,isExpired:n,shouldExpire:c,isSameIP:h,isPrimaryHashValid:p,protectorCheckCodes:s.protectorCheckCodes}}return a}(a,s,e.secretKey);if(void 0!==n.userId&&n.isPrimaryHashValid){const a=n.userId,{isExpired:s,shouldExpire:o,isSameIP:r}=n,c=s||o||!r&&e.mitigationType!==exports.NetaceaMitigationType.INGEST?U.RENEW_SESSION:U.EXISTING_SESSION,{sessionStatus:u}=ee(e.mitigationType,n.protectorCheckCodes,z(t,i));return{userId:a,sessionCookieStatus:c,sessionStatus:u,sessionCookieDetails:n}}return{sessionStatus:"",userId:L(),sessionCookieStatus:U.NEW_SESSION,sessionCookieDetails:void 0}}(this.config,t,i,a,r),d={sessionStatus:h,captchaToken:s,sessionCookieDetails:c,sessionCookieStatus:u,userId:p};return{clientIp:r,fingerprints:await ae(e),ipHeader:void 0!==o?`${this.config.ipHeaderName}: ${o}`:void 0,method:i,protocol:void 0,sessionDetails:d,url:t,userAgent:e.headers.get("user-agent")??"",xForwardedForHeaderValue:n}}async readCookie(e,t){const i=e.headers.get("Cookie");if(null==i)return;const a=i.split(/; ?/g),s=`${t}=`;for(const e of a)if(e.startsWith(s)){const i=e.slice(s.length),a=this.config.encryptedCookies??[];if(void 0!==this.config.cookieEncryptionKey&&a.includes(t))try{return await B(i,this.config.cookieEncryptionKey)}catch(e){return}return i}}}async function ae(e){const{headers:t}=e,i=await async function(e){const t=function(e){const t=[];return e.forEach(((e,i)=>{const a=i.toLowerCase();"cookie"===a||"referer"===a||a.startsWith("x-netacea-")||t.push(i)})),t.join(",")}(e);return await te(t)}(t),a=function(e,t){return e.get(t)?.split(/; ?/)??[]}(t,"cookie").map((e=>e.split("=")[0])).flat(),s=await async function(e){const t=e.join(",");return await te(t)}(a);return{headerFingerprint:""===i?i:`h_${i.substring(1,15)}`,cookieFingerprint:""===s?s:`c_${s.substring(1,15)}`}}var se="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},ne={},oe={},re={},ce=se&&se.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),ue=se&&se.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),he=se&&se.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&ce(t,e,i);return ue(t,e),t};Object.defineProperty(re,"__esModule",{value:!0}),re.isJweEncrypted=re.decrypt=re.encrypt=void 0;const pe=he(i);re.encrypt=async function(e,t){const i=pe.base64url.decode(t),a=(new TextEncoder).encode(e);return await new pe.CompactEncrypt(a).setProtectedHeader({alg:"dir",enc:"A128CBC-HS256"}).encrypt(i)},re.decrypt=async function(e,t){const i=pe.base64url.decode(t),{plaintext:a}=await pe.compactDecrypt(e,i,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM","A128CBC-HS256"]});return(new TextDecoder).decode(a)},re.isJweEncrypted=function(e){return 5===e.split(".").length&&e.includes("..")};var de=se&&se.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),le=se&&se.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),ge=se&&se.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&de(t,e,i);return le(t,e),t};Object.defineProperty(oe,"__esModule",{value:!0}),oe.jwe=void 0,oe.jwe=ge(re);var fe={},ye={};function me(e,t){for(const i of Object.keys(e)){if("cookie"!==i&&"Cookie"!==i)continue;const a=e[i]??"",s=Ce("string"==typeof a?a:a.join("; "),t);if(void 0!==s)return s}}function Se(e,t){const i=[];for(const a of Object.keys(e)){if("cookie"!==a&&"Cookie"!==a)continue;const s=e[a]??"",n="string"==typeof s?s:s.join("; ");i.push(...ke(n,t))}return i}function Ce(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).find((e=>e.startsWith(i)))}function ke(e,t){const i=t+"=";return e.split(";").map((e=>e.trimStart())).filter((e=>e.startsWith(i)))}Object.defineProperty(ye,"__esModule",{value:!0}),ye.findAllInCookieString=ye.findFirstInCookieString=ye.findAllInHeaders=ye.findFirstInHeaders=ye.findOnlyValueInHeaders=ye.findAllValuesInHeaders=ye.findFirstValueInHeaders=void 0,ye.findFirstValueInHeaders=function(e,t){const i=me(e,t);if(void 0!==i)return i.slice(t.length+1)},ye.findAllValuesInHeaders=function(e,t){return Se(e,t).map((e=>e.slice(t.length+1)))},ye.findOnlyValueInHeaders=function(e,t){const i=Se(e,t);if(i.length>1)throw new Error(`Found more than one cookie with name ${t}`);return i[0]?.slice(t.length+1)},ye.findFirstInHeaders=me,ye.findAllInHeaders=Se,ye.findFirstInCookieString=Ce,ye.findAllInCookieString=ke;var Ie={};function we(e){return"set-cookie"===e||"Set-Cookie"===e}function ve(e,t){const i=t+"=";return e.startsWith(i)}function Ee(e,t){const i=e[t]??[];return"string"==typeof i?[i]:i}function Ne(e,t){for(const i of Object.keys(e)){if(!we(i))continue;const a=Ae(Ee(e,i),t);if(void 0!==a)return a}}function Ae(e,t){return e.map((e=>e.trimStart())).find((e=>ve(e,t)))}function Te(e,t){const i=[];for(const a of Object.keys(e)){if(!we(a))continue;const s=Ee(e,a);i.push(..._e(s,t))}return i}function _e(e,t){return e.map((e=>e.trimStart())).filter((e=>ve(e,t)))}Object.defineProperty(Ie,"__esModule",{value:!0}),Ie.findAllInSetCookieStrings=Ie.findAllInHeaders=Ie.findFirstInSetCookieStrings=Ie.findFirstInHeaders=Ie.findOnlyValueInHeaders=Ie.findFirstValueInHeaders=void 0,Ie.findFirstValueInHeaders=function(e,t){const i=Ne(e,t);return i?.slice(t.length+1)?.split(";")[0]},Ie.findOnlyValueInHeaders=function(e,t){const i=Te(e,t);if(i.length>1)throw new Error(`Found more than one set-cookie with name ${t}`);return i[0]?.slice(t.length+1)?.split(";")[0]},Ie.findFirstInHeaders=Ne,Ie.findFirstInSetCookieStrings=Ae,Ie.findAllInHeaders=Te,Ie.findAllInSetCookieStrings=_e;var be=se&&se.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),Oe=se&&se.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),Ke=se&&se.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&be(t,e,i);return Oe(t,e),t};Object.defineProperty(fe,"__esModule",{value:!0}),fe.setCookie=fe.cookie=void 0,fe.cookie=Ke(ye),fe.setCookie=Ke(Ie);var xe={},Pe={},Me={};Object.defineProperty(Me,"__esModule",{value:!0}),Me.KINESIS_URL=Me.API_VERSION=Me.REGION=Me.PAYLOAD_TYPE=Me.STATE=void 0,Me.STATE={ACTIVE:"ACTIVE",UPDATING:"UPDATING",CREATING:"CREATING",DELETING:"DELETING"},Me.PAYLOAD_TYPE="string",Me.REGION="eu-west-1",Me.API_VERSION="2013-12-02",Me.KINESIS_URL="https://kinesis.eu-west-1.amazonaws.com",Object.defineProperty(Pe,"__esModule",{value:!0}),Pe.WebStandardKinesis=void 0;const Re=Me;async function De(e){await new Promise((t=>{setTimeout(t,e)}))}function He(e){const t={};return e.forEach(((e,i)=>{t[i]=e})),t}Pe.WebStandardKinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e;const{kinesisStreamName:i,kinesisAccessKey:a,kinesisSecretKey:s,maxLogAgeSeconds:n,logBatchSize:o,rampUpBatchSize:r,maxAwaitTimePerIngestCallMs:c}=t;if(void 0===a)throw new Error("kinesisAccessKey is required for kinesis ingest");if(void 0===s)throw new Error("kinesisSecretKey is required for kinesis ingest");this.kinesisStreamName=i,this.kinesisAccessKey=a,this.kinesisSecretKey=s,this.maxAwaitTimePerIngestCallMs=c,void 0!==n&&n<this.maxLogAgeSeconds&&n>0&&(this.maxLogAgeSeconds=n),void 0!==o&&(this.maxLogBatchSize=o),this.logBatchSize=!0===r?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=new this.deps.AwsClient({accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey}),i=await this.signRequest(t,{streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);await this.deps.makeRequest({headers:He(i.headers),host:Re.KINESIS_URL,method:"POST",path:"/",body:i.body}),this.logBatchSize!==this.maxLogBatchSize&&(this.logBatchSize=Math.min(this.maxLogBatchSize,2*this.logBatchSize))}catch(t){this.logCache.push(...e),console.error(t)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push(De(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=De(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}batchArrayForKinesis(e,t){const i=[];for(let a=0;a<e.length;a+=t){const s=e.slice(a,a+t);i.push({Data:this.deps.Buffer.from(JSON.stringify(s)).toString("base64"),PartitionKey:Date.now().toString()})}return i}async signRequest(e,t,i,a){const s={Records:this.batchArrayForKinesis(i,a),PartitionKey:Date.now().toString(),StreamName:t.streamName};return await e.sign(Re.KINESIS_URL,{body:JSON.stringify(s),method:"POST",headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"}})}};var je={};Object.defineProperty(je,"__esModule",{value:!0}),je.Kinesis=void 0;const Le=Me;async function Fe(e){await new Promise((t=>{setTimeout(t,e)}))}je.Kinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e;const{kinesisStreamName:i,kinesisAccessKey:a,kinesisSecretKey:s,maxLogAgeSeconds:n,logBatchSize:o,rampUpBatchSize:r,maxAwaitTimePerIngestCallMs:c}=t;this.kinesisStreamName=i,this.kinesisAccessKey=a,this.kinesisSecretKey=s,this.maxAwaitTimePerIngestCallMs=c,void 0!==n&&n<this.maxLogAgeSeconds&&n>0&&(this.maxLogAgeSeconds=n),void 0!==o&&(this.maxLogBatchSize=o),this.logBatchSize=!0===r?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=this.signRequest({streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);if("POST"!==t.method)throw new Error(`Unexpected method. Expected POST but got ${t.method}`);await this.deps.makeRequest({headers:t.headers??{},host:`https://${t.hostname}`,method:t.method,path:t.path??"/",body:t.body}),this.logBatchSize!==this.maxLogBatchSize&&(this.logBatchSize=Math.min(this.maxLogBatchSize,2*this.logBatchSize))}catch(t){this.logCache.push(...e),console.error(t)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push(Fe(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=Fe(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}signRequest(e,t,i){const{accessKeyId:a,secretAccessKey:s}=e,n={Records:this.batchArrayForKinesis(t,i),PartitionKey:Date.now().toString(),StreamName:e.streamName};return this.deps.aws4.sign({service:"kinesis",body:JSON.stringify(n),headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"},region:Le.REGION},{accessKeyId:a,secretAccessKey:s})}batchArrayForKinesis(e,t){const i=[];for(let a=0;a<e.length;a+=t){const s=e.slice(a,a+t);i.push({Data:this.deps.Buffer.from(JSON.stringify(s)).toString("base64"),PartitionKey:Date.now().toString()})}return i}},function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.Kinesis=e.WebStandardKinesis=void 0;var t=Pe;Object.defineProperty(e,"WebStandardKinesis",{enumerable:!0,get:function(){return t.WebStandardKinesis}});var i=je;Object.defineProperty(e,"Kinesis",{enumerable:!0,get:function(){return i.Kinesis}})}(xe);var qe={};function Ue(e,t){let i=null;if("number"==typeof e)i=e;else if("string"==typeof e){const t=parseFloat(e);isNaN(t)||(i=t)}if(null===i){if("number"!=typeof t.defaultValue)return t.defaultValue;i=t.defaultValue}return void 0!==t.minValue&&(i=Math.max(t.minValue,i)),void 0!==t.maxValue&&(i=Math.min(t.maxValue,i)),i}Object.defineProperty(qe,"__esModule",{value:!0}),qe.parseIntOrDefault=qe.parseNumberOrDefault=void 0,qe.parseNumberOrDefault=Ue,qe.parseIntOrDefault=function(e,t){const i=Ue(e,t);return"number"==typeof i?Math.floor(i):i};var $e=se&&se.__createBinding||(Object.create?function(e,t,i,a){void 0===a&&(a=i);var s=Object.getOwnPropertyDescriptor(t,i);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,a,s)}:function(e,t,i,a){void 0===a&&(a=i),e[a]=t[i]}),Be=se&&se.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),Ve=se&&se.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var i in e)"default"!==i&&Object.prototype.hasOwnProperty.call(e,i)&&$e(t,e,i);return Be(t,e),t};Object.defineProperty(ne,"__esModule",{value:!0});var Ge=ne.parsing=ze=ne.ingest=ne.headers=ne.webcrypto=void 0;ne.webcrypto=Ve(oe),ne.headers=Ve(fe);var ze=ne.ingest=Ve(xe);Ge=ne.parsing=Ve(qe);const{configureCookiesDomain:We}=S.cookie.attributes;class Xe{apiKey;captchaHeader;captchaSecretKey;captchaSiteKey;cookieEncryptionKey;enableDynamicCaptchaContentType=!1;encryptedCookies=[];ingestServiceUrl;ingestType;ipHeaderName;kinesisConfigArgs;mitataCookieExpirySeconds;mitigationServiceTimeoutMs;mitigationServiceUrl;mitigationType;netaceaCaptchaCookieAttributes;netaceaCaptchaCookieName;netaceaCaptchaPath;netaceaCookieAttributes;netaceaCookieName;secretKey;timeout;constructor(e){if(null===e.apiKey||void 0===e.apiKey)throw new Error("apiKey is a required parameter");if(this.apiKey=e.apiKey,null===e.secretKey||void 0===e.secretKey)throw new Error("secretKey is a required parameter");this.secretKey=e.secretKey;const{mitigationServiceUrl:t="https://mitigations.netacea.net"}=e;var i;this.mitigationServiceUrl=t.endsWith("/")?t.slice(0,-1):t,this.ingestServiceUrl=e.ingestServiceUrl??"https://ingest.netacea.net",this.mitigationType=e.mitigationType??exports.NetaceaMitigationType.INGEST,this.ingestType=e.ingestType??exports.NetaceaIngestType.KINESIS,this.kinesisConfigArgs=e.kinesis,void 0===e.captchaSiteKey&&void 0===e.captchaSecretKey||(this.captchaSiteKey=e.captchaSiteKey,this.captchaSecretKey=e.captchaSecretKey),this.timeout=(i=e.timeout??3e3)<=0?h:i,this.mitigationServiceTimeoutMs=Ge.parseIntOrDefault(e.mitigationServiceTimeoutMs,{defaultValue:1e3,minValue:100,maxValue:1e4}),this.netaceaCookieName=e.netaceaCookieName??"_mitata",this.netaceaCaptchaCookieName=e.netaceaCaptchaCookieName??"_mitatacaptcha";const{cookieAttributes:a,captchaCookieAttributes:s}=We(e.netaceaCookieAttributes,e.netaceaCaptchaCookieAttributes);var n,o;this.netaceaCookieAttributes=a??"",this.netaceaCaptchaCookieAttributes=s??"",this.encryptedCookies=[this.netaceaCookieName,this.netaceaCaptchaCookieName],this.mitataCookieExpirySeconds=(n=this.mitigationType,void 0===(o=e.netaceaCookieExpirySeconds??e.mitataCookieExpirySeconds)?n===exports.NetaceaMitigationType.INGEST?3600:60:o),this.cookieEncryptionKey=e.cookieEncryptionKey,this.netaceaCaptchaPath=function(e){if(Boolean(e)&&"string"==typeof e)return e.startsWith("/")?e:`/${e}`}(e.netaceaCaptchaPath),void 0!==this.netaceaCaptchaPath&&(this.enableDynamicCaptchaContentType="boolean"==typeof e.enableDynamicCaptchaContentType?e.enableDynamicCaptchaContentType:"true"===e.enableDynamicCaptchaContentType),this.captchaHeader=e.captchaHeader,this.ipHeaderName=e.ipHeaderName}}class Ye{config;kinesis;requestAnalyser;workerInstanceId;constructor(i){this.config=new Xe(i),this.config.ingestType===exports.NetaceaIngestType.KINESIS&&(void 0===this.config.kinesisConfigArgs?console.warn(`NETACEA WARN: no kinesis args provided, when ingestType is ${this.config.ingestType}`):this.kinesis=new ze.WebStandardKinesis({deps:{AwsClient:e.AwsClient,Buffer:t.Buffer,makeRequest:this.makeRequest.bind(this)},kinesisIngestArgs:{...this.config.kinesisConfigArgs,apiKey:this.config.apiKey}})),this.requestAnalyser=new ie({cookieEncryptionKey:this.config.cookieEncryptionKey,encryptedCookies:this.config.encryptedCookies,mitigationType:this.config.mitigationType,secretKey:this.config.secretKey,sessionCookieName:this.config.netaceaCookieName,captchaCookieName:this.config.netaceaCaptchaCookieName,ipHeaderName:this.config.ipHeaderName}),this.workerInstanceId=""}async run(e,t){""===this.workerInstanceId&&(this.workerInstanceId=u.v4());const i=new Request(e.request),a=await this.requestAnalyser.getNetaceaRequestDetails(i);let s=await async function(e,t){const i=new Promise(((e,i)=>{const a=Date.now();setTimeout((()=>{const t=Date.now()-a;e(t)}),t)}));return await Promise.race([e,i])}(this.runMitigation(i,a),this.config.mitigationServiceTimeoutMs);return"number"==typeof s&&(s={sessionStatus:"error_open",apiCallLatency:s}),await this.handleResponse(i,s,t)}async inject(e,t){const i=await this.getMitigationResponse(e,t);return{injectHeaders:i.injectHeaders,sessionStatus:i.sessionStatus,setCookie:i.setCookie,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}async mitigate(e,t){const i=await this.getMitigationResponse(e,t);if(i.mitigated){const a=new Headers;if(!await G(t.url,e.method,this.config.netaceaCaptchaPath))for(const e of i.setCookie)a.append("set-cookie",e);let s="Forbidden";return"captcha"===i.mitigation&&(void 0!==this.config.captchaHeader&&a.append(this.config.captchaHeader.name,this.config.captchaHeader.value),a.append("content-type","text/html; charset=UTF-8"),s=i.body),{response:new Response(s,{status:403,statusText:"Forbidden",headers:a}),setCookie:i.setCookie,sessionStatus:i.sessionStatus,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}if(z(t.url,e.method)){const e=new Headers;for(const t of i.setCookie)e.append("set-cookie",t);return{response:new Response(i.body,{status:200,statusText:"OK",headers:e}),setCookie:i.setCookie,sessionStatus:i.sessionStatus,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}return{setCookie:i.setCookie,sessionStatus:i.sessionStatus,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}async getNetaceaSession(e,t){const i=(void 0!==t?await this.getNetaceaCookieFromResponse(t):void 0)??await this.getNetaceaCookieFromRequest(e),{protectorCheckCodes:a,userId:s}=j(i??"")??{userId:"",protectorCheckCodes:{match:"0",mitigate:"0",captcha:"0"}},{sessionStatus:n}=ee(this.config.mitigationType,a,z(new URL(e.url),e.method));return{userId:s,sessionStatus:n,netaceaCookie:i}}getResponseDetails(e){return e instanceof Response?{rawResponse:e}:{rawResponse:e.response,mitigationLatency:e.protectorLatencyMs,mitigationStatus:e.protectorStatus,sessionStatus:e.sessionStatus}}async ingest(e,t){""===this.workerInstanceId&&(this.workerInstanceId=u.v4());const i=this.getResponseDetails(t),{netaceaCookie:a}=await this.getNetaceaSession(e,i.rawResponse),s=await this.requestAnalyser.getNetaceaRequestDetails(e);await this.callIngest({bytesSent:X(i.rawResponse.headers,"content-length","0"),cookieFingerprint:s.fingerprints.cookieFingerprint,headerFingerprint:s.fingerprints.headerFingerprint,integrationMode:this.config.mitigationType,integrationType:C.replace("@netacea/",""),integrationVersion:k,ip:s.clientIp,method:e.method,mitataCookie:a,mitigationLatency:i.mitigationLatency,mitigationStatus:i.mitigationStatus,netaceaCookieStatus:s.sessionDetails.sessionCookieStatus,path:new URL(e.url).pathname,protocol:null,referer:X(e.headers,"referer"),requestHost:new URL(e.url).hostname,requestTime:"0",sessionStatus:i.sessionStatus??s.sessionDetails.sessionStatus,status:i.rawResponse.status.toString(),timeUnixMsUTC:Date.now(),userAgent:X(e.headers,"user-agent","-"),workerInstanceId:this.workerInstanceId,xForwardedFor:s.xForwardedForHeaderValue,ipHeader:s.ipHeader})}async handleGetCaptchaRequest(e,t,i){if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");const a=await this.makeMitigateAPICall(e,t,!0,i);return{body:a.body,apiCallStatus:a.status,apiCallLatency:a.latency,setCookie:[],sessionStatus:"",mitigation:"captcha",mitigated:!0}}async makeRequest({host:e,method:t,path:i,headers:a,body:s}){const n=`${e}${i}`,o=new Request(n,{...{method:t,body:s,headers:a},duplex:"half"}),r=await I(n,o),c={};return r.headers.forEach(((e,t)=>{null!==e&&(c[t]=e)})),{status:r.status,body:await r.text(),headers:c}}async handleResponse(e,t,i){if(this.config.mitigationType===exports.NetaceaMitigationType.MITIGATE&&void 0!==t?.response)return{sessionStatus:t?.sessionStatus??"",response:t.response,protectorLatencyMs:t?.apiCallLatency,protectorStatus:t?.apiCallStatus};if(this.config.mitigationType===exports.NetaceaMitigationType.INJECT&&(e=function(e,t){if(void 0===t.injectHeaders)return e;const i=new Headers(e.headers);for(const[e,a]of Object.entries(t.injectHeaders))i.set(e,a);return new Request(e,{headers:i})}(e,t)),this.config.ingestType===exports.NetaceaIngestType.ORIGIN){const{sessionStatus:i,userId:a}=await this.getNetaceaSession(e,t);!function(e,t,i){e.headers.set("x-netacea-integration-type",C.replace("@netacea/","")),e.headers.set("x-netacea-integration-version",k),e.headers.set("x-netacea-userid",i),e.headers.set("x-netacea-bc-type",t)}(e,i,a)}const a=await i(e);return{sessionStatus:t?.sessionStatus??"",response:W(a,t),protectorLatencyMs:t?.apiCallLatency,protectorStatus:t?.apiCallStatus}}async getMitigationResponse(e,t){const i=this.config.enableDynamicCaptchaContentType?V(e.headers.get("Accept")??void 0):V();return await this.processMitigateRequest({getBodyFn:async()=>await Promise.resolve(e.body)??void 0,requestDetails:t,captchaPageContentType:i})}async runMitigation(e,t){try{switch(this.config.mitigationType){case exports.NetaceaMitigationType.MITIGATE:return await this.mitigate(e,t);case exports.NetaceaMitigationType.INJECT:return await this.inject(e,t);case exports.NetaceaMitigationType.INGEST:return await this.processIngest(t);default:throw new Error(`Netacea Error: Mitigation type ${String(this.config.mitigationType)} not recognised`)}}catch(i){let a,s;i instanceof Error&&console.error("Netacea FAILOPEN Error:",i,i.stack),i instanceof J&&(s=i.latencyMs,a=i.protectorApiResponse?.status);return{response:z(t.url,e.method)?new Response("",{status:500,statusText:"Internal Server Error",headers:{}}):void 0,injectHeaders:{"x-netacea-captcha":"0","x-netacea-match":"0","x-netacea-mitigate":"0"},sessionStatus:"error_open",apiCallLatency:s,apiCallStatus:a}}}async readCookie(e,t){if(null==t)return;if("string"==typeof t)return await this.readCookie(e,t.split(";"));const i=`${e}=`;for(const a of t){const t=a.split(";")[0].trimStart();if(t.startsWith(i)){const a=t.slice(i.length);if(void 0!==this.config.cookieEncryptionKey&&this.config.encryptedCookies.includes(e))try{return await B(a,this.config.cookieEncryptionKey)}catch(e){return}return a}}}async getNetaceaCookieFromResponse(e){if(void 0===e)return;const t=e instanceof Response?e.headers.getSetCookie():e.setCookie;if(void 0!==t){const e=`${this.config.netaceaCookieName}=`;for(const i of t)if(i.startsWith(e))return await this.readCookie(this.config.netaceaCookieName,i)}}async getNetaceaCookieFromRequest(e){const t=X(e.headers,"cookie");return await this.readCookie(this.config.netaceaCookieName,t)??""}async callIngest(e){const t=Z(e);if(this.config.ingestType===exports.NetaceaIngestType.KINESIS){if(void 0===this.kinesis)return void console.error("Netacea Error: Unable to log as Kinesis has not been defined.");try{await this.kinesis.ingest({...t,apiKey:this.config.apiKey})}catch(e){console.error("NETACEA Error: ",e.message)}}else{const e={"X-Netacea-API-Key":this.config.apiKey,"content-type":"application/json"},i=await this.makeIngestApiCall(e,t);if(200!==i.status)throw function(e){let t="Unknown error";switch(e.status){case 403:t="Invalid credentials";break;case 500:t="Server error";break;case 502:t="Bad Gateway";break;case 503:t="Service Unavailable";break;case 400:t="Invalid request"}return new Error(`Error reaching Netacea API (${t}), status: ${e.status}`)}(i)}}async makeIngestApiCall(e,t){return await this.makeRequest({host:this.config.ingestServiceUrl,method:"POST",path:"/",headers:e,body:JSON.stringify(t),timeout:this.config.timeout})}async check(e,t){let i,a,s,n,o,r,c,u;if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");if([U.NEW_SESSION,U.RENEW_SESSION].includes(e.sessionDetails.sessionCookieStatus)){const h=e.sessionDetails.userId,p=await this.makeMitigateAPICall(e,t,!1,null);i=p.status,a=p.match,s=p.mitigate,n=p.captcha,o=p.body,u=p.latency,r=[await this.createMitata(e.clientIp,h,a,s,n,p.mitataMaxAge)],c=p.eventId}else{const t=e.sessionDetails.sessionCookieDetails?.protectorCheckCodes;a=t?.match??"0",s=t?.mitigate??"0",n=t?.captcha??"0",o=void 0,r=[]}const h={match:a,mitigate:s,captcha:n};return this.composeResult(o,r,i,h,!1,u,c)}async createMitata(e,t,i,a,s,n=86400,o=void 0){const r=["1","3","5"].includes(s)||"3"===a?-60:this.config.mitataCookieExpirySeconds,c=o??Math.floor(Date.now()/1e3)+r;if(void 0===this.config.secretKey)throw new Error("Cannot build cookie without secret key.");const u=[i,a,s].join("");let h=await async function(e,t,i,a,s="000"){const n=[i,t,await q(e+"|"+String(i),a),s].join(R);return`${await q(n,a)}${R}${n}`}(e,t,c,this.config.secretKey,u);return void 0!==this.config.cookieEncryptionKey&&this.config.encryptedCookies.includes(this.config.netaceaCookieName)&&(h=await $(h,this.config.cookieEncryptionKey)),S.cookie.netaceaSession.createNetaceaSetCookieString({cookieName:this.config.netaceaCookieName,cookieValue:h,otherAttributes:this.config.netaceaCookieAttributes})}async processCaptcha(e,t){const{status:i,match:a,mitigate:s,captcha:n,body:o,setCookie:r,latency:c}=await this.makeCaptchaAPICall(e,t),u={match:a,mitigate:s,captcha:n};return this.composeResult(o,r,i,u,!0,c)}async getMitataCaptchaFromHeaders(e){let t=e[T];const i=parseInt(e[_]);if(void 0!==t)return void 0!==this.config.cookieEncryptionKey&&this.config.encryptedCookies.includes(this.config.netaceaCaptchaCookieName)&&(t=await $(t,this.config.cookieEncryptionKey)),S.cookie.netaceaSession.createNetaceaCaptchaSetCookieString({cookieName:this.config.netaceaCaptchaCookieName,cookieValue:t,maxAgeAttribute:String(i),otherAttributes:this.config.netaceaCaptchaCookieAttributes})}async makeCaptchaAPICall(e,t){const i={"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.clientIp,"user-agent":e.userAgent,"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8"},a=e.sessionDetails.userId;e.sessionDetails.sessionCookieStatus!==U.NEW_SESSION&&(i["X-Netacea-UserId"]=a),void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(i["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,i["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey);const s=new URLSearchParams;s.append("headerFP",e.fingerprints.headerFingerprint);const n=Date.now(),o=await this.makeRequest({host:this.config.mitigationServiceUrl,path:`/AtaVerifyCaptcha?${s.toString()}`,headers:i,method:"POST",body:t,timeout:this.config.mitigationServiceTimeoutMs}),r=Date.now()-n;return await this.getApiCallResponseFromResponse(o,e,r)}async getApiCallResponseFromResponse(e,t,i){if(200!==e.status)throw new J(e,i);const a=e.headers[v],s=e.headers[E],n=e.headers[N];let o=parseInt(e.headers[A]);isNaN(o)&&(o=86400);const r=t.sessionDetails.userId,c=[await this.createMitata(t.clientIp,r,a,s,n,o),await this.getMitataCaptchaFromHeaders(e.headers)].filter((e=>void 0!==e)),u=e.headers[b];if("application/json"===e.headers["content-type"]?.toLowerCase()){if(void 0===this.config.netaceaCaptchaPath)throw new Error("netaceaCaptchaPath and URL must be defined to handle JSON captcha");e.body=await async function(e,t,i){const a=e.length>0?JSON.parse(e).trackingId:void 0,{hostname:s}=new URL(i);return t.length<2||void 0===a?"":JSON.stringify({captchaRelativeURL:`${t}?trackingId=${a}`,captchaAbsoluteURL:`https://${s}${t}?trackingId=${a}`})}(e.body??"",this.config.netaceaCaptchaPath,t.url.toString())}return{status:e.status,match:a,mitigate:s,captcha:n,setCookie:c,body:e.body,eventId:u,mitataMaxAge:o,latency:i}}async makeMitigateAPICall(e,t,i,a){const s={"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.clientIp,"user-agent":e.userAgent,cookie:Y({_mitatacaptcha:e.sessionDetails.captchaToken})};e.sessionDetails.sessionCookieStatus!==U.NEW_SESSION&&(s["X-Netacea-UserId"]=e.sessionDetails.userId),void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(s["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,s["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey),s["X-Netacea-Captcha-Content-Type"]=t;let n="/";const o=new URLSearchParams;o.append("headerFP",e.fingerprints.headerFingerprint),i&&(n="/captcha",null!==a&&o.append("trackingId",a));const r=Date.now(),c=await this.makeRequest({host:this.config.mitigationServiceUrl,path:`${n}?${o.toString()}`,headers:s,method:"GET",timeout:this.config.mitigationServiceTimeoutMs}),u=Date.now()-r;return await this.getApiCallResponseFromResponse(c,e,u)}composeResult(e,t,i,a,s,n,o){const r=ee(this.config.mitigationType,a,s),c={body:e,apiCallStatus:i,apiCallLatency:n,setCookie:t,sessionStatus:r.sessionStatus,mitigation:r.mitigation,mitigated:[w.block,w.captcha].includes(r.mitigation)};if(this.config.mitigationType===exports.NetaceaMitigationType.INJECT){const e={"x-netacea-match":r.parts.match.toString(),"x-netacea-mitigate":r.parts.mitigate.toString(),"x-netacea-captcha":r.parts.captcha.toString()};void 0!==o&&(e["x-netacea-event-id"]=o),c.injectHeaders=e}return c}async processMitigateRequest(e){if(await G(e.requestDetails.url,e.requestDetails.method,this.config.netaceaCaptchaPath)){const t=await async function(e){try{const{searchParams:t}=e;return t.get("trackingId")}catch(e){return null}}(e.requestDetails.url);return await this.handleGetCaptchaRequest(e.requestDetails,e.captchaPageContentType,t)}if(z(e.requestDetails.url,e.requestDetails.method)){const t=await e.getBodyFn()??"";return await this.processCaptcha(e.requestDetails,t)}return await this.check(e.requestDetails,e.captchaPageContentType)}async setIngestOnlyMitataCookie(e){return{sessionStatus:"",setCookie:[await this.createMitata("ignored",e,"0","0","0",86400)]}}async processIngest(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required for ingest");const t=e.sessionDetails.sessionCookieStatus,i=t===U.NEW_SESSION,a=t===U.RENEW_SESSION;return i||a?await this.setIngestOnlyMitataCookie(e.sessionDetails.userId):{sessionStatus:"",setCookie:[]}}}const Je=e=>Ge.parseIntOrDefault(e,{defaultValue:void 0});function Ze(e){return Object.fromEntries(Object.entries(e).filter((([e,t])=>void 0!==t)))}function Qe(e,t,i){if("string"==typeof i)return e[`${t}_${i}`]?.trimEnd();for(const a of i){const i=Qe(e,t,a);if(void 0!==i)return i}}function et(e,t){const i=Qe(e,t,"CAPTCHA_HEADER_NAME"),a=Qe(e,t,"CAPTCHA_HEADER_VALUE");if(void 0!==i&&void 0!==a)return{name:i,value:a}}function tt(e,t){const i=Qe(e,t,"KINESIS_STREAM_NAME"),a=Qe(e,t,"KINESIS_ACCESS_KEY"),s=Qe(e,t,"KINESIS_SECRET_KEY"),n=Ze({logBatchSize:Je(Qe(e,t,"KINESIS_LOG_BATCH_SIZE")),maxLogAgeSeconds:Je(Qe(e,t,"KINESIS_MAX_LOG_AGE_SECONDS"))});if(void 0!==i&&void 0!==a&&void 0!==s)return{kinesisStreamName:i,kinesisAccessKey:a,kinesisSecretKey:s,...n}}exports.NetaceaVercelIntegration=Ye,exports.default=Ye,exports.getNetaceaArgsFromEnv=function(e,t="NETACEA"){return Ze({apiKey:Qe(e,t,"API_KEY"),captchaHeader:et(e,t),captchaSecretKey:Qe(e,t,"CAPTCHA_SECRET_KEY"),captchaSiteKey:Qe(e,t,"CAPTCHA_SITE_KEY"),cookieEncryptionKey:Qe(e,t,"COOKIE_ENCRYPTION_KEY"),enableDynamicCaptchaContentType:Qe(e,t,"ENABLE_DYNAMIC_CAPTCHA_CONTENT_TYPE"),ingestServiceUrl:Qe(e,t,"INGEST_SERVICE_URL"),ingestType:Qe(e,t,"INGEST_TYPE"),ipHeaderName:Qe(e,t,"IP_HEADER_NAME"),kinesis:tt(e,t),mitataCookieExpirySeconds:Je(Qe(e,t,"MITATA_COOKIE_EXPIRY_SECONDS")),mitigationServiceTimeoutMs:Qe(e,t,"MITIGATION_SERVICE_TIMEOUT_MS"),mitigationServiceUrl:Qe(e,t,["PROTECTOR_API_URL","MITIGATION_SERVICE_URL"]),mitigationType:Qe(e,t,["PROTECTION_MODE","MITIGATION_TYPE"]),netaceaCaptchaCookieAttributes:Qe(e,t,"CAPTCHA_COOKIE_ATTRIBUTES"),netaceaCaptchaCookieName:Qe(e,t,"CAPTCHA_COOKIE_NAME"),netaceaCaptchaPath:Qe(e,t,"CAPTCHA_PATH"),netaceaCookieAttributes:Qe(e,t,"COOKIE_ATTRIBUTES"),netaceaCookieExpirySeconds:Je(Qe(e,t,"COOKIE_EXPIRY_SECONDS")),netaceaCookieName:Qe(e,t,"COOKIE_NAME"),secretKey:Qe(e,t,"SECRET_KEY"),timeout:Je(Qe(e,t,"TIMEOUT"))})};
 //# sourceMappingURL=index.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@netacea/vercel",
-    "version": "0.1.7",
+    "version": "0.1.9",
     "description": "Netacea Vercel CDN Integration",
     "publishConfig": {
         "access": "public"
@@ -22,5 +22,5 @@
         "jose": "^4.11.2",
         "uuid": "^10.0.0"
     },
-    "gitHead": "9e1552fcc0ee2f9d69718f9e8955f79f253740f0"
+    "gitHead": "8b8209eb1d96b08c5a9d193aa1f7094836374da7"
 }