@prosopo/provider 3.3.0 → 3.12.3

package/dist/cjs/util.cjs

@@ -7,6 +7,7 @@ const types = require("@prosopo/types");
 const util = require("@prosopo/util");
 const utilCrypto = require("@prosopo/util-crypto");
 const ipAddress = require("ip-address");
+const ipComparison = require("./services/ipComparison.cjs");
 function encodeStringAddress(address) {
   try {
     return utilCrypto.encodeAddress(
@@ -63,7 +64,7 @@ const getIPAddressFromBigInt = (ipAddressBigInt) => {
     throw new common.ProsopoEnvError("API.INVALID_IP");
   }
 };
-const validateIpAddress = (ip, challengeRecordIpAddress, logger) => {
+const validateIpAddress = (ip, challengeIpAddress, logger) => {
   if (!ip) {
     return { isValid: true };
   }
@@ -76,27 +77,19 @@ const validateIpAddress = (ip, challengeRecordIpAddress, logger) => {
     logger.info(() => ({ msg: errorMessage }));
     return { isValid: false, errorMessage };
   }
-  let challengeIpV4orV6Address = getIPAddressFromBigInt(
-    challengeRecordIpAddress
-  );
   ipV4orV6Address = "address4" in ipV4orV6Address && ipV4orV6Address.address4 ? ipV4orV6Address.address4 : ipV4orV6Address;
-  challengeIpV4orV6Address = "address4" in challengeIpV4orV6Address && challengeIpV4orV6Address.address4 ? challengeIpV4orV6Address.address4 : challengeIpV4orV6Address;
-  if (ipV4orV6Address.v4 && !challengeIpV4orV6Address.v4) {
-    challengeIpV4orV6Address = new ipAddress.Address4(
-      challengeIpV4orV6Address.to4().correctForm()
-    );
-  }
-  if (!ipV4orV6Address.v4 && challengeIpV4orV6Address.v4) {
-    ipV4orV6Address = new ipAddress.Address6(
-      ipV4orV6Address.to4().correctForm()
+  challengeIpAddress = "address4" in challengeIpAddress && challengeIpAddress.address4 ? challengeIpAddress.address4 : challengeIpAddress;
+  if (ipV4orV6Address.v4 && !challengeIpAddress.v4) {
+    challengeIpAddress = new ipAddress.Address4(
+      challengeIpAddress.to4().correctForm()
     );
   }
-  if (challengeIpV4orV6Address.bigInt() - ipV4orV6Address.bigInt() !== 0n) {
-    const errorMessage = `IP address mismatch: ${challengeIpV4orV6Address.address} !== ${ipV4orV6Address.address}`;
+  if (challengeIpAddress.bigInt() - ipV4orV6Address.bigInt() !== 0n) {
+    const errorMessage = `IP address mismatch: ${challengeIpAddress.address} !== ${ipV4orV6Address.address}`;
     logger.info(() => ({
       msg: errorMessage,
       data: {
-        challengeIp: challengeIpV4orV6Address.address,
+        challengeIp: challengeIpAddress.address,
         providedIp: ipV4orV6Address.address
       }
     }));
@@ -104,8 +97,247 @@ const validateIpAddress = (ip, challengeRecordIpAddress, logger) => {
   }
   return { isValid: true };
 };
+const evaluateIpValidationRules = (comparison, rules, logger) => {
+  if (!comparison.comparison) {
+    return { action: types.IPValidationAction.Allow };
+  }
+  const conditions = [];
+  const rejectActions = Object.values(rules.actions).filter(
+    (action) => action === types.IPValidationAction.Reject
+  );
+  const ip1Country = comparison.comparison.ip1Details?.country;
+  const ip2Country = comparison.comparison.ip2Details?.country;
+  const ip1CountryCode = comparison.comparison.ip1Details?.countryCode;
+  const ip2CountryCode = comparison.comparison.ip2Details?.countryCode;
+  let effectiveRules = rules;
+  let countryOverride = void 0;
+  if (ip1CountryCode && rules.countryOverrides?.[ip1CountryCode]) {
+    countryOverride = rules.countryOverrides[ip1CountryCode];
+  }
+  if (ip2CountryCode && rules.countryOverrides?.[ip2CountryCode]) {
+    countryOverride = rules.countryOverrides[ip2CountryCode];
+  }
+  if (countryOverride) {
+    effectiveRules = {
+      ...rules,
+      actions: {
+        ...rules.actions,
+        ...countryOverride.actions
+      },
+      distanceThresholdKm: countryOverride.distanceThresholdKm ?? rules.distanceThresholdKm,
+      abuseScoreThreshold: countryOverride.abuseScoreThreshold ?? rules.abuseScoreThreshold,
+      requireAllConditions: countryOverride.requireAllConditions ?? rules.requireAllConditions
+    };
+  }
+  if (ip1Country !== ip2Country) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.countryChangeAction,
+      message: `Country changed from ${ip1Country} to ${ip2Country}`
+    });
+  }
+  const ip1City = comparison.comparison.ip1Details?.city;
+  const ip2City = comparison.comparison.ip2Details?.city;
+  if (ip1City !== ip2City) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.cityChangeAction,
+      message: `City changed from ${ip1City} to ${ip2City}`
+    });
+  }
+  if (comparison.comparison.differentProviders) {
+    const ip1Provider = comparison.comparison.ip1Details?.provider;
+    const ip2Provider = comparison.comparison.ip2Details?.provider;
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.ispChangeAction,
+      message: `ISP changed from ${ip1Provider} to ${ip2Provider}`
+    });
+  }
+  const distanceKm = comparison.comparison.distanceKm;
+  if (distanceKm !== void 0 && distanceKm > effectiveRules.distanceThresholdKm) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.distanceExceedAction,
+      message: `IP addresses are ${distanceKm.toFixed(2)}km apart (>${effectiveRules.distanceThresholdKm}km limit)`
+    });
+  }
+  console.log(JSON.stringify(effectiveRules, null, 2));
+  const ip2AbuseScore = comparison.comparison.ip2Details?.abuserScore;
+  if (ip2AbuseScore !== void 0 && ip2AbuseScore > effectiveRules.abuseScoreThreshold) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.abuseScoreExceedAction,
+      message: `Abuse score ${ip2AbuseScore.toFixed(4)} exceeds threshold ${effectiveRules.abuseScoreThreshold}`
+    });
+  }
+  const ip1AbuseScore = comparison.comparison.ip1Details?.abuserScore;
+  if (ip1AbuseScore !== void 0 && ip1AbuseScore > effectiveRules.abuseScoreThreshold) {
+    conditions.push({
+      met: true,
+      action: effectiveRules.actions.abuseScoreExceedAction,
+      message: `Abuse score ${ip1AbuseScore.toFixed(4)} exceeds threshold ${effectiveRules.abuseScoreThreshold}`
+    });
+  }
+  if (conditions.length === 0) {
+    return { action: types.IPValidationAction.Allow };
+  }
+  const errorMessages = [];
+  let finalAction = types.IPValidationAction.Allow;
+  let shouldFlag = false;
+  if (effectiveRules.requireAllConditions) {
+    const rejectConditions = conditions.filter(
+      (c) => c.action === types.IPValidationAction.Reject
+    );
+    if (rejectConditions.length > 0 && rejectConditions.length >= rejectActions.length) {
+      finalAction = types.IPValidationAction.Reject;
+    }
+    for (const condition of conditions) {
+      if (condition.action === types.IPValidationAction.Reject || condition.action === types.IPValidationAction.Flag) {
+        errorMessages.push(condition.message);
+      }
+    }
+  } else {
+    for (const condition of conditions) {
+      if (condition.action === types.IPValidationAction.Reject) {
+        finalAction = types.IPValidationAction.Reject;
+        errorMessages.push(condition.message);
+        break;
+      }
+      if (condition.action === types.IPValidationAction.Flag) {
+        finalAction = types.IPValidationAction.Flag;
+        shouldFlag = true;
+      }
+      errorMessages.push(condition.message);
+    }
+  }
+  logger.info(() => ({
+    msg: `IP validation rules evaluated: ${finalAction}`,
+    data: {
+      conditions,
+      finalAction,
+      requireAllConditions: effectiveRules.requireAllConditions
+    }
+  }));
+  return {
+    action: finalAction,
+    errorMessage: errorMessages.length > 0 ? errorMessages.join("; ") : void 0,
+    shouldFlag
+  };
+};
+const deepValidateIpAddress = async (ip, challengeIpAddress, logger, apiKey, apiUrl, ipValidationRules) => {
+  const standardValidation = validateIpAddress(ip, challengeIpAddress, logger);
+  if (!standardValidation.isValid) {
+    if (standardValidation.errorMessage?.includes("Invalid IP address")) {
+      return standardValidation;
+    }
+  } else {
+    return { isValid: true };
+  }
+  try {
+    const challengeIpString = challengeIpAddress.address;
+    const comparison = await ipComparison.compareIPs(challengeIpString, ip, apiKey, apiUrl);
+    if ("error" in comparison) {
+      logger.error(() => ({
+        msg: "Failed to get IP distance comparison",
+        data: {
+          error: comparison.error,
+          challengeIp: challengeIpString,
+          providedIp: ip
+        }
+      }));
+      return {
+        isValid: false,
+        errorMessage: "Could not determine IP distance"
+      };
+    }
+    if (comparison.ipsMatch) {
+      return { isValid: true };
+    }
+    const distanceKm = comparison.comparison?.distanceKm;
+    if (!ipValidationRules) {
+      logger.info(() => ({
+        msg: "No IP validation rules provided, using legacy logic",
+        data: {
+          challengeIp: challengeIpString,
+          providedIp: ip,
+          distanceKm
+        }
+      }));
+      if (distanceKm !== void 0 && distanceKm > 1e3) {
+        const errorMessage = `IP addresses are too far apart: ${distanceKm.toFixed(2)}km (>1000km limit)`;
+        logger.info(() => ({
+          msg: "IP validation failed - distance too great",
+          data: {
+            challengeIp: challengeIpString,
+            providedIp: ip,
+            distanceKm,
+            comparison: comparison.comparison
+          }
+        }));
+        return {
+          isValid: false,
+          errorMessage,
+          distanceKm
+        };
+      }
+      logger.info(() => ({
+        msg: "IP addresses differ but within acceptable distance",
+        data: {
+          challengeIp: challengeIpString,
+          providedIp: ip,
+          distanceKm,
+          comparison: comparison.comparison
+        }
+      }));
+      return {
+        isValid: true,
+        distanceKm,
+        shouldFlag: true
+      };
+    }
+    const ruleEvaluation = evaluateIpValidationRules(
+      comparison,
+      ipValidationRules,
+      logger
+    );
+    switch (ruleEvaluation.action) {
+      case types.IPValidationAction.Reject:
+        return {
+          isValid: false,
+          errorMessage: ruleEvaluation.errorMessage,
+          distanceKm
+        };
+      case types.IPValidationAction.Flag:
+        return {
+          isValid: true,
+          distanceKm,
+          shouldFlag: true,
+          errorMessage: ruleEvaluation.errorMessage
+        };
+      default:
+        return {
+          isValid: true,
+          distanceKm
+        };
+    }
+  } catch (error) {
+    logger.error(() => ({
+      msg: "Error during IP distance validation",
+      err: error,
+      data: { challengeIp: challengeIpAddress.address, providedIp: ip }
+    }));
+    return {
+      isValid: true,
+      shouldFlag: true,
+      errorMessage: "IP distance validation error"
+    };
+  }
+};
 exports.checkIfTaskIsRunning = checkIfTaskIsRunning;
+exports.deepValidateIpAddress = deepValidateIpAddress;
 exports.encodeStringAddress = encodeStringAddress;
+exports.evaluateIpValidationRules = evaluateIpValidationRules;
 exports.getIPAddress = getIPAddress;
 exports.getIPAddressFromBigInt = getIPAddressFromBigInt;
 exports.shuffleArray = shuffleArray;

package/dist/cjs/utils/hashUserAgent.cjs

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const node_crypto = require("node:crypto");
+function hashUserAgent(userAgent) {
+  const hash = node_crypto.createHash("sha256");
+  hash.update(userAgent, "utf8");
+  const hashHex = hash.digest("hex");
+  return hashHex.substring(0, 32);
+}
+exports.hashUserAgent = hashUserAgent;

package/dist/compositeIpAddress.js

@@ -0,0 +1,53 @@
+import { IpAddressType } from "@prosopo/types-database";
+import { getIPAddress } from "@prosopo/util";
+import { Address4, Address6 } from "ip-address";
+const V6_SHIFT = 64n;
+const v6_LOWER_MASK = (1n << V6_SHIFT) - 1n;
+const getCompositeIpAddress = (ip) => {
+  let ipAddress;
+  try {
+    ipAddress = "string" === typeof ip ? getIPAddress(ip) : ip;
+  } catch (e) {
+    return {
+      lower: 0n,
+      type: IpAddressType.v4
+    };
+  }
+  return getCompositeFromIpAddress(ipAddress);
+};
+const getCompositeFromIpAddress = (ipAddress) => {
+  const numericIp = ipAddress.bigInt();
+  if (ipAddress instanceof Address4) {
+    return {
+      lower: numericIp,
+      type: IpAddressType.v4
+    };
+  }
+  ipAddress;
+  return {
+    lower: numericIp & v6_LOWER_MASK,
+    upper: numericIp >> V6_SHIFT,
+    type: IpAddressType.v6
+  };
+};
+const getIpAddressFromComposite = (compositeIpAddress) => {
+  switch (compositeIpAddress.type) {
+    case IpAddressType.v4:
+      return Address4.fromBigInt(getBigInt(compositeIpAddress.lower));
+    case IpAddressType.v6:
+      return Address6.fromBigInt(
+        getBigInt(compositeIpAddress.upper) << V6_SHIFT | getBigInt(compositeIpAddress.lower) & v6_LOWER_MASK
+      );
+    default:
+      never();
+      return Address4.fromBigInt(0n);
+  }
+};
+const getBigInt = (number) => BigInt(number || 0n);
+const never = () => {
+  throw new Error("Unhandled type");
+};
+export {
+  getCompositeIpAddress,
+  getIpAddressFromComposite
+};

package/dist/index.js

@@ -1,5 +1,5 @@
 import "./tasks/index.js";
-import { checkIfTaskIsRunning, encodeStringAddress, getIPAddress, getIPAddressFromBigInt, shuffleArray, validateIpAddress } from "./util.js";
+import { checkIfTaskIsRunning, deepValidateIpAddress, encodeStringAddress, evaluateIpValidationRules, getIPAddress, getIPAddressFromBigInt, shuffleArray, validateIpAddress } from "./util.js";
 import { blockMiddleware } from "./api/block.js";
 import { prosopoRouter } from "./api/captcha.js";
 import { prosopoVerifyRouter } from "./api/verify.js";
@@ -12,18 +12,25 @@ import { headerCheckMiddleware } from "./api/headerCheckMiddleware.js";
 import { createApiAdminRoutesProvider } from "./api/admin/createApiAdminRoutesProvider.js";
 import { ignoreMiddleware } from "./api/ignoreMiddleware.js";
 import { robotsMiddleware } from "./api/robotsMiddleware.js";
+import { getCompositeIpAddress, getIpAddressFromComposite } from "./compositeIpAddress.js";
+import { compareIPs } from "./services/ipComparison.js";
 import { Tasks } from "./tasks/tasks.js";
 export {
   DEFAULT_JA4,
   Tasks,
   blockMiddleware,
   checkIfTaskIsRunning,
+  compareIPs,
   createApiAdminRoutesProvider,
+  deepValidateIpAddress,
   domainMiddleware,
   encodeStringAddress,
+  evaluateIpValidationRules,
   getClientList,
+  getCompositeIpAddress,
   getIPAddress,
   getIPAddressFromBigInt,
+  getIpAddressFromComposite,
   getJA4,
   headerCheckMiddleware,
   ignoreMiddleware,

package/dist/pairs.js

@@ -0,0 +1,27 @@
+import { at } from "@prosopo/util";
+const constructPairList = (list) => {
+  if (list.length % 2 !== 0) {
+    throw new Error("Invalid pairs length");
+  }
+  const pairList = [];
+  for (let i = 0; i < list.length; i += 2) {
+    pairList.push([at(list, i), at(list, i + 1)]);
+  }
+  return pairList;
+};
+const containsIdenticalPairs = (pairsLists) => {
+  const set = /* @__PURE__ */ new Set();
+  for (const pairList of pairsLists) {
+    for (const pair of pairList) {
+      const x = at(pair, 0);
+      const y = at(pair, 1);
+      const coordString = `${x},${y}`;
+      set.add(coordString);
+    }
+  }
+  return set.size !== pairsLists.flat().flat().length / 2;
+};
+export {
+  constructPairList,
+  containsIdenticalPairs
+};

package/dist/services/ipComparison.js

@@ -0,0 +1,123 @@
+import { getDistance } from "geolib";
+import { getIPInfo } from "./ipInfo.js";
+async function compareIPs(ip1, ip2, apiKey, apiUrl) {
+  try {
+    if (!ip1 || !ip2 || typeof ip1 !== "string" || typeof ip2 !== "string") {
+      return {
+        error: "Invalid IP addresses provided",
+        ip1: ip1 || "undefined",
+        ip2: ip2 || "undefined"
+      };
+    }
+    if (ip1 === ip2) {
+      return {
+        ipsMatch: true,
+        ip1,
+        ip2
+      };
+    }
+    const [ip1Info, ip2Info] = await Promise.all([
+      getIPInfo(ip1, apiUrl, apiKey),
+      getIPInfo(ip2, apiUrl, apiKey)
+    ]);
+    if (!ip1Info.isValid && !ip2Info.isValid) {
+      return {
+        error: "Failed to lookup both IP addresses",
+        ip1,
+        ip2,
+        ip1Error: ip1Info.error,
+        ip2Error: ip2Info.error
+      };
+    }
+    if (!ip1Info.isValid) {
+      return {
+        error: "Failed to lookup first IP address",
+        ip1,
+        ip2,
+        ip1Error: ip1Info.error
+      };
+    }
+    if (!ip2Info.isValid) {
+      return {
+        error: "Failed to lookup second IP address",
+        ip1,
+        ip2,
+        ip2Error: ip2Info.error
+      };
+    }
+    const determineConnectionType = (ipInfo) => {
+      if (ipInfo.isMobile) return "mobile";
+      if (ipInfo.isDatacenter) return "datacenter";
+      if (ipInfo.isSatellite) return "satellite";
+      if (ipInfo.providerType === "isp") return "residential";
+      switch (ipInfo.providerType) {
+        case "hosting":
+          return "datacenter";
+        case "business":
+        case "education":
+        case "government":
+        case "banking":
+          return "residential";
+        default:
+          return "unknown";
+      }
+    };
+    const ip1ConnectionType = determineConnectionType(ip1Info);
+    const ip2ConnectionType = determineConnectionType(ip2Info);
+    const differentConnectionTypes = ip1ConnectionType !== ip2ConnectionType;
+    const ip1Provider = ip1Info.providerName || ip1Info.asnOrganization || "Unknown";
+    const ip2Provider = ip2Info.providerName || ip2Info.asnOrganization || "Unknown";
+    const differentProviders = ip1Provider !== ip2Provider;
+    let distanceKm;
+    if (ip1Info.latitude !== void 0 && ip1Info.longitude !== void 0 && ip2Info.latitude !== void 0 && ip2Info.longitude !== void 0) {
+      const distanceMeters = getDistance(
+        { latitude: ip1Info.latitude, longitude: ip1Info.longitude },
+        { latitude: ip2Info.latitude, longitude: ip2Info.longitude }
+      );
+      distanceKm = distanceMeters / 1e3;
+    }
+    const ip1IsVpnOrProxy = ip1Info.isVPN || ip1Info.isProxy || ip1Info.isTor;
+    const ip2IsVpnOrProxy = ip2Info.isVPN || ip2Info.isProxy || ip2Info.isTor;
+    const anyVpnOrProxy = ip1IsVpnOrProxy || ip2IsVpnOrProxy;
+    const ip1Coordinates = ip1Info.latitude !== void 0 && ip1Info.longitude !== void 0 ? { latitude: ip1Info.latitude, longitude: ip1Info.longitude } : void 0;
+    const ip2Coordinates = ip2Info.latitude !== void 0 && ip2Info.longitude !== void 0 ? { latitude: ip2Info.latitude, longitude: ip2Info.longitude } : void 0;
+    return {
+      ipsMatch: false,
+      ip1,
+      ip2,
+      comparison: {
+        differentProviders,
+        differentConnectionTypes,
+        distanceKm,
+        anyVpnOrProxy,
+        ip1Details: {
+          provider: ip1Provider,
+          connectionType: ip1ConnectionType,
+          isVpnOrProxy: ip1IsVpnOrProxy,
+          country: ip1Info.country,
+          countryCode: ip1Info.countryCode,
+          city: ip1Info.city,
+          coordinates: ip1Coordinates
+        },
+        ip2Details: {
+          provider: ip2Provider,
+          connectionType: ip2ConnectionType,
+          isVpnOrProxy: ip2IsVpnOrProxy,
+          country: ip2Info.country,
+          countryCode: ip2Info.countryCode,
+          city: ip2Info.city,
+          coordinates: ip2Coordinates
+        }
+      }
+    };
+  } catch (error) {
+    return {
+      error: `Comparison failed: ${error instanceof Error ? error.message : String(error)}`,
+      ip1,
+      ip2
+    };
+  }
+}
+export {
+  compareIPs
+};

package/dist/services/ipInfo.js

@@ -0,0 +1,87 @@
+async function getIPInfo(ip, apiUrl, apiKey, includeRawResponse = false) {
+  try {
+    if (!ip || typeof ip !== "string") {
+      return {
+        isValid: false,
+        error: "Invalid IP address provided",
+        ip: ip || "undefined"
+      };
+    }
+    const url = apiUrl;
+    const body = { q: ip };
+    if (apiKey) {
+      body.key = apiKey;
+    }
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json"
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      return {
+        isValid: false,
+        error: `API request failed with status ${response.status}: ${response.statusText}`,
+        ip
+      };
+    }
+    const data = await response.json();
+    if (data.is_bogon) {
+      return {
+        isValid: false,
+        error: "IP address is bogon (non-routable)",
+        ip
+      };
+    }
+    const result = {
+      ip: data.ip,
+      isValid: true,
+      // Threat indicators
+      isVPN: data.is_vpn,
+      isTor: data.is_tor,
+      isProxy: data.is_proxy,
+      isDatacenter: data.is_datacenter,
+      isAbuser: data.is_abuser,
+      isMobile: data.is_mobile,
+      isSatellite: data.is_satellite,
+      // Provider information
+      providerName: data.company?.name || data.datacenter?.datacenter,
+      providerType: data.company?.type || data.asn?.type,
+      asnNumber: data.asn?.asn,
+      asnOrganization: data.asn?.org,
+      // Geolocation
+      country: data.location?.country,
+      countryCode: data.location?.country_code,
+      region: data.location?.state,
+      city: data.location?.city,
+      latitude: data.location?.latitude,
+      longitude: data.location?.longitude,
+      timezone: data.location?.timezone,
+      // VPN specific details
+      vpnService: data.vpn?.service,
+      vpnType: data.vpn?.type,
+      // Risk scoring
+      abuserScore: Number.parseFloat(
+        data.asn?.abuser_score.split(" ")[0] || "0"
+      ),
+      companyAbuserScore: Number.parseFloat(
+        data.company?.abuser_score.split(" ")[0] || "0"
+      )
+    };
+    if (includeRawResponse) {
+      result.rawResponse = data;
+    }
+    return result;
+  } catch (error) {
+    return {
+      isValid: false,
+      error: `Network or parsing error: ${error instanceof Error ? error.message : String(error)}`,
+      ip
+    };
+  }
+}
+export {
+  getIPInfo
+};