@reclaimprotocol/attestor-core 5.0.1-beta.2 → 5.0.1-beta.22

package/lib/server/utils/validation.js

@@ -1,45 +1,38 @@
-import { Ajv } from "ajv";
+import { Ajv } from 'ajv';
 import { PROVIDER_SCHEMAS } from "../../types/providers.gen.js";
 import { AttestorError } from "../../utils/error.js";
 const PROVIDER_VALIDATOR_MAP = {};
 const AJV = new Ajv({
-  allErrors: true,
-  strict: true,
-  strictRequired: false,
-  formats: {
-    binary(data) {
-      return data instanceof Uint8Array || typeof Buffer !== "undefined" && Buffer.isBuffer(data);
-    },
-    url(data) {
-      try {
-        new URL(data);
-        return true;
-      } catch {
-        return false;
-      }
+    allErrors: true,
+    strict: true,
+    strictRequired: false,
+    formats: {
+        binary(data) {
+            return data instanceof Uint8Array
+                || (typeof Buffer !== 'undefined'
+                    && Buffer.isBuffer(data));
+        },
+        url(data) {
+            try {
+                new URL(data);
+                return true;
+            }
+            catch {
+                return false;
+            }
+        }
     }
-  }
 });
-function assertValidateProviderParams(name, params) {
-  let validate = PROVIDER_VALIDATOR_MAP[name];
-  if (!validate) {
-    const schema = PROVIDER_SCHEMAS[name]?.parameters;
-    if (!schema) {
-      throw new AttestorError(
-        "ERROR_BAD_REQUEST",
-        `Invalid provider name "${String(name)}"`
-      );
+export function assertValidateProviderParams(name, params) {
+    let validate = PROVIDER_VALIDATOR_MAP[name];
+    if (!validate) {
+        const schema = PROVIDER_SCHEMAS[name]?.parameters;
+        if (!schema) {
+            throw new AttestorError('ERROR_BAD_REQUEST', `Invalid provider name "${String(name)}"`);
+        }
+        validate = AJV.compile(schema);
+    }
+    if (!validate?.(params)) {
+        throw new AttestorError('ERROR_BAD_REQUEST', 'Params validation failed', { errors: JSON.stringify(validate.errors) });
     }
-    validate = AJV.compile(schema);
-  }
-  if (!validate?.(params)) {
-    throw new AttestorError(
-      "ERROR_BAD_REQUEST",
-      "Params validation failed",
-      { errors: JSON.stringify(validate.errors) }
-    );
-  }
 }
-export {
-  assertValidateProviderParams
-};

package/lib/types/bgp.js

@@ -0,0 +1 @@
+export {};

package/lib/types/claims.js

@@ -0,0 +1 @@
+export {};

package/lib/types/client.js

@@ -0,0 +1 @@
+export {};

package/lib/types/general.js

@@ -0,0 +1 @@
+export {};

package/lib/types/handlers.js

@@ -0,0 +1 @@
+export {};

package/lib/types/providers.d.ts

@@ -2,6 +2,7 @@ import type { TLSConnectionOptions } from '@reclaimprotocol/tls';
 import type { AttestorVersion, ProviderClaimData } from '#src/proto/api.ts';
 import type { ArraySlice, Logger, RedactedOrHashedArraySlice } from '#src/types/general.ts';
 import type { ProvidersConfig } from '#src/types/providers.gen.ts';
+import type { Awaitable } from '#src/types/signatures.ts';
 import type { Transcript } from '#src/types/tunnel.ts';
 export type AttestorData = {
     id: string;
@@ -114,11 +115,11 @@ export interface Provider<N extends ProviderName, Params = ProviderParams<N>, Se
        *  Optionally return parameters extracted from the receipt
        *  that will then be included in the claim context
      * */
-    assertValidProviderReceipt(opts: AssertValidProviderReceipt<Params>): void | Promise<void> | {
+    assertValidProviderReceipt(opts: AssertValidProviderReceipt<Params>): Awaitable<{
         extractedParameters: {
             [key: string]: string;
         };
-    };
+    } | undefined>;
 }
 export type ProofGenerationStep = {
     name: 'connecting';

package/lib/types/providers.gen.js

@@ -1,16 +1,10 @@
-const HttpProviderParametersJson = { "title": "HttpProviderParameters", "type": "object", "required": ["url", "method", "responseMatches"], "properties": { "url": { "type": "string", "format": "url", "description": "which URL does the request have to be made to Has to be a valid https URL for eg. https://amazon.in/orders?q=abcd" }, "method": { "type": "string", "enum": ["GET", "POST", "PUT", "PATCH"] }, "geoLocation": { "type": "string", "nullable": true, "description": "Specify the geographical location from where to proxy the request. 2-letter ISO country code or parameter (public or secret)" }, "proxySessionId": { "type": "string", "nullable": true, "description": 'Specify the unique session id for allowing use of same proxy ip across multiple requests. Can be a smallcase alphanumeric string of length 8-14 characters. eg. "mystring12345", "something1234".' }, "headers": { "type": "object", "description": "Any additional headers to be sent with the request Note: these will be revealed to the attestor & won't be redacted from the transcript. To add hidden headers, use 'secretParams.headers' instead", "additionalProperties": { "type": "string" } }, "body": { "description": "Body of the HTTP request", "oneOf": [{ "type": "string", "format": "binary" }, { "type": "string" }] }, "writeRedactionMode": { "type": "string", "description": `If the API doesn't perform well with the "key-update" method of redaction, you can switch to "zk" mode by setting this to "zk"`, "enum": ["zk", "key-update"] }, "additionalClientOptions": { "type": "object", "description": "Apply TLS configuration when creating the tunnel to the attestor.", "nullable": true, "properties": { "supportedProtocolVersions": { "type": "array", "minItems": 1, "uniqueItems": true, "items": { "type": "string", "enum": ["TLS1_2", "TLS1_3"] } } } }, "responseMatches": { "type": "array", "minItems": 1, "uniqueItems": true, "description": "The attestor will use this list to check that the redacted response does indeed match all the provided strings/regexes", "items": { "type": "object", "required": ["value", "type"], "properties": { "value": { "type": "string", "description": '"regex": the response must match the regex "contains": the response must contain the provided\n string exactly' }, "type": { "type": "string", "description": "The string/regex to match against", "enum": ["regex", "contains"] }, "invert": { "type": "boolean", "description": "Inverses the matching logic. Fail when match is found and proceed otherwise" } }, "additionalProperties": false } }, "responseRedactions": { "type": "array", "uniqueItems": true, "description": 'which portions to select from a response. These are selected in order, xpath => jsonPath => regex * These redactions are done client side and only the selected portions are sent to the attestor. The attestor will only be able to see the selected portions alongside the first line of the HTTP response (i.e. "HTTP/1.1 200 OK") * To disable any redactions, pass an empty array', "items": { "type": "object", "properties": { "xPath": { "type": "string", "nullable": true, "description": 'expect an HTML response, and to contain a certain xpath for eg. "/html/body/div.a1/div.a2/span.a5"' }, "jsonPath": { "type": "string", "nullable": true, "description": "expect a JSON response, retrieve the item at this path using dot notation for e.g. 'email.addresses.0'" }, "regex": { "type": "string", "nullable": true, "description": "select a regex match from the response" }, "hash": { "type": "string", "description": `If provided, the value inside will be hashed instead of being redacted. Useful for cases where the data inside is an identifiying piece of information that you don't want to reveal to the attestor, eg. an email address.
-If the hash function produces more bytes than the original value, the hash will be truncated.
-Eg. if hash is enabled, the original value is "hello", and hashed is "a1b2c", then the attestor will only see "a1b2c".
-Note: if a regex with named groups is provided, only the named groups will be hashed.`, "enum": ["oprf", "oprf-mpc", "oprf-raw"] } }, "additionalProperties": false } }, "paramValues": { "type": "object", "description": "A map of parameter values which are user in form of {{param}} in URL, responseMatches, responseRedactions, body, geolocation. Those in URL, responseMatches & geo will be put into context and signed This value will NOT be included in provider hash", "additionalProperties": { "type": "string" } } }, "additionalProperties": false };
-const HttpProviderSecretParametersJson = { "title": "HttpProviderSecretParameters", "type": "object", "description": "Secret parameters to be used with HTTP provider. None of the values in this object will be shown to the attestor", "properties": { "cookieStr": { "type": "string", "description": "cookie string for authorisation." }, "authorisationHeader": { "type": "string", "description": "authorisation header value" }, "headers": { "type": "object", "description": "Headers that need to be hidden from the attestor", "additionalProperties": { "type": "string" } }, "paramValues": { "type": "object", "description": "A map of parameter values which are user in form of {{param}} in body these parameters will NOT be shown to attestor and extracted", "additionalProperties": { "type": "string" } } }, "additionalProperties": false };
-const PROVIDER_SCHEMAS = {
-  http: {
-    parameters: HttpProviderParametersJson,
-    secretParameters: HttpProviderSecretParametersJson
-  }
-};
-export {
-  HttpProviderParametersJson,
-  HttpProviderSecretParametersJson,
-  PROVIDER_SCHEMAS
+/* eslint-disable */
+/* Generated file. Do not edit */
+export const HttpProviderParametersJson = { "title": "HttpProviderParameters", "type": "object", "required": ["url", "method", "responseMatches"], "properties": { "url": { "type": "string", "format": "url", "description": "which URL does the request have to be made to Has to be a valid https URL for eg. https://amazon.in/orders?q=abcd" }, "method": { "type": "string", "enum": ["GET", "POST", "PUT", "PATCH"] }, "geoLocation": { "type": "string", "nullable": true, "description": "Specify the geographical location from where to proxy the request. 2-letter ISO country code or parameter (public or secret)" }, "proxySessionId": { "type": "string", "nullable": true, "description": "Specify the unique session id for allowing use of same proxy ip across multiple requests. Can be a smallcase alphanumeric string of length 8-14 characters. eg. \"mystring12345\", \"something1234\"." }, "headers": { "type": "object", "description": "Any additional headers to be sent with the request Note: these will be revealed to the attestor & won't be redacted from the transcript. To add hidden headers, use 'secretParams.headers' instead", "additionalProperties": { "type": "string" } }, "body": { "description": "Body of the HTTP request", "oneOf": [{ "type": "string", "format": "binary" }, { "type": "string" }] }, "writeRedactionMode": { "type": "string", "description": "If the API doesn't perform well with the \"key-update\" method of redaction, you can switch to \"zk\" mode by setting this to \"zk\"", "enum": ["zk", "key-update"] }, "additionalClientOptions": { "type": "object", "description": "Apply TLS configuration when creating the tunnel to the attestor.", "nullable": true, "properties": { "supportedProtocolVersions": { "type": "array", "minItems": 1, "uniqueItems": true, "items": { "type": "string", "enum": ["TLS1_2", "TLS1_3"] } } } }, "responseMatches": { "type": "array", "minItems": 1, "uniqueItems": true, "description": "The attestor will use this list to check that the redacted response does indeed match all the provided strings/regexes", "items": { "type": "object", "required": ["value", "type"], "properties": { "value": { "type": "string", "description": "\"regex\": the response must match the regex \"contains\": the response must contain the provided\n string exactly" }, "type": { "type": "string", "description": "The string/regex to match against", "enum": ["regex", "contains"] }, "invert": { "type": "boolean", "description": "Inverses the matching logic. Fail when match is found and proceed otherwise" } }, "additionalProperties": false } }, "responseRedactions": { "type": "array", "uniqueItems": true, "description": "which portions to select from a response. These are selected in order, xpath => jsonPath => regex * These redactions are done client side and only the selected portions are sent to the attestor. The attestor will only be able to see the selected portions alongside the first line of the HTTP response (i.e. \"HTTP/1.1 200 OK\") * To disable any redactions, pass an empty array", "items": { "type": "object", "properties": { "xPath": { "type": "string", "nullable": true, "description": "expect an HTML response, and to contain a certain xpath for eg. \"/html/body/div.a1/div.a2/span.a5\"" }, "jsonPath": { "type": "string", "nullable": true, "description": "expect a JSON response, retrieve the item at this path using dot notation for e.g. 'email.addresses.0'" }, "regex": { "type": "string", "nullable": true, "description": "select a regex match from the response" }, "hash": { "type": "string", "description": "If provided, the value inside will be hashed instead of being redacted. Useful for cases where the data inside is an identifiying piece of information that you don't want to reveal to the attestor, eg. an email address.\nIf the hash function produces more bytes than the original value, the hash will be truncated.\nEg. if hash is enabled, the original value is \"hello\", and hashed is \"a1b2c\", then the attestor will only see \"a1b2c\".\nNote: if a regex with named groups is provided, only the named groups will be hashed.", "enum": ["oprf", "oprf-mpc", "oprf-raw"] } }, "additionalProperties": false } }, "paramValues": { "type": "object", "description": "A map of parameter values which are user in form of {{param}} in URL, responseMatches, responseRedactions, body, geolocation. Those in URL, responseMatches & geo will be put into context and signed This value will NOT be included in provider hash", "additionalProperties": { "type": "string" } } }, "additionalProperties": false };
+export const HttpProviderSecretParametersJson = { "title": "HttpProviderSecretParameters", "type": "object", "description": "Secret parameters to be used with HTTP provider. None of the values in this object will be shown to the attestor", "properties": { "cookieStr": { "type": "string", "description": "cookie string for authorisation." }, "authorisationHeader": { "type": "string", "description": "authorisation header value" }, "headers": { "type": "object", "description": "Headers that need to be hidden from the attestor", "additionalProperties": { "type": "string" } }, "paramValues": { "type": "object", "description": "A map of parameter values which are user in form of {{param}} in body these parameters will NOT be shown to attestor and extracted", "additionalProperties": { "type": "string" } } }, "additionalProperties": false };
+export const PROVIDER_SCHEMAS = {
+    http: {
+        parameters: HttpProviderParametersJson,
+        secretParameters: HttpProviderSecretParametersJson
+    },
 };

package/lib/types/providers.js

@@ -0,0 +1 @@
+export {};

package/lib/types/rpc.js

@@ -0,0 +1 @@
+export {};

package/lib/types/signatures.d.ts

@@ -1,5 +1,5 @@
 export type PrivateKey = string;
-type Awaitable<T> = T | Promise<T>;
+export type Awaitable<T> = T | Promise<T>;
 export type ServiceSignatureProvider = {
     /**
      * Returns public key in compressed (compact) format used in Reclaim RPC calls
@@ -25,4 +25,3 @@ export type ServiceSignatureProvider = {
      */
     verify(data: Uint8Array, signature: Uint8Array | string, addressBytes: Uint8Array | string): Awaitable<boolean>;
 };
-export {};

package/lib/types/signatures.js

@@ -0,0 +1 @@
+export {};

package/lib/types/tunnel.js

@@ -0,0 +1 @@
+export {};

package/lib/types/zk.js

@@ -0,0 +1 @@
+export {};

package/lib/utils/auth.js

@@ -1,71 +1,59 @@
-import { getBytes } from "ethers";
+import { getBytes } from 'ethers';
 import { DEFAULT_AUTH_EXPIRY_S } from "../config/index.js";
 import { AuthenticatedUserData } from "../proto/api.js";
-import { getEnvVariable } from "../utils/env.js";
-import { AttestorError } from "../utils/error.js";
-import { unixTimestampSeconds } from "../utils/generics.js";
-import { SelectedServiceSignature, SIGNATURES } from "../utils/signatures/index.js";
-async function assertValidAuthRequest(request, signatureType) {
-  const publicKey = getEnvVariable("AUTHENTICATION_PUBLIC_KEY");
-  if (!request) {
-    if (publicKey) {
-      throw new AttestorError(
-        "ERROR_AUTHENTICATION_FAILED",
-        "User must be authenticated"
-      );
+import { getEnvVariable } from "./env.js";
+import { AttestorError } from "./error.js";
+import { unixTimestampSeconds } from "./generics.js";
+import { SelectedServiceSignature, SIGNATURES } from "./signatures/index.js";
+export async function assertValidAuthRequest(request, signatureType) {
+    const publicKey = getEnvVariable('AUTHENTICATION_PUBLIC_KEY');
+    // nothing to verify
+    if (!request) {
+        // if pub key is provided -- but user didn't attempt to
+        // authenticate, then we should throw an error
+        if (publicKey) {
+            throw new AttestorError('ERROR_AUTHENTICATION_FAILED', 'User must be authenticated');
+        }
+        return;
+    }
+    if (!publicKey) {
+        throw new AttestorError('ERROR_BAD_REQUEST', 'The attestor is not configured for authentication');
+    }
+    const { signature, data } = request;
+    if (!data) {
+        throw new AttestorError('ERROR_AUTHENTICATION_FAILED', 'Missing data in auth request');
+    }
+    if (data.expiresAt < unixTimestampSeconds()) {
+        throw new AttestorError('ERROR_AUTHENTICATION_FAILED', 'Authentication request has expired');
+    }
+    const proto = AuthenticatedUserData.encode(data).finish();
+    const signatureAlg = SIGNATURES[signatureType];
+    const address = signatureAlg.getAddress(getBytes(publicKey));
+    const verified = await signatureAlg
+        .verify(proto, signature, address);
+    if (!verified) {
+        throw new AttestorError('ERROR_AUTHENTICATION_FAILED', 'Signature verification failed');
     }
-    return;
-  }
-  if (!publicKey) {
-    throw new AttestorError(
-      "ERROR_BAD_REQUEST",
-      "The attestor is not configured for authentication"
-    );
-  }
-  const { signature, data } = request;
-  if (!data) {
-    throw new AttestorError(
-      "ERROR_AUTHENTICATION_FAILED",
-      "Missing data in auth request"
-    );
-  }
-  if (data.expiresAt < unixTimestampSeconds()) {
-    throw new AttestorError(
-      "ERROR_AUTHENTICATION_FAILED",
-      "Authentication request has expired"
-    );
-  }
-  const proto = AuthenticatedUserData.encode(data).finish();
-  const signatureAlg = SIGNATURES[signatureType];
-  const address = signatureAlg.getAddress(
-    getBytes(publicKey)
-  );
-  const verified = await signatureAlg.verify(proto, signature, address);
-  if (!verified) {
-    throw new AttestorError(
-      "ERROR_AUTHENTICATION_FAILED",
-      "Signature verification failed"
-    );
-  }
 }
-async function createAuthRequest(_data, privateKey) {
-  const createdAt = unixTimestampSeconds();
-  const data = {
-    createdAt,
-    expiresAt: createdAt + DEFAULT_AUTH_EXPIRY_S,
-    id: "",
-    hostWhitelist: [],
-    ..._data
-  };
-  const proto = AuthenticatedUserData.encode(data).finish();
-  const signature = await SelectedServiceSignature.sign(proto, privateKey);
-  const request = {
-    data,
-    signature
-  };
-  return request;
+/**
+ * Create an authentication request with the given data and private key,
+ * which can then be used to authenticate with the service.
+ */
+export async function createAuthRequest(_data, privateKey) {
+    const createdAt = unixTimestampSeconds();
+    const data = {
+        createdAt,
+        expiresAt: createdAt + DEFAULT_AUTH_EXPIRY_S,
+        id: '',
+        hostWhitelist: [],
+        ..._data,
+    };
+    const proto = AuthenticatedUserData.encode(data).finish();
+    const signature = await SelectedServiceSignature
+        .sign(proto, privateKey);
+    const request = {
+        data,
+        signature
+    };
+    return request;
 }
-export {
-  assertValidAuthRequest,
-  createAuthRequest
-};

package/lib/utils/b64-json.js

@@ -1,17 +1,17 @@
-import { decodeBase64, encodeBase64 } from "ethers";
-const B64_JSON_REPLACER = (key, value) => {
-  if (value instanceof Uint8Array || typeof value === "object" && value && "buffer" in value && value.buffer instanceof ArrayBuffer) {
-    return { type: "uint8array", value: encodeBase64(value) };
-  }
-  return value;
+import { decodeBase64, encodeBase64 } from 'ethers';
+export const B64_JSON_REPLACER = (key, value) => {
+    if (value instanceof Uint8Array
+        || (typeof value === 'object'
+            && value
+            && 'buffer' in value
+            && value.buffer instanceof ArrayBuffer)) {
+        return { type: 'uint8array', value: encodeBase64(value) };
+    }
+    return value;
 };
-const B64_JSON_REVIVER = (key, value) => {
-  if (value?.type === "uint8array") {
-    return decodeBase64(value.value);
-  }
-  return value;
-};
-export {
-  B64_JSON_REPLACER,
-  B64_JSON_REVIVER
+export const B64_JSON_REVIVER = (key, value) => {
+    if (value?.type === 'uint8array') {
+        return decodeBase64(value.value);
+    }
+    return value;
 };

package/lib/utils/bgp-listener.js

@@ -1,123 +1,119 @@
-import CIDR from "ip-cidr";
+import CIDR from 'ip-cidr';
 import { BGP_WS_URL } from "../config/index.js";
-import { makeWebSocket } from "../utils/ws.js";
-const ANNOUNCEMENT_OVERLAP = "announcement-overlap";
+import { makeWebSocket } from "./ws.js";
+const ANNOUNCEMENT_OVERLAP = 'announcement-overlap';
 class BGPAnnouncementOverlapEvent extends Event {
-  data;
-  constructor(data) {
-    super(ANNOUNCEMENT_OVERLAP);
-    this.data = data;
-  }
+    data;
+    constructor(data) {
+        super(ANNOUNCEMENT_OVERLAP);
+        this.data = data;
+    }
 }
-function createBgpListener(logger) {
-  let ws;
-  let closed = false;
-  const targetIps = /* @__PURE__ */ new Set();
-  const eventTarget = new EventTarget();
-  openWs();
-  return {
-    onOverlap(ips, callback) {
-      for (const ip of ips) {
-        targetIps.add(ip);
-      }
-      eventTarget.addEventListener(
-        ANNOUNCEMENT_OVERLAP,
-        _callback
-      );
-      return () => {
-        for (const ip of ips) {
-          targetIps.delete(ip);
+/**
+ * Listens for BGP announcements and emits events whenever
+ * an announcement overlaps with a target IP.
+ */
+export function createBgpListener(logger) {
+    let ws;
+    let closed = false;
+    const targetIps = new Set();
+    const eventTarget = new EventTarget();
+    openWs();
+    return {
+        onOverlap(ips, callback) {
+            for (const ip of ips) {
+                targetIps.add(ip);
+            }
+            eventTarget.addEventListener(ANNOUNCEMENT_OVERLAP, _callback);
+            return () => {
+                for (const ip of ips) {
+                    targetIps.delete(ip);
+                }
+                eventTarget.removeEventListener(ANNOUNCEMENT_OVERLAP, _callback);
+            };
+            function _callback(event) {
+                callback(event.data);
+            }
+        },
+        close() {
+            ws.onclose = null;
+            ws.onerror = null;
+            ws.close();
+            closed = true;
         }
-        eventTarget.removeEventListener(
-          ANNOUNCEMENT_OVERLAP,
-          _callback
-        );
-      };
-      function _callback(event) {
-        callback(event.data);
-      }
-    },
-    close() {
-      ws.onclose = null;
-      ws.onerror = null;
-      ws.close();
-      closed = true;
-    }
-  };
-  function openWs() {
-    logger.debug("connecting to BGP websocket");
-    ws = makeWebSocket(BGP_WS_URL);
-    ws.onopen = onOpen;
-    ws.onerror = (ev) => onClose(ev);
-    ws.onclose = () => onClose(new Error("Unexpected close"));
-    ws.onmessage = ({ data }) => {
-      const str = typeof data === "string" ? data : data.toString();
-      try {
-        onMessage(str);
-      } catch (err) {
-        logger.error({ data, err }, "error processing BGP message");
-      }
     };
-  }
-  function onOpen() {
-    const subscriptionMessage = {
-      type: "ris_subscribe",
-      data: {
-        type: "UPDATE"
-      }
-    };
-    ws.send(JSON.stringify(subscriptionMessage));
-    logger.info("connected to BGP websocket");
-  }
-  function onClose(err) {
-    if (closed) {
-      return;
-    }
-    logger.info({ err }, "BGP websocket closed");
-    if (!err) {
-      return;
+    function openWs() {
+        logger.debug('connecting to BGP websocket');
+        ws = makeWebSocket(BGP_WS_URL);
+        ws.onopen = onOpen;
+        ws.onerror = (ev) => onClose(ev);
+        ws.onclose = () => onClose(new Error('Unexpected close'));
+        ws.onmessage = ({ data }) => {
+            const str = typeof data === 'string' ? data : data.toString();
+            try {
+                onMessage(str);
+            }
+            catch (err) {
+                logger.error({ data, err }, 'error processing BGP message');
+            }
+        };
     }
-    logger.info("reconnecting to BGP websocket");
-    openWs();
-  }
-  function onMessage(message) {
-    const data = JSON.parse(message);
-    const announcements = data?.data?.announcements;
-    logger.trace({ data }, "got BGP update");
-    if (!Array.isArray(announcements)) {
-      return;
+    function onOpen() {
+        const subscriptionMessage = {
+            type: 'ris_subscribe',
+            data: {
+                type: 'UPDATE',
+            },
+        };
+        ws.send(JSON.stringify(subscriptionMessage));
+        logger.info('connected to BGP websocket');
     }
-    const asPath = data?.data?.path;
-    for (const announcement of announcements) {
-      const prefixes = announcement?.prefixes;
-      const nextHop = announcement?.["next_hop"];
-      const hasPrefixes = prefixes?.length && (nextHop || asPath);
-      if (!hasPrefixes) {
-        return;
-      }
-      for (const prefix of prefixes) {
-        if (!overlapsTargetIps(prefix)) {
-          continue;
+    function onClose(err) {
+        if (closed) {
+            return;
         }
-        eventTarget.dispatchEvent(
-          new BGPAnnouncementOverlapEvent({ prefix })
-        );
-      }
+        logger.info({ err }, 'BGP websocket closed');
+        if (!err) {
+            return;
+        }
+        logger.info('reconnecting to BGP websocket');
+        openWs();
     }
-  }
-  function overlapsTargetIps(prefix) {
-    if (prefix.endsWith("/0")) {
-      return false;
+    function onMessage(message) {
+        const data = JSON.parse(message);
+        const announcements = data?.data?.announcements;
+        logger.trace({ data }, 'got BGP update');
+        if (!Array.isArray(announcements)) {
+            return;
+        }
+        const asPath = data?.data?.path;
+        for (const announcement of announcements) {
+            const prefixes = announcement?.prefixes;
+            const nextHop = announcement?.['next_hop'];
+            const hasPrefixes = prefixes?.length && (nextHop || asPath);
+            if (!hasPrefixes) {
+                return;
+            }
+            for (const prefix of prefixes) {
+                if (!overlapsTargetIps(prefix)) {
+                    continue;
+                }
+                // emit event
+                eventTarget.dispatchEvent(new BGPAnnouncementOverlapEvent({ prefix }));
+            }
+        }
     }
-    const cidr = new CIDR(prefix);
-    for (const ip of targetIps) {
-      if (cidr.contains(ip)) {
-        return true;
-      }
+    function overlapsTargetIps(prefix) {
+        // ignore all prefixes that end with /0
+        if (prefix.endsWith('/0')) {
+            return false;
+        }
+        const cidr = new CIDR(prefix);
+        for (const ip of targetIps) {
+            if (cidr.contains(ip)) {
+                return true;
+            }
+        }
+        return false;
     }
-    return false;
-  }
 }
-export {
-  createBgpListener
-};