perimeterx-js-core 0.21.3 → 0.21.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/activities/utils.js +8 -1
- package/lib/cjs/blocker/utils.js +5 -2
- package/lib/cjs/config/ConfigurationBase.js +12 -0
- package/lib/cjs/pxde/DefaultDataEnrichment.js +22 -8
- package/lib/cjs/risk_token/constants.js +2 -1
- package/lib/cjs/risk_token/token/v2/DefaultTokenV2.js +22 -12
- package/lib/cjs/risk_token/token/v3/DefaultTokenV3.js +29 -9
- package/lib/cjs/utils/constants.js +1 -1
- package/lib/cjs/utils/timestamp_hmac_header_validator/DefaultTimestampHmacHeaderValidator.js +26 -7
- package/lib/esm/activities/utils.js +6 -0
- package/lib/esm/blocker/utils.js +5 -2
- package/lib/esm/config/ConfigurationBase.js +8 -0
- package/lib/esm/context/DefaultContext.js +1 -0
- package/lib/esm/pxde/DefaultDataEnrichment.js +12 -7
- package/lib/esm/risk_token/constants.js +1 -0
- package/lib/esm/risk_token/token/serialize/SerializedToken.js +1 -0
- package/lib/esm/risk_token/token/v2/DefaultTokenV2.js +15 -12
- package/lib/esm/risk_token/token/v3/DefaultTokenV3.js +18 -5
- package/lib/esm/utils/constants.js +1 -1
- package/lib/esm/utils/timestamp_hmac_header_validator/DefaultTimestampHmacHeaderValidator.js +12 -1
- package/lib/types/activities/model/CommonActivityDetails.d.ts +1 -0
- package/lib/types/activities/utils.d.ts +31 -0
- package/lib/types/blocker/utils.d.ts +3 -0
- package/lib/types/config/ConfigurationBase.d.ts +2 -1
- package/lib/types/config/IConfiguration.d.ts +5 -1
- package/lib/types/config/params/StaticConfigurationParamsOnly.d.ts +1 -1
- package/lib/types/context/DefaultContext.d.ts +1 -0
- package/lib/types/context/interfaces/IContext.d.ts +4 -0
- package/lib/types/monitored_request/MonitoredRequestUtils.d.ts +9 -0
- package/lib/types/pxhd/PXHDUtils.d.ts +6 -0
- package/lib/types/risk_token/constants.d.ts +1 -0
- package/lib/types/risk_token/token/TokenBase.d.ts +2 -2
- package/lib/types/risk_token/token/serialize/SerializedToken.d.ts +1 -0
- package/lib/types/risk_token/token/v3/DefaultTokenV3.d.ts +2 -1
- package/lib/types/sensitive_request/SensitiveRequestUtils.d.ts +6 -0
- package/lib/types/utils/constants.d.ts +1 -1
- package/lib/types/utils/timestamp_hmac_header_validator/DefaultTimestampHmacHeaderValidator.d.ts +2 -2
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.toHeaderEntryArray = exports.createAdditionalS2SActivityDetails = exports.createBlockActivityDetails = exports.createPageRequestedActivityDetails = exports.addResponseDataToAsyncActivityCommonDetails = exports.addRiskApiDataToAsyncActivityCommonDetails = exports.addTokenDataToDetails = exports.addRequestDataToDetails = exports.addServerDataToDetails = exports.addTlsDataToDetails = exports.addProductDataToDetails = exports.addCustomParametersToDetails = exports.addConfigDataToDetails = exports.addRootContextDataToDetails = exports.createCommonActivityDetails = exports.createAsyncActivityCommonDetails = exports.createActivityDetails = exports.createAsyncActivity = void 0;
|
|
3
|
+
exports.toHeaderEntryArray = exports.createAdditionalS2SActivityDetails = exports.createBlockActivityDetails = exports.createPageRequestedActivityDetails = exports.addResponseDataToAsyncActivityCommonDetails = exports.addRiskApiDataToAsyncActivityCommonDetails = exports.addTokenDataToDetails = exports.addRequestDataToDetails = exports.addServerDataToDetails = exports.addTlsDataToDetails = exports.addProductDataToDetails = exports.addCustomParametersToDetails = exports.addConfigDataToDetails = exports.redactCookieSecret = exports.addRootContextDataToDetails = exports.createCommonActivityDetails = exports.createAsyncActivityCommonDetails = exports.createActivityDetails = exports.createAsyncActivity = void 0;
|
|
4
4
|
var utils_1 = require("../utils");
|
|
5
5
|
var products_1 = require("../products");
|
|
6
6
|
var action_1 = require("../action");
|
|
@@ -76,8 +76,15 @@ var addRootContextDataToDetails = function (details, context) {
|
|
|
76
76
|
graphqlData: 'graphql_operations',
|
|
77
77
|
enforcerStartTime: 'enforcer_start_time',
|
|
78
78
|
});
|
|
79
|
+
if (context.usedCookieSecret) {
|
|
80
|
+
details.used_cookie_secret = redactCookieSecret(context.usedCookieSecret);
|
|
81
|
+
}
|
|
79
82
|
};
|
|
80
83
|
exports.addRootContextDataToDetails = addRootContextDataToDetails;
|
|
84
|
+
function redactCookieSecret(secret) {
|
|
85
|
+
return '***'.concat(secret.substring(secret.length - 3, secret.length));
|
|
86
|
+
}
|
|
87
|
+
exports.redactCookieSecret = redactCookieSecret;
|
|
81
88
|
var addConfigDataToDetails = function (details, config) {
|
|
82
89
|
if (config.remoteConfigVersion) {
|
|
83
90
|
details.remote_config_version = config.remoteConfigVersion;
|
package/lib/cjs/blocker/utils.js
CHANGED
|
@@ -17,9 +17,12 @@ var renderHtml = function (htmlTemplate, blockData) {
|
|
|
17
17
|
exports.renderHtml = renderHtml;
|
|
18
18
|
var createBlockData = function (config, context, base64Utils) {
|
|
19
19
|
var captchaScriptSuffix = '/captcha.js';
|
|
20
|
-
var b64EncodedUrl =
|
|
20
|
+
var b64EncodedUrl = config.enableBlockedUrlOnCaptchaBlockPage
|
|
21
|
+
? base64Utils.base64Encode(context.requestData.rawUrl)
|
|
22
|
+
: '';
|
|
23
|
+
var bParam = b64EncodedUrl && "&b=".concat(b64EncodedUrl);
|
|
21
24
|
var b64HttpMethod = base64Utils.base64Encode(context.requestData.method);
|
|
22
|
-
var captchaParams = "?a=".concat(context.blockAction, "&u=").concat(context.uuid, "&v=").concat(context.vid || '', "&m=").concat(context.isMobile ? '1' : '0'
|
|
25
|
+
var captchaParams = "?a=".concat(context.blockAction, "&u=").concat(context.uuid, "&v=").concat(context.vid || '', "&m=").concat(context.isMobile ? '1' : '0').concat(bParam, "&h=").concat(b64HttpMethod);
|
|
23
26
|
var jsClientSrc = "".concat(config.backendClientUrl, "/").concat(config.appId, "/main.min.js");
|
|
24
27
|
var blockScript = "".concat(config.backendCaptchaUrl, "/").concat(config.appId).concat(captchaScriptSuffix).concat(captchaParams);
|
|
25
28
|
var hostUrl = config.backendCollectorUrl;
|
|
@@ -54,6 +54,8 @@ var ConfigurationBase = /** @class */ (function () {
|
|
|
54
54
|
return (0, utils_1.isValidEnumValue)(logger_1.LoggerSeverity, params[key]);
|
|
55
55
|
case 'px_module_mode':
|
|
56
56
|
return (0, utils_1.isValidEnumValue)(utils_1.ModuleMode, params[key]);
|
|
57
|
+
case 'px_cookie_secret':
|
|
58
|
+
return typeof params[key] === 'string' || Array.isArray(params[key]);
|
|
57
59
|
default:
|
|
58
60
|
if (defaultParams[key] === null) {
|
|
59
61
|
return typeof params[key] === 'function';
|
|
@@ -135,6 +137,9 @@ var ConfigurationBase = /** @class */ (function () {
|
|
|
135
137
|
});
|
|
136
138
|
Object.defineProperty(ConfigurationBase.prototype, "cookieSecret", {
|
|
137
139
|
get: function () {
|
|
140
|
+
if (typeof this.activeConfigParams.px_cookie_secret == 'string') {
|
|
141
|
+
return [this.activeConfigParams.px_cookie_secret];
|
|
142
|
+
}
|
|
138
143
|
return this.activeConfigParams.px_cookie_secret;
|
|
139
144
|
},
|
|
140
145
|
enumerable: false,
|
|
@@ -695,6 +700,13 @@ var ConfigurationBase = /** @class */ (function () {
|
|
|
695
700
|
enumerable: false,
|
|
696
701
|
configurable: true
|
|
697
702
|
});
|
|
703
|
+
Object.defineProperty(ConfigurationBase.prototype, "enableBlockedUrlOnCaptchaBlockPage", {
|
|
704
|
+
get: function () {
|
|
705
|
+
return true;
|
|
706
|
+
},
|
|
707
|
+
enumerable: false,
|
|
708
|
+
configurable: true
|
|
709
|
+
});
|
|
698
710
|
return ConfigurationBase;
|
|
699
711
|
}());
|
|
700
712
|
exports.ConfigurationBase = ConfigurationBase;
|
|
@@ -39,6 +39,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
39
39
|
exports.DefaultDataEnrichment = void 0;
|
|
40
40
|
var utils_1 = require("../utils");
|
|
41
41
|
var constants_1 = require("./constants");
|
|
42
|
+
var risk_token_1 = require("../risk_token");
|
|
42
43
|
var DefaultDataEnrichment = /** @class */ (function () {
|
|
43
44
|
function DefaultDataEnrichment(config, base64Utils, hmacUtils) {
|
|
44
45
|
this.config = config;
|
|
@@ -97,20 +98,33 @@ var DefaultDataEnrichment = /** @class */ (function () {
|
|
|
97
98
|
};
|
|
98
99
|
DefaultDataEnrichment.prototype.verifyPxdeHmac = function (givenHmac, encodedPayload, context) {
|
|
99
100
|
return __awaiter(this, void 0, void 0, function () {
|
|
100
|
-
var _a, e_2;
|
|
101
|
+
var index, _a, e_2;
|
|
101
102
|
return __generator(this, function (_b) {
|
|
102
103
|
switch (_b.label) {
|
|
103
104
|
case 0:
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
105
|
+
index = 0;
|
|
106
|
+
_b.label = 1;
|
|
107
|
+
case 1:
|
|
108
|
+
if (!(index < risk_token_1.COOKIE_SECRET_MAX_VALUES)) return [3 /*break*/, 6];
|
|
109
|
+
_b.label = 2;
|
|
109
110
|
case 2:
|
|
111
|
+
_b.trys.push([2, 4, , 5]);
|
|
112
|
+
_a = givenHmac;
|
|
113
|
+
return [4 /*yield*/, this.hmacUtils.createHmac(utils_1.Algorithm.SHA256, encodedPayload, this.config.cookieSecret[index])];
|
|
114
|
+
case 3:
|
|
115
|
+
if (_a ===
|
|
116
|
+
(_b.sent())) {
|
|
117
|
+
return [2 /*return*/, true];
|
|
118
|
+
}
|
|
119
|
+
return [3 /*break*/, 5];
|
|
120
|
+
case 4:
|
|
110
121
|
e_2 = _b.sent();
|
|
111
122
|
context.logger.debug("failed verifying pxde hmac: ".concat(e_2));
|
|
112
|
-
return [
|
|
113
|
-
case
|
|
123
|
+
return [3 /*break*/, 5];
|
|
124
|
+
case 5:
|
|
125
|
+
index++;
|
|
126
|
+
return [3 /*break*/, 1];
|
|
127
|
+
case 6: return [2 /*return*/, false];
|
|
114
128
|
}
|
|
115
129
|
});
|
|
116
130
|
});
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.COOKIE_V3_MAXIMUM_SALT_LENGTH = exports.COOKIE_V3_PARTS_COUNT = exports.COOKIE_V3_PAYLOAD_INDEX = exports.COOKIE_V3_ITERATIONS_INDEX = exports.COOKIE_V3_SALT_INDEX = exports.COOKIE_V3_HMAC_INDEX = exports.COOKIE_V3_NAME = exports.COOKIE_V2_NAME = exports.COOKIE_SPLIT_DELIMITER = void 0;
|
|
3
|
+
exports.COOKIE_SECRET_MAX_VALUES = exports.COOKIE_V3_MAXIMUM_SALT_LENGTH = exports.COOKIE_V3_PARTS_COUNT = exports.COOKIE_V3_PAYLOAD_INDEX = exports.COOKIE_V3_ITERATIONS_INDEX = exports.COOKIE_V3_SALT_INDEX = exports.COOKIE_V3_HMAC_INDEX = exports.COOKIE_V3_NAME = exports.COOKIE_V2_NAME = exports.COOKIE_SPLIT_DELIMITER = void 0;
|
|
4
4
|
exports.COOKIE_SPLIT_DELIMITER = ':';
|
|
5
5
|
exports.COOKIE_V2_NAME = '_px2';
|
|
6
6
|
exports.COOKIE_V3_NAME = '_px3';
|
|
@@ -10,3 +10,4 @@ exports.COOKIE_V3_ITERATIONS_INDEX = 2;
|
|
|
10
10
|
exports.COOKIE_V3_PAYLOAD_INDEX = 3;
|
|
11
11
|
exports.COOKIE_V3_PARTS_COUNT = 4;
|
|
12
12
|
exports.COOKIE_V3_MAXIMUM_SALT_LENGTH = 100;
|
|
13
|
+
exports.COOKIE_SECRET_MAX_VALUES = 2;
|
|
@@ -55,6 +55,7 @@ exports.DefaultTokenV2 = void 0;
|
|
|
55
55
|
var blocker_1 = require("../../../blocker");
|
|
56
56
|
var utils_1 = require("../../../utils");
|
|
57
57
|
var TokenBase_1 = require("../TokenBase");
|
|
58
|
+
var constants_1 = require("../../constants");
|
|
58
59
|
var DefaultTokenV2 = /** @class */ (function (_super) {
|
|
59
60
|
__extends(DefaultTokenV2, _super);
|
|
60
61
|
function DefaultTokenV2(config, cookieString, base64Utils, hmacUtils) {
|
|
@@ -80,7 +81,7 @@ var DefaultTokenV2 = /** @class */ (function (_super) {
|
|
|
80
81
|
};
|
|
81
82
|
DefaultTokenV2.prototype.validate = function (context) {
|
|
82
83
|
return __awaiter(this, void 0, void 0, function () {
|
|
83
|
-
var signingFields, passHmac, blockHmac, e_1;
|
|
84
|
+
var signingFields, index, passHmac, blockHmac, e_1;
|
|
84
85
|
return __generator(this, function (_a) {
|
|
85
86
|
switch (_a.label) {
|
|
86
87
|
case 0:
|
|
@@ -93,29 +94,38 @@ var DefaultTokenV2 = /** @class */ (function (_super) {
|
|
|
93
94
|
}
|
|
94
95
|
_a.label = 1;
|
|
95
96
|
case 1:
|
|
96
|
-
_a.trys.push([1,
|
|
97
|
+
_a.trys.push([1, 7, , 8]);
|
|
97
98
|
signingFields = this.getSigningFields(context);
|
|
98
|
-
|
|
99
|
+
index = 0;
|
|
100
|
+
_a.label = 2;
|
|
99
101
|
case 2:
|
|
102
|
+
if (!(index < constants_1.COOKIE_SECRET_MAX_VALUES)) return [3 /*break*/, 6];
|
|
103
|
+
return [4 /*yield*/, this.calculateHmac(this.getHashParam('0', signingFields), this.config.cookieSecret[index])];
|
|
104
|
+
case 3:
|
|
100
105
|
passHmac = _a.sent();
|
|
101
106
|
if (passHmac === this.payload.h) {
|
|
102
107
|
this.isHighRisk = false;
|
|
103
108
|
return [2 /*return*/, true];
|
|
104
109
|
}
|
|
105
|
-
return [4 /*yield*/, this.calculateHmac(this.getHashParam('1', signingFields))];
|
|
106
|
-
case
|
|
110
|
+
return [4 /*yield*/, this.calculateHmac(this.getHashParam('1', signingFields), this.config.cookieSecret[index])];
|
|
111
|
+
case 4:
|
|
107
112
|
blockHmac = _a.sent();
|
|
108
113
|
if (blockHmac === this.payload.h) {
|
|
109
114
|
this.isHighRisk = true;
|
|
110
115
|
return [2 /*return*/, true];
|
|
111
116
|
}
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
117
|
+
_a.label = 5;
|
|
118
|
+
case 5:
|
|
119
|
+
index++;
|
|
120
|
+
return [3 /*break*/, 2];
|
|
121
|
+
case 6:
|
|
122
|
+
context.logger.debug("unknown cookie v2 hmac (".concat(this.payload.h, "), does not match pass or block hmac)"));
|
|
123
|
+
return [3 /*break*/, 8];
|
|
124
|
+
case 7:
|
|
115
125
|
e_1 = _a.sent();
|
|
116
126
|
context.logger.debug("cookie v2 validation caught error: ".concat(e_1));
|
|
117
|
-
return [3 /*break*/,
|
|
118
|
-
case
|
|
127
|
+
return [3 /*break*/, 8];
|
|
128
|
+
case 8: return [2 /*return*/, false];
|
|
119
129
|
}
|
|
120
130
|
});
|
|
121
131
|
});
|
|
@@ -134,12 +144,12 @@ var DefaultTokenV2 = /** @class */ (function (_super) {
|
|
|
134
144
|
}
|
|
135
145
|
return hashParam;
|
|
136
146
|
};
|
|
137
|
-
DefaultTokenV2.prototype.calculateHmac = function (param) {
|
|
147
|
+
DefaultTokenV2.prototype.calculateHmac = function (param, cookieSecret) {
|
|
138
148
|
return __awaiter(this, void 0, void 0, function () {
|
|
139
149
|
var payload;
|
|
140
150
|
return __generator(this, function (_a) {
|
|
141
151
|
payload = "".concat(this.payload.t).concat(this.payload.u).concat(this.payload.v).concat(param);
|
|
142
|
-
return [2 /*return*/, this.hmacUtils.createHmac(utils_1.Algorithm.SHA256, payload,
|
|
152
|
+
return [2 /*return*/, this.hmacUtils.createHmac(utils_1.Algorithm.SHA256, payload, cookieSecret)];
|
|
143
153
|
});
|
|
144
154
|
});
|
|
145
155
|
};
|
|
@@ -56,6 +56,7 @@ var utils_1 = require("../../../utils");
|
|
|
56
56
|
var constants_1 = require("../../constants");
|
|
57
57
|
var TokenSignField_1 = require("./TokenSignField");
|
|
58
58
|
var TokenBase_1 = require("../TokenBase");
|
|
59
|
+
var activities_1 = require("../../../activities");
|
|
59
60
|
var DefaultTokenV3 = /** @class */ (function (_super) {
|
|
60
61
|
__extends(DefaultTokenV3, _super);
|
|
61
62
|
function DefaultTokenV3(config, cookieString, cipherUtils, hmacUtils, isValidated, payload) {
|
|
@@ -64,6 +65,7 @@ var DefaultTokenV3 = /** @class */ (function (_super) {
|
|
|
64
65
|
_this.maxIterations = config.riskCookieMaxIterations;
|
|
65
66
|
_this.minIterations = config.riskCookieMinIterations;
|
|
66
67
|
_this.blockingScore = config.blockingScore;
|
|
68
|
+
_this.cookieSecret = config.cookieSecret;
|
|
67
69
|
_this.cookieString = cookieString;
|
|
68
70
|
_this.cipherUtils = cipherUtils;
|
|
69
71
|
_this.hmacUtils = hmacUtils;
|
|
@@ -71,11 +73,11 @@ var DefaultTokenV3 = /** @class */ (function (_super) {
|
|
|
71
73
|
}
|
|
72
74
|
DefaultTokenV3.prototype.decrypt = function (context) {
|
|
73
75
|
return __awaiter(this, void 0, void 0, function () {
|
|
74
|
-
var data, salt, iterations, encryptedCookie, e_1;
|
|
76
|
+
var data, salt, iterations, encryptedCookie, index, payload, e_1;
|
|
75
77
|
return __generator(this, function (_a) {
|
|
76
78
|
switch (_a.label) {
|
|
77
79
|
case 0:
|
|
78
|
-
_a.trys.push([0,
|
|
80
|
+
_a.trys.push([0, 5, , 6]);
|
|
79
81
|
data = this.cookieString.split(constants_1.COOKIE_SPLIT_DELIMITER);
|
|
80
82
|
if (data.length !== constants_1.COOKIE_V3_PARTS_COUNT) {
|
|
81
83
|
context.logger.debug("invalid cookie v3 structure: ".concat(data));
|
|
@@ -99,25 +101,43 @@ var DefaultTokenV3 = /** @class */ (function (_super) {
|
|
|
99
101
|
context.logger.debug("invalid cookie v3 encrypted payload: ".concat(encryptedCookie));
|
|
100
102
|
return [2 /*return*/, null];
|
|
101
103
|
}
|
|
102
|
-
|
|
103
|
-
|
|
104
|
+
index = 0;
|
|
105
|
+
_a.label = 1;
|
|
106
|
+
case 1:
|
|
107
|
+
if (!(index < constants_1.COOKIE_SECRET_MAX_VALUES)) return [3 /*break*/, 4];
|
|
108
|
+
context.logger.debug("Attempting to decrypt cookie using secret: ".concat((0, activities_1.redactCookieSecret)(this.cookieSecret[index])));
|
|
109
|
+
return [4 /*yield*/, this.decryptPayload(encryptedCookie, salt, iterations, this.cookieSecret[index], context)];
|
|
104
110
|
case 2:
|
|
111
|
+
payload = _a.sent();
|
|
112
|
+
if (payload) {
|
|
113
|
+
context.logger.debug('Cookie decrypted successfully');
|
|
114
|
+
this.usedCookieSecret = this.cookieSecret[index];
|
|
115
|
+
// @ts-ignore
|
|
116
|
+
context.usedCookieSecret = this.cookieSecret[index];
|
|
117
|
+
return [2 /*return*/, payload];
|
|
118
|
+
}
|
|
119
|
+
_a.label = 3;
|
|
120
|
+
case 3:
|
|
121
|
+
index++;
|
|
122
|
+
return [3 /*break*/, 1];
|
|
123
|
+
case 4: return [3 /*break*/, 6];
|
|
124
|
+
case 5:
|
|
105
125
|
e_1 = _a.sent();
|
|
106
126
|
context.logger.debug("cookie v3 decryption failed: ".concat(e_1));
|
|
107
|
-
return [3 /*break*/,
|
|
108
|
-
case
|
|
127
|
+
return [3 /*break*/, 6];
|
|
128
|
+
case 6: return [2 /*return*/, null];
|
|
109
129
|
}
|
|
110
130
|
});
|
|
111
131
|
});
|
|
112
132
|
};
|
|
113
|
-
DefaultTokenV3.prototype.decryptPayload = function (encryptedCookie, salt, iterations, context) {
|
|
133
|
+
DefaultTokenV3.prototype.decryptPayload = function (encryptedCookie, salt, iterations, secret, context) {
|
|
114
134
|
return __awaiter(this, void 0, void 0, function () {
|
|
115
135
|
var decryptedCookie, payload, e_2;
|
|
116
136
|
return __generator(this, function (_a) {
|
|
117
137
|
switch (_a.label) {
|
|
118
138
|
case 0:
|
|
119
139
|
_a.trys.push([0, 2, , 3]);
|
|
120
|
-
return [4 /*yield*/, this.cipherUtils.pbkdf2Decrypt(
|
|
140
|
+
return [4 /*yield*/, this.cipherUtils.pbkdf2Decrypt(secret, encryptedCookie, iterations, salt)];
|
|
121
141
|
case 1:
|
|
122
142
|
decryptedCookie = _a.sent();
|
|
123
143
|
if (!decryptedCookie) {
|
|
@@ -153,7 +173,7 @@ var DefaultTokenV3 = /** @class */ (function (_super) {
|
|
|
153
173
|
signedFields = this.getSignedWithFields(context);
|
|
154
174
|
hmacStrBase = this.cookieString.substring(this.cookieString.indexOf(constants_1.COOKIE_SPLIT_DELIMITER) + 1);
|
|
155
175
|
payload = "".concat(hmacStrBase).concat(signedFields.join(''));
|
|
156
|
-
return [4 /*yield*/, this.hmacUtils.createHmac(utils_1.Algorithm.SHA256, payload, this.
|
|
176
|
+
return [4 /*yield*/, this.hmacUtils.createHmac(utils_1.Algorithm.SHA256, payload, this.usedCookieSecret)];
|
|
157
177
|
case 1:
|
|
158
178
|
hash = _a.sent();
|
|
159
179
|
return [2 /*return*/, hash === this.hmac];
|
|
@@ -14,4 +14,4 @@ exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
|
|
|
14
14
|
exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
|
|
15
15
|
exports.URL_REGEX = /^(https?\:)\/\/(([^@\s:]+):?([^@\s]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/;
|
|
16
16
|
exports.REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
|
|
17
|
-
exports.CORE_MODULE_VERSION = 'JS Core 0.21.
|
|
17
|
+
exports.CORE_MODULE_VERSION = 'JS Core 0.21.5';
|
package/lib/cjs/utils/timestamp_hmac_header_validator/DefaultTimestampHmacHeaderValidator.js
CHANGED
|
@@ -38,6 +38,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
|
38
38
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
39
|
exports.DefaultTimestampHmacHeaderValidator = void 0;
|
|
40
40
|
var Algorithm_1 = require("../Algorithm");
|
|
41
|
+
var risk_token_1 = require("../../risk_token");
|
|
41
42
|
var TIMESTAMP_HMAC_HEADER_DELIMITER = ':';
|
|
42
43
|
var TIMESTAMP_HMAC_HEADER_PARTS_COUNT = 2;
|
|
43
44
|
var DefaultTimestampHmacHeaderValidator = /** @class */ (function () {
|
|
@@ -79,19 +80,37 @@ var DefaultTimestampHmacHeaderValidator = /** @class */ (function () {
|
|
|
79
80
|
};
|
|
80
81
|
DefaultTimestampHmacHeaderValidator.prototype.isHmacValid = function (givenHmac, timestamp, logger) {
|
|
81
82
|
return __awaiter(this, void 0, void 0, function () {
|
|
82
|
-
var _a, err_1;
|
|
83
|
-
return __generator(this, function (
|
|
84
|
-
switch (
|
|
83
|
+
var _a, index, _b, err_1;
|
|
84
|
+
return __generator(this, function (_c) {
|
|
85
|
+
switch (_c.label) {
|
|
85
86
|
case 0:
|
|
86
|
-
|
|
87
|
+
_c.trys.push([0, 8, , 9]);
|
|
88
|
+
if (!(typeof this.secret == 'string')) return [3 /*break*/, 2];
|
|
87
89
|
_a = givenHmac;
|
|
88
90
|
return [4 /*yield*/, this.hmacUtils.createHmac(Algorithm_1.Algorithm.SHA256, timestamp, this.secret)];
|
|
89
|
-
case 1: return [2 /*return*/, _a === (
|
|
91
|
+
case 1: return [2 /*return*/, _a === (_c.sent())];
|
|
90
92
|
case 2:
|
|
91
|
-
|
|
93
|
+
index = 0;
|
|
94
|
+
_c.label = 3;
|
|
95
|
+
case 3:
|
|
96
|
+
if (!(index < risk_token_1.COOKIE_SECRET_MAX_VALUES)) return [3 /*break*/, 6];
|
|
97
|
+
_b = givenHmac;
|
|
98
|
+
return [4 /*yield*/, this.hmacUtils.createHmac(Algorithm_1.Algorithm.SHA256, timestamp, this.secret[index])];
|
|
99
|
+
case 4:
|
|
100
|
+
if (_b === (_c.sent())) {
|
|
101
|
+
return [2 /*return*/, true];
|
|
102
|
+
}
|
|
103
|
+
_c.label = 5;
|
|
104
|
+
case 5:
|
|
105
|
+
index++;
|
|
106
|
+
return [3 /*break*/, 3];
|
|
107
|
+
case 6: return [2 /*return*/, false];
|
|
108
|
+
case 7: return [3 /*break*/, 9];
|
|
109
|
+
case 8:
|
|
110
|
+
err_1 = _c.sent();
|
|
92
111
|
logger.debug("caught error calculating timestamp:header hmac: ".concat(err_1));
|
|
93
112
|
return [2 /*return*/, false];
|
|
94
|
-
case
|
|
113
|
+
case 9: return [2 /*return*/];
|
|
95
114
|
}
|
|
96
115
|
});
|
|
97
116
|
});
|
|
@@ -67,7 +67,13 @@ export const addRootContextDataToDetails = (details, context) => {
|
|
|
67
67
|
graphqlData: 'graphql_operations',
|
|
68
68
|
enforcerStartTime: 'enforcer_start_time',
|
|
69
69
|
});
|
|
70
|
+
if (context.usedCookieSecret) {
|
|
71
|
+
details.used_cookie_secret = redactCookieSecret(context.usedCookieSecret);
|
|
72
|
+
}
|
|
70
73
|
};
|
|
74
|
+
export function redactCookieSecret(secret) {
|
|
75
|
+
return '***'.concat(secret.substring(secret.length - 3, secret.length));
|
|
76
|
+
}
|
|
71
77
|
export const addConfigDataToDetails = (details, config) => {
|
|
72
78
|
if (config.remoteConfigVersion) {
|
|
73
79
|
details.remote_config_version = config.remoteConfigVersion;
|
package/lib/esm/blocker/utils.js
CHANGED
|
@@ -12,9 +12,12 @@ export const renderHtml = (htmlTemplate, blockData) => {
|
|
|
12
12
|
};
|
|
13
13
|
export const createBlockData = (config, context, base64Utils) => {
|
|
14
14
|
const captchaScriptSuffix = '/captcha.js';
|
|
15
|
-
const b64EncodedUrl =
|
|
15
|
+
const b64EncodedUrl = config.enableBlockedUrlOnCaptchaBlockPage
|
|
16
|
+
? base64Utils.base64Encode(context.requestData.rawUrl)
|
|
17
|
+
: '';
|
|
18
|
+
const bParam = b64EncodedUrl && `&b=${b64EncodedUrl}`;
|
|
16
19
|
const b64HttpMethod = base64Utils.base64Encode(context.requestData.method);
|
|
17
|
-
const captchaParams = `?a=${context.blockAction}&u=${context.uuid}&v=${context.vid || ''}&m=${context.isMobile ? '1' : '0'}
|
|
20
|
+
const captchaParams = `?a=${context.blockAction}&u=${context.uuid}&v=${context.vid || ''}&m=${context.isMobile ? '1' : '0'}${bParam}&h=${b64HttpMethod}`;
|
|
18
21
|
let jsClientSrc = `${config.backendClientUrl}/${config.appId}/main.min.js`;
|
|
19
22
|
let blockScript = `${config.backendCaptchaUrl}/${config.appId}${captchaScriptSuffix}${captchaParams}`;
|
|
20
23
|
let hostUrl = config.backendCollectorUrl;
|
|
@@ -44,6 +44,8 @@ export class ConfigurationBase {
|
|
|
44
44
|
return isValidEnumValue(LoggerSeverity, params[key]);
|
|
45
45
|
case 'px_module_mode':
|
|
46
46
|
return isValidEnumValue(ModuleMode, params[key]);
|
|
47
|
+
case 'px_cookie_secret':
|
|
48
|
+
return typeof params[key] === 'string' || Array.isArray(params[key]);
|
|
47
49
|
default:
|
|
48
50
|
if (defaultParams[key] === null) {
|
|
49
51
|
return typeof params[key] === 'function';
|
|
@@ -103,6 +105,9 @@ export class ConfigurationBase {
|
|
|
103
105
|
return this.activeConfigParams.px_bypass_monitor_header;
|
|
104
106
|
}
|
|
105
107
|
get cookieSecret() {
|
|
108
|
+
if (typeof this.activeConfigParams.px_cookie_secret == 'string') {
|
|
109
|
+
return [this.activeConfigParams.px_cookie_secret];
|
|
110
|
+
}
|
|
106
111
|
return this.activeConfigParams.px_cookie_secret;
|
|
107
112
|
}
|
|
108
113
|
get customCookieHeader() {
|
|
@@ -342,4 +347,7 @@ export class ConfigurationBase {
|
|
|
342
347
|
get securedPxhdEnabled() {
|
|
343
348
|
return this.activeConfigParams.px_secured_pxhd_enabled;
|
|
344
349
|
}
|
|
350
|
+
get enableBlockedUrlOnCaptchaBlockPage() {
|
|
351
|
+
return true;
|
|
352
|
+
}
|
|
345
353
|
}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { Algorithm, PXDE_COOKIE_NAME } from '../utils';
|
|
2
2
|
import { PXDE_COOKIE_DELIMITER, PXDE_COOKIE_PARTS_COUNT, PXDE_HMAC_INDEX, PXDE_PAYLOAD_INDEX } from './constants';
|
|
3
|
+
import { COOKIE_SECRET_MAX_VALUES } from '../risk_token';
|
|
3
4
|
export class DefaultDataEnrichment {
|
|
4
5
|
config;
|
|
5
6
|
base64Utils;
|
|
@@ -39,14 +40,18 @@ export class DefaultDataEnrichment {
|
|
|
39
40
|
};
|
|
40
41
|
}
|
|
41
42
|
async verifyPxdeHmac(givenHmac, encodedPayload, context) {
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
43
|
+
for (let index = 0; index < COOKIE_SECRET_MAX_VALUES; index++) {
|
|
44
|
+
try {
|
|
45
|
+
if (givenHmac ===
|
|
46
|
+
(await this.hmacUtils.createHmac(Algorithm.SHA256, encodedPayload, this.config.cookieSecret[index]))) {
|
|
47
|
+
return true;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
catch (e) {
|
|
51
|
+
context.logger.debug(`failed verifying pxde hmac: ${e}`);
|
|
52
|
+
}
|
|
49
53
|
}
|
|
54
|
+
return false;
|
|
50
55
|
}
|
|
51
56
|
async parsePxdePayload(encodedPayload, context) {
|
|
52
57
|
try {
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { BlockAction } from '../../../blocker';
|
|
2
2
|
import { Algorithm, isValidUuid } from '../../../utils';
|
|
3
3
|
import { TokenBase } from '../TokenBase';
|
|
4
|
+
import { COOKIE_SECRET_MAX_VALUES } from '../../constants';
|
|
4
5
|
export class DefaultTokenV2 extends TokenBase {
|
|
5
6
|
base64Utils;
|
|
6
7
|
hmacUtils;
|
|
@@ -35,17 +36,19 @@ export class DefaultTokenV2 extends TokenBase {
|
|
|
35
36
|
}
|
|
36
37
|
try {
|
|
37
38
|
const signingFields = this.getSigningFields(context);
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
this.
|
|
41
|
-
|
|
39
|
+
for (let index = 0; index < COOKIE_SECRET_MAX_VALUES; index++) {
|
|
40
|
+
const passHmac = await this.calculateHmac(this.getHashParam('0', signingFields), this.config.cookieSecret[index]);
|
|
41
|
+
if (passHmac === this.payload.h) {
|
|
42
|
+
this.isHighRisk = false;
|
|
43
|
+
return true;
|
|
44
|
+
}
|
|
45
|
+
const blockHmac = await this.calculateHmac(this.getHashParam('1', signingFields), this.config.cookieSecret[index]);
|
|
46
|
+
if (blockHmac === this.payload.h) {
|
|
47
|
+
this.isHighRisk = true;
|
|
48
|
+
return true;
|
|
49
|
+
}
|
|
42
50
|
}
|
|
43
|
-
|
|
44
|
-
if (blockHmac === this.payload.h) {
|
|
45
|
-
this.isHighRisk = true;
|
|
46
|
-
return true;
|
|
47
|
-
}
|
|
48
|
-
context.logger.debug(`unknown cookie v2 hmac (${this.payload.h}), does not match pass (${passHmac}) or block (${blockHmac})`);
|
|
51
|
+
context.logger.debug(`unknown cookie v2 hmac (${this.payload.h}), does not match pass or block hmac)`);
|
|
49
52
|
}
|
|
50
53
|
catch (e) {
|
|
51
54
|
context.logger.debug(`cookie v2 validation caught error: ${e}`);
|
|
@@ -66,9 +69,9 @@ export class DefaultTokenV2 extends TokenBase {
|
|
|
66
69
|
}
|
|
67
70
|
return hashParam;
|
|
68
71
|
}
|
|
69
|
-
async calculateHmac(param) {
|
|
72
|
+
async calculateHmac(param, cookieSecret) {
|
|
70
73
|
const payload = `${this.payload.t}${this.payload.u}${this.payload.v}${param}`;
|
|
71
|
-
return this.hmacUtils.createHmac(Algorithm.SHA256, payload,
|
|
74
|
+
return this.hmacUtils.createHmac(Algorithm.SHA256, payload, cookieSecret);
|
|
72
75
|
}
|
|
73
76
|
isExpired() {
|
|
74
77
|
return Date.now() > this.payload?.t;
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { Algorithm } from '../../../utils';
|
|
2
|
-
import { COOKIE_SPLIT_DELIMITER, COOKIE_V3_HMAC_INDEX, COOKIE_V3_ITERATIONS_INDEX, COOKIE_V3_MAXIMUM_SALT_LENGTH, COOKIE_V3_PARTS_COUNT, COOKIE_V3_PAYLOAD_INDEX, COOKIE_V3_SALT_INDEX, } from '../../constants';
|
|
2
|
+
import { COOKIE_SECRET_MAX_VALUES, COOKIE_SPLIT_DELIMITER, COOKIE_V3_HMAC_INDEX, COOKIE_V3_ITERATIONS_INDEX, COOKIE_V3_MAXIMUM_SALT_LENGTH, COOKIE_V3_PARTS_COUNT, COOKIE_V3_PAYLOAD_INDEX, COOKIE_V3_SALT_INDEX, } from '../../constants';
|
|
3
3
|
import { TokenSignField } from './TokenSignField';
|
|
4
4
|
import { TokenBase } from '../TokenBase';
|
|
5
|
+
import { redactCookieSecret } from '../../../activities';
|
|
5
6
|
export class DefaultTokenV3 extends TokenBase {
|
|
6
7
|
maxIterations;
|
|
7
8
|
minIterations;
|
|
@@ -9,11 +10,13 @@ export class DefaultTokenV3 extends TokenBase {
|
|
|
9
10
|
cipherUtils;
|
|
10
11
|
hmacUtils;
|
|
11
12
|
hash;
|
|
13
|
+
usedCookieSecret;
|
|
12
14
|
constructor(config, cookieString, cipherUtils, hmacUtils, isValidated = false, payload) {
|
|
13
15
|
super(config, cookieString, isValidated, payload);
|
|
14
16
|
this.maxIterations = config.riskCookieMaxIterations;
|
|
15
17
|
this.minIterations = config.riskCookieMinIterations;
|
|
16
18
|
this.blockingScore = config.blockingScore;
|
|
19
|
+
this.cookieSecret = config.cookieSecret;
|
|
17
20
|
this.cookieString = cookieString;
|
|
18
21
|
this.cipherUtils = cipherUtils;
|
|
19
22
|
this.hmacUtils = hmacUtils;
|
|
@@ -43,16 +46,26 @@ export class DefaultTokenV3 extends TokenBase {
|
|
|
43
46
|
context.logger.debug(`invalid cookie v3 encrypted payload: ${encryptedCookie}`);
|
|
44
47
|
return null;
|
|
45
48
|
}
|
|
46
|
-
|
|
49
|
+
for (let index = 0; index < COOKIE_SECRET_MAX_VALUES; index++) {
|
|
50
|
+
context.logger.debug(`Attempting to decrypt cookie using secret: ${redactCookieSecret(this.cookieSecret[index])}`);
|
|
51
|
+
const payload = await this.decryptPayload(encryptedCookie, salt, iterations, this.cookieSecret[index], context);
|
|
52
|
+
if (payload) {
|
|
53
|
+
context.logger.debug('Cookie decrypted successfully');
|
|
54
|
+
this.usedCookieSecret = this.cookieSecret[index];
|
|
55
|
+
// @ts-ignore
|
|
56
|
+
context.usedCookieSecret = this.cookieSecret[index];
|
|
57
|
+
return payload;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
47
60
|
}
|
|
48
61
|
catch (e) {
|
|
49
62
|
context.logger.debug(`cookie v3 decryption failed: ${e}`);
|
|
50
63
|
}
|
|
51
64
|
return null;
|
|
52
65
|
}
|
|
53
|
-
async decryptPayload(encryptedCookie, salt, iterations, context) {
|
|
66
|
+
async decryptPayload(encryptedCookie, salt, iterations, secret, context) {
|
|
54
67
|
try {
|
|
55
|
-
const decryptedCookie = await this.cipherUtils.pbkdf2Decrypt(
|
|
68
|
+
const decryptedCookie = await this.cipherUtils.pbkdf2Decrypt(secret, encryptedCookie, iterations, salt);
|
|
56
69
|
if (!decryptedCookie) {
|
|
57
70
|
context.logger.debug(`cookie v3 decryption returned falsy value: ${decryptedCookie}`);
|
|
58
71
|
return null;
|
|
@@ -78,7 +91,7 @@ export class DefaultTokenV3 extends TokenBase {
|
|
|
78
91
|
const signedFields = this.getSignedWithFields(context);
|
|
79
92
|
const hmacStrBase = this.cookieString.substring(this.cookieString.indexOf(COOKIE_SPLIT_DELIMITER) + 1);
|
|
80
93
|
const payload = `${hmacStrBase}${signedFields.join('')}`;
|
|
81
|
-
const hash = await this.hmacUtils.createHmac(Algorithm.SHA256, payload, this.
|
|
94
|
+
const hash = await this.hmacUtils.createHmac(Algorithm.SHA256, payload, this.usedCookieSecret);
|
|
82
95
|
return hash === this.hmac;
|
|
83
96
|
}
|
|
84
97
|
catch (e) {
|
|
@@ -11,4 +11,4 @@ export const PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
|
|
|
11
11
|
export const EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
|
|
12
12
|
export const URL_REGEX = /^(https?\:)\/\/(([^@\s:]+):?([^@\s]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/;
|
|
13
13
|
export const REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
|
|
14
|
-
export const CORE_MODULE_VERSION = 'JS Core 0.21.
|
|
14
|
+
export const CORE_MODULE_VERSION = 'JS Core 0.21.5';
|
package/lib/esm/utils/timestamp_hmac_header_validator/DefaultTimestampHmacHeaderValidator.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Algorithm } from '../Algorithm';
|
|
2
|
+
import { COOKIE_SECRET_MAX_VALUES } from '../../risk_token';
|
|
2
3
|
const TIMESTAMP_HMAC_HEADER_DELIMITER = ':';
|
|
3
4
|
const TIMESTAMP_HMAC_HEADER_PARTS_COUNT = 2;
|
|
4
5
|
export class DefaultTimestampHmacHeaderValidator {
|
|
@@ -34,7 +35,17 @@ export class DefaultTimestampHmacHeaderValidator {
|
|
|
34
35
|
}
|
|
35
36
|
async isHmacValid(givenHmac, timestamp, logger) {
|
|
36
37
|
try {
|
|
37
|
-
|
|
38
|
+
if (typeof this.secret == 'string') {
|
|
39
|
+
return givenHmac === (await this.hmacUtils.createHmac(Algorithm.SHA256, timestamp, this.secret));
|
|
40
|
+
}
|
|
41
|
+
else {
|
|
42
|
+
for (let index = 0; index < COOKIE_SECRET_MAX_VALUES; index++) {
|
|
43
|
+
if (givenHmac === (await this.hmacUtils.createHmac(Algorithm.SHA256, timestamp, this.secret[index]))) {
|
|
44
|
+
return true;
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
return false;
|
|
48
|
+
}
|
|
38
49
|
}
|
|
39
50
|
catch (err) {
|
|
40
51
|
logger.debug(`caught error calculating timestamp:header hmac: ${err}`);
|
|
@@ -225,6 +225,7 @@ export declare const createAsyncActivity: <Req, Res>(activityType: ActivityType,
|
|
|
225
225
|
};
|
|
226
226
|
readonly uuid: string;
|
|
227
227
|
readonly vid?: string;
|
|
228
|
+
readonly usedCookieSecret?: string;
|
|
228
229
|
readonly vidSource?: import("../utils").VidSource;
|
|
229
230
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
230
231
|
readonly score?: number;
|
|
@@ -452,6 +453,7 @@ export declare const createAsyncActivity: <Req, Res>(activityType: ActivityType,
|
|
|
452
453
|
};
|
|
453
454
|
readonly uuid: string;
|
|
454
455
|
readonly vid?: string;
|
|
456
|
+
readonly usedCookieSecret?: string;
|
|
455
457
|
readonly vidSource?: import("../utils").VidSource;
|
|
456
458
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
457
459
|
readonly score?: number;
|
|
@@ -611,6 +613,7 @@ export declare const createAsyncActivity: <Req, Res>(activityType: ActivityType,
|
|
|
611
613
|
};
|
|
612
614
|
readonly uuid: string;
|
|
613
615
|
readonly vid?: string;
|
|
616
|
+
readonly usedCookieSecret?: string;
|
|
614
617
|
readonly vidSource?: import("../utils").VidSource;
|
|
615
618
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
616
619
|
readonly score?: number;
|
|
@@ -894,6 +897,7 @@ export declare const createActivityDetails: <Req, Res>(activityType: ActivityTyp
|
|
|
894
897
|
};
|
|
895
898
|
readonly uuid: string;
|
|
896
899
|
readonly vid?: string;
|
|
900
|
+
readonly usedCookieSecret?: string;
|
|
897
901
|
readonly vidSource?: import("../utils").VidSource;
|
|
898
902
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
899
903
|
readonly score?: number;
|
|
@@ -1121,6 +1125,7 @@ export declare const createActivityDetails: <Req, Res>(activityType: ActivityTyp
|
|
|
1121
1125
|
};
|
|
1122
1126
|
readonly uuid: string;
|
|
1123
1127
|
readonly vid?: string;
|
|
1128
|
+
readonly usedCookieSecret?: string;
|
|
1124
1129
|
readonly vidSource?: import("../utils").VidSource;
|
|
1125
1130
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
1126
1131
|
readonly score?: number;
|
|
@@ -1280,6 +1285,7 @@ export declare const createActivityDetails: <Req, Res>(activityType: ActivityTyp
|
|
|
1280
1285
|
};
|
|
1281
1286
|
readonly uuid: string;
|
|
1282
1287
|
readonly vid?: string;
|
|
1288
|
+
readonly usedCookieSecret?: string;
|
|
1283
1289
|
readonly vidSource?: import("../utils").VidSource;
|
|
1284
1290
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
1285
1291
|
readonly score?: number;
|
|
@@ -1563,6 +1569,7 @@ export declare const createAsyncActivityCommonDetails: <Req, Res>(context: {
|
|
|
1563
1569
|
};
|
|
1564
1570
|
readonly uuid: string;
|
|
1565
1571
|
readonly vid?: string;
|
|
1572
|
+
readonly usedCookieSecret?: string;
|
|
1566
1573
|
readonly vidSource?: import("../utils").VidSource;
|
|
1567
1574
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
1568
1575
|
readonly score?: number;
|
|
@@ -1790,6 +1797,7 @@ export declare const createAsyncActivityCommonDetails: <Req, Res>(context: {
|
|
|
1790
1797
|
};
|
|
1791
1798
|
readonly uuid: string;
|
|
1792
1799
|
readonly vid?: string;
|
|
1800
|
+
readonly usedCookieSecret?: string;
|
|
1793
1801
|
readonly vidSource?: import("../utils").VidSource;
|
|
1794
1802
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
1795
1803
|
readonly score?: number;
|
|
@@ -1949,6 +1957,7 @@ export declare const createAsyncActivityCommonDetails: <Req, Res>(context: {
|
|
|
1949
1957
|
};
|
|
1950
1958
|
readonly uuid: string;
|
|
1951
1959
|
readonly vid?: string;
|
|
1960
|
+
readonly usedCookieSecret?: string;
|
|
1952
1961
|
readonly vidSource?: import("../utils").VidSource;
|
|
1953
1962
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
1954
1963
|
readonly score?: number;
|
|
@@ -2232,6 +2241,7 @@ export declare const createCommonActivityDetails: <Req, Res>(config: IConfigurat
|
|
|
2232
2241
|
};
|
|
2233
2242
|
readonly uuid: string;
|
|
2234
2243
|
readonly vid?: string;
|
|
2244
|
+
readonly usedCookieSecret?: string;
|
|
2235
2245
|
readonly vidSource?: import("../utils").VidSource;
|
|
2236
2246
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
2237
2247
|
readonly score?: number;
|
|
@@ -2459,6 +2469,7 @@ export declare const createCommonActivityDetails: <Req, Res>(config: IConfigurat
|
|
|
2459
2469
|
};
|
|
2460
2470
|
readonly uuid: string;
|
|
2461
2471
|
readonly vid?: string;
|
|
2472
|
+
readonly usedCookieSecret?: string;
|
|
2462
2473
|
readonly vidSource?: import("../utils").VidSource;
|
|
2463
2474
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
2464
2475
|
readonly score?: number;
|
|
@@ -2618,6 +2629,7 @@ export declare const createCommonActivityDetails: <Req, Res>(config: IConfigurat
|
|
|
2618
2629
|
};
|
|
2619
2630
|
readonly uuid: string;
|
|
2620
2631
|
readonly vid?: string;
|
|
2632
|
+
readonly usedCookieSecret?: string;
|
|
2621
2633
|
readonly vidSource?: import("../utils").VidSource;
|
|
2622
2634
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
2623
2635
|
readonly score?: number;
|
|
@@ -2901,6 +2913,7 @@ export declare const addRootContextDataToDetails: <Req, Res>(details: CommonActi
|
|
|
2901
2913
|
};
|
|
2902
2914
|
readonly uuid: string;
|
|
2903
2915
|
readonly vid?: string;
|
|
2916
|
+
readonly usedCookieSecret?: string;
|
|
2904
2917
|
readonly vidSource?: import("../utils").VidSource;
|
|
2905
2918
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
2906
2919
|
readonly score?: number;
|
|
@@ -3128,6 +3141,7 @@ export declare const addRootContextDataToDetails: <Req, Res>(details: CommonActi
|
|
|
3128
3141
|
};
|
|
3129
3142
|
readonly uuid: string;
|
|
3130
3143
|
readonly vid?: string;
|
|
3144
|
+
readonly usedCookieSecret?: string;
|
|
3131
3145
|
readonly vidSource?: import("../utils").VidSource;
|
|
3132
3146
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
3133
3147
|
readonly score?: number;
|
|
@@ -3287,6 +3301,7 @@ export declare const addRootContextDataToDetails: <Req, Res>(details: CommonActi
|
|
|
3287
3301
|
};
|
|
3288
3302
|
readonly uuid: string;
|
|
3289
3303
|
readonly vid?: string;
|
|
3304
|
+
readonly usedCookieSecret?: string;
|
|
3290
3305
|
readonly vidSource?: import("../utils").VidSource;
|
|
3291
3306
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
3292
3307
|
readonly score?: number;
|
|
@@ -3352,6 +3367,7 @@ export declare const addRootContextDataToDetails: <Req, Res>(details: CommonActi
|
|
|
3352
3367
|
readonly isRemoteConfigUpdateRequest: boolean;
|
|
3353
3368
|
readonly enforcerStartTime?: number;
|
|
3354
3369
|
}) => void;
|
|
3370
|
+
export declare function redactCookieSecret(secret: string): string;
|
|
3355
3371
|
export declare const addConfigDataToDetails: <Req, Res>(details: CommonActivityDetails, config: IConfiguration<Req, Res, import("../config").ConfigurationParams<Req, Res>>) => void;
|
|
3356
3372
|
export declare const addCustomParametersToDetails: (details: CommonActivityDetails, customParameters: CustomParameters) => void;
|
|
3357
3373
|
export declare const addProductDataToDetails: (details: CommonActivityDetails, productData: DeepReadonly<ProductData>) => void;
|
|
@@ -3627,6 +3643,7 @@ export declare const addRiskApiDataToAsyncActivityCommonDetails: <Req, Res>(deta
|
|
|
3627
3643
|
};
|
|
3628
3644
|
readonly uuid: string;
|
|
3629
3645
|
readonly vid?: string;
|
|
3646
|
+
readonly usedCookieSecret?: string;
|
|
3630
3647
|
readonly vidSource?: import("../utils").VidSource;
|
|
3631
3648
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
3632
3649
|
readonly score?: number;
|
|
@@ -3854,6 +3871,7 @@ export declare const addRiskApiDataToAsyncActivityCommonDetails: <Req, Res>(deta
|
|
|
3854
3871
|
};
|
|
3855
3872
|
readonly uuid: string;
|
|
3856
3873
|
readonly vid?: string;
|
|
3874
|
+
readonly usedCookieSecret?: string;
|
|
3857
3875
|
readonly vidSource?: import("../utils").VidSource;
|
|
3858
3876
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
3859
3877
|
readonly score?: number;
|
|
@@ -4013,6 +4031,7 @@ export declare const addRiskApiDataToAsyncActivityCommonDetails: <Req, Res>(deta
|
|
|
4013
4031
|
};
|
|
4014
4032
|
readonly uuid: string;
|
|
4015
4033
|
readonly vid?: string;
|
|
4034
|
+
readonly usedCookieSecret?: string;
|
|
4016
4035
|
readonly vidSource?: import("../utils").VidSource;
|
|
4017
4036
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
4018
4037
|
readonly score?: number;
|
|
@@ -4296,6 +4315,7 @@ export declare const addResponseDataToAsyncActivityCommonDetails: <Req, Res>(det
|
|
|
4296
4315
|
};
|
|
4297
4316
|
readonly uuid: string;
|
|
4298
4317
|
readonly vid?: string;
|
|
4318
|
+
readonly usedCookieSecret?: string;
|
|
4299
4319
|
readonly vidSource?: import("../utils").VidSource;
|
|
4300
4320
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
4301
4321
|
readonly score?: number;
|
|
@@ -4523,6 +4543,7 @@ export declare const addResponseDataToAsyncActivityCommonDetails: <Req, Res>(det
|
|
|
4523
4543
|
};
|
|
4524
4544
|
readonly uuid: string;
|
|
4525
4545
|
readonly vid?: string;
|
|
4546
|
+
readonly usedCookieSecret?: string;
|
|
4526
4547
|
readonly vidSource?: import("../utils").VidSource;
|
|
4527
4548
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
4528
4549
|
readonly score?: number;
|
|
@@ -4682,6 +4703,7 @@ export declare const addResponseDataToAsyncActivityCommonDetails: <Req, Res>(det
|
|
|
4682
4703
|
};
|
|
4683
4704
|
readonly uuid: string;
|
|
4684
4705
|
readonly vid?: string;
|
|
4706
|
+
readonly usedCookieSecret?: string;
|
|
4685
4707
|
readonly vidSource?: import("../utils").VidSource;
|
|
4686
4708
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
4687
4709
|
readonly score?: number;
|
|
@@ -4965,6 +4987,7 @@ export declare const createPageRequestedActivityDetails: <Req, Res>(context: {
|
|
|
4965
4987
|
};
|
|
4966
4988
|
readonly uuid: string;
|
|
4967
4989
|
readonly vid?: string;
|
|
4990
|
+
readonly usedCookieSecret?: string;
|
|
4968
4991
|
readonly vidSource?: import("../utils").VidSource;
|
|
4969
4992
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
4970
4993
|
readonly score?: number;
|
|
@@ -5192,6 +5215,7 @@ export declare const createPageRequestedActivityDetails: <Req, Res>(context: {
|
|
|
5192
5215
|
};
|
|
5193
5216
|
readonly uuid: string;
|
|
5194
5217
|
readonly vid?: string;
|
|
5218
|
+
readonly usedCookieSecret?: string;
|
|
5195
5219
|
readonly vidSource?: import("../utils").VidSource;
|
|
5196
5220
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
5197
5221
|
readonly score?: number;
|
|
@@ -5351,6 +5375,7 @@ export declare const createPageRequestedActivityDetails: <Req, Res>(context: {
|
|
|
5351
5375
|
};
|
|
5352
5376
|
readonly uuid: string;
|
|
5353
5377
|
readonly vid?: string;
|
|
5378
|
+
readonly usedCookieSecret?: string;
|
|
5354
5379
|
readonly vidSource?: import("../utils").VidSource;
|
|
5355
5380
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
5356
5381
|
readonly score?: number;
|
|
@@ -5634,6 +5659,7 @@ export declare const createBlockActivityDetails: <Req, Res>(context: {
|
|
|
5634
5659
|
};
|
|
5635
5660
|
readonly uuid: string;
|
|
5636
5661
|
readonly vid?: string;
|
|
5662
|
+
readonly usedCookieSecret?: string;
|
|
5637
5663
|
readonly vidSource?: import("../utils").VidSource;
|
|
5638
5664
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
5639
5665
|
readonly score?: number;
|
|
@@ -5861,6 +5887,7 @@ export declare const createBlockActivityDetails: <Req, Res>(context: {
|
|
|
5861
5887
|
};
|
|
5862
5888
|
readonly uuid: string;
|
|
5863
5889
|
readonly vid?: string;
|
|
5890
|
+
readonly usedCookieSecret?: string;
|
|
5864
5891
|
readonly vidSource?: import("../utils").VidSource;
|
|
5865
5892
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
5866
5893
|
readonly score?: number;
|
|
@@ -6020,6 +6047,7 @@ export declare const createBlockActivityDetails: <Req, Res>(context: {
|
|
|
6020
6047
|
};
|
|
6021
6048
|
readonly uuid: string;
|
|
6022
6049
|
readonly vid?: string;
|
|
6050
|
+
readonly usedCookieSecret?: string;
|
|
6023
6051
|
readonly vidSource?: import("../utils").VidSource;
|
|
6024
6052
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
6025
6053
|
readonly score?: number;
|
|
@@ -6303,6 +6331,7 @@ export declare const createAdditionalS2SActivityDetails: <Req, Res>({ ciSendRawU
|
|
|
6303
6331
|
};
|
|
6304
6332
|
readonly uuid: string;
|
|
6305
6333
|
readonly vid?: string;
|
|
6334
|
+
readonly usedCookieSecret?: string;
|
|
6306
6335
|
readonly vidSource?: import("../utils").VidSource;
|
|
6307
6336
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
6308
6337
|
readonly score?: number;
|
|
@@ -6530,6 +6559,7 @@ export declare const createAdditionalS2SActivityDetails: <Req, Res>({ ciSendRawU
|
|
|
6530
6559
|
};
|
|
6531
6560
|
readonly uuid: string;
|
|
6532
6561
|
readonly vid?: string;
|
|
6562
|
+
readonly usedCookieSecret?: string;
|
|
6533
6563
|
readonly vidSource?: import("../utils").VidSource;
|
|
6534
6564
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
6535
6565
|
readonly score?: number;
|
|
@@ -6689,6 +6719,7 @@ export declare const createAdditionalS2SActivityDetails: <Req, Res>({ ciSendRawU
|
|
|
6689
6719
|
};
|
|
6690
6720
|
readonly uuid: string;
|
|
6691
6721
|
readonly vid?: string;
|
|
6722
|
+
readonly usedCookieSecret?: string;
|
|
6692
6723
|
readonly vidSource?: import("../utils").VidSource;
|
|
6693
6724
|
readonly tokenOrigin: import("../risk_token").TokenOrigin;
|
|
6694
6725
|
readonly score?: number;
|
|
@@ -221,6 +221,7 @@ export declare const createBlockData: <Req, Res>(config: IConfiguration<Req, Res
|
|
|
221
221
|
};
|
|
222
222
|
readonly uuid: string;
|
|
223
223
|
readonly vid?: string;
|
|
224
|
+
readonly usedCookieSecret?: string;
|
|
224
225
|
readonly vidSource?: import("../utils").VidSource;
|
|
225
226
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
226
227
|
readonly score?: number;
|
|
@@ -448,6 +449,7 @@ export declare const createBlockData: <Req, Res>(config: IConfiguration<Req, Res
|
|
|
448
449
|
};
|
|
449
450
|
readonly uuid: string;
|
|
450
451
|
readonly vid?: string;
|
|
452
|
+
readonly usedCookieSecret?: string;
|
|
451
453
|
readonly vidSource?: import("../utils").VidSource;
|
|
452
454
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
453
455
|
readonly score?: number;
|
|
@@ -607,6 +609,7 @@ export declare const createBlockData: <Req, Res>(config: IConfiguration<Req, Res
|
|
|
607
609
|
};
|
|
608
610
|
readonly uuid: string;
|
|
609
611
|
readonly vid?: string;
|
|
612
|
+
readonly usedCookieSecret?: string;
|
|
610
613
|
readonly vidSource?: import("../utils").VidSource;
|
|
611
614
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
612
615
|
readonly score?: number;
|
|
@@ -32,7 +32,7 @@ export declare abstract class ConfigurationBase<Req, Res, ParamsType extends Con
|
|
|
32
32
|
get authToken(): string;
|
|
33
33
|
get blockingScore(): number;
|
|
34
34
|
get bypassMonitorHeader(): string;
|
|
35
|
-
get cookieSecret(): string;
|
|
35
|
+
get cookieSecret(): string[];
|
|
36
36
|
get customCookieHeader(): string;
|
|
37
37
|
get customLogo(): string;
|
|
38
38
|
get enforcedRoutes(): Array<string | RegExp>;
|
|
@@ -112,4 +112,5 @@ export declare abstract class ConfigurationBase<Req, Res, ParamsType extends Con
|
|
|
112
112
|
get remoteConfigMaxFetchAttempts(): number;
|
|
113
113
|
get urlDecodeReservedCharacters(): boolean;
|
|
114
114
|
get securedPxhdEnabled(): boolean;
|
|
115
|
+
get enableBlockedUrlOnCaptchaBlockPage(): boolean;
|
|
115
116
|
}
|
|
@@ -15,7 +15,7 @@ export interface IConfiguration<Req, Res, ParamsType extends ConfigurationParams
|
|
|
15
15
|
/**
|
|
16
16
|
* The cookie secret used to decrypt the risk cookie.
|
|
17
17
|
*/
|
|
18
|
-
readonly cookieSecret: string;
|
|
18
|
+
readonly cookieSecret: string[];
|
|
19
19
|
/**
|
|
20
20
|
* The token used to authenticate with the Human/PerimeterX backend.
|
|
21
21
|
*/
|
|
@@ -369,6 +369,10 @@ export interface IConfiguration<Req, Res, ParamsType extends ConfigurationParams
|
|
|
369
369
|
* Whether to add the Secure attribute when setting the PXHD cookie.
|
|
370
370
|
*/
|
|
371
371
|
readonly securedPxhdEnabled: boolean;
|
|
372
|
+
/**
|
|
373
|
+
* Whether to include the request url in captcha block page
|
|
374
|
+
*/
|
|
375
|
+
readonly enableBlockedUrlOnCaptchaBlockPage: boolean;
|
|
372
376
|
/**
|
|
373
377
|
* Returns an object representation of the current configuration.
|
|
374
378
|
*/
|
|
@@ -43,6 +43,7 @@ export declare class DefaultContext<Req, Res> implements IContext<Req, Res> {
|
|
|
43
43
|
response?: IOutgoingResponse<Res>;
|
|
44
44
|
enforcerStartTime?: number;
|
|
45
45
|
logger: ILogger;
|
|
46
|
+
usedCookieSecret?: string;
|
|
46
47
|
protected readonly config: IConfiguration<Req, Res>;
|
|
47
48
|
protected readonly urlUtils: IUrlUtils;
|
|
48
49
|
constructor(config: IConfiguration<Req, Res>, request: IIncomingRequest<Req>, options: DefaultContextOptions);
|
|
@@ -59,6 +59,10 @@ export interface IContext<Req, Res> {
|
|
|
59
59
|
* The visitor ID, unique to the end-user.
|
|
60
60
|
*/
|
|
61
61
|
vid?: string;
|
|
62
|
+
/**
|
|
63
|
+
* The secret used to decrypt the risk cookie.
|
|
64
|
+
*/
|
|
65
|
+
usedCookieSecret?: string;
|
|
62
66
|
/**
|
|
63
67
|
* A string representing where the visitor ID was obtained.
|
|
64
68
|
*/
|
|
@@ -221,6 +221,7 @@ export declare namespace MonitoredRequestUtils {
|
|
|
221
221
|
};
|
|
222
222
|
readonly uuid: string;
|
|
223
223
|
readonly vid?: string;
|
|
224
|
+
readonly usedCookieSecret?: string;
|
|
224
225
|
readonly vidSource?: import("../utils").VidSource;
|
|
225
226
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
226
227
|
readonly score?: number;
|
|
@@ -448,6 +449,7 @@ export declare namespace MonitoredRequestUtils {
|
|
|
448
449
|
};
|
|
449
450
|
readonly uuid: string;
|
|
450
451
|
readonly vid?: string;
|
|
452
|
+
readonly usedCookieSecret?: string;
|
|
451
453
|
readonly vidSource?: import("../utils").VidSource;
|
|
452
454
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
453
455
|
readonly score?: number;
|
|
@@ -607,6 +609,7 @@ export declare namespace MonitoredRequestUtils {
|
|
|
607
609
|
};
|
|
608
610
|
readonly uuid: string;
|
|
609
611
|
readonly vid?: string;
|
|
612
|
+
readonly usedCookieSecret?: string;
|
|
610
613
|
readonly vidSource?: import("../utils").VidSource;
|
|
611
614
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
612
615
|
readonly score?: number;
|
|
@@ -892,6 +895,7 @@ export declare namespace MonitoredRequestUtils {
|
|
|
892
895
|
};
|
|
893
896
|
readonly uuid: string;
|
|
894
897
|
readonly vid?: string;
|
|
898
|
+
readonly usedCookieSecret?: string;
|
|
895
899
|
readonly vidSource?: import("../utils").VidSource;
|
|
896
900
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
897
901
|
readonly score?: number;
|
|
@@ -1119,6 +1123,7 @@ export declare namespace MonitoredRequestUtils {
|
|
|
1119
1123
|
};
|
|
1120
1124
|
readonly uuid: string;
|
|
1121
1125
|
readonly vid?: string;
|
|
1126
|
+
readonly usedCookieSecret?: string;
|
|
1122
1127
|
readonly vidSource?: import("../utils").VidSource;
|
|
1123
1128
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
1124
1129
|
readonly score?: number;
|
|
@@ -1278,6 +1283,7 @@ export declare namespace MonitoredRequestUtils {
|
|
|
1278
1283
|
};
|
|
1279
1284
|
readonly uuid: string;
|
|
1280
1285
|
readonly vid?: string;
|
|
1286
|
+
readonly usedCookieSecret?: string;
|
|
1281
1287
|
readonly vidSource?: import("../utils").VidSource;
|
|
1282
1288
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
1283
1289
|
readonly score?: number;
|
|
@@ -1561,6 +1567,7 @@ export declare namespace MonitoredRequestUtils {
|
|
|
1561
1567
|
};
|
|
1562
1568
|
readonly uuid: string;
|
|
1563
1569
|
readonly vid?: string;
|
|
1570
|
+
readonly usedCookieSecret?: string;
|
|
1564
1571
|
readonly vidSource?: import("../utils").VidSource;
|
|
1565
1572
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
1566
1573
|
readonly score?: number;
|
|
@@ -1788,6 +1795,7 @@ export declare namespace MonitoredRequestUtils {
|
|
|
1788
1795
|
};
|
|
1789
1796
|
readonly uuid: string;
|
|
1790
1797
|
readonly vid?: string;
|
|
1798
|
+
readonly usedCookieSecret?: string;
|
|
1791
1799
|
readonly vidSource?: import("../utils").VidSource;
|
|
1792
1800
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
1793
1801
|
readonly score?: number;
|
|
@@ -1947,6 +1955,7 @@ export declare namespace MonitoredRequestUtils {
|
|
|
1947
1955
|
};
|
|
1948
1956
|
readonly uuid: string;
|
|
1949
1957
|
readonly vid?: string;
|
|
1958
|
+
readonly usedCookieSecret?: string;
|
|
1950
1959
|
readonly vidSource?: import("../utils").VidSource;
|
|
1951
1960
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
1952
1961
|
readonly score?: number;
|
|
@@ -223,6 +223,7 @@ export declare namespace PXHDUtils {
|
|
|
223
223
|
};
|
|
224
224
|
readonly uuid: string;
|
|
225
225
|
readonly vid?: string;
|
|
226
|
+
readonly usedCookieSecret?: string;
|
|
226
227
|
readonly vidSource?: import("../utils").VidSource;
|
|
227
228
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
228
229
|
readonly score?: number;
|
|
@@ -450,6 +451,7 @@ export declare namespace PXHDUtils {
|
|
|
450
451
|
};
|
|
451
452
|
readonly uuid: string;
|
|
452
453
|
readonly vid?: string;
|
|
454
|
+
readonly usedCookieSecret?: string;
|
|
453
455
|
readonly vidSource?: import("../utils").VidSource;
|
|
454
456
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
455
457
|
readonly score?: number;
|
|
@@ -609,6 +611,7 @@ export declare namespace PXHDUtils {
|
|
|
609
611
|
};
|
|
610
612
|
readonly uuid: string;
|
|
611
613
|
readonly vid?: string;
|
|
614
|
+
readonly usedCookieSecret?: string;
|
|
612
615
|
readonly vidSource?: import("../utils").VidSource;
|
|
613
616
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
614
617
|
readonly score?: number;
|
|
@@ -892,6 +895,7 @@ export declare namespace PXHDUtils {
|
|
|
892
895
|
};
|
|
893
896
|
readonly uuid: string;
|
|
894
897
|
readonly vid?: string;
|
|
898
|
+
readonly usedCookieSecret?: string;
|
|
895
899
|
readonly vidSource?: import("../utils").VidSource;
|
|
896
900
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
897
901
|
readonly score?: number;
|
|
@@ -1119,6 +1123,7 @@ export declare namespace PXHDUtils {
|
|
|
1119
1123
|
};
|
|
1120
1124
|
readonly uuid: string;
|
|
1121
1125
|
readonly vid?: string;
|
|
1126
|
+
readonly usedCookieSecret?: string;
|
|
1122
1127
|
readonly vidSource?: import("../utils").VidSource;
|
|
1123
1128
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
1124
1129
|
readonly score?: number;
|
|
@@ -1278,6 +1283,7 @@ export declare namespace PXHDUtils {
|
|
|
1278
1283
|
};
|
|
1279
1284
|
readonly uuid: string;
|
|
1280
1285
|
readonly vid?: string;
|
|
1286
|
+
readonly usedCookieSecret?: string;
|
|
1281
1287
|
readonly vidSource?: import("../utils").VidSource;
|
|
1282
1288
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
1283
1289
|
readonly score?: number;
|
|
@@ -6,7 +6,7 @@ import { BlockAction } from '../../blocker';
|
|
|
6
6
|
import { IConfiguration } from '../../config';
|
|
7
7
|
import { TokenPayloadType } from './TokenPayloadType';
|
|
8
8
|
import { TokenVersion } from '../TokenVersion';
|
|
9
|
-
import { TokenJson } from './serialize
|
|
9
|
+
import { TokenJson } from './serialize';
|
|
10
10
|
export declare abstract class TokenBase<TokenV extends TokenVersion, Req, Res> implements IToken<Req, Res> {
|
|
11
11
|
abstract readonly action: BlockAction;
|
|
12
12
|
abstract readonly hmac: string;
|
|
@@ -22,7 +22,7 @@ export declare abstract class TokenBase<TokenV extends TokenVersion, Req, Res> i
|
|
|
22
22
|
protected readonly config: IConfiguration<Req, Res>;
|
|
23
23
|
protected payload: TokenPayloadType<TokenV>;
|
|
24
24
|
protected cookieString: string;
|
|
25
|
-
protected cookieSecret: string;
|
|
25
|
+
protected cookieSecret: string[];
|
|
26
26
|
protected cookieMaxLength: number;
|
|
27
27
|
isValidated: boolean;
|
|
28
28
|
protected constructor(config: IConfiguration<Req, Res>, cookieString: string, isValidated?: boolean, payload?: TokenPayloadType<TokenV>);
|
|
@@ -15,6 +15,7 @@ export declare class SerializedToken<Req, Res> implements IToken<Res, Res> {
|
|
|
15
15
|
readonly tokenString: string;
|
|
16
16
|
readonly uuid: string;
|
|
17
17
|
readonly vid: string;
|
|
18
|
+
readonly usedCookieSecret: string;
|
|
18
19
|
protected readonly blockingScore: number;
|
|
19
20
|
constructor(config: IConfiguration<Req, Res>, serializedToken: TokenJson);
|
|
20
21
|
isExpired(): boolean;
|
|
@@ -13,9 +13,10 @@ export declare class DefaultTokenV3<Req, Res> extends TokenBase<TokenVersion.V3,
|
|
|
13
13
|
protected readonly cipherUtils: ICipherUtils;
|
|
14
14
|
protected readonly hmacUtils: IHmacUtils;
|
|
15
15
|
protected hash: string;
|
|
16
|
+
protected usedCookieSecret: string;
|
|
16
17
|
constructor(config: IConfiguration<Req, Res>, cookieString: string, cipherUtils: ICipherUtils, hmacUtils: IHmacUtils, isValidated?: boolean, payload?: TokenV3Payload);
|
|
17
18
|
protected decrypt(context: ReadonlyContext<Req, Res>): Promise<TokenV3Payload>;
|
|
18
|
-
protected decryptPayload(encryptedCookie: string, salt: string, iterations: number, context: ReadonlyContext<Req, Res>): Promise<TokenV3Payload>;
|
|
19
|
+
protected decryptPayload(encryptedCookie: string, salt: string, iterations: number, secret: string, context: ReadonlyContext<Req, Res>): Promise<TokenV3Payload>;
|
|
19
20
|
protected validate(context: ReadonlyContext<Req, Res>): Promise<boolean>;
|
|
20
21
|
protected getSignedWithFields(context: ReadonlyContext<Req, Res>): string[];
|
|
21
22
|
protected getSignedWithField(char: TokenSignField, { requestData }: ReadonlyContext<Req, Res>): string;
|
|
@@ -222,6 +222,7 @@ export declare namespace SensitiveRequestUtils {
|
|
|
222
222
|
};
|
|
223
223
|
readonly uuid: string;
|
|
224
224
|
readonly vid?: string;
|
|
225
|
+
readonly usedCookieSecret?: string;
|
|
225
226
|
readonly vidSource?: import("../utils").VidSource;
|
|
226
227
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
227
228
|
readonly score?: number;
|
|
@@ -449,6 +450,7 @@ export declare namespace SensitiveRequestUtils {
|
|
|
449
450
|
};
|
|
450
451
|
readonly uuid: string;
|
|
451
452
|
readonly vid?: string;
|
|
453
|
+
readonly usedCookieSecret?: string;
|
|
452
454
|
readonly vidSource?: import("../utils").VidSource;
|
|
453
455
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
454
456
|
readonly score?: number;
|
|
@@ -608,6 +610,7 @@ export declare namespace SensitiveRequestUtils {
|
|
|
608
610
|
};
|
|
609
611
|
readonly uuid: string;
|
|
610
612
|
readonly vid?: string;
|
|
613
|
+
readonly usedCookieSecret?: string;
|
|
611
614
|
readonly vidSource?: import("../utils").VidSource;
|
|
612
615
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
613
616
|
readonly score?: number;
|
|
@@ -893,6 +896,7 @@ export declare namespace SensitiveRequestUtils {
|
|
|
893
896
|
};
|
|
894
897
|
readonly uuid: string;
|
|
895
898
|
readonly vid?: string;
|
|
899
|
+
readonly usedCookieSecret?: string;
|
|
896
900
|
readonly vidSource?: import("../utils").VidSource;
|
|
897
901
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
898
902
|
readonly score?: number;
|
|
@@ -1120,6 +1124,7 @@ export declare namespace SensitiveRequestUtils {
|
|
|
1120
1124
|
};
|
|
1121
1125
|
readonly uuid: string;
|
|
1122
1126
|
readonly vid?: string;
|
|
1127
|
+
readonly usedCookieSecret?: string;
|
|
1123
1128
|
readonly vidSource?: import("../utils").VidSource;
|
|
1124
1129
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
1125
1130
|
readonly score?: number;
|
|
@@ -1279,6 +1284,7 @@ export declare namespace SensitiveRequestUtils {
|
|
|
1279
1284
|
};
|
|
1280
1285
|
readonly uuid: string;
|
|
1281
1286
|
readonly vid?: string;
|
|
1287
|
+
readonly usedCookieSecret?: string;
|
|
1282
1288
|
readonly vidSource?: import("../utils").VidSource;
|
|
1283
1289
|
readonly tokenOrigin: import("..").TokenOrigin;
|
|
1284
1290
|
readonly score?: number;
|
|
@@ -11,4 +11,4 @@ export declare const PUSH_DATA_FEATURE_HEADER_NAME = "x-px-feature";
|
|
|
11
11
|
export declare const EMAIL_ADDRESS_REGEX: RegExp;
|
|
12
12
|
export declare const URL_REGEX: RegExp;
|
|
13
13
|
export declare const REGEX_STRUCTURE: RegExp;
|
|
14
|
-
export declare const CORE_MODULE_VERSION = "JS Core 0.21.
|
|
14
|
+
export declare const CORE_MODULE_VERSION = "JS Core 0.21.5";
|
package/lib/types/utils/timestamp_hmac_header_validator/DefaultTimestampHmacHeaderValidator.d.ts
CHANGED
|
@@ -5,10 +5,10 @@ import { IHmacUtils } from '../hmac';
|
|
|
5
5
|
import { ITimestampHmacHeaderValidator } from './ITimestampHmacHeaderValidator';
|
|
6
6
|
export declare class DefaultTimestampHmacHeaderValidator<Req, Res> implements ITimestampHmacHeaderValidator {
|
|
7
7
|
protected readonly config: IConfiguration<Req, Res>;
|
|
8
|
-
protected readonly secret: string;
|
|
8
|
+
protected readonly secret: string[] | string;
|
|
9
9
|
protected readonly base64Utils: IBase64Utils;
|
|
10
10
|
protected readonly hmacUtils: IHmacUtils;
|
|
11
|
-
constructor(config: IConfiguration<Req, Res>, secret: string, base64Utils: IBase64Utils, hmacUtils: IHmacUtils);
|
|
11
|
+
constructor(config: IConfiguration<Req, Res>, secret: string[] | string, base64Utils: IBase64Utils, hmacUtils: IHmacUtils);
|
|
12
12
|
isValid(headerValue: string, logger: ILogger): Promise<boolean>;
|
|
13
13
|
protected isHmacValid(givenHmac: string, timestamp: string, logger: ILogger): Promise<boolean>;
|
|
14
14
|
}
|