perimeterx-js-core 0.13.0 → 0.15.0

package/lib/cjs/config/ConfigurationBase.js

@@ -144,6 +144,13 @@ var ConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(ConfigurationBase.prototype, "customIsEnforcedRequest", {
+        get: function () {
+            return this.configParams.px_custom_is_enforced_request;
+        },
+        enumerable: false,
+        configurable: true
+    });
     Object.defineProperty(ConfigurationBase.prototype, "filteredExtensions", {
         get: function () {
             return this.configParams.px_filter_by_extension.map(function (ext) { return (ext.startsWith('.') ? ext : ".".concat(ext)); });
@@ -186,6 +193,13 @@ var ConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(ConfigurationBase.prototype, "customIsFilteredRequest", {
+        get: function () {
+            return this.configParams.px_custom_is_filtered_request;
+        },
+        enumerable: false,
+        configurable: true
+    });
     Object.defineProperty(ConfigurationBase.prototype, "customFirstPartyPrefix", {
         get: function () {
             return this.configParams.px_custom_first_party_prefix;
@@ -249,6 +263,13 @@ var ConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(ConfigurationBase.prototype, "customIsMonitoredRequest", {
+        get: function () {
+            return this.configParams.px_custom_is_monitored_request;
+        },
+        enumerable: false,
+        configurable: true
+    });
     Object.defineProperty(ConfigurationBase.prototype, "s2sTimeout", {
         get: function () {
             return this.configParams.px_s2s_timeout;
@@ -270,6 +291,13 @@ var ConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(ConfigurationBase.prototype, "customIsSensitiveRequest", {
+        get: function () {
+            return this.configParams.px_custom_is_sensitive_request;
+        },
+        enumerable: false,
+        configurable: true
+    });
     Object.defineProperty(ConfigurationBase.prototype, "advancedBlockingResponseEnabled", {
         get: function () {
             return this.configParams.px_advanced_blocking_response_enabled;
@@ -634,6 +662,13 @@ var ConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(ConfigurationBase.prototype, "securedPxhdEnabled", {
+        get: function () {
+            return this.configParams.px_secured_pxhd_enabled;
+        },
+        enumerable: false,
+        configurable: true
+    });
     return ConfigurationBase;
 }());
 exports.ConfigurationBase = ConfigurationBase;

package/lib/cjs/config/CustomRequestFunction.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cjs/config/defaults/DefaultCommonConfigurationParams.js

@@ -13,7 +13,6 @@ exports.DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_risk_cookie_max_iterations: 5000,
     px_logger_severity: logger_1.LoggerSeverity.ERROR,
     px_ip_headers: [],
-    px_extract_ip: null,
     px_module_enabled: true,
     px_module_mode: utils_1.ModuleMode.MONITOR,
     px_additional_activity_handler: null,
@@ -21,9 +20,6 @@ exports.DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_max_activity_batch_size: 0,
     px_batch_activities_timeout_ms: 1000,
     px_bypass_monitor_header: '',
-    px_csp_enabled: false,
-    px_csp_no_updates_max_interval_minutes: 60,
-    px_csp_policy_refresh_interval_minutes: 5,
     px_enforced_routes: [],
     px_first_party_enabled: true,
     px_custom_first_party_prefix: '',
@@ -104,7 +100,6 @@ exports.DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_sensitive_graphql_operation_names: [],
     px_sensitive_graphql_operation_types: [],
     px_enrich_custom_parameters: null,
-    px_proxy_url: '',
     px_jwt_cookie_name: '',
     px_jwt_cookie_user_id_field_name: '',
     px_jwt_cookie_additional_field_names: [],
@@ -118,4 +113,9 @@ exports.DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_remote_config_max_fetch_attempts: 5,
     px_remote_config_retry_interval_ms: 1000,
     px_url_decode_reserved_characters: false,
+    px_secured_pxhd_enabled: false,
+    px_custom_is_sensitive_request: null,
+    px_custom_is_monitored_request: null,
+    px_custom_is_enforced_request: null,
+    px_custom_is_filtered_request: null,
 };

package/lib/cjs/config/index.js

@@ -17,6 +17,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./IConfiguration"), exports);
 __exportStar(require("./ConfigurationBase"), exports);
 __exportStar(require("./ConfigurationBuilderBase"), exports);
+__exportStar(require("./CustomRequestFunction"), exports);
 __exportStar(require("./remote_config"), exports);
 __exportStar(require("./params"), exports);
 __exportStar(require("./defaults"), exports);

package/lib/cjs/enforcer/EnforcerBase.js

@@ -80,11 +80,23 @@ var EnforcerBase = /** @class */ (function () {
         this.config = config;
         var initializationBlock = this.getInitializationBlock(config, options);
         this.activityClient = initializationBlock.activityClient;
-        this.filterFlow = new phase_1.FilterFlow(config, initializationBlock);
-        this.enforceFlow = new phase_1.EnforceFlow(config, initializationBlock);
-        this.postEnforceFlow = new phase_1.PostEnforceFlow(config, initializationBlock);
-        this.endEnforcerFlow = new phase_1.EndEnforcerFlow(config, initializationBlock);
+        this.filterFlow = this.createFilterFlow(config, initializationBlock);
+        this.enforceFlow = this.createEnforceFlow(config, initializationBlock);
+        this.postEnforceFlow = this.createPostEnforceFlow(config, initializationBlock);
+        this.endEnforcerFlow = this.createEndEnforcerFlow(config, initializationBlock);
     }
+    EnforcerBase.prototype.createFilterFlow = function (config, initializationBlock) {
+        return new phase_1.FilterFlow(config, initializationBlock);
+    };
+    EnforcerBase.prototype.createPostEnforceFlow = function (config, initializationBlock) {
+        return new phase_1.PostEnforceFlow(config, initializationBlock);
+    };
+    EnforcerBase.prototype.createEnforceFlow = function (config, initializationBlock) {
+        return new phase_1.EnforceFlow(config, initializationBlock);
+    };
+    EnforcerBase.prototype.createEndEnforcerFlow = function (config, initializationBlock) {
+        return new phase_1.EndEnforcerFlow(config, initializationBlock);
+    };
     /**
      * The central function that triggers enforcement on the incoming request.
      * @param args - The EnforceArgs required to enforce the incoming request.

package/lib/cjs/filter/FilterReason.js

@@ -9,6 +9,7 @@ var FilterReason;
     FilterReason["HTTP_METHOD"] = "http_method";
     FilterReason["USER_AGENT"] = "user_agent";
     FilterReason["IP"] = "ip";
+    FilterReason["CUSTOM"] = "custom";
     FilterReason["TELEMETRY_REQUEST"] = "telemetry_request";
     FilterReason["CORS_PREFLIGHT_REQUEST"] = "cors_preflight_request";
 })(FilterReason || (exports.FilterReason = FilterReason = {}));

package/lib/cjs/impl/url/UrlImpl.js

@@ -11,15 +11,18 @@ var UrlImpl = /** @class */ (function () {
             throw new Error("Invalid UrlImpl: ".concat(rawUrl));
         }
         this.protocol = match[1];
-        this.hostname = match[3];
-        this.port = match[4] || '';
-        this.pathname = match[5] || '/';
-        this.search = match[6] || '';
-        this.hash = match[7] || '';
+        this.username = match[3] || '';
+        this.password = match[4] || '';
+        this.hostname = match[6];
+        this.port = match[7] || '';
+        this.pathname = match[8] || '/';
+        this.search = match[9] || '';
+        this.hash = match[10] || '';
+        this.urlUtils = new CustomImplUrlUtils_1.CustomImplUrlUtils();
     }
     Object.defineProperty(UrlImpl.prototype, "href", {
         get: function () {
-            return "".concat(this.origin).concat(this.pathname).concat(this.search).concat(this.hash);
+            return "".concat(this.protocol, "//").concat(this.credentials).concat(this.host).concat(this.pathname).concat(this.search).concat(this.hash);
         },
         enumerable: false,
         configurable: true
@@ -57,7 +60,7 @@ var UrlImpl = /** @class */ (function () {
     });
     Object.defineProperty(UrlImpl.prototype, "searchParams", {
         get: function () {
-            return new UrlSearchParamsImpl_1.UrlSearchParamsImpl(new CustomImplUrlUtils_1.CustomImplUrlUtils(), this.search);
+            return new UrlSearchParamsImpl_1.UrlSearchParamsImpl(this.urlUtils, this.search);
         },
         enumerable: false,
         configurable: true
@@ -69,6 +72,23 @@ var UrlImpl = /** @class */ (function () {
         };
         return PROTOCOL_TO_DEFAULT_PORT[this.protocol] === port;
     };
+    Object.defineProperty(UrlImpl.prototype, "credentials", {
+        get: function () {
+            if (!this.username && !this.password) {
+                return '';
+            }
+            var credentials = '';
+            if (this.username) {
+                credentials += this.urlUtils.encodeUriComponent(this.username);
+            }
+            if (this.password) {
+                credentials += ":".concat(this.urlUtils.encodeUriComponent(this.password));
+            }
+            return "".concat(credentials, "@");
+        },
+        enumerable: false,
+        configurable: true
+    });
     return UrlImpl;
 }());
 exports.UrlImpl = UrlImpl;

package/lib/cjs/index.js

@@ -21,6 +21,8 @@ __exportStar(require("./blocker"), exports);
 __exportStar(require("./config"), exports);
 __exportStar(require("./context"), exports);
 __exportStar(require("./custom_parameters"), exports);
+__exportStar(require("./sensitive_request"), exports);
+__exportStar(require("./monitored_request"), exports);
 __exportStar(require("./cors"), exports);
 __exportStar(require("./enforcer"), exports);
 __exportStar(require("./filter"), exports);

package/lib/cjs/logger/LoggerBase.js

@@ -54,6 +54,9 @@ var LoggerBase = /** @class */ (function () {
         var logRecord = __assign(__assign({}, metadata), { message: message, severity: loggerSeverity, messageTimestamp: Date.now() });
         this.logs.push(logRecord);
     };
+    LoggerBase.prototype.clearLogs = function () {
+        this.logs = [];
+    };
     return LoggerBase;
 }());
 exports.LoggerBase = LoggerBase;

package/lib/cjs/monitored_request/MonitoredRequestUtils.js

@@ -0,0 +1,123 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MonitoredRequestUtils = void 0;
+var utils_1 = require("../utils");
+var MonitoredRequestUtils;
+(function (MonitoredRequestUtils) {
+    var _this = this;
+    MonitoredRequestUtils.isMonitoredRequest = function (config, context) { return __awaiter(_this, void 0, void 0, function () {
+        var _a, url, request, isEnforcedRequest, _b, monitoredRoute, _c, _d, monitorMode;
+        return __generator(this, function (_e) {
+            switch (_e.label) {
+                case 0:
+                    _a = context.requestData, url = _a.url, request = _a.request;
+                    _b = MonitoredRequestUtils.isEnforcedRoute(url, config.enforcedRoutes);
+                    if (_b) return [3 /*break*/, 2];
+                    return [4 /*yield*/, MonitoredRequestUtils.invokeCustomIsEnforcedRequest(config, request)];
+                case 1:
+                    _b = (_e.sent());
+                    _e.label = 2;
+                case 2:
+                    isEnforcedRequest = _b;
+                    _c = !isEnforcedRequest;
+                    if (!_c) return [3 /*break*/, 5];
+                    _d = MonitoredRequestUtils.isMonitoredRoute(url, config.monitoredRoutes);
+                    if (_d) return [3 /*break*/, 4];
+                    return [4 /*yield*/, MonitoredRequestUtils.invokeCustomIsMonitoredRequest(config, request)];
+                case 3:
+                    _d = (_e.sent());
+                    _e.label = 4;
+                case 4:
+                    _c = (_d);
+                    _e.label = 5;
+                case 5:
+                    monitoredRoute = _c;
+                    monitorMode = !isEnforcedRequest && config.moduleMode === utils_1.ModuleMode.MONITOR;
+                    return [2 /*return*/, (monitorMode || monitoredRoute) && !MonitoredRequestUtils.isAllowedToBypassMonitor(config.bypassMonitorHeader, request)];
+            }
+        });
+    }); };
+    MonitoredRequestUtils.isMonitoredRoute = function (url, isMonitoredRoute) {
+        return (0, utils_1.isRouteInPatterns)(url.pathname, isMonitoredRoute);
+    };
+    MonitoredRequestUtils.isEnforcedRoute = function (url, enforcedRoutes) {
+        return (0, utils_1.isRouteInPatterns)(url.pathname, enforcedRoutes);
+    };
+    MonitoredRequestUtils.invokeCustomIsEnforcedRequest = function (config, request) { return __awaiter(_this, void 0, void 0, function () {
+        var err_1;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    if (!(config.customIsEnforcedRequest && typeof config.customIsEnforcedRequest === 'function')) return [3 /*break*/, 4];
+                    _a.label = 1;
+                case 1:
+                    _a.trys.push([1, 3, , 4]);
+                    return [4 /*yield*/, config.customIsEnforcedRequest(request.getUnderlyingRequest())];
+                case 2: return [2 /*return*/, _a.sent()];
+                case 3:
+                    err_1 = _a.sent();
+                    config.logger.debug("caught custom enforced request error - ".concat(err_1));
+                    return [3 /*break*/, 4];
+                case 4: return [2 /*return*/, false];
+            }
+        });
+    }); };
+    MonitoredRequestUtils.invokeCustomIsMonitoredRequest = function (config, request) { return __awaiter(_this, void 0, void 0, function () {
+        var err_2;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    if (!(config.customIsMonitoredRequest && typeof config.customIsMonitoredRequest === 'function')) return [3 /*break*/, 4];
+                    _a.label = 1;
+                case 1:
+                    _a.trys.push([1, 3, , 4]);
+                    return [4 /*yield*/, config.customIsMonitoredRequest(request.getUnderlyingRequest())];
+                case 2: return [2 /*return*/, _a.sent()];
+                case 3:
+                    err_2 = _a.sent();
+                    config.logger.debug("caught custom monitored request error - ".concat(err_2));
+                    return [3 /*break*/, 4];
+                case 4: return [2 /*return*/, false];
+            }
+        });
+    }); };
+    MonitoredRequestUtils.isAllowedToBypassMonitor = function (bypassMonitorHeader, request) {
+        return !!bypassMonitorHeader && request.headers.get(bypassMonitorHeader) === utils_1.BYPASS_MONITOR_HEADER_VALUE;
+    };
+})(MonitoredRequestUtils || (exports.MonitoredRequestUtils = MonitoredRequestUtils = {}));

package/lib/cjs/monitored_request/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./MonitoredRequestUtils"), exports);

package/lib/cjs/phase/flow/PostEnforceFlow.js

@@ -23,7 +23,7 @@ var PostEnforceFlow = /** @class */ (function (_super) {
         var products = _a.products, activityClient = _a.activityClient;
         return _super.call(this, [
             new impl_1.EnrichContextFromResponsePhase(config, products),
-            new impl_1.ModifyOutgoingResponsePhase(Object.values(products)),
+            new impl_1.ModifyOutgoingResponsePhase(config, Object.values(products)),
             new impl_1.SendAsyncActivitiesOnResponsePhase(activityClient),
         ]) || this;
     }

package/lib/cjs/phase/impl/CreateBlockResponsePhase.js

@@ -92,7 +92,7 @@ var CreateBlockResponsePhase = /** @class */ (function () {
                 switch (_c.label) {
                     case 0:
                         if (!context.isMobile && ((_a = context.pxhd) === null || _a === void 0 ? void 0 : _a.source) === pxhd_1.PXHDSource.RISK) {
-                            response = pxhd_1.PXHDUtils.addPxhdToMinimalResponse(context, response);
+                            response = pxhd_1.PXHDUtils.addPxhdToMinimalResponse(this.config, context, response);
                         }
                         if (!(this.config.corsSupportEnabled && ((_b = this.cors) === null || _b === void 0 ? void 0 : _b.isCorsRequest(context)))) return [3 /*break*/, 2];
                         return [4 /*yield*/, this.cors.getCorsBlockHeaders(context)];

package/lib/cjs/phase/impl/FilterPhase.js

@@ -43,8 +43,26 @@ var FilterPhase = /** @class */ (function () {
     }
     FilterPhase.prototype.execute = function (context) {
         return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                return [2 /*return*/, { done: this.filters.some(function (filter) { return filter.shouldFilter(context); }) }];
+            var _i, _a, filter;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0:
+                        _i = 0, _a = this.filters;
+                        _b.label = 1;
+                    case 1:
+                        if (!(_i < _a.length)) return [3 /*break*/, 4];
+                        filter = _a[_i];
+                        return [4 /*yield*/, filter.shouldFilter(context)];
+                    case 2:
+                        if (_b.sent()) {
+                            return [2 /*return*/, { done: true }];
+                        }
+                        _b.label = 3;
+                    case 3:
+                        _i++;
+                        return [3 /*break*/, 1];
+                    case 4: return [2 /*return*/, { done: false }];
+                }
             });
         });
     };

package/lib/cjs/phase/impl/ModifyOutgoingResponsePhase.js

@@ -39,7 +39,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ModifyOutgoingResponsePhase = void 0;
 var pxhd_1 = require("../../pxhd");
 var ModifyOutgoingResponsePhase = /** @class */ (function () {
-    function ModifyOutgoingResponsePhase(products) {
+    function ModifyOutgoingResponsePhase(config, products) {
+        this.config = config;
         this.products = products;
     }
     ModifyOutgoingResponsePhase.prototype.execute = function (context) {
@@ -51,7 +52,7 @@ var ModifyOutgoingResponsePhase = /** @class */ (function () {
                     case 1:
                         _b.sent();
                         if (((_a = context.pxhd) === null || _a === void 0 ? void 0 : _a.source) === pxhd_1.PXHDSource.RISK) {
-                            pxhd_1.PXHDUtils.addPxhdToOutgoingResponse(context, context.response);
+                            pxhd_1.PXHDUtils.addPxhdToOutgoingResponse(this.config, context, context.response);
                         }
                         return [2 /*return*/, { done: false }];
                 }

package/lib/cjs/phase/impl/SendLogsPhase.js

@@ -52,7 +52,9 @@ var SendLogsPhase = /** @class */ (function () {
                     case 1:
                         _a.sent();
                         _a.label = 2;
-                    case 2: return [2 /*return*/, { done: false }];
+                    case 2:
+                        this.config.logger.clearLogs();
+                        return [2 /*return*/, { done: false }];
                 }
             });
         });

package/lib/cjs/products/bot_defender/BotDefender.js

@@ -52,12 +52,14 @@ var action_1 = require("../../action");
 var risk_token_1 = require("../../risk_token");
 var risk_api_1 = require("../../risk_api");
 var utils_1 = require("../../utils");
-var __1 = require("../");
-var first_party_1 = require("./first_party");
+var sensitive_request_1 = require("../../sensitive_request");
+var monitored_request_1 = require("../../monitored_request");
+var block_1 = require("./block");
 var filter_1 = require("./filter");
+var first_party_1 = require("./first_party");
 var reasons_1 = require("./reasons");
+var BotDefenderActionData_1 = require("./BotDefenderActionData");
 var BotDefenderUtils_1 = require("./BotDefenderUtils");
-var block_1 = require("./block");
 var BotDefender = /** @class */ (function () {
     function BotDefender(config, options) {
         var _a, _b, _c;
@@ -75,33 +77,31 @@ var BotDefender = /** @class */ (function () {
         });
     };
     BotDefender.prototype.shouldFilter = function (context) {
-        return this.filter.shouldFilter(context);
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                return [2 /*return*/, this.filter.shouldFilter(context)];
+            });
+        });
     };
     BotDefender.prototype.enrichContextFromRequest = function (context) {
-        var _a;
         return __awaiter(this, void 0, void 0, function () {
             var isMonitoredRequest, isSensitiveRequest, actionData;
-            return __generator(this, function (_b) {
-                switch (_b.label) {
-                    case 0:
-                        isMonitoredRequest = this.isMonitoredRoute(context);
-                        isSensitiveRequest = this.isSensitiveRequest(context) || ((_a = context.graphqlData) === null || _a === void 0 ? void 0 : _a.some(function (operation) { return operation.sensitive; }));
-                        return [4 /*yield*/, this.getTokenAction(context, isMonitoredRequest, isSensitiveRequest)];
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, monitored_request_1.MonitoredRequestUtils.isMonitoredRequest(this.config, context)];
                     case 1:
-                        actionData = _b.sent();
+                        isMonitoredRequest = _a.sent();
+                        return [4 /*yield*/, sensitive_request_1.SensitiveRequestUtils.isSensitiveRequest(this.config, context)];
+                    case 2:
+                        isSensitiveRequest = _a.sent();
+                        return [4 /*yield*/, this.getTokenAction(context, isMonitoredRequest, isSensitiveRequest)];
+                    case 3:
+                        actionData = _a.sent();
                         return [2 /*return*/, __assign(__assign({}, actionData), { isMonitoredRequest: isMonitoredRequest, isSensitiveRequest: isSensitiveRequest })];
                 }
             });
         });
     };
-    BotDefender.prototype.isMonitoredRoute = function (context) {
-        return (0, __1.isMonitoredRequest)(this.config, context);
-    };
-    BotDefender.prototype.isSensitiveRequest = function (_a) {
-        var url = _a.requestData.url;
-        // TODO: Include custom sensitive request function
-        return (0, utils_1.isRouteInPatterns)(url.pathname, this.config.sensitiveRoutes);
-    };
     BotDefender.prototype.enrichContextFromResponse = function (context) {
         return __awaiter(this, void 0, void 0, function () {
             return __generator(this, function (_a) {
@@ -114,11 +114,11 @@ var BotDefender = /** @class */ (function () {
             return __generator(this, function (_a) {
                 switch (context.tokenData.tokenParseResult) {
                     case risk_token_1.TokenParseResult.NONE:
-                        return [2 /*return*/, new __1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, this.getNoTokenS2SCallReason(context))];
+                        return [2 /*return*/, new BotDefenderActionData_1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, this.getNoTokenS2SCallReason(context))];
                     case risk_token_1.TokenParseResult.DECRYPTION_FAILED:
-                        return [2 /*return*/, new __1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, reasons_1.BotDefenderS2SCallReason.COOKIE_DECRYPTION_FAILED)];
+                        return [2 /*return*/, new BotDefenderActionData_1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, reasons_1.BotDefenderS2SCallReason.COOKIE_DECRYPTION_FAILED)];
                     case risk_token_1.TokenParseResult.VALIDATION_FAILED:
-                        return [2 /*return*/, new __1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, reasons_1.BotDefenderS2SCallReason.COOKIE_VALIDATION_FAILED)];
+                        return [2 /*return*/, new BotDefenderActionData_1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, reasons_1.BotDefenderS2SCallReason.COOKIE_VALIDATION_FAILED)];
                     case risk_token_1.TokenParseResult.SUCCESSFUL:
                         return [2 /*return*/, this.getActionForSuccessfulTokenParse(context, isMonitoredRequest, isSensitiveRequest)];
                 }
@@ -140,15 +140,15 @@ var BotDefender = /** @class */ (function () {
     BotDefender.prototype.getActionForSuccessfulTokenParse = function (_a, isMonitoredRequest, isSensitiveRequest) {
         var token = _a.tokenData.token;
         if (token.isExpired()) {
-            return new __1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, reasons_1.BotDefenderS2SCallReason.COOKIE_EXPIRED);
+            return new BotDefenderActionData_1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, reasons_1.BotDefenderS2SCallReason.COOKIE_EXPIRED);
         }
         if (token.isHighScore()) {
-            return new __1.BotDefenderActionData(isMonitoredRequest ? action_1.Action.SIMULATED_BLOCK : action_1.Action.BLOCK, reasons_1.BotDefenderBlockReason.COOKIE_HIGH_SCORE);
+            return new BotDefenderActionData_1.BotDefenderActionData(isMonitoredRequest ? action_1.Action.SIMULATED_BLOCK : action_1.Action.BLOCK, reasons_1.BotDefenderBlockReason.COOKIE_HIGH_SCORE);
         }
         if (isSensitiveRequest) {
-            return new __1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, reasons_1.BotDefenderS2SCallReason.SENSITIVE_ROUTE);
+            return new BotDefenderActionData_1.BotDefenderActionData(action_1.Action.TRIGGER_RISK_API, reasons_1.BotDefenderS2SCallReason.SENSITIVE_ROUTE);
         }
-        return new __1.BotDefenderActionData(action_1.Action.PASS_REQUEST, reasons_1.BotDefenderPassReason.COOKIE);
+        return new BotDefenderActionData_1.BotDefenderActionData(action_1.Action.PASS_REQUEST, reasons_1.BotDefenderPassReason.COOKIE);
     };
     BotDefender.prototype.enrichContextFromRiskApi = function (context) {
         return __awaiter(this, void 0, void 0, function () {
@@ -168,9 +168,9 @@ var BotDefender = /** @class */ (function () {
                     case risk_api_1.RiskApiCallResult.NONE:
                         throw new utils_1.EnforcerError('risk api call result should not be none!');
                     case risk_api_1.RiskApiCallResult.ERROR:
-                        return [2 /*return*/, new __1.BotDefenderActionData(action_1.Action.PASS_REQUEST, reasons_1.BotDefenderPassReason.S2S_ERROR)];
+                        return [2 /*return*/, new BotDefenderActionData_1.BotDefenderActionData(action_1.Action.PASS_REQUEST, reasons_1.BotDefenderPassReason.S2S_ERROR)];
                     case risk_api_1.RiskApiCallResult.TIMEOUT:
-                        return [2 /*return*/, new __1.BotDefenderActionData(action_1.Action.PASS_REQUEST, reasons_1.BotDefenderPassReason.S2S_TIMEOUT)];
+                        return [2 /*return*/, new BotDefenderActionData_1.BotDefenderActionData(action_1.Action.PASS_REQUEST, reasons_1.BotDefenderPassReason.S2S_TIMEOUT)];
                     case risk_api_1.RiskApiCallResult.SUCCESSFUL:
                         return [2 /*return*/, this.getSuccessfulRiskApiAction(riskApiData.riskResponse, bd.isMonitoredRequest)];
                 }
@@ -180,9 +180,9 @@ var BotDefender = /** @class */ (function () {
     };
     BotDefender.prototype.getSuccessfulRiskApiAction = function (riskResponse, isMonitored) {
         if (riskResponse.score >= this.config.blockingScore) {
-            return new __1.BotDefenderActionData(isMonitored ? action_1.Action.SIMULATED_BLOCK : action_1.Action.BLOCK, reasons_1.BotDefenderBlockReason.S2S_HIGH_SCORE);
+            return new BotDefenderActionData_1.BotDefenderActionData(isMonitored ? action_1.Action.SIMULATED_BLOCK : action_1.Action.BLOCK, reasons_1.BotDefenderBlockReason.S2S_HIGH_SCORE);
         }
-        return new __1.BotDefenderActionData(action_1.Action.PASS_REQUEST, reasons_1.BotDefenderPassReason.S2S);
+        return new BotDefenderActionData_1.BotDefenderActionData(action_1.Action.PASS_REQUEST, reasons_1.BotDefenderPassReason.S2S);
     };
     BotDefender.prototype.shouldBlock = function (context) {
         return this.blocker.shouldBlock(context);