perimeterx-js-core 0.1.0

package/lib/risk_token/token/BotDefenderTokenBase.js

@@ -0,0 +1,94 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BotDefenderTokenBase = void 0;
+var TokenVerificationResult_1 = require("../TokenVerificationResult");
+var BotDefenderTokenBase = /** @class */ (function () {
+    function BotDefenderTokenBase(config, cookieString) {
+        this.cookieString = cookieString;
+        this.cookieSecret = config.cookieSecret;
+        this.cookieMaxLength = config.riskCookieMaxLength;
+        this.isValidated = false;
+    }
+    BotDefenderTokenBase.prototype.verify = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var _a, _b;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
+                    case 0:
+                        if (!this.cookieString || this.cookieString.length > this.cookieMaxLength) {
+                            return [2 /*return*/, TokenVerificationResult_1.TokenVerificationResult.CANNOT_VERIFY];
+                        }
+                        if (this.isValid()) {
+                            return [2 /*return*/, TokenVerificationResult_1.TokenVerificationResult.SUCCESSFUL];
+                        }
+                        _a = this;
+                        _b = this.payload;
+                        if (_b) return [3 /*break*/, 2];
+                        return [4 /*yield*/, this.decrypt(context)];
+                    case 1:
+                        _b = (_c.sent());
+                        _c.label = 2;
+                    case 2:
+                        _a.payload = _b;
+                        if (!this.payload) {
+                            return [2 /*return*/, TokenVerificationResult_1.TokenVerificationResult.DECRYPTION_FAILED];
+                        }
+                        return [4 /*yield*/, this.validate(context)];
+                    case 3:
+                        if (!(_c.sent())) {
+                            return [2 /*return*/, TokenVerificationResult_1.TokenVerificationResult.VALIDATION_FAILED];
+                        }
+                        this.isValidated = true;
+                        return [2 /*return*/, TokenVerificationResult_1.TokenVerificationResult.SUCCESSFUL];
+                }
+            });
+        });
+    };
+    BotDefenderTokenBase.prototype.isValid = function () {
+        return this.isValidated;
+    };
+    BotDefenderTokenBase.prototype.getCookieString = function () {
+        return this.cookieString;
+    };
+    BotDefenderTokenBase.prototype.getPayloadString = function () {
+        return this.payload ? JSON.stringify(this.payload) : '';
+    };
+    return BotDefenderTokenBase;
+}());
+exports.BotDefenderTokenBase = BotDefenderTokenBase;

package/lib/risk_token/token/IBotDefenderToken.d.ts

@@ -0,0 +1,54 @@
+import { BlockAction } from '../../block_handler';
+import { IContext } from '../../context';
+import { TokenVerificationResult } from '../TokenVerificationResult';
+export interface IBotDefenderToken {
+    /**
+     * The HMAC string on the cookie.
+     */
+    readonly hmac: string;
+    /**
+     * The client UUID on the cookie.
+     */
+    readonly uuid: string;
+    /**
+     * The VID on the cookie.
+     */
+    readonly vid: string;
+    /**
+     * The block action on the cookie.
+     */
+    readonly action: BlockAction;
+    /**
+     * The expiration timestamp of the cookie.
+     */
+    readonly timestamp: number;
+    /**
+     * The risk score on the cookie.
+     */
+    readonly score: number;
+    /**
+     * @param context - The request context.
+     * @returns Promise<boolean> - Whether or not the cookie was successfully decrypted and validated.
+     */
+    verify(context: IContext): Promise<TokenVerificationResult>;
+    /**
+     * @returns boolean - Whether the cookie's timestamp is expired.
+     */
+    isExpired(): boolean;
+    /**
+     * @returns boolean - Whether the cookie has been identified as high risk.
+     */
+    isHighScore(): boolean;
+    /**
+     * @returns boolean - Whether the cookie has been validated or not.
+     */
+    isValid(): boolean;
+    /**
+     * @returns string - The encrypted cookie string as received on the request.
+     */
+    getCookieString(): string;
+    /**
+     * @returns string - The decrypted cookie payload as a JSON string.
+     */
+    getPayloadString(): string;
+}

package/lib/risk_token/token/IBotDefenderToken.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/risk_token/token/index.d.ts

@@ -0,0 +1,7 @@
+export { IBotDefenderToken } from './IBotDefenderToken';
+export { BotDefenderTokenBase } from './BotDefenderTokenBase';
+export { BotDefenderTokenV2Payload } from './v2/BotDefenderTokenV2Payload';
+export { DefaultBotDefenderTokenV2 } from './v2/DefaultBotDefenderTokenV2';
+export { BotDefenderTokenV3Payload } from './v3/BotDefenderTokenV3Payload';
+export { DefaultBotDefenderTokenV3 } from './v3/DefaultBotDefenderTokenV3';
+export { TokenSignField } from './v3/TokenSignField';

package/lib/risk_token/token/index.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenSignField = exports.DefaultBotDefenderTokenV3 = exports.DefaultBotDefenderTokenV2 = exports.BotDefenderTokenBase = void 0;
+var BotDefenderTokenBase_1 = require("./BotDefenderTokenBase");
+Object.defineProperty(exports, "BotDefenderTokenBase", { enumerable: true, get: function () { return BotDefenderTokenBase_1.BotDefenderTokenBase; } });
+var DefaultBotDefenderTokenV2_1 = require("./v2/DefaultBotDefenderTokenV2");
+Object.defineProperty(exports, "DefaultBotDefenderTokenV2", { enumerable: true, get: function () { return DefaultBotDefenderTokenV2_1.DefaultBotDefenderTokenV2; } });
+var DefaultBotDefenderTokenV3_1 = require("./v3/DefaultBotDefenderTokenV3");
+Object.defineProperty(exports, "DefaultBotDefenderTokenV3", { enumerable: true, get: function () { return DefaultBotDefenderTokenV3_1.DefaultBotDefenderTokenV3; } });
+var TokenSignField_1 = require("./v3/TokenSignField");
+Object.defineProperty(exports, "TokenSignField", { enumerable: true, get: function () { return TokenSignField_1.TokenSignField; } });

package/lib/risk_token/token/v2/BotDefenderTokenV2Payload.d.ts

@@ -0,0 +1,6 @@
+export declare type BotDefenderTokenV2Payload = {
+    h: string;
+    u: string;
+    t: number;
+    v: string;
+};

package/lib/risk_token/token/v2/BotDefenderTokenV2Payload.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/risk_token/token/v2/DefaultBotDefenderTokenV2.d.ts

@@ -0,0 +1,28 @@
+import { IConfiguration } from '../../../config';
+import { IContext } from '../../../context';
+import { ILogger } from '../../../logger';
+import { BlockAction } from '../../../block_handler';
+import { IBase64Utils, IHashUtils } from '../../../utils';
+import { BotDefenderTokenV2Payload } from './BotDefenderTokenV2Payload';
+import { BotDefenderTokenBase } from '../BotDefenderTokenBase';
+export declare class DefaultBotDefenderTokenV2 extends BotDefenderTokenBase<BotDefenderTokenV2Payload> {
+    protected readonly logger: ILogger;
+    protected readonly base64Utils: IBase64Utils;
+    protected readonly hashUtils: IHashUtils;
+    protected isHighRisk: boolean;
+    constructor(config: IConfiguration, cookieString: string, base64Utils: IBase64Utils, hashUtils: IHashUtils);
+    protected decrypt(context: IContext): Promise<BotDefenderTokenV2Payload>;
+    protected validate(context: IContext): Promise<boolean>;
+    private decode;
+    private getSigningFields;
+    private getHashParam;
+    private calculateHmac;
+    isExpired(): boolean;
+    isHighScore(): boolean;
+    get hmac(): string;
+    get timestamp(): number;
+    get uuid(): string;
+    get vid(): string;
+    get score(): number;
+    get action(): BlockAction;
+}

package/lib/risk_token/token/v2/DefaultBotDefenderTokenV2.js

@@ -0,0 +1,199 @@
+"use strict";
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultBotDefenderTokenV2 = void 0;
+var block_handler_1 = require("../../../block_handler");
+var utils_1 = require("../../../utils");
+var BotDefenderTokenBase_1 = require("../BotDefenderTokenBase");
+var DefaultBotDefenderTokenV2 = /** @class */ (function (_super) {
+    __extends(DefaultBotDefenderTokenV2, _super);
+    function DefaultBotDefenderTokenV2(config, cookieString, base64Utils, hashUtils) {
+        var _this = _super.call(this, config, cookieString) || this;
+        _this.logger = config.logger;
+        _this.base64Utils = base64Utils;
+        _this.hashUtils = hashUtils;
+        _this.isHighRisk = undefined;
+        return _this;
+    }
+    DefaultBotDefenderTokenV2.prototype.decrypt = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var payload;
+            return __generator(this, function (_a) {
+                try {
+                    payload = this.decode(this.cookieString);
+                    if ((payload === null || payload === void 0 ? void 0 : payload.t) == null || (payload === null || payload === void 0 ? void 0 : payload.h) == null || (payload === null || payload === void 0 ? void 0 : payload.u) == null || (payload === null || payload === void 0 ? void 0 : payload.v) == null) {
+                        return [2 /*return*/, null];
+                    }
+                    return [2 /*return*/, payload];
+                }
+                catch (e) {
+                    this.logger.debug("cookie v2 decryption failed: ".concat(e));
+                }
+                return [2 /*return*/, null];
+            });
+        });
+    };
+    DefaultBotDefenderTokenV2.prototype.validate = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var signingFields, passHmac, blockHmac;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (typeof this.payload.t !== 'number' ||
+                            !(0, utils_1.isValidUuid)(this.payload.v) ||
+                            !(0, utils_1.isValidUuid)(this.payload.u) ||
+                            !this.payload.h) {
+                            return [2 /*return*/, false];
+                        }
+                        signingFields = this.getSigningFields(context);
+                        return [4 /*yield*/, this.calculateHmac(this.getHashParam('0', signingFields))];
+                    case 1:
+                        passHmac = _a.sent();
+                        if (passHmac === this.payload.h) {
+                            this.isHighRisk = false;
+                            return [2 /*return*/, true];
+                        }
+                        return [4 /*yield*/, this.calculateHmac(this.getHashParam('1', signingFields))];
+                    case 2:
+                        blockHmac = _a.sent();
+                        if (blockHmac === this.payload.h) {
+                            this.isHighRisk = true;
+                            return [2 /*return*/, true];
+                        }
+                        return [2 /*return*/, false];
+                }
+            });
+        });
+    };
+    DefaultBotDefenderTokenV2.prototype.decode = function (cookieString) {
+        var decodedCookie = this.base64Utils.base64Decode(cookieString);
+        return JSON.parse(decodedCookie);
+    };
+    DefaultBotDefenderTokenV2.prototype.getSigningFields = function (context) {
+        return context.isMobile ? '' : context.requestData.userAgent;
+    };
+    DefaultBotDefenderTokenV2.prototype.getHashParam = function (startingValue, signingFields) {
+        var hashParam = startingValue;
+        if (signingFields) {
+            hashParam += signingFields;
+        }
+        return hashParam;
+    };
+    DefaultBotDefenderTokenV2.prototype.calculateHmac = function (param) {
+        return __awaiter(this, void 0, void 0, function () {
+            var payload;
+            return __generator(this, function (_a) {
+                payload = "".concat(this.payload.t).concat(this.payload.u).concat(this.payload.v).concat(param);
+                return [2 /*return*/, this.hashUtils.createHmac(utils_1.Algorithm.SHA256, payload, this.cookieSecret)];
+            });
+        });
+    };
+    DefaultBotDefenderTokenV2.prototype.isExpired = function () {
+        var _a;
+        return Date.now() > ((_a = this.payload) === null || _a === void 0 ? void 0 : _a.t);
+    };
+    DefaultBotDefenderTokenV2.prototype.isHighScore = function () {
+        return this.isHighRisk;
+    };
+    Object.defineProperty(DefaultBotDefenderTokenV2.prototype, "hmac", {
+        get: function () {
+            var _a;
+            return (_a = this.payload) === null || _a === void 0 ? void 0 : _a.h;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(DefaultBotDefenderTokenV2.prototype, "timestamp", {
+        get: function () {
+            var _a;
+            return (_a = this.payload) === null || _a === void 0 ? void 0 : _a.t;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(DefaultBotDefenderTokenV2.prototype, "uuid", {
+        get: function () {
+            var _a;
+            return (_a = this.payload) === null || _a === void 0 ? void 0 : _a.u;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(DefaultBotDefenderTokenV2.prototype, "vid", {
+        get: function () {
+            var _a;
+            return (_a = this.payload) === null || _a === void 0 ? void 0 : _a.v;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(DefaultBotDefenderTokenV2.prototype, "score", {
+        get: function () {
+            if (this.isValid()) {
+                return this.isHighScore() ? 100 : 0;
+            }
+            return undefined;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(DefaultBotDefenderTokenV2.prototype, "action", {
+        get: function () {
+            return block_handler_1.BlockAction.CAPTCHA;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    return DefaultBotDefenderTokenV2;
+}(BotDefenderTokenBase_1.BotDefenderTokenBase));
+exports.DefaultBotDefenderTokenV2 = DefaultBotDefenderTokenV2;

package/lib/risk_token/token/v3/BotDefenderTokenV3Payload.d.ts

@@ -0,0 +1,9 @@
+import { BlockAction } from '../../../block_handler';
+export declare type BotDefenderTokenV3Payload = {
+    a: BlockAction;
+    s: number;
+    t: number;
+    u: string;
+    v: string;
+    x?: string;
+};

package/lib/risk_token/token/v3/BotDefenderTokenV3Payload.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/risk_token/token/v3/DefaultBotDefenderTokenV3.d.ts

@@ -0,0 +1,31 @@
+import { IConfiguration } from '../../../config';
+import { IContext } from '../../../context';
+import { ILogger } from '../../../logger';
+import { ICipherUtils, IHashUtils } from '../../../utils';
+import { BlockAction } from '../../../block_handler';
+import { BotDefenderTokenV3Payload } from './BotDefenderTokenV3Payload';
+import { TokenSignField } from './TokenSignField';
+import { BotDefenderTokenBase } from '../BotDefenderTokenBase';
+export declare class DefaultBotDefenderTokenV3 extends BotDefenderTokenBase<BotDefenderTokenV3Payload> {
+    protected readonly logger: ILogger;
+    protected readonly maxIterations: number;
+    protected readonly minIterations: number;
+    protected readonly blockingScore: number;
+    protected readonly cipherUtils: ICipherUtils;
+    protected readonly hashUtils: IHashUtils;
+    protected hash: string;
+    constructor(config: IConfiguration, cookieString: string, cipherUtils: ICipherUtils, hashUtils: IHashUtils);
+    protected decrypt(context: IContext): Promise<BotDefenderTokenV3Payload>;
+    protected decryptPayload(encryptedCookie: string, salt: string, iterations: number): Promise<BotDefenderTokenV3Payload>;
+    protected validate(context: IContext): Promise<boolean>;
+    protected getSignedWithFields(context: IContext): string[];
+    protected getSignedWithField(char: TokenSignField, { requestData }: IContext): string;
+    isExpired(): boolean;
+    isHighScore(): boolean;
+    get timestamp(): number;
+    get uuid(): string;
+    get vid(): string;
+    get score(): number;
+    get action(): BlockAction;
+    get hmac(): string;
+}