npm - @prosopo/provider - Versions diffs - 3.12.3 → 3.12.14 - Mend

@prosopo/provider 3.12.3 → 3.12.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (351) hide show

package/dist/cjs/api/admin/apiToggleMaintenanceModeEndpoint.cjs ADDED Viewed

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const apiRoute = require("@prosopo/api-route");
+const common = require("@prosopo/common");
+const types = require("@prosopo/types");
+var _documentCurrentScript = typeof document !== "undefined" ? document.currentScript : null;
+function getMaintenanceMode() {
+  return process.env.MAINTENANCE_MODE?.toLowerCase() === "true";
+}
+function setMaintenanceMode(enabled) {
+  process.env.MAINTENANCE_MODE = enabled ? "true" : "false";
+}
+class ApiToggleMaintenanceModeEndpoint {
+  async processRequest(args, logger) {
+    const { enabled } = args;
+    logger = logger || common.getLogger("info", typeof document === "undefined" ? require("url").pathToFileURL(__filename).href : _documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === "SCRIPT" && _documentCurrentScript.src || new URL("api/admin/apiToggleMaintenanceModeEndpoint.cjs", document.baseURI).href);
+    const previousMode = getMaintenanceMode();
+    logger.info(() => ({
+      data: { enabled, previous: previousMode },
+      msg: "Toggling maintenance mode"
+    }));
+    setMaintenanceMode(enabled);
+    const currentMode = getMaintenanceMode();
+    logger.info(() => ({
+      data: { enabled: currentMode },
+      msg: "Maintenance mode updated"
+    }));
+    return {
+      status: apiRoute.ApiEndpointResponseStatus.SUCCESS,
+      data: {
+        maintenanceMode: currentMode
+      }
+    };
+  }
+  getRequestArgsSchema() {
+    return types.ToggleMaintenanceModeBody;
+  }
+}
+exports.ApiToggleMaintenanceModeEndpoint = ApiToggleMaintenanceModeEndpoint;
+exports.getMaintenanceMode = getMaintenanceMode;
+exports.setMaintenanceMode = setMaintenanceMode;

package/dist/cjs/api/blacklistRequestInspector.cjs CHANGED Viewed

@@ -34,16 +34,16 @@ const getPrioritisedAccessRule = async (userAccessRulesStorage, userScope, clien
       if (Object.values(scope).every((value) => value === void 0)) {
         continue;
       }
-      const parsedUserScope = userAccessPolicy.userScopeInputSchema.parse(scope);
+      const parsedUserScope = userAccessPolicy.userScopeInput.parse(scope);
       const filter = {
         ...clientOrUndefined && {
           policyScope: {
             clientId: clientOrUndefined
           }
         },
-        policyScopeMatch: userAccessPolicy.ScopeMatch.Exact,
+        policyScopeMatch: userAccessPolicy.FilterScopeMatch.Exact,
         userScope: parsedUserScope,
-        userScopeMatch: userAccessPolicy.ScopeMatch.Exact
+        userScopeMatch: userAccessPolicy.FilterScopeMatch.Exact
       };
       policyPromises.push(userAccessRulesStorage.findRules(filter, true, true));
     }

package/dist/cjs/api/captcha.cjs CHANGED Viewed

@@ -11,6 +11,7 @@ const frictionlessTasks = require("../tasks/frictionless/frictionlessTasks.cjs")
 const frictionlessTasksUtils = require("../tasks/frictionless/frictionlessTasksUtils.cjs");
 const tasks = require("../tasks/tasks.cjs");
 const hashUserAgent = require("../utils/hashUserAgent.cjs");
+const apiToggleMaintenanceModeEndpoint = require("./admin/apiToggleMaintenanceModeEndpoint.cjs");
 const blacklistRequestInspector = require("./blacklistRequestInspector.cjs");
 const validateAddress = require("./validateAddress.cjs");
 const DEFAULT_FRICTIONLESS_THRESHOLD = 0.5;
@@ -68,7 +69,12 @@ function prosopoRouter(env) {
           dapp,
           userScope
         ))[0];
-        const { valid, reason, frictionlessTokenId, solvedImagesCount } = await tasks$1.imgCaptchaManager.isValidRequest(
+        const {
+          valid,
+          reason,
+          sessionId: validSessionId,
+          solvedImagesCount
+        } = await tasks$1.imgCaptchaManager.isValidRequest(
           clientRecord,
           types.CaptchaType.image,
           env,
@@ -103,7 +109,7 @@ function prosopoRouter(env) {
           ipAddress,
           captchaConfig,
           clientRecord.settings.imageThreshold ?? 0.8,
-          frictionlessTokenId
+          validSessionId
         );
         const captchaResponse = {
           [types.ApiParams.status]: "ok",
@@ -159,6 +165,17 @@ function prosopoRouter(env) {
     types.ClientApiPaths.SubmitImageCaptchaSolution,
     async (req, res, next) => {
       const tasks$1 = new tasks.Tasks(env, req.logger);
+      if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
+        req.logger.info(() => ({
+          msg: "Maintenance mode active - returning verified for image captcha"
+        }));
+        const result = {
+          status: "ok",
+          captchas: [],
+          verified: true
+        };
+        return res.json(result);
+      }
       let parsed;
       try {
         parsed = types.CaptchaSolutionBody.parse(req.body);
@@ -264,7 +281,12 @@ function prosopoRouter(env) {
         dapp,
         userScope
       ))[0];
-      const { valid, reason, frictionlessTokenId, powDifficulty } = await tasks$1.powCaptchaManager.isValidRequest(
+      const {
+        valid,
+        reason,
+        sessionId: validSessionId,
+        powDifficulty
+      } = await tasks$1.powCaptchaManager.isValidRequest(
         clientSettings,
         types.CaptchaType.pow,
         env,
@@ -319,7 +341,7 @@ function prosopoRouter(env) {
         compositeIpAddress.getCompositeIpAddress(req.ip || ""),
         util.flatten(req.headers),
         req.ja4,
-        frictionlessTokenId
+        validSessionId
       );
       const getPowCaptchaResponse = {
         [types.ApiParams.status]: "ok",
@@ -369,6 +391,16 @@ function prosopoRouter(env) {
     async (req, res, next) => {
       let parsed;
       const tasks$1 = new tasks.Tasks(env, req.logger);
+      if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
+        req.logger.info(() => ({
+          msg: "Maintenance mode active - returning verified"
+        }));
+        const response = {
+          status: "ok",
+          verified: true
+        };
+        return res.json(response);
+      }
       try {
         parsed = types.SubmitPowCaptchaSolutionBody.parse(req.body);
       } catch (err) {
@@ -430,8 +462,30 @@ function prosopoRouter(env) {
     async (req, res, next) => {
       try {
         const tasks$1 = new tasks.Tasks(env, req.logger);
-        const { token, dapp, user } = types.GetFrictionlessCaptchaChallengeRequestBody.parse(req.body);
-        const existingToken = await tasks$1.db.getFrictionlessTokenRecordByToken(token);
+        const { token, headHash, dapp, user } = types.GetFrictionlessCaptchaChallengeRequestBody.parse(req.body);
+        if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
+          req.logger.info(() => ({
+            msg: "Maintenance mode active - storing dummy token and sending PoW captcha",
+            data: { dapp, user }
+          }));
+          return res.json(
+            await tasks$1.frictionlessManager.sendPowCaptcha({
+              token,
+              score: 0,
+              threshold: 0.5,
+              scoreComponents: {
+                baseScore: 0
+              },
+              providerSelectEntropy: 0,
+              ipAddress: compositeIpAddress.getCompositeIpAddress(req.ip || ""),
+              powDifficulty: void 0,
+              webView: false,
+              iFrame: false,
+              decryptedHeadHash: ""
+            })
+          );
+        }
+        const existingToken = await tasks$1.db.getSessionRecordByToken(token);
         if (existingToken) {
           req.logger.info(() => ({
             token: existingToken,
@@ -457,8 +511,11 @@ function prosopoRouter(env) {
           timestamp,
           providerSelectEntropy,
           userId,
-          userAgent
-        } = await tasks$1.frictionlessManager.decryptPayload(token);
+          userAgent,
+          webView,
+          iFrame,
+          decryptedHeadHash
+        } = await tasks$1.frictionlessManager.decryptPayload(token, headHash);
         req.logger.debug(() => ({
           msg: "Decrypted payload",
           data: {
@@ -466,7 +523,8 @@ function prosopoRouter(env) {
             timestamp,
             providerSelectEntropy,
             userId,
-            userAgent
+            userAgent,
+            webView
           }
         }));
         let botScore = baseBotScore + lScore;
@@ -499,16 +557,21 @@ function prosopoRouter(env) {
           );
         }
         const botThreshold = clientRecord.settings?.frictionlessThreshold || DEFAULT_FRICTIONLESS_THRESHOLD;
-        const tokenId = await tasks$1.db.storeFrictionlessTokenRecord({
+        let scoreComponents = {
+          baseScore: baseBotScore,
+          ...lScore && { lScore }
+        };
+        const ipAddress = compositeIpAddress.getCompositeIpAddress(req.ip || "");
+        tasks$1.frictionlessManager.setSessionParams({
           token,
           score: botScore,
           threshold: botThreshold,
-          scoreComponents: {
-            baseScore: baseBotScore,
-            ...lScore && { lScore }
-          },
+          scoreComponents,
           providerSelectEntropy,
-          ipAddress: compositeIpAddress.getCompositeIpAddress(req.ip || "")
+          ipAddress,
+          webView,
+          iFrame,
+          decryptedHeadHash
         });
         const userScope = blacklistRequestInspector.getRequestUserScope(
           util.flatten(req.headers),
@@ -537,57 +600,83 @@ function prosopoRouter(env) {
             }
           }));
           return res.json(
-            await tasks$1.frictionlessManager.sendImageCaptcha(
-              tokenId,
-              frictionlessTasksUtils.timestampDecayFunction(timestamp)
-            )
+            await tasks$1.frictionlessManager.sendImageCaptcha({
+              solvedImagesCount: frictionlessTasksUtils.timestampDecayFunction(timestamp)
+            })
           );
         }
         if (userAccessPolicy) {
-          await tasks$1.frictionlessManager.scoreIncreaseAccessPolicy(
+          const scoreUpdate = tasks$1.frictionlessManager.scoreIncreaseAccessPolicy(
             userAccessPolicy,
             baseBotScore,
             botScore,
-            tokenId
+            scoreComponents
           );
+          botScore = scoreUpdate.score;
+          scoreComponents = scoreUpdate.scoreComponents;
+          tasks$1.frictionlessManager.updateScore(botScore, scoreComponents);
           if (userAccessPolicy.captchaType === types.CaptchaType.image) {
             return res.json(
-              await tasks$1.frictionlessManager.sendImageCaptcha(
-                tokenId,
-                userAccessPolicy.solvedImagesCount
-              )
+              await tasks$1.frictionlessManager.sendImageCaptcha({
+                solvedImagesCount: userAccessPolicy.solvedImagesCount
+              })
             );
           }
           if (userAccessPolicy.captchaType === types.CaptchaType.pow) {
             return res.json(
-              await tasks$1.frictionlessManager.sendPowCaptcha(tokenId)
+              await tasks$1.frictionlessManager.sendPowCaptcha({
+                powDifficulty: void 0
+              })
             );
           }
         }
+        if (clientRecord.settings.disallowWebView && webView) {
+          tasks$1.logger.info(() => ({
+            msg: "WebView detected"
+          }));
+          const scoreUpdate = tasks$1.frictionlessManager.scoreIncreaseWebView(
+            baseBotScore,
+            botScore,
+            scoreComponents
+          );
+          botScore = scoreUpdate.score;
+          scoreComponents = scoreUpdate.scoreComponents;
+          tasks$1.frictionlessManager.updateScore(botScore, scoreComponents);
+          return res.json(
+            await tasks$1.frictionlessManager.sendImageCaptcha({
+              solvedImagesCount: env.config.captchas.solved.count * 2
+            })
+          );
+        }
         if (frictionlessTasks.FrictionlessManager.timestampTooOld(timestamp)) {
-          await tasks$1.frictionlessManager.scoreIncreaseTimestamp(
+          const scoreUpdate = tasks$1.frictionlessManager.scoreIncreaseTimestamp(
             timestamp,
             baseBotScore,
             botScore,
-            tokenId
+            scoreComponents
           );
+          botScore = scoreUpdate.score;
+          scoreComponents = scoreUpdate.scoreComponents;
+          tasks$1.frictionlessManager.updateScore(botScore, scoreComponents);
           return res.json(
-            await tasks$1.frictionlessManager.sendImageCaptcha(
-              tokenId,
-              frictionlessTasksUtils.timestampDecayFunction(timestamp)
-            )
+            await tasks$1.frictionlessManager.sendImageCaptcha({
+              solvedImagesCount: frictionlessTasksUtils.timestampDecayFunction(timestamp)
+            })
           );
         }
         const hostVerified = await tasks$1.frictionlessManager.hostVerified(
           providerSelectEntropy
         );
         if (!hostVerified.verified) {
-          botScore = await tasks$1.frictionlessManager.scoreIncreaseUnverifiedHost(
+          const scoreUpdate = tasks$1.frictionlessManager.scoreIncreaseUnverifiedHost(
             hostVerified.domain,
             baseBotScore,
             botScore,
-            tokenId
+            scoreComponents
           );
+          botScore = scoreUpdate.score;
+          scoreComponents = scoreUpdate.scoreComponents;
+          tasks$1.frictionlessManager.updateScore(botScore, scoreComponents);
         }
         if (Number(botScore) > botThreshold) {
           req.logger.info(() => ({
@@ -595,18 +684,19 @@ function prosopoRouter(env) {
             data: {
               botScore,
               botThreshold,
-              tokenId
+              token
             }
           }));
           return res.json(
-            await tasks$1.frictionlessManager.sendImageCaptcha(
-              tokenId,
-              env.config.captchas.solved.count
-            )
+            await tasks$1.frictionlessManager.sendImageCaptcha({
+              solvedImagesCount: env.config.captchas.solved.count
+            })
           );
         }
         return res.json(
-          await tasks$1.frictionlessManager.sendPowCaptcha(tokenId)
+          await tasks$1.frictionlessManager.sendPowCaptcha({
+            powDifficulty: void 0
+          })
         );
       } catch (err) {
         req.logger.error(() => ({

package/dist/cjs/api/ja4Middleware.cjs CHANGED Viewed

@@ -5,9 +5,10 @@ const apiExpressRouter = require("@prosopo/api-express-router");
 const common = require("@prosopo/common");
 const utilCrypto = require("@prosopo/util-crypto");
 const readTlsClientHello = require("read-tls-client-hello");
+var _documentCurrentScript = typeof document !== "undefined" ? document.currentScript : null;
 const DEFAULT_JA4 = "ja4";
 const getJA4 = async (headers, logger) => {
-  logger = logger || common.getLogger("info", module);
+  logger = logger || common.getLogger("info", typeof document === "undefined" ? require("url").pathToFileURL(__filename).href : _documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === "SCRIPT" && _documentCurrentScript.src || new URL("api/ja4Middleware.cjs", document.baseURI).href);
   if (process.env.NODE_ENV === "development") {
     return {
       ja4PlusFingerprint: `${DEFAULT_JA4}${utilCrypto.randomAsHex().slice(28, 32)}`

package/dist/cjs/api/verify.cjs CHANGED Viewed

@@ -6,12 +6,23 @@ const types = require("@prosopo/types");
 const utilCrypto = require("@prosopo/util-crypto");
 const express = require("express");
 const tasks = require("../tasks/tasks.cjs");
+const apiToggleMaintenanceModeEndpoint = require("./admin/apiToggleMaintenanceModeEndpoint.cjs");
 function prosopoVerifyRouter(env) {
   const router = express.Router();
   router.post(
     types.ClientApiPaths.VerifyImageCaptchaSolutionDapp,
     async (req, res, next) => {
       const tasks$1 = new tasks.Tasks(env, req.logger);
+      if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
+        req.logger.info(() => ({
+          msg: "Maintenance mode active - returning verified for image captcha verification"
+        }));
+        const verificationResponse = {
+          status: "ok",
+          verified: true
+        };
+        return res.json(verificationResponse);
+      }
       let parsed;
       try {
         parsed = types.VerifySolutionBody.parse(req.body);
@@ -47,7 +58,8 @@ function prosopoVerifyRouter(env) {
           commitmentId,
           env,
           maxVerifiedTime,
-          ip
+          ip,
+          clientRecord.settings.disallowWebView
         );
         req.logger.debug(() => ({ data: { response } }));
         const verificationResponse = tasks$1.imgCaptchaManager.getVerificationResponse(
@@ -74,6 +86,16 @@ function prosopoVerifyRouter(env) {
     types.ClientApiPaths.VerifyPowCaptchaSolution,
     async (req, res, next) => {
       const tasks$1 = new tasks.Tasks(env, req.logger);
+      if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
+        req.logger.info(() => ({
+          msg: "Maintenance mode active - returning verified for PoW captcha verification"
+        }));
+        const verificationResponse = {
+          status: "ok",
+          verified: true
+        };
+        return res.json(verificationResponse);
+      }
       let parsed;
       try {
         parsed = types.ServerPowCaptchaVerifyRequestBody.parse(req.body);

package/dist/cjs/tasks/captchaManager.cjs CHANGED Viewed

@@ -3,29 +3,14 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const common = require("@prosopo/common");
 const types = require("@prosopo/types");
 const blacklistRequestInspector = require("../api/blacklistRequestInspector.cjs");
+var _documentCurrentScript = typeof document !== "undefined" ? document.currentScript : null;
 class CaptchaManager {
   constructor(db, pair, logger) {
     this.pair = pair;
     this.db = db;
-    this.logger = logger || common.getLogger("info", module);
+    this.logger = logger || common.getLogger("info", typeof document === "undefined" ? require("url").pathToFileURL(__filename).href : _documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === "SCRIPT" && _documentCurrentScript.src || new URL("tasks/captchaManager.cjs", document.baseURI).href);
   }
-  async getFrictionlessTokenIdFromSession(sessionRecord) {
-    const tokenRecord = await this.db.getFrictionlessTokenRecordByTokenId(
-      sessionRecord.tokenId
-    );
-    return tokenRecord ? tokenRecord._id : void 0;
-  }
-  async validateFrictionlessTokenIP(sessionRecord, currentIP, env) {
-    const tokenRecord = await this.db.getFrictionlessTokenRecordByTokenId(
-      sessionRecord.tokenId
-    );
-    if (!tokenRecord) {
-      this.logger.info(() => ({
-        msg: "No frictionless token found for session",
-        data: { sessionId: sessionRecord.sessionId }
-      }));
-      return { valid: false, reason: "CAPTCHA.NO_SESSION_FOUND" };
-    }
+  async validateSessionIP(sessionRecord, currentIP, env) {
     return { valid: true };
   }
   async isValidRequest(clientSettings, requestedCaptchaType, env, sessionId, userAccessPolicy, currentIP) {
@@ -68,7 +53,7 @@ class CaptchaManager {
           };
         }
         if (currentIP) {
-          const ipValidation = await this.validateFrictionlessTokenIP(
+          const ipValidation = await this.validateSessionIP(
             sessionRecord,
             currentIP,
             env
@@ -81,7 +66,6 @@ class CaptchaManager {
             };
           }
         }
-        const frictionlessTokenId = await this.getFrictionlessTokenIdFromSession(sessionRecord);
         if (sessionRecord.captchaType !== requestedCaptchaType) {
           this.logger.warn(() => ({
             msg: "Invalid frictionless request",
@@ -98,7 +82,7 @@ class CaptchaManager {
         }
         return {
           valid: true,
-          frictionlessTokenId,
+          sessionId: sessionRecord.sessionId,
           type: requestedCaptchaType,
           ...sessionRecord.powDifficulty && {
             powDifficulty: sessionRecord.powDifficulty

package/dist/cjs/tasks/client/clientTasks.cjs CHANGED Viewed

@@ -102,44 +102,11 @@ class ClientTaskManager {
         async (skip) => await this.providerDB.getUnstoredSessionRecords(BATCH_SIZE, skip),
         async (batch) => {
           const filteredBatch = lastTask?.updated ? batch.filter((record) => this.isRecordUpdated(record)) : batch;
-          const frictionlessTokenRecords = await this.providerDB.getFrictionlessTokenRecordsByTokenIds(
-            filteredBatch.map((record) => record.tokenId)
-          );
-          this.logger.info(() => ({
-            msg: `Frictionless token records: ${frictionlessTokenRecords.length}`
-          }));
-          const filteredBatchWithScores = filteredBatch.map((record) => {
-            const tokenRecord = frictionlessTokenRecords.find(
-              (tokenRecord2) => tokenRecord2._id?.toString() === record.tokenId.toString()
-            );
-            if (!tokenRecord) {
-              this.logger.error(() => ({
-                msg: "No token record found",
-                data: { tokenId: record.tokenId }
-              }));
-              return {
-                ...record,
-                score: 0,
-                scoreComponents: {
-                  baseScore: 0
-                },
-                threshold: 0
-              };
-            }
-            const { _id, token, ...tokenRecordWithoutId } = tokenRecord;
-            return {
-              ...record,
-              ...tokenRecordWithoutId
-            };
-          });
           if (filteredBatch.length > 0) {
-            await captchaDB.saveCaptchas(filteredBatchWithScores, [], []);
+            await captchaDB.saveCaptchas(filteredBatch, [], []);
             await this.providerDB.markSessionRecordsStored(
               filteredBatch.map((record) => record.sessionId)
             );
-            await this.providerDB.markFrictionlessTokenRecordsStored(
-              filteredBatch.map((record) => record.tokenId).filter((id) => !!id)
-            );
           }
           processedSessionRecords += filteredBatch.length;
         }
@@ -196,7 +163,7 @@ class ClientTaskManager {
         this.logger
       );
       const tenMinuteWindow = 10 * 60 * 1e3;
-      const updatedAtTimestamp = lastTask?.updated ? lastTask.updated - tenMinuteWindow || 0 : 0;
+      const updatedAtTimestamp = lastTask?.updated ? lastTask.updated.getTime() - tenMinuteWindow || 0 : 0;
       this.logger.info(() => ({
         msg: `Getting updated client records since ${new Date(updatedAtTimestamp).toDateString()}`
       }));
@@ -295,7 +262,7 @@ class ClientTaskManager {
   }
   isRecordUpdated(record) {
     const { lastUpdatedTimestamp, storedAtTimestamp } = record;
-    return !lastUpdatedTimestamp || !storedAtTimestamp || lastUpdatedTimestamp > storedAtTimestamp;
+    return !lastUpdatedTimestamp || !storedAtTimestamp || lastUpdatedTimestamp.getTime() > storedAtTimestamp.getTime();
   }
   async processBatchesWithCursor(fetchBatch, processBatch) {
     let skip = 0;