@prosopo/provider 3.12.3 → 3.13.0

package/dist/api/captcha/getImageCaptchaChallenge.js

@@ -0,0 +1,150 @@
+import { ProsopoApiError } from "@prosopo/common";
+import { parseCaptchaAssets } from "@prosopo/datasets";
+import { CaptchaRequestBody, CaptchaType, ApiParams } from "@prosopo/types";
+import { getIPAddress, flatten } from "@prosopo/util";
+import "../../tasks/index.js";
+import { getRequestUserScope } from "../blacklistRequestInspector.js";
+import { validateSiteKey, validateAddr } from "../validateAddress.js";
+import { Tasks } from "../../tasks/tasks.js";
+const getImageCaptchaChallenge = (env, userAccessRulesStorage) => async (req, res, next) => {
+  const tasks = new Tasks(env, req.logger);
+  let parsed;
+  if (!req.ip) {
+    return next(
+      new ProsopoApiError("API.BAD_REQUEST", {
+        context: { code: 400, error: "IP address not found" },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+  const ipAddress = getIPAddress(req.ip || "");
+  try {
+    parsed = CaptchaRequestBody.parse(req.body);
+  } catch (err) {
+    return next(
+      new ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+        context: { code: 400, error: err },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+  const { datasetId, user, dapp, sessionId } = parsed;
+  validateSiteKey(dapp);
+  validateAddr(user);
+  try {
+    const clientRecord = await tasks.db.getClientRecord(dapp);
+    if (!clientRecord) {
+      return next(
+        new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+          context: { code: 400, siteKey: dapp },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const userScope = getRequestUserScope(
+      flatten(req.headers),
+      req.ja4,
+      req.ip,
+      user
+    );
+    const userAccessPolicy = (await tasks.imgCaptchaManager.getPrioritisedAccessPolicies(
+      userAccessRulesStorage,
+      dapp,
+      userScope
+    ))[0];
+    const {
+      valid,
+      reason,
+      sessionId: validSessionId,
+      solvedImagesCount
+    } = await tasks.imgCaptchaManager.isValidRequest(
+      clientRecord,
+      CaptchaType.image,
+      env,
+      sessionId,
+      userAccessPolicy,
+      req.ip
+    );
+    if (!valid) {
+      return next(
+        new ProsopoApiError(reason || "API.BAD_REQUEST", {
+          context: {
+            code: 400,
+            siteKey: dapp,
+            user
+          },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const captchaConfig = {
+      solved: {
+        count: solvedImagesCount || userAccessPolicy?.solvedImagesCount || env.config.captchas.solved.count
+      },
+      unsolved: {
+        count: userAccessPolicy?.unsolvedImagesCount || env.config.captchas.unsolved.count
+      }
+    };
+    const taskData = await tasks.imgCaptchaManager.getRandomCaptchasAndRequestHash(
+      datasetId,
+      user,
+      ipAddress,
+      captchaConfig,
+      clientRecord.settings.imageThreshold ?? 0.8,
+      validSessionId
+    );
+    const captchaResponse = {
+      [ApiParams.status]: "ok",
+      [ApiParams.captchas]: taskData.captchas.map((captcha) => ({
+        ...captcha,
+        target: req.t(`TARGET.${captcha.target}`),
+        items: captcha.items.map(
+          (item) => parseCaptchaAssets(item, env.assetsResolver)
+        )
+      })),
+      [ApiParams.requestHash]: taskData.requestHash,
+      [ApiParams.timestamp]: taskData.timestamp.toString(),
+      [ApiParams.signature]: {
+        [ApiParams.provider]: {
+          [ApiParams.requestHash]: taskData.signedRequestHash
+        }
+      }
+    };
+    req.logger.info(() => ({
+      msg: "Image captcha challenge issued",
+      data: {
+        captchaType: CaptchaType.image,
+        requestHash: taskData.requestHash,
+        solvedImagesCount: captchaConfig.solved.count,
+        user,
+        dapp,
+        sessionId
+      }
+    }));
+    return res.json(captchaResponse);
+  } catch (err) {
+    req.logger.error(() => ({
+      err,
+      data: req.params,
+      msg: "Error in image captcha challenge request"
+    }));
+    return next(
+      new ProsopoApiError("API.BAD_REQUEST", {
+        context: {
+          error: err,
+          code: 500,
+          params: req.params
+        },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+};
+export {
+  getImageCaptchaChallenge as default
+};

package/dist/api/captcha/getPoWCaptchaChallenge.js

@@ -0,0 +1,156 @@
+import { ProsopoApiError } from "@prosopo/common";
+import { GetPowCaptchaChallengeRequestBody, CaptchaType, ApiParams } from "@prosopo/types";
+import { flatten } from "@prosopo/util";
+import { getCompositeIpAddress } from "../../compositeIpAddress.js";
+import "../../tasks/index.js";
+import { getRequestUserScope } from "../blacklistRequestInspector.js";
+import { validateSiteKey, validateAddr } from "../validateAddress.js";
+import { Tasks } from "../../tasks/tasks.js";
+const getPoWCaptchaChallenge = (env, userAccessRulesStorage) => async (req, res, next) => {
+  let parsed;
+  const tasks = new Tasks(env);
+  tasks.setLogger(req.logger);
+  try {
+    parsed = GetPowCaptchaChallengeRequestBody.parse(req.body);
+  } catch (err) {
+    return next(
+      new ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+        context: { code: 400, error: err },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+  const { user, dapp, sessionId } = parsed;
+  validateSiteKey(dapp);
+  validateAddr(user);
+  try {
+    const clientSettings = await tasks.db.getClientRecord(dapp);
+    if (!clientSettings) {
+      return next(
+        new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+          context: { code: 400, siteKey: dapp },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const userScope = getRequestUserScope(
+      flatten(req.headers),
+      req.ja4,
+      req.ip,
+      user
+    );
+    const userAccessPolicy = (await tasks.powCaptchaManager.getPrioritisedAccessPolicies(
+      userAccessRulesStorage,
+      dapp,
+      userScope
+    ))[0];
+    const {
+      valid,
+      reason,
+      sessionId: validSessionId,
+      powDifficulty
+    } = await tasks.powCaptchaManager.isValidRequest(
+      clientSettings,
+      CaptchaType.pow,
+      env,
+      sessionId,
+      userAccessPolicy,
+      req.ip
+    );
+    if (!valid) {
+      return next(
+        new ProsopoApiError(reason || "API.BAD_REQUEST", {
+          context: {
+            code: 400,
+            siteKey: dapp,
+            user
+          },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const origin = req.headers.origin;
+    if (!origin) {
+      return next(
+        new ProsopoApiError("API.BAD_REQUEST", {
+          context: {
+            error: "Origin header not found",
+            code: 400,
+            siteKey: dapp,
+            user
+          },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const difficulty = powDifficulty || userAccessPolicy?.powDifficulty || clientSettings?.settings?.powDifficulty;
+    const challenge = await tasks.powCaptchaManager.getPowCaptchaChallenge(
+      user,
+      dapp,
+      origin,
+      difficulty
+    );
+    await tasks.db.storePowCaptchaRecord(
+      challenge.challenge,
+      {
+        requestedAtTimestamp: challenge.requestedAtTimestamp,
+        userAccount: user,
+        dappAccount: dapp
+      },
+      challenge.difficulty,
+      challenge.providerSignature,
+      getCompositeIpAddress(req.ip || ""),
+      flatten(req.headers),
+      req.ja4,
+      validSessionId
+    );
+    const getPowCaptchaResponse = {
+      [ApiParams.status]: "ok",
+      [ApiParams.challenge]: challenge.challenge,
+      [ApiParams.difficulty]: challenge.difficulty,
+      [ApiParams.timestamp]: challenge.requestedAtTimestamp.toString(),
+      [ApiParams.signature]: {
+        [ApiParams.provider]: {
+          [ApiParams.challenge]: challenge.providerSignature
+        }
+      }
+    };
+    req.logger.info(() => ({
+      msg: "PoW captcha challenge issued",
+      data: {
+        captchaType: CaptchaType.pow,
+        challenge: challenge.challenge,
+        difficulty: challenge.difficulty,
+        user,
+        dapp,
+        session: sessionId
+      }
+    }));
+    return res.json(getPowCaptchaResponse);
+  } catch (err) {
+    req.logger.error(() => ({
+      err,
+      body: req.body,
+      msg: "Error in PoW captcha challenge request"
+    }));
+    return next(
+      new ProsopoApiError("API.BAD_REQUEST", {
+        context: {
+          code: 500,
+          siteKey: req.body.dapp,
+          user: req.body.user,
+          error: err
+        },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+};
+export {
+  getPoWCaptchaChallenge as default
+};

package/dist/api/captcha/submitImageCaptchaSolution.js

@@ -0,0 +1,87 @@
+import { ProsopoApiError } from "@prosopo/common";
+import { CaptchaSolutionBody, ApiParams } from "@prosopo/types";
+import { getIPAddress, flatten } from "@prosopo/util";
+import "../../tasks/index.js";
+import { getMaintenanceMode } from "../admin/apiToggleMaintenanceModeEndpoint.js";
+import { validateSiteKey, validateAddr } from "../validateAddress.js";
+import { Tasks } from "../../tasks/tasks.js";
+const submitImageCaptchaSolution = (env, userAccessRulesStorage) => async (req, res, next) => {
+  const tasks = new Tasks(env, req.logger);
+  if (getMaintenanceMode()) {
+    req.logger.info(() => ({
+      msg: "Maintenance mode active - returning verified for image captcha"
+    }));
+    const result = {
+      status: "ok",
+      captchas: [],
+      verified: true
+    };
+    return res.json(result);
+  }
+  let parsed;
+  try {
+    parsed = CaptchaSolutionBody.parse(req.body);
+  } catch (err) {
+    return next(
+      new ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+        context: { code: 400, error: err, body: req.body },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+  const { user, dapp } = parsed;
+  validateSiteKey(dapp);
+  validateAddr(user);
+  try {
+    const clientRecord = await tasks.db.getClientRecord(parsed.dapp);
+    if (!clientRecord) {
+      return next(
+        new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+          context: { code: 400, siteKey: dapp },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const result = await tasks.imgCaptchaManager.dappUserSolution(
+      user,
+      dapp,
+      parsed[ApiParams.requestHash],
+      parsed[ApiParams.captchas],
+      parsed[ApiParams.signature].user.timestamp,
+      Number.parseInt(parsed[ApiParams.timestamp]),
+      parsed[ApiParams.signature].provider.requestHash,
+      getIPAddress(req.ip || ""),
+      flatten(req.headers),
+      req.ja4
+    );
+    const returnValue = {
+      status: req.i18n.t(
+        result.verified ? "API.CAPTCHA_PASSED" : "API.CAPTCHA_FAILED"
+      ),
+      ...result
+    };
+    return res.json(returnValue);
+  } catch (err) {
+    req.logger.error(() => ({
+      err,
+      body: req.body,
+      msg: "Error in image captcha solution submission"
+    }));
+    return next(
+      new ProsopoApiError("API.BAD_REQUEST", {
+        context: {
+          code: 500,
+          siteKey: req.body.dapp,
+          error: err
+        },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+};
+export {
+  submitImageCaptchaSolution as default
+};

package/dist/api/captcha/submitPoWCaptchaSolution.js

@@ -0,0 +1,77 @@
+import { ProsopoApiError } from "@prosopo/common";
+import { SubmitPowCaptchaSolutionBody } from "@prosopo/types";
+import { getIPAddress, flatten } from "@prosopo/util";
+import { Tasks } from "../../tasks/tasks.js";
+import { getMaintenanceMode } from "../admin/apiToggleMaintenanceModeEndpoint.js";
+import { validateSiteKey, validateAddr } from "../validateAddress.js";
+const submitPoWCaptchaSolution = (env) => async (req, res, next) => {
+  let parsed;
+  const tasks = new Tasks(env, req.logger);
+  if (getMaintenanceMode()) {
+    req.logger.info(() => ({
+      msg: "Maintenance mode active - returning verified"
+    }));
+    const response = {
+      status: "ok",
+      verified: true
+    };
+    return res.json(response);
+  }
+  try {
+    parsed = SubmitPowCaptchaSolutionBody.parse(req.body);
+  } catch (err) {
+    return next(
+      new ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+        context: { code: 400, error: err, body: req.body },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+  const { challenge, signature, nonce, verifiedTimeout, dapp, user } = parsed;
+  validateSiteKey(dapp);
+  validateAddr(user);
+  try {
+    const clientRecord = await tasks.db.getClientRecord(dapp);
+    if (!clientRecord) {
+      return next(
+        new ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+          context: { code: 400, siteKey: dapp },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const verified = await tasks.powCaptchaManager.verifyPowCaptchaSolution(
+      challenge,
+      signature.provider.challenge,
+      nonce,
+      verifiedTimeout,
+      signature.user.timestamp,
+      getIPAddress(req.ip || ""),
+      flatten(req.headers)
+    );
+    const response = { status: "ok", verified };
+    return res.json(response);
+  } catch (err) {
+    req.logger.error(() => ({
+      err,
+      body: req.body,
+      msg: "Error in PoW captcha solution submission"
+    }));
+    return next(
+      new ProsopoApiError("API.BAD_REQUEST", {
+        context: {
+          code: 500,
+          siteKey: req.body.dapp,
+          error: err
+        },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+};
+export {
+  submitPoWCaptchaSolution as default
+};