@prosopo/provider 3.2.5 → 3.12.3

package/dist/cjs/services/ipComparison.cjs

@@ -0,0 +1,123 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const geolib = require("geolib");
+const ipInfo = require("./ipInfo.cjs");
+async function compareIPs(ip1, ip2, apiKey, apiUrl) {
+  try {
+    if (!ip1 || !ip2 || typeof ip1 !== "string" || typeof ip2 !== "string") {
+      return {
+        error: "Invalid IP addresses provided",
+        ip1: ip1 || "undefined",
+        ip2: ip2 || "undefined"
+      };
+    }
+    if (ip1 === ip2) {
+      return {
+        ipsMatch: true,
+        ip1,
+        ip2
+      };
+    }
+    const [ip1Info, ip2Info] = await Promise.all([
+      ipInfo.getIPInfo(ip1, apiUrl, apiKey),
+      ipInfo.getIPInfo(ip2, apiUrl, apiKey)
+    ]);
+    if (!ip1Info.isValid && !ip2Info.isValid) {
+      return {
+        error: "Failed to lookup both IP addresses",
+        ip1,
+        ip2,
+        ip1Error: ip1Info.error,
+        ip2Error: ip2Info.error
+      };
+    }
+    if (!ip1Info.isValid) {
+      return {
+        error: "Failed to lookup first IP address",
+        ip1,
+        ip2,
+        ip1Error: ip1Info.error
+      };
+    }
+    if (!ip2Info.isValid) {
+      return {
+        error: "Failed to lookup second IP address",
+        ip1,
+        ip2,
+        ip2Error: ip2Info.error
+      };
+    }
+    const determineConnectionType = (ipInfo2) => {
+      if (ipInfo2.isMobile) return "mobile";
+      if (ipInfo2.isDatacenter) return "datacenter";
+      if (ipInfo2.isSatellite) return "satellite";
+      if (ipInfo2.providerType === "isp") return "residential";
+      switch (ipInfo2.providerType) {
+        case "hosting":
+          return "datacenter";
+        case "business":
+        case "education":
+        case "government":
+        case "banking":
+          return "residential";
+        default:
+          return "unknown";
+      }
+    };
+    const ip1ConnectionType = determineConnectionType(ip1Info);
+    const ip2ConnectionType = determineConnectionType(ip2Info);
+    const differentConnectionTypes = ip1ConnectionType !== ip2ConnectionType;
+    const ip1Provider = ip1Info.providerName || ip1Info.asnOrganization || "Unknown";
+    const ip2Provider = ip2Info.providerName || ip2Info.asnOrganization || "Unknown";
+    const differentProviders = ip1Provider !== ip2Provider;
+    let distanceKm;
+    if (ip1Info.latitude !== void 0 && ip1Info.longitude !== void 0 && ip2Info.latitude !== void 0 && ip2Info.longitude !== void 0) {
+      const distanceMeters = geolib.getDistance(
+        { latitude: ip1Info.latitude, longitude: ip1Info.longitude },
+        { latitude: ip2Info.latitude, longitude: ip2Info.longitude }
+      );
+      distanceKm = distanceMeters / 1e3;
+    }
+    const ip1IsVpnOrProxy = ip1Info.isVPN || ip1Info.isProxy || ip1Info.isTor;
+    const ip2IsVpnOrProxy = ip2Info.isVPN || ip2Info.isProxy || ip2Info.isTor;
+    const anyVpnOrProxy = ip1IsVpnOrProxy || ip2IsVpnOrProxy;
+    const ip1Coordinates = ip1Info.latitude !== void 0 && ip1Info.longitude !== void 0 ? { latitude: ip1Info.latitude, longitude: ip1Info.longitude } : void 0;
+    const ip2Coordinates = ip2Info.latitude !== void 0 && ip2Info.longitude !== void 0 ? { latitude: ip2Info.latitude, longitude: ip2Info.longitude } : void 0;
+    return {
+      ipsMatch: false,
+      ip1,
+      ip2,
+      comparison: {
+        differentProviders,
+        differentConnectionTypes,
+        distanceKm,
+        anyVpnOrProxy,
+        ip1Details: {
+          provider: ip1Provider,
+          connectionType: ip1ConnectionType,
+          isVpnOrProxy: ip1IsVpnOrProxy,
+          country: ip1Info.country,
+          countryCode: ip1Info.countryCode,
+          city: ip1Info.city,
+          coordinates: ip1Coordinates
+        },
+        ip2Details: {
+          provider: ip2Provider,
+          connectionType: ip2ConnectionType,
+          isVpnOrProxy: ip2IsVpnOrProxy,
+          country: ip2Info.country,
+          countryCode: ip2Info.countryCode,
+          city: ip2Info.city,
+          coordinates: ip2Coordinates
+        }
+      }
+    };
+  } catch (error) {
+    return {
+      error: `Comparison failed: ${error instanceof Error ? error.message : String(error)}`,
+      ip1,
+      ip2
+    };
+  }
+}
+exports.compareIPs = compareIPs;

package/dist/cjs/services/ipInfo.cjs

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+async function getIPInfo(ip, apiUrl, apiKey, includeRawResponse = false) {
+  try {
+    if (!ip || typeof ip !== "string") {
+      return {
+        isValid: false,
+        error: "Invalid IP address provided",
+        ip: ip || "undefined"
+      };
+    }
+    const url = apiUrl;
+    const body = { q: ip };
+    if (apiKey) {
+      body.key = apiKey;
+    }
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json"
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      return {
+        isValid: false,
+        error: `API request failed with status ${response.status}: ${response.statusText}`,
+        ip
+      };
+    }
+    const data = await response.json();
+    if (data.is_bogon) {
+      return {
+        isValid: false,
+        error: "IP address is bogon (non-routable)",
+        ip
+      };
+    }
+    const result = {
+      ip: data.ip,
+      isValid: true,
+      // Threat indicators
+      isVPN: data.is_vpn,
+      isTor: data.is_tor,
+      isProxy: data.is_proxy,
+      isDatacenter: data.is_datacenter,
+      isAbuser: data.is_abuser,
+      isMobile: data.is_mobile,
+      isSatellite: data.is_satellite,
+      // Provider information
+      providerName: data.company?.name || data.datacenter?.datacenter,
+      providerType: data.company?.type || data.asn?.type,
+      asnNumber: data.asn?.asn,
+      asnOrganization: data.asn?.org,
+      // Geolocation
+      country: data.location?.country,
+      countryCode: data.location?.country_code,
+      region: data.location?.state,
+      city: data.location?.city,
+      latitude: data.location?.latitude,
+      longitude: data.location?.longitude,
+      timezone: data.location?.timezone,
+      // VPN specific details
+      vpnService: data.vpn?.service,
+      vpnType: data.vpn?.type,
+      // Risk scoring
+      abuserScore: Number.parseFloat(
+        data.asn?.abuser_score.split(" ")[0] || "0"
+      ),
+      companyAbuserScore: Number.parseFloat(
+        data.company?.abuser_score.split(" ")[0] || "0"
+      )
+    };
+    if (includeRawResponse) {
+      result.rawResponse = data;
+    }
+    return result;
+  } catch (error) {
+    return {
+      isValid: false,
+      error: `Network or parsing error: ${error instanceof Error ? error.message : String(error)}`,
+      ip
+    };
+  }
+}
+exports.getIPInfo = getIPInfo;

package/dist/cjs/tasks/captchaManager.cjs

@@ -15,7 +15,20 @@ class CaptchaManager {
     );
     return tokenRecord ? tokenRecord._id : void 0;
   }
-  async isValidRequest(clientSettings, requestedCaptchaType, sessionId, userAccessPolicy) {
+  async validateFrictionlessTokenIP(sessionRecord, currentIP, env) {
+    const tokenRecord = await this.db.getFrictionlessTokenRecordByTokenId(
+      sessionRecord.tokenId
+    );
+    if (!tokenRecord) {
+      this.logger.info(() => ({
+        msg: "No frictionless token found for session",
+        data: { sessionId: sessionRecord.sessionId }
+      }));
+      return { valid: false, reason: "CAPTCHA.NO_SESSION_FOUND" };
+    }
+    return { valid: true };
+  }
+  async isValidRequest(clientSettings, requestedCaptchaType, env, sessionId, userAccessPolicy, currentIP) {
     this.logger.debug(() => ({
       msg: "Validating request",
       data: {
@@ -54,11 +67,45 @@ class CaptchaManager {
             type: requestedCaptchaType
           };
         }
+        if (currentIP) {
+          const ipValidation = await this.validateFrictionlessTokenIP(
+            sessionRecord,
+            currentIP,
+            env
+          );
+          if (!ipValidation.valid) {
+            return {
+              valid: false,
+              reason: ipValidation.reason,
+              type: requestedCaptchaType
+            };
+          }
+        }
         const frictionlessTokenId = await this.getFrictionlessTokenIdFromSession(sessionRecord);
+        if (sessionRecord.captchaType !== requestedCaptchaType) {
+          this.logger.warn(() => ({
+            msg: "Invalid frictionless request",
+            data: {
+              account: clientSettings.account,
+              sessionId
+            }
+          }));
+          return {
+            valid: false,
+            reason: "CAPTCHA.NO_SESSION_FOUND",
+            type: requestedCaptchaType
+          };
+        }
         return {
           valid: true,
           frictionlessTokenId,
-          type: requestedCaptchaType
+          type: requestedCaptchaType,
+          ...sessionRecord.powDifficulty && {
+            powDifficulty: sessionRecord.powDifficulty
+          },
+          ...sessionRecord.solvedImagesCount && {
+            solvedImagesCount: sessionRecord.solvedImagesCount
+          }
         };
       }
       this.logger.warn(() => ({

package/dist/cjs/tasks/client/clientTasks.cjs

@@ -126,11 +126,10 @@ class ClientTaskManager {
                 threshold: 0
               };
             }
+            const { _id, token, ...tokenRecordWithoutId } = tokenRecord;
             return {
               ...record,
-              score: tokenRecord?.score || 0,
-              scoreComponents: tokenRecord?.scoreComponents,
-              threshold: tokenRecord?.threshold || 0
+              ...tokenRecordWithoutId
             };
           });
           if (filteredBatch.length > 0) {
@@ -138,6 +137,9 @@ class ClientTaskManager {
             await this.providerDB.markSessionRecordsStored(
               filteredBatch.map((record) => record.sessionId)
             );
+            await this.providerDB.markFrictionlessTokenRecordsStored(
+              filteredBatch.map((record) => record.tokenId).filter((id) => !!id)
+            );
           }
           processedSessionRecords += filteredBatch.length;
         }
@@ -248,25 +250,44 @@ class ClientTaskManager {
     const activeDetectorKeys = await this.providerDB.getDetectorKeys();
     return activeDetectorKeys;
   }
-  async removeDetectorKey(detectorKey) {
+  async removeDetectorKey(detectorKey, expirationInSeconds) {
     if (!isValidPrivateKey(detectorKey)) {
       throw new common.ProsopoApiError("INVALID_DETECTOR_KEY", {
         context: { detectorKey },
         logger: this.logger
       });
     }
-    await this.providerDB.removeDetectorKey(detectorKey);
+    await this.providerDB.removeDetectorKey(detectorKey, expirationInSeconds);
   }
-  isSubdomainOrExactMatch(referrer, clientDomain) {
+  /**
+   * Matches a request referrer against an allowed domain pattern.
+   * Supports global '*', subdomain '*.example.com', glob '*example*',
+   * plain domains (exact or subdomain), and 'localhost'.
+   */
+  domainPatternMatcher(referrer, clientDomain) {
     if (!referrer || !clientDomain) return false;
-    if (clientDomain === "*") return true;
     try {
-      const referrerDomain = util.parseUrl(referrer).hostname.replace(/\.$/, "");
-      const allowedDomain = util.parseUrl(clientDomain).hostname.replace(/\.$/, "");
-      return referrerDomain === allowedDomain || referrerDomain.endsWith(`.${allowedDomain}`);
-    } catch {
+      const referrerHost = util.parseUrl(referrer).hostname.replace(/\.$/, "");
+      const pattern = clientDomain.trim().toLowerCase();
+      if (pattern === "*") return true;
+      if (pattern === "localhost") {
+        return referrerHost === "localhost" || referrerHost.startsWith("localhost:");
+      }
+      if (pattern.startsWith("*.")) {
+        const suffix = pattern.slice(2);
+        const allowed = util.parseUrl(suffix).hostname.replace(/\.$/, "");
+        return referrerHost.endsWith(`.${allowed}`) || referrerHost === allowed;
+      }
+      if (pattern.includes("*")) {
+        const escaped = pattern.replace(/[.+?^${}()|\[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+        const regex = new RegExp(`^${escaped}$`, "i");
+        return regex.test(referrerHost);
+      }
+      const allowedHost = util.parseUrl(pattern).hostname.replace(/\.$/, "");
+      return referrerHost === allowedHost || referrerHost.endsWith(`.${allowedHost}`);
+    } catch (e) {
       this.logger.error(() => ({
-        msg: "Error in isSubdomainOrExactMatch",
+        msg: "Error in domainPatternMatcher",
         data: { referrer, clientDomain }
       }));
       return false;