@prosopo/provider 2.9.8 → 3.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +186 -0
- package/dist/api/admin/apiRegisterSiteKeyEndpoint.d.ts.map +1 -1
- package/dist/api/admin/apiRegisterSiteKeyEndpoint.js +4 -4
- package/dist/api/admin/apiRegisterSiteKeyEndpoint.js.map +1 -1
- package/dist/api/admin/apiRemoveDetectorKeyEndpoint.d.ts.map +1 -1
- package/dist/api/admin/apiRemoveDetectorKeyEndpoint.js +5 -5
- package/dist/api/admin/apiRemoveDetectorKeyEndpoint.js.map +1 -1
- package/dist/api/admin/apiUpdateDetectorKeyEndpoint.d.ts.map +1 -1
- package/dist/api/admin/apiUpdateDetectorKeyEndpoint.js +5 -5
- package/dist/api/admin/apiUpdateDetectorKeyEndpoint.js.map +1 -1
- package/dist/api/blacklistRequestInspector.d.ts +6 -8
- package/dist/api/blacklistRequestInspector.d.ts.map +1 -1
- package/dist/api/blacklistRequestInspector.js +38 -20
- package/dist/api/blacklistRequestInspector.js.map +1 -1
- package/dist/api/block.d.ts.map +1 -1
- package/dist/api/block.js +5 -5
- package/dist/api/block.js.map +1 -1
- package/dist/api/captcha.d.ts.map +1 -1
- package/dist/api/captcha.js +114 -24
- package/dist/api/captcha.js.map +1 -1
- package/dist/api/domainMiddleware.d.ts.map +1 -1
- package/dist/api/domainMiddleware.js +3 -3
- package/dist/api/domainMiddleware.js.map +1 -1
- package/dist/api/headerCheckMiddleware.js +2 -2
- package/dist/api/headerCheckMiddleware.js.map +1 -1
- package/dist/api/ja4Middleware.d.ts.map +1 -1
- package/dist/api/ja4Middleware.js +18 -6
- package/dist/api/ja4Middleware.js.map +1 -1
- package/dist/api/public.d.ts +1 -2
- package/dist/api/public.d.ts.map +1 -1
- package/dist/api/public.js +9 -4
- package/dist/api/public.js.map +1 -1
- package/dist/api/validateAddress.d.ts +2 -2
- package/dist/api/validateAddress.d.ts.map +1 -1
- package/dist/api/validateAddress.js +10 -4
- package/dist/api/validateAddress.js.map +1 -1
- package/dist/api/verify.d.ts.map +1 -1
- package/dist/api/verify.js +8 -7
- package/dist/api/verify.js.map +1 -1
- package/dist/cjs/api/admin/apiRegisterSiteKeyEndpoint.cjs +3 -3
- package/dist/cjs/api/admin/apiRemoveDetectorKeyEndpoint.cjs +4 -4
- package/dist/cjs/api/admin/apiUpdateDetectorKeyEndpoint.cjs +4 -4
- package/dist/cjs/api/blacklistRequestInspector.cjs +36 -21
- package/dist/cjs/api/block.cjs +4 -5
- package/dist/cjs/api/captcha.cjs +116 -39
- package/dist/cjs/api/domainMiddleware.cjs +3 -3
- package/dist/cjs/api/headerCheckMiddleware.cjs +1 -1
- package/dist/cjs/api/ja4Middleware.cjs +17 -8
- package/dist/cjs/api/public.cjs +9 -4
- package/dist/cjs/api/validateAddress.cjs +12 -6
- package/dist/cjs/api/verify.cjs +13 -12
- package/dist/cjs/index.cjs +1 -5
- package/dist/cjs/schedulers/captchaScheduler.cjs +11 -7
- package/dist/cjs/schedulers/getClientList.cjs +12 -5
- package/dist/cjs/tasks/captchaManager.cjs +76 -23
- package/dist/cjs/tasks/client/clientTasks.cjs +25 -19
- package/dist/cjs/tasks/detection/decodePayload.cjs +284 -362
- package/dist/cjs/tasks/frictionless/frictionlessTasks.cjs +32 -25
- package/dist/cjs/tasks/imgCaptcha/imgCaptchaTasks.cjs +37 -26
- package/dist/cjs/tasks/powCaptcha/powTasks.cjs +19 -18
- package/dist/cjs/tasks/powCaptcha/powTasksUtils.cjs +5 -3
- package/dist/cjs/tasks/tasks.cjs +11 -2
- package/dist/cjs/util.cjs +58 -8
- package/dist/index.d.ts +0 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -2
- package/dist/index.js.map +1 -1
- package/dist/schedulers/captchaScheduler.d.ts +1 -1
- package/dist/schedulers/captchaScheduler.d.ts.map +1 -1
- package/dist/schedulers/captchaScheduler.js +11 -3
- package/dist/schedulers/captchaScheduler.js.map +1 -1
- package/dist/schedulers/getClientList.d.ts +1 -1
- package/dist/schedulers/getClientList.d.ts.map +1 -1
- package/dist/schedulers/getClientList.js +12 -3
- package/dist/schedulers/getClientList.js.map +1 -1
- package/dist/tasks/captchaManager.d.ts +14 -1
- package/dist/tasks/captchaManager.d.ts.map +1 -1
- package/dist/tasks/captchaManager.js +67 -24
- package/dist/tasks/captchaManager.js.map +1 -1
- package/dist/tasks/client/clientTasks.d.ts.map +1 -1
- package/dist/tasks/client/clientTasks.js +26 -18
- package/dist/tasks/client/clientTasks.js.map +1 -1
- package/dist/tasks/detection/decodePayload.d.ts +2 -2
- package/dist/tasks/detection/decodePayload.d.ts.map +1 -1
- package/dist/tasks/detection/decodePayload.js +184 -230
- package/dist/tasks/detection/decodePayload.js.map +1 -1
- package/dist/tasks/frictionless/frictionlessTasks.d.ts +4 -5
- package/dist/tasks/frictionless/frictionlessTasks.d.ts.map +1 -1
- package/dist/tasks/frictionless/frictionlessTasks.js +32 -24
- package/dist/tasks/frictionless/frictionlessTasks.js.map +1 -1
- package/dist/tasks/imgCaptcha/imgCaptchaTasks.d.ts +1 -1
- package/dist/tasks/imgCaptcha/imgCaptchaTasks.d.ts.map +1 -1
- package/dist/tasks/imgCaptcha/imgCaptchaTasks.js +38 -25
- package/dist/tasks/imgCaptcha/imgCaptchaTasks.js.map +1 -1
- package/dist/tasks/powCaptcha/powTasks.d.ts +1 -1
- package/dist/tasks/powCaptcha/powTasks.d.ts.map +1 -1
- package/dist/tasks/powCaptcha/powTasks.js +17 -18
- package/dist/tasks/powCaptcha/powTasks.js.map +1 -1
- package/dist/tasks/powCaptcha/powTasksUtils.d.ts +1 -1
- package/dist/tasks/powCaptcha/powTasksUtils.d.ts.map +1 -1
- package/dist/tasks/powCaptcha/powTasksUtils.js +5 -3
- package/dist/tasks/powCaptcha/powTasksUtils.js.map +1 -1
- package/dist/tasks/tasks.d.ts +3 -2
- package/dist/tasks/tasks.d.ts.map +1 -1
- package/dist/tasks/tasks.js +13 -3
- package/dist/tasks/tasks.js.map +1 -1
- package/dist/tests/integration/imgCaptcha.integration.test.js +3 -2
- package/dist/tests/integration/imgCaptcha.integration.test.js.map +1 -1
- package/dist/tests/integration/powCaptcha.integration.test.js +9 -9
- package/dist/tests/integration/powCaptcha.integration.test.js.map +1 -1
- package/dist/tests/integration/registerSitekey.d.ts.map +1 -1
- package/dist/tests/integration/registerSitekey.js +13 -2
- package/dist/tests/integration/registerSitekey.js.map +1 -1
- package/dist/tests/unit/api/ignoreMiddleware.unit.test.d.ts +2 -0
- package/dist/tests/unit/api/ignoreMiddleware.unit.test.d.ts.map +1 -0
- package/dist/tests/unit/api/ignoreMiddleware.unit.test.js +43 -0
- package/dist/tests/unit/api/ignoreMiddleware.unit.test.js.map +1 -0
- package/dist/tests/unit/api/ja4Middleware.unit.test.js +18 -4
- package/dist/tests/unit/api/ja4Middleware.unit.test.js.map +1 -1
- package/dist/tests/unit/schedulers/captchaScheduler.unit.test.js +30 -18
- package/dist/tests/unit/schedulers/captchaScheduler.unit.test.js.map +1 -1
- package/dist/tests/unit/tasks/captchaManager.unit.test.js +11 -5
- package/dist/tests/unit/tasks/captchaManager.unit.test.js.map +1 -1
- package/dist/tests/unit/tasks/client/clientTasks.unit.test.js +43 -19
- package/dist/tests/unit/tasks/client/clientTasks.unit.test.js.map +1 -1
- package/dist/tests/unit/tasks/dataset/datasetTasks.unit.test.js +11 -4
- package/dist/tests/unit/tasks/dataset/datasetTasks.unit.test.js.map +1 -1
- package/dist/tests/unit/tasks/frictionless/frictionlessTasks.unit.test.js +9 -8
- package/dist/tests/unit/tasks/frictionless/frictionlessTasks.unit.test.js.map +1 -1
- package/dist/tests/unit/tasks/imgCaptcha/imgCaptchaTasks.unit.test.js +29 -10
- package/dist/tests/unit/tasks/imgCaptcha/imgCaptchaTasks.unit.test.js.map +1 -1
- package/dist/tests/unit/tasks/powCaptcha/powTasks.unit.test.js +2 -3
- package/dist/tests/unit/tasks/powCaptcha/powTasks.unit.test.js.map +1 -1
- package/dist/tests/unit/tasks/powCaptcha/powTasksUtils.unit.test.js +4 -2
- package/dist/tests/unit/tasks/powCaptcha/powTasksUtils.unit.test.js.map +1 -1
- package/dist/tests/unit/util.unit.test.js +110 -2
- package/dist/tests/unit/util.unit.test.js.map +1 -1
- package/dist/util.d.ts +5 -0
- package/dist/util.d.ts.map +1 -1
- package/dist/util.js +57 -5
- package/dist/util.js.map +1 -1
- package/package.json +24 -20
- package/vite.test.config.ts +1 -1
- package/dist/api/authMiddleware.d.ts +0 -6
- package/dist/api/authMiddleware.d.ts.map +0 -1
- package/dist/api/authMiddleware.js +0 -82
- package/dist/api/authMiddleware.js.map +0 -1
- package/dist/api/requestLoggerMiddleware.d.ts +0 -4
- package/dist/api/requestLoggerMiddleware.d.ts.map +0 -1
- package/dist/api/requestLoggerMiddleware.js +0 -12
- package/dist/api/requestLoggerMiddleware.js.map +0 -1
- package/dist/cjs/api/authMiddleware.cjs +0 -81
- package/dist/cjs/api/requestLoggerMiddleware.cjs +0 -14
- package/dist/tests/unit/api/authMiddleware.unit.test.d.ts +0 -2
- package/dist/tests/unit/api/authMiddleware.unit.test.d.ts.map +0 -1
- package/dist/tests/unit/api/authMiddleware.unit.test.js +0 -125
- package/dist/tests/unit/api/authMiddleware.unit.test.js.map +0 -1
package/dist/api/verify.js
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { handleErrors } from "@prosopo/api-express-router";
|
|
1
|
+
import { handleErrors, verifySignature } from "@prosopo/api-express-router";
|
|
3
2
|
import { ProsopoApiError } from "@prosopo/common";
|
|
4
3
|
import { ApiParams, ClientApiPaths, ServerPowCaptchaVerifyRequestBody, VerifySolutionBody, decodeProcaptchaOutput, } from "@prosopo/types";
|
|
4
|
+
import { validateAddress } from "@prosopo/util-crypto";
|
|
5
5
|
import express from "express";
|
|
6
6
|
import { Tasks } from "../tasks/tasks.js";
|
|
7
|
-
import { verifySignature } from "./authMiddleware.js";
|
|
8
7
|
export function prosopoVerifyRouter(env) {
|
|
9
8
|
const router = express.Router();
|
|
10
|
-
const tasks = new Tasks(env);
|
|
11
9
|
router.post(ClientApiPaths.VerifyImageCaptchaSolutionDapp, async (req, res, next) => {
|
|
10
|
+
const tasks = new Tasks(env, req.logger);
|
|
12
11
|
let parsed;
|
|
13
12
|
try {
|
|
14
13
|
parsed = VerifySolutionBody.parse(req.body);
|
|
@@ -36,12 +35,12 @@ export function prosopoVerifyRouter(env) {
|
|
|
36
35
|
const keyPair = env.keyring.addFromAddress(dapp);
|
|
37
36
|
verifySignature(dappSignature, timestamp.toString(), keyPair);
|
|
38
37
|
const response = await tasks.imgCaptchaManager.verifyImageCaptchaSolution(user, dapp, commitmentId, parsed.maxVerifiedTime, ip);
|
|
39
|
-
req.logger.debug(response);
|
|
38
|
+
req.logger.debug(() => ({ data: { response } }));
|
|
40
39
|
const verificationResponse = tasks.imgCaptchaManager.getVerificationResponse(response[ApiParams.verified], clientRecord, req.i18n.t, response[ApiParams.score], response[ApiParams.commitmentId]);
|
|
41
40
|
res.json(verificationResponse);
|
|
42
41
|
}
|
|
43
42
|
catch (err) {
|
|
44
|
-
req.logger.error({ err, body: req.body });
|
|
43
|
+
req.logger.error(() => ({ err, data: { body: req.body } }));
|
|
45
44
|
return next(new ProsopoApiError("API.BAD_REQUEST", {
|
|
46
45
|
context: { code: 500, siteKey: req.body.dapp, user: req.body.user },
|
|
47
46
|
i18n: req.i18n,
|
|
@@ -50,6 +49,7 @@ export function prosopoVerifyRouter(env) {
|
|
|
50
49
|
}
|
|
51
50
|
});
|
|
52
51
|
router.post(ClientApiPaths.VerifyPowCaptchaSolution, async (req, res, next) => {
|
|
52
|
+
const tasks = new Tasks(env, req.logger);
|
|
53
53
|
let parsed;
|
|
54
54
|
try {
|
|
55
55
|
parsed = ServerPowCaptchaVerifyRequestBody.parse(req.body);
|
|
@@ -88,7 +88,8 @@ export function prosopoVerifyRouter(env) {
|
|
|
88
88
|
return res.json(verificationResponse);
|
|
89
89
|
}
|
|
90
90
|
catch (err) {
|
|
91
|
-
|
|
91
|
+
console.error("\nError in verifyPowCaptchaSolution:", err);
|
|
92
|
+
req.logger.error(() => ({ err, data: { body: req.body } }));
|
|
92
93
|
return next(new ProsopoApiError("API.BAD_REQUEST", {
|
|
93
94
|
context: { code: 500, error: err },
|
|
94
95
|
i18n: req.i18n,
|
package/dist/api/verify.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/api/verify.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/api/verify.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EACN,SAAS,EACT,cAAc,EAEd,iCAAiC,EAGjC,kBAAkB,EAElB,sBAAsB,GACtB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,OAAwB,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAQ1C,MAAM,UAAU,mBAAmB,CAAC,GAAwB;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAYhC,MAAM,CAAC,IAAI,CACV,cAAc,CAAC,8BAA8B,EAC7C,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACxB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QAGzC,IAAI,MAAoC,CAAC;QACzC,IAAI,CAAC;YACJ,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,OAAO,IAAI,CACV,IAAI,eAAe,CAAC,qBAAqB,EAAE;gBAC1C,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE;gBAClD,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,GAAG,CAAC,MAAM;aAClB,CAAC,CACF,CAAC;QACH,CAAC;QAGD,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,MAAM,CAAC;QAC5C,IAAI,CAAC;YAEJ,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,GAC5C,sBAAsB,CAAC,KAAK,CAAC,CAAC;YAG/B,eAAe,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;YAGjC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;gBACnB,OAAO,IAAI,CACV,IAAI,eAAe,CAAC,6BAA6B,EAAE;oBAClD,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE;oBAC3C,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBAClB,CAAC,CACF,CAAC;YACH,CAAC;YAGD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YAGjD,eAAe,CAAC,aAAa,EAAE,SAAS,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;YAE9D,MAAM,QAAQ,GACb,MAAM,KAAK,CAAC,iBAAiB,CAAC,0BAA0B,CACvD,IAAI,EACJ,IAAI,EACJ,YAAY,EACZ,MAAM,CAAC,eAAe,EACtB,EAAE,CACF,CAAC;YAEH,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC;YACjD,MAAM,oBAAoB,GACzB,KAAK,CAAC,iBAAiB,CAAC,uBAAuB,CAC9C,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAC5B,YAAY,EACZ,GAAG,CAAC,IAAI,CAAC,CAAC,EACV,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,EACzB,QAAQ,CAAC,SAAS,CAAC,YAAY,CAAC,CAChC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;YAC5D,OAAO,IAAI,CACV,IAAI,eAAe,CAAC,iBAAiB,EAAE;gBACtC,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;gBACnE,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,GAAG,CAAC,MAAM;aAClB,CAAC,CACF,CAAC;QACH,CAAC;IACF,CAAC,CACD,CAAC;IASF,MAAM,CAAC,IAAI,CACV,cAAc,CAAC,wBAAwB,EACvC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACxB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QAEzC,IAAI,MAA+C,CAAC;QAGpD,IAAI,CAAC;YACJ,MAAM,GAAG,iCAAiC,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,OAAO,IAAI,CACV,IAAI,eAAe,CAAC,qBAAqB,EAAE;gBAC1C,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE;gBAClD,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,GAAG,CAAC,MAAM;aAClB,CAAC,CACF,CAAC;QACH,CAAC;QAGD,IAAI,CAAC;YACJ,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,EAAE,EAAE,GAAG,MAAM,CAAC;YAG7D,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,GACzC,sBAAsB,CAAC,KAAK,CAAC,CAAC;YAG/B,eAAe,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;YAGjC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;gBACnB,OAAO,IAAI,CACV,IAAI,eAAe,CAAC,6BAA6B,EAAE;oBAClD,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE;oBACrC,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBAClB,CAAC,CACF,CAAC;YACH,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChB,MAAM,kBAAkB,GAAyB;oBAChD,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,uBAAuB,CAAC;oBAC3C,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,KAAK;iBAC3B,CAAC;gBACF,OAAO,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YACrC,CAAC;YAGD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YAGlD,eAAe,CAAC,aAAa,EAAE,SAAS,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;YAE/D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GACxB,MAAM,KAAK,CAAC,iBAAiB,CAAC,8BAA8B,CAC3D,IAAI,EACJ,SAAS,EACT,eAAe,EACf,EAAE,CACF,CAAC;YAEH,MAAM,oBAAoB,GACzB,KAAK,CAAC,iBAAiB,CAAC,uBAAuB,CAC9C,QAAQ,EACR,YAAY,EACZ,GAAG,CAAC,IAAI,CAAC,CAAC,EACV,KAAK,CACL,CAAC;YAEH,OAAO,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;YAC3D,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;YAC5D,OAAO,IAAI,CACV,IAAI,eAAe,CAAC,iBAAiB,EAAE;gBACtC,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE;gBAClC,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,GAAG,CAAC,MAAM;aAClB,CAAC,CACF,CAAC;QACH,CAAC;IACF,CAAC,CACD,CAAC;IAKF,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAEzB,OAAO,MAAM,CAAC;AACf,CAAC"}
|
|
@@ -9,11 +9,11 @@ class ApiRegisterSiteKeyEndpoint {
|
|
|
9
9
|
}
|
|
10
10
|
async processRequest(args, logger) {
|
|
11
11
|
const { siteKey, tier, settings } = args;
|
|
12
|
-
logger = logger || common.
|
|
12
|
+
logger = logger || common.getLogger("info", module);
|
|
13
13
|
const temp = settings || types.ClientSettingsSchema.parse({});
|
|
14
|
-
logger.info(`Registering site key
|
|
14
|
+
logger.info(() => ({ data: { siteKey }, msg: "`Registering site key" }));
|
|
15
15
|
await this.clientTaskManager.registerSiteKey(siteKey, tier, temp);
|
|
16
|
-
logger.info("Site key registered");
|
|
16
|
+
logger.info(() => ({ msg: "Site key registered" }));
|
|
17
17
|
return {
|
|
18
18
|
status: apiRoute.ApiEndpointResponseStatus.SUCCESS
|
|
19
19
|
};
|
|
@@ -8,17 +8,17 @@ class ApiRemoveDetectorKeyEndpoint {
|
|
|
8
8
|
this.clientTaskManager = clientTaskManager;
|
|
9
9
|
}
|
|
10
10
|
async processRequest(args, logger) {
|
|
11
|
-
logger = logger || common.
|
|
11
|
+
logger = logger || common.getLogger("info", module);
|
|
12
12
|
try {
|
|
13
13
|
const { detectorKey } = args;
|
|
14
|
-
logger = logger || common.
|
|
15
|
-
logger.info({
|
|
14
|
+
logger = logger || common.getLogger("info", module);
|
|
15
|
+
logger.info(() => ({ msg: "Removing detector key" }));
|
|
16
16
|
await this.clientTaskManager.removeDetectorKey(detectorKey);
|
|
17
17
|
return {
|
|
18
18
|
status: apiRoute.ApiEndpointResponseStatus.SUCCESS
|
|
19
19
|
};
|
|
20
20
|
} catch (error) {
|
|
21
|
-
logger.error({
|
|
21
|
+
logger.error(() => ({ err: error, msg: "Error updating detector key" }));
|
|
22
22
|
return {
|
|
23
23
|
status: apiRoute.ApiEndpointResponseStatus.FAIL,
|
|
24
24
|
error: error.message
|
|
@@ -8,17 +8,17 @@ class ApiUpdateDetectorKeyEndpoint {
|
|
|
8
8
|
this.clientTaskManager = clientTaskManager;
|
|
9
9
|
}
|
|
10
10
|
async processRequest(args, logger) {
|
|
11
|
-
logger = logger || common.
|
|
11
|
+
logger = logger || common.getLogger("info", "");
|
|
12
12
|
try {
|
|
13
13
|
const { detectorKey } = args;
|
|
14
|
-
logger = logger || common.
|
|
15
|
-
logger.info("Updating detector key");
|
|
14
|
+
logger = logger || common.getLogger("info", "");
|
|
15
|
+
logger.info(() => ({ msg: "Updating detector key" }));
|
|
16
16
|
await this.clientTaskManager.updateDetectorKey(detectorKey);
|
|
17
17
|
return {
|
|
18
18
|
status: apiRoute.ApiEndpointResponseStatus.SUCCESS
|
|
19
19
|
};
|
|
20
20
|
} catch (error) {
|
|
21
|
-
logger.error("Error updating detector key", error);
|
|
21
|
+
logger.error(() => ({ msg: "Error updating detector key", err: error }));
|
|
22
22
|
return {
|
|
23
23
|
status: apiRoute.ApiEndpointResponseStatus.FAIL,
|
|
24
24
|
error: error.message
|
|
@@ -1,16 +1,18 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
|
|
3
3
|
const types = require("@prosopo/types");
|
|
4
|
-
const
|
|
4
|
+
const userAccessPolicy = require("@prosopo/user-access-policy");
|
|
5
|
+
const util = require("@prosopo/util");
|
|
5
6
|
class BlacklistRequestInspector {
|
|
6
|
-
constructor(
|
|
7
|
-
this.
|
|
7
|
+
constructor(resolveAccessPolicy, environmentReadinessWaiter) {
|
|
8
|
+
this.resolveAccessPolicy = resolveAccessPolicy;
|
|
8
9
|
this.environmentReadinessWaiter = environmentReadinessWaiter;
|
|
9
|
-
this.logger = logger;
|
|
10
10
|
}
|
|
11
11
|
async abortRequestForBlockedUsers(request, res, next) {
|
|
12
12
|
const rawIp = request.ip || "";
|
|
13
|
-
request.logger.debug(
|
|
13
|
+
request.logger.debug(() => ({
|
|
14
|
+
data: { ja4: request.ja4 }
|
|
15
|
+
}));
|
|
14
16
|
const shouldAbortRequest = await this.shouldAbortRequest(
|
|
15
17
|
request.url,
|
|
16
18
|
rawIp,
|
|
@@ -30,11 +32,14 @@ class BlacklistRequestInspector {
|
|
|
30
32
|
return false;
|
|
31
33
|
}
|
|
32
34
|
if (!rawIp) {
|
|
33
|
-
logger.info(
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
35
|
+
logger.info(() => ({
|
|
36
|
+
data: {
|
|
37
|
+
requestedRoute,
|
|
38
|
+
requestHeaders,
|
|
39
|
+
requestBody
|
|
40
|
+
},
|
|
41
|
+
msg: "Request without IP"
|
|
42
|
+
}));
|
|
38
43
|
return true;
|
|
39
44
|
}
|
|
40
45
|
await this.environmentReadinessWaiter();
|
|
@@ -44,14 +49,24 @@ class BlacklistRequestInspector {
|
|
|
44
49
|
requestHeaders,
|
|
45
50
|
requestBody
|
|
46
51
|
);
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
52
|
+
const accessPolicy = await this.resolveAccessPolicy({
|
|
53
|
+
policyScope: {
|
|
54
|
+
clientId
|
|
55
|
+
},
|
|
56
|
+
policyScopeMatch: userAccessPolicy.ScopeMatch.Greedy,
|
|
57
|
+
userScope: {
|
|
58
|
+
userId,
|
|
59
|
+
numericIp: userIpAddress.bigInt(),
|
|
60
|
+
ja4Hash: ja4
|
|
61
|
+
},
|
|
62
|
+
userScopeMatch: userAccessPolicy.ScopeMatch.Greedy
|
|
63
|
+
});
|
|
64
|
+
return userAccessPolicy.AccessPolicyType.Block === accessPolicy?.type;
|
|
53
65
|
} catch (err) {
|
|
54
|
-
logger.error(
|
|
66
|
+
logger.error(() => ({
|
|
67
|
+
err,
|
|
68
|
+
msg: "Block Middleware Error"
|
|
69
|
+
}));
|
|
55
70
|
return true;
|
|
56
71
|
}
|
|
57
72
|
}
|
|
@@ -59,11 +74,11 @@ class BlacklistRequestInspector {
|
|
|
59
74
|
return !url.includes(types.ApiPrefix);
|
|
60
75
|
}
|
|
61
76
|
extractIdsFromRequest(requestHeaders, requestBody) {
|
|
62
|
-
const userId = this.getObjectValue(requestHeaders, "Prosopo-User") || this.getObjectValue(requestBody, "user")
|
|
63
|
-
const clientId = this.getObjectValue(requestHeaders, "Prosopo-Site-Key") || this.getObjectValue(requestBody, "dapp")
|
|
77
|
+
const userId = this.getObjectValue(requestHeaders, "Prosopo-User") || this.getObjectValue(requestBody, "user");
|
|
78
|
+
const clientId = this.getObjectValue(requestHeaders, "Prosopo-Site-Key") || this.getObjectValue(requestBody, "dapp");
|
|
64
79
|
return {
|
|
65
|
-
userId: "string" === typeof userId ? userId :
|
|
66
|
-
clientId: "string" === typeof clientId ? clientId :
|
|
80
|
+
userId: "string" === typeof userId ? userId : void 0,
|
|
81
|
+
clientId: "string" === typeof clientId ? clientId : void 0
|
|
67
82
|
};
|
|
68
83
|
}
|
|
69
84
|
getObjectValue(object, key) {
|
package/dist/cjs/api/block.cjs
CHANGED
|
@@ -4,18 +4,17 @@ const common = require("@prosopo/common");
|
|
|
4
4
|
const userAccessPolicy = require("@prosopo/user-access-policy");
|
|
5
5
|
const blacklistRequestInspector = require("./blacklistRequestInspector.cjs");
|
|
6
6
|
const blockMiddleware = (providerEnvironment) => {
|
|
7
|
-
const logLevel = providerEnvironment.config.logLevel;
|
|
7
|
+
const logLevel = common.parseLogLevel(providerEnvironment.config.logLevel);
|
|
8
8
|
const logger = common.getLogger(logLevel, "blockMiddleware");
|
|
9
9
|
const userAccessRulesStorage = providerEnvironment.getDb().getUserAccessRulesStorage();
|
|
10
10
|
const environmentReadinessWaiter = providerEnvironment.isReady.bind(providerEnvironment);
|
|
11
|
-
const
|
|
11
|
+
const resolveAccessPolicy = userAccessPolicy.createAccessPolicyResolver(
|
|
12
12
|
userAccessRulesStorage,
|
|
13
13
|
logger
|
|
14
14
|
);
|
|
15
15
|
const blacklistRequestInspector$1 = new blacklistRequestInspector.BlacklistRequestInspector(
|
|
16
|
-
|
|
17
|
-
environmentReadinessWaiter
|
|
18
|
-
logger
|
|
16
|
+
resolveAccessPolicy,
|
|
17
|
+
environmentReadinessWaiter
|
|
19
18
|
);
|
|
20
19
|
return blacklistRequestInspector$1.abortRequestForBlockedUsers.bind(
|
|
21
20
|
blacklistRequestInspector$1
|
package/dist/cjs/api/captcha.cjs
CHANGED
|
@@ -5,20 +5,19 @@ const common = require("@prosopo/common");
|
|
|
5
5
|
const datasets = require("@prosopo/datasets");
|
|
6
6
|
const types = require("@prosopo/types");
|
|
7
7
|
const userAccessPolicy = require("@prosopo/user-access-policy");
|
|
8
|
-
const util
|
|
8
|
+
const util = require("@prosopo/util");
|
|
9
9
|
const express = require("express");
|
|
10
10
|
const frictionlessTasks = require("../tasks/frictionless/frictionlessTasks.cjs");
|
|
11
11
|
const tasks = require("../tasks/tasks.cjs");
|
|
12
|
-
const util = require("../util.cjs");
|
|
13
12
|
const validateAddress = require("./validateAddress.cjs");
|
|
14
13
|
const DEFAULT_FRICTIONLESS_THRESHOLD = 0.5;
|
|
15
14
|
function prosopoRouter(env) {
|
|
16
15
|
const router = express.Router();
|
|
17
|
-
const tasks$1 = new tasks.Tasks(env);
|
|
18
16
|
const userAccessRulesStorage = env.getDb().getUserAccessRulesStorage();
|
|
19
17
|
router.post(
|
|
20
18
|
types.ClientApiPaths.GetImageCaptchaChallenge,
|
|
21
19
|
async (req, res, next) => {
|
|
20
|
+
const tasks$1 = new tasks.Tasks(env, req.logger);
|
|
22
21
|
let parsed;
|
|
23
22
|
if (!req.ip) {
|
|
24
23
|
return next(
|
|
@@ -42,7 +41,7 @@ function prosopoRouter(env) {
|
|
|
42
41
|
);
|
|
43
42
|
}
|
|
44
43
|
const { datasetId, user, dapp, sessionId } = parsed;
|
|
45
|
-
validateAddress.
|
|
44
|
+
validateAddress.validateSiteKey(dapp);
|
|
46
45
|
validateAddress.validateAddr(user);
|
|
47
46
|
try {
|
|
48
47
|
const clientRecord = await tasks$1.db.getClientRecord(dapp);
|
|
@@ -55,17 +54,6 @@ function prosopoRouter(env) {
|
|
|
55
54
|
})
|
|
56
55
|
);
|
|
57
56
|
}
|
|
58
|
-
const imageCaptchaConfigResolver = userAccessPolicy.createImageCaptchaConfigResolver(
|
|
59
|
-
userAccessRulesStorage,
|
|
60
|
-
req.logger
|
|
61
|
-
);
|
|
62
|
-
const captchaConfig = await imageCaptchaConfigResolver.resolveConfig(
|
|
63
|
-
env.config.captchas,
|
|
64
|
-
ipAddress,
|
|
65
|
-
req.ja4,
|
|
66
|
-
user,
|
|
67
|
-
dapp
|
|
68
|
-
);
|
|
69
57
|
const { valid, reason, frictionlessTokenId } = await tasks$1.imgCaptchaManager.isValidRequest(
|
|
70
58
|
clientRecord,
|
|
71
59
|
types.CaptchaType.image,
|
|
@@ -84,6 +72,24 @@ function prosopoRouter(env) {
|
|
|
84
72
|
})
|
|
85
73
|
);
|
|
86
74
|
}
|
|
75
|
+
const userAccessPolicy2 = await tasks$1.imgCaptchaManager.getPrioritisedAccessPolicies(
|
|
76
|
+
userAccessRulesStorage,
|
|
77
|
+
dapp,
|
|
78
|
+
{
|
|
79
|
+
numericIp: ipAddress.bigInt(),
|
|
80
|
+
userId: user,
|
|
81
|
+
ja4Hash: req.ja4,
|
|
82
|
+
userAgent: req.headers["user-agent"]
|
|
83
|
+
}
|
|
84
|
+
);
|
|
85
|
+
const captchaConfig = {
|
|
86
|
+
solved: {
|
|
87
|
+
count: userAccessPolicy2?.solvedImagesCount || env.config.captchas.solved.count
|
|
88
|
+
},
|
|
89
|
+
unsolved: {
|
|
90
|
+
count: userAccessPolicy2?.unsolvedImagesCount || env.config.captchas.unsolved.count
|
|
91
|
+
}
|
|
92
|
+
};
|
|
87
93
|
const taskData = await tasks$1.imgCaptchaManager.getRandomCaptchasAndRequestHash(
|
|
88
94
|
datasetId,
|
|
89
95
|
user,
|
|
@@ -111,7 +117,11 @@ function prosopoRouter(env) {
|
|
|
111
117
|
};
|
|
112
118
|
return res.json(captchaResponse);
|
|
113
119
|
} catch (err) {
|
|
114
|
-
req.logger.error(
|
|
120
|
+
req.logger.error(() => ({
|
|
121
|
+
err,
|
|
122
|
+
data: req.params,
|
|
123
|
+
msg: "Error in PoW captcha solution submission"
|
|
124
|
+
}));
|
|
115
125
|
return next(
|
|
116
126
|
new common.ProsopoApiError("API.BAD_REQUEST", {
|
|
117
127
|
context: {
|
|
@@ -130,6 +140,7 @@ function prosopoRouter(env) {
|
|
|
130
140
|
router.post(
|
|
131
141
|
types.ClientApiPaths.SubmitImageCaptchaSolution,
|
|
132
142
|
async (req, res, next) => {
|
|
143
|
+
const tasks$1 = new tasks.Tasks(env, req.logger);
|
|
133
144
|
let parsed;
|
|
134
145
|
try {
|
|
135
146
|
parsed = types.CaptchaSolutionBody.parse(req.body);
|
|
@@ -143,7 +154,7 @@ function prosopoRouter(env) {
|
|
|
143
154
|
);
|
|
144
155
|
}
|
|
145
156
|
const { user, dapp } = parsed;
|
|
146
|
-
validateAddress.
|
|
157
|
+
validateAddress.validateSiteKey(dapp);
|
|
147
158
|
validateAddress.validateAddr(user);
|
|
148
159
|
try {
|
|
149
160
|
const clientRecord = await tasks$1.db.getClientRecord(parsed.dapp);
|
|
@@ -165,7 +176,7 @@ function prosopoRouter(env) {
|
|
|
165
176
|
Number.parseInt(parsed[types.ApiParams.timestamp]),
|
|
166
177
|
parsed[types.ApiParams.signature].provider.requestHash,
|
|
167
178
|
util.getIPAddress(req.ip || "").bigInt(),
|
|
168
|
-
util
|
|
179
|
+
util.flatten(req.headers),
|
|
169
180
|
req.ja4
|
|
170
181
|
);
|
|
171
182
|
const returnValue = {
|
|
@@ -176,7 +187,11 @@ function prosopoRouter(env) {
|
|
|
176
187
|
};
|
|
177
188
|
return res.json(returnValue);
|
|
178
189
|
} catch (err) {
|
|
179
|
-
req.logger.error(
|
|
190
|
+
req.logger.error(() => ({
|
|
191
|
+
err,
|
|
192
|
+
body: req.body,
|
|
193
|
+
msg: "Error in PoW captcha solution submission"
|
|
194
|
+
}));
|
|
180
195
|
return next(
|
|
181
196
|
new common.ProsopoApiError("API.BAD_REQUEST", {
|
|
182
197
|
context: {
|
|
@@ -193,6 +208,8 @@ function prosopoRouter(env) {
|
|
|
193
208
|
);
|
|
194
209
|
router.post(types.ClientApiPaths.GetPowCaptchaChallenge, async (req, res, next) => {
|
|
195
210
|
let parsed;
|
|
211
|
+
const tasks$1 = new tasks.Tasks(env);
|
|
212
|
+
tasks$1.setLogger(req.logger);
|
|
196
213
|
try {
|
|
197
214
|
parsed = types.GetPowCaptchaChallengeRequestBody.parse(req.body);
|
|
198
215
|
} catch (err) {
|
|
@@ -205,7 +222,7 @@ function prosopoRouter(env) {
|
|
|
205
222
|
);
|
|
206
223
|
}
|
|
207
224
|
const { user, dapp, sessionId } = parsed;
|
|
208
|
-
validateAddress.
|
|
225
|
+
validateAddress.validateSiteKey(dapp);
|
|
209
226
|
validateAddress.validateAddr(user);
|
|
210
227
|
try {
|
|
211
228
|
const clientSettings = await tasks$1.db.getClientRecord(dapp);
|
|
@@ -267,7 +284,7 @@ function prosopoRouter(env) {
|
|
|
267
284
|
challenge.difficulty,
|
|
268
285
|
challenge.providerSignature,
|
|
269
286
|
util.getIPAddress(req.ip || "").bigInt(),
|
|
270
|
-
util
|
|
287
|
+
util.flatten(req.headers),
|
|
271
288
|
req.ja4,
|
|
272
289
|
frictionlessTokenId
|
|
273
290
|
);
|
|
@@ -284,7 +301,11 @@ function prosopoRouter(env) {
|
|
|
284
301
|
};
|
|
285
302
|
return res.json(getPowCaptchaResponse);
|
|
286
303
|
} catch (err) {
|
|
287
|
-
req.logger.error(
|
|
304
|
+
req.logger.error(() => ({
|
|
305
|
+
err,
|
|
306
|
+
body: req.body,
|
|
307
|
+
msg: "Error in PoW captcha solution submission"
|
|
308
|
+
}));
|
|
288
309
|
return next(
|
|
289
310
|
new common.ProsopoApiError("API.BAD_REQUEST", {
|
|
290
311
|
context: {
|
|
@@ -303,6 +324,7 @@ function prosopoRouter(env) {
|
|
|
303
324
|
types.ClientApiPaths.SubmitPowCaptchaSolution,
|
|
304
325
|
async (req, res, next) => {
|
|
305
326
|
let parsed;
|
|
327
|
+
const tasks$1 = new tasks.Tasks(env, req.logger);
|
|
306
328
|
try {
|
|
307
329
|
parsed = types.SubmitPowCaptchaSolutionBody.parse(req.body);
|
|
308
330
|
} catch (err) {
|
|
@@ -323,7 +345,7 @@ function prosopoRouter(env) {
|
|
|
323
345
|
dapp,
|
|
324
346
|
user
|
|
325
347
|
} = parsed;
|
|
326
|
-
validateAddress.
|
|
348
|
+
validateAddress.validateSiteKey(dapp);
|
|
327
349
|
validateAddress.validateAddr(user);
|
|
328
350
|
try {
|
|
329
351
|
const clientRecord = await tasks$1.db.getClientRecord(dapp);
|
|
@@ -344,12 +366,16 @@ function prosopoRouter(env) {
|
|
|
344
366
|
verifiedTimeout,
|
|
345
367
|
signature.user.timestamp,
|
|
346
368
|
util.getIPAddress(req.ip || ""),
|
|
347
|
-
util
|
|
369
|
+
util.flatten(req.headers)
|
|
348
370
|
);
|
|
349
371
|
const response = { status: "ok", verified };
|
|
350
372
|
return res.json(response);
|
|
351
373
|
} catch (err) {
|
|
352
|
-
req.logger.error(
|
|
374
|
+
req.logger.error(() => ({
|
|
375
|
+
err,
|
|
376
|
+
body: req.body,
|
|
377
|
+
msg: "Error in PoW captcha solution submission"
|
|
378
|
+
}));
|
|
353
379
|
return next(
|
|
354
380
|
new common.ProsopoApiError("API.BAD_REQUEST", {
|
|
355
381
|
context: {
|
|
@@ -368,10 +394,14 @@ function prosopoRouter(env) {
|
|
|
368
394
|
types.ClientApiPaths.GetFrictionlessCaptchaChallenge,
|
|
369
395
|
async (req, res, next) => {
|
|
370
396
|
try {
|
|
397
|
+
const tasks$1 = new tasks.Tasks(env, req.logger);
|
|
371
398
|
const { token, dapp, user } = types.GetFrictionlessCaptchaChallengeRequestBody.parse(req.body);
|
|
372
399
|
const existingToken = await tasks$1.db.getFrictionlessTokenRecordByToken(token);
|
|
373
400
|
if (existingToken) {
|
|
374
|
-
req.logger.info(
|
|
401
|
+
req.logger.info(() => ({
|
|
402
|
+
token: existingToken,
|
|
403
|
+
msg: "Token has already been used"
|
|
404
|
+
}));
|
|
375
405
|
return res.json(
|
|
376
406
|
await tasks$1.frictionlessManager.sendImageCaptcha(
|
|
377
407
|
existingToken._id
|
|
@@ -432,19 +462,58 @@ function prosopoRouter(env) {
|
|
|
432
462
|
);
|
|
433
463
|
}
|
|
434
464
|
const ipAddress = util.getIPAddress(req.ip || "");
|
|
435
|
-
const
|
|
465
|
+
const resolveAccessPolicy = userAccessPolicy.createAccessPolicyResolver(
|
|
436
466
|
userAccessRulesStorage,
|
|
437
467
|
req.logger
|
|
438
468
|
);
|
|
439
|
-
const
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
469
|
+
const accessPolicy = await resolveAccessPolicy({
|
|
470
|
+
policyScope: {
|
|
471
|
+
clientId: dapp
|
|
472
|
+
},
|
|
473
|
+
policyScopeMatch: userAccessPolicy.ScopeMatch.Greedy,
|
|
474
|
+
userScope: {
|
|
475
|
+
userId: user,
|
|
476
|
+
ja4Hash: req.ja4,
|
|
477
|
+
numericIp: ipAddress.bigInt()
|
|
478
|
+
},
|
|
479
|
+
userScopeMatch: userAccessPolicy.ScopeMatch.Greedy
|
|
480
|
+
});
|
|
481
|
+
const accessPolicies = await Promise.all([
|
|
482
|
+
resolveAccessPolicy({
|
|
483
|
+
userScope: {
|
|
484
|
+
userId: user,
|
|
485
|
+
ja4Hash: req.ja4,
|
|
486
|
+
numericIp: ipAddress.bigInt()
|
|
487
|
+
},
|
|
488
|
+
userScopeMatch: userAccessPolicy.ScopeMatch.Exact
|
|
489
|
+
}),
|
|
490
|
+
resolveAccessPolicy({
|
|
491
|
+
policyScope: {
|
|
492
|
+
clientId: dapp
|
|
493
|
+
},
|
|
494
|
+
policyScopeMatch: userAccessPolicy.ScopeMatch.Exact,
|
|
495
|
+
userScope: {
|
|
496
|
+
userId: user,
|
|
497
|
+
ja4Hash: req.ja4,
|
|
498
|
+
numericIp: ipAddress.bigInt()
|
|
499
|
+
},
|
|
500
|
+
userScopeMatch: userAccessPolicy.ScopeMatch.Exact
|
|
501
|
+
}),
|
|
502
|
+
resolveAccessPolicy({
|
|
503
|
+
policyScope: {
|
|
504
|
+
clientId: dapp
|
|
505
|
+
},
|
|
506
|
+
policyScopeMatch: userAccessPolicy.ScopeMatch.Exact,
|
|
507
|
+
userScope: {
|
|
508
|
+
ja4Hash: req.ja4,
|
|
509
|
+
numericIp: ipAddress.bigInt()
|
|
510
|
+
},
|
|
511
|
+
userScopeMatch: userAccessPolicy.ScopeMatch.Exact
|
|
512
|
+
})
|
|
513
|
+
]);
|
|
514
|
+
if (accessPolicy?.solvedImagesCount || accessPolicy?.unsolvedImagesCount) {
|
|
446
515
|
await tasks$1.frictionlessManager.scoreIncreaseAccessPolicy(
|
|
447
|
-
|
|
516
|
+
accessPolicy,
|
|
448
517
|
baseBotScore,
|
|
449
518
|
botScore,
|
|
450
519
|
tokenId
|
|
@@ -454,9 +523,14 @@ function prosopoRouter(env) {
|
|
|
454
523
|
);
|
|
455
524
|
}
|
|
456
525
|
if (Number(botScore) > botThreshold) {
|
|
457
|
-
req.logger.info({
|
|
458
|
-
message:
|
|
459
|
-
|
|
526
|
+
req.logger.info(() => ({
|
|
527
|
+
message: "Bot score is greater than threshold",
|
|
528
|
+
data: {
|
|
529
|
+
botScore,
|
|
530
|
+
botThreshold,
|
|
531
|
+
tokenId
|
|
532
|
+
}
|
|
533
|
+
}));
|
|
460
534
|
return res.json(
|
|
461
535
|
await tasks$1.frictionlessManager.sendImageCaptcha(tokenId)
|
|
462
536
|
);
|
|
@@ -465,7 +539,10 @@ function prosopoRouter(env) {
|
|
|
465
539
|
await tasks$1.frictionlessManager.sendPowCaptcha(tokenId)
|
|
466
540
|
);
|
|
467
541
|
} catch (err) {
|
|
468
|
-
req.logger.error(
|
|
542
|
+
req.logger.error(() => ({
|
|
543
|
+
err,
|
|
544
|
+
msg: "Error in frictionless captcha challenge"
|
|
545
|
+
}));
|
|
469
546
|
return next(
|
|
470
547
|
new common.ProsopoApiError("API.BAD_REQUEST", {
|
|
471
548
|
context: { code: 400, error: err },
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
|
|
3
|
-
const utilCrypto = require("@polkadot/util-crypto");
|
|
4
3
|
const apiExpressRouter = require("@prosopo/api-express-router");
|
|
5
4
|
const common = require("@prosopo/common");
|
|
5
|
+
const utilCrypto = require("@prosopo/util-crypto");
|
|
6
6
|
const zod = require("zod");
|
|
7
7
|
require("../tasks/index.cjs");
|
|
8
8
|
const tasks = require("../tasks/tasks.cjs");
|
|
@@ -60,9 +60,9 @@ const siteKeyNotRegisteredError = (i18n, dapp, logger) => {
|
|
|
60
60
|
logger
|
|
61
61
|
});
|
|
62
62
|
};
|
|
63
|
-
const invalidSiteKeyError = (i18n,
|
|
63
|
+
const invalidSiteKeyError = (i18n, siteKey, logger) => {
|
|
64
64
|
return new common.ProsopoApiError("API.INVALID_SITE_KEY", {
|
|
65
|
-
context: { code: 400, siteKey
|
|
65
|
+
context: { code: 400, siteKey },
|
|
66
66
|
i18n,
|
|
67
67
|
logger
|
|
68
68
|
});
|
|
@@ -15,7 +15,7 @@ const headerCheckMiddleware = (env) => {
|
|
|
15
15
|
unauthorised(res);
|
|
16
16
|
return;
|
|
17
17
|
}
|
|
18
|
-
validateAddress.
|
|
18
|
+
validateAddress.validateSiteKey(siteKey, req.logger);
|
|
19
19
|
validateAddress.validateAddr(user, void 0, req.logger);
|
|
20
20
|
req.user = user;
|
|
21
21
|
req.siteKey = siteKey;
|
|
@@ -7,7 +7,7 @@ const common = require("@prosopo/common");
|
|
|
7
7
|
const readTlsClientHello = require("read-tls-client-hello");
|
|
8
8
|
const DEFAULT_JA4 = "ja4";
|
|
9
9
|
const getJA4 = async (headers, logger) => {
|
|
10
|
-
logger = logger || common.
|
|
10
|
+
logger = logger || common.getLogger("info", module);
|
|
11
11
|
if (process.env.NODE_ENV === "development") {
|
|
12
12
|
return { ja4PlusFingerprint: DEFAULT_JA4 };
|
|
13
13
|
}
|
|
@@ -16,15 +16,20 @@ const getJA4 = async (headers, logger) => {
|
|
|
16
16
|
const xTlsVersion = (headers["x-tls-version"] || "").toString().toLowerCase();
|
|
17
17
|
const xTlsServerName = (headers["x-tls-server-name"] || "").toString();
|
|
18
18
|
const clientHelloBuffer = Buffer.from(xTlsClientHello, "base64");
|
|
19
|
-
logger.debug(
|
|
20
|
-
"ClientHello First Bytes:",
|
|
21
|
-
clientHelloBuffer.subarray(0, 5).toString("hex")
|
|
22
|
-
);
|
|
19
|
+
logger.debug(() => ({
|
|
20
|
+
msg: "ClientHello First Bytes:",
|
|
21
|
+
data: { hex: clientHelloBuffer.subarray(0, 5).toString("hex") }
|
|
22
|
+
}));
|
|
23
23
|
if (clientHelloBuffer[5] !== 1) {
|
|
24
|
-
logger.
|
|
24
|
+
logger.debug(() => ({
|
|
25
|
+
msg: "Invalid ClientHello message: First byte is not 0x01"
|
|
26
|
+
}));
|
|
25
27
|
return { ja4PlusFingerprint: DEFAULT_JA4 };
|
|
26
28
|
}
|
|
27
|
-
logger.debug(
|
|
29
|
+
logger.debug(() => ({
|
|
30
|
+
msg: "Headers TLS Version:",
|
|
31
|
+
data: { xTlsVersion }
|
|
32
|
+
}));
|
|
28
33
|
const tlsVersion = xTlsVersion.replace(/(tls)|\./g, "");
|
|
29
34
|
const readableStream = new node_stream.Readable({
|
|
30
35
|
read() {
|
|
@@ -53,13 +58,17 @@ const getJA4 = async (headers, logger) => {
|
|
|
53
58
|
const ja4PlusFingerprint = `${transport}${tlsVersion}${sniIndicator}${cipherCount}${extensionCount}${alpnLabel}_${cipherHash}_${extensionHash}`;
|
|
54
59
|
return { ja4PlusFingerprint };
|
|
55
60
|
} catch (e) {
|
|
56
|
-
logger.error(
|
|
61
|
+
logger.error(() => ({
|
|
62
|
+
msg: "Error generating JA4+ fingerprint:",
|
|
63
|
+
err: e instanceof Error ? e : new Error(String(e))
|
|
64
|
+
}));
|
|
57
65
|
return { ja4PlusFingerprint: DEFAULT_JA4 };
|
|
58
66
|
}
|
|
59
67
|
};
|
|
60
68
|
const ja4Middleware = (env) => {
|
|
61
69
|
return async (req, res, next) => {
|
|
62
70
|
try {
|
|
71
|
+
req.logger.debug(() => ({ data: { url: req.url } }));
|
|
63
72
|
const ja4 = await getJA4(req.headers, req.logger);
|
|
64
73
|
req.ja4 = ja4.ja4PlusFingerprint || "";
|
|
65
74
|
next();
|