npm - @prosopo/provider - Versions diffs - 3.12.3 → 3.13.0 - Mend

@prosopo/provider 3.12.3 → 3.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/CHANGELOG.md +214 -0
package/dist/api/admin/apiAdminRoutesProvider.js +13 -18
package/dist/api/admin/apiToggleMaintenanceModeEndpoint.js +40 -0
package/dist/api/blacklistRequestInspector.js +4 -4
package/dist/api/captcha/getFrictionlessCaptchaChallenge.js +338 -0
package/dist/api/captcha/getImageCaptchaChallenge.js +150 -0
package/dist/api/captcha/getPoWCaptchaChallenge.js +156 -0
package/dist/api/captcha/submitImageCaptchaSolution.js +87 -0
package/dist/api/captcha/submitPoWCaptchaSolution.js +77 -0
package/dist/api/captcha.js +18 -606
package/dist/api/verify.js +24 -1
package/dist/cjs/api/admin/apiAdminRoutesProvider.cjs +13 -18
package/dist/cjs/api/admin/apiRegisterSiteKeyEndpoint.cjs +2 -1
package/dist/cjs/api/admin/apiRemoveDetectorKeyEndpoint.cjs +3 -2
package/dist/cjs/api/admin/apiToggleMaintenanceModeEndpoint.cjs +41 -0
package/dist/cjs/api/blacklistRequestInspector.cjs +3 -3
package/dist/cjs/api/captcha/getFrictionlessCaptchaChallenge.cjs +337 -0
package/dist/cjs/api/captcha/getImageCaptchaChallenge.cjs +149 -0
package/dist/cjs/api/captcha/getPoWCaptchaChallenge.cjs +155 -0
package/dist/cjs/api/captcha/submitImageCaptchaSolution.cjs +86 -0
package/dist/cjs/api/captcha/submitPoWCaptchaSolution.cjs +76 -0
package/dist/cjs/api/captcha.cjs +17 -605
package/dist/cjs/api/ja4Middleware.cjs +2 -1
package/dist/cjs/api/verify.cjs +24 -1
package/dist/cjs/index.cjs +2 -0
package/dist/cjs/schedulers/setClientEntropy.cjs +36 -0
package/dist/cjs/tasks/captchaManager.cjs +7 -22
package/dist/cjs/tasks/client/clientTasks.cjs +18 -36
package/dist/cjs/tasks/detection/decodePayload.cjs +385 -714
package/dist/cjs/tasks/detection/getBotScore.cjs +15 -2
package/dist/cjs/tasks/frictionless/frictionlessTasks.cjs +136 -30
package/dist/cjs/tasks/imgCaptcha/imgCaptchaTasks.cjs +25 -13
package/dist/cjs/tasks/powCaptcha/powTasks.cjs +8 -8
package/dist/cjs/tasks/tasks.cjs +1 -0
package/dist/cjs/util.cjs +14 -1
package/dist/cjs/utils/hashUserIp.cjs +9 -0
package/dist/index.js +2 -0
package/dist/schedulers/setClientEntropy.js +36 -0
package/dist/tasks/captchaManager.js +5 -21
package/dist/tasks/client/clientTasks.js +19 -37
package/dist/tasks/detection/decodePayload.js +385 -714
package/dist/tasks/detection/getBotScore.js +17 -4
package/dist/tasks/frictionless/frictionlessTasks.js +137 -31
package/dist/tasks/imgCaptcha/imgCaptchaTasks.js +25 -13
package/dist/tasks/powCaptcha/powTasks.js +8 -8
package/dist/tasks/tasks.js +1 -0
package/dist/util.js +14 -1
package/dist/utils/hashUserIp.js +9 -0
package/package.json +24 -25

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,219 @@
 # @prosopo/provider
+## 3.13.0
+### Minor Changes
+- bb5f41c: Context awareness
+### Patch Changes
+- fdef625: fix maint mode
+- 55a64c6: stop refresh image to pow
+- aa8216a: bump
+- 8ce9205: Change engine requirements
+- 6ac5367: Less drastic reaction to bad sim score
+- b6e98b2: Run npm audit
+- 55a64c6: Persist sessions for user ip combinations
+- Updated dependencies [8ce9205]
+- Updated dependencies [15ae7cf]
+- Updated dependencies [bb5f41c]
+- Updated dependencies [55a64c6]
+- Updated dependencies [8ce9205]
+- Updated dependencies [df79c03]
+- Updated dependencies [8f22479]
+- Updated dependencies [b6e98b2]
+- Updated dependencies [55a64c6]
+  - @prosopo/user-access-policy@3.5.28
+  - @prosopo/types@3.6.0
+  - @prosopo/types-database@4.0.0
+  - @prosopo/database@3.5.0
+  - @prosopo/util@3.2.0
+  - @prosopo/api-express-router@3.0.34
+  - @prosopo/load-balancer@2.8.9
+  - @prosopo/util-crypto@13.5.24
+  - @prosopo/api-route@2.6.30
+  - @prosopo/types-env@2.7.47
+  - @prosopo/datasets@3.0.43
+  - @prosopo/keyring@2.8.36
+  - @prosopo/common@3.1.22
+  - @prosopo/locale@3.1.22
+  - @prosopo/api@3.1.33
+  - @prosopo/env@3.2.22
+  - @prosopo/config@3.1.22
+## 3.12.14
+### Patch Changes
+- Updated dependencies [8f1773a]
+  - @prosopo/types@3.5.11
+  - @prosopo/api@3.1.32
+  - @prosopo/api-express-router@3.0.33
+  - @prosopo/database@3.4.13
+  - @prosopo/datasets@3.0.42
+  - @prosopo/env@3.2.21
+  - @prosopo/keyring@2.8.35
+  - @prosopo/load-balancer@2.8.8
+  - @prosopo/types-database@3.3.13
+  - @prosopo/types-env@2.7.46
+  - @prosopo/user-access-policy@3.5.27
+## 3.12.13
+### Patch Changes
+- cb8ab85: head entropy for bot detection
+- Updated dependencies [cb8ab85]
+  - @prosopo/types-database@3.3.12
+  - @prosopo/types@3.5.10
+  - @prosopo/api@3.1.31
+  - @prosopo/database@3.4.12
+  - @prosopo/datasets@3.0.41
+  - @prosopo/types-env@2.7.45
+  - @prosopo/api-express-router@3.0.32
+  - @prosopo/env@3.2.20
+  - @prosopo/keyring@2.8.34
+  - @prosopo/load-balancer@2.8.7
+  - @prosopo/user-access-policy@3.5.26
+## 3.12.12
+### Patch Changes
+- 43907e8: Convert timestamp fields from numbers to Date objects throughout codebase
+- b4639ec: Merge frictionless tokens into sessions
+- 7101036: Force consistent IPs logic
+- Updated dependencies [43907e8]
+- Updated dependencies [b4639ec]
+- Updated dependencies [005ce66]
+- Updated dependencies [b58046d]
+- Updated dependencies [7101036]
+  - @prosopo/types-database@3.3.11
+  - @prosopo/types@3.5.9
+  - @prosopo/database@3.4.11
+  - @prosopo/user-access-policy@3.5.25
+  - @prosopo/load-balancer@2.8.6
+  - @prosopo/util@3.1.7
+  - @prosopo/datasets@3.0.40
+  - @prosopo/types-env@2.7.44
+  - @prosopo/api@3.1.30
+  - @prosopo/api-express-router@3.0.31
+  - @prosopo/env@3.2.19
+  - @prosopo/keyring@2.8.33
+## 3.12.11
+### Patch Changes
+- 4b6dc9d: Block at verify
+- e5c259d: .
+- 6420187: Save iframe
+- Updated dependencies [b10a65f]
+- Updated dependencies [e5c259d]
+- Updated dependencies [6420187]
+  - @prosopo/types-database@3.3.10
+  - @prosopo/types@3.5.8
+  - @prosopo/database@3.4.10
+  - @prosopo/datasets@3.0.39
+  - @prosopo/types-env@2.7.43
+  - @prosopo/api@3.1.29
+  - @prosopo/api-express-router@3.0.30
+  - @prosopo/env@3.2.18
+  - @prosopo/keyring@2.8.32
+  - @prosopo/load-balancer@2.8.5
+  - @prosopo/user-access-policy@3.5.24
+## 3.12.10
+### Patch Changes
+- b8185a4: feat/uap-rules-syncer
+- 3a027ef: Fix session storer
+- 3a027ef: Release cycle
+- Updated dependencies [c9d8fdf]
+- Updated dependencies [b8185a4]
+- Updated dependencies [3a027ef]
+- Updated dependencies [3a027ef]
+  - @prosopo/user-access-policy@3.5.23
+  - @prosopo/api@3.1.28
+  - @prosopo/common@3.1.21
+  - @prosopo/api-express-router@3.0.29
+  - @prosopo/api-route@2.6.29
+  - @prosopo/database@3.4.9
+  - @prosopo/config@3.1.21
+  - @prosopo/types-database@3.3.9
+  - @prosopo/datasets@3.0.38
+  - @prosopo/env@3.2.17
+  - @prosopo/keyring@2.8.31
+  - @prosopo/load-balancer@2.8.4
+  - @prosopo/types-env@2.7.42
+  - @prosopo/locale@3.1.21
+  - @prosopo/types@3.5.7
+  - @prosopo/util@3.1.6
+  - @prosopo/util-crypto@13.5.23
+## 3.12.9
+### Patch Changes
+- 8491159: Store webview
+## 3.12.8
+### Patch Changes
+- 5d11a81: Adding maintenance mode
+- Updated dependencies [5d11a81]
+  - @prosopo/types@3.5.6
+  - @prosopo/api@3.1.27
+  - @prosopo/api-express-router@3.0.28
+  - @prosopo/database@3.4.8
+  - @prosopo/datasets@3.0.37
+  - @prosopo/env@3.2.16
+  - @prosopo/keyring@2.8.30
+  - @prosopo/load-balancer@2.8.3
+  - @prosopo/types-database@3.3.8
+  - @prosopo/types-env@2.7.41
+  - @prosopo/user-access-policy@3.5.22
+## 3.12.7
+### Patch Changes
+- cbc5d8e: Additional logging
+## 3.12.6
+### Patch Changes
+- 494c5a8: Updated payload
+- Updated dependencies [494c5a8]
+  - @prosopo/types-database@3.3.7
+  - @prosopo/types@3.5.5
+  - @prosopo/database@3.4.7
+  - @prosopo/datasets@3.0.36
+  - @prosopo/types-env@2.7.40
+  - @prosopo/api@3.1.26
+  - @prosopo/api-express-router@3.0.27
+  - @prosopo/env@3.2.15
+  - @prosopo/keyring@2.8.29
+  - @prosopo/load-balancer@2.8.2
+  - @prosopo/user-access-policy@3.5.21
+## 3.12.5
+### Patch Changes
+- 4ba029e: repo maintainance
+## 3.12.4
+### Patch Changes
+- 08ff50f: Hot fix country code
+- Updated dependencies [08ff50f]
+- Updated dependencies [08ff50f]
+  - @prosopo/types-database@3.3.6
+  - @prosopo/types@3.5.4
+  - @prosopo/database@3.4.6
+  - @prosopo/datasets@3.0.35
+  - @prosopo/types-env@2.7.39
+  - @prosopo/api@3.1.25
+  - @prosopo/api-express-router@3.0.26
+  - @prosopo/env@3.2.14
+  - @prosopo/keyring@2.8.28
+  - @prosopo/load-balancer@2.8.1
+  - @prosopo/user-access-policy@3.5.20
 ## 3.12.3
 ### Patch Changes

package/dist/api/admin/apiAdminRoutesProvider.js CHANGED Viewed

@@ -1,30 +1,25 @@
 import { AdminApiPaths } from "@prosopo/types";
 import { ApiRegisterSiteKeyEndpoint } from "./apiRegisterSiteKeyEndpoint.js";
 import { ApiRemoveDetectorKeyEndpoint } from "./apiRemoveDetectorKeyEndpoint.js";
+import { ApiToggleMaintenanceModeEndpoint } from "./apiToggleMaintenanceModeEndpoint.js";
 import { ApiUpdateDetectorKeyEndpoint } from "./apiUpdateDetectorKeyEndpoint.js";
 class ApiAdminRoutesProvider {
   constructor(tasks) {
     this.tasks = tasks;
   }
   getRoutes() {
-    return [
-      {
-        path: AdminApiPaths.SiteKeyRegister,
-        endpoint: new ApiRegisterSiteKeyEndpoint(this.tasks.clientTaskManager)
-      },
-      {
-        path: AdminApiPaths.UpdateDetectorKey,
-        endpoint: new ApiUpdateDetectorKeyEndpoint(
-          this.tasks.clientTaskManager
-        )
-      },
-      {
-        path: AdminApiPaths.RemoveDetectorKey,
-        endpoint: new ApiRemoveDetectorKeyEndpoint(
-          this.tasks.clientTaskManager
-        )
-      }
-    ];
+    return {
+      [AdminApiPaths.SiteKeyRegister]: new ApiRegisterSiteKeyEndpoint(
+        this.tasks.clientTaskManager
+      ),
+      [AdminApiPaths.UpdateDetectorKey]: new ApiUpdateDetectorKeyEndpoint(
+        this.tasks.clientTaskManager
+      ),
+      [AdminApiPaths.RemoveDetectorKey]: new ApiRemoveDetectorKeyEndpoint(
+        this.tasks.clientTaskManager
+      ),
+      [AdminApiPaths.ToggleMaintenanceMode]: new ApiToggleMaintenanceModeEndpoint()
+    };
   }
 }
 export {

package/dist/api/admin/apiToggleMaintenanceModeEndpoint.js ADDED Viewed

@@ -0,0 +1,40 @@
+import { ApiEndpointResponseStatus } from "@prosopo/api-route";
+import { getLogger } from "@prosopo/common";
+import { ToggleMaintenanceModeBody } from "@prosopo/types";
+function getMaintenanceMode() {
+  return process.env.MAINTENANCE_MODE?.toLowerCase() === "true";
+}
+function setMaintenanceMode(enabled) {
+  process.env.MAINTENANCE_MODE = enabled ? "true" : "false";
+}
+class ApiToggleMaintenanceModeEndpoint {
+  async processRequest(args, logger) {
+    const { enabled } = args;
+    logger = logger || getLogger("info", import.meta.url);
+    const previousMode = getMaintenanceMode();
+    logger.info(() => ({
+      data: { enabled, previous: previousMode },
+      msg: "Toggling maintenance mode"
+    }));
+    setMaintenanceMode(enabled);
+    const currentMode = getMaintenanceMode();
+    logger.info(() => ({
+      data: { enabled: currentMode },
+      msg: "Maintenance mode updated"
+    }));
+    return {
+      status: ApiEndpointResponseStatus.SUCCESS,
+      data: {
+        maintenanceMode: currentMode
+      }
+    };
+  }
+  getRequestArgsSchema() {
+    return ToggleMaintenanceModeBody;
+  }
+}
+export {
+  ApiToggleMaintenanceModeEndpoint,
+  getMaintenanceMode,
+  setMaintenanceMode
+};

package/dist/api/blacklistRequestInspector.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { ApiPrefix } from "@prosopo/types";
-import { userScopeInputSchema, ScopeMatch, AccessPolicyType } from "@prosopo/user-access-policy";
+import { userScopeInput, FilterScopeMatch, AccessPolicyType } from "@prosopo/user-access-policy";
 import { uniqueSubsets } from "@prosopo/util";
 const getRequestUserScope = (requestHeaders, ja4, ip, user) => {
   const userAgent = requestHeaders["user-agent"] ? requestHeaders["user-agent"].toString() : void 0;
@@ -32,16 +32,16 @@ const getPrioritisedAccessRule = async (userAccessRulesStorage, userScope, clien
       if (Object.values(scope).every((value) => value === void 0)) {
         continue;
       }
-      const parsedUserScope = userScopeInputSchema.parse(scope);
+      const parsedUserScope = userScopeInput.parse(scope);
       const filter = {
         ...clientOrUndefined && {
           policyScope: {
             clientId: clientOrUndefined
           }
         },
-        policyScopeMatch: ScopeMatch.Exact,
+        policyScopeMatch: FilterScopeMatch.Exact,
         userScope: parsedUserScope,
-        userScopeMatch: ScopeMatch.Exact
+        userScopeMatch: FilterScopeMatch.Exact
       };
       policyPromises.push(userAccessRulesStorage.findRules(filter, true, true));
     }

package/dist/api/captcha/getFrictionlessCaptchaChallenge.js ADDED Viewed

@@ -0,0 +1,338 @@
+import { ProsopoApiError } from "@prosopo/common";
+import { GetFrictionlessCaptchaChallengeRequestBody, ApiParams, CaptchaType } from "@prosopo/types";
+import { flatten, compareBinaryStrings } from "@prosopo/util";
+import { getCompositeIpAddress } from "../../compositeIpAddress.js";
+import { FrictionlessReason, FrictionlessManager } from "../../tasks/frictionless/frictionlessTasks.js";
+import { timestampDecayFunction } from "../../tasks/frictionless/frictionlessTasksUtils.js";
+import "../../tasks/index.js";
+import { hashUserAgent } from "../../utils/hashUserAgent.js";
+import { hashUserIp } from "../../utils/hashUserIp.js";
+import { getMaintenanceMode } from "../admin/apiToggleMaintenanceModeEndpoint.js";
+import { getRequestUserScope } from "../blacklistRequestInspector.js";
+import { Tasks } from "../../tasks/tasks.js";
+const DEFAULT_FRICTIONLESS_THRESHOLD = 0.5;
+const getRoundsFromSimScore = (simScore) => {
+  if (simScore >= 0.9) return 0;
+  if (simScore >= 0.8) return 3;
+  if (simScore >= 0.7) return 4;
+  if (simScore >= 0.6) return 6;
+  if (simScore >= 0.5) return 7;
+  return 8;
+};
+const getFrictionlessCaptchaChallenge = (env, userAccessRulesStorage) => async (req, res, next) => {
+  try {
+    const tasks = new Tasks(env, req.logger);
+    const { token, headHash, dapp, user } = GetFrictionlessCaptchaChallengeRequestBody.parse(req.body);
+    if (getMaintenanceMode()) {
+      req.logger.info(() => ({
+        msg: "Maintenance mode active - storing dummy token and sending PoW captcha",
+        data: { dapp, user }
+      }));
+      return res.json(
+        await tasks.frictionlessManager.sendPowCaptcha({
+          token,
+          score: 0,
+          threshold: 0.5,
+          scoreComponents: {
+            baseScore: 0
+          },
+          providerSelectEntropy: 0,
+          ipAddress: getCompositeIpAddress(req.ip || ""),
+          webView: false,
+          iFrame: false,
+          decryptedHeadHash: ""
+        })
+      );
+    }
+    const existingToken = await tasks.db.getSessionRecordByToken(token);
+    if (existingToken) {
+      req.logger.info(() => ({
+        token: existingToken,
+        msg: "Token has already been used"
+      }));
+      return next(
+        new ProsopoApiError("API.BAD_REQUEST", {
+          context: {
+            code: 400,
+            siteKey: dapp,
+            user
+          },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const userSitekeyIpHash = hashUserIp(user, req.ip || "", dapp);
+    const existingSession = await tasks.db.getSessionByuserSitekeyIpHash(userSitekeyIpHash);
+    if (existingSession) {
+      req.logger.info(() => ({
+        msg: "Reusing existing session for user-IP-sitekey combination",
+        data: {
+          userSitekeyIpHash,
+          sessionId: existingSession.sessionId,
+          captchaType: existingSession.captchaType
+        }
+      }));
+      return res.json({
+        [ApiParams.captchaType]: existingSession.captchaType,
+        [ApiParams.sessionId]: existingSession.sessionId,
+        [ApiParams.status]: "ok"
+      });
+    }
+    const lScore = tasks.frictionlessManager.checkLangRules(
+      req.headers["accept-language"] || ""
+    );
+    const {
+      baseBotScore,
+      timestamp,
+      providerSelectEntropy,
+      userId,
+      userAgent,
+      webView,
+      iFrame,
+      decryptedHeadHash
+    } = await tasks.frictionlessManager.decryptPayload(token, headHash);
+    req.logger.debug(() => ({
+      msg: "Decrypted payload",
+      data: {
+        baseBotScore,
+        timestamp,
+        providerSelectEntropy,
+        userId,
+        userAgent,
+        webView
+      }
+    }));
+    let botScore = baseBotScore + lScore;
+    const clientRecord = await tasks.db.getClientRecord(dapp);
+    if (!clientRecord) {
+      return next(
+        new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+          context: { code: 400, siteKey: dapp },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const { valid, reason } = await tasks.frictionlessManager.isValidRequest(
+      clientRecord,
+      CaptchaType.frictionless,
+      env
+    );
+    if (!valid) {
+      return next(
+        new ProsopoApiError(reason || "API.BAD_REQUEST", {
+          context: {
+            code: 400,
+            siteKey: dapp,
+            user
+          },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const botThreshold = clientRecord.settings?.frictionlessThreshold || DEFAULT_FRICTIONLESS_THRESHOLD;
+    let scoreComponents = {
+      baseScore: baseBotScore,
+      ...lScore && { lScore }
+    };
+    const ipAddress = getCompositeIpAddress(req.ip || "");
+    tasks.frictionlessManager.setSessionParams({
+      token,
+      score: botScore,
+      threshold: botThreshold,
+      scoreComponents,
+      providerSelectEntropy,
+      ipAddress,
+      webView,
+      iFrame,
+      decryptedHeadHash
+    });
+    const userScope = getRequestUserScope(
+      flatten(req.headers),
+      req.ja4,
+      req.ip,
+      user
+    );
+    const userAccessPolicy = (await tasks.frictionlessManager.getPrioritisedAccessPolicies(
+      userAccessRulesStorage,
+      dapp,
+      userScope
+    ))[0];
+    const headersUserAgent = req.headers["user-agent"];
+    const hashedHeadersUserAgent = headersUserAgent ? hashUserAgent(headersUserAgent) : "";
+    const headersProsopoUser = req.headers["prosopo-user"];
+    if (hashedHeadersUserAgent !== userAgent || headersProsopoUser !== userId) {
+      req.logger.info(() => ({
+        msg: "User agent or user id does not match",
+        data: {
+          headersUserAgent,
+          hashedHeadersUserAgent,
+          userAgent,
+          // This is the hashed user agent from the token
+          headersProsopoUser,
+          userId
+        }
+      }));
+      return res.json(
+        await tasks.frictionlessManager.sendImageCaptcha({
+          solvedImagesCount: timestampDecayFunction(timestamp),
+          userSitekeyIpHash,
+          reason: FrictionlessReason.USER_AGENT_MISMATCH
+        })
+      );
+    }
+    if (userAccessPolicy) {
+      const scoreUpdate = tasks.frictionlessManager.scoreIncreaseAccessPolicy(
+        userAccessPolicy,
+        baseBotScore,
+        botScore,
+        scoreComponents
+      );
+      botScore = scoreUpdate.score;
+      scoreComponents = scoreUpdate.scoreComponents;
+      tasks.frictionlessManager.updateScore(botScore, scoreComponents);
+      if (userAccessPolicy.captchaType === CaptchaType.image) {
+        return res.json(
+          await tasks.frictionlessManager.sendImageCaptcha({
+            solvedImagesCount: userAccessPolicy.solvedImagesCount,
+            userSitekeyIpHash,
+            reason: FrictionlessReason.USER_ACCESS_POLICY
+          })
+        );
+      }
+      if (userAccessPolicy.captchaType === CaptchaType.pow) {
+        return res.json(
+          await tasks.frictionlessManager.sendPowCaptcha({
+            userSitekeyIpHash,
+            reason: FrictionlessReason.USER_ACCESS_POLICY
+          })
+        );
+      }
+    }
+    if (clientRecord.settings.contextAware?.enabled) {
+      const clientEntropy = await tasks.frictionlessManager.getClientEntropy(
+        clientRecord.account
+      );
+      if (clientEntropy) {
+        if (!decryptedHeadHash) {
+          tasks.logger.info(() => ({
+            msg: "No decryptedHeadHash in session for context aware client"
+          }));
+          return next(
+            new ProsopoApiError("API.BAD_REQUEST", {
+              context: {
+                code: 400,
+                siteKey: dapp,
+                user
+              },
+              i18n: req.i18n,
+              logger: req.logger
+            })
+          );
+        }
+        const sim = compareBinaryStrings(decryptedHeadHash, clientEntropy);
+        const isValidContext = sim >= clientRecord.settings.contextAware.threshold;
+        if (!isValidContext) {
+          return res.json(
+            await tasks.frictionlessManager.sendImageCaptcha({
+              solvedImagesCount: getRoundsFromSimScore(sim),
+              userSitekeyIpHash,
+              reason: FrictionlessReason.CONTEXT_AWARE_VALIDATION_FAILED
+            })
+          );
+        }
+      }
+    }
+    if (clientRecord.settings.disallowWebView && webView) {
+      tasks.logger.info(() => ({
+        msg: "WebView detected"
+      }));
+      const scoreUpdate = tasks.frictionlessManager.scoreIncreaseWebView(
+        baseBotScore,
+        botScore,
+        scoreComponents
+      );
+      botScore = scoreUpdate.score;
+      scoreComponents = scoreUpdate.scoreComponents;
+      tasks.frictionlessManager.updateScore(botScore, scoreComponents);
+      return res.json(
+        await tasks.frictionlessManager.sendImageCaptcha({
+          solvedImagesCount: env.config.captchas.solved.count * 2,
+          userSitekeyIpHash,
+          reason: FrictionlessReason.WEBVIEW_DETECTED
+        })
+      );
+    }
+    if (FrictionlessManager.timestampTooOld(timestamp)) {
+      const scoreUpdate = tasks.frictionlessManager.scoreIncreaseTimestamp(
+        timestamp,
+        baseBotScore,
+        botScore,
+        scoreComponents
+      );
+      botScore = scoreUpdate.score;
+      scoreComponents = scoreUpdate.scoreComponents;
+      tasks.frictionlessManager.updateScore(botScore, scoreComponents);
+      return res.json(
+        await tasks.frictionlessManager.sendImageCaptcha({
+          solvedImagesCount: timestampDecayFunction(timestamp),
+          userSitekeyIpHash,
+          reason: FrictionlessReason.OLD_TIMESTAMP
+        })
+      );
+    }
+    const hostVerified = await tasks.frictionlessManager.hostVerified(
+      providerSelectEntropy
+    );
+    if (!hostVerified.verified) {
+      const scoreUpdate = tasks.frictionlessManager.scoreIncreaseUnverifiedHost(
+        hostVerified.domain,
+        baseBotScore,
+        botScore,
+        scoreComponents
+      );
+      botScore = scoreUpdate.score;
+      scoreComponents = scoreUpdate.scoreComponents;
+      tasks.frictionlessManager.updateScore(botScore, scoreComponents);
+    }
+    if (Number(botScore) > botThreshold) {
+      req.logger.info(() => ({
+        msg: "Bot score is greater than threshold",
+        data: {
+          botScore,
+          botThreshold,
+          token
+        }
+      }));
+      return res.json(
+        await tasks.frictionlessManager.sendImageCaptcha({
+          solvedImagesCount: env.config.captchas.solved.count,
+          userSitekeyIpHash,
+          reason: FrictionlessReason.BOT_SCORE_ABOVE_THRESHOLD
+        })
+      );
+    }
+    return res.json(
+      await tasks.frictionlessManager.sendPowCaptcha({
+        userSitekeyIpHash
+      })
+    );
+  } catch (err) {
+    req.logger.error(() => ({
+      err,
+      msg: "Error in frictionless captcha challenge"
+    }));
+    return next(
+      new ProsopoApiError("API.BAD_REQUEST", {
+        context: { code: 400, error: err },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+};
+export {
+  getFrictionlessCaptchaChallenge as default
+};