perimeterx-js-core 0.1.1 → 0.3.0

package/lib/enforcer/EnforcerBase.d.ts

@@ -10,6 +10,7 @@ import { ITelemetry } from '../telemetry';
 import { IBlockResponseGenerator } from '../block_handler';
 import { TokenVersion } from '../risk_token';
 import { IActivityClient } from '../activities';
+import { IGraphQLParser } from '../graphql';
 export declare type EnforcerBaseOptions = {
     tokenVersion?: TokenVersion;
     dataEnrichment?: IDataEnrichment;
@@ -20,6 +21,7 @@ export declare type EnforcerBaseOptions = {
     hashUtils?: IHashUtils;
     cipherUtils?: ICipherUtils;
     blockGenerator?: IBlockResponseGenerator;
+    graphqlParser?: IGraphQLParser;
 } & ({
     httpClient: IHttpClient;
     firstParty?: IFirstParty;
@@ -43,6 +45,7 @@ export declare abstract class EnforcerBase<EnforceArgs extends any[], Req, Res>
     protected riskApiScoreRetriever: IScoreRetriever;
     protected blockGenerator: IBlockResponseGenerator;
     protected activityClient: IActivityClient;
+    protected graphQLParser?: IGraphQLParser;
     /**
      * Returns the original Req object in case the module is disabled or an error is thrown.
      * @param args - The EnforceArgs required to enforce the incoming request.
@@ -65,7 +68,7 @@ export declare abstract class EnforcerBase<EnforceArgs extends any[], Req, Res>
      * @returns IContext - The context for the request.
      * @protected
      */
-    protected abstract retrieveContext(req: Req, res: Res, ...args: EnforceArgs): IContext;
+    protected abstract retrieveContext(req: Req, res: Res, ...args: EnforceArgs): IContext | null;
     /**
      * Converts the IHttpRequest object into the Req object.
      * @param httpRequest - The IHttpRequest object.
@@ -118,6 +121,8 @@ export declare abstract class EnforcerBase<EnforceArgs extends any[], Req, Res>
     protected handleFirstParty(context: IContext): Promise<IHttpResponse>;
     protected handleFilter(context: IContext): boolean;
     protected handleCompleteContextInitialization(context: IContext): Promise<void>;
+    protected handleGraphQL(context: IContext): Promise<void>;
+    protected handleEnrichCustomParameters(context: IContext): Promise<void>;
     protected handleTelemetryIfNeeded(context: IContext): Promise<void>;
     protected handlePxde(context: IContext): Promise<void>;
     protected handleCookieRetrieverIfNeeded(context: IContext): Promise<void>;

package/lib/enforcer/EnforcerBase.js

@@ -57,6 +57,8 @@ var block_handler_1 = require("../block_handler");
 var risk_token_1 = require("../risk_token");
 var risk_api_1 = require("../risk_api");
 var activities_1 = require("../activities");
+var graphql_1 = require("../graphql");
+var custom_parameters_1 = require("../custom_parameters");
 var EnforcerBase = /** @class */ (function () {
     /**
      * The EnforcerBase constructor.
@@ -72,10 +74,17 @@ var EnforcerBase = /** @class */ (function () {
         this.cookieScoreRetriever = options.cookieScoreRetriever || new risk_token_1.RiskTokenScoreRetriever(this.config);
         this.blockGenerator = options.blockGenerator || new block_handler_1.DefaultBlockResponseGenerator(this.config, base64Utils);
         this.dataEnrichment = options.dataEnrichment || new pxde_1.DefaultDataEnrichment(this.config, base64Utils, hashUtils);
+        this.graphQLParser = this.config.graphqlEnabled
+            ? options.graphqlParser || new graphql_1.DefaultGraphQLParser(this.config)
+            : null;
         var httpClient = options.httpClient;
         this.firstParty = options.firstParty || new first_party_1.DefaultFirstParty(this.config, httpClient);
         this.telemetry = options.telemetry || new telemetry_1.DefaultTelemetry(this.config, httpClient, base64Utils, hashUtils);
-        this.activityClient = options.activityClient || new activities_1.HttpActivityClient(this.config, httpClient);
+        this.activityClient =
+            options.activityClient ||
+                (this.config.maxActivityBatchSize > 1
+                    ? new activities_1.HttpBatchedActivityClient(this.config, httpClient)
+                    : new activities_1.HttpActivityClient(this.config, httpClient));
         var riskResponseHandler = options.tokenVersion === risk_token_1.TokenVersion.V2
             ? new risk_api_1.RiskResponseV2Handler(this.config)
             : new risk_api_1.RiskResponseV3Handler(this.config);
@@ -147,23 +156,29 @@ var EnforcerBase = /** @class */ (function () {
                     case 3:
                         _a.sent();
                         this.config.logger.debug('context initialization complete');
-                        return [4 /*yield*/, this.handleTelemetryIfNeeded(context)];
+                        return [4 /*yield*/, this.handleGraphQL(context)];
                     case 4:
                         _a.sent();
-                        return [4 /*yield*/, this.handlePxde(context)];
+                        return [4 /*yield*/, this.handleEnrichCustomParameters(context)];
                     case 5:
                         _a.sent();
-                        return [4 /*yield*/, this.handleCookieRetrieverIfNeeded(context)];
+                        return [4 /*yield*/, this.handleTelemetryIfNeeded(context)];
                     case 6:
                         _a.sent();
-                        return [4 /*yield*/, this.handleRiskApiIfNeeded(context)];
+                        return [4 /*yield*/, this.handlePxde(context)];
                     case 7:
                         _a.sent();
-                        return [4 /*yield*/, this.handleAdditionalActivityHandler(context)];
+                        return [4 /*yield*/, this.handleCookieRetrieverIfNeeded(context)];
                     case 8:
                         _a.sent();
-                        return [4 /*yield*/, this.handleBlockResponse(context)];
+                        return [4 /*yield*/, this.handleRiskApiIfNeeded(context)];
                     case 9:
+                        _a.sent();
+                        return [4 /*yield*/, this.handleAdditionalActivityHandler(context)];
+                    case 10:
+                        _a.sent();
+                        return [4 /*yield*/, this.handleBlockResponse(context)];
+                    case 11:
                         httpResponse = _a.sent();
                         if (httpResponse) {
                             this.config.logger.debug("blocking request due to ".concat(context.blockReason));
@@ -200,10 +215,33 @@ var EnforcerBase = /** @class */ (function () {
         return this.filter.shouldFilter(context);
     };
     EnforcerBase.prototype.handleCompleteContextInitialization = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                return [2 /*return*/];
+            });
+        });
+    };
+    EnforcerBase.prototype.handleGraphQL = function (context) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0:
+                        if (!((_a = this.graphQLParser) === null || _a === void 0 ? void 0 : _a.isGraphQLRequest(context))) return [3 /*break*/, 2];
+                        return [4 /*yield*/, this.graphQLParser.parseGraphQLRequest(context)];
+                    case 1:
+                        _b.sent();
+                        _b.label = 2;
+                    case 2: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    EnforcerBase.prototype.handleEnrichCustomParameters = function (context) {
         return __awaiter(this, void 0, void 0, function () {
             return __generator(this, function (_a) {
                 switch (_a.label) {
-                    case 0: return [4 /*yield*/, context.completeInitialization()];
+                    case 0: return [4 /*yield*/, custom_parameters_1.CustomParametersUtils.handleCustomParameters(this.config, context)];
                     case 1:
                         _a.sent();
                         return [2 /*return*/];

package/lib/first_party/DefaultFirstParty.js

@@ -153,7 +153,7 @@ var DefaultFirstParty = /** @class */ (function () {
                     case 1: return [2 /*return*/, _b.sent()];
                     case 2:
                         e_1 = _b.sent();
-                        this.config.logger.debug("failed sending first party request to ".concat(url));
+                        this.config.logger.debug("failed sending first party request to ".concat(url, ": ").concat(e_1));
                         return [2 /*return*/, null];
                     case 3: return [2 /*return*/];
                 }

package/lib/graphql/DefaultGraphQLParser.d.ts

@@ -0,0 +1,19 @@
+import { IContext } from '../context/IContext';
+import { IConfiguration } from '../config';
+import { IGraphQLParser } from './IGraphQLParser';
+export declare class DefaultGraphQLParser implements IGraphQLParser {
+    private readonly logger;
+    private readonly graphqlRoutes;
+    private readonly sensitiveOperationTypes;
+    private readonly sensitiveOperationNames;
+    constructor(config: IConfiguration);
+    isGraphQLRequest({ requestData }: IContext): boolean;
+    parseGraphQLRequest(context: IContext): Promise<boolean>;
+    private getGraphQLOperationsFromBody;
+    private parseGraphQLOperations;
+    private parseGraphQlOperation;
+    private getOperationNameToTypeMap;
+    private getGraphQLData;
+    private isSensitiveOperation;
+    private extractGraphQLVariableNames;
+}

package/lib/graphql/DefaultGraphQLParser.js

@@ -0,0 +1,183 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultGraphQLParser = void 0;
+var http_1 = require("../http");
+var GraphQLOperationType_1 = require("./model/GraphQLOperationType");
+var utils_1 = require("../utils");
+var DefaultGraphQLParser = /** @class */ (function () {
+    function DefaultGraphQLParser(config) {
+        this.logger = config.logger;
+        this.graphqlRoutes = config.graphqlRoutes;
+        this.sensitiveOperationNames = config.sensitiveGraphqlOperationNames;
+        this.sensitiveOperationTypes = config.sensitiveGraphqlOperationTypes;
+    }
+    DefaultGraphQLParser.prototype.isGraphQLRequest = function (_a) {
+        var requestData = _a.requestData;
+        return (requestData.method === http_1.HttpMethod.POST && (0, utils_1.isRouteInPatterns)(requestData.url.pathname, this.graphqlRoutes));
+    };
+    DefaultGraphQLParser.prototype.parseGraphQLRequest = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var graphQLOperations, data, e_1;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        _a.trys.push([0, 2, , 3]);
+                        return [4 /*yield*/, this.getGraphQLOperationsFromBody(context.requestData)];
+                    case 1:
+                        graphQLOperations = _a.sent();
+                        if (!graphQLOperations) {
+                            this.logger.debug('unable to get graphql operations from request body');
+                            return [2 /*return*/, false];
+                        }
+                        data = this.parseGraphQLOperations(graphQLOperations);
+                        if (!data || data.length === 0) {
+                            this.logger.debug('unable to parse graphql operations');
+                            return [2 /*return*/, false];
+                        }
+                        this.logger.debug("".concat(data.length, " graphql operation").concat(data.length === 1 ? '' : 's', " parsed successfully"));
+                        context.graphqlData = data;
+                        context.isSensitiveRequest = context.isSensitiveRequest || data.some(function (operation) { return operation.sensitive; });
+                        return [2 /*return*/, true];
+                    case 2:
+                        e_1 = _a.sent();
+                        this.logger.debug("error parsing graphql request: ".concat(e_1));
+                        return [2 /*return*/, false];
+                    case 3: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    DefaultGraphQLParser.prototype.getGraphQLOperationsFromBody = function (_a) {
+        var request = _a.request;
+        return __awaiter(this, void 0, void 0, function () {
+            var body;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, request.readBody()];
+                    case 1:
+                        body = _b.sent();
+                        if (typeof body === 'string') {
+                            try {
+                                body = JSON.parse(body);
+                            }
+                            catch (e) {
+                                this.logger.debug("unable to parse string body: ".concat(e));
+                            }
+                        }
+                        if (!body || typeof body !== 'object') {
+                            return [2 /*return*/, null];
+                        }
+                        return [2 /*return*/, Array.isArray(body) ? body : [body]];
+                }
+            });
+        });
+    };
+    DefaultGraphQLParser.prototype.parseGraphQLOperations = function (operations) {
+        var _this = this;
+        return operations.map(function (operation) { return _this.parseGraphQlOperation(operation); }).filter(function (x) { return x; });
+    };
+    DefaultGraphQLParser.prototype.parseGraphQlOperation = function (operation) {
+        if (!operation.query || typeof operation.query !== 'string') {
+            return null;
+        }
+        var operationNameToTypeMap = this.getOperationNameToTypeMap(operation.query);
+        if (!operationNameToTypeMap) {
+            return null;
+        }
+        return this.getGraphQLData(operationNameToTypeMap, operation);
+    };
+    DefaultGraphQLParser.prototype.getOperationNameToTypeMap = function (query) {
+        var operationTypesString = Object.values(GraphQLOperationType_1.GraphQLOperationType).join('|');
+        var pattern = new RegExp("\\s*(".concat(operationTypesString, ")\\s+(\\w+)"), 'gm');
+        var match;
+        var map = {};
+        while ((match = pattern.exec(query)) !== null) {
+            var operationType = match[1];
+            var operationName = match[2];
+            if (map[operationName]) {
+                // query contains two operations with the same name which is illegal
+                return null;
+            }
+            else {
+                map[operationName] = operationType;
+            }
+        }
+        return map;
+    };
+    DefaultGraphQLParser.prototype.getGraphQLData = function (operationNameToTypeMap, operation) {
+        var name = operation.operationName ||
+            (Object.keys(operationNameToTypeMap).length === 1 ? Object.keys(operationNameToTypeMap)[0] : undefined);
+        var type = operationNameToTypeMap[name];
+        if (!type && /^\s*{/.test(operation.query)) {
+            type = GraphQLOperationType_1.GraphQLOperationType.QUERY;
+        }
+        if (!type) {
+            return null;
+        }
+        var data = { name: name, type: type };
+        if (this.isSensitiveOperation(name, type)) {
+            data.sensitive = true;
+        }
+        if (operation.variables && typeof operation.variables === 'object') {
+            data.variables = this.extractGraphQLVariableNames(operation.variables);
+        }
+        return data;
+    };
+    DefaultGraphQLParser.prototype.isSensitiveOperation = function (operationName, operationType) {
+        return (this.sensitiveOperationTypes.some(function (type) { return type === operationType; }) ||
+            this.sensitiveOperationNames.some(function (name) { return name === operationName; }));
+    };
+    DefaultGraphQLParser.prototype.extractGraphQLVariableNames = function (variables) {
+        var processVariables = function (variablesObj, prefix) {
+            return Object.entries(variablesObj).reduce(function (total, _a) {
+                var key = _a[0], value = _a[1];
+                if (!value || typeof value !== 'object' || Object.keys(value).length === 0) {
+                    total.push(prefix + key);
+                    return total;
+                }
+                else {
+                    return total.concat(processVariables(value, "".concat(prefix).concat(key, ".")));
+                }
+            }, []);
+        };
+        return processVariables(variables, '');
+    };
+    return DefaultGraphQLParser;
+}());
+exports.DefaultGraphQLParser = DefaultGraphQLParser;

package/lib/graphql/IGraphQLParser.d.ts

@@ -0,0 +1,5 @@
+import { IContext } from '../context';
+export interface IGraphQLParser {
+    isGraphQLRequest(context: IContext): boolean;
+    parseGraphQLRequest(context: IContext): Promise<boolean>;
+}

package/lib/graphql/IGraphQLParser.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/graphql/index.d.ts

@@ -0,0 +1,5 @@
+export { GraphQLOperationType } from './model/GraphQLOperationType';
+export { GraphQLOperation } from './model/GraphQLOperation';
+export { GraphQLData } from './model/GraphQLData';
+export { IGraphQLParser } from './IGraphQLParser';
+export { DefaultGraphQLParser } from './DefaultGraphQLParser';

package/lib/graphql/index.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultGraphQLParser = exports.GraphQLOperationType = void 0;
+var GraphQLOperationType_1 = require("./model/GraphQLOperationType");
+Object.defineProperty(exports, "GraphQLOperationType", { enumerable: true, get: function () { return GraphQLOperationType_1.GraphQLOperationType; } });
+var DefaultGraphQLParser_1 = require("./DefaultGraphQLParser");
+Object.defineProperty(exports, "DefaultGraphQLParser", { enumerable: true, get: function () { return DefaultGraphQLParser_1.DefaultGraphQLParser; } });

package/lib/graphql/model/GraphQLData.d.ts

@@ -0,0 +1,7 @@
+import { GraphQLOperationType } from './GraphQLOperationType';
+export declare type GraphQLData = {
+    type: GraphQLOperationType;
+    name?: string;
+    sensitive?: boolean;
+    variables?: string[];
+};

package/lib/graphql/model/GraphQLData.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/graphql/model/GraphQLOperation.d.ts

@@ -0,0 +1,5 @@
+export declare type GraphQLOperation = {
+    query: string;
+    operationName?: string;
+    variables?: Record<string, unknown>;
+};

package/lib/graphql/model/GraphQLOperation.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/graphql/model/GraphQLOperationType.d.ts

@@ -0,0 +1,5 @@
+export declare enum GraphQLOperationType {
+    QUERY = "query",
+    MUTATION = "mutation",
+    SUBSCRIPTION = "subscription"
+}

package/lib/graphql/model/GraphQLOperationType.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GraphQLOperationType = void 0;
+var GraphQLOperationType;
+(function (GraphQLOperationType) {
+    GraphQLOperationType["QUERY"] = "query";
+    GraphQLOperationType["MUTATION"] = "mutation";
+    GraphQLOperationType["SUBSCRIPTION"] = "subscription";
+})(GraphQLOperationType = exports.GraphQLOperationType || (exports.GraphQLOperationType = {}));

package/lib/http/utils/HttpHeaders.d.ts

@@ -1,6 +1,7 @@
 export declare type HttpHeadersInit = Record<string, string[]>;
 export declare class HttpHeaders {
     private readonly headers;
+    static from(headers: Headers): HttpHeaders;
     /**
      * Constructs a new instance of the HttpHeaders class.
      * @param init - Optional header names and values with which to initialize the HttpHeaders instance.
@@ -41,11 +42,12 @@ export declare class HttpHeaders {
      * @returns object - An object representing the current state of the HttpHeaders instance. The keys are the header
      * names (all lowercase), and the values are arrays of all the associated header values.
      */
-    toObject(): Record<string, string[]>;
+    toObject(joinDelimiter?: string): Record<string, string | string[]>;
     /**
      * Iterates through all headers and applies a callback function to each one.
      * @param callbackFn - The callback function to be applied on every header.
      */
     forEach(callbackFn: (values: readonly string[], name: string) => void): void;
     private toKey;
+    entries(delimiter?: string): [string, string][];
 }

package/lib/http/utils/HttpHeaders.js

@@ -19,6 +19,13 @@ var HttpHeaders = /** @class */ (function () {
         var _this = this;
         this.headers = init ? new Map(Object.keys(init).map(function (name) { return [_this.toKey(name), init[name]]; })) : new Map();
     }
+    HttpHeaders.from = function (headers) {
+        var ret = new HttpHeaders();
+        headers.forEach(function (value, key) {
+            ret.append(key, value);
+        });
+        return ret;
+    };
     /**
      * Retrieves the values associated with the provided header name. If no header exists, it returns undefined.
      * @param name - The case-insensitive header name.
@@ -84,10 +91,10 @@ var HttpHeaders = /** @class */ (function () {
      * @returns object - An object representing the current state of the HttpHeaders instance. The keys are the header
      * names (all lowercase), and the values are arrays of all the associated header values.
      */
-    HttpHeaders.prototype.toObject = function () {
+    HttpHeaders.prototype.toObject = function (joinDelimiter) {
         var obj = {};
         this.forEach(function (values, name) {
-            obj[name] = __spreadArray([], values, true);
+            obj[name] = joinDelimiter ? values.join(joinDelimiter) : __spreadArray([], values, true);
         });
         return obj;
     };
@@ -101,6 +108,16 @@ var HttpHeaders = /** @class */ (function () {
     HttpHeaders.prototype.toKey = function (name) {
         return name.toLowerCase();
     };
+    HttpHeaders.prototype.entries = function (delimiter) {
+        if (delimiter === void 0) { delimiter = ','; }
+        var ret = [];
+        this.headers.forEach(function (values, headerName) {
+            if (values === null || values === void 0 ? void 0 : values.length) {
+                ret.push([headerName, values.join(delimiter)]);
+            }
+        });
+        return ret;
+    };
     return HttpHeaders;
 }());
 exports.HttpHeaders = HttpHeaders;

package/lib/index.d.ts

@@ -7,6 +7,7 @@ export * from './custom_parameters';
 export * from './enforcer';
 export * from './filter';
 export * from './first_party';
+export * from './graphql';
 export * from './http';
 export * from './logger';
 export * from './pxde';

package/lib/index.js

@@ -23,6 +23,7 @@ __exportStar(require("./custom_parameters"), exports);
 __exportStar(require("./enforcer"), exports);
 __exportStar(require("./filter"), exports);
 __exportStar(require("./first_party"), exports);
+__exportStar(require("./graphql"), exports);
 __exportStar(require("./http"), exports);
 __exportStar(require("./logger"), exports);
 __exportStar(require("./pxde"), exports);

package/lib/risk_api/PostRiskApiClient.d.ts

@@ -15,7 +15,20 @@ export declare class PostRiskApiClient<RiskResponseType extends RiskResponseV2 |
     shouldRetrieveScore(context: IContext): boolean;
     private unsetScoreFields;
     retrieveScore(context: IContext): Promise<boolean>;
+    /**
+     * Creates the RiskActivity payload
+     * @param context
+     * @returns RiskActivity
+     * @protected
+     */
     protected createRiskActivity(context: IContext): RiskActivity;
+    /**
+     * Protected function in case expansions or alterations to the risk activity are needed for certain platforms.
+     * @param riskActivity
+     * @returns RiskActivity
+     * @protected
+     */
+    protected finalizeRiskActivity(riskActivity: RiskActivity): RiskActivity;
     private addOptionalRiskFields;
     private addOptionalRiskFieldsToRoot;
     private addOptionalRiskFieldsToAdditional;

package/lib/risk_api/PostRiskApiClient.js

@@ -37,7 +37,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PostRiskApiClient = void 0;
-var TokenOrigin_1 = require("../risk_token/TokenOrigin");
+var risk_token_1 = require("../risk_token");
 var http_1 = require("../http");
 var utils_1 = require("../utils");
 var S2SCallReason_1 = require("./S2SCallReason");
@@ -117,6 +117,12 @@ var PostRiskApiClient = /** @class */ (function () {
             });
         });
     };
+    /**
+     * Creates the RiskActivity payload
+     * @param context
+     * @returns RiskActivity
+     * @protected
+     */
     PostRiskApiClient.prototype.createRiskActivity = function (context) {
         var riskActivity = {
             request: {
@@ -130,12 +136,21 @@ var PostRiskApiClient = /** @class */ (function () {
                 http_method: context.requestData.method,
                 http_version: context.requestData.httpVersion,
                 risk_mode: context.isMonitoredRequest ? utils_1.ModuleMode.MONITOR : utils_1.ModuleMode.ACTIVE_BLOCKING,
-                cookie_origin: context.tokenOrigin || TokenOrigin_1.TokenOrigin.COOKIE,
+                cookie_origin: context.tokenOrigin || risk_token_1.TokenOrigin.COOKIE,
                 request_cookie_names: context.requestData.requestCookieNames,
                 request_id: context.requestId,
             },
         };
         this.addOptionalRiskFields(riskActivity, context);
+        return this.finalizeRiskActivity(riskActivity);
+    };
+    /**
+     * Protected function in case expansions or alterations to the risk activity are needed for certain platforms.
+     * @param riskActivity
+     * @returns RiskActivity
+     * @protected
+     */
+    PostRiskApiClient.prototype.finalizeRiskActivity = function (riskActivity) {
         return riskActivity;
     };
     PostRiskApiClient.prototype.addOptionalRiskFields = function (riskActivity, context) {
@@ -154,6 +169,7 @@ var PostRiskApiClient = /** @class */ (function () {
     PostRiskApiClient.prototype.addOptionalRiskFieldsToAdditional = function (riskActivity, context) {
         (0, utils_1.transferExistingProperties)(context, riskActivity.additional, {
             vidSource: 'enforcer_vid_source',
+            graphqlData: 'graphql_operations',
         });
         (0, utils_1.transferExistingProperties)(context.serverData, riskActivity.additional, {
             region: 'server_info_region',
@@ -182,11 +198,13 @@ var PostRiskApiClient = /** @class */ (function () {
     PostRiskApiClient.prototype.addCookieRiskFieldsToAdditional = function (riskActivity, _a) {
         var riskToken = _a.riskToken;
         if (riskToken) {
-            riskActivity.additional.px_orig_cookie = riskToken.getCookieString();
             if (riskToken.isValid()) {
                 riskActivity.additional.px_cookie = riskToken.getPayloadString();
                 riskActivity.additional.px_cookie_hmac = riskToken.hmac;
             }
+            else {
+                riskActivity.additional.px_orig_cookie = riskToken.getCookieString();
+            }
         }
     };
     PostRiskApiClient.prototype.formatRiskHeadersField = function (headers) {

package/lib/risk_api/model/RiskActivity.d.ts

@@ -1,6 +1,7 @@
 import { ModuleMode, VidSource } from '../../utils';
 import { TokenOrigin } from '../../risk_token';
 import { CustomParameters } from '../../custom_parameters';
+import { GraphQLData } from '../../graphql/';
 import { S2SCallReason } from '../S2SCallReason';
 export declare type HeaderEntry = {
     name: string;
@@ -40,6 +41,7 @@ export declare type RiskAdditionalData = {
     cross_tab_session?: string;
     app_user_id?: string;
     jwt_additional_fields?: string[];
+    graphql_operations?: GraphQLData[];
 } & CustomParameters;
 export declare type RiskActivity = {
     vid?: string;

package/lib/risk_api/model/RiskResponseV2.d.ts

@@ -1,8 +1,10 @@
 import { RiskStatus } from './RiskStatus';
 import { PXDE } from '../../pxde';
+import { BlockAction } from '../../block_handler';
 export declare type RiskResponseV2 = {
     status: RiskStatus;
     cookie_cfg_block_result?: '0' | '1';
+    action?: BlockAction;
     uuid?: string;
     pxhd?: string;
     message?: string;

package/lib/risk_api/risk_response_handler/RiskResponseV2Handler.js

@@ -35,6 +35,7 @@ var RiskResponseV2Handler = /** @class */ (function (_super) {
         (0, utils_1.transferExistingProperties)(riskResponse, context, {
             uuid: 'uuid',
             pxhd: 'pxhd',
+            action: 'blockAction',
             data_enrichment: 'pxde',
         });
         if (riskResponse.data_enrichment) {

package/lib/risk_token/RiskTokenScoreRetriever.js

@@ -97,7 +97,7 @@ var RiskTokenScoreRetriever = /** @class */ (function () {
                     case 0: return [4 /*yield*/, token.verify(context)];
                     case 1:
                         result = _a.sent();
-                        if (result === TokenVerificationResult_1.TokenVerificationResult.DECRYPTION_FAILED) {
+                        if (result === TokenVerificationResult_1.TokenVerificationResult.DECRYPTION_FAILED || result === TokenVerificationResult_1.TokenVerificationResult.CANNOT_VERIFY) {
                             return [2 /*return*/, this.handleFailure(context, risk_api_1.S2SCallReason.COOKIE_DECRYPTION_FAILED)];
                         }
                         if (result === TokenVerificationResult_1.TokenVerificationResult.VALIDATION_FAILED) {