@prosopo/provider 2.9.8 → 3.0.5

package/dist/cjs/api/public.cjs

@@ -5,15 +5,20 @@ const common = require("@prosopo/common");
 const types = require("@prosopo/types");
 const util = require("@prosopo/util");
 const express = require("express");
-const tasks = require("../tasks/tasks.cjs");
-function publicRouter(env) {
+function publicRouter() {
   const router = express.Router();
-  const tasks$1 = new tasks.Tasks(env);
+  router.get(types.PublicApiPaths.Healthz, (req, res) => {
+    res.status(200).send("OK");
+  });
   router.get(types.PublicApiPaths.GetProviderDetails, async (req, res, next) => {
     try {
       return res.json({ version: util.version, ...{ message: "Provider online" } });
     } catch (err) {
-      req.logger.error({ err, params: req.params });
+      req.logger.error(() => ({
+        err,
+        data: { reqParams: req.params },
+        msg: "Error getting provider details"
+      }));
       return next(
         new common.ProsopoApiError("API.BAD_REQUEST", {
           context: { code: 500 }

package/dist/cjs/api/validateAddress.cjs

@@ -1,19 +1,25 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const address = require("@polkadot/util-crypto/address");
 const common = require("@prosopo/common");
-const validiateSiteKey = (siteKey, logger) => {
+const utilCrypto = require("@prosopo/util-crypto");
+const validateSiteKey = (siteKey, logger) => {
   return validateAddr(siteKey, "API.INVALID_SITE_KEY", logger);
 };
-const validateAddr = (address$1, translationKey = "CONTRACT.INVALID_ADDRESS", logger) => {
+const validateAddr = (address, translationKey = "CONTRACT.INVALID_ADDRESS", logger) => {
   try {
-    return address.validateAddress(address$1, false, 42);
+    const valid = utilCrypto.validateAddress(address, false, 42);
+    if (!valid) {
+      throw new common.ProsopoApiError(translationKey, {
+        context: { code: 400, siteKey: address },
+        logger
+      });
+    }
   } catch (err) {
     throw new common.ProsopoApiError(translationKey, {
-      context: { code: 400, error: err, siteKey: address$1 },
+      context: { code: 400, siteKey: address },
       logger
     });
   }
 };
 exports.validateAddr = validateAddr;
-exports.validiateSiteKey = validiateSiteKey;
+exports.validateSiteKey = validateSiteKey;

package/dist/cjs/api/verify.cjs

@@ -1,18 +1,17 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const address = require("@polkadot/util-crypto/address");
 const apiExpressRouter = require("@prosopo/api-express-router");
 const common = require("@prosopo/common");
 const types = require("@prosopo/types");
+const utilCrypto = require("@prosopo/util-crypto");
 const express = require("express");
 const tasks = require("../tasks/tasks.cjs");
-const authMiddleware = require("./authMiddleware.cjs");
 function prosopoVerifyRouter(env) {
   const router = express.Router();
-  const tasks$1 = new tasks.Tasks(env);
   router.post(
     types.ClientApiPaths.VerifyImageCaptchaSolutionDapp,
     async (req, res, next) => {
+      const tasks$1 = new tasks.Tasks(env, req.logger);
       let parsed;
       try {
         parsed = types.VerifySolutionBody.parse(req.body);
@@ -28,8 +27,8 @@ function prosopoVerifyRouter(env) {
       const { dappSignature, token, ip } = parsed;
       try {
         const { user, dapp, timestamp, commitmentId } = types.decodeProcaptchaOutput(token);
-        address.validateAddress(dapp, false, 42);
-        address.validateAddress(user, false, 42);
+        utilCrypto.validateAddress(dapp, false, 42);
+        utilCrypto.validateAddress(user, false, 42);
         const clientRecord = await tasks$1.db.getClientRecord(dapp);
         if (!clientRecord) {
           return next(
@@ -41,7 +40,7 @@ function prosopoVerifyRouter(env) {
           );
         }
         const keyPair = env.keyring.addFromAddress(dapp);
-        authMiddleware.verifySignature(dappSignature, timestamp.toString(), keyPair);
+        apiExpressRouter.verifySignature(dappSignature, timestamp.toString(), keyPair);
         const response = await tasks$1.imgCaptchaManager.verifyImageCaptchaSolution(
           user,
           dapp,
@@ -49,7 +48,7 @@ function prosopoVerifyRouter(env) {
           parsed.maxVerifiedTime,
           ip
         );
-        req.logger.debug(response);
+        req.logger.debug(() => ({ data: { response } }));
         const verificationResponse = tasks$1.imgCaptchaManager.getVerificationResponse(
           response[types.ApiParams.verified],
           clientRecord,
@@ -59,7 +58,7 @@ function prosopoVerifyRouter(env) {
         );
         res.json(verificationResponse);
       } catch (err) {
-        req.logger.error({ err, body: req.body });
+        req.logger.error(() => ({ err, data: { body: req.body } }));
         return next(
           new common.ProsopoApiError("API.BAD_REQUEST", {
             context: { code: 500, siteKey: req.body.dapp, user: req.body.user },
@@ -73,6 +72,7 @@ function prosopoVerifyRouter(env) {
   router.post(
     types.ClientApiPaths.VerifyPowCaptchaSolution,
     async (req, res, next) => {
+      const tasks$1 = new tasks.Tasks(env, req.logger);
       let parsed;
       try {
         parsed = types.ServerPowCaptchaVerifyRequestBody.parse(req.body);
@@ -88,8 +88,8 @@ function prosopoVerifyRouter(env) {
       try {
         const { token, dappSignature, verifiedTimeout, ip } = parsed;
         const { dapp, user, timestamp, challenge } = types.decodeProcaptchaOutput(token);
-        address.validateAddress(dapp, false, 42);
-        address.validateAddress(user, false, 42);
+        utilCrypto.validateAddress(dapp, false, 42);
+        utilCrypto.validateAddress(user, false, 42);
         const clientRecord = await tasks$1.db.getClientRecord(dapp);
         if (!clientRecord) {
           return next(
@@ -108,7 +108,7 @@ function prosopoVerifyRouter(env) {
           return res.json(unverifiedResponse);
         }
         const dappPair = env.keyring.addFromAddress(dapp);
-        authMiddleware.verifySignature(dappSignature, timestamp.toString(), dappPair);
+        apiExpressRouter.verifySignature(dappSignature, timestamp.toString(), dappPair);
         const { verified, score } = await tasks$1.powCaptchaManager.serverVerifyPowCaptchaSolution(
           dapp,
           challenge,
@@ -123,7 +123,8 @@ function prosopoVerifyRouter(env) {
         );
         return res.json(verificationResponse);
       } catch (err) {
-        req.logger.error({ err, body: req.body });
+        console.error("\nError in verifyPowCaptchaSolution:", err);
+        req.logger.error(() => ({ err, data: { body: req.body } }));
         return next(
           new common.ProsopoApiError("API.BAD_REQUEST", {
             context: { code: 500, error: err },

package/dist/cjs/index.cjs

@@ -5,7 +5,6 @@ const util = require("./util.cjs");
 const block = require("./api/block.cjs");
 const captcha = require("./api/captcha.cjs");
 const verify = require("./api/verify.cjs");
-const authMiddleware = require("./api/authMiddleware.cjs");
 const ja4Middleware = require("./api/ja4Middleware.cjs");
 const _public = require("./api/public.cjs");
 const domainMiddleware = require("./api/domainMiddleware.cjs");
@@ -13,7 +12,6 @@ const captchaScheduler = require("./schedulers/captchaScheduler.cjs");
 const getClientList = require("./schedulers/getClientList.cjs");
 const headerCheckMiddleware = require("./api/headerCheckMiddleware.cjs");
 const createApiAdminRoutesProvider = require("./api/admin/createApiAdminRoutesProvider.cjs");
-const requestLoggerMiddleware = require("./api/requestLoggerMiddleware.cjs");
 const ignoreMiddleware = require("./api/ignoreMiddleware.cjs");
 const robotsMiddleware = require("./api/robotsMiddleware.cjs");
 const tasks = require("./tasks/tasks.cjs");
@@ -22,11 +20,10 @@ exports.encodeStringAddress = util.encodeStringAddress;
 exports.getIPAddress = util.getIPAddress;
 exports.getIPAddressFromBigInt = util.getIPAddressFromBigInt;
 exports.shuffleArray = util.shuffleArray;
+exports.validateIpAddress = util.validateIpAddress;
 exports.blockMiddleware = block.blockMiddleware;
 exports.prosopoRouter = captcha.prosopoRouter;
 exports.prosopoVerifyRouter = verify.prosopoVerifyRouter;
-exports.authMiddleware = authMiddleware.authMiddleware;
-exports.verifySignature = authMiddleware.verifySignature;
 exports.DEFAULT_JA4 = ja4Middleware.DEFAULT_JA4;
 exports.getJA4 = ja4Middleware.getJA4;
 exports.ja4Middleware = ja4Middleware.ja4Middleware;
@@ -36,7 +33,6 @@ exports.storeCaptchasExternally = captchaScheduler.storeCaptchasExternally;
 exports.getClientList = getClientList.getClientList;
 exports.headerCheckMiddleware = headerCheckMiddleware.headerCheckMiddleware;
 exports.createApiAdminRoutesProvider = createApiAdminRoutesProvider.createApiAdminRoutesProvider;
-exports.requestLoggerMiddleware = requestLoggerMiddleware.requestLoggerMiddleware;
 exports.ignoreMiddleware = ignoreMiddleware.ignoreMiddleware;
 exports.robotsMiddleware = robotsMiddleware.robotsMiddleware;
 exports.Tasks = tasks.Tasks;

package/dist/cjs/schedulers/captchaScheduler.cjs

@@ -14,15 +14,19 @@ async function storeCaptchasExternally(pair, cronSchedule, config) {
       types.ScheduledTaskNames.StoreCommitmentsExternal,
       env$1.getDb()
     );
-    env$1.logger.info(
-      `${types.ScheduledTaskNames.StoreCommitmentsExternal} task running: ${taskRunning}`
-    );
+    env$1.logger.info(() => ({
+      data: { taskRunning },
+      msg: `${types.ScheduledTaskNames.StoreCommitmentsExternal} task running: ${taskRunning}`
+    }));
     if (!taskRunning) {
-      env$1.logger.info(
-        `${types.ScheduledTaskNames.StoreCommitmentsExternal} task....`
-      );
+      env$1.logger.info(() => ({
+        msg: `${types.ScheduledTaskNames.StoreCommitmentsExternal} task....`
+      }));
       await tasks$1.clientTaskManager.storeCommitmentsExternal().catch((err) => {
-        env$1.logger.error(err);
+        env$1.logger.error(() => ({
+          err,
+          msg: "Error storing commitments externally"
+        }));
       });
     }
   });

package/dist/cjs/schedulers/getClientList.cjs

@@ -14,13 +14,20 @@ async function getClientList(pair, cronSchedule, config) {
       types.ScheduledTaskNames.GetClientList,
       env$1.getDb()
     );
-    env$1.logger.info(
-      `${types.ScheduledTaskNames.GetClientList} task running: ${taskRunning}`
-    );
+    env$1.logger.info(() => ({
+      msg: `${types.ScheduledTaskNames.GetClientList} task running: ${taskRunning}`,
+      data: { taskRunning }
+    }));
     if (!taskRunning) {
-      env$1.logger.info(`${types.ScheduledTaskNames.GetClientList} task....`);
+      env$1.logger.info(() => ({
+        msg: `${types.ScheduledTaskNames.GetClientList} task....`,
+        data: {}
+      }));
       await tasks$1.clientTaskManager.getClientList().catch((err) => {
-        env$1.logger.error(err);
+        env$1.logger.error(() => ({
+          err,
+          msg: "Error getting client list"
+        }));
       });
     }
   });

package/dist/cjs/tasks/captchaManager.cjs

@@ -2,11 +2,13 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const common = require("@prosopo/common");
 const types = require("@prosopo/types");
+const userAccessPolicy = require("@prosopo/user-access-policy");
+const util = require("@prosopo/util");
 class CaptchaManager {
   constructor(db, pair, logger) {
     this.pair = pair;
     this.db = db;
-    this.logger = logger || common.getLoggerDefault();
+    this.logger = logger || common.getLogger("info", module);
   }
   async getFrictionlessTokenIdFromSession(sessionRecord) {
     const tokenRecord = await this.db.getFrictionlessTokenRecordByTokenId(
@@ -15,20 +17,24 @@ class CaptchaManager {
     return tokenRecord ? tokenRecord._id : void 0;
   }
   async isValidRequest(clientSettings, captchaType, sessionId) {
-    this.logger.debug({
-      message: "Validating request",
-      captchaType,
-      sessionId
-    });
+    this.logger.debug(() => ({
+      msg: "Validating request",
+      data: {
+        captchaType,
+        sessionId
+      }
+    }));
     if (sessionId) {
       if (clientSettings?.settings?.captchaType === types.CaptchaType.frictionless) {
         const sessionRecord = await this.db.checkAndRemoveSession(sessionId);
         if (!sessionRecord) {
-          this.logger.warn({
-            message: "No frictionless session found",
-            account: clientSettings.account,
-            sessionId
-          });
+          this.logger.warn(() => ({
+            msg: "No frictionless session found",
+            data: {
+              account: clientSettings.account,
+              sessionId
+            }
+          }));
           return {
             valid: false,
             reason: "CAPTCHA.NO_SESSION_FOUND",
@@ -42,12 +48,14 @@ class CaptchaManager {
           type: captchaType
         };
       }
-      this.logger.warn({
-        message: "Invalid frictionless request",
-        account: clientSettings.account,
-        sessionId,
-        settingsCaptchaType: clientSettings?.settings?.captchaType
-      });
+      this.logger.warn(() => ({
+        msg: "Invalid frictionless request",
+        data: {
+          account: clientSettings.account,
+          sessionId,
+          settingsCaptchaType: clientSettings?.settings?.captchaType
+        }
+      }));
       return {
         valid: false,
         reason: "API.INCORRECT_CAPTCHA_TYPE",
@@ -55,12 +63,14 @@ class CaptchaManager {
       };
     }
     if (clientSettings?.settings?.captchaType !== captchaType) {
-      this.logger.warn({
-        message: `Invalid ${captchaType} request`,
-        account: clientSettings.account,
-        requestedCaptchaType: captchaType,
-        settingsCaptchaType: clientSettings?.settings?.captchaType
-      });
+      this.logger.warn(() => ({
+        msg: `Invalid ${captchaType} request`,
+        data: {
+          account: clientSettings.account,
+          requestedCaptchaType: captchaType,
+          settingsCaptchaType: clientSettings?.settings?.captchaType
+        }
+      }));
       return {
         valid: false,
         reason: "API.INCORRECT_CAPTCHA_TYPE",
@@ -80,6 +90,49 @@ class CaptchaManager {
       }
     };
   }
+  async getPrioritisedAccessPolicies(userAccessRulesStorage, clientId, userScope) {
+    const resolver = userAccessPolicy.createAccessPolicyResolver(
+      userAccessRulesStorage,
+      this.logger
+    );
+    const userScopeKeys = Object.keys(userScope).filter(
+      (key) => userScope[key] !== void 0
+    );
+    const prioritisedUserScopes = util.uniqueSubsets(userScopeKeys).map(
+      (subset) => subset.reduce(
+        (acc, key) => {
+          acc[key] = userScope[key];
+          return acc;
+        },
+        {}
+      )
+    );
+    for (const clientOrUndefined of [clientId, void 0]) {
+      for (const scope of prioritisedUserScopes) {
+        const accessPolicy = await resolver({
+          ...clientOrUndefined && {
+            policyScope: {
+              clientId: clientOrUndefined
+            },
+            policyScopeMatch: userAccessPolicy.ScopeMatch.Exact
+          },
+          userScope: userAccessPolicy.userScopeInputSchema.parse(scope),
+          userScopeMatch: userAccessPolicy.ScopeMatch.Exact
+        });
+        if (accessPolicy) {
+          this.logger.debug(() => ({
+            msg: "Access policy found",
+            data: {
+              accessPolicy,
+              scope
+            }
+          }));
+          return accessPolicy;
+        }
+      }
+    }
+    return void 0;
+  }
   async getDetectorKeys() {
     return await this.db.getDetectorKeys();
   }

package/dist/cjs/tasks/client/clientTasks.cjs

@@ -49,7 +49,7 @@ class ClientTaskManager {
    */
   async storeCommitmentsExternal() {
     if (!this.config.mongoCaptchaUri) {
-      this.logger.info("Mongo env not set");
+      this.logger.info(() => ({ msg: "Mongo env not set" }));
       return;
     }
     const lastTask = await this.providerDB.getLastScheduledTaskStatus(
@@ -105,18 +105,18 @@ class ClientTaskManager {
           const frictionlessTokenRecords = await this.providerDB.getFrictionlessTokenRecordsByTokenIds(
             filteredBatch.map((record) => record.tokenId)
           );
-          this.logger.info(
-            `Frictionless token records: ${frictionlessTokenRecords.length}`
-          );
+          this.logger.info(() => ({
+            msg: `Frictionless token records: ${frictionlessTokenRecords.length}`
+          }));
           const filteredBatchWithScores = filteredBatch.map((record) => {
             const tokenRecord = frictionlessTokenRecords.find(
               (tokenRecord2) => tokenRecord2._id?.toString() === record.tokenId.toString()
             );
             if (!tokenRecord) {
-              this.logger.error({
-                message: "No token record found",
-                context: { tokenId: record.tokenId }
-              });
+              this.logger.error(() => ({
+                msg: "No token record found",
+                data: { tokenId: record.tokenId }
+              }));
               return {
                 ...record,
                 score: 0,
@@ -155,7 +155,10 @@ class ClientTaskManager {
       );
       this.captchaDB?.close();
     } catch (e) {
-      this.logger.error(e);
+      this.logger.error(() => ({
+        err: e,
+        msg: "Error processing client tasks"
+      }));
       this.captchaDB?.close();
       await this.providerDB.updateScheduledTaskStatus(
         taskID,
@@ -170,7 +173,7 @@ class ClientTaskManager {
    */
   async getClientList() {
     if (!this.config.mongoClientUri) {
-      this.logger.info("Mongo env not set");
+      this.logger.info(() => ({ msg: "Mongo env not set" }));
       return;
     }
     const lastTask = await this.providerDB.getLastScheduledTaskStatus(
@@ -192,9 +195,9 @@ class ClientTaskManager {
       );
       const tenMinuteWindow = 10 * 60 * 1e3;
       const updatedAtTimestamp = lastTask?.updated ? lastTask.updated - tenMinuteWindow || 0 : 0;
-      this.logger.info({
-        message: `Getting updated client records since ${new Date(updatedAtTimestamp).toDateString()}`
-      });
+      this.logger.info(() => ({
+        msg: `Getting updated client records since ${new Date(updatedAtTimestamp).toDateString()}`
+      }));
       const newClientRecords = await clientDB.getUpdatedClients(updatedAtTimestamp);
       if (newClientRecords) {
         await this.providerDB.updateClientRecords(newClientRecords);
@@ -213,7 +216,10 @@ class ClientTaskManager {
         context: { error: e },
         logger: this.logger
       });
-      this.logger.error(getClientListError, { context: { error: e } });
+      this.logger.error(() => ({
+        err: getClientListError,
+        msg: "Error getting client list"
+      }));
       await this.providerDB.updateScheduledTaskStatus(
         taskID,
         types.ScheduledTaskStatus.Failed,
@@ -222,7 +228,7 @@ class ClientTaskManager {
     }
   }
   async registerSiteKey(siteKey, tier, settings) {
-    validateAddress.validiateSiteKey(siteKey);
+    validateAddress.validateSiteKey(siteKey);
     await this.providerDB.updateClientRecords([
       {
         account: siteKey,
@@ -257,10 +263,10 @@ class ClientTaskManager {
       const allowedDomain = util.parseUrl(clientDomain).hostname.replace(/\.$/, "");
       return referrerDomain === allowedDomain || referrerDomain.endsWith(`.${allowedDomain}`);
     } catch {
-      this.logger.error({
-        message: "Error in isSubdomainOrExactMatch",
-        context: { referrer, clientDomain }
-      });
+      this.logger.error(() => ({
+        msg: "Error in isSubdomainOrExactMatch",
+        data: { referrer, clientDomain }
+      }));
       return false;
     }
   }