npm - @prosopo/provider - Versions diffs - 3.1.3 → 3.2.1 - Mend

@prosopo/provider 3.1.3 → 3.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (227) hide show

package/dist/api/domainMiddleware.js CHANGED Viewed

@@ -2,81 +2,88 @@ import { handleErrors } from "@prosopo/api-express-router";
 import { ProsopoApiError } from "@prosopo/common";
 import { validateAddress } from "@prosopo/util-crypto";
 import { ZodError } from "zod";
-import { Tasks } from "../tasks/index.js";
-export const domainMiddleware = (env) => {
-    const tasks = new Tasks(env);
-    return async (req, res, next) => {
-        try {
-            const dapp = req.headers["prosopo-site-key"];
-            if (!dapp)
-                throw siteKeyNotRegisteredError(req.i18n, "No sitekey provided", req.logger);
-            try {
-                validateAddress(dapp, false, 42);
-            }
-            catch (err) {
-                throw invalidSiteKeyError(req.i18n, dapp, req.logger);
-            }
-            const clientSettings = await tasks.db.getClientRecord(dapp);
-            if (!clientSettings)
-                throw siteKeyNotRegisteredError(req.i18n, dapp, req.logger);
-            const allowedDomains = clientSettings.settings?.domains;
-            if (!allowedDomains)
-                throw siteKeyInvalidDomainError(req.i18n, dapp, req.hostname, req.logger);
-            const origin = req.headers.origin;
-            if (!origin)
-                throw unauthorizedOriginError(req.i18n, undefined, req.logger);
-            for (const domain of allowedDomains) {
-                if (tasks.clientTaskManager.isSubdomainOrExactMatch(origin, domain)) {
-                    next();
-                    return;
-                }
-            }
-            throw unauthorizedOriginError(req.i18n, origin, req.logger);
+import "../tasks/index.js";
+import { Tasks } from "../tasks/tasks.js";
+const domainMiddleware = (env) => {
+  const tasks = new Tasks(env);
+  return async (req, res, next) => {
+    try {
+      const dapp = req.headers["prosopo-site-key"];
+      if (!dapp)
+        throw siteKeyNotRegisteredError(
+          req.i18n,
+          "No sitekey provided",
+          req.logger
+        );
+      try {
+        validateAddress(dapp, false, 42);
+      } catch (err) {
+        throw invalidSiteKeyError(req.i18n, dapp, req.logger);
+      }
+      const clientSettings = await tasks.db.getClientRecord(dapp);
+      if (!clientSettings)
+        throw siteKeyNotRegisteredError(req.i18n, dapp, req.logger);
+      const allowedDomains = clientSettings.settings?.domains;
+      if (!allowedDomains)
+        throw siteKeyInvalidDomainError(
+          req.i18n,
+          dapp,
+          req.hostname,
+          req.logger
+        );
+      const origin = req.headers.origin;
+      if (!origin)
+        throw unauthorizedOriginError(req.i18n, void 0, req.logger);
+      for (const domain of allowedDomains) {
+        if (tasks.clientTaskManager.isSubdomainOrExactMatch(origin, domain)) {
+          next();
+          return;
         }
-        catch (err) {
-            if (err instanceof ProsopoApiError ||
-                err instanceof ZodError ||
-                err instanceof SyntaxError) {
-                handleErrors(err, req, res, next);
-            }
-            else {
-                res.status(401).json({ error: "Unauthorized", message: err });
-                return;
-            }
-        }
-    };
+      }
+      throw unauthorizedOriginError(req.i18n, origin, req.logger);
+    } catch (err) {
+      if (err instanceof ProsopoApiError || err instanceof ZodError || err instanceof SyntaxError) {
+        handleErrors(err, req, res, next);
+      } else {
+        res.status(401).json({ error: "Unauthorized", message: err });
+        return;
+      }
+    }
+  };
 };
 const siteKeyNotRegisteredError = (i18n, dapp, logger) => {
-    return new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
-        context: { code: 400, siteKey: dapp },
-        i18n,
-        logger,
-    });
+  return new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+    context: { code: 400, siteKey: dapp },
+    i18n,
+    logger
+  });
 };
 const invalidSiteKeyError = (i18n, siteKey, logger) => {
-    return new ProsopoApiError("API.INVALID_SITE_KEY", {
-        context: { code: 400, siteKey: siteKey },
-        i18n,
-        logger,
-    });
+  return new ProsopoApiError("API.INVALID_SITE_KEY", {
+    context: { code: 400, siteKey },
+    i18n,
+    logger
+  });
 };
 const unauthorizedOriginError = (i18n, origin, logger) => {
-    return new ProsopoApiError("API.UNAUTHORIZED_ORIGIN_URL", {
-        context: { code: 400, origin },
-        i18n,
-        logger,
-    });
+  return new ProsopoApiError("API.UNAUTHORIZED_ORIGIN_URL", {
+    context: { code: 400, origin },
+    i18n,
+    logger
+  });
 };
 const siteKeyInvalidDomainError = (i18n, dapp, domain, logger) => {
-    return new ProsopoApiError("API.UNAUTHORIZED_ORIGIN_URL", {
-        context: {
-            code: 400,
-            message: "No domains are allowed for this site key. Please fix in the Procaptcha Portal",
-            siteKey: dapp,
-            domain,
-        },
-        i18n,
-        logger,
-    });
+  return new ProsopoApiError("API.UNAUTHORIZED_ORIGIN_URL", {
+    context: {
+      code: 400,
+      message: "No domains are allowed for this site key. Please fix in the Procaptcha Portal",
+      siteKey: dapp,
+      domain
+    },
+    i18n,
+    logger
+  });
+};
+export {
+  domainMiddleware
 };
-//# sourceMappingURL=domainMiddleware.js.map

package/dist/api/headerCheckMiddleware.js CHANGED Viewed

@@ -1,28 +1,29 @@
 import { handleErrors } from "@prosopo/api-express-router";
-import { validateAddr, validateSiteKey } from "./validateAddress.js";
-export const headerCheckMiddleware = (env) => {
-    return async (req, res, next) => {
-        try {
-            const user = req.headers["prosopo-user"];
-            const siteKey = req.headers["prosopo-site-key"];
-            if (!user) {
-                unauthorised(res);
-                return;
-            }
-            if (!siteKey) {
-                unauthorised(res);
-                return;
-            }
-            validateSiteKey(siteKey, req.logger);
-            validateAddr(user, undefined, req.logger);
-            req.user = user;
-            req.siteKey = siteKey;
-            next();
-        }
-        catch (err) {
-            return handleErrors(err, req, res, next);
-        }
-    };
+import { validateSiteKey, validateAddr } from "./validateAddress.js";
+const headerCheckMiddleware = (env) => {
+  return async (req, res, next) => {
+    try {
+      const user = req.headers["prosopo-user"];
+      const siteKey = req.headers["prosopo-site-key"];
+      if (!user) {
+        unauthorised(res);
+        return;
+      }
+      if (!siteKey) {
+        unauthorised(res);
+        return;
+      }
+      validateSiteKey(siteKey, req.logger);
+      validateAddr(user, void 0, req.logger);
+      req.user = user;
+      req.siteKey = siteKey;
+      next();
+    } catch (err) {
+      return handleErrors(err, req, res, next);
+    }
+  };
 };
 const unauthorised = (res) => res.status(401).json({ error: "Unauthorized", message: "Unauthorized" });
-//# sourceMappingURL=headerCheckMiddleware.js.map
+export {
+  headerCheckMiddleware
+};

package/dist/api/ignoreMiddleware.js CHANGED Viewed

@@ -1,12 +1,14 @@
 import { ApiPrefix } from "@prosopo/types";
-export function ignoreMiddleware() {
-    return (req, res, next) => {
-        if (req.originalUrl.indexOf(ApiPrefix) === -1) {
-            res.statusCode = 404;
-            res.send("Not Found");
-            return;
-        }
-        next();
-    };
+function ignoreMiddleware() {
+  return (req, res, next) => {
+    if (req.originalUrl.indexOf(ApiPrefix) === -1) {
+      res.statusCode = 404;
+      res.send("Not Found");
+      return;
+    }
+    next();
+  };
 }
-//# sourceMappingURL=ignoreMiddleware.js.map
+export {
+  ignoreMiddleware
+};

package/dist/api/ja4Middleware.js CHANGED Viewed

@@ -2,89 +2,84 @@ import { createHash } from "node:crypto";
 import { Readable } from "node:stream";
 import { handleErrors } from "@prosopo/api-express-router";
 import { getLogger } from "@prosopo/common";
+import { randomAsHex } from "@prosopo/util-crypto";
 import { readTlsClientHello } from "read-tls-client-hello";
-export const DEFAULT_JA4 = "ja4";
-export const getJA4 = async (headers, logger) => {
-    logger = logger || getLogger("info", import.meta.url);
-    if (process.env.NODE_ENV === "development") {
-        return { ja4PlusFingerprint: DEFAULT_JA4 };
+const DEFAULT_JA4 = "ja4";
+const getJA4 = async (headers, logger) => {
+  logger = logger || getLogger("info", import.meta.url);
+  if (process.env.NODE_ENV === "development") {
+    return {
+      ja4PlusFingerprint: `${DEFAULT_JA4}${randomAsHex().slice(28, 32)}`
+    };
+  }
+  try {
+    const xTlsClientHello = (headers["x-tls-clienthello"] || "").toString();
+    const xTlsVersion = (headers["x-tls-version"] || "").toString().toLowerCase();
+    const xTlsServerName = (headers["x-tls-server-name"] || "").toString();
+    const clientHelloBuffer = Buffer.from(xTlsClientHello, "base64");
+    logger.debug(() => ({
+      msg: "ClientHello First Bytes:",
+      data: { hex: clientHelloBuffer.subarray(0, 5).toString("hex") }
+    }));
+    if (clientHelloBuffer[5] !== 1) {
+      logger.debug(() => ({
+        msg: "Invalid ClientHello message: First byte is not 0x01"
+      }));
+      return { ja4PlusFingerprint: DEFAULT_JA4 };
     }
+    logger.debug(() => ({
+      msg: "Headers TLS Version:",
+      data: { xTlsVersion }
+    }));
+    const tlsVersion = xTlsVersion.replace(/(tls)|\./g, "");
+    const readableStream = new Readable({
+      read() {
+        this.push(clientHelloBuffer);
+      }
+    });
+    const clientHello = await readTlsClientHello(readableStream);
+    const { alpnProtocols } = clientHello;
+    const [_tlsVersion, cipherSuites, extensions] = clientHello.fingerprintData;
+    const transport = "t";
+    const sniIndicator = xTlsServerName ? "d" : "i";
+    const validCipherSuites = cipherSuites.filter(
+      (cs) => (cs & 3855) !== 2570
+    );
+    const cipherCount = validCipherSuites.length;
+    const validExtensions = extensions.filter(
+      (ext) => (ext & 3855) !== 2570
+    );
+    const extensionCount = validExtensions.length;
+    const alpn = alpnProtocols?.length ? alpnProtocols[0] : "";
+    const alpnLabel = alpn ? `${alpn[0]}${alpn[alpn.length - 1]}` : "00";
+    const sortedCiphers = validCipherSuites.map((cs) => cs.toString(16).padStart(4, "0")).sort().join(",");
+    const cipherHash = createHash("sha256").update(sortedCiphers).digest("hex").slice(0, 12);
+    const decimalString = extensions.sort((a, b) => a - b).map((ext) => ext.toString(10)).join("-");
+    const extensionHash = createHash("sha256").update(decimalString).digest("hex").slice(0, 12);
+    const ja4PlusFingerprint = `${transport}${tlsVersion}${sniIndicator}${cipherCount}${extensionCount}${alpnLabel}_${cipherHash}_${extensionHash}`;
+    return { ja4PlusFingerprint };
+  } catch (e) {
+    logger.error(() => ({
+      msg: "Error generating JA4+ fingerprint:",
+      err: e instanceof Error ? e : new Error(String(e))
+    }));
+    return { ja4PlusFingerprint: DEFAULT_JA4 };
+  }
+};
+const ja4Middleware = (env) => {
+  return async (req, res, next) => {
     try {
-        const xTlsClientHello = (headers["x-tls-clienthello"] || "").toString();
-        const xTlsVersion = (headers["x-tls-version"] || "")
-            .toString()
-            .toLowerCase();
-        const xTlsServerName = (headers["x-tls-server-name"] || "").toString();
-        const clientHelloBuffer = Buffer.from(xTlsClientHello, "base64");
-        logger.debug(() => ({
-            msg: "ClientHello First Bytes:",
-            data: { hex: clientHelloBuffer.subarray(0, 5).toString("hex") },
-        }));
-        if (clientHelloBuffer[5] !== 0x01) {
-            logger.debug(() => ({
-                msg: "Invalid ClientHello message: First byte is not 0x01",
-            }));
-            return { ja4PlusFingerprint: DEFAULT_JA4 };
-        }
-        logger.debug(() => ({
-            msg: "Headers TLS Version:",
-            data: { xTlsVersion },
-        }));
-        const tlsVersion = xTlsVersion.replace(/(tls)|\./g, "");
-        const readableStream = new Readable({
-            read() {
-                this.push(clientHelloBuffer);
-            },
-        });
-        const clientHello = await readTlsClientHello(readableStream);
-        const { alpnProtocols } = clientHello;
-        const [_tlsVersion, cipherSuites, extensions] = clientHello.fingerprintData;
-        const transport = "t";
-        const sniIndicator = xTlsServerName ? "d" : "i";
-        const validCipherSuites = cipherSuites.filter((cs) => (cs & 0x0f0f) !== 0x0a0a);
-        const cipherCount = validCipherSuites.length;
-        const validExtensions = extensions.filter((ext) => (ext & 0x0f0f) !== 0x0a0a);
-        const extensionCount = validExtensions.length;
-        const alpn = alpnProtocols?.length ? alpnProtocols[0] : "";
-        const alpnLabel = alpn ? `${alpn[0]}${alpn[alpn.length - 1]}` : "00";
-        const sortedCiphers = validCipherSuites
-            .map((cs) => cs.toString(16).padStart(4, "0"))
-            .sort()
-            .join(",");
-        const cipherHash = createHash("sha256")
-            .update(sortedCiphers)
-            .digest("hex")
-            .slice(0, 12);
-        const decimalString = extensions
-            .sort((a, b) => a - b)
-            .map((ext) => ext.toString(10))
-            .join("-");
-        const extensionHash = createHash("sha256")
-            .update(decimalString)
-            .digest("hex")
-            .slice(0, 12);
-        const ja4PlusFingerprint = `${transport}${tlsVersion}${sniIndicator}${cipherCount}${extensionCount}${alpnLabel}_${cipherHash}_${extensionHash}`;
-        return { ja4PlusFingerprint };
-    }
-    catch (e) {
-        logger.error(() => ({
-            msg: "Error generating JA4+ fingerprint:",
-            err: e instanceof Error ? e : new Error(String(e)),
-        }));
-        return { ja4PlusFingerprint: DEFAULT_JA4 };
+      req.logger.debug(() => ({ data: { url: req.url } }));
+      const ja4 = await getJA4(req.headers, req.logger);
+      req.ja4 = ja4.ja4PlusFingerprint || "";
+      next();
+    } catch (err) {
+      return handleErrors(err, req, res, next);
     }
+  };
 };
-export const ja4Middleware = (env) => {
-    return async (req, res, next) => {
-        try {
-            req.logger.debug(() => ({ data: { url: req.url } }));
-            const ja4 = await getJA4(req.headers, req.logger);
-            req.ja4 = ja4.ja4PlusFingerprint || "";
-            next();
-        }
-        catch (err) {
-            return handleErrors(err, req, res, next);
-        }
-    };
+export {
+  DEFAULT_JA4,
+  getJA4,
+  ja4Middleware
 };
-//# sourceMappingURL=ja4Middleware.js.map

package/dist/api/public.js CHANGED Viewed

@@ -3,27 +3,30 @@ import { ProsopoApiError } from "@prosopo/common";
 import { PublicApiPaths } from "@prosopo/types";
 import { version } from "@prosopo/util";
 import express from "express";
-export function publicRouter() {
-    const router = express.Router();
-    router.get(PublicApiPaths.Healthz, (req, res) => {
-        res.status(200).send("OK");
-    });
-    router.get(PublicApiPaths.GetProviderDetails, async (req, res, next) => {
-        try {
-            return res.json({ version, ...{ message: "Provider online" } });
-        }
-        catch (err) {
-            req.logger.error(() => ({
-                err,
-                data: { reqParams: req.params },
-                msg: "Error getting provider details",
-            }));
-            return next(new ProsopoApiError("API.BAD_REQUEST", {
-                context: { code: 500 },
-            }));
-        }
-    });
-    router.use(handleErrors);
-    return router;
+function publicRouter() {
+  const router = express.Router();
+  router.get(PublicApiPaths.Healthz, (req, res) => {
+    res.status(200).send("OK");
+  });
+  router.get(PublicApiPaths.GetProviderDetails, async (req, res, next) => {
+    try {
+      return res.json({ version, ...{ message: "Provider online" } });
+    } catch (err) {
+      req.logger.error(() => ({
+        err,
+        data: { reqParams: req.params },
+        msg: "Error getting provider details"
+      }));
+      return next(
+        new ProsopoApiError("API.BAD_REQUEST", {
+          context: { code: 500 }
+        })
+      );
+    }
+  });
+  router.use(handleErrors);
+  return router;
 }
-//# sourceMappingURL=public.js.map
+export {
+  publicRouter
+};

package/dist/api/robotsMiddleware.js CHANGED Viewed

@@ -1,10 +1,12 @@
-export function robotsMiddleware() {
-    return (_req, res, next) => {
-        res.setHeader("Strict-Transport-Security", "max-age=31536000;");
-        res.setHeader("X-XSS-Protection", "1; mode=block");
-        res.setHeader("X-Frame-Options", "DENY");
-        res.setHeader("X-Robots-Tag", "none");
-        next();
-    };
+function robotsMiddleware() {
+  return (_req, res, next) => {
+    res.setHeader("Strict-Transport-Security", "max-age=31536000;");
+    res.setHeader("X-XSS-Protection", "1; mode=block");
+    res.setHeader("X-Frame-Options", "DENY");
+    res.setHeader("X-Robots-Tag", "none");
+    next();
+  };
 }
-//# sourceMappingURL=robotsMiddleware.js.map
+export {
+  robotsMiddleware
+};

package/dist/api/validateAddress.js CHANGED Viewed

@@ -1,23 +1,25 @@
 import { ProsopoApiError } from "@prosopo/common";
 import { validateAddress } from "@prosopo/util-crypto";
-export const validateSiteKey = (siteKey, logger) => {
-    return validateAddr(siteKey, "API.INVALID_SITE_KEY", logger);
+const validateSiteKey = (siteKey, logger) => {
+  return validateAddr(siteKey, "API.INVALID_SITE_KEY", logger);
 };
-export const validateAddr = (address, translationKey = "CONTRACT.INVALID_ADDRESS", logger) => {
-    try {
-        const valid = validateAddress(address, false, 42);
-        if (!valid) {
-            throw new ProsopoApiError(translationKey, {
-                context: { code: 400, siteKey: address },
-                logger,
-            });
-        }
-    }
-    catch (err) {
-        throw new ProsopoApiError(translationKey, {
-            context: { code: 400, siteKey: address },
-            logger,
-        });
+const validateAddr = (address, translationKey = "CONTRACT.INVALID_ADDRESS", logger) => {
+  try {
+    const valid = validateAddress(address, false, 42);
+    if (!valid) {
+      throw new ProsopoApiError(translationKey, {
+        context: { code: 400, siteKey: address },
+        logger
+      });
     }
+  } catch (err) {
+    throw new ProsopoApiError(translationKey, {
+      context: { code: 400, siteKey: address },
+      logger
+    });
+  }
+};
+export {
+  validateAddr,
+  validateSiteKey
 };
-//# sourceMappingURL=validateAddress.js.map