@prosopo/provider 3.12.3 → 3.13.0

package/dist/cjs/api/captcha/getPoWCaptchaChallenge.cjs

@@ -0,0 +1,155 @@
+"use strict";
+const common = require("@prosopo/common");
+const types = require("@prosopo/types");
+const util = require("@prosopo/util");
+const compositeIpAddress = require("../../compositeIpAddress.cjs");
+require("../../tasks/index.cjs");
+const blacklistRequestInspector = require("../blacklistRequestInspector.cjs");
+const validateAddress = require("../validateAddress.cjs");
+const tasks = require("../../tasks/tasks.cjs");
+const getPoWCaptchaChallenge = (env, userAccessRulesStorage) => async (req, res, next) => {
+  let parsed;
+  const tasks$1 = new tasks.Tasks(env);
+  tasks$1.setLogger(req.logger);
+  try {
+    parsed = types.GetPowCaptchaChallengeRequestBody.parse(req.body);
+  } catch (err) {
+    return next(
+      new common.ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+        context: { code: 400, error: err },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+  const { user, dapp, sessionId } = parsed;
+  validateAddress.validateSiteKey(dapp);
+  validateAddress.validateAddr(user);
+  try {
+    const clientSettings = await tasks$1.db.getClientRecord(dapp);
+    if (!clientSettings) {
+      return next(
+        new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+          context: { code: 400, siteKey: dapp },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const userScope = blacklistRequestInspector.getRequestUserScope(
+      util.flatten(req.headers),
+      req.ja4,
+      req.ip,
+      user
+    );
+    const userAccessPolicy = (await tasks$1.powCaptchaManager.getPrioritisedAccessPolicies(
+      userAccessRulesStorage,
+      dapp,
+      userScope
+    ))[0];
+    const {
+      valid,
+      reason,
+      sessionId: validSessionId,
+      powDifficulty
+    } = await tasks$1.powCaptchaManager.isValidRequest(
+      clientSettings,
+      types.CaptchaType.pow,
+      env,
+      sessionId,
+      userAccessPolicy,
+      req.ip
+    );
+    if (!valid) {
+      return next(
+        new common.ProsopoApiError(reason || "API.BAD_REQUEST", {
+          context: {
+            code: 400,
+            siteKey: dapp,
+            user
+          },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const origin = req.headers.origin;
+    if (!origin) {
+      return next(
+        new common.ProsopoApiError("API.BAD_REQUEST", {
+          context: {
+            error: "Origin header not found",
+            code: 400,
+            siteKey: dapp,
+            user
+          },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const difficulty = powDifficulty || userAccessPolicy?.powDifficulty || clientSettings?.settings?.powDifficulty;
+    const challenge = await tasks$1.powCaptchaManager.getPowCaptchaChallenge(
+      user,
+      dapp,
+      origin,
+      difficulty
+    );
+    await tasks$1.db.storePowCaptchaRecord(
+      challenge.challenge,
+      {
+        requestedAtTimestamp: challenge.requestedAtTimestamp,
+        userAccount: user,
+        dappAccount: dapp
+      },
+      challenge.difficulty,
+      challenge.providerSignature,
+      compositeIpAddress.getCompositeIpAddress(req.ip || ""),
+      util.flatten(req.headers),
+      req.ja4,
+      validSessionId
+    );
+    const getPowCaptchaResponse = {
+      [types.ApiParams.status]: "ok",
+      [types.ApiParams.challenge]: challenge.challenge,
+      [types.ApiParams.difficulty]: challenge.difficulty,
+      [types.ApiParams.timestamp]: challenge.requestedAtTimestamp.toString(),
+      [types.ApiParams.signature]: {
+        [types.ApiParams.provider]: {
+          [types.ApiParams.challenge]: challenge.providerSignature
+        }
+      }
+    };
+    req.logger.info(() => ({
+      msg: "PoW captcha challenge issued",
+      data: {
+        captchaType: types.CaptchaType.pow,
+        challenge: challenge.challenge,
+        difficulty: challenge.difficulty,
+        user,
+        dapp,
+        session: sessionId
+      }
+    }));
+    return res.json(getPowCaptchaResponse);
+  } catch (err) {
+    req.logger.error(() => ({
+      err,
+      body: req.body,
+      msg: "Error in PoW captcha challenge request"
+    }));
+    return next(
+      new common.ProsopoApiError("API.BAD_REQUEST", {
+        context: {
+          code: 500,
+          siteKey: req.body.dapp,
+          user: req.body.user,
+          error: err
+        },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+};
+module.exports = getPoWCaptchaChallenge;

package/dist/cjs/api/captcha/submitImageCaptchaSolution.cjs

@@ -0,0 +1,86 @@
+"use strict";
+const common = require("@prosopo/common");
+const types = require("@prosopo/types");
+const util = require("@prosopo/util");
+require("../../tasks/index.cjs");
+const apiToggleMaintenanceModeEndpoint = require("../admin/apiToggleMaintenanceModeEndpoint.cjs");
+const validateAddress = require("../validateAddress.cjs");
+const tasks = require("../../tasks/tasks.cjs");
+const submitImageCaptchaSolution = (env, userAccessRulesStorage) => async (req, res, next) => {
+  const tasks$1 = new tasks.Tasks(env, req.logger);
+  if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
+    req.logger.info(() => ({
+      msg: "Maintenance mode active - returning verified for image captcha"
+    }));
+    const result = {
+      status: "ok",
+      captchas: [],
+      verified: true
+    };
+    return res.json(result);
+  }
+  let parsed;
+  try {
+    parsed = types.CaptchaSolutionBody.parse(req.body);
+  } catch (err) {
+    return next(
+      new common.ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+        context: { code: 400, error: err, body: req.body },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+  const { user, dapp } = parsed;
+  validateAddress.validateSiteKey(dapp);
+  validateAddress.validateAddr(user);
+  try {
+    const clientRecord = await tasks$1.db.getClientRecord(parsed.dapp);
+    if (!clientRecord) {
+      return next(
+        new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+          context: { code: 400, siteKey: dapp },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const result = await tasks$1.imgCaptchaManager.dappUserSolution(
+      user,
+      dapp,
+      parsed[types.ApiParams.requestHash],
+      parsed[types.ApiParams.captchas],
+      parsed[types.ApiParams.signature].user.timestamp,
+      Number.parseInt(parsed[types.ApiParams.timestamp]),
+      parsed[types.ApiParams.signature].provider.requestHash,
+      util.getIPAddress(req.ip || ""),
+      util.flatten(req.headers),
+      req.ja4
+    );
+    const returnValue = {
+      status: req.i18n.t(
+        result.verified ? "API.CAPTCHA_PASSED" : "API.CAPTCHA_FAILED"
+      ),
+      ...result
+    };
+    return res.json(returnValue);
+  } catch (err) {
+    req.logger.error(() => ({
+      err,
+      body: req.body,
+      msg: "Error in image captcha solution submission"
+    }));
+    return next(
+      new common.ProsopoApiError("API.BAD_REQUEST", {
+        context: {
+          code: 500,
+          siteKey: req.body.dapp,
+          error: err
+        },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+};
+module.exports = submitImageCaptchaSolution;

package/dist/cjs/api/captcha/submitPoWCaptchaSolution.cjs

@@ -0,0 +1,76 @@
+"use strict";
+const common = require("@prosopo/common");
+const types = require("@prosopo/types");
+const util = require("@prosopo/util");
+const tasks = require("../../tasks/tasks.cjs");
+const apiToggleMaintenanceModeEndpoint = require("../admin/apiToggleMaintenanceModeEndpoint.cjs");
+const validateAddress = require("../validateAddress.cjs");
+const submitPoWCaptchaSolution = (env) => async (req, res, next) => {
+  let parsed;
+  const tasks$1 = new tasks.Tasks(env, req.logger);
+  if (apiToggleMaintenanceModeEndpoint.getMaintenanceMode()) {
+    req.logger.info(() => ({
+      msg: "Maintenance mode active - returning verified"
+    }));
+    const response = {
+      status: "ok",
+      verified: true
+    };
+    return res.json(response);
+  }
+  try {
+    parsed = types.SubmitPowCaptchaSolutionBody.parse(req.body);
+  } catch (err) {
+    return next(
+      new common.ProsopoApiError("CAPTCHA.PARSE_ERROR", {
+        context: { code: 400, error: err, body: req.body },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+  const { challenge, signature, nonce, verifiedTimeout, dapp, user } = parsed;
+  validateAddress.validateSiteKey(dapp);
+  validateAddress.validateAddr(user);
+  try {
+    const clientRecord = await tasks$1.db.getClientRecord(dapp);
+    if (!clientRecord) {
+      return next(
+        new common.ProsopoApiError("API.SITE_KEY_NOT_REGISTERED", {
+          context: { code: 400, siteKey: dapp },
+          i18n: req.i18n,
+          logger: req.logger
+        })
+      );
+    }
+    const verified = await tasks$1.powCaptchaManager.verifyPowCaptchaSolution(
+      challenge,
+      signature.provider.challenge,
+      nonce,
+      verifiedTimeout,
+      signature.user.timestamp,
+      util.getIPAddress(req.ip || ""),
+      util.flatten(req.headers)
+    );
+    const response = { status: "ok", verified };
+    return res.json(response);
+  } catch (err) {
+    req.logger.error(() => ({
+      err,
+      body: req.body,
+      msg: "Error in PoW captcha solution submission"
+    }));
+    return next(
+      new common.ProsopoApiError("API.BAD_REQUEST", {
+        context: {
+          code: 500,
+          siteKey: req.body.dapp,
+          error: err
+        },
+        i18n: req.i18n,
+        logger: req.logger
+      })
+    );
+  }
+};
+module.exports = submitPoWCaptchaSolution;