perimeterx-js-core 0.24.4 → 0.25.0

package/lib/cjs/enforcer/utils.js

@@ -11,7 +11,7 @@ var __assign = (this && this.__assign) || function () {
     return __assign.apply(this, arguments);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createEnforcerProducts = exports.createEnforcerInitializationBlock = void 0;
+exports.createRemoteConfigClients = exports.createEnforcerProducts = exports.createEnforcerInitializationBlock = void 0;
 var risk_token_1 = require("../risk_token/index.js");
 var config_1 = require("../config/index.js");
 var cors_1 = require("../cors/index.js");
@@ -25,14 +25,14 @@ var products_1 = require("../products/index.js");
 var utils_1 = require("../utils/index.js");
 var snippet_injection_1 = require("../snippet_injection/index.js");
 var createEnforcerInitializationBlock = function (config, options) {
-    var _a, _b, _c;
+    var _a, _b;
     var tokenVersion = config.tokenVersion;
     if (!(0, utils_1.isValidTokenVersion)(tokenVersion)) {
         throw new utils_1.EnforcerError("error initializing enforcer: token version ".concat(tokenVersion, " is invalid (must be one of ").concat(Object.values(risk_token_1.TokenVersion)
             .map(function (v) { return "\"".concat(v, "\""); })
             .join(', '), ")"));
     }
-    var cipherUtils = tokenVersion === risk_token_1.TokenVersion.V2 ? null : (_a = options.cipherUtils) !== null && _a !== void 0 ? _a : null;
+    var cipherUtils = tokenVersion === risk_token_1.TokenVersion.V2 ? null : ((_a = options.cipherUtils) !== null && _a !== void 0 ? _a : null);
     if (tokenVersion === risk_token_1.TokenVersion.V3 && !cipherUtils) {
         throw new utils_1.EnforcerError('error initializing enforcer: token v3 requires cipherUtils');
     }
@@ -54,42 +54,10 @@ var createEnforcerInitializationBlock = function (config, options) {
             ? new activities_1.HttpBatchedActivityClient(config, httpClient)
             : new activities_1.HttpActivityClient(config, httpClient));
     var logServiceClient = options.logServiceClient || (config.loggerAuthToken ? new logger_1.HttpLogServiceClient(config, httpClient) : null);
-    var remoteConfigStorageClient = (_b = options.remoteConfigStorageClient) !== null && _b !== void 0 ? _b : null;
-    var remoteConfigServiceClient = options.remoteConfigServiceClient ||
-        (config.remoteConfigAuthToken ? new config_1.HttpRemoteConfigServiceClient(config, httpClient) : null);
-    var remoteConfigUpdater = options.remoteConfigUpdater ||
-        (remoteConfigStorageClient && remoteConfigServiceClient
-            ? new config_1.DefaultRemoteConfigUpdater(config, {
-                serviceClient: remoteConfigServiceClient,
-                storageClient: remoteConfigStorageClient,
-                base64Utils: base64Utils,
-                hmacUtils: hmacUtils,
-            })
-            : null);
-    var snippetInjector = (_c = options.snippetInjector) !== null && _c !== void 0 ? _c : null;
+    var snippetInjector = (_b = options.snippetInjector) !== null && _b !== void 0 ? _b : null;
     var snippetRetriever = options.snippetRetriever || (snippetInjector ? new snippet_injection_1.DefaultSnippetRetriever(config) : null);
-    var allOptions = {
-        httpClient: httpClient,
-        base64Utils: base64Utils,
-        hmacUtils: hmacUtils,
-        hashUtils: hashUtils,
-        urlUtils: urlUtils,
-        ipRangeChecker: ipRangeChecker,
-        cipherUtils: cipherUtils,
-        cors: cors,
-        telemetry: telemetry,
-        dataEnrichment: dataEnrichment,
-        graphQLParser: graphQLParser,
-        tokenParser: tokenParser,
-        riskApiClient: riskApiClient,
-        activityClient: activityClient,
-        logServiceClient: logServiceClient,
-        remoteConfigStorageClient: remoteConfigStorageClient,
-        remoteConfigServiceClient: remoteConfigServiceClient,
-        remoteConfigUpdater: remoteConfigUpdater,
-        snippetInjector: snippetInjector,
-        snippetRetriever: snippetRetriever,
-    };
+    var remoteConfigClients = (0, exports.createRemoteConfigClients)(config, options);
+    var allOptions = __assign({ httpClient: httpClient, base64Utils: base64Utils, hmacUtils: hmacUtils, hashUtils: hashUtils, urlUtils: urlUtils, ipRangeChecker: ipRangeChecker, cipherUtils: cipherUtils, cors: cors, telemetry: telemetry, dataEnrichment: dataEnrichment, graphQLParser: graphQLParser, tokenParser: tokenParser, riskApiClient: riskApiClient, activityClient: activityClient, logServiceClient: logServiceClient, snippetInjector: snippetInjector, snippetRetriever: snippetRetriever }, remoteConfigClients);
     var products = (0, exports.createEnforcerProducts)(config, options.products, base64Utils, hashUtils, urlUtils, ipRangeChecker);
     return __assign({ products: products }, allOptions);
 };
@@ -111,3 +79,31 @@ var createEnforcerProducts = function (config, products, base64Utils, hashUtils,
         _a;
 };
 exports.createEnforcerProducts = createEnforcerProducts;
+var createRemoteConfigClients = function (config, options) {
+    var _a, _b, _c, _d;
+    var remoteConfigStorageClient = (_a = options.remoteConfigStorageClient) !== null && _a !== void 0 ? _a : null;
+    var remoteConfigServiceClient = null;
+    var remoteConfigManager = null;
+    var remoteConfigUpdateParser = null;
+    if (remoteConfigStorageClient) {
+        remoteConfigServiceClient =
+            (_b = options.remoteConfigServiceClient) !== null && _b !== void 0 ? _b : new config_1.HttpRemoteConfigServiceClient(config, options.httpClient);
+        remoteConfigManager =
+            (_c = options.remoteConfigManager) !== null && _c !== void 0 ? _c : new config_1.DefaultRemoteConfigManager(config, {
+                serviceClient: remoteConfigServiceClient,
+                storageClient: remoteConfigStorageClient,
+            });
+        remoteConfigUpdateParser =
+            (_d = options.remoteConfigUpdateParser) !== null && _d !== void 0 ? _d : new config_1.DefaultNotifyRemoteConfigUpdateParser(config, {
+                base64Utils: options.base64Utils,
+                hmacUtils: options.hmacUtils,
+            });
+    }
+    return {
+        remoteConfigServiceClient: remoteConfigServiceClient,
+        remoteConfigManager: remoteConfigManager,
+        remoteConfigUpdateParser: remoteConfigUpdateParser,
+        remoteConfigStorageClient: remoteConfigStorageClient,
+    };
+};
+exports.createRemoteConfigClients = createRemoteConfigClients;

package/lib/cjs/phase/flow/EndEnforcerFlow.js

@@ -17,16 +17,18 @@ var __extends = (this && this.__extends) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.EndEnforcerFlow = void 0;
 var impl_1 = require("../impl/index.js");
-var impl_2 = require("../impl/index.js");
 var EndEnforcerFlow = /** @class */ (function (_super) {
     __extends(EndEnforcerFlow, _super);
     function EndEnforcerFlow(config, _a) {
-        var logServiceClient = _a.logServiceClient, telemetry = _a.telemetry;
-        var phases = [new impl_2.SendTelemetryActivityPhase(telemetry)];
+        var logServiceClient = _a.logServiceClient, telemetry = _a.telemetry, remoteConfigManager = _a.remoteConfigManager;
+        var phases = [new impl_1.SendTelemetryActivityPhase(telemetry)];
+        if (remoteConfigManager) {
+            phases.push(new impl_1.UpdateRemoteConfigPhase(config, remoteConfigManager));
+        }
         if (logServiceClient) {
             phases.push(new impl_1.SendLogsPhase(config, logServiceClient));
         }
-        phases.push(new impl_2.ClearLogsPhase());
+        phases.push(new impl_1.ClearLogsPhase());
         return _super.call(this, phases) || this;
     }
     return EndEnforcerFlow;

package/lib/cjs/phase/flow/FilterFlow.js

@@ -22,7 +22,7 @@ var impl_1 = require("../impl/index.js");
 var FilterFlow = /** @class */ (function (_super) {
     __extends(FilterFlow, _super);
     function FilterFlow(config, _a) {
-        var httpClient = _a.httpClient, products = _a.products, cors = _a.cors, telemetry = _a.telemetry, remoteConfigUpdater = _a.remoteConfigUpdater;
+        var httpClient = _a.httpClient, products = _a.products, cors = _a.cors, telemetry = _a.telemetry, remoteConfigUpdateParser = _a.remoteConfigUpdateParser;
         var phases = [];
         var firstPartyProducts = FilterFlow.getFirstPartyProducts(products);
         if ((firstPartyProducts === null || firstPartyProducts === void 0 ? void 0 : firstPartyProducts.length) > 0) {
@@ -34,9 +34,8 @@ var FilterFlow = /** @class */ (function (_super) {
         }
         phases.push(new impl_1.PreflightPhase(config, cors));
         phases.push(new impl_1.IdentifyTelemetryRequestPhase(telemetry));
-        if (remoteConfigUpdater) {
-            var updateRemoteConfigPhase = new impl_1.UpdateRemoteConfigPhase(config, remoteConfigUpdater);
-            phases.push(updateRemoteConfigPhase);
+        if (remoteConfigUpdateParser) {
+            phases.push(new impl_1.IdentifyRemoteConfigNotifyRequestPhase(remoteConfigUpdateParser));
         }
         return _super.call(this, phases) || this;
     }

package/lib/cjs/phase/impl/IdentifyRemoteConfigNotifyRequestPhase.js

@@ -0,0 +1,75 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IdentifyRemoteConfigNotifyRequestPhase = void 0;
+var http_1 = require("../../http/index.js");
+var IdentifyRemoteConfigNotifyRequestPhase = /** @class */ (function () {
+    function IdentifyRemoteConfigNotifyRequestPhase(remoteConfigUpdateParser) {
+        this.remoteConfigUpdateParser = remoteConfigUpdateParser;
+    }
+    IdentifyRemoteConfigNotifyRequestPhase.prototype.execute = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var _a, shouldUpdate, desiredVersion;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, this.remoteConfigUpdateParser.isUpdateRequest(context)];
+                    case 1:
+                        if (!(_b.sent())) {
+                            return [2 /*return*/, { done: false }];
+                        }
+                        context.shouldSendLogs = true;
+                        return [4 /*yield*/, this.remoteConfigUpdateParser.parseUpdate(context)];
+                    case 2:
+                        _a = _b.sent(), shouldUpdate = _a.shouldUpdate, desiredVersion = _a.desiredVersion;
+                        context.remoteConfigUpdateData.shouldUpdate = shouldUpdate;
+                        context.remoteConfigUpdateData.desiredVersion = desiredVersion;
+                        return [2 /*return*/, {
+                                done: true,
+                                response: new http_1.MinimalResponseImpl({
+                                    status: shouldUpdate ? 200 : 400,
+                                    body: shouldUpdate ? 'OK' : 'Bad Request',
+                                    headers: {},
+                                }),
+                            }];
+                }
+            });
+        });
+    };
+    return IdentifyRemoteConfigNotifyRequestPhase;
+}());
+exports.IdentifyRemoteConfigNotifyRequestPhase = IdentifyRemoteConfigNotifyRequestPhase;

package/lib/cjs/phase/impl/UpdateRemoteConfigPhase.js

@@ -38,33 +38,26 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.UpdateRemoteConfigPhase = void 0;
 var UpdateRemoteConfigPhase = /** @class */ (function () {
-    function UpdateRemoteConfigPhase(config, remoteConfigUpdater) {
+    function UpdateRemoteConfigPhase(config, remoteConfigManager) {
         this.config = config;
-        this.remoteConfigUpdater = remoteConfigUpdater;
+        this.remoteConfigManager = remoteConfigManager;
     }
     UpdateRemoteConfigPhase.prototype.execute = function (context) {
         return __awaiter(this, void 0, void 0, function () {
-            var isSuccessful;
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
-                        if (!this.remoteConfigUpdater.isUpdateRemoteConfigRequest(context)) return [3 /*break*/, 2];
-                        return [4 /*yield*/, this.remoteConfigUpdater.updateRemoteConfig(context)];
+                        if (!this.remoteConfigManager.shouldUpdateRemoteConfig(context)) return [3 /*break*/, 2];
+                        context.shouldSendLogs = true;
+                        return [4 /*yield*/, this.remoteConfigManager.updateRemoteConfig(context)];
                     case 1:
-                        isSuccessful = _a.sent();
-                        return [2 /*return*/, { done: true, response: this.getUpdateConfigResponse(isSuccessful) }];
+                        _a.sent();
+                        _a.label = 2;
                     case 2: return [2 /*return*/, { done: false }];
                 }
             });
         });
     };
-    UpdateRemoteConfigPhase.prototype.getUpdateConfigResponse = function (isSuccessful) {
-        return {
-            status: isSuccessful ? 200 : 400,
-            body: isSuccessful ? 'OK' : 'Bad Request',
-            headers: {},
-        };
-    };
     return UpdateRemoteConfigPhase;
 }());
 exports.UpdateRemoteConfigPhase = UpdateRemoteConfigPhase;

package/lib/cjs/phase/impl/index.js

@@ -30,7 +30,8 @@ __exportStar(require("./SendAsyncActivitiesOnResponsePhase.js"), exports);
 __exportStar(require("./AdditionalActivityHandlerPhase.js"), exports);
 __exportStar(require("./CompositePhase.js"), exports);
 __exportStar(require("./SendLogsPhase.js"), exports);
-__exportStar(require("./UpdateRemoteConfigPhase.js"), exports);
 __exportStar(require("./ClearLogsPhase.js"), exports);
+__exportStar(require("./IdentifyRemoteConfigNotifyRequestPhase.js"), exports);
+__exportStar(require("./UpdateRemoteConfigPhase.js"), exports);
 __exportStar(require("./IdentifyTelemetryRequestPhase.js"), exports);
 __exportStar(require("./SendTelemetryActivityPhase.js"), exports);

package/lib/cjs/utils/constants.js

@@ -14,4 +14,4 @@ exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 exports.URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
 exports.REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
-exports.CORE_MODULE_VERSION = 'JS Core 0.24.4';
+exports.CORE_MODULE_VERSION = 'JS Core 0.25.0';

package/lib/esm/config/ConfigurationBase.js

@@ -6,7 +6,7 @@ import { TokenVersion } from '../risk_token/index.js';
 export class ConfigurationBase {
     configParams;
     staticConfigParams;
-    remoteConfigParams;
+    remoteConfigData;
     defaultConfigParams;
     removedParams;
     // Logger is initialized at `createActiveConfiguration`
@@ -75,15 +75,15 @@ export class ConfigurationBase {
         }
     }
     createInternalLogger(params) {
-        return new DefaultLogger(params.px_logger_severity, false);
+        return new DefaultLogger(params.px_logger_severity, false, this.logger?.getLogs());
     }
-    addRemoteConfig(remoteConfigParams) {
-        this.remoteConfigParams = remoteConfigParams;
-        const mergedParams = {
+    setRemoteConfigData(remoteConfigData) {
+        this.remoteConfigData = remoteConfigData;
+        const params = {
             ...this.staticConfigParams,
-            ...RemoteConfigUtils.prepareRemoteConfigParams(remoteConfigParams, this.logger),
+            ...RemoteConfigUtils.prepareRemoteConfigParams(remoteConfigData, this.logger),
         };
-        this.configParams = this.createActiveConfiguration(mergedParams, this.defaultConfigParams);
+        this.configParams = this.createActiveConfiguration(params, this.defaultConfigParams);
     }
     getActiveConfig() {
         const activeConfig = Object.assign({}, this.configParams);
@@ -97,7 +97,9 @@ export class ConfigurationBase {
         return Object.assign({}, this.staticConfigParams);
     }
     getRemoteConfig() {
-        return Object.assign({}, this.remoteConfigParams);
+        return this.remoteConfigData
+            ? RemoteConfigUtils.prepareRemoteConfigParams(this.remoteConfigData, this.logger)
+            : {};
     }
     get moduleVersion() {
         return `${this.getModuleVersion()} (${CORE_MODULE_VERSION})`;

package/lib/esm/config/index.js

@@ -1,6 +1,5 @@
 export * from './IConfiguration.js';
 export * from './ConfigurationBase.js';
-export * from './ConfigurationBuilderBase.js';
 export * from './CustomRequestFunction.js';
 export * from './remote_config/index.js';
 export * from './params/index.js';

package/lib/esm/config/remote_config/RemoteConfigUtils.js

@@ -6,8 +6,17 @@ export var RemoteConfigUtils;
     RemoteConfigUtils.isRemoteConfigUpdateRequest = (request) => request.method === HttpMethod.POST &&
         request.headers.get(PUSH_DATA_FEATURE_HEADER_NAME) === REMOTE_CONFIG_PUSH_DATA_FEATURE_NAME &&
         !!request.headers.get(PUSH_DATA_HMAC_HEADER_NAME);
-    RemoteConfigUtils.prepareRemoteConfigParams = (remoteConfigParams, logger) => {
-        const remoteConfig = Object.assign({}, remoteConfigParams);
+    RemoteConfigUtils.prepareRemoteConfigParams = ({ version, configValue }, logger) => {
+        const remoteConfig = {
+            px_remote_config_version: version,
+            px_remote_config_enabled: configValue.px_remote_config_enabled,
+        };
+        if (!configValue.px_remote_config_enabled) {
+            // returning only the version and the fact that remote config is disabled
+            // so we can report the version on async activities without merging the rest of the remote configs
+            return remoteConfig;
+        }
+        Object.assign(remoteConfig, configValue);
         // Remote config receives strings and regexes in separate fields (px_sensitive_routes, px_sensitive_routes_regex)
         // Before initializing a new active configuration, we merge the two into the more generic field (px_sensitive_routes)
         CONFIG_KEYS_WITH_REGEX_EQUIVALENT_IN_REMOTE_CONFIG.forEach((k) => {

package/lib/esm/config/remote_config/index.js

@@ -2,6 +2,6 @@ export * from './constants.js';
 export * from './model/index.js';
 export * from './service_client/index.js';
 export * from './storage_client/index.js';
-export * from './DefaultRemoteConfigUpdater.js';
-export * from './IRemoteConfigUpdater.js';
+export * from './manager/index.js';
+export * from './update_parser/index.js';
 export * from './RemoteConfigUtils.js';

package/lib/esm/config/remote_config/manager/DefaultRemoteConfigManager.js

@@ -0,0 +1,87 @@
+import { sleep } from '../../../utils/index.js';
+import { WRITE_REMOTE_CONFIG_ERROR_NAME } from '../constants.js';
+export class DefaultRemoteConfigManager {
+    config;
+    serviceClient;
+    storageClient;
+    constructor(config, options) {
+        this.config = config;
+        this.serviceClient = options.serviceClient;
+        this.storageClient = options.storageClient;
+    }
+    async loadRemoteConfig() {
+        if (!this.config.remoteConfigId || !this.config.remoteConfigAuthToken) {
+            this.config.logger.debug('no remote config id or auth token provided, skipping remote config load');
+            return;
+        }
+        try {
+            const remoteConfigData = await this.loadRemoteConfigData();
+            if (!!remoteConfigData?.version && remoteConfigData.version > this.config.remoteConfigVersion) {
+                this.config.setRemoteConfigData(remoteConfigData);
+            }
+        }
+        catch (e) {
+            this.config.logger.debug(`caught error loading remote config: ${e}`);
+        }
+    }
+    async loadRemoteConfigData() {
+        const remoteConfigData = await this.storageClient.load();
+        if (!remoteConfigData) {
+            this.config.logger.debug('unable to load remote config from storage');
+            return null;
+        }
+        if (!this.isValidRemoteConfigId(remoteConfigData.id)) {
+            this.config.logger.debug(`remote config ID in static config does not match ID found in storage ${remoteConfigData.id}`);
+            return null;
+        }
+        return remoteConfigData;
+    }
+    isValidRemoteConfigId(remoteConfigId) {
+        return remoteConfigId === this.config.remoteConfigId;
+    }
+    shouldUpdateRemoteConfig(context) {
+        return context.remoteConfigUpdateData.shouldUpdate;
+    }
+    async updateRemoteConfig(context) {
+        const desiredVersion = context.remoteConfigUpdateData.desiredVersion ?? 0;
+        const remoteConfigData = await this.fetchRemoteConfigData(desiredVersion, context);
+        if (!remoteConfigData) {
+            return;
+        }
+        try {
+            await this.storageClient.save(remoteConfigData);
+            context.logger.debug(`successfully updated remote config to version ${remoteConfigData.version}`);
+        }
+        catch (e) {
+            context.logger.debug(`unable to save remote config version ${remoteConfigData.version} to storage: ${e}`, {
+                errorType: WRITE_REMOTE_CONFIG_ERROR_NAME,
+            });
+        }
+    }
+    async fetchRemoteConfigData(desiredVersion, context) {
+        try {
+            const { remoteConfigMaxFetchAttempts, remoteConfigRetryIntervalMs } = this.config;
+            for (let i = 0; i < remoteConfigMaxFetchAttempts; i++) {
+                const remoteConfigData = await this.serviceClient.fetch({ version: desiredVersion });
+                if (!!remoteConfigData && remoteConfigData.version >= desiredVersion) {
+                    return remoteConfigData;
+                }
+                else {
+                    await this.sleepBetweenFetchAttempts(remoteConfigRetryIntervalMs);
+                }
+            }
+            context.logger.debug(`unable to fetch remote config version ${desiredVersion} or higher: reached ${remoteConfigMaxFetchAttempts} fetch attempts`, {
+                errorType: WRITE_REMOTE_CONFIG_ERROR_NAME,
+            });
+        }
+        catch (e) {
+            context.logger.debug(`unable to fetch remote config version ${desiredVersion} or higher: ${e}`, {
+                errorType: WRITE_REMOTE_CONFIG_ERROR_NAME,
+            });
+        }
+        return null;
+    }
+    async sleepBetweenFetchAttempts(ms) {
+        await sleep(ms);
+    }
+}

package/lib/esm/config/remote_config/manager/index.js

@@ -0,0 +1,2 @@
+export * from './IRemoteConfigManager.js';
+export * from './DefaultRemoteConfigManager.js';

package/lib/esm/config/remote_config/model/index.js

@@ -1,2 +1,2 @@
 export * from './RemoteConfigData.js';
-export * from './RemoteConfigUpdateRequestData.js';
+export * from './RemoteConfigNotifyRequestPayload.js';

package/lib/esm/config/remote_config/update_parser/DefaultNotifyRemoteConfigUpdateParser.js

@@ -0,0 +1,60 @@
+import { DefaultTimestampHmacHeaderValidator, PUSH_DATA_FEATURE_HEADER_NAME, PUSH_DATA_HMAC_HEADER_NAME, } from '../../../utils/index.js';
+import { REMOTE_CONFIG_PUSH_DATA_FEATURE_NAME, WRITE_REMOTE_CONFIG_ERROR_NAME } from '../constants.js';
+import { HttpMethod } from '../../../http/index.js';
+export class DefaultNotifyRemoteConfigUpdateParser {
+    config;
+    timestampHmacHeaderValidator;
+    constructor(config, options) {
+        this.config = config;
+        this.timestampHmacHeaderValidator =
+            options.timestampHmacHeaderValidator ??
+                new DefaultTimestampHmacHeaderValidator(config, config.remoteConfigAuthToken, options.base64Utils, options.hmacUtils);
+    }
+    async isUpdateRequest({ requestData: { request } }) {
+        return (request.method === HttpMethod.POST &&
+            request.headers.get(PUSH_DATA_FEATURE_HEADER_NAME) === REMOTE_CONFIG_PUSH_DATA_FEATURE_NAME &&
+            !!request.headers.get(PUSH_DATA_HMAC_HEADER_NAME));
+    }
+    async parseUpdate(context) {
+        if (!(await this.isNotifyRequestValid(context))) {
+            return { shouldUpdate: false };
+        }
+        const updateData = { shouldUpdate: true };
+        const desiredVersion = await this.getDesiredRemoteConfigVersion(context);
+        context.logger.debug(`got notify request for remote config version ${desiredVersion}`);
+        if (desiredVersion) {
+            updateData.desiredVersion = desiredVersion;
+        }
+        return updateData;
+    }
+    async isNotifyRequestValid(context) {
+        const timestampHmacHeader = context.requestData.request.headers.get(PUSH_DATA_HMAC_HEADER_NAME);
+        const isValid = !!timestampHmacHeader &&
+            (await this.timestampHmacHeaderValidator.isValid(timestampHmacHeader, context.logger));
+        if (!isValid) {
+            context.logger.debug(`invalid remote config notify request hmac header received: ${timestampHmacHeader}`, {
+                errorType: WRITE_REMOTE_CONFIG_ERROR_NAME,
+            });
+        }
+        return isValid;
+    }
+    async getDesiredRemoteConfigVersion(context) {
+        let notifyRequestPayload;
+        try {
+            notifyRequestPayload = await context.requestData.request.json();
+        }
+        catch (e) {
+            context.logger.debug(`could not parse update request body: ${e}`, {
+                errorType: WRITE_REMOTE_CONFIG_ERROR_NAME,
+            });
+            return null;
+        }
+        if (!notifyRequestPayload?.version) {
+            context.logger.debug(`no version on update request body: ${notifyRequestPayload}`, {
+                errorType: WRITE_REMOTE_CONFIG_ERROR_NAME,
+            });
+            return null;
+        }
+        return notifyRequestPayload.version;
+    }
+}

package/lib/esm/config/remote_config/update_parser/IRemoteConfigUpdateParser.js

@@ -0,0 +1 @@
+export {};

package/lib/esm/config/remote_config/update_parser/index.js

@@ -0,0 +1,2 @@
+export * from './DefaultNotifyRemoteConfigUpdateParser.js';
+export * from './IRemoteConfigUpdateParser.js';

package/lib/esm/context/DefaultContext.js

@@ -1,4 +1,3 @@
-import { RemoteConfigUtils } from '../config/index.js';
 import { BlockAction } from '../blocker/index.js';
 import { PXHDSource } from '../pxhd/index.js';
 import { TokenOrigin, TokenParseResult } from '../risk_token/index.js';
@@ -10,8 +9,7 @@ import { DefaultLogger, X_PX_ENFORCER_LOG_HEADER } from '../logger/index.js';
 export class DefaultContext {
     requestId;
     tokenOrigin;
-    isRemoteConfigUpdateRequest;
-    shouldSendLogs;
+    remoteConfigUpdateData;
     requestData;
     tokenData;
     riskApiData;
@@ -35,6 +33,7 @@ export class DefaultContext {
     logger;
     usedCookieSecret;
     shouldSendTelemetry;
+    _shouldSendLogs = false;
     config;
     urlUtils;
     constructor(config, request, options) {
@@ -55,8 +54,10 @@ export class DefaultContext {
         this.pxdeVerified = false;
         this.action = Action.TRIGGER_RISK_API;
         this.reasons = {};
-        this.isRemoteConfigUpdateRequest = RemoteConfigUtils.isRemoteConfigUpdateRequest(request);
-        this.shouldSendLogs = this.isRemoteConfigUpdateRequest || this.isHeaderBasedLoggerRequest(config, request);
+        this.remoteConfigUpdateData = {
+            shouldUpdate: false,
+        };
+        this.shouldSendLogs = this.isHeaderBasedLoggerRequest(config, request);
         this.logger = this.createContextLogger(config, this.shouldSendLogs);
         this.requestData = this.createRequestData(config, request, options.cookieParser);
         this.tokenOrigin = this.getTokenOrigin(request);
@@ -65,6 +66,18 @@ export class DefaultContext {
         }
         this.shouldSendTelemetry = false;
     }
+    get shouldSendLogs() {
+        return this._shouldSendLogs;
+    }
+    set shouldSendLogs(shouldSendLogs) {
+        if (this._shouldSendLogs === shouldSendLogs) {
+            return;
+        }
+        this._shouldSendLogs = shouldSendLogs;
+        if (this.logger) {
+            this.logger.shouldSaveLogs = shouldSendLogs;
+        }
+    }
     get isMobile() {
         return this.tokenOrigin === TokenOrigin.HEADER;
     }
@@ -152,7 +165,7 @@ export class DefaultContext {
             action: this.action,
             reasons: this.reasons,
             isMobile: this.isMobile,
-            isRemoteConfigUpdateRequest: this.isRemoteConfigUpdateRequest,
+            remoteConfigUpdateData: this.remoteConfigUpdateData,
             productData: this.productData,
             requestData: {
                 ...this.requestData,

package/lib/esm/context/SerializedContext.js

@@ -3,7 +3,7 @@ import { SerializedToken } from '../risk_token/index.js';
 import { SerializedRiskResponse } from '../risk_api/index.js';
 export class SerializedContext {
     isMobile;
-    isRemoteConfigUpdateRequest;
+    remoteConfigUpdateData;
     logger;
     productData;
     requestData;
@@ -33,7 +33,7 @@ export class SerializedContext {
         this.reasons = contextJson.reasons;
         this.isMobile = contextJson.isMobile;
         this.requestId = contextJson.requestId;
-        this.isRemoteConfigUpdateRequest = contextJson.isRemoteConfigUpdateRequest;
+        this.remoteConfigUpdateData = contextJson.remoteConfigUpdateData;
         this.logger = this.createLogger(config, contextJson.shouldSendLogs, contextJson.logger?.logs);
         this.productData = contextJson.productData;
         this.requestData = this.createRequestData(contextJson, request, urlUtils);

package/lib/esm/context/interfaces/RemoteConfigUpdateData.js

@@ -0,0 +1 @@
+export {};

package/lib/esm/context/interfaces/index.js

@@ -4,5 +4,6 @@ export * from './MobileData.js';
 export * from './TokenData.js';
 export * from './TlsData.js';
 export * from './ServerData.js';
+export * from './RemoteConfigUpdateData.js';
 export * from './IContext.js';
 export * from './ReadonlyContext.js';

package/lib/esm/enforcer/EnforcerBase.js

@@ -7,6 +7,7 @@ export class EnforcerBase {
     postEnforceFlow;
     endEnforcerFlow;
     activityClient;
+    remoteConfigManager;
     /**
      * The EnforcerBase constructor.
      * @param config - The enforcer configuration.
@@ -17,6 +18,7 @@ export class EnforcerBase {
         this.config = config;
         const initializationBlock = createEnforcerInitializationBlock(config, options);
         this.activityClient = initializationBlock.activityClient;
+        this.remoteConfigManager = initializationBlock.remoteConfigManager;
         this.filterFlow = this.createFilterFlow(config, initializationBlock);
         this.enforceFlow = this.createEnforceFlow(config, initializationBlock);
         this.postEnforceFlow = this.createPostEnforceFlow(config, initializationBlock);
@@ -43,6 +45,7 @@ export class EnforcerBase {
      * @returns Promise<Res|null> - A Promise resolving to a Res or null depending on the action that should be taken.
      */
     async enforce(...args) {
+        await this.remoteConfigManager?.loadRemoteConfig();
         let context;
         try {
             if (!this.config.moduleEnabled) {