@simplr-ai/express 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +122 -0
- package/dist/fastify.cjs +241 -0
- package/dist/fastify.cjs.map +1 -0
- package/dist/fastify.d.cts +11 -0
- package/dist/fastify.d.ts +11 -0
- package/dist/fastify.js +214 -0
- package/dist/fastify.js.map +1 -0
- package/dist/hono.cjs +246 -0
- package/dist/hono.cjs.map +1 -0
- package/dist/hono.d.cts +25 -0
- package/dist/hono.d.ts +25 -0
- package/dist/hono.js +218 -0
- package/dist/hono.js.map +1 -0
- package/dist/index.cjs +244 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +96 -0
- package/dist/index.d.ts +96 -0
- package/dist/index.js +210 -0
- package/dist/index.js.map +1 -0
- package/dist/next.cjs +269 -0
- package/dist/next.cjs.map +1 -0
- package/dist/next.d.cts +41 -0
- package/dist/next.d.ts +41 -0
- package/dist/next.js +241 -0
- package/dist/next.js.map +1 -0
- package/dist/types-CmzpR5S4.d.cts +115 -0
- package/dist/types-CmzpR5S4.d.ts +115 -0
- package/package.json +108 -0
package/dist/next.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/client.ts","../src/core.ts","../src/next.ts"],"sourcesContent":["/**\n * Thin internal client.\n *\n * This is a ~40-line port of the minimal call path from `@simplr-ai/node`\n * (`apiRequest` + `check` + `edge.ingestLogs`) so that this package builds and\n * tests without an unbuilt workspace dependency or any network access.\n *\n * In production this package pairs with `@simplr-ai/node`; the endpoints, auth\n * header (`X-API-Key`), `{ success, message, content }` envelope unwrapping, and\n * 15s default timeout here are byte-for-byte compatible with that SDK and the\n * Simplr API contract.\n */\nimport type { CheckInput, CheckResult, EdgeLogEntry } from \"./types.js\";\n\nconst DEFAULT_BASE_URL = \"https://api.simplr.sh\";\n\n/** Thrown when the Simplr API returns a non-2xx response or the request fails. */\nexport class SimplrError extends Error {\n readonly status: number;\n readonly body: unknown;\n constructor(message: string, status: number, body: unknown) {\n super(message);\n this.name = \"SimplrError\";\n this.status = status;\n this.body = body;\n }\n}\n\nexport interface ClientConfig {\n apiKey: string;\n baseUrl?: string;\n timeoutMs?: number;\n fetch?: typeof fetch;\n}\n\nexport interface SimplrClient {\n check(input: CheckInput): Promise<CheckResult>;\n ingestLogs(deviceId: string, logs: EdgeLogEntry[]): Promise<unknown>;\n}\n\nexport function createClient(config: ClientConfig): SimplrClient {\n if (!config?.apiKey) throw new Error(\"Simplr: `apiKey` is required\");\n const baseUrl = (config.baseUrl || DEFAULT_BASE_URL).replace(/\\/+$/, \"\");\n const timeoutMs = config.timeoutMs ?? 15000;\n const fetchImpl = config.fetch ?? globalThis.fetch;\n if (typeof fetchImpl !== \"function\") {\n throw new Error(\n \"Simplr: no global fetch available — use Node 18+ or pass `fetch` in options\",\n );\n }\n\n async function apiRequest<T>(method: string, path: string, body?: unknown): Promise<T> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n try {\n const res = await fetchImpl(`${baseUrl}${path}`, {\n method,\n headers: { \"Content-Type\": \"application/json\", \"X-API-Key\": config.apiKey },\n body: body !== undefined ? JSON.stringify(body) : undefined,\n signal: controller.signal,\n });\n const text = await res.text();\n let parsed: any;\n try {\n parsed = text ? JSON.parse(text) : undefined;\n } catch {\n parsed = text;\n }\n if (!res.ok) {\n const message =\n (parsed && (parsed.message || parsed.error)) || `Simplr API error ${res.status}`;\n throw new SimplrError(message, res.status, parsed);\n }\n return (parsed && typeof parsed === \"object\" && \"content\" in parsed\n ? parsed.content\n : parsed) as T;\n } catch (err) {\n if (err instanceof SimplrError) throw err;\n if (err instanceof Error && err.name === \"AbortError\") {\n throw new SimplrError(`Request to ${path} timed out after ${timeoutMs}ms`, 0, null);\n }\n throw new SimplrError(err instanceof Error ? err.message : \"Network error\", 0, null);\n } finally {\n clearTimeout(timer);\n }\n }\n\n return {\n check: (input) => apiRequest<CheckResult>(\"POST\", \"/v1/check\", input),\n ingestLogs: (deviceId, logs) =>\n apiRequest(\"POST\", \"/v1/edge/logs\", { device_id: deviceId, logs }),\n };\n}\n","/**\n * Framework-agnostic guard engine.\n *\n * `createGuard` returns an object that, given any request-like object, builds a\n * `CheckInput`, calls `/v1/check`, decides whether to block, optionally ships an\n * edge log, and fails open on error. Framework adapters (express/fastify/hono/\n * next) are thin wrappers over this engine.\n */\nimport { createClient, type SimplrClient } from \"./client.js\";\nimport type {\n BlockThreshold,\n CheckInput,\n CheckResult,\n GuardContext,\n GuardOptions,\n GuardOutcome,\n RiskLevel,\n} from \"./types.js\";\n\nconst RISK_ORDER: Record<RiskLevel, number> = {\n low: 0,\n medium: 1,\n high: 2,\n critical: 3,\n};\n\nconst DEFAULT_DEVICE_ID = \"simplr-edge-middleware\";\nconst DEFAULT_THRESHOLD: RiskLevel = \"high\";\n\n/** Numeric rank of a risk level. Unknown levels rank as the lowest (0). */\nexport function riskRank(level: RiskLevel | string | undefined): number {\n return RISK_ORDER[level as RiskLevel] ?? 0;\n}\n\n/** True when `level` is at least `min` in the low<medium<high<critical ordering. */\nexport function riskAtLeast(level: RiskLevel | string | undefined, min: RiskLevel): boolean {\n return riskRank(level) >= riskRank(min);\n}\n\n/** Read a header from either a plain bag (lowercase keys) or a Headers-like getter. */\nfunction readHeader(headers: unknown, name: string): string | undefined {\n if (!headers) return undefined;\n const h = headers as any;\n if (typeof h.get === \"function\") {\n const v = h.get(name);\n return v == null ? undefined : String(v);\n }\n // Plain object: try the lowercase key, then a case-insensitive scan.\n const lower = name.toLowerCase();\n if (lower in h && h[lower] != null) return String(h[lower]);\n for (const key of Object.keys(h)) {\n if (key.toLowerCase() === lower && h[key] != null) return String(h[key]);\n }\n return undefined;\n}\n\n/** Best-effort client IP from common header and socket locations. */\nfunction extractIp(req: any): string | undefined {\n const fwd = readHeader(req?.headers, \"x-forwarded-for\");\n if (fwd) return fwd.split(\",\")[0]!.trim();\n const real = readHeader(req?.headers, \"x-real-ip\");\n if (real) return real;\n return (\n req?.ip ||\n req?.socket?.remoteAddress ||\n req?.connection?.remoteAddress ||\n undefined\n );\n}\n\n/**\n * Default request → CheckInput extractor. Pulls the client IP and user-agent into\n * `device`, and lifts `email`/`phone` from a parsed JSON body when present.\n */\nexport function defaultExtract(req: any): CheckInput {\n const input: CheckInput = {};\n\n const device: Record<string, unknown> = {};\n const ip = extractIp(req);\n if (ip) device.ip = ip;\n const ua = readHeader(req?.headers, \"user-agent\");\n if (ua) device.user_agent = ua;\n if (Object.keys(device).length > 0) input.device = device;\n\n const body = req?.body;\n if (body && typeof body === \"object\") {\n const b = body as Record<string, unknown>;\n if (typeof b.email === \"string\") input.email = b.email;\n if (typeof b.phone === \"string\") input.phone = b.phone;\n }\n\n return input;\n}\n\nfunction normalizeBlock(\n block: GuardOptions[\"block\"],\n): (result: CheckResult) => boolean {\n if (typeof block === \"function\") return block;\n const threshold = (block as BlockThreshold | undefined)?.whenRiskAtLeast ?? DEFAULT_THRESHOLD;\n return (result) => riskAtLeast(result.risk_level, threshold);\n}\n\nexport interface Guard<Req = any> {\n /** The underlying thin Simplr client (check + edge log ingestion). */\n readonly client: SimplrClient;\n /** Run the full engine against a request; never throws when `failOpen`. */\n run(req: Req): Promise<GuardOutcome>;\n}\n\nexport function createGuard<Req = any>(options: GuardOptions<Req>): Guard<Req> {\n if (!options?.apiKey) throw new Error(\"createGuard: `apiKey` is required\");\n\n const client = createClient({\n apiKey: options.apiKey,\n baseUrl: options.baseUrl,\n timeoutMs: options.timeoutMs,\n fetch: options.fetch,\n });\n\n const extract = options.extract ?? defaultExtract;\n const shouldBlock = normalizeBlock(options.block);\n const failOpen = options.failOpen ?? true;\n const ingestLogs = options.ingestLogs ?? false;\n const deviceId = options.deviceId ?? DEFAULT_DEVICE_ID;\n\n async function run(req: Req): Promise<GuardOutcome> {\n const input = await extract(req);\n let result: CheckResult;\n try {\n result = await client.check(input);\n } catch (error) {\n if (failOpen) {\n return { result: null, blocked: false, input, error };\n }\n throw error;\n }\n\n const blocked = shouldBlock(result);\n const ctx: GuardContext<Req> = { req, input, blocked };\n\n if (options.onResult) {\n try {\n await options.onResult(result, ctx);\n } catch {\n // onResult is observational; never let it break the request.\n }\n }\n\n if (ingestLogs) {\n try {\n await client.ingestLogs(deviceId, [\n {\n category: \"security\",\n level: blocked ? \"warn\" : \"info\",\n message: blocked ? \"simplr guard blocked request\" : \"simplr guard checked request\",\n risk_level: result.risk_level,\n risk_score: result.risk_score,\n },\n ]);\n } catch {\n // Log shipping is best-effort and must never affect the request.\n }\n }\n\n return { result, blocked, input };\n }\n\n return { client, run };\n}\n\n/** Standard JSON envelope returned to the client on a blocked request. */\nexport function blockEnvelope(result: CheckResult) {\n return {\n error: \"request_blocked\",\n message: \"This request was blocked by Simplr fraud protection.\",\n risk_level: result.risk_level,\n risk_score: result.risk_score,\n };\n}\n","/**\n * Next.js adapters.\n *\n * - `simplrNextMiddleware(options)` → an Edge/Node `middleware`-style function\n * that takes a `NextRequest` and returns `NextResponse.next()` or a 403.\n * - `withSimplr(handler, options)` → wraps an app-router route handler so the\n * check runs before your handler; on block it returns a 403 `Response`.\n *\n * `next` is an optional peer dependency and is lazy-imported only when needed, so\n * importing this module never requires `next` to be installed.\n */\nimport { blockEnvelope, createGuard } from \"./core.js\";\nimport type { CheckResult, GuardOptions } from \"./types.js\";\n\n// Loose types so we never hard-depend on `next`'s type packages.\ntype NextRequestLike = {\n headers: { get(name: string): string | null };\n /** NextRequest exposes `.ip` on some runtimes. */\n ip?: string;\n json?: () => Promise<unknown>;\n [key: string]: unknown;\n};\ntype NextResponseLike = Response;\ntype RouteHandler = (req: NextRequestLike, ...rest: any[]) => Response | Promise<Response>;\n\nasync function loadNextResponse(): Promise<{\n next: () => NextResponseLike;\n json: (body: unknown, init?: ResponseInit) => NextResponseLike;\n} | null> {\n try {\n // Lazy, optional. Avoids a hard dependency on `next`. The module specifier is\n // built dynamically so the type checker does not require `next` to be present.\n const spec = \"next/server\";\n const mod: any = await import(/* @vite-ignore */ spec);\n const NextResponse = mod.NextResponse;\n if (!NextResponse) return null;\n return {\n next: () => NextResponse.next(),\n json: (body, init) => NextResponse.json(body, init),\n };\n } catch {\n return null;\n }\n}\n\n/**\n * Edge/Node middleware factory for `middleware.ts`.\n *\n * ```ts\n * // middleware.ts\n * import { simplrNextMiddleware } from \"@simplr-ai/express/next\";\n * export const middleware = simplrNextMiddleware({ apiKey: process.env.SIMPLR_API_KEY! });\n * export const config = { matcher: [\"/api/:path*\"] };\n * ```\n */\nexport function simplrNextMiddleware(options: GuardOptions<NextRequestLike>) {\n const guard = createGuard<NextRequestLike>(options);\n const failOpen = options.failOpen ?? true;\n\n return async function middleware(req: NextRequestLike): Promise<NextResponseLike> {\n const next = await loadNextResponse();\n const pass = () => (next ? next.next() : new Response(null, { status: 200 }));\n const deny = (body: unknown) =>\n next ? next.json(body, { status: 403 }) : jsonResponse(body, 403);\n\n try {\n const outcome = await guard.run(req);\n if (outcome.blocked && outcome.result) {\n return deny(blockEnvelope(outcome.result));\n }\n return pass();\n } catch (err) {\n if (failOpen) return pass();\n throw err;\n }\n };\n}\n\n/**\n * Wrap an app-router route handler. The `CheckResult` is attached to the request\n * as `req.simplr` for your handler; blocked requests return a 403 before it runs.\n *\n * ```ts\n * // app/api/signup/route.ts\n * import { withSimplr } from \"@simplr-ai/express/next\";\n * export const POST = withSimplr(async (req) => {\n * // req.simplr is the CheckResult\n * return Response.json({ ok: true });\n * }, { apiKey: process.env.SIMPLR_API_KEY! });\n * ```\n */\nexport function withSimplr(\n handler: RouteHandler,\n options: GuardOptions<NextRequestLike>,\n): RouteHandler {\n const guard = createGuard<NextRequestLike>(options);\n const failOpen = options.failOpen ?? true;\n\n return async function wrapped(req, ...rest) {\n try {\n const outcome = await guard.run(req);\n (req as any).simplr = outcome.result;\n if (outcome.blocked && outcome.result) {\n return jsonResponse(blockEnvelope(outcome.result), 403);\n }\n } catch (err) {\n if (!failOpen) throw err;\n (req as any).simplr = null;\n }\n return handler(req, ...rest);\n };\n}\n\nfunction jsonResponse(body: unknown, status: number): Response {\n return new Response(JSON.stringify(body), {\n status,\n headers: { \"content-type\": \"application/json\" },\n });\n}\n\nexport type { CheckResult };\n"],"mappings":";AAcA,IAAM,mBAAmB;AAGlB,IAAM,cAAN,cAA0B,MAAM;AAAA,EAC5B;AAAA,EACA;AAAA,EACT,YAAY,SAAiB,QAAgB,MAAe;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAAA,EACd;AACF;AAcO,SAAS,aAAa,QAAoC;AAC/D,MAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,8BAA8B;AACnE,QAAM,WAAW,OAAO,WAAW,kBAAkB,QAAQ,QAAQ,EAAE;AACvE,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,YAAY,OAAO,SAAS,WAAW;AAC7C,MAAI,OAAO,cAAc,YAAY;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,WAAc,QAAgB,MAAc,MAA4B;AACrF,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAC5D,QAAI;AACF,YAAM,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,IAAI,IAAI;AAAA,QAC/C;AAAA,QACA,SAAS,EAAE,gBAAgB,oBAAoB,aAAa,OAAO,OAAO;AAAA,QAC1E,MAAM,SAAS,SAAY,KAAK,UAAU,IAAI,IAAI;AAAA,QAClD,QAAQ,WAAW;AAAA,MACrB,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI;AACJ,UAAI;AACF,iBAAS,OAAO,KAAK,MAAM,IAAI,IAAI;AAAA,MACrC,QAAQ;AACN,iBAAS;AAAA,MACX;AACA,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,UACH,WAAW,OAAO,WAAW,OAAO,UAAW,oBAAoB,IAAI,MAAM;AAChF,cAAM,IAAI,YAAY,SAAS,IAAI,QAAQ,MAAM;AAAA,MACnD;AACA,aAAQ,UAAU,OAAO,WAAW,YAAY,aAAa,SACzD,OAAO,UACP;AAAA,IACN,SAAS,KAAK;AACZ,UAAI,eAAe,YAAa,OAAM;AACtC,UAAI,eAAe,SAAS,IAAI,SAAS,cAAc;AACrD,cAAM,IAAI,YAAY,cAAc,IAAI,oBAAoB,SAAS,MAAM,GAAG,IAAI;AAAA,MACpF;AACA,YAAM,IAAI,YAAY,eAAe,QAAQ,IAAI,UAAU,iBAAiB,GAAG,IAAI;AAAA,IACrF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,UAAU,WAAwB,QAAQ,aAAa,KAAK;AAAA,IACpE,YAAY,CAAC,UAAU,SACrB,WAAW,QAAQ,iBAAiB,EAAE,WAAW,UAAU,KAAK,CAAC;AAAA,EACrE;AACF;;;ACzEA,IAAM,aAAwC;AAAA,EAC5C,KAAK;AAAA,EACL,QAAQ;AAAA,EACR,MAAM;AAAA,EACN,UAAU;AACZ;AAEA,IAAM,oBAAoB;AAC1B,IAAM,oBAA+B;AAG9B,SAAS,SAAS,OAA+C;AACtE,SAAO,WAAW,KAAkB,KAAK;AAC3C;AAGO,SAAS,YAAY,OAAuC,KAAyB;AAC1F,SAAO,SAAS,KAAK,KAAK,SAAS,GAAG;AACxC;AAGA,SAAS,WAAW,SAAkB,MAAkC;AACtE,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,QAAQ,YAAY;AAC/B,UAAM,IAAI,EAAE,IAAI,IAAI;AACpB,WAAO,KAAK,OAAO,SAAY,OAAO,CAAC;AAAA,EACzC;AAEA,QAAM,QAAQ,KAAK,YAAY;AAC/B,MAAI,SAAS,KAAK,EAAE,KAAK,KAAK,KAAM,QAAO,OAAO,EAAE,KAAK,CAAC;AAC1D,aAAW,OAAO,OAAO,KAAK,CAAC,GAAG;AAChC,QAAI,IAAI,YAAY,MAAM,SAAS,EAAE,GAAG,KAAK,KAAM,QAAO,OAAO,EAAE,GAAG,CAAC;AAAA,EACzE;AACA,SAAO;AACT;AAGA,SAAS,UAAU,KAA8B;AAC/C,QAAM,MAAM,WAAW,KAAK,SAAS,iBAAiB;AACtD,MAAI,IAAK,QAAO,IAAI,MAAM,GAAG,EAAE,CAAC,EAAG,KAAK;AACxC,QAAM,OAAO,WAAW,KAAK,SAAS,WAAW;AACjD,MAAI,KAAM,QAAO;AACjB,SACE,KAAK,MACL,KAAK,QAAQ,iBACb,KAAK,YAAY,iBACjB;AAEJ;AAMO,SAAS,eAAe,KAAsB;AACnD,QAAM,QAAoB,CAAC;AAE3B,QAAM,SAAkC,CAAC;AACzC,QAAM,KAAK,UAAU,GAAG;AACxB,MAAI,GAAI,QAAO,KAAK;AACpB,QAAM,KAAK,WAAW,KAAK,SAAS,YAAY;AAChD,MAAI,GAAI,QAAO,aAAa;AAC5B,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,OAAM,SAAS;AAEnD,QAAM,OAAO,KAAK;AAClB,MAAI,QAAQ,OAAO,SAAS,UAAU;AACpC,UAAM,IAAI;AACV,QAAI,OAAO,EAAE,UAAU,SAAU,OAAM,QAAQ,EAAE;AACjD,QAAI,OAAO,EAAE,UAAU,SAAU,OAAM,QAAQ,EAAE;AAAA,EACnD;AAEA,SAAO;AACT;AAEA,SAAS,eACP,OACkC;AAClC,MAAI,OAAO,UAAU,WAAY,QAAO;AACxC,QAAM,YAAa,OAAsC,mBAAmB;AAC5E,SAAO,CAAC,WAAW,YAAY,OAAO,YAAY,SAAS;AAC7D;AASO,SAAS,YAAuB,SAAwC;AAC7E,MAAI,CAAC,SAAS,OAAQ,OAAM,IAAI,MAAM,mCAAmC;AAEzE,QAAM,SAAS,aAAa;AAAA,IAC1B,QAAQ,QAAQ;AAAA,IAChB,SAAS,QAAQ;AAAA,IACjB,WAAW,QAAQ;AAAA,IACnB,OAAO,QAAQ;AAAA,EACjB,CAAC;AAED,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,cAAc,eAAe,QAAQ,KAAK;AAChD,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,WAAW,QAAQ,YAAY;AAErC,iBAAe,IAAI,KAAiC;AAClD,UAAM,QAAQ,MAAM,QAAQ,GAAG;AAC/B,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,OAAO,MAAM,KAAK;AAAA,IACnC,SAAS,OAAO;AACd,UAAI,UAAU;AACZ,eAAO,EAAE,QAAQ,MAAM,SAAS,OAAO,OAAO,MAAM;AAAA,MACtD;AACA,YAAM;AAAA,IACR;AAEA,UAAM,UAAU,YAAY,MAAM;AAClC,UAAM,MAAyB,EAAE,KAAK,OAAO,QAAQ;AAErD,QAAI,QAAQ,UAAU;AACpB,UAAI;AACF,cAAM,QAAQ,SAAS,QAAQ,GAAG;AAAA,MACpC,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,QAAI,YAAY;AACd,UAAI;AACF,cAAM,OAAO,WAAW,UAAU;AAAA,UAChC;AAAA,YACE,UAAU;AAAA,YACV,OAAO,UAAU,SAAS;AAAA,YAC1B,SAAS,UAAU,iCAAiC;AAAA,YACpD,YAAY,OAAO;AAAA,YACnB,YAAY,OAAO;AAAA,UACrB;AAAA,QACF,CAAC;AAAA,MACH,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,WAAO,EAAE,QAAQ,SAAS,MAAM;AAAA,EAClC;AAEA,SAAO,EAAE,QAAQ,IAAI;AACvB;AAGO,SAAS,cAAc,QAAqB;AACjD,SAAO;AAAA,IACL,OAAO;AAAA,IACP,SAAS;AAAA,IACT,YAAY,OAAO;AAAA,IACnB,YAAY,OAAO;AAAA,EACrB;AACF;;;ACzJA,eAAe,mBAGL;AACR,MAAI;AAGF,UAAM,OAAO;AACb,UAAM,MAAW,MAAM;AAAA;AAAA,MAA0B;AAAA;AACjD,UAAM,eAAe,IAAI;AACzB,QAAI,CAAC,aAAc,QAAO;AAC1B,WAAO;AAAA,MACL,MAAM,MAAM,aAAa,KAAK;AAAA,MAC9B,MAAM,CAAC,MAAM,SAAS,aAAa,KAAK,MAAM,IAAI;AAAA,IACpD;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAYO,SAAS,qBAAqB,SAAwC;AAC3E,QAAM,QAAQ,YAA6B,OAAO;AAClD,QAAM,WAAW,QAAQ,YAAY;AAErC,SAAO,eAAe,WAAW,KAAiD;AAChF,UAAM,OAAO,MAAM,iBAAiB;AACpC,UAAM,OAAO,MAAO,OAAO,KAAK,KAAK,IAAI,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAC3E,UAAM,OAAO,CAAC,SACZ,OAAO,KAAK,KAAK,MAAM,EAAE,QAAQ,IAAI,CAAC,IAAI,aAAa,MAAM,GAAG;AAElE,QAAI;AACF,YAAM,UAAU,MAAM,MAAM,IAAI,GAAG;AACnC,UAAI,QAAQ,WAAW,QAAQ,QAAQ;AACrC,eAAO,KAAK,cAAc,QAAQ,MAAM,CAAC;AAAA,MAC3C;AACA,aAAO,KAAK;AAAA,IACd,SAAS,KAAK;AACZ,UAAI,SAAU,QAAO,KAAK;AAC1B,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAeO,SAAS,WACd,SACA,SACc;AACd,QAAM,QAAQ,YAA6B,OAAO;AAClD,QAAM,WAAW,QAAQ,YAAY;AAErC,SAAO,eAAe,QAAQ,QAAQ,MAAM;AAC1C,QAAI;AACF,YAAM,UAAU,MAAM,MAAM,IAAI,GAAG;AACnC,MAAC,IAAY,SAAS,QAAQ;AAC9B,UAAI,QAAQ,WAAW,QAAQ,QAAQ;AACrC,eAAO,aAAa,cAAc,QAAQ,MAAM,GAAG,GAAG;AAAA,MACxD;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,CAAC,SAAU,OAAM;AACrB,MAAC,IAAY,SAAS;AAAA,IACxB;AACA,WAAO,QAAQ,KAAK,GAAG,IAAI;AAAA,EAC7B;AACF;AAEA,SAAS,aAAa,MAAe,QAA0B;AAC7D,SAAO,IAAI,SAAS,KAAK,UAAU,IAAI,GAAG;AAAA,IACxC;AAAA,IACA,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,EAChD,CAAC;AACH;","names":[]}
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Types for `@simplr-ai/express`.
|
|
3
|
+
*
|
|
4
|
+
* The core fraud/identity types (`CheckInput`, `CheckResult`, `RiskLevel`,
|
|
5
|
+
* `EdgeLogEntry`) mirror the contract implemented by `@simplr-ai/node`. They are
|
|
6
|
+
* re-declared here so this package builds without the workspace dependency being
|
|
7
|
+
* pre-built; in production you pair this with `@simplr-ai/node`, whose types are
|
|
8
|
+
* structurally identical.
|
|
9
|
+
*/
|
|
10
|
+
type RiskLevel = "low" | "medium" | "high" | "critical";
|
|
11
|
+
interface CheckInput {
|
|
12
|
+
email?: string;
|
|
13
|
+
phone?: string;
|
|
14
|
+
device?: Record<string, unknown>;
|
|
15
|
+
behavior?: Record<string, unknown>;
|
|
16
|
+
event_type?: string;
|
|
17
|
+
event_id?: string;
|
|
18
|
+
metadata?: Record<string, unknown>;
|
|
19
|
+
}
|
|
20
|
+
interface CheckResult {
|
|
21
|
+
type?: string;
|
|
22
|
+
risk_score: number;
|
|
23
|
+
risk_level: RiskLevel;
|
|
24
|
+
signals?: Record<string, unknown>;
|
|
25
|
+
email?: string;
|
|
26
|
+
phone_number?: string;
|
|
27
|
+
fingerprint_hash?: string;
|
|
28
|
+
checked_at?: string;
|
|
29
|
+
is_sandbox?: boolean;
|
|
30
|
+
[key: string]: unknown;
|
|
31
|
+
}
|
|
32
|
+
interface EdgeLogEntry {
|
|
33
|
+
category: "transaction" | "health" | "security" | "audit" | "network" | string;
|
|
34
|
+
level?: "debug" | "info" | "warn" | "error" | string;
|
|
35
|
+
message: string;
|
|
36
|
+
[key: string]: unknown;
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Minimal shape of an incoming request that the default `extract` understands.
|
|
40
|
+
* Express, Fastify, Hono and Next requests all conform structurally enough for
|
|
41
|
+
* the default extractor; custom `extract` functions receive the raw request.
|
|
42
|
+
*/
|
|
43
|
+
interface RequestLike {
|
|
44
|
+
/** Normalized header bag (lowercase keys), if the adapter provides one. */
|
|
45
|
+
headers?: Record<string, unknown> | {
|
|
46
|
+
get(name: string): string | null;
|
|
47
|
+
};
|
|
48
|
+
/** Parsed body, if a body parser ran before the middleware. */
|
|
49
|
+
body?: unknown;
|
|
50
|
+
/** Socket / connection info, used as an IP fallback. */
|
|
51
|
+
ip?: string;
|
|
52
|
+
socket?: {
|
|
53
|
+
remoteAddress?: string;
|
|
54
|
+
};
|
|
55
|
+
connection?: {
|
|
56
|
+
remoteAddress?: string;
|
|
57
|
+
};
|
|
58
|
+
[key: string]: unknown;
|
|
59
|
+
}
|
|
60
|
+
/** Context passed to `onResult` / `block` callbacks alongside the result. */
|
|
61
|
+
interface GuardContext<Req = unknown> {
|
|
62
|
+
req: Req;
|
|
63
|
+
input: CheckInput;
|
|
64
|
+
/** Whether the request was (or would be) blocked. */
|
|
65
|
+
blocked: boolean;
|
|
66
|
+
}
|
|
67
|
+
interface BlockThreshold {
|
|
68
|
+
/** Block when the result's risk level is at least this level. */
|
|
69
|
+
whenRiskAtLeast?: RiskLevel;
|
|
70
|
+
}
|
|
71
|
+
interface GuardOptions<Req = any> {
|
|
72
|
+
/** Secret API key (sk_live_… / sk_test_…). Server-side only. */
|
|
73
|
+
apiKey: string;
|
|
74
|
+
/** API base URL. Defaults to https://api.simplr.sh. */
|
|
75
|
+
baseUrl?: string;
|
|
76
|
+
/** Per-request timeout in ms (default 15000). */
|
|
77
|
+
timeoutMs?: number;
|
|
78
|
+
/** Override the fetch implementation (defaults to global fetch). */
|
|
79
|
+
fetch?: typeof fetch;
|
|
80
|
+
/**
|
|
81
|
+
* Build the `CheckInput` for a request. Defaults to pulling the client IP,
|
|
82
|
+
* user-agent, and `email`/`phone` from a parsed JSON body when present.
|
|
83
|
+
*/
|
|
84
|
+
extract?: (req: Req) => CheckInput | Promise<CheckInput>;
|
|
85
|
+
/** Called with every `CheckResult` (and context) after the check runs. */
|
|
86
|
+
onResult?: (result: CheckResult, ctx: GuardContext<Req>) => void | Promise<void>;
|
|
87
|
+
/**
|
|
88
|
+
* Decide whether to block a request. Either a predicate over the result, or a
|
|
89
|
+
* threshold object. Defaults to blocking at risk level "high" or above.
|
|
90
|
+
*/
|
|
91
|
+
block?: ((result: CheckResult) => boolean) | BlockThreshold;
|
|
92
|
+
/** Ship an edge log for every request handled (default false). */
|
|
93
|
+
ingestLogs?: boolean;
|
|
94
|
+
/** Device id to attribute ingested edge logs to (default "simplr-edge-middleware"). */
|
|
95
|
+
deviceId?: string;
|
|
96
|
+
/**
|
|
97
|
+
* If the Simplr check throws (network/timeout/5xx), let the request through
|
|
98
|
+
* (`true`, the default) instead of failing it. A Simplr outage should not take
|
|
99
|
+
* down the protected app.
|
|
100
|
+
*/
|
|
101
|
+
failOpen?: boolean;
|
|
102
|
+
}
|
|
103
|
+
/** Outcome of running the guard engine against a single request. */
|
|
104
|
+
interface GuardOutcome {
|
|
105
|
+
/** The check result, or `null` when the check failed and we failed open. */
|
|
106
|
+
result: CheckResult | null;
|
|
107
|
+
/** Whether the engine decided this request should be blocked. */
|
|
108
|
+
blocked: boolean;
|
|
109
|
+
/** The input that was sent to /v1/check. */
|
|
110
|
+
input: CheckInput;
|
|
111
|
+
/** The error, when the check threw and we failed open. */
|
|
112
|
+
error?: unknown;
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
export type { BlockThreshold as B, CheckResult as C, EdgeLogEntry as E, GuardOptions as G, RiskLevel as R, CheckInput as a, GuardOutcome as b, GuardContext as c, RequestLike as d };
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Types for `@simplr-ai/express`.
|
|
3
|
+
*
|
|
4
|
+
* The core fraud/identity types (`CheckInput`, `CheckResult`, `RiskLevel`,
|
|
5
|
+
* `EdgeLogEntry`) mirror the contract implemented by `@simplr-ai/node`. They are
|
|
6
|
+
* re-declared here so this package builds without the workspace dependency being
|
|
7
|
+
* pre-built; in production you pair this with `@simplr-ai/node`, whose types are
|
|
8
|
+
* structurally identical.
|
|
9
|
+
*/
|
|
10
|
+
type RiskLevel = "low" | "medium" | "high" | "critical";
|
|
11
|
+
interface CheckInput {
|
|
12
|
+
email?: string;
|
|
13
|
+
phone?: string;
|
|
14
|
+
device?: Record<string, unknown>;
|
|
15
|
+
behavior?: Record<string, unknown>;
|
|
16
|
+
event_type?: string;
|
|
17
|
+
event_id?: string;
|
|
18
|
+
metadata?: Record<string, unknown>;
|
|
19
|
+
}
|
|
20
|
+
interface CheckResult {
|
|
21
|
+
type?: string;
|
|
22
|
+
risk_score: number;
|
|
23
|
+
risk_level: RiskLevel;
|
|
24
|
+
signals?: Record<string, unknown>;
|
|
25
|
+
email?: string;
|
|
26
|
+
phone_number?: string;
|
|
27
|
+
fingerprint_hash?: string;
|
|
28
|
+
checked_at?: string;
|
|
29
|
+
is_sandbox?: boolean;
|
|
30
|
+
[key: string]: unknown;
|
|
31
|
+
}
|
|
32
|
+
interface EdgeLogEntry {
|
|
33
|
+
category: "transaction" | "health" | "security" | "audit" | "network" | string;
|
|
34
|
+
level?: "debug" | "info" | "warn" | "error" | string;
|
|
35
|
+
message: string;
|
|
36
|
+
[key: string]: unknown;
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Minimal shape of an incoming request that the default `extract` understands.
|
|
40
|
+
* Express, Fastify, Hono and Next requests all conform structurally enough for
|
|
41
|
+
* the default extractor; custom `extract` functions receive the raw request.
|
|
42
|
+
*/
|
|
43
|
+
interface RequestLike {
|
|
44
|
+
/** Normalized header bag (lowercase keys), if the adapter provides one. */
|
|
45
|
+
headers?: Record<string, unknown> | {
|
|
46
|
+
get(name: string): string | null;
|
|
47
|
+
};
|
|
48
|
+
/** Parsed body, if a body parser ran before the middleware. */
|
|
49
|
+
body?: unknown;
|
|
50
|
+
/** Socket / connection info, used as an IP fallback. */
|
|
51
|
+
ip?: string;
|
|
52
|
+
socket?: {
|
|
53
|
+
remoteAddress?: string;
|
|
54
|
+
};
|
|
55
|
+
connection?: {
|
|
56
|
+
remoteAddress?: string;
|
|
57
|
+
};
|
|
58
|
+
[key: string]: unknown;
|
|
59
|
+
}
|
|
60
|
+
/** Context passed to `onResult` / `block` callbacks alongside the result. */
|
|
61
|
+
interface GuardContext<Req = unknown> {
|
|
62
|
+
req: Req;
|
|
63
|
+
input: CheckInput;
|
|
64
|
+
/** Whether the request was (or would be) blocked. */
|
|
65
|
+
blocked: boolean;
|
|
66
|
+
}
|
|
67
|
+
interface BlockThreshold {
|
|
68
|
+
/** Block when the result's risk level is at least this level. */
|
|
69
|
+
whenRiskAtLeast?: RiskLevel;
|
|
70
|
+
}
|
|
71
|
+
interface GuardOptions<Req = any> {
|
|
72
|
+
/** Secret API key (sk_live_… / sk_test_…). Server-side only. */
|
|
73
|
+
apiKey: string;
|
|
74
|
+
/** API base URL. Defaults to https://api.simplr.sh. */
|
|
75
|
+
baseUrl?: string;
|
|
76
|
+
/** Per-request timeout in ms (default 15000). */
|
|
77
|
+
timeoutMs?: number;
|
|
78
|
+
/** Override the fetch implementation (defaults to global fetch). */
|
|
79
|
+
fetch?: typeof fetch;
|
|
80
|
+
/**
|
|
81
|
+
* Build the `CheckInput` for a request. Defaults to pulling the client IP,
|
|
82
|
+
* user-agent, and `email`/`phone` from a parsed JSON body when present.
|
|
83
|
+
*/
|
|
84
|
+
extract?: (req: Req) => CheckInput | Promise<CheckInput>;
|
|
85
|
+
/** Called with every `CheckResult` (and context) after the check runs. */
|
|
86
|
+
onResult?: (result: CheckResult, ctx: GuardContext<Req>) => void | Promise<void>;
|
|
87
|
+
/**
|
|
88
|
+
* Decide whether to block a request. Either a predicate over the result, or a
|
|
89
|
+
* threshold object. Defaults to blocking at risk level "high" or above.
|
|
90
|
+
*/
|
|
91
|
+
block?: ((result: CheckResult) => boolean) | BlockThreshold;
|
|
92
|
+
/** Ship an edge log for every request handled (default false). */
|
|
93
|
+
ingestLogs?: boolean;
|
|
94
|
+
/** Device id to attribute ingested edge logs to (default "simplr-edge-middleware"). */
|
|
95
|
+
deviceId?: string;
|
|
96
|
+
/**
|
|
97
|
+
* If the Simplr check throws (network/timeout/5xx), let the request through
|
|
98
|
+
* (`true`, the default) instead of failing it. A Simplr outage should not take
|
|
99
|
+
* down the protected app.
|
|
100
|
+
*/
|
|
101
|
+
failOpen?: boolean;
|
|
102
|
+
}
|
|
103
|
+
/** Outcome of running the guard engine against a single request. */
|
|
104
|
+
interface GuardOutcome {
|
|
105
|
+
/** The check result, or `null` when the check failed and we failed open. */
|
|
106
|
+
result: CheckResult | null;
|
|
107
|
+
/** Whether the engine decided this request should be blocked. */
|
|
108
|
+
blocked: boolean;
|
|
109
|
+
/** The input that was sent to /v1/check. */
|
|
110
|
+
input: CheckInput;
|
|
111
|
+
/** The error, when the check threw and we failed open. */
|
|
112
|
+
error?: unknown;
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
export type { BlockThreshold as B, CheckResult as C, EdgeLogEntry as E, GuardOptions as G, RiskLevel as R, CheckInput as a, GuardOutcome as b, GuardContext as c, RequestLike as d };
|
package/package.json
ADDED
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@simplr-ai/express",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "Drop-in server middleware for Express, Fastify, Hono, and Next.js that auto-runs Simplr fraud/identity checks and ingests edge logs per request. Built on @simplr-ai/node.",
|
|
5
|
+
"license": "MIT",
|
|
6
|
+
"type": "module",
|
|
7
|
+
"main": "./dist/index.cjs",
|
|
8
|
+
"module": "./dist/index.js",
|
|
9
|
+
"types": "./dist/index.d.ts",
|
|
10
|
+
"exports": {
|
|
11
|
+
".": {
|
|
12
|
+
"import": {
|
|
13
|
+
"types": "./dist/index.d.ts",
|
|
14
|
+
"default": "./dist/index.js"
|
|
15
|
+
},
|
|
16
|
+
"require": {
|
|
17
|
+
"types": "./dist/index.d.cts",
|
|
18
|
+
"default": "./dist/index.cjs"
|
|
19
|
+
}
|
|
20
|
+
},
|
|
21
|
+
"./fastify": {
|
|
22
|
+
"import": {
|
|
23
|
+
"types": "./dist/fastify.d.ts",
|
|
24
|
+
"default": "./dist/fastify.js"
|
|
25
|
+
},
|
|
26
|
+
"require": {
|
|
27
|
+
"types": "./dist/fastify.d.cts",
|
|
28
|
+
"default": "./dist/fastify.cjs"
|
|
29
|
+
}
|
|
30
|
+
},
|
|
31
|
+
"./hono": {
|
|
32
|
+
"import": {
|
|
33
|
+
"types": "./dist/hono.d.ts",
|
|
34
|
+
"default": "./dist/hono.js"
|
|
35
|
+
},
|
|
36
|
+
"require": {
|
|
37
|
+
"types": "./dist/hono.d.cts",
|
|
38
|
+
"default": "./dist/hono.cjs"
|
|
39
|
+
}
|
|
40
|
+
},
|
|
41
|
+
"./next": {
|
|
42
|
+
"import": {
|
|
43
|
+
"types": "./dist/next.d.ts",
|
|
44
|
+
"default": "./dist/next.js"
|
|
45
|
+
},
|
|
46
|
+
"require": {
|
|
47
|
+
"types": "./dist/next.d.cts",
|
|
48
|
+
"default": "./dist/next.cjs"
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
},
|
|
52
|
+
"files": [
|
|
53
|
+
"dist",
|
|
54
|
+
"README.md",
|
|
55
|
+
"LICENSE"
|
|
56
|
+
],
|
|
57
|
+
"engines": {
|
|
58
|
+
"node": ">=18"
|
|
59
|
+
},
|
|
60
|
+
"scripts": {
|
|
61
|
+
"build": "tsup",
|
|
62
|
+
"dev": "tsup --watch",
|
|
63
|
+
"typecheck": "tsc --noEmit",
|
|
64
|
+
"test": "vitest run"
|
|
65
|
+
},
|
|
66
|
+
"dependencies": {
|
|
67
|
+
"@simplr-ai/node": "1.1.0"
|
|
68
|
+
},
|
|
69
|
+
"peerDependencies": {
|
|
70
|
+
"express": ">=4",
|
|
71
|
+
"fastify": ">=4",
|
|
72
|
+
"hono": ">=3",
|
|
73
|
+
"next": ">=13"
|
|
74
|
+
},
|
|
75
|
+
"peerDependenciesMeta": {
|
|
76
|
+
"express": {
|
|
77
|
+
"optional": true
|
|
78
|
+
},
|
|
79
|
+
"fastify": {
|
|
80
|
+
"optional": true
|
|
81
|
+
},
|
|
82
|
+
"hono": {
|
|
83
|
+
"optional": true
|
|
84
|
+
},
|
|
85
|
+
"next": {
|
|
86
|
+
"optional": true
|
|
87
|
+
}
|
|
88
|
+
},
|
|
89
|
+
"devDependencies": {
|
|
90
|
+
"@types/express": "^4.17.21",
|
|
91
|
+
"@types/node": "^20.0.0",
|
|
92
|
+
"tsup": "^8.0.0",
|
|
93
|
+
"typescript": "^5.3.0",
|
|
94
|
+
"vitest": "^1.6.0"
|
|
95
|
+
},
|
|
96
|
+
"keywords": [
|
|
97
|
+
"simplr",
|
|
98
|
+
"simplr",
|
|
99
|
+
"fraud",
|
|
100
|
+
"identity",
|
|
101
|
+
"middleware",
|
|
102
|
+
"express",
|
|
103
|
+
"fastify",
|
|
104
|
+
"hono",
|
|
105
|
+
"next",
|
|
106
|
+
"server"
|
|
107
|
+
]
|
|
108
|
+
}
|