perimeterx-js-core 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -9
- package/lib/activities/HttpActivityClient.d.ts +1 -1
- package/lib/activities/HttpActivityClient.js +7 -4
- package/lib/activities/HttpBatchedActivityClient.d.ts +1 -1
- package/lib/activities/model/ActivityDetails.d.ts +4 -2
- package/lib/activities/utils.js +2 -1
- package/lib/block_handler/DefaultBlockResponseGenerator.d.ts +2 -2
- package/lib/block_handler/DefaultBlockResponseGenerator.js +7 -2
- package/lib/block_handler/IBlockResponseGenerator.d.ts +2 -2
- package/lib/block_handler/captcha/CaptchaBlockResponseGenerator.d.ts +2 -2
- package/lib/block_handler/captcha/HtmlCaptchaResponseGenerator.d.ts +2 -2
- package/lib/block_handler/captcha/HtmlCaptchaResponseGenerator.js +6 -1
- package/lib/block_handler/captcha/JsonCaptchaResponseGenerator.d.ts +2 -2
- package/lib/block_handler/captcha/JsonCaptchaResponseGenerator.js +8 -4
- package/lib/block_handler/captcha/MobileCaptchaResponseGenerator.d.ts +2 -2
- package/lib/block_handler/captcha/MobileCaptchaResponseGenerator.js +6 -1
- package/lib/config/ConfigurationParams.d.ts +4 -0
- package/lib/config/DefaultConfigurations.js +9 -5
- package/lib/config/IConfiguration.d.ts +18 -0
- package/lib/config/StaticConfigurationBase.d.ts +4 -0
- package/lib/config/StaticConfigurationBase.js +28 -0
- package/lib/context/ContextBase.d.ts +9 -7
- package/lib/context/ContextBase.js +22 -89
- package/lib/context/DefaultTokenV2Context.d.ts +2 -2
- package/lib/context/DefaultTokenV2Context.js +1 -1
- package/lib/context/DefaultTokenV3Context.d.ts +2 -2
- package/lib/context/DefaultTokenV3Context.js +1 -1
- package/lib/context/IContext.d.ts +9 -6
- package/lib/custom_parameters/CustomParametersFunction.d.ts +2 -2
- package/lib/custom_parameters/CustomParametersUtils.d.ts +3 -0
- package/lib/custom_parameters/CustomParametersUtils.js +59 -0
- package/lib/enforcer/EnforcerBase.d.ts +20 -27
- package/lib/enforcer/EnforcerBase.js +54 -19
- package/lib/filter/DefaultFilter.js +1 -1
- package/lib/first_party/DefaultFirstParty.d.ts +3 -2
- package/lib/first_party/DefaultFirstParty.js +45 -35
- package/lib/first_party/IFirstParty.d.ts +2 -2
- package/lib/first_party/constants.d.ts +2 -9
- package/lib/first_party/constants.js +7 -9
- package/lib/graphql/DefaultGraphQLParser.d.ts +19 -0
- package/lib/graphql/DefaultGraphQLParser.js +179 -0
- package/lib/graphql/IGraphQLParser.d.ts +5 -0
- package/lib/graphql/index.d.ts +5 -0
- package/lib/graphql/index.js +7 -0
- package/lib/graphql/model/GraphQLData.d.ts +7 -0
- package/lib/graphql/model/GraphQLOperation.d.ts +5 -0
- package/lib/graphql/model/GraphQLOperationType.d.ts +5 -0
- package/lib/graphql/model/GraphQLOperationType.js +9 -0
- package/lib/http/impl/MinimalResponseImpl.d.ts +13 -0
- package/lib/http/impl/MinimalResponseImpl.js +12 -0
- package/lib/http/impl/OutgoingRequestImpl.d.ts +14 -0
- package/lib/http/impl/OutgoingRequestImpl.js +14 -0
- package/lib/http/impl/index.d.ts +2 -0
- package/lib/http/impl/index.js +18 -0
- package/lib/http/index.d.ts +2 -9
- package/lib/http/index.js +2 -11
- package/lib/http/interfaces/IBody.d.ts +26 -0
- package/lib/http/interfaces/IHttpClient.d.ts +8 -0
- package/lib/http/interfaces/IIncomingRequest.d.ts +23 -0
- package/lib/http/interfaces/IIncomingRequest.js +2 -0
- package/lib/http/interfaces/IIncomingResponse.d.ts +9 -0
- package/lib/http/interfaces/IIncomingResponse.js +2 -0
- package/lib/http/interfaces/IMinimalResponse.d.ts +6 -0
- package/lib/http/interfaces/IMinimalResponse.js +2 -0
- package/lib/http/interfaces/IOutgoingRequest.d.ts +11 -0
- package/lib/http/interfaces/IOutgoingRequest.js +2 -0
- package/lib/http/interfaces/IOutgoingResponse.d.ts +17 -0
- package/lib/http/interfaces/IOutgoingResponse.js +2 -0
- package/lib/http/interfaces/ReadOnlyHeaders.d.ts +3 -0
- package/lib/http/interfaces/ReadOnlyHeaders.js +25 -0
- package/lib/http/interfaces/index.d.ts +7 -0
- package/lib/http/interfaces/index.js +23 -0
- package/lib/http/utils/MinimalResponseUtils.d.ts +4 -0
- package/lib/http/utils/MinimalResponseUtils.js +39 -0
- package/lib/http/utils/index.d.ts +1 -3
- package/lib/http/utils/index.js +2 -5
- package/lib/index.d.ts +1 -0
- package/lib/index.js +1 -0
- package/lib/pxde/IDataEnrichment.d.ts +1 -1
- package/lib/pxhd/PXHDUtils.d.ts +5 -2
- package/lib/pxhd/PXHDUtils.js +17 -2
- package/lib/risk_api/PostRiskApiClient.d.ts +3 -2
- package/lib/risk_api/PostRiskApiClient.js +20 -14
- package/lib/risk_api/S2SErrorHandler.d.ts +2 -2
- package/lib/risk_api/S2SErrorHandler.js +1 -1
- package/lib/risk_api/model/RiskActivity.d.ts +2 -0
- package/lib/risk_api/model/RiskResponseV2.d.ts +2 -0
- package/lib/risk_api/risk_response_handler/IRiskResponseHandler.d.ts +2 -2
- package/lib/risk_api/risk_response_handler/RiskResponseHandlerBase.d.ts +2 -2
- package/lib/risk_api/risk_response_handler/RiskResponseV2Handler.js +1 -0
- package/lib/risk_token/token/v2/DefaultBotDefenderTokenV2.js +12 -4
- package/lib/telemetry/DefaultTelemetry.d.ts +2 -1
- package/lib/telemetry/DefaultTelemetry.js +16 -7
- package/lib/utils/IScoreRetriever.d.ts +1 -1
- package/lib/utils/base64/{DefaultBase64Utils.d.ts → AtobBase64Utils.d.ts} +2 -2
- package/lib/utils/base64/AtobBase64Utils.js +15 -0
- package/lib/utils/base64/BufferBase64Utils.d.ts +6 -0
- package/lib/utils/base64/BufferBase64Utils.js +18 -0
- package/lib/utils/base64/JSBase64Base64Utils.d.ts +5 -0
- package/lib/utils/base64/JSBase64Base64Utils.js +16 -0
- package/lib/utils/base64/index.d.ts +4 -2
- package/lib/utils/base64/index.js +18 -3
- package/lib/utils/cipher/CryptoCipherUtils.d.ts +12 -0
- package/lib/{http/body_reader/StringBodyReader.js → utils/cipher/CryptoCipherUtils.js} +20 -25
- package/lib/utils/cipher/SubtleCryptoCipherUtils.d.ts +9 -0
- package/lib/utils/cipher/SubtleCryptoCipherUtils.js +94 -0
- package/lib/utils/cipher/index.d.ts +2 -0
- package/lib/utils/cipher/index.js +16 -0
- package/lib/utils/constants.d.ts +1 -1
- package/lib/utils/constants.js +1 -1
- package/lib/utils/hash/CryptoHmacUtils.d.ts +11 -0
- package/lib/utils/hash/CryptoHmacUtils.js +25 -0
- package/lib/utils/hash/{DefaultHashUtils.d.ts → CryptoJSHmacUtils.d.ts} +1 -1
- package/lib/utils/hash/CryptoJSHmacUtils.js +19 -0
- package/lib/utils/hash/index.d.ts +3 -2
- package/lib/utils/hash/index.js +17 -3
- package/lib/utils/utils.d.ts +1 -2
- package/lib/utils/utils.js +15 -4
- package/package.json +1 -2
- package/lib/http/IHttpClient.d.ts +0 -14
- package/lib/http/body_reader/IBodyReader.d.ts +0 -5
- package/lib/http/body_reader/StringBodyReader.d.ts +0 -8
- package/lib/http/request/DefaultHttpRequest.d.ts +0 -5
- package/lib/http/request/DefaultHttpRequest.js +0 -42
- package/lib/http/request/HttpRequestBase.d.ts +0 -24
- package/lib/http/request/HttpRequestBase.js +0 -77
- package/lib/http/request/IHttpRequest.d.ts +0 -31
- package/lib/http/response/DefaultHttpResponse.d.ts +0 -5
- package/lib/http/response/DefaultHttpResponse.js +0 -32
- package/lib/http/response/HttpResponseBase.d.ts +0 -17
- package/lib/http/response/HttpResponseBase.js +0 -75
- package/lib/http/response/IHttpResponse.d.ts +0 -26
- package/lib/http/utils/HttpBody.d.ts +0 -4
- package/lib/http/utils/HttpHeaders.d.ts +0 -51
- package/lib/http/utils/HttpHeaders.js +0 -106
- package/lib/utils/base64/DefaultBase64Utils.js +0 -16
- package/lib/utils/hash/DefaultHashUtils.js +0 -19
- /package/lib/{http/IHttpClient.js → graphql/IGraphQLParser.js} +0 -0
- /package/lib/{http/body_reader/IBodyReader.js → graphql/model/GraphQLData.js} +0 -0
- /package/lib/{http/request/IHttpRequest.js → graphql/model/GraphQLOperation.js} +0 -0
- /package/lib/http/{response/IHttpResponse.js → interfaces/IBody.js} +0 -0
- /package/lib/http/{utils/HttpBody.js → interfaces/IHttpClient.js} +0 -0
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { IOutgoingRequest } from './IOutgoingRequest';
|
|
2
|
+
import { IIncomingResponse } from './IIncomingResponse';
|
|
3
|
+
export declare type HttpSendOptions = {
|
|
4
|
+
timeoutMs?: number;
|
|
5
|
+
};
|
|
6
|
+
export interface IHttpClient {
|
|
7
|
+
send(request: IOutgoingRequest, options?: HttpSendOptions): Promise<IIncomingResponse>;
|
|
8
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { HttpMethod } from '../utils';
|
|
2
|
+
import { IBody } from './IBody';
|
|
3
|
+
/**
|
|
4
|
+
* describes a request that comes from the end user.
|
|
5
|
+
*/
|
|
6
|
+
export interface IIncomingRequest extends IBody {
|
|
7
|
+
/**
|
|
8
|
+
* returns a url.
|
|
9
|
+
*/
|
|
10
|
+
url: string;
|
|
11
|
+
/**
|
|
12
|
+
* returns the method.
|
|
13
|
+
*/
|
|
14
|
+
readonly method: HttpMethod;
|
|
15
|
+
/**
|
|
16
|
+
* returns the request headers (for read usage).
|
|
17
|
+
*/
|
|
18
|
+
readonly headers: Headers;
|
|
19
|
+
/**
|
|
20
|
+
* return the client ip or null.
|
|
21
|
+
*/
|
|
22
|
+
readonly clientIP: string | null;
|
|
23
|
+
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { ReadOnlyHeaders } from './ReadOnlyHeaders';
|
|
2
|
+
import { IBody } from './IBody';
|
|
3
|
+
/**
|
|
4
|
+
* describes a response that is fetched from IHttpClient
|
|
5
|
+
*/
|
|
6
|
+
export interface IIncomingResponse extends IBody {
|
|
7
|
+
readonly status: number;
|
|
8
|
+
readonly headers: ReadOnlyHeaders;
|
|
9
|
+
}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { HttpMethod } from '../utils';
|
|
2
|
+
import { ReadOnlyHeaders } from './ReadOnlyHeaders';
|
|
3
|
+
/**
|
|
4
|
+
* describes a request that can be sent via IHttpClient.
|
|
5
|
+
*/
|
|
6
|
+
export interface IOutgoingRequest {
|
|
7
|
+
readonly url: string;
|
|
8
|
+
readonly method: HttpMethod;
|
|
9
|
+
readonly body: any;
|
|
10
|
+
readonly headers: ReadOnlyHeaders;
|
|
11
|
+
}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Describes a response that is going to be returned to the end user.
|
|
3
|
+
*/
|
|
4
|
+
export interface IOutgoingResponse {
|
|
5
|
+
/**
|
|
6
|
+
* the status code, null if it cannot be fetched
|
|
7
|
+
*/
|
|
8
|
+
readonly status: number | null;
|
|
9
|
+
/**
|
|
10
|
+
* the response headers (for read usage)
|
|
11
|
+
*/
|
|
12
|
+
readonly headers: Headers | null;
|
|
13
|
+
/**
|
|
14
|
+
* the response body.
|
|
15
|
+
*/
|
|
16
|
+
readonly body: any;
|
|
17
|
+
}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.fromReadOnlyHeaders = exports.toReadOnlyHeaders = void 0;
|
|
4
|
+
var toReadOnlyHeaders = function (headers) {
|
|
5
|
+
var readonlyHeaders = {};
|
|
6
|
+
headers.forEach(function (headerValue, headerName) {
|
|
7
|
+
var current = readonlyHeaders[headerName] || [];
|
|
8
|
+
readonlyHeaders[headerName] = current.concat([headerValue]);
|
|
9
|
+
});
|
|
10
|
+
return readonlyHeaders;
|
|
11
|
+
};
|
|
12
|
+
exports.toReadOnlyHeaders = toReadOnlyHeaders;
|
|
13
|
+
var fromReadOnlyHeaders = function (headers) {
|
|
14
|
+
if (!headers) {
|
|
15
|
+
return new Headers();
|
|
16
|
+
}
|
|
17
|
+
var init = Object.entries(headers)
|
|
18
|
+
.filter(function (e) { return (e === null || e === void 0 ? void 0 : e[0]) && (e === null || e === void 0 ? void 0 : e[1]); })
|
|
19
|
+
.flatMap(function (_a) {
|
|
20
|
+
var key = _a[0], values = _a[1];
|
|
21
|
+
return values.map(function (value) { return [key, value]; });
|
|
22
|
+
});
|
|
23
|
+
return new Headers(init);
|
|
24
|
+
};
|
|
25
|
+
exports.fromReadOnlyHeaders = fromReadOnlyHeaders;
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./ReadOnlyHeaders"), exports);
|
|
18
|
+
__exportStar(require("./IHttpClient"), exports);
|
|
19
|
+
__exportStar(require("./IIncomingResponse"), exports);
|
|
20
|
+
__exportStar(require("./IMinimalResponse"), exports);
|
|
21
|
+
__exportStar(require("./IOutgoingRequest"), exports);
|
|
22
|
+
__exportStar(require("./IOutgoingResponse"), exports);
|
|
23
|
+
__exportStar(require("./IBody"), exports);
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import { IMinimalResponse } from '..';
|
|
2
|
+
import { IIncomingResponse } from '..';
|
|
3
|
+
export declare const appendHeader: (response: IMinimalResponse, name: string, value: string) => IMinimalResponse;
|
|
4
|
+
export declare const from: (response: IIncomingResponse) => IMinimalResponse;
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __assign = (this && this.__assign) || function () {
|
|
3
|
+
__assign = Object.assign || function(t) {
|
|
4
|
+
for (var s, i = 1, n = arguments.length; i < n; i++) {
|
|
5
|
+
s = arguments[i];
|
|
6
|
+
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
|
|
7
|
+
t[p] = s[p];
|
|
8
|
+
}
|
|
9
|
+
return t;
|
|
10
|
+
};
|
|
11
|
+
return __assign.apply(this, arguments);
|
|
12
|
+
};
|
|
13
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
|
+
exports.from = exports.appendHeader = void 0;
|
|
15
|
+
var __1 = require("..");
|
|
16
|
+
var appendHeader = function (response, name, value) {
|
|
17
|
+
var body = response.body;
|
|
18
|
+
var statusCode = response.status;
|
|
19
|
+
var headers = response.headers;
|
|
20
|
+
var newHeaders = __assign({}, headers);
|
|
21
|
+
newHeaders[name] = (newHeaders[name] || []).concat([value]);
|
|
22
|
+
return new __1.MinimalResponseImpl({
|
|
23
|
+
body: body,
|
|
24
|
+
headers: newHeaders,
|
|
25
|
+
status: statusCode,
|
|
26
|
+
});
|
|
27
|
+
};
|
|
28
|
+
exports.appendHeader = appendHeader;
|
|
29
|
+
var from = function (response) {
|
|
30
|
+
return new (/** @class */ (function () {
|
|
31
|
+
function class_1() {
|
|
32
|
+
this.body = response.body;
|
|
33
|
+
this.headers = response.headers;
|
|
34
|
+
this.status = response.status;
|
|
35
|
+
}
|
|
36
|
+
return class_1;
|
|
37
|
+
}()))();
|
|
38
|
+
};
|
|
39
|
+
exports.from = from;
|
package/lib/http/utils/index.js
CHANGED
|
@@ -14,11 +14,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
exports.
|
|
18
|
-
var HttpMethod_1 = require("./HttpMethod");
|
|
19
|
-
Object.defineProperty(exports, "HttpMethod", { enumerable: true, get: function () { return HttpMethod_1.HttpMethod; } });
|
|
17
|
+
exports.ContentType = void 0;
|
|
20
18
|
var ContentType_1 = require("./ContentType");
|
|
21
19
|
Object.defineProperty(exports, "ContentType", { enumerable: true, get: function () { return ContentType_1.ContentType; } });
|
|
22
|
-
var HttpHeaders_1 = require("./HttpHeaders");
|
|
23
|
-
Object.defineProperty(exports, "HttpHeaders", { enumerable: true, get: function () { return HttpHeaders_1.HttpHeaders; } });
|
|
24
20
|
__exportStar(require("./constants"), exports);
|
|
21
|
+
__exportStar(require("./HttpMethod"), exports);
|
package/lib/index.d.ts
CHANGED
package/lib/index.js
CHANGED
|
@@ -23,6 +23,7 @@ __exportStar(require("./custom_parameters"), exports);
|
|
|
23
23
|
__exportStar(require("./enforcer"), exports);
|
|
24
24
|
__exportStar(require("./filter"), exports);
|
|
25
25
|
__exportStar(require("./first_party"), exports);
|
|
26
|
+
__exportStar(require("./graphql"), exports);
|
|
26
27
|
__exportStar(require("./http"), exports);
|
|
27
28
|
__exportStar(require("./logger"), exports);
|
|
28
29
|
__exportStar(require("./pxde"), exports);
|
package/lib/pxhd/PXHDUtils.d.ts
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
|
-
import { IHttpResponse } from '../http';
|
|
2
1
|
import { IContext } from '../context';
|
|
2
|
+
import { IOutgoingResponse } from '../http';
|
|
3
|
+
import { IMinimalResponse } from '../http';
|
|
3
4
|
export declare namespace PXHDUtils {
|
|
4
5
|
const PXHD_SAMESITE_VALUE = "Lax";
|
|
5
6
|
const PXHD_PATH_VALUE = "/";
|
|
6
|
-
const addPxhdToResponse: (context: IContext, httpResponse:
|
|
7
|
+
const addPxhdToResponse: (context: IContext, httpResponse: IMinimalResponse) => IMinimalResponse;
|
|
8
|
+
const addPxhdToOutgoingResponse: (context: IContext, response: IOutgoingResponse) => void;
|
|
9
|
+
const addPxhdToMinimalResponse: (context: IContext, response: IMinimalResponse) => IMinimalResponse;
|
|
7
10
|
const getPxhdCookieValue: (pxhdValue: string) => string;
|
|
8
11
|
}
|
package/lib/pxhd/PXHDUtils.js
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.PXHDUtils = void 0;
|
|
4
|
-
var http_1 = require("../http");
|
|
5
4
|
var utils_1 = require("../utils");
|
|
5
|
+
var http_1 = require("../http");
|
|
6
|
+
var MinimalResponseUtils_1 = require("../http/utils/MinimalResponseUtils");
|
|
6
7
|
var PXHDUtils;
|
|
7
8
|
(function (PXHDUtils) {
|
|
8
9
|
PXHDUtils.PXHD_SAMESITE_VALUE = 'Lax';
|
|
@@ -10,10 +11,24 @@ var PXHDUtils;
|
|
|
10
11
|
PXHDUtils.addPxhdToResponse = function (context, httpResponse) {
|
|
11
12
|
if (context === null || context === void 0 ? void 0 : context.pxhd) {
|
|
12
13
|
var setPxhdCookie = PXHDUtils.getPxhdCookieValue(context.pxhd);
|
|
13
|
-
|
|
14
|
+
return (0, MinimalResponseUtils_1.appendHeader)(httpResponse, http_1.SET_COOKIE_HEADER_NAME, setPxhdCookie);
|
|
14
15
|
}
|
|
15
16
|
return httpResponse;
|
|
16
17
|
};
|
|
18
|
+
PXHDUtils.addPxhdToOutgoingResponse = function (context, response) {
|
|
19
|
+
if (!(context === null || context === void 0 ? void 0 : context.pxhd)) {
|
|
20
|
+
return;
|
|
21
|
+
}
|
|
22
|
+
var setPxhdCookie = PXHDUtils.getPxhdCookieValue(context.pxhd);
|
|
23
|
+
response.headers.append(http_1.SET_COOKIE_HEADER_NAME, setPxhdCookie);
|
|
24
|
+
};
|
|
25
|
+
PXHDUtils.addPxhdToMinimalResponse = function (context, response) {
|
|
26
|
+
if (context === null || context === void 0 ? void 0 : context.pxhd) {
|
|
27
|
+
var setPxhdCookie = PXHDUtils.getPxhdCookieValue(context.pxhd);
|
|
28
|
+
return (0, MinimalResponseUtils_1.appendHeader)(response, http_1.SET_COOKIE_HEADER_NAME, setPxhdCookie);
|
|
29
|
+
}
|
|
30
|
+
return response;
|
|
31
|
+
};
|
|
17
32
|
PXHDUtils.getPxhdCookieValue = function (pxhdValue) {
|
|
18
33
|
return "".concat(utils_1.PXHD_COOKIE_NAME, "=").concat(pxhdValue, "; path=").concat(PXHDUtils.PXHD_PATH_VALUE, "; SameSite=").concat(PXHDUtils.PXHD_SAMESITE_VALUE);
|
|
19
34
|
};
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import { IContext } from '../context';
|
|
2
2
|
import { IConfiguration } from '../config';
|
|
3
3
|
import { RiskActivity } from './model/RiskActivity';
|
|
4
|
-
import { IHttpClient, IHttpResponse } from '../http';
|
|
5
4
|
import { IScoreRetriever } from '../utils';
|
|
6
5
|
import { IRiskResponseHandler } from './risk_response_handler/IRiskResponseHandler';
|
|
7
6
|
import { RiskResponseV2 } from './model/RiskResponseV2';
|
|
8
7
|
import { RiskResponseV3 } from './model/RiskResponseV3';
|
|
8
|
+
import { IHttpClient } from '../http';
|
|
9
|
+
import { IIncomingResponse } from '../http';
|
|
9
10
|
export declare class PostRiskApiClient<RiskResponseType extends RiskResponseV2 | RiskResponseV3> implements IScoreRetriever {
|
|
10
11
|
private readonly config;
|
|
11
12
|
private readonly httpClient;
|
|
@@ -35,7 +36,7 @@ export declare class PostRiskApiClient<RiskResponseType extends RiskResponseV2 |
|
|
|
35
36
|
private addCustomParamsToAdditional;
|
|
36
37
|
private addCookieRiskFieldsToAdditional;
|
|
37
38
|
private formatRiskHeadersField;
|
|
38
|
-
protected sendRiskActivity(context: IContext, riskActivity: RiskActivity): Promise<
|
|
39
|
+
protected sendRiskActivity(context: IContext, riskActivity: RiskActivity): Promise<IIncomingResponse>;
|
|
39
40
|
private getRiskUrl;
|
|
40
41
|
private getRiskHeaders;
|
|
41
42
|
private handleS2STimeout;
|
|
@@ -37,12 +37,14 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
|
37
37
|
};
|
|
38
38
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
39
|
exports.PostRiskApiClient = void 0;
|
|
40
|
-
var
|
|
40
|
+
var risk_token_1 = require("../risk_token");
|
|
41
41
|
var http_1 = require("../http");
|
|
42
42
|
var utils_1 = require("../utils");
|
|
43
43
|
var S2SCallReason_1 = require("./S2SCallReason");
|
|
44
44
|
var S2SErrorHandler_1 = require("./S2SErrorHandler");
|
|
45
45
|
var constants_1 = require("./constants");
|
|
46
|
+
var http_2 = require("../http");
|
|
47
|
+
var http_3 = require("../http");
|
|
46
48
|
var PostRiskApiClient = /** @class */ (function () {
|
|
47
49
|
function PostRiskApiClient(config, httpClient, riskResponseHandler) {
|
|
48
50
|
this.config = config;
|
|
@@ -94,7 +96,7 @@ var PostRiskApiClient = /** @class */ (function () {
|
|
|
94
96
|
case 2:
|
|
95
97
|
_a.sent();
|
|
96
98
|
return [2 /*return*/, false];
|
|
97
|
-
case 3: return [4 /*yield*/, response.
|
|
99
|
+
case 3: return [4 /*yield*/, response.json()];
|
|
98
100
|
case 4:
|
|
99
101
|
riskResponse = (_a.sent());
|
|
100
102
|
return [4 /*yield*/, this.riskResponseHandler.handleRiskResponse(context, response, riskResponse)];
|
|
@@ -136,7 +138,7 @@ var PostRiskApiClient = /** @class */ (function () {
|
|
|
136
138
|
http_method: context.requestData.method,
|
|
137
139
|
http_version: context.requestData.httpVersion,
|
|
138
140
|
risk_mode: context.isMonitoredRequest ? utils_1.ModuleMode.MONITOR : utils_1.ModuleMode.ACTIVE_BLOCKING,
|
|
139
|
-
cookie_origin: context.tokenOrigin ||
|
|
141
|
+
cookie_origin: context.tokenOrigin || risk_token_1.TokenOrigin.COOKIE,
|
|
140
142
|
request_cookie_names: context.requestData.requestCookieNames,
|
|
141
143
|
request_id: context.requestId,
|
|
142
144
|
},
|
|
@@ -169,6 +171,7 @@ var PostRiskApiClient = /** @class */ (function () {
|
|
|
169
171
|
PostRiskApiClient.prototype.addOptionalRiskFieldsToAdditional = function (riskActivity, context) {
|
|
170
172
|
(0, utils_1.transferExistingProperties)(context, riskActivity.additional, {
|
|
171
173
|
vidSource: 'enforcer_vid_source',
|
|
174
|
+
graphqlData: 'graphql_operations',
|
|
172
175
|
});
|
|
173
176
|
(0, utils_1.transferExistingProperties)(context.serverData, riskActivity.additional, {
|
|
174
177
|
region: 'server_info_region',
|
|
@@ -197,21 +200,24 @@ var PostRiskApiClient = /** @class */ (function () {
|
|
|
197
200
|
PostRiskApiClient.prototype.addCookieRiskFieldsToAdditional = function (riskActivity, _a) {
|
|
198
201
|
var riskToken = _a.riskToken;
|
|
199
202
|
if (riskToken) {
|
|
200
|
-
riskActivity.additional.px_orig_cookie = riskToken.getCookieString();
|
|
201
203
|
if (riskToken.isValid()) {
|
|
202
204
|
riskActivity.additional.px_cookie = riskToken.getPayloadString();
|
|
203
205
|
riskActivity.additional.px_cookie_hmac = riskToken.hmac;
|
|
204
206
|
}
|
|
207
|
+
else {
|
|
208
|
+
riskActivity.additional.px_orig_cookie = riskToken.getCookieString();
|
|
209
|
+
}
|
|
205
210
|
}
|
|
206
211
|
};
|
|
207
212
|
PostRiskApiClient.prototype.formatRiskHeadersField = function (headers) {
|
|
208
|
-
var
|
|
209
|
-
|
|
210
|
-
values
|
|
211
|
-
|
|
212
|
-
|
|
213
|
+
var headersWithoutSensitive = (0, utils_1.removeSensitiveHeaders)(headers, this.config.sensitiveHeaders);
|
|
214
|
+
return Object.entries(headersWithoutSensitive).flatMap(function (_a) {
|
|
215
|
+
var key = _a[0], values = _a[1];
|
|
216
|
+
return values.map(function (value) { return ({
|
|
217
|
+
name: key,
|
|
218
|
+
value: value,
|
|
219
|
+
}); });
|
|
213
220
|
});
|
|
214
|
-
return headerEntries;
|
|
215
221
|
};
|
|
216
222
|
PostRiskApiClient.prototype.sendRiskActivity = function (context, riskActivity) {
|
|
217
223
|
return __awaiter(this, void 0, void 0, function () {
|
|
@@ -222,8 +228,8 @@ var PostRiskApiClient = /** @class */ (function () {
|
|
|
222
228
|
url = this.getRiskUrl();
|
|
223
229
|
headers = this.getRiskHeaders();
|
|
224
230
|
body = JSON.stringify(riskActivity);
|
|
225
|
-
method =
|
|
226
|
-
riskRequest = new
|
|
231
|
+
method = http_2.HttpMethod.POST;
|
|
232
|
+
riskRequest = new http_3.OutgoingRequestImpl({ url: url, method: method, headers: headers, body: body });
|
|
227
233
|
this.config.logger.debug("sending risk api to ".concat(url));
|
|
228
234
|
startTime = Date.now();
|
|
229
235
|
return [4 /*yield*/, this.httpClient.send(riskRequest, { timeoutMs: this.config.s2sTimeout })];
|
|
@@ -242,10 +248,10 @@ var PostRiskApiClient = /** @class */ (function () {
|
|
|
242
248
|
};
|
|
243
249
|
PostRiskApiClient.prototype.getRiskHeaders = function () {
|
|
244
250
|
var _a;
|
|
245
|
-
return
|
|
251
|
+
return _a = {},
|
|
246
252
|
_a[http_1.CONTENT_TYPE_HEADER_NAME] = [http_1.ContentType.APPLICATION_JSON],
|
|
247
253
|
_a[http_1.AUTHORIZATION_HEADER_NAME] = [(0, utils_1.getAuthorizationHeader)(this.config.authToken)],
|
|
248
|
-
_a
|
|
254
|
+
_a;
|
|
249
255
|
};
|
|
250
256
|
PostRiskApiClient.prototype.handleS2STimeout = function (context) {
|
|
251
257
|
context.passReason = utils_1.PassReason.S2S_TIMEOUT;
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import { IContext } from '../context';
|
|
2
|
-
import { IHttpResponse } from '../http';
|
|
3
2
|
import { RiskResponseV2 } from './model/RiskResponseV2';
|
|
4
3
|
import { RiskResponseV3 } from './model/RiskResponseV3';
|
|
4
|
+
import { IIncomingResponse } from '../http';
|
|
5
5
|
export declare class S2SErrorHandler {
|
|
6
|
-
handleS2SError(context: IContext, response?:
|
|
6
|
+
handleS2SError(context: IContext, response?: IIncomingResponse, responseBody?: RiskResponseV2 | RiskResponseV3, error?: Error): Promise<void>;
|
|
7
7
|
private enrichS2SErrorWithResponse;
|
|
8
8
|
private enrichS2SErrorWithError;
|
|
9
9
|
}
|
|
@@ -75,7 +75,7 @@ var S2SErrorHandler = /** @class */ (function () {
|
|
|
75
75
|
if (!responseBody) return [3 /*break*/, 1];
|
|
76
76
|
_b = JSON.stringify(responseBody);
|
|
77
77
|
return [3 /*break*/, 3];
|
|
78
|
-
case 1: return [4 /*yield*/, response.
|
|
78
|
+
case 1: return [4 /*yield*/, response.text()];
|
|
79
79
|
case 2:
|
|
80
80
|
_b = _c.sent();
|
|
81
81
|
_c.label = 3;
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { ModuleMode, VidSource } from '../../utils';
|
|
2
2
|
import { TokenOrigin } from '../../risk_token';
|
|
3
3
|
import { CustomParameters } from '../../custom_parameters';
|
|
4
|
+
import { GraphQLData } from '../../graphql/';
|
|
4
5
|
import { S2SCallReason } from '../S2SCallReason';
|
|
5
6
|
export declare type HeaderEntry = {
|
|
6
7
|
name: string;
|
|
@@ -40,6 +41,7 @@ export declare type RiskAdditionalData = {
|
|
|
40
41
|
cross_tab_session?: string;
|
|
41
42
|
app_user_id?: string;
|
|
42
43
|
jwt_additional_fields?: string[];
|
|
44
|
+
graphql_operations?: GraphQLData[];
|
|
43
45
|
} & CustomParameters;
|
|
44
46
|
export declare type RiskActivity = {
|
|
45
47
|
vid?: string;
|
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
import { RiskStatus } from './RiskStatus';
|
|
2
2
|
import { PXDE } from '../../pxde';
|
|
3
|
+
import { BlockAction } from '../../block_handler';
|
|
3
4
|
export declare type RiskResponseV2 = {
|
|
4
5
|
status: RiskStatus;
|
|
5
6
|
cookie_cfg_block_result?: '0' | '1';
|
|
7
|
+
action?: BlockAction;
|
|
6
8
|
uuid?: string;
|
|
7
9
|
pxhd?: string;
|
|
8
10
|
message?: string;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { IContext } from '../../context';
|
|
2
|
-
import {
|
|
2
|
+
import { IIncomingResponse } from '../../http';
|
|
3
3
|
export interface IRiskResponseHandler<RiskResponseType> {
|
|
4
|
-
handleRiskResponse(context: IContext, response:
|
|
4
|
+
handleRiskResponse(context: IContext, response: IIncomingResponse, riskResponse: RiskResponseType): Promise<void>;
|
|
5
5
|
}
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
import { IConfiguration } from '../../config';
|
|
2
2
|
import { IContext } from '../../context';
|
|
3
|
-
import { IHttpResponse } from '../../http';
|
|
4
3
|
import { IRiskResponseHandler } from './IRiskResponseHandler';
|
|
5
4
|
import { RiskResponseV2 } from '../model/RiskResponseV2';
|
|
6
5
|
import { RiskResponseV3 } from '../model/RiskResponseV3';
|
|
6
|
+
import { IIncomingResponse } from '../../http';
|
|
7
7
|
export declare abstract class RiskResponseHandlerBase<RiskResponseType extends RiskResponseV2 | RiskResponseV3> implements IRiskResponseHandler<RiskResponseType> {
|
|
8
8
|
protected readonly config: IConfiguration;
|
|
9
9
|
protected abstract isRiskResponseValid(riskResponse: RiskResponseType): boolean;
|
|
10
10
|
protected abstract extractScoreFromRiskResponse(riskResponse: RiskResponseType): number;
|
|
11
11
|
protected abstract setRiskResponseContextFields(context: IContext, riskResponse: RiskResponseType): void;
|
|
12
12
|
protected constructor(config: IConfiguration);
|
|
13
|
-
handleRiskResponse(context: IContext, response:
|
|
13
|
+
handleRiskResponse(context: IContext, response: IIncomingResponse, riskResponse: RiskResponseType): Promise<void>;
|
|
14
14
|
protected handleValidRiskResponse(context: IContext, riskResponse: RiskResponseType): void;
|
|
15
15
|
protected shouldBlock(score: number): boolean;
|
|
16
16
|
}
|
|
@@ -35,6 +35,7 @@ var RiskResponseV2Handler = /** @class */ (function (_super) {
|
|
|
35
35
|
(0, utils_1.transferExistingProperties)(riskResponse, context, {
|
|
36
36
|
uuid: 'uuid',
|
|
37
37
|
pxhd: 'pxhd',
|
|
38
|
+
action: 'blockAction',
|
|
38
39
|
data_enrichment: 'pxde',
|
|
39
40
|
});
|
|
40
41
|
if (riskResponse.data_enrichment) {
|
|
@@ -84,7 +84,7 @@ var DefaultBotDefenderTokenV2 = /** @class */ (function (_super) {
|
|
|
84
84
|
};
|
|
85
85
|
DefaultBotDefenderTokenV2.prototype.validate = function (context) {
|
|
86
86
|
return __awaiter(this, void 0, void 0, function () {
|
|
87
|
-
var signingFields, passHmac, blockHmac;
|
|
87
|
+
var signingFields, passHmac, blockHmac, e_1;
|
|
88
88
|
return __generator(this, function (_a) {
|
|
89
89
|
switch (_a.label) {
|
|
90
90
|
case 0:
|
|
@@ -94,22 +94,30 @@ var DefaultBotDefenderTokenV2 = /** @class */ (function (_super) {
|
|
|
94
94
|
!this.payload.h) {
|
|
95
95
|
return [2 /*return*/, false];
|
|
96
96
|
}
|
|
97
|
+
_a.label = 1;
|
|
98
|
+
case 1:
|
|
99
|
+
_a.trys.push([1, 4, , 5]);
|
|
97
100
|
signingFields = this.getSigningFields(context);
|
|
98
101
|
return [4 /*yield*/, this.calculateHmac(this.getHashParam('0', signingFields))];
|
|
99
|
-
case
|
|
102
|
+
case 2:
|
|
100
103
|
passHmac = _a.sent();
|
|
101
104
|
if (passHmac === this.payload.h) {
|
|
102
105
|
this.isHighRisk = false;
|
|
103
106
|
return [2 /*return*/, true];
|
|
104
107
|
}
|
|
105
108
|
return [4 /*yield*/, this.calculateHmac(this.getHashParam('1', signingFields))];
|
|
106
|
-
case
|
|
109
|
+
case 3:
|
|
107
110
|
blockHmac = _a.sent();
|
|
108
111
|
if (blockHmac === this.payload.h) {
|
|
109
112
|
this.isHighRisk = true;
|
|
110
113
|
return [2 /*return*/, true];
|
|
111
114
|
}
|
|
112
|
-
return [
|
|
115
|
+
return [3 /*break*/, 5];
|
|
116
|
+
case 4:
|
|
117
|
+
e_1 = _a.sent();
|
|
118
|
+
this.logger.debug("cookie v2 validation caught error: ".concat(e_1));
|
|
119
|
+
return [3 /*break*/, 5];
|
|
120
|
+
case 5: return [2 /*return*/, false];
|
|
113
121
|
}
|
|
114
122
|
});
|
|
115
123
|
});
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { IConfiguration } from '../config';
|
|
2
2
|
import { IContext } from '../context';
|
|
3
|
-
import { IHttpClient } from '../http';
|
|
4
3
|
import { IBase64Utils, IHashUtils } from '../utils';
|
|
5
4
|
import { ITelemetry } from './ITelemetry';
|
|
5
|
+
import { IHttpClient } from '..';
|
|
6
6
|
export declare class DefaultTelemetry implements ITelemetry {
|
|
7
7
|
private readonly config;
|
|
8
8
|
private readonly httpClient;
|
|
@@ -13,6 +13,7 @@ export declare class DefaultTelemetry implements ITelemetry {
|
|
|
13
13
|
sendTelemetry(context: IContext): Promise<void>;
|
|
14
14
|
private getTelemetryHeader;
|
|
15
15
|
private isTelemetryHeaderValid;
|
|
16
|
+
private isTelemetryHmacValid;
|
|
16
17
|
private sendTelemetryActivity;
|
|
17
18
|
private createTelemetryRequest;
|
|
18
19
|
private createTelemetryActivity;
|