@prosopo/provider 3.2.5 → 3.12.3

package/dist/util.js

@@ -1,10 +1,11 @@
 import { hexToU8a } from "@polkadot/util/hex";
 import { isHex } from "@polkadot/util/is";
 import { ProsopoContractError, ProsopoEnvError } from "@prosopo/common";
-import { ScheduledTaskStatus } from "@prosopo/types";
+import { ScheduledTaskStatus, IPValidationAction } from "@prosopo/types";
 import { at } from "@prosopo/util";
 import { encodeAddress, decodeAddress } from "@prosopo/util-crypto";
 import { Address4, Address6 } from "ip-address";
+import { compareIPs } from "./services/ipComparison.js";
 function encodeStringAddress(address) {
   try {
     return encodeAddress(
@@ -61,7 +62,7 @@ const getIPAddressFromBigInt = (ipAddressBigInt) => {
     throw new ProsopoEnvError("API.INVALID_IP");
   }
 };
-const validateIpAddress = (ip, challengeRecordIpAddress, logger) => {
+const validateIpAddress = (ip, challengeIpAddress, logger) => {
   if (!ip) {
     return { isValid: true };
   }
@@ -74,27 +75,19 @@ const validateIpAddress = (ip, challengeRecordIpAddress, logger) => {
     logger.info(() => ({ msg: errorMessage }));
     return { isValid: false, errorMessage };
   }
-  let challengeIpV4orV6Address = getIPAddressFromBigInt(
-    challengeRecordIpAddress
-  );
   ipV4orV6Address = "address4" in ipV4orV6Address && ipV4orV6Address.address4 ? ipV4orV6Address.address4 : ipV4orV6Address;
-  challengeIpV4orV6Address = "address4" in challengeIpV4orV6Address && challengeIpV4orV6Address.address4 ? challengeIpV4orV6Address.address4 : challengeIpV4orV6Address;
-  if (ipV4orV6Address.v4 && !challengeIpV4orV6Address.v4) {
-    challengeIpV4orV6Address = new Address4(
-      challengeIpV4orV6Address.to4().correctForm()
-    );
-  }
-  if (!ipV4orV6Address.v4 && challengeIpV4orV6Address.v4) {
-    ipV4orV6Address = new Address6(
-      ipV4orV6Address.to4().correctForm()
+  challengeIpAddress = "address4" in challengeIpAddress && challengeIpAddress.address4 ? challengeIpAddress.address4 : challengeIpAddress;
+  if (ipV4orV6Address.v4 && !challengeIpAddress.v4) {
+    challengeIpAddress = new Address4(
+      challengeIpAddress.to4().correctForm()
     );
   }
-  if (challengeIpV4orV6Address.bigInt() - ipV4orV6Address.bigInt() !== 0n) {
-    const errorMessage = `IP address mismatch: ${challengeIpV4orV6Address.address} !== ${ipV4orV6Address.address}`;
+  if (challengeIpAddress.bigInt() - ipV4orV6Address.bigInt() !== 0n) {
+    const errorMessage = `IP address mismatch: ${challengeIpAddress.address} !== ${ipV4orV6Address.address}`;
     logger.info(() => ({
       msg: errorMessage,
       data: {
-        challengeIp: challengeIpV4orV6Address.address,
+        challengeIp: challengeIpAddress.address,
         providedIp: ipV4orV6Address.address
       }
     }));
@@ -102,9 +95,248 @@ const validateIpAddress = (ip, challengeRecordIpAddress, logger) => {
   }
   return { isValid: true };
 };
+const evaluateIpValidationRules = (comparison, rules, logger) => {
+  if (!comparison.comparison) {
+    return { action: IPValidationAction.Allow };
+  }
+  const conditions = [];
+  const rejectActions = Object.values(rules.actions).filter(
+    (action) => action === IPValidationAction.Reject
+  );
+  const ip1Country = comparison.comparison.ip1Details?.country;
+  const ip2Country = comparison.comparison.ip2Details?.country;
+  const ip1CountryCode = comparison.comparison.ip1Details?.countryCode;
+  const ip2CountryCode = comparison.comparison.ip2Details?.countryCode;
+  let effectiveRules = rules;
+  let countryOverride = void 0;
+  if (ip1CountryCode && rules.countryOverrides?.[ip1CountryCode]) {
+    countryOverride = rules.countryOverrides[ip1CountryCode];
+  }
+  if (ip2CountryCode && rules.countryOverrides?.[ip2CountryCode]) {
+    countryOverride = rules.countryOverrides[ip2CountryCode];
+  }
+  if (countryOverride) {
+    effectiveRules = {
+      ...rules,
+      actions: {
+        ...rules.actions,
+        ...countryOverride.actions
+      },
+      distanceThresholdKm: countryOverride.distanceThresholdKm ?? rules.distanceThresholdKm,
+      abuseScoreThreshold: countryOverride.abuseScoreThreshold ?? rules.abuseScoreThreshold,
+      requireAllConditions: countryOverride.requireAllConditions ?? rules.requireAllConditions
+    };
+  }
+  if (ip1Country !== ip2Country) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.countryChangeAction,
+      message: `Country changed from ${ip1Country} to ${ip2Country}`
+    });
+  }
+  const ip1City = comparison.comparison.ip1Details?.city;
+  const ip2City = comparison.comparison.ip2Details?.city;
+  if (ip1City !== ip2City) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.cityChangeAction,
+      message: `City changed from ${ip1City} to ${ip2City}`
+    });
+  }
+  if (comparison.comparison.differentProviders) {
+    const ip1Provider = comparison.comparison.ip1Details?.provider;
+    const ip2Provider = comparison.comparison.ip2Details?.provider;
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.ispChangeAction,
+      message: `ISP changed from ${ip1Provider} to ${ip2Provider}`
+    });
+  }
+  const distanceKm = comparison.comparison.distanceKm;
+  if (distanceKm !== void 0 && distanceKm > effectiveRules.distanceThresholdKm) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.distanceExceedAction,
+      message: `IP addresses are ${distanceKm.toFixed(2)}km apart (>${effectiveRules.distanceThresholdKm}km limit)`
+    });
+  }
+  console.log(JSON.stringify(effectiveRules, null, 2));
+  const ip2AbuseScore = comparison.comparison.ip2Details?.abuserScore;
+  if (ip2AbuseScore !== void 0 && ip2AbuseScore > effectiveRules.abuseScoreThreshold) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.abuseScoreExceedAction,
+      message: `Abuse score ${ip2AbuseScore.toFixed(4)} exceeds threshold ${effectiveRules.abuseScoreThreshold}`
+    });
+  }
+  const ip1AbuseScore = comparison.comparison.ip1Details?.abuserScore;
+  if (ip1AbuseScore !== void 0 && ip1AbuseScore > effectiveRules.abuseScoreThreshold) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.abuseScoreExceedAction,
+      message: `Abuse score ${ip1AbuseScore.toFixed(4)} exceeds threshold ${effectiveRules.abuseScoreThreshold}`
+    });
+  }
+  if (conditions.length === 0) {
+    return { action: IPValidationAction.Allow };
+  }
+  const errorMessages = [];
+  let finalAction = IPValidationAction.Allow;
+  let shouldFlag = false;
+  if (effectiveRules.requireAllConditions) {
+    const rejectConditions = conditions.filter(
+      (c) => c.action === IPValidationAction.Reject
+    );
+    if (rejectConditions.length > 0 && rejectConditions.length >= rejectActions.length) {
+      finalAction = IPValidationAction.Reject;
+    }
+    for (const condition of conditions) {
+      if (condition.action === IPValidationAction.Reject || condition.action === IPValidationAction.Flag) {
+        errorMessages.push(condition.message);
+      }
+    }
+  } else {
+    for (const condition of conditions) {
+      if (condition.action === IPValidationAction.Reject) {
+        finalAction = IPValidationAction.Reject;
+        errorMessages.push(condition.message);
+        break;
+      }
+      if (condition.action === IPValidationAction.Flag) {
+        finalAction = IPValidationAction.Flag;
+        shouldFlag = true;
+      }
+      errorMessages.push(condition.message);
+    }
+  }
+  logger.info(() => ({
+    msg: `IP validation rules evaluated: ${finalAction}`,
+    data: {
+      conditions,
+      finalAction,
+      requireAllConditions: effectiveRules.requireAllConditions
+    }
+  }));
+  return {
+    action: finalAction,
+    errorMessage: errorMessages.length > 0 ? errorMessages.join("; ") : void 0,
+    shouldFlag
+  };
+};
+const deepValidateIpAddress = async (ip, challengeIpAddress, logger, apiKey, apiUrl, ipValidationRules) => {
+  const standardValidation = validateIpAddress(ip, challengeIpAddress, logger);
+  if (!standardValidation.isValid) {
+    if (standardValidation.errorMessage?.includes("Invalid IP address")) {
+      return standardValidation;
+    }
+  } else {
+    return { isValid: true };
+  }
+  try {
+    const challengeIpString = challengeIpAddress.address;
+    const comparison = await compareIPs(challengeIpString, ip, apiKey, apiUrl);
+    if ("error" in comparison) {
+      logger.error(() => ({
+        msg: "Failed to get IP distance comparison",
+        data: {
+          error: comparison.error,
+          challengeIp: challengeIpString,
+          providedIp: ip
+        }
+      }));
+      return {
+        isValid: false,
+        errorMessage: "Could not determine IP distance"
+      };
+    }
+    if (comparison.ipsMatch) {
+      return { isValid: true };
+    }
+    const distanceKm = comparison.comparison?.distanceKm;
+    if (!ipValidationRules) {
+      logger.info(() => ({
+        msg: "No IP validation rules provided, using legacy logic",
+        data: {
+          challengeIp: challengeIpString,
+          providedIp: ip,
+          distanceKm
+        }
+      }));
+      if (distanceKm !== void 0 && distanceKm > 1e3) {
+        const errorMessage = `IP addresses are too far apart: ${distanceKm.toFixed(2)}km (>1000km limit)`;
+        logger.info(() => ({
+          msg: "IP validation failed - distance too great",
+          data: {
+            challengeIp: challengeIpString,
+            providedIp: ip,
+            distanceKm,
+            comparison: comparison.comparison
+          }
+        }));
+        return {
+          isValid: false,
+          errorMessage,
+          distanceKm
+        };
+      }
+      logger.info(() => ({
+        msg: "IP addresses differ but within acceptable distance",
+        data: {
+          challengeIp: challengeIpString,
+          providedIp: ip,
+          distanceKm,
+          comparison: comparison.comparison
+        }
+      }));
+      return {
+        isValid: true,
+        distanceKm,
+        shouldFlag: true
+      };
+    }
+    const ruleEvaluation = evaluateIpValidationRules(
+      comparison,
+      ipValidationRules,
+      logger
+    );
+    switch (ruleEvaluation.action) {
+      case IPValidationAction.Reject:
+        return {
+          isValid: false,
+          errorMessage: ruleEvaluation.errorMessage,
+          distanceKm
+        };
+      case IPValidationAction.Flag:
+        return {
+          isValid: true,
+          distanceKm,
+          shouldFlag: true,
+          errorMessage: ruleEvaluation.errorMessage
+        };
+      default:
+        return {
+          isValid: true,
+          distanceKm
+        };
+    }
+  } catch (error) {
+    logger.error(() => ({
+      msg: "Error during IP distance validation",
+      err: error,
+      data: { challengeIp: challengeIpAddress.address, providedIp: ip }
+    }));
+    return {
+      isValid: true,
+      shouldFlag: true,
+      errorMessage: "IP distance validation error"
+    };
+  }
+};
 export {
   checkIfTaskIsRunning,
+  deepValidateIpAddress,
   encodeStringAddress,
+  evaluateIpValidationRules,
   getIPAddress,
   getIPAddressFromBigInt,
   shuffleArray,

package/dist/utils/hashUserAgent.js

@@ -0,0 +1,10 @@
+import { createHash } from "node:crypto";
+function hashUserAgent(userAgent) {
+  const hash = createHash("sha256");
+  hash.update(userAgent, "utf8");
+  const hashHex = hash.digest("hex");
+  return hashHex.substring(0, 32);
+}
+export {
+  hashUserAgent
+};

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@prosopo/provider",
-	"version": "3.2.5",
+	"version": "3.12.3",
 	"author": "PROSOPO LIMITED <info@prosopo.io>",
 	"license": "Apache-2.0",
 	"type": "module",
@@ -10,41 +10,44 @@
 	},
 	"scripts": {
 		"clean": "del-cli --verbose dist tsconfig.tsbuildinfo",
-		"build": "NODE_ENV=${NODE_ENV:-production}; vite build --config vite.esm.config.ts --mode $NODE_ENV",
+		"build": "NODE_ENV=${NODE_ENV:-development}; vite build --config vite.esm.config.ts --mode $NODE_ENV",
 		"build:tsc": "tsc --build --verbose",
-		"build:cjs": "NODE_ENV=${NODE_ENV:-production}; vite build --config vite.cjs.config.ts --mode $NODE_ENV",
-		"typecheck": "tsc --build --declaration --emitDeclarationOnly --force",
-		"test": "NODE_ENV=${NODE_ENV:-test}; npx vitest run --config ./vite.test.config.ts",
+		"build:cjs": "NODE_ENV=${NODE_ENV:-development}; vite build --config vite.cjs.config.ts --mode $NODE_ENV",
+		"typecheck": "tsc --project tsconfig.types.json",
+		"test:unit": "NODE_ENV=${NODE_ENV:-test}; TEST_TYPE=unit npx vitest run --config ./vite.test.config.ts",
+		"test:integration": "NODE_ENV=${NODE_ENV:-test}; NX_PARALLEL=1 TEST_TYPE=integration npx vitest run --config ./vite.threads.test.config.ts",
+		"test": "npm run test:unit && npm run test:integration",
 		"mnemonic": "tsx ./scripts/generateMnemonic.ts"
 	},
 	"dependencies": {
 		"@noble/hashes": "1.8.0",
 		"@polkadot/util": "12.6.2",
-		"@prosopo/api-express-router": "3.0.5",
-		"@prosopo/api-route": "2.6.9",
-		"@prosopo/common": "3.1.1",
-		"@prosopo/config": "3.1.2",
-		"@prosopo/database": "3.0.12",
-		"@prosopo/datasets": "3.0.12",
-		"@prosopo/env": "3.1.3",
-		"@prosopo/keyring": "2.8.8",
-		"@prosopo/types": "3.0.5",
-		"@prosopo/types-database": "3.0.12",
-		"@prosopo/types-env": "2.7.16",
-		"@prosopo/user-access-policy": "3.3.2",
-		"@prosopo/util": "3.0.4",
-		"@prosopo/util-crypto": "13.5.3",
-		"@typegoose/auto-increment": "4.13.0",
-		"axios": "1.10.0",
+		"@prosopo/api": "3.1.24",
+		"@prosopo/api-express-router": "3.0.25",
+		"@prosopo/api-route": "2.6.28",
+		"@prosopo/common": "3.1.20",
+		"@prosopo/config": "3.1.20",
+		"@prosopo/database": "3.4.5",
+		"@prosopo/datasets": "3.0.34",
+		"@prosopo/env": "3.2.13",
+		"@prosopo/keyring": "2.8.27",
+		"@prosopo/load-balancer": "2.8.0",
+		"@prosopo/locale": "3.1.20",
+		"@prosopo/types": "3.5.3",
+		"@prosopo/types-database": "3.3.5",
+		"@prosopo/types-env": "2.7.38",
+		"@prosopo/user-access-policy": "3.5.19",
+		"@prosopo/util": "3.1.5",
+		"@prosopo/util-crypto": "13.5.22",
 		"cron": "3.1.7",
-		"esbuild": "0.25.6",
 		"express": "4.21.2",
+		"geolib": "3.3.4",
+		"i18next": "24.1.0",
 		"ip-address": "10.0.1",
-		"node-fetch": "3.3.2",
-		"openpgp": "5.11.3",
+		"mongodb": "6.15.0",
+		"mongoose": "8.13.0",
 		"read-tls-client-hello": "1.1.0",
 		"uuid": "11.1.0",
-		"webpack-dev-server": "5.2.2",
 		"zod": "3.23.8"
 	},
 	"devDependencies": {

package/vite.test.config.ts

@@ -1,5 +1,3 @@
-import fs from "node:fs";
-import path from "node:path";
 // Copyright 2021-2025 Prosopo (UK) Ltd.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,6 +11,9 @@ import path from "node:path";
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+
+import fs from "node:fs";
+import path from "node:path";
 import { ViteTestConfig } from "@prosopo/config";
 import dotenv from "dotenv";
 process.env.NODE_ENV = "test";

package/vite.threads.test.config.ts

@@ -0,0 +1,33 @@
+// Copyright 2021-2025 Prosopo (UK) Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import fs from "node:fs";
+import path from "node:path";
+import { ViteThreadsTestConfig } from "@prosopo/config";
+import dotenv from "dotenv";
+process.env.NODE_ENV = "test";
+// if .env.test exists at this level, use it, otherwise use the one at the root
+const envFile = `.env.${process.env.NODE_ENV || "development"}`;
+let envPath = envFile;
+if (fs.existsSync(envFile)) {
+	envPath = path.resolve(envFile);
+} else if (fs.existsSync(`../../${envFile}`)) {
+	envPath = path.resolve(`../../${envFile}`);
+} else {
+	throw new Error(`No ${envFile} file found`);
+}
+
+dotenv.config({ path: envPath });
+
+export default ViteThreadsTestConfig();