@prosopo/provider 2.5.3 → 2.7.0

package/dist/cjs/api/public.cjs

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const apiExpressRouter = require("@prosopo/api-express-router");
+const common = require("@prosopo/common");
+const types = require("@prosopo/types");
+const util = require("@prosopo/util");
+const express = require("express");
+const tasks = require("../tasks/tasks.cjs");
+function publicRouter(env) {
+  const router = express.Router();
+  const tasks$1 = new tasks.Tasks(env);
+  router.get(types.PublicApiPaths.GetProviderDetails, async (req, res, next) => {
+    try {
+      return res.json({ version: util.version, ...{ message: "Provider online" } });
+    } catch (err) {
+      req.logger.error({ err, params: req.params });
+      return next(
+        new common.ProsopoApiError("API.BAD_REQUEST", {
+          context: { code: 500 }
+        })
+      );
+    }
+  });
+  router.use(apiExpressRouter.handleErrors);
+  return router;
+}
+exports.publicRouter = publicRouter;

package/dist/cjs/api/requestLoggerMiddleware.cjs

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const common = require("@prosopo/common");
+const uuid = require("uuid");
+function requestLoggerMiddleware(env) {
+  return (req, res, next) => {
+    const requestId = req.headers["x-request-id"] || `e-${uuid.v4()}`;
+    const logger = common.getLogger(env.config.logLevel, "request-logger", requestId);
+    req.logger = logger;
+    req.requestId = requestId;
+    next();
+  };
+}
+exports.requestLoggerMiddleware = requestLoggerMiddleware;

package/dist/cjs/api/robotsMiddleware.cjs

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+function robotsMiddleware() {
+  return (_req, res, next) => {
+    res.setHeader("Strict-Transport-Security", "max-age=31536000;");
+    res.setHeader("X-XSS-Protection", "1; mode=block");
+    res.setHeader("X-Frame-Options", "DENY");
+    res.setHeader("X-Robots-Tag", "none");
+    next();
+  };
+}
+exports.robotsMiddleware = robotsMiddleware;

package/dist/cjs/api/validateAddress.cjs

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const address = require("@polkadot/util-crypto/address");
+const common = require("@prosopo/common");
+const validiateSiteKey = (siteKey, logger) => {
+  return validateAddr(siteKey, "API.INVALID_SITE_KEY", logger);
+};
+const validateAddr = (address$1, translationKey = "CONTRACT.INVALID_ADDRESS", logger) => {
+  try {
+    return address.validateAddress(address$1, false, 42);
+  } catch (err) {
+    throw new common.ProsopoApiError(translationKey, {
+      context: { code: 400, error: err, siteKey: address$1 },
+      logger
+    });
+  }
+};
+exports.validateAddr = validateAddr;
+exports.validiateSiteKey = validiateSiteKey;

package/dist/cjs/api/verify.cjs

@@ -0,0 +1,138 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const address = require("@polkadot/util-crypto/address");
+const apiExpressRouter = require("@prosopo/api-express-router");
+const common = require("@prosopo/common");
+const types = require("@prosopo/types");
+const express = require("express");
+const tasks = require("../tasks/tasks.cjs");
+const authMiddleware = require("./authMiddleware.cjs");
+function prosopoVerifyRouter(env) {
+  const router = express.Router();
+  const tasks$1 = new tasks.Tasks(env);
+  router.post(
+    types.ClientApiPaths.VerifyImageCaptchaSolutionDapp,
+    async (req, res, next) => {
+      let parsed;
+      try {
+        parsed = types.VerifySolutionBody.parse(req.body);
+      } catch (err) {
+        return next(
+          new common.ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+            context: { code: 400, error: err, body: req.body },
+            i18n: req.i18n,
+            logger: req.logger
+          })
+        );
+      }
+      const { dappSignature, token } = parsed;
+      try {
+        const { user, dapp, timestamp, commitmentId } = types.decodeProcaptchaOutput(token);
+        address.validateAddress(dapp, false, 42);
+        address.validateAddress(user, false, 42);
+        const clientRecord = await tasks$1.db.getClientRecord(dapp);
+        if (!clientRecord) {
+          return next(
+            new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+              context: { code: 400, siteKey: dapp, user },
+              i18n: req.i18n,
+              logger: req.logger
+            })
+          );
+        }
+        const keyPair = env.keyring.addFromAddress(dapp);
+        authMiddleware.verifySignature(dappSignature, timestamp.toString(), keyPair);
+        const response = await tasks$1.imgCaptchaManager.verifyImageCaptchaSolution(
+          user,
+          dapp,
+          commitmentId,
+          parsed.maxVerifiedTime
+        );
+        req.logger.debug(response);
+        const verificationResponse = tasks$1.imgCaptchaManager.getVerificationResponse(
+          response[types.ApiParams.verified],
+          clientRecord,
+          req.i18n.t,
+          response[types.ApiParams.score],
+          response[types.ApiParams.commitmentId]
+        );
+        res.json(verificationResponse);
+      } catch (err) {
+        req.logger.error({ err, body: req.body });
+        return next(
+          new common.ProsopoApiError("API.BAD_REQUEST", {
+            context: { code: 500, siteKey: req.body.dapp, user: req.body.user },
+            i18n: req.i18n,
+            logger: req.logger
+          })
+        );
+      }
+    }
+  );
+  router.post(
+    types.ClientApiPaths.VerifyPowCaptchaSolution,
+    async (req, res, next) => {
+      let parsed;
+      try {
+        parsed = types.ServerPowCaptchaVerifyRequestBody.parse(req.body);
+      } catch (err) {
+        return next(
+          new common.ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+            context: { code: 400, error: err, body: req.body },
+            i18n: req.i18n,
+            logger: req.logger
+          })
+        );
+      }
+      try {
+        const { token, dappSignature, verifiedTimeout } = parsed;
+        const { dapp, user, timestamp, challenge } = types.decodeProcaptchaOutput(token);
+        address.validateAddress(dapp, false, 42);
+        address.validateAddress(user, false, 42);
+        const clientRecord = await tasks$1.db.getClientRecord(dapp);
+        if (!clientRecord) {
+          return next(
+            new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+              context: { code: 400, siteKey: dapp },
+              i18n: req.i18n,
+              logger: req.logger
+            })
+          );
+        }
+        if (!challenge) {
+          const unverifiedResponse = {
+            status: req.i18n.t("API.USER_NOT_VERIFIED"),
+            [types.ApiParams.verified]: false
+          };
+          return res.json(unverifiedResponse);
+        }
+        const dappPair = env.keyring.addFromAddress(dapp);
+        authMiddleware.verifySignature(dappSignature, timestamp.toString(), dappPair);
+        const { verified, score } = await tasks$1.powCaptchaManager.serverVerifyPowCaptchaSolution(
+          dapp,
+          challenge,
+          verifiedTimeout
+        );
+        const verificationResponse = tasks$1.powCaptchaManager.getVerificationResponse(
+          verified,
+          clientRecord,
+          req.i18n.t,
+          score
+        );
+        return res.json(verificationResponse);
+      } catch (err) {
+        req.logger.error({ err, body: req.body });
+        return next(
+          new common.ProsopoApiError("API.BAD_REQUEST", {
+            context: { code: 500, error: err },
+            i18n: req.i18n,
+            logger: req.logger
+          })
+        );
+      }
+    }
+  );
+  router.use(apiExpressRouter.handleErrors);
+  return router;
+}
+exports.prosopoVerifyRouter = prosopoVerifyRouter;

package/dist/cjs/index.cjs

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+require("./tasks/index.cjs");
+const util = require("./util.cjs");
+const block = require("./api/block.cjs");
+const captcha = require("./api/captcha.cjs");
+const verify = require("./api/verify.cjs");
+const authMiddleware = require("./api/authMiddleware.cjs");
+const ja4Middleware = require("./api/ja4Middleware.cjs");
+const _public = require("./api/public.cjs");
+const domainMiddleware = require("./api/domainMiddleware.cjs");
+const captchaScheduler = require("./schedulers/captchaScheduler.cjs");
+const getClientList = require("./schedulers/getClientList.cjs");
+const headerCheckMiddleware = require("./api/headerCheckMiddleware.cjs");
+const createApiAdminRoutesProvider = require("./api/admin/createApiAdminRoutesProvider.cjs");
+const requestLoggerMiddleware = require("./api/requestLoggerMiddleware.cjs");
+const ignoreMiddleware = require("./api/ignoreMiddleware.cjs");
+const robotsMiddleware = require("./api/robotsMiddleware.cjs");
+const tasks = require("./tasks/tasks.cjs");
+exports.checkIfTaskIsRunning = util.checkIfTaskIsRunning;
+exports.encodeStringAddress = util.encodeStringAddress;
+exports.getIPAddress = util.getIPAddress;
+exports.shuffleArray = util.shuffleArray;
+exports.blockMiddleware = block.blockMiddleware;
+exports.prosopoRouter = captcha.prosopoRouter;
+exports.prosopoVerifyRouter = verify.prosopoVerifyRouter;
+exports.authMiddleware = authMiddleware.authMiddleware;
+exports.verifySignature = authMiddleware.verifySignature;
+exports.DEFAULT_JA4 = ja4Middleware.DEFAULT_JA4;
+exports.getJA4 = ja4Middleware.getJA4;
+exports.ja4Middleware = ja4Middleware.ja4Middleware;
+exports.publicRouter = _public.publicRouter;
+exports.domainMiddleware = domainMiddleware.domainMiddleware;
+exports.storeCaptchasExternally = captchaScheduler.storeCaptchasExternally;
+exports.getClientList = getClientList.getClientList;
+exports.headerCheckMiddleware = headerCheckMiddleware.headerCheckMiddleware;
+exports.createApiAdminRoutesProvider = createApiAdminRoutesProvider.createApiAdminRoutesProvider;
+exports.requestLoggerMiddleware = requestLoggerMiddleware.requestLoggerMiddleware;
+exports.ignoreMiddleware = ignoreMiddleware.ignoreMiddleware;
+exports.robotsMiddleware = robotsMiddleware.robotsMiddleware;
+exports.Tasks = tasks.Tasks;

package/dist/cjs/rules/lang.cjs

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const checkLangRules = (config, acceptLanguage) => {
+  const lConfig = config.lRules;
+  let lScore = 0;
+  if (lConfig) {
+    const languages = acceptLanguage.split(",").map((lang) => lang.trim().split(";")[0]);
+    for (const lang of languages) {
+      if (lang && lConfig[lang]) {
+        lScore += lConfig[lang];
+      }
+    }
+  }
+  return lScore;
+};
+exports.checkLangRules = checkLangRules;

package/dist/cjs/schedulers/captchaScheduler.cjs

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const env = require("@prosopo/env");
+const types = require("@prosopo/types");
+const cron = require("cron");
+const tasks = require("../tasks/tasks.cjs");
+const util = require("../util.cjs");
+async function storeCaptchasExternally(pair, cronSchedule, config) {
+  const env$1 = new env.ProviderEnvironment(config, pair);
+  await env$1.isReady();
+  const tasks$1 = new tasks.Tasks(env$1);
+  const job = new cron.CronJob(cronSchedule, async () => {
+    const taskRunning = await util.checkIfTaskIsRunning(
+      types.ScheduledTaskNames.StoreCommitmentsExternal,
+      env$1.getDb()
+    );
+    env$1.logger.info(
+      `${types.ScheduledTaskNames.StoreCommitmentsExternal} task running: ${taskRunning}`
+    );
+    if (!taskRunning) {
+      env$1.logger.info(
+        `${types.ScheduledTaskNames.StoreCommitmentsExternal} task....`
+      );
+      await tasks$1.clientTaskManager.storeCommitmentsExternal().catch((err) => {
+        env$1.logger.error(err);
+      });
+    }
+  });
+  job.start();
+}
+exports.storeCaptchasExternally = storeCaptchasExternally;

package/dist/cjs/schedulers/getClientList.cjs

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const env = require("@prosopo/env");
+const types = require("@prosopo/types");
+const cron = require("cron");
+const tasks = require("../tasks/tasks.cjs");
+const util = require("../util.cjs");
+async function getClientList(pair, cronSchedule, config) {
+  const env$1 = new env.ProviderEnvironment(config, pair);
+  await env$1.isReady();
+  const tasks$1 = new tasks.Tasks(env$1);
+  const job = new cron.CronJob(cronSchedule, async () => {
+    const taskRunning = await util.checkIfTaskIsRunning(
+      types.ScheduledTaskNames.GetClientList,
+      env$1.getDb()
+    );
+    env$1.logger.info(
+      `${types.ScheduledTaskNames.GetClientList} task running: ${taskRunning}`
+    );
+    if (!taskRunning) {
+      env$1.logger.info(`${types.ScheduledTaskNames.GetClientList} task....`);
+      await tasks$1.clientTaskManager.getClientList().catch((err) => {
+        env$1.logger.error(err);
+      });
+    }
+  });
+  job.start();
+}
+exports.getClientList = getClientList;

package/dist/cjs/tasks/captchaManager.cjs

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const common = require("@prosopo/common");
+const types = require("@prosopo/types");
+class CaptchaManager {
+  constructor(db, pair, logger) {
+    this.pair = pair;
+    this.db = db;
+    this.logger = logger || common.getLoggerDefault();
+  }
+  async getFrictionlessTokenIdFromSession(sessionRecord) {
+    const tokenRecord = await this.db.getFrictionlessTokenRecordByTokenId(
+      sessionRecord.tokenId
+    );
+    return tokenRecord ? tokenRecord._id : void 0;
+  }
+  async isValidRequest(clientSettings, captchaType, sessionId) {
+    this.logger.debug({
+      message: "Validating request",
+      captchaType,
+      sessionId
+    });
+    if (sessionId) {
+      if (clientSettings?.settings?.captchaType === types.CaptchaType.frictionless) {
+        const sessionRecord = await this.db.checkAndRemoveSession(sessionId);
+        if (!sessionRecord) {
+          this.logger.warn({
+            message: "No frictionless session found",
+            account: clientSettings.account,
+            sessionId
+          });
+          return {
+            valid: false,
+            reason: "CAPTCHA.NO_SESSION_FOUND",
+            type: captchaType
+          };
+        }
+        const frictionlessTokenId = await this.getFrictionlessTokenIdFromSession(sessionRecord);
+        return {
+          valid: true,
+          frictionlessTokenId,
+          type: captchaType
+        };
+      }
+      this.logger.warn({
+        message: "Invalid frictionless request",
+        account: clientSettings.account,
+        sessionId,
+        settingsCaptchaType: clientSettings?.settings?.captchaType
+      });
+      return {
+        valid: false,
+        reason: "API.INCORRECT_CAPTCHA_TYPE",
+        type: captchaType
+      };
+    }
+    if (clientSettings?.settings?.captchaType !== captchaType) {
+      this.logger.warn({
+        message: `Invalid ${captchaType} request`,
+        account: clientSettings.account,
+        requestedCaptchaType: captchaType,
+        settingsCaptchaType: clientSettings?.settings?.captchaType
+      });
+      return {
+        valid: false,
+        reason: "API.INCORRECT_CAPTCHA_TYPE",
+        type: captchaType
+      };
+    }
+    return { valid: true, type: captchaType };
+  }
+  getVerificationResponse(verified, clientRecord, translateFn, score) {
+    return {
+      status: translateFn(
+        verified ? "API.USER_VERIFIED" : "API.USER_NOT_VERIFIED"
+      ),
+      [types.ApiParams.verified]: verified,
+      ...CaptchaManager.canClientSeeScore(clientRecord.tier, score) && {
+        [types.ApiParams.score]: score
+      }
+    };
+  }
+  async getDetectorKeys() {
+    return await this.db.getDetectorKeys();
+  }
+  static canClientSeeScore(tier, score) {
+    return score && tier && tier !== types.Tier.Free;
+  }
+}
+exports.CaptchaManager = CaptchaManager;