npm - @prosopo/provider - Versions diffs - 3.12.14 → 3.13.6 - Mend

@prosopo/provider 3.12.14 → 3.13.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (358) hide show

package/dist/cjs/api/captcha.cjs CHANGED Viewed

@@ -1,717 +1,39 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const apiExpressRouter = require("@prosopo/api-express-router");
-const common = require("@prosopo/common");
-const datasets = require("@prosopo/datasets");
 const types = require("@prosopo/types");
-const util = require("@prosopo/util");
 const express = require("express");
-const compositeIpAddress = require("../compositeIpAddress.cjs");
-const frictionlessTasks = require("../tasks/frictionless/frictionlessTasks.cjs");
-const frictionlessTasksUtils = require("../tasks/frictionless/frictionlessTasksUtils.cjs");
-const tasks = require("../tasks/tasks.cjs");
-const hashUserAgent = require("../utils/hashUserAgent.cjs");
-const apiToggleMaintenanceModeEndpoint = require("./admin/apiToggleMaintenanceModeEndpoint.cjs");
-const blacklistRequestInspector = require("./blacklistRequestInspector.cjs");
-const validateAddress = require("./validateAddress.cjs");
-const DEFAULT_FRICTIONLESS_THRESHOLD = 0.5;
+const getFrictionlessCaptchaChallenge = require("./captcha/getFrictionlessCaptchaChallenge.cjs");
+const getImageCaptchaChallenge = require("./captcha/getImageCaptchaChallenge.cjs");
+const getPoWCaptchaChallenge = require("./captcha/getPoWCaptchaChallenge.cjs");
+const submitImageCaptchaSolution = require("./captcha/submitImageCaptchaSolution.cjs");
+const submitPoWCaptchaSolution = require("./captcha/submitPoWCaptchaSolution.cjs");
 function prosopoRouter(env) {
   const router = express.Router();
   const userAccessRulesStorage = env.getDb().getUserAccessRulesStorage();
   router.post(
     types.ClientApiPaths.GetImageCaptchaChallenge,
-    async (req, res, next) => {
-      const tasks$1 = new tasks.Tasks(env, req.logger);
-      let parsed;
-      if (!req.ip) {
-        return next(
-          new common.ProsopoApiError("API.BAD_REQUEST", {
-            context: { code: 400, error: "IP address not found" },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-      const ipAddress = util.getIPAddress(req.ip || "");
-      try {
-        parsed = types.CaptchaRequestBody.parse(req.body);
-      } catch (err) {
-        return next(
-          new common.ProsopoApiError("CAPTCHA.PARSE_ERROR", {
-            context: { code: 400, error: err },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-      const { datasetId, user, dapp, sessionId } = parsed;
-      validateAddress.validateSiteKey(dapp);
-      validateAddress.validateAddr(user);
-      try {
-        const clientRecord = await tasks$1.db.getClientRecord(dapp);
-        if (!clientRecord) {
-          return next(
-            new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
-              context: { code: 400, siteKey: dapp },
-              i18n: req.i18n,
-              logger: req.logger
-            })
-          );
-        }
-        const userScope = blacklistRequestInspector.getRequestUserScope(
-          util.flatten(req.headers),
-          req.ja4,
-          req.ip,
-          user
-        );
-        const userAccessPolicy = (await tasks$1.imgCaptchaManager.getPrioritisedAccessPolicies(
-          userAccessRulesStorage,
-          dapp,
-          userScope
-        ))[0];
-        const {
-          valid,
-          reason,
-          sessionId: validSessionId,
-          solvedImagesCount
-        } = await tasks$1.imgCaptchaManager.isValidRequest(
-          clientRecord,
-          types.CaptchaType.image,
-          env,
-          sessionId,
-          userAccessPolicy,
-          req.ip
-        );
-        if (!valid) {
-          return next(
-            new common.ProsopoApiError(reason || "API.BAD_REQUEST", {
-              context: {
-                code: 400,
-                siteKey: dapp,
-                user
-              },
-              i18n: req.i18n,
-              logger: req.logger
-            })
-          );
-        }
-        const captchaConfig = {
-          solved: {
-            count: solvedImagesCount || userAccessPolicy?.solvedImagesCount || env.config.captchas.solved.count
-          },
-          unsolved: {
-            count: userAccessPolicy?.unsolvedImagesCount || env.config.captchas.unsolved.count
-          }
-        };
-        const taskData = await tasks$1.imgCaptchaManager.getRandomCaptchasAndRequestHash(
-          datasetId,
-          user,
-          ipAddress,
-          captchaConfig,
-          clientRecord.settings.imageThreshold ?? 0.8,
-          validSessionId
-        );
-        const captchaResponse = {
-          [types.ApiParams.status]: "ok",
-          [types.ApiParams.captchas]: taskData.captchas.map((captcha) => ({
-            ...captcha,
-            target: req.t(`TARGET.${captcha.target}`),
-            items: captcha.items.map(
-              (item) => datasets.parseCaptchaAssets(item, env.assetsResolver)
-            )
-          })),
-          [types.ApiParams.requestHash]: taskData.requestHash,
-          [types.ApiParams.timestamp]: taskData.timestamp.toString(),
-          [types.ApiParams.signature]: {
-            [types.ApiParams.provider]: {
-              [types.ApiParams.requestHash]: taskData.signedRequestHash
-            }
-          }
-        };
-        req.logger.info(() => ({
-          msg: "Image captcha challenge issued",
-          data: {
-            captchaType: types.CaptchaType.image,
-            requestHash: taskData.requestHash,
-            solvedImagesCount: captchaConfig.solved.count,
-            user,
-            dapp,
-            sessionId
-          }
-        }));
-        return res.json(captchaResponse);
-      } catch (err) {
-        req.logger.error(() => ({
-          err,
-          data: req.params,
-          msg: "Error in image captcha challenge request"
-        }));
-        return next(
-          new common.ProsopoApiError("API.BAD_REQUEST", {
-            context: {
-              error: err,
-              code: 500,
-              params: req.params,
-              context: err
-            },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-    }
+    (req, res, next) => getImageCaptchaChallenge(env, userAccessRulesStorage)(req, res, next)
   );
   router.post(
     types.ClientApiPaths.SubmitImageCaptchaSolution,
-    async (req, res, next) => {
-      const tasks$1 = new tasks.Tasks(env, req.logger);
-      if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
-        req.logger.info(() => ({
-          msg: "Maintenance mode active - returning verified for image captcha"
-        }));
-        const result = {
-          status: "ok",
-          captchas: [],
-          verified: true
-        };
-        return res.json(result);
-      }
-      let parsed;
-      try {
-        parsed = types.CaptchaSolutionBody.parse(req.body);
-      } catch (err) {
-        return next(
-          new common.ProsopoApiError("CAPTCHA.PARSE_ERROR", {
-            context: { code: 400, error: err, body: req.body },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-      const { user, dapp } = parsed;
-      validateAddress.validateSiteKey(dapp);
-      validateAddress.validateAddr(user);
-      try {
-        const clientRecord = await tasks$1.db.getClientRecord(parsed.dapp);
-        if (!clientRecord) {
-          return next(
-            new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
-              context: { code: 400, siteKey: dapp },
-              i18n: req.i18n,
-              logger: req.logger
-            })
-          );
-        }
-        const result = await tasks$1.imgCaptchaManager.dappUserSolution(
-          user,
-          dapp,
-          parsed[types.ApiParams.requestHash],
-          parsed[types.ApiParams.captchas],
-          parsed[types.ApiParams.signature].user.timestamp,
-          Number.parseInt(parsed[types.ApiParams.timestamp]),
-          parsed[types.ApiParams.signature].provider.requestHash,
-          util.getIPAddress(req.ip || ""),
-          util.flatten(req.headers),
-          req.ja4
-        );
-        const returnValue = {
-          status: req.i18n.t(
-            result.verified ? "API.CAPTCHA_PASSED" : "API.CAPTCHA_FAILED"
-          ),
-          ...result
-        };
-        return res.json(returnValue);
-      } catch (err) {
-        req.logger.error(() => ({
-          err,
-          body: req.body,
-          msg: "Error in image captcha solution submission"
-        }));
-        return next(
-          new common.ProsopoApiError("API.BAD_REQUEST", {
-            context: {
-              code: 500,
-              siteKey: req.body.dapp,
-              error: err
-            },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-    }
+    (req, res, next) => submitImageCaptchaSolution(env, userAccessRulesStorage)(req, res, next)
+  );
+  router.post(
+    types.ClientApiPaths.GetPowCaptchaChallenge,
+    (req, res, next) => getPoWCaptchaChallenge(env, userAccessRulesStorage)(req, res, next)
   );
-  router.post(types.ClientApiPaths.GetPowCaptchaChallenge, async (req, res, next) => {
-    let parsed;
-    const tasks$1 = new tasks.Tasks(env);
-    tasks$1.setLogger(req.logger);
-    try {
-      parsed = types.GetPowCaptchaChallengeRequestBody.parse(req.body);
-    } catch (err) {
-      return next(
-        new common.ProsopoApiError("CAPTCHA.PARSE_ERROR", {
-          context: { code: 400, error: err },
-          i18n: req.i18n,
-          logger: req.logger
-        })
-      );
-    }
-    const { user, dapp, sessionId } = parsed;
-    validateAddress.validateSiteKey(dapp);
-    validateAddress.validateAddr(user);
-    try {
-      const clientSettings = await tasks$1.db.getClientRecord(dapp);
-      if (!clientSettings) {
-        return next(
-          new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
-            context: { code: 400, siteKey: dapp },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-      const userScope = blacklistRequestInspector.getRequestUserScope(
-        util.flatten(req.headers),
-        req.ja4,
-        req.ip,
-        user
-      );
-      const userAccessPolicy = (await tasks$1.powCaptchaManager.getPrioritisedAccessPolicies(
-        userAccessRulesStorage,
-        dapp,
-        userScope
-      ))[0];
-      const {
-        valid,
-        reason,
-        sessionId: validSessionId,
-        powDifficulty
-      } = await tasks$1.powCaptchaManager.isValidRequest(
-        clientSettings,
-        types.CaptchaType.pow,
-        env,
-        sessionId,
-        userAccessPolicy,
-        req.ip
-      );
-      if (!valid) {
-        return next(
-          new common.ProsopoApiError(reason || "API.BAD_REQUEST", {
-            context: {
-              code: 400,
-              siteKey: dapp,
-              user
-            },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-      const origin = req.headers.origin;
-      if (!origin) {
-        return next(
-          new common.ProsopoApiError("API.BAD_REQUEST", {
-            context: {
-              error: "Origin header not found",
-              code: 400,
-              siteKey: dapp,
-              user
-            },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-      const difficulty = powDifficulty || userAccessPolicy?.powDifficulty || clientSettings?.settings?.powDifficulty;
-      const challenge = await tasks$1.powCaptchaManager.getPowCaptchaChallenge(
-        user,
-        dapp,
-        origin,
-        difficulty
-      );
-      await tasks$1.db.storePowCaptchaRecord(
-        challenge.challenge,
-        {
-          requestedAtTimestamp: challenge.requestedAtTimestamp,
-          userAccount: user,
-          dappAccount: dapp
-        },
-        challenge.difficulty,
-        challenge.providerSignature,
-        compositeIpAddress.getCompositeIpAddress(req.ip || ""),
-        util.flatten(req.headers),
-        req.ja4,
-        validSessionId
-      );
-      const getPowCaptchaResponse = {
-        [types.ApiParams.status]: "ok",
-        [types.ApiParams.challenge]: challenge.challenge,
-        [types.ApiParams.difficulty]: challenge.difficulty,
-        [types.ApiParams.timestamp]: challenge.requestedAtTimestamp.toString(),
-        [types.ApiParams.signature]: {
-          [types.ApiParams.provider]: {
-            [types.ApiParams.challenge]: challenge.providerSignature
-          }
-        }
-      };
-      req.logger.info(() => ({
-        msg: "PoW captcha challenge issued",
-        data: {
-          captchaType: types.CaptchaType.pow,
-          challenge: challenge.challenge,
-          difficulty: challenge.difficulty,
-          user,
-          dapp,
-          session: sessionId
-        }
-      }));
-      return res.json(getPowCaptchaResponse);
-    } catch (err) {
-      req.logger.error(() => ({
-        err,
-        body: req.body,
-        msg: "Error in PoW captcha challenge request"
-      }));
-      return next(
-        new common.ProsopoApiError("API.BAD_REQUEST", {
-          context: {
-            code: 500,
-            siteKey: req.body.dapp,
-            user: req.body.user,
-            error: err
-          },
-          i18n: req.i18n,
-          logger: req.logger
-        })
-      );
-    }
-  });
   router.post(
     types.ClientApiPaths.SubmitPowCaptchaSolution,
-    async (req, res, next) => {
-      let parsed;
-      const tasks$1 = new tasks.Tasks(env, req.logger);
-      if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
-        req.logger.info(() => ({
-          msg: "Maintenance mode active - returning verified"
-        }));
-        const response = {
-          status: "ok",
-          verified: true
-        };
-        return res.json(response);
-      }
-      try {
-        parsed = types.SubmitPowCaptchaSolutionBody.parse(req.body);
-      } catch (err) {
-        return next(
-          new common.ProsopoApiError("CAPTCHA.PARSE_ERROR", {
-            context: { code: 400, error: err, body: req.body },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-      const { challenge, signature, nonce, verifiedTimeout, dapp, user } = parsed;
-      validateAddress.validateSiteKey(dapp);
-      validateAddress.validateAddr(user);
-      try {
-        const clientRecord = await tasks$1.db.getClientRecord(dapp);
-        if (!clientRecord) {
-          return next(
-            new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
-              context: { code: 400, siteKey: dapp },
-              i18n: req.i18n,
-              logger: req.logger
-            })
-          );
-        }
-        const verified = await tasks$1.powCaptchaManager.verifyPowCaptchaSolution(
-          challenge,
-          signature.provider.challenge,
-          nonce,
-          verifiedTimeout,
-          signature.user.timestamp,
-          util.getIPAddress(req.ip || ""),
-          util.flatten(req.headers)
-        );
-        const response = { status: "ok", verified };
-        return res.json(response);
-      } catch (err) {
-        req.logger.error(() => ({
-          err,
-          body: req.body,
-          msg: "Error in PoW captcha solution submission"
-        }));
-        return next(
-          new common.ProsopoApiError("API.BAD_REQUEST", {
-            context: {
-              code: 500,
-              siteKey: req.body.dapp,
-              error: err
-            },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-    }
+    (req, res, next) => submitPoWCaptchaSolution(env)(req, res, next)
   );
   router.post(
     types.ClientApiPaths.GetFrictionlessCaptchaChallenge,
-    async (req, res, next) => {
-      try {
-        const tasks$1 = new tasks.Tasks(env, req.logger);
-        const { token, headHash, dapp, user } = types.GetFrictionlessCaptchaChallengeRequestBody.parse(req.body);
-        if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
-          req.logger.info(() => ({
-            msg: "Maintenance mode active - storing dummy token and sending PoW captcha",
-            data: { dapp, user }
-          }));
-          return res.json(
-            await tasks$1.frictionlessManager.sendPowCaptcha({
-              token,
-              score: 0,
-              threshold: 0.5,
-              scoreComponents: {
-                baseScore: 0
-              },
-              providerSelectEntropy: 0,
-              ipAddress: compositeIpAddress.getCompositeIpAddress(req.ip || ""),
-              powDifficulty: void 0,
-              webView: false,
-              iFrame: false,
-              decryptedHeadHash: ""
-            })
-          );
-        }
-        const existingToken = await tasks$1.db.getSessionRecordByToken(token);
-        if (existingToken) {
-          req.logger.info(() => ({
-            token: existingToken,
-            msg: "Token has already been used"
-          }));
-          return next(
-            new common.ProsopoApiError("API.BAD_REQUEST", {
-              context: {
-                code: 400,
-                siteKey: dapp,
-                user
-              },
-              i18n: req.i18n,
-              logger: req.logger
-            })
-          );
-        }
-        const lScore = tasks$1.frictionlessManager.checkLangRules(
-          req.headers["accept-language"] || ""
-        );
-        const {
-          baseBotScore,
-          timestamp,
-          providerSelectEntropy,
-          userId,
-          userAgent,
-          webView,
-          iFrame,
-          decryptedHeadHash
-        } = await tasks$1.frictionlessManager.decryptPayload(token, headHash);
-        req.logger.debug(() => ({
-          msg: "Decrypted payload",
-          data: {
-            baseBotScore,
-            timestamp,
-            providerSelectEntropy,
-            userId,
-            userAgent,
-            webView
-          }
-        }));
-        let botScore = baseBotScore + lScore;
-        const clientRecord = await tasks$1.db.getClientRecord(dapp);
-        if (!clientRecord) {
-          return next(
-            new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
-              context: { code: 400, siteKey: dapp },
-              i18n: req.i18n,
-              logger: req.logger
-            })
-          );
-        }
-        const { valid, reason } = await tasks$1.frictionlessManager.isValidRequest(
-          clientRecord,
-          types.CaptchaType.frictionless,
-          env
-        );
-        if (!valid) {
-          return next(
-            new common.ProsopoApiError(reason || "API.BAD_REQUEST", {
-              context: {
-                code: 400,
-                siteKey: dapp,
-                user
-              },
-              i18n: req.i18n,
-              logger: req.logger
-            })
-          );
-        }
-        const botThreshold = clientRecord.settings?.frictionlessThreshold || DEFAULT_FRICTIONLESS_THRESHOLD;
-        let scoreComponents = {
-          baseScore: baseBotScore,
-          ...lScore && { lScore }
-        };
-        const ipAddress = compositeIpAddress.getCompositeIpAddress(req.ip || "");
-        tasks$1.frictionlessManager.setSessionParams({
-          token,
-          score: botScore,
-          threshold: botThreshold,
-          scoreComponents,
-          providerSelectEntropy,
-          ipAddress,
-          webView,
-          iFrame,
-          decryptedHeadHash
-        });
-        const userScope = blacklistRequestInspector.getRequestUserScope(
-          util.flatten(req.headers),
-          req.ja4,
-          req.ip,
-          user
-        );
-        const userAccessPolicy = (await tasks$1.frictionlessManager.getPrioritisedAccessPolicies(
-          userAccessRulesStorage,
-          dapp,
-          userScope
-        ))[0];
-        const headersUserAgent = req.headers["user-agent"];
-        const hashedHeadersUserAgent = headersUserAgent ? hashUserAgent.hashUserAgent(headersUserAgent) : "";
-        const headersProsopoUser = req.headers["prosopo-user"];
-        if (hashedHeadersUserAgent !== userAgent || headersProsopoUser !== userId) {
-          req.logger.info(() => ({
-            msg: "User agent or user id does not match",
-            data: {
-              headersUserAgent,
-              hashedHeadersUserAgent,
-              userAgent,
-              // This is the hashed user agent from the token
-              headersProsopoUser,
-              userId
-            }
-          }));
-          return res.json(
-            await tasks$1.frictionlessManager.sendImageCaptcha({
-              solvedImagesCount: frictionlessTasksUtils.timestampDecayFunction(timestamp)
-            })
-          );
-        }
-        if (userAccessPolicy) {
-          const scoreUpdate = tasks$1.frictionlessManager.scoreIncreaseAccessPolicy(
-            userAccessPolicy,
-            baseBotScore,
-            botScore,
-            scoreComponents
-          );
-          botScore = scoreUpdate.score;
-          scoreComponents = scoreUpdate.scoreComponents;
-          tasks$1.frictionlessManager.updateScore(botScore, scoreComponents);
-          if (userAccessPolicy.captchaType === types.CaptchaType.image) {
-            return res.json(
-              await tasks$1.frictionlessManager.sendImageCaptcha({
-                solvedImagesCount: userAccessPolicy.solvedImagesCount
-              })
-            );
-          }
-          if (userAccessPolicy.captchaType === types.CaptchaType.pow) {
-            return res.json(
-              await tasks$1.frictionlessManager.sendPowCaptcha({
-                powDifficulty: void 0
-              })
-            );
-          }
-        }
-        if (clientRecord.settings.disallowWebView && webView) {
-          tasks$1.logger.info(() => ({
-            msg: "WebView detected"
-          }));
-          const scoreUpdate = tasks$1.frictionlessManager.scoreIncreaseWebView(
-            baseBotScore,
-            botScore,
-            scoreComponents
-          );
-          botScore = scoreUpdate.score;
-          scoreComponents = scoreUpdate.scoreComponents;
-          tasks$1.frictionlessManager.updateScore(botScore, scoreComponents);
-          return res.json(
-            await tasks$1.frictionlessManager.sendImageCaptcha({
-              solvedImagesCount: env.config.captchas.solved.count * 2
-            })
-          );
-        }
-        if (frictionlessTasks.FrictionlessManager.timestampTooOld(timestamp)) {
-          const scoreUpdate = tasks$1.frictionlessManager.scoreIncreaseTimestamp(
-            timestamp,
-            baseBotScore,
-            botScore,
-            scoreComponents
-          );
-          botScore = scoreUpdate.score;
-          scoreComponents = scoreUpdate.scoreComponents;
-          tasks$1.frictionlessManager.updateScore(botScore, scoreComponents);
-          return res.json(
-            await tasks$1.frictionlessManager.sendImageCaptcha({
-              solvedImagesCount: frictionlessTasksUtils.timestampDecayFunction(timestamp)
-            })
-          );
-        }
-        const hostVerified = await tasks$1.frictionlessManager.hostVerified(
-          providerSelectEntropy
-        );
-        if (!hostVerified.verified) {
-          const scoreUpdate = tasks$1.frictionlessManager.scoreIncreaseUnverifiedHost(
-            hostVerified.domain,
-            baseBotScore,
-            botScore,
-            scoreComponents
-          );
-          botScore = scoreUpdate.score;
-          scoreComponents = scoreUpdate.scoreComponents;
-          tasks$1.frictionlessManager.updateScore(botScore, scoreComponents);
-        }
-        if (Number(botScore) > botThreshold) {
-          req.logger.info(() => ({
-            msg: "Bot score is greater than threshold",
-            data: {
-              botScore,
-              botThreshold,
-              token
-            }
-          }));
-          return res.json(
-            await tasks$1.frictionlessManager.sendImageCaptcha({
-              solvedImagesCount: env.config.captchas.solved.count
-            })
-          );
-        }
-        return res.json(
-          await tasks$1.frictionlessManager.sendPowCaptcha({
-            powDifficulty: void 0
-          })
-        );
-      } catch (err) {
-        req.logger.error(() => ({
-          err,
-          msg: "Error in frictionless captcha challenge"
-        }));
-        return next(
-          new common.ProsopoApiError("API.BAD_REQUEST", {
-            context: { code: 400, error: err },
-            i18n: req.i18n,
-            logger: req.logger
-          })
-        );
-      }
-    }
+    (req, res, next) => getFrictionlessCaptchaChallenge(env, userAccessRulesStorage)(
+      req,
+      res,
+      next
+    )
   );
   router.use(apiExpressRouter.handleErrors);
   return router;