npm - @prosopo/provider - Versions diffs - 3.1.3 → 3.2.1 - Mend

@prosopo/provider 3.1.3 → 3.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (227) hide show

package/dist/api/verify.js CHANGED Viewed

@@ -1,103 +1,141 @@
-import { handleErrors, verifySignature } from "@prosopo/api-express-router";
+import { verifySignature, handleErrors } from "@prosopo/api-express-router";
 import { ProsopoApiError } from "@prosopo/common";
-import { ApiParams, ClientApiPaths, ServerPowCaptchaVerifyRequestBody, VerifySolutionBody, decodeProcaptchaOutput, } from "@prosopo/types";
+import { ClientApiPaths, VerifySolutionBody, decodeProcaptchaOutput, ApiParams, ServerPowCaptchaVerifyRequestBody } from "@prosopo/types";
 import { validateAddress } from "@prosopo/util-crypto";
 import express from "express";
 import { Tasks } from "../tasks/tasks.js";
-export function prosopoVerifyRouter(env) {
-    const router = express.Router();
-    router.post(ClientApiPaths.VerifyImageCaptchaSolutionDapp, async (req, res, next) => {
-        const tasks = new Tasks(env, req.logger);
-        let parsed;
-        try {
-            parsed = VerifySolutionBody.parse(req.body);
+function prosopoVerifyRouter(env) {
+  const router = express.Router();
+  router.post(
+    ClientApiPaths.VerifyImageCaptchaSolutionDapp,
+    async (req, res, next) => {
+      const tasks = new Tasks(env, req.logger);
+      let parsed;
+      try {
+        parsed = VerifySolutionBody.parse(req.body);
+      } catch (err) {
+        return next(
+          new ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+            context: { code: 400, error: err, body: req.body },
+            i18n: req.i18n,
+            logger: req.logger
+          })
+        );
+      }
+      const { dappSignature, token, ip } = parsed;
+      try {
+        const { user, dapp, timestamp, commitmentId } = decodeProcaptchaOutput(token);
+        validateAddress(dapp, false, 42);
+        validateAddress(user, false, 42);
+        const clientRecord = await tasks.db.getClientRecord(dapp);
+        if (!clientRecord) {
+          return next(
+            new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+              context: { code: 400, siteKey: dapp, user },
+              i18n: req.i18n,
+              logger: req.logger
+            })
+          );
         }
-        catch (err) {
-            return next(new ProsopoApiError("CAPTCHA.PARSE_ERROR", {
-                context: { code: 400, error: err, body: req.body },
-                i18n: req.i18n,
-                logger: req.logger,
-            }));
+        const keyPair = env.keyring.addFromAddress(dapp);
+        verifySignature(dappSignature, timestamp.toString(), keyPair);
+        const response = await tasks.imgCaptchaManager.verifyImageCaptchaSolution(
+          user,
+          dapp,
+          commitmentId,
+          parsed.maxVerifiedTime,
+          ip
+        );
+        req.logger.debug(() => ({ data: { response } }));
+        const verificationResponse = tasks.imgCaptchaManager.getVerificationResponse(
+          response[ApiParams.verified],
+          clientRecord,
+          req.i18n.t,
+          response[ApiParams.score],
+          response[ApiParams.commitmentId]
+        );
+        res.json(verificationResponse);
+      } catch (err) {
+        req.logger.error(() => ({ err, data: { body: req.body } }));
+        return next(
+          new ProsopoApiError("API.BAD_REQUEST", {
+            context: { code: 500, siteKey: req.body.dapp, user: req.body.user },
+            i18n: req.i18n,
+            logger: req.logger
+          })
+        );
+      }
+    }
+  );
+  router.post(
+    ClientApiPaths.VerifyPowCaptchaSolution,
+    async (req, res, next) => {
+      const tasks = new Tasks(env, req.logger);
+      let parsed;
+      try {
+        parsed = ServerPowCaptchaVerifyRequestBody.parse(req.body);
+      } catch (err) {
+        return next(
+          new ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+            context: { code: 400, error: err, body: req.body },
+            i18n: req.i18n,
+            logger: req.logger
+          })
+        );
+      }
+      try {
+        const { token, dappSignature, verifiedTimeout, ip } = parsed;
+        const { dapp, user, timestamp, challenge } = decodeProcaptchaOutput(token);
+        validateAddress(dapp, false, 42);
+        validateAddress(user, false, 42);
+        const clientRecord = await tasks.db.getClientRecord(dapp);
+        if (!clientRecord) {
+          return next(
+            new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+              context: { code: 400, siteKey: dapp },
+              i18n: req.i18n,
+              logger: req.logger
+            })
+          );
         }
-        const { dappSignature, token, ip } = parsed;
-        try {
-            const { user, dapp, timestamp, commitmentId } = decodeProcaptchaOutput(token);
-            validateAddress(dapp, false, 42);
-            validateAddress(user, false, 42);
-            const clientRecord = await tasks.db.getClientRecord(dapp);
-            if (!clientRecord) {
-                return next(new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
-                    context: { code: 400, siteKey: dapp, user },
-                    i18n: req.i18n,
-                    logger: req.logger,
-                }));
-            }
-            const keyPair = env.keyring.addFromAddress(dapp);
-            verifySignature(dappSignature, timestamp.toString(), keyPair);
-            const response = await tasks.imgCaptchaManager.verifyImageCaptchaSolution(user, dapp, commitmentId, parsed.maxVerifiedTime, ip);
-            req.logger.debug(() => ({ data: { response } }));
-            const verificationResponse = tasks.imgCaptchaManager.getVerificationResponse(response[ApiParams.verified], clientRecord, req.i18n.t, response[ApiParams.score], response[ApiParams.commitmentId]);
-            res.json(verificationResponse);
+        if (!challenge) {
+          const unverifiedResponse = {
+            status: req.i18n.t("API.USER_NOT_VERIFIED"),
+            [ApiParams.verified]: false
+          };
+          return res.json(unverifiedResponse);
         }
-        catch (err) {
-            req.logger.error(() => ({ err, data: { body: req.body } }));
-            return next(new ProsopoApiError("API.BAD_REQUEST", {
-                context: { code: 500, siteKey: req.body.dapp, user: req.body.user },
-                i18n: req.i18n,
-                logger: req.logger,
-            }));
-        }
-    });
-    router.post(ClientApiPaths.VerifyPowCaptchaSolution, async (req, res, next) => {
-        const tasks = new Tasks(env, req.logger);
-        let parsed;
-        try {
-            parsed = ServerPowCaptchaVerifyRequestBody.parse(req.body);
-        }
-        catch (err) {
-            return next(new ProsopoApiError("CAPTCHA.PARSE_ERROR", {
-                context: { code: 400, error: err, body: req.body },
-                i18n: req.i18n,
-                logger: req.logger,
-            }));
-        }
-        try {
-            const { token, dappSignature, verifiedTimeout, ip } = parsed;
-            const { dapp, user, timestamp, challenge } = decodeProcaptchaOutput(token);
-            validateAddress(dapp, false, 42);
-            validateAddress(user, false, 42);
-            const clientRecord = await tasks.db.getClientRecord(dapp);
-            if (!clientRecord) {
-                return next(new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
-                    context: { code: 400, siteKey: dapp },
-                    i18n: req.i18n,
-                    logger: req.logger,
-                }));
-            }
-            if (!challenge) {
-                const unverifiedResponse = {
-                    status: req.i18n.t("API.USER_NOT_VERIFIED"),
-                    [ApiParams.verified]: false,
-                };
-                return res.json(unverifiedResponse);
-            }
-            const dappPair = env.keyring.addFromAddress(dapp);
-            verifySignature(dappSignature, timestamp.toString(), dappPair);
-            const { verified, score } = await tasks.powCaptchaManager.serverVerifyPowCaptchaSolution(dapp, challenge, verifiedTimeout, ip);
-            const verificationResponse = tasks.powCaptchaManager.getVerificationResponse(verified, clientRecord, req.i18n.t, score);
-            return res.json(verificationResponse);
-        }
-        catch (err) {
-            console.error("\nError in verifyPowCaptchaSolution:", err);
-            req.logger.error(() => ({ err, data: { body: req.body } }));
-            return next(new ProsopoApiError("API.BAD_REQUEST", {
-                context: { code: 500, error: err },
-                i18n: req.i18n,
-                logger: req.logger,
-            }));
-        }
-    });
-    router.use(handleErrors);
-    return router;
+        const dappPair = env.keyring.addFromAddress(dapp);
+        verifySignature(dappSignature, timestamp.toString(), dappPair);
+        const { verified, score } = await tasks.powCaptchaManager.serverVerifyPowCaptchaSolution(
+          dapp,
+          challenge,
+          verifiedTimeout,
+          ip
+        );
+        const verificationResponse = tasks.powCaptchaManager.getVerificationResponse(
+          verified,
+          clientRecord,
+          req.i18n.t,
+          score
+        );
+        return res.json(verificationResponse);
+      } catch (err) {
+        console.error("\nError in verifyPowCaptchaSolution:", err);
+        req.logger.error(() => ({ err, data: { body: req.body } }));
+        return next(
+          new ProsopoApiError("API.BAD_REQUEST", {
+            context: { code: 500, error: err },
+            i18n: req.i18n,
+            logger: req.logger
+          })
+        );
+      }
+    }
+  );
+  router.use(handleErrors);
+  return router;
 }
-//# sourceMappingURL=verify.js.map
+export {
+  prosopoVerifyRouter
+};

package/dist/cjs/api/blacklistRequestInspector.cjs CHANGED Viewed

@@ -4,13 +4,12 @@ const types = require("@prosopo/types");
 const userAccessPolicy = require("@prosopo/user-access-policy");
 const util = require("@prosopo/util");
 const getRequestUserScope = (requestHeaders, ja4, ip, user) => {
-  const ipAddress = util.getIPAddress(ip || "");
   const userAgent = requestHeaders["user-agent"] ? requestHeaders["user-agent"].toString() : void 0;
   return {
     ...user && { userId: user },
     ...ja4 && { ja4Hash: ja4 },
     ...userAgent && { userAgent },
-    ...ipAddress && { ipAddress: ipAddress.bigInt() }
+    ...ip && { ip }
   };
 };
 const getPrioritisedAccessRule = async (userAccessRulesStorage, userScope, clientId) => {
@@ -25,7 +24,7 @@ const getPrioritisedAccessRule = async (userAccessRulesStorage, userScope, clien
       },
       {}
     )
-  );
+  ).filter((us) => Object.keys(us).length > 0).filter((us) => Object.values(us).some((value) => value !== void 0));
   const policyPromises = [];
   for (const clientOrUndefined of [clientId, void 0]) {
     for (const scope of prioritisedUserScopes) {
@@ -34,9 +33,9 @@ const getPrioritisedAccessRule = async (userAccessRulesStorage, userScope, clien
           ...clientOrUndefined && {
             policyScope: {
               clientId: clientOrUndefined
-            },
-            policyScopeMatch: userAccessPolicy.ScopeMatch.Exact
+            }
           },
+          policyScopeMatch: userAccessPolicy.ScopeMatch.Exact,
           userScope: userAccessPolicy.userScopeInputSchema.parse(scope),
           userScopeMatch: userAccessPolicy.ScopeMatch.Exact
         })
@@ -52,7 +51,6 @@ class BlacklistRequestInspector {
   }
   async abortRequestForBlockedUsers(request, res, next) {
     const rawIp = request.ip || "";
-    console.log(`Raw IP: ${rawIp}`);
     request.logger.debug(() => ({
       data: { ja4: request.ja4 }
     }));

package/dist/cjs/api/captcha.cjs CHANGED Viewed

@@ -54,10 +54,22 @@ function prosopoRouter(env) {
             })
           );
         }
+        const userScope = blacklistRequestInspector.getRequestUserScope(
+          util.flatten(req.headers),
+          req.ja4,
+          req.ip,
+          user
+        );
+        const userAccessPolicy = (await tasks$1.imgCaptchaManager.getPrioritisedAccessPolicies(
+          userAccessRulesStorage,
+          dapp,
+          userScope
+        ))[0];
         const { valid, reason, frictionlessTokenId } = await tasks$1.imgCaptchaManager.isValidRequest(
           clientRecord,
           types.CaptchaType.image,
-          sessionId
+          sessionId,
+          userAccessPolicy
         );
         if (!valid) {
           return next(
@@ -72,17 +84,6 @@ function prosopoRouter(env) {
             })
           );
         }
-        const userScope = blacklistRequestInspector.getRequestUserScope(
-          util.flatten(req.headers),
-          req.ja4,
-          req.ip,
-          user
-        );
-        const userAccessPolicy = (await tasks$1.imgCaptchaManager.getPrioritisedAccessPolicies(
-          userAccessRulesStorage,
-          dapp,
-          userScope
-        ))[0];
         const captchaConfig = {
           solved: {
             count: userAccessPolicy?.solvedImagesCount || env.config.captchas.solved.count
@@ -236,10 +237,22 @@ function prosopoRouter(env) {
           })
         );
       }
+      const userScope = blacklistRequestInspector.getRequestUserScope(
+        util.flatten(req.headers),
+        req.ja4,
+        req.ip,
+        user
+      );
+      const userAccessPolicy = (await tasks$1.powCaptchaManager.getPrioritisedAccessPolicies(
+        userAccessRulesStorage,
+        dapp,
+        userScope
+      ))[0];
       const { valid, reason, frictionlessTokenId } = await tasks$1.powCaptchaManager.isValidRequest(
         clientSettings,
         types.CaptchaType.pow,
-        sessionId
+        sessionId,
+        userAccessPolicy
       );
       if (!valid) {
         return next(
@@ -269,17 +282,6 @@ function prosopoRouter(env) {
           })
         );
       }
-      const userScope = blacklistRequestInspector.getRequestUserScope(
-        util.flatten(req.headers),
-        req.ja4,
-        req.ip,
-        user
-      );
-      const userAccessPolicy = (await tasks$1.powCaptchaManager.getPrioritisedAccessPolicies(
-        userAccessRulesStorage,
-        dapp,
-        userScope
-      ))[0];
       const challenge = await tasks$1.powCaptchaManager.getPowCaptchaChallenge(
         user,
         dapp,
@@ -462,17 +464,6 @@ function prosopoRouter(env) {
             ...lScore && { lScore }
           }
         });
-        if (frictionlessTasks.FrictionlessManager.timestampTooOld(timestamp)) {
-          await tasks$1.frictionlessManager.scoreIncreaseTimestamp(
-            timestamp,
-            baseBotScore,
-            botScore,
-            tokenId
-          );
-          return res.json(
-            await tasks$1.frictionlessManager.sendImageCaptcha(tokenId)
-          );
-        }
         const userScope = blacklistRequestInspector.getRequestUserScope(
           util.flatten(req.headers),
           req.ja4,
@@ -484,13 +475,31 @@ function prosopoRouter(env) {
           dapp,
           userScope
         ))[0];
-        if (userAccessPolicy?.captchaType === types.CaptchaType.image) {
+        if (userAccessPolicy) {
           await tasks$1.frictionlessManager.scoreIncreaseAccessPolicy(
             userAccessPolicy,
             baseBotScore,
             botScore,
             tokenId
           );
+          if (userAccessPolicy.captchaType === types.CaptchaType.image) {
+            return res.json(
+              await tasks$1.frictionlessManager.sendImageCaptcha(tokenId)
+            );
+          }
+          if (userAccessPolicy.captchaType === types.CaptchaType.pow) {
+            return res.json(
+              await tasks$1.frictionlessManager.sendPowCaptcha(tokenId)
+            );
+          }
+        }
+        if (frictionlessTasks.FrictionlessManager.timestampTooOld(timestamp)) {
+          await tasks$1.frictionlessManager.scoreIncreaseTimestamp(
+            timestamp,
+            baseBotScore,
+            botScore,
+            tokenId
+          );
           return res.json(
             await tasks$1.frictionlessManager.sendImageCaptcha(tokenId)
           );

package/dist/cjs/api/ja4Middleware.cjs CHANGED Viewed

@@ -4,12 +4,15 @@ const node_crypto = require("node:crypto");
 const node_stream = require("node:stream");
 const apiExpressRouter = require("@prosopo/api-express-router");
 const common = require("@prosopo/common");
+const utilCrypto = require("@prosopo/util-crypto");
 const readTlsClientHello = require("read-tls-client-hello");
 const DEFAULT_JA4 = "ja4";
 const getJA4 = async (headers, logger) => {
   logger = logger || common.getLogger("info", module);
   if (process.env.NODE_ENV === "development") {
-    return { ja4PlusFingerprint: DEFAULT_JA4 };
+    return {
+      ja4PlusFingerprint: `${DEFAULT_JA4}${utilCrypto.randomAsHex().slice(28, 32)}`
+    };
   }
   try {
     const xTlsClientHello = (headers["x-tls-clienthello"] || "").toString();

package/dist/cjs/tasks/captchaManager.cjs CHANGED Viewed

@@ -15,14 +15,28 @@ class CaptchaManager {
     );
     return tokenRecord ? tokenRecord._id : void 0;
   }
-  async isValidRequest(clientSettings, captchaType, sessionId) {
+  async isValidRequest(clientSettings, requestedCaptchaType, sessionId, userAccessPolicy) {
     this.logger.debug(() => ({
       msg: "Validating request",
       data: {
-        captchaType,
+        captchaType: requestedCaptchaType,
         sessionId
       }
     }));
+    if (userAccessPolicy && userAccessPolicy.captchaType !== requestedCaptchaType) {
+      this.logger.warn(() => ({
+        msg: "Invalid captcha type for user access policy",
+        data: {
+          account: clientSettings.account,
+          captchaType: userAccessPolicy.captchaType
+        }
+      }));
+      return {
+        valid: false,
+        reason: "API.INCORRECT_CAPTCHA_TYPE",
+        type: requestedCaptchaType
+      };
+    }
     if (sessionId) {
       if (clientSettings?.settings?.captchaType === types.CaptchaType.frictionless) {
         const sessionRecord = await this.db.checkAndRemoveSession(sessionId);
@@ -37,14 +51,14 @@ class CaptchaManager {
           return {
             valid: false,
             reason: "CAPTCHA.NO_SESSION_FOUND",
-            type: captchaType
+            type: requestedCaptchaType
           };
         }
         const frictionlessTokenId = await this.getFrictionlessTokenIdFromSession(sessionRecord);
         return {
           valid: true,
           frictionlessTokenId,
-          type: captchaType
+          type: requestedCaptchaType
         };
       }
       this.logger.warn(() => ({
@@ -58,25 +72,25 @@ class CaptchaManager {
       return {
         valid: false,
         reason: "API.INCORRECT_CAPTCHA_TYPE",
-        type: captchaType
+        type: requestedCaptchaType
       };
     }
-    if (clientSettings?.settings?.captchaType !== captchaType) {
+    if (clientSettings?.settings?.captchaType !== requestedCaptchaType) {
       this.logger.warn(() => ({
-        msg: `Invalid ${captchaType} request`,
+        msg: `Invalid ${requestedCaptchaType} request`,
         data: {
           account: clientSettings.account,
-          requestedCaptchaType: captchaType,
+          requestedCaptchaType,
           settingsCaptchaType: clientSettings?.settings?.captchaType
         }
       }));
       return {
         valid: false,
         reason: "API.INCORRECT_CAPTCHA_TYPE",
-        type: captchaType
+        type: requestedCaptchaType
       };
     }
-    return { valid: true, type: captchaType };
+    return { valid: true, type: requestedCaptchaType };
   }
   getVerificationResponse(verified, clientRecord, translateFn, score) {
     return {

package/dist/cjs/tasks/frictionless/frictionlessTasks.cjs CHANGED Viewed

@@ -43,9 +43,6 @@ class FrictionlessManager extends captchaManager.CaptchaManager {
   async scoreIncreaseAccessPolicy(accessPolicy, baseBotScore, botScore, tokenId) {
     const accessPolicyPenalty = accessPolicy?.frictionlessScore || this.config.penalties.PENALTY_ACCESS_RULE;
     botScore += accessPolicyPenalty;
-    this.logger.info(() => ({
-      msg: "Address has an image captcha config defined"
-    }));
     await this.db.updateFrictionlessTokenRecord(tokenId, {
       score: botScore,
       scoreComponents: {

package/dist/cjs/tasks/powCaptcha/powTasksUtils.cjs CHANGED Viewed

@@ -12,7 +12,7 @@ const checkPowSignature = (message, signature, address, signatureType) => {
     address
   );
   if (!signatureVerification.isValid) {
-    throw new common.ProsopoContractError("GENERAL.INVALID_SIGNATURE", {
+    throw new common.ProsopoApiError("GENERAL.INVALID_SIGNATURE", {
       context: {
         ERROR: `Signature is invalid for this message: ${signatureType}`,
         failedFuncName: checkPowSignature.name,

package/dist/index.js CHANGED Viewed

@@ -1,15 +1,38 @@
-export * from "./tasks/index.js";
-export * from "./util.js";
-export * from "./api/block.js";
-export * from "./api/captcha.js";
-export * from "./api/verify.js";
-export * from "./api/ja4Middleware.js";
-export * from "./api/public.js";
-export * from "./api/domainMiddleware.js";
-export * from "./schedulers/captchaScheduler.js";
-export * from "./schedulers/getClientList.js";
-export * from "./api/headerCheckMiddleware.js";
-export * from "./api/admin/createApiAdminRoutesProvider.js";
-export * from "./api/ignoreMiddleware.js";
-export * from "./api/robotsMiddleware.js";
-//# sourceMappingURL=index.js.map
+import "./tasks/index.js";
+import { checkIfTaskIsRunning, encodeStringAddress, getIPAddress, getIPAddressFromBigInt, shuffleArray, validateIpAddress } from "./util.js";
+import { blockMiddleware } from "./api/block.js";
+import { prosopoRouter } from "./api/captcha.js";
+import { prosopoVerifyRouter } from "./api/verify.js";
+import { DEFAULT_JA4, getJA4, ja4Middleware } from "./api/ja4Middleware.js";
+import { publicRouter } from "./api/public.js";
+import { domainMiddleware } from "./api/domainMiddleware.js";
+import { storeCaptchasExternally } from "./schedulers/captchaScheduler.js";
+import { getClientList } from "./schedulers/getClientList.js";
+import { headerCheckMiddleware } from "./api/headerCheckMiddleware.js";
+import { createApiAdminRoutesProvider } from "./api/admin/createApiAdminRoutesProvider.js";
+import { ignoreMiddleware } from "./api/ignoreMiddleware.js";
+import { robotsMiddleware } from "./api/robotsMiddleware.js";
+import { Tasks } from "./tasks/tasks.js";
+export {
+  DEFAULT_JA4,
+  Tasks,
+  blockMiddleware,
+  checkIfTaskIsRunning,
+  createApiAdminRoutesProvider,
+  domainMiddleware,
+  encodeStringAddress,
+  getClientList,
+  getIPAddress,
+  getIPAddressFromBigInt,
+  getJA4,
+  headerCheckMiddleware,
+  ignoreMiddleware,
+  ja4Middleware,
+  prosopoRouter,
+  prosopoVerifyRouter,
+  publicRouter,
+  robotsMiddleware,
+  shuffleArray,
+  storeCaptchasExternally,
+  validateIpAddress
+};

package/dist/rules/lang.js CHANGED Viewed

@@ -1,16 +1,16 @@
-export const checkLangRules = (config, acceptLanguage) => {
-    const lConfig = config.lRules;
-    let lScore = 0;
-    if (lConfig) {
-        const languages = acceptLanguage
-            .split(",")
-            .map((lang) => lang.trim().split(";")[0]);
-        for (const lang of languages) {
-            if (lang && lConfig[lang]) {
-                lScore += lConfig[lang];
-            }
-        }
+const checkLangRules = (config, acceptLanguage) => {
+  const lConfig = config.lRules;
+  let lScore = 0;
+  if (lConfig) {
+    const languages = acceptLanguage.split(",").map((lang) => lang.trim().split(";")[0]);
+    for (const lang of languages) {
+      if (lang && lConfig[lang]) {
+        lScore += lConfig[lang];
+      }
     }
-    return lScore;
+  }
+  return lScore;
+};
+export {
+  checkLangRules
 };
-//# sourceMappingURL=lang.js.map