@riocrypto/common-server 1.0.2695 → 1.0.2698

package/build/index.d.ts

@@ -9,6 +9,7 @@ export * from "./middlewares/require-min-admin-role";
 export * from "./middlewares/verify-csrf-token";
 export * from "./middlewares/dynamic-rate-limiter";
 export * from "./middlewares/auth-context";
+export * from "./middlewares/verify-turnstile";
 export * from "./services/apiKey";
 export * from "./services/password";
 export * from "./services/logger";
@@ -111,6 +112,10 @@ export * from "./models/approved-alternative-bank-account-holder-name";
 export * from "./models/liquidity-sourcing-plan";
 export * from "./models/liquidity-sourcing-exclusion";
 export * from "./models/liquidity-sourcing-settings";
+export * from "./models/compliance-session";
+export * from "./models/compliance-bot-chat";
+export * from "./models/compliance-bot-rule";
+export * from "./models/compliance-bot-rule-result";
 export * from "./clients/axios-with-logging";
 export * from "./clients/slack-client";
 export * from "./clients/fireblocks-client";

package/build/index.js

@@ -25,6 +25,7 @@ __exportStar(require("./middlewares/require-min-admin-role"), exports);
 __exportStar(require("./middlewares/verify-csrf-token"), exports);
 __exportStar(require("./middlewares/dynamic-rate-limiter"), exports);
 __exportStar(require("./middlewares/auth-context"), exports);
+__exportStar(require("./middlewares/verify-turnstile"), exports);
 __exportStar(require("./services/apiKey"), exports);
 __exportStar(require("./services/password"), exports);
 __exportStar(require("./services/logger"), exports);
@@ -127,6 +128,10 @@ __exportStar(require("./models/approved-alternative-bank-account-holder-name"),
 __exportStar(require("./models/liquidity-sourcing-plan"), exports);
 __exportStar(require("./models/liquidity-sourcing-exclusion"), exports);
 __exportStar(require("./models/liquidity-sourcing-settings"), exports);
+__exportStar(require("./models/compliance-session"), exports);
+__exportStar(require("./models/compliance-bot-chat"), exports);
+__exportStar(require("./models/compliance-bot-rule"), exports);
+__exportStar(require("./models/compliance-bot-rule-result"), exports);
 __exportStar(require("./clients/axios-with-logging"), exports);
 __exportStar(require("./clients/slack-client"), exports);
 __exportStar(require("./clients/fireblocks-client"), exports);

package/build/middlewares/verify-turnstile.d.ts

@@ -0,0 +1,44 @@
+import { Request, Response, NextFunction } from "express";
+interface TurnstileConfig {
+    /**
+     * The Turnstile secret key (from Cloudflare dashboard)
+     * Can be obtained from: https://dash.cloudflare.com/?to=/:account/turnstile
+     */
+    secretKey: string;
+    /**
+     * Field name in request body that contains the turnstile token
+     * Default: "turnstileToken"
+     */
+    tokenField?: string;
+    /**
+     * Whether to skip verification in development/test environments
+     * Default: false
+     */
+    skipInDevelopment?: boolean;
+    /**
+     * Custom error message when verification fails
+     */
+    errorMessage?: string;
+    /**
+     * Logger function for errors
+     */
+    logger?: {
+        warn: (msg: object) => void;
+        error: (msg: object) => void;
+    };
+}
+/**
+ * Creates a middleware that verifies Cloudflare Turnstile tokens
+ *
+ * @example
+ * ```typescript
+ * const verifyTurnstile = createTurnstileMiddleware({
+ *   secretKey: process.env.TURNSTILE_SECRET_KEY!,
+ *   skipInDevelopment: process.env.NODE_ENV !== 'production',
+ * });
+ *
+ * app.post('/api/auth/send-code', verifyTurnstile, sendCodeHandler);
+ * ```
+ */
+export declare function createTurnstileMiddleware(config: TurnstileConfig): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+export { TurnstileConfig };

package/build/middlewares/verify-turnstile.js

@@ -0,0 +1,120 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTurnstileMiddleware = void 0;
+const axios_1 = __importDefault(require("axios"));
+const TURNSTILE_VERIFY_URL = "https://challenges.cloudflare.com/turnstile/v0/siteverify";
+/**
+ * Normalize IP address (handle IPv4-mapped IPv6)
+ */
+function normalizeIp(ip) {
+    if (!ip)
+        return undefined;
+    if (ip.startsWith("::ffff:")) {
+        return ip.substring(7);
+    }
+    return ip;
+}
+/**
+ * Get client IP from request, prioritizing Cloudflare headers
+ */
+function getClientIp(req) {
+    const cfConnectingIp = req.headers["cf-connecting-ip"];
+    const xForwardedFor = req.headers["x-forwarded-for"];
+    if (cfConnectingIp) {
+        return normalizeIp(cfConnectingIp);
+    }
+    if (xForwardedFor) {
+        return normalizeIp(xForwardedFor.split(",")[0].trim());
+    }
+    return normalizeIp(req.ip);
+}
+/**
+ * Creates a middleware that verifies Cloudflare Turnstile tokens
+ *
+ * @example
+ * ```typescript
+ * const verifyTurnstile = createTurnstileMiddleware({
+ *   secretKey: process.env.TURNSTILE_SECRET_KEY!,
+ *   skipInDevelopment: process.env.NODE_ENV !== 'production',
+ * });
+ *
+ * app.post('/api/auth/send-code', verifyTurnstile, sendCodeHandler);
+ * ```
+ */
+function createTurnstileMiddleware(config) {
+    const { secretKey, tokenField = "turnstileToken", skipInDevelopment = false, errorMessage = "Human verification failed. Please try again.", logger, } = config;
+    if (!secretKey) {
+        throw new Error("[Turnstile] Secret key is required. Get it from https://dash.cloudflare.com/?to=/:account/turnstile");
+    }
+    return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
+        var _a;
+        // Skip in development if configured
+        if (skipInDevelopment) {
+            return next();
+        }
+        const token = (_a = req.body) === null || _a === void 0 ? void 0 : _a[tokenField];
+        if (!token) {
+            logger === null || logger === void 0 ? void 0 : logger.warn({
+                message: "Turnstile token missing from request",
+                path: req.path,
+                ip: getClientIp(req),
+            });
+            res.status(400).json({
+                error: "Verification token is required.",
+            });
+            return;
+        }
+        try {
+            const remoteIp = getClientIp(req);
+            const response = yield axios_1.default.post(TURNSTILE_VERIFY_URL, new URLSearchParams(Object.assign({ secret: secretKey, response: token }, (remoteIp && { remoteip: remoteIp }))), {
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded",
+                },
+                timeout: 10000, // 10 second timeout
+            });
+            if (response.data.success) {
+                // Verification successful
+                return next();
+            }
+            // Verification failed
+            logger === null || logger === void 0 ? void 0 : logger.warn({
+                message: "Turnstile verification failed",
+                path: req.path,
+                ip: remoteIp,
+                errorCodes: response.data["error-codes"],
+            });
+            res.status(403).json({
+                error: errorMessage,
+                codes: response.data["error-codes"],
+            });
+        }
+        catch (error) {
+            logger === null || logger === void 0 ? void 0 : logger.error({
+                message: "Error verifying Turnstile token",
+                path: req.path,
+                ip: getClientIp(req),
+                error: error instanceof Error ? error.message : String(error),
+            });
+            // On error, we could either:
+            // 1. Block the request (more secure)
+            // 2. Allow it through (better UX but less secure)
+            // Here we block to be safe
+            res.status(500).json({
+                error: "Verification service unavailable. Please try again.",
+            });
+        }
+    });
+}
+exports.createTurnstileMiddleware = createTurnstileMiddleware;

package/build/models/compliance-bot-chat.d.ts

@@ -0,0 +1,23 @@
+import mongoose from "mongoose";
+interface ComplianceChatHistoryAttrs {
+    sessionId: string;
+    sequenceNumber: number;
+    createdAt: Date;
+    text: string;
+    isBot: boolean;
+    blobId: number;
+}
+interface ComplianceChatHistoryDoc extends mongoose.Document {
+    id: string;
+    sessionId: string;
+    sequenceNumber: number;
+    createdAt: Date;
+    text: string;
+    isBot: boolean;
+    blobId: number;
+}
+interface ComplianceChatHistoryModel extends mongoose.Model<ComplianceChatHistoryDoc> {
+    build(attrs: ComplianceChatHistoryAttrs): ComplianceChatHistoryDoc;
+}
+declare const buildComplianceChatHistory: (mongoose: typeof mongoose) => ComplianceChatHistoryModel;
+export { buildComplianceChatHistory, ComplianceChatHistoryDoc, ComplianceChatHistoryAttrs };

package/build/models/compliance-bot-chat.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildComplianceChatHistory = void 0;
+const buildComplianceChatHistory = (mongoose) => {
+    if (mongoose.models.ComplianceChatHistory) {
+        return mongoose.model("ComplianceChatHistory");
+    }
+    const ComplianceChatHistorySchema = new mongoose.Schema({
+        sessionId: {
+            type: String,
+            required: true,
+        },
+        sequenceNumber: {
+            type: Number,
+            required: true,
+        },
+        createdAt: {
+            type: Date,
+            required: true,
+        },
+        text: {
+            type: String,
+            required: true,
+        },
+        isBot: {
+            type: Boolean,
+            required: true,
+        },
+        blobId: {
+            type: Number,
+            required: true,
+        },
+    }, {
+        collection: 'compliancechathistory',
+        toJSON: {
+            transform(doc, ret) {
+                ret.id = ret._id;
+                delete ret._id;
+                delete ret.__v;
+            },
+        },
+    });
+    ComplianceChatHistorySchema.index({ sessionId: 1, sequenceNumber: 1 });
+    ComplianceChatHistorySchema.statics.build = (attrs) => {
+        return new ComplianceChatHistory(attrs);
+    };
+    const ComplianceChatHistory = mongoose.model("ComplianceChatHistory", ComplianceChatHistorySchema);
+    return ComplianceChatHistory;
+};
+exports.buildComplianceChatHistory = buildComplianceChatHistory;

package/build/models/compliance-bot-rule-result.d.ts

@@ -0,0 +1,28 @@
+import mongoose from "mongoose";
+import { ComplianceRuleResultStatus, ComplianceRuleOutcome } from "@riocrypto/common";
+interface ComplianceRuleResultAttrs {
+    sessionId: string;
+    ruleId: string;
+    name: string;
+    status: ComplianceRuleResultStatus;
+    prompt: string;
+    data: string;
+    details: string;
+    outcome?: ComplianceRuleOutcome;
+}
+interface ComplianceRuleResultDoc extends mongoose.Document {
+    id: string;
+    sessionId: string;
+    ruleId: string;
+    name: string;
+    status: ComplianceRuleResultStatus;
+    prompt: string;
+    data: string;
+    details: string;
+    outcome?: ComplianceRuleOutcome;
+}
+interface ComplianceRuleResultModel extends mongoose.Model<ComplianceRuleResultDoc> {
+    build(attrs: ComplianceRuleResultAttrs): ComplianceRuleResultDoc;
+}
+declare const buildComplianceRuleResult: (mongoose: typeof mongoose) => ComplianceRuleResultModel;
+export { buildComplianceRuleResult, ComplianceRuleResultDoc, ComplianceRuleResultAttrs };

package/build/models/compliance-bot-rule-result.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildComplianceRuleResult = void 0;
+const buildComplianceRuleResult = (mongoose) => {
+    if (mongoose.models.ComplianceRuleResult) {
+        return mongoose.model("ComplianceRuleResult");
+    }
+    const ComplianceRuleResultSchema = new mongoose.Schema({
+        sessionId: {
+            type: String,
+            required: true,
+        },
+        ruleId: {
+            type: String,
+            required: true,
+        },
+        name: {
+            type: String,
+            required: true,
+        },
+        status: {
+            type: String,
+            required: true,
+        },
+        prompt: {
+            type: String,
+            required: true,
+        },
+        data: {
+            type: String,
+            required: false,
+        },
+        details: {
+            type: String,
+            required: false,
+        },
+        outcome: {
+            type: String,
+            required: false,
+        },
+    }, {
+        toJSON: {
+            transform(doc, ret) {
+                ret.id = ret._id;
+                delete ret._id;
+                delete ret.__v;
+            },
+        },
+    });
+    ComplianceRuleResultSchema.index({ sessionId: 1 });
+    ComplianceRuleResultSchema.statics.build = (attrs) => {
+        return new ComplianceRuleResult(attrs);
+    };
+    const ComplianceRuleResult = mongoose.model("ComplianceRuleResult", ComplianceRuleResultSchema);
+    return ComplianceRuleResult;
+};
+exports.buildComplianceRuleResult = buildComplianceRuleResult;

package/build/models/compliance-bot-rule.d.ts

@@ -0,0 +1,19 @@
+import mongoose from "mongoose";
+interface ComplianceRuleAttrs {
+    country: string;
+    name: string;
+    prompt: string;
+    ruleType: string;
+}
+interface ComplianceRuleDoc extends mongoose.Document {
+    id: string;
+    country: string;
+    name: string;
+    prompt: string;
+    ruleType: string;
+}
+interface ComplianceRuleModel extends mongoose.Model<ComplianceRuleDoc> {
+    build(attrs: ComplianceRuleAttrs): ComplianceRuleDoc;
+}
+declare const buildComplianceRule: (mongoose: typeof mongoose) => ComplianceRuleModel;
+export { buildComplianceRule, ComplianceRuleDoc, ComplianceRuleAttrs };

package/build/models/compliance-bot-rule.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildComplianceRule = void 0;
+const buildComplianceRule = (mongoose) => {
+    if (mongoose.models.ComplianceRule) {
+        return mongoose.model("ComplianceRule");
+    }
+    const ComplianceRuleSchema = new mongoose.Schema({
+        country: {
+            type: String,
+            required: true,
+        },
+        name: {
+            type: String,
+            required: true,
+        },
+        prompt: {
+            type: String,
+            required: true,
+        },
+        ruleType: {
+            type: String,
+            required: true,
+        },
+    }, {
+        toJSON: {
+            transform(doc, ret) {
+                ret.id = ret._id;
+                delete ret._id;
+                delete ret.__v;
+            },
+        },
+    });
+    ComplianceRuleSchema.index({ country: 1 });
+    ComplianceRuleSchema.statics.build = (attrs) => {
+        return new ComplianceRule(attrs);
+    };
+    const ComplianceRule = mongoose.model("ComplianceRule", ComplianceRuleSchema);
+    return ComplianceRule;
+};
+exports.buildComplianceRule = buildComplianceRule;

package/build/models/compliance-session.d.ts

@@ -0,0 +1,27 @@
+import mongoose from "mongoose";
+import { ComplianceSessionStatus } from "@riocrypto/common";
+interface ComplianceSessionAttrs {
+    id: string;
+    userId: string;
+    createdAt: Date;
+    country: string;
+    message: string;
+    status: ComplianceSessionStatus;
+    transcript: string;
+    modelName: string;
+}
+interface ComplianceSessionDoc extends mongoose.Document {
+    id: string;
+    userId: string;
+    createdAt: Date;
+    country: string;
+    message: string;
+    status: ComplianceSessionStatus;
+    transcript: string;
+    modelName: string;
+}
+interface ComplianceSessionModel extends mongoose.Model<ComplianceSessionDoc> {
+    build(attrs: ComplianceSessionAttrs): ComplianceSessionDoc;
+}
+declare const buildComplianceSession: (mongoose: typeof mongoose) => ComplianceSessionModel;
+export { buildComplianceSession, ComplianceSessionDoc, ComplianceSessionAttrs };

package/build/models/compliance-session.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildComplianceSession = void 0;
+const buildComplianceSession = (mongoose) => {
+    if (mongoose.models.ComplianceSession) {
+        return mongoose.model("ComplianceSession");
+    }
+    const ComplianceSessionSchema = new mongoose.Schema({
+        userId: {
+            type: String,
+            required: true,
+        },
+        createdAt: {
+            type: Date,
+            required: true,
+        },
+        country: {
+            type: String,
+            required: false,
+        },
+        message: {
+            type: String,
+            required: false,
+            default: "",
+        },
+        status: {
+            type: String,
+            required: false,
+            default: "",
+        },
+        transcript: {
+            type: String,
+            required: false,
+            default: "",
+        },
+        modelName: {
+            type: String,
+            required: false,
+        },
+    }, {
+        toJSON: {
+            transform(doc, ret) {
+                ret.id = ret._id;
+                delete ret._id;
+                delete ret.__v;
+            },
+        },
+    });
+    ComplianceSessionSchema.index({ id: 1 });
+    ComplianceSessionSchema.index({ userId: 1 });
+    ComplianceSessionSchema.index({ createdAt: 1 });
+    ComplianceSessionSchema.statics.build = (attrs) => {
+        return new ComplianceSession(attrs);
+    };
+    const ComplianceSession = mongoose.model("ComplianceSession", ComplianceSessionSchema);
+    return ComplianceSession;
+};
+exports.buildComplianceSession = buildComplianceSession;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@riocrypto/common-server",
-  "version": "1.0.2695",
+  "version": "1.0.2698",
   "description": "",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -28,7 +28,7 @@
     "@google-cloud/secret-manager": "^5.3.0",
     "@google-cloud/storage": "^6.9.5",
     "@hyperdx/node-opentelemetry": "^0.7.0",
-    "@riocrypto/common": "^1.0.2493",
+    "@riocrypto/common": "^1.0.2496",
     "@types/express": "^4.17.13",
     "axios": "^1.7.4",
     "crypto-js": "^4.2.0",