perimeterx-js-core 0.3.0 → 0.4.1

package/README.md

@@ -77,40 +77,44 @@ While you will need to create a custom implementation for the request context, y
 ### HTTP
 
 Every framework has a different API for creating and sending HTTP requests and responses. This library reduces this functionality
-into three interfaces:
+into several interfaces:
 
-`IHttpRequest` - Represents an HTTP request.
+`IIncomingRequest` - Represents an HTTP request from the user.
 
-`IHttpResponse` - Represents an HTTP response.
+`IOutgoingResponse` - Represents an HTTP response which is returned to the user.
 
-`IHttpClient` - Represents a client that can send an `IHttpRequest` and return an `IHttpResponse`.
+`IOutgoingRequest` - Represents an HTTP request that can be executed (sent to other origin)
 
-When developing your JavaScript/TypeScript enforcer with this library, you will need to wrap the native HTTP request/response
-objects such that they conform to these interfaces. Of course, you are free to extend these interfaces as needed.
+`IIncomingResponse` - Represents an HTTP response that received from sending `IOutgoingRequest`
 
-The `HttpRequestBase` and `HttpResponseBase` classes are also provided for minimizing code repetition, simplifying
-encapsulating request and response body handling to a single `IBodyReader` interface.
+`IHttpClient` - Represents a client that can send an `IIncomingRequest` and return an `IOutgoingResponse`.
 
-The library also provides the `DefaultHttpRequest` and `DefaultHttpResponse` classes, simple implementations of the
-`IHttpRequest` and `IHttpResponse` interfaces, which are used internally. These implementations use the `StringBodyReader`
-class to parse request and response bodies provided as strings.
+When developing your JavaScript/TypeScript enforcer with this library, you will need to wrap the native HTTP request/response
+objects such that they conform to these interfaces. Of course, you are free to extend these interfaces as needed.
 
 You will also need to implement an HTTP client. You can do this however you see fit: use the platform's built-in API
 or use an external library (e.g., `phin`, `axios`) if needed.
 
 ### Crypto
 
-Since cryptographic functionality varies from platform to platform, this library's crypto utils takes the form of an interface
+Since cryptographic functionality varies from platform to platform, this library's crypto utils takes the form of interfaces
 as well.
 
-`IBase64Utils` - Represents a Base64 encoding and decoding utility that other components may require. A `DefaultBase64Utils`
-implementation using the `js-base64` dependency is provided.
+`IBase64Utils` - Represents a Base64 encoding and decoding utility that other components may require. The following implementations
+are provided:
+* `AtobBase64Utils`, which relies on native `atob` and `btoa` functions.
+* `BufferBase64Utils`, which relies on the native NodeJS `Buffer.from()` function.
+* `JSBase64Base64Utils`, which uses the `js-base64` dependency.
 
-`IHashUtils` - Represents an HMAC-generating utility that other components may require. A `DefaultHashUtils`
-implementation using the `crypto-js` dependency is provided.
+`IHashUtils` - Represents an HMAC-generating utility that other components may require. The following implementations are
+provided:
+* `CryptoHmacUtils`, which relies on the native NodeJS `crypto` package.
+* `CryptoJSHmacUtils`, which uses the `crypto-js` dependency.
 
-`ICipherUtils` - Represents an encryption and decryption utility that is required for RiskTokenV3. No default 
-implementation is provided.
+`ICipherUtils` - Represents an encryption and decryption utility that is required for RiskTokenV3. The following implementations
+are provided:
+* `CryptoCipherUtils`, which relies on the native NodeJS `crypto` package.
+* `SubtleCryptoCipherUtils`, which relies on an object implementing the `SubtleCrypto` interface. By default, it is assumed that the global `crypto.subtle` implements this interface.
 
 ### Other Dependencies
 
@@ -119,8 +123,8 @@ can be swapped with other implementations. These classes are:
 
 | **Library**       | **Implementation**        | **Used For**                              |
 | :---              | :---                      | :---                                      |
-| `crypto-js`       | `DefaultHashUtils`        | PXDE, telemetry, risk token V2/V3, etc.   |
-| `js-base64`       | `DefaultBase64Utils`      | PXDE, telemetry, risk token V2, etc.      |
+| `crypto-js`       | `CryptoJSHmacUtils`        | PXDE, telemetry, risk token V2/V3, etc.   |
+| `js-base64`       | `JSBase64Base64Utils`      | PXDE, telemetry, risk token V2, etc.      |
 | `cookie`          | `DefaultCookieParser`     | `ContextBase`                             |
 | `uuid`            | `DefaultUuidGenerator`    | `ContextBase`                             |
 | `ip-range-check`  | `DefaultIpRangeChecker`   | `DefaultFilter`                           |

package/lib/activities/HttpActivityClient.d.ts

@@ -1,8 +1,8 @@
 import { IConfiguration } from '../config';
 import { IContext } from '../context';
-import { IHttpClient } from '../http';
 import { IActivityClient } from './IActivityClient';
 import { Activity } from './model/Activity';
+import { IHttpClient } from '../http';
 export declare class HttpActivityClient implements IActivityClient {
     private readonly config;
     private readonly httpClient;

package/lib/activities/HttpActivityClient.js

@@ -42,6 +42,8 @@ var utils_1 = require("../utils");
 var ActivityType_1 = require("./ActivityType");
 var utils_2 = require("./utils");
 var constants_1 = require("./constants");
+var http_2 = require("../http");
+var http_3 = require("../http");
 var HttpActivityClient = /** @class */ (function () {
     function HttpActivityClient(config, httpClient) {
         this.config = config;
@@ -87,13 +89,13 @@ var HttpActivityClient = /** @class */ (function () {
     };
     HttpActivityClient.prototype.postActivities = function (activities) {
         return __awaiter(this, void 0, void 0, function () {
-            var url, method, headers, body, status;
+            var url, method, headers, body, req, status;
             var _a;
             return __generator(this, function (_b) {
                 switch (_b.label) {
                     case 0:
                         url = "".concat(this.config.backendCollectorUrl).concat(constants_1.ACTIVITIES_ENDPOINT);
-                        method = http_1.HttpMethod.POST;
+                        method = http_2.HttpMethod.POST;
                         headers = (_a = {},
                             _a[http_1.CONTENT_TYPE_HEADER_NAME] = [http_1.ContentType.APPLICATION_JSON],
                             _a[http_1.AUTHORIZATION_HEADER_NAME] = [(0, utils_1.getAuthorizationHeader)(this.config.authToken)],
@@ -103,9 +105,10 @@ var HttpActivityClient = /** @class */ (function () {
                             var type = _a.type;
                             return "".concat(type, " activity");
                         }).join(', '), " to ").concat(url));
-                        return [4 /*yield*/, this.httpClient.send(new http_1.DefaultHttpRequest(url, { method: method, headers: headers, body: body }))];
+                        req = new http_3.OutgoingRequestImpl({ url: url, method: method, headers: headers, body: body });
+                        return [4 /*yield*/, this.httpClient.send(req).then(function (resp) { return resp.status; })];
                     case 1:
-                        status = (_b.sent()).status;
+                        status = _b.sent();
                         return [2 /*return*/, status === 200];
                 }
             });

package/lib/activities/HttpBatchedActivityClient.d.ts

@@ -1,7 +1,7 @@
 import { HttpActivityClient } from './HttpActivityClient';
 import { IConfiguration } from '../config';
-import { IHttpClient } from '../http';
 import { Activity } from './model/Activity';
+import { IHttpClient } from '../http';
 export declare class HttpBatchedActivityClient extends HttpActivityClient {
     private readonly batchSize;
     private readonly timeoutMs;

package/lib/activities/utils.js

@@ -8,7 +8,7 @@ var createActivity = function (activityType, config, context) {
         type: activityType,
         px_app_id: config.appId,
         url: context.requestData.url.href,
-        headers: (0, utils_1.removeSensitiveHeaders)(context.requestData.headers, config.sensitiveHeaders).toObject(','),
+        headers: (0, utils_1.removeSensitiveHeaders)(context.requestData.headers, config.sensitiveHeaders),
         pxhd: context.pxhd,
         socket_ip: context.requestData.ip,
         timestamp: Date.now(),

package/lib/block_handler/DefaultBlockResponseGenerator.d.ts

@@ -1,14 +1,14 @@
 import { IContext } from '../context';
 import { IConfiguration } from '../config';
-import { IHttpResponse } from '../http';
 import { IBase64Utils } from '../utils';
 import { IBlockResponseGenerator } from './IBlockResponseGenerator';
+import { IMinimalResponse } from '../http';
 export declare class DefaultBlockResponseGenerator implements IBlockResponseGenerator {
     private readonly config;
     private readonly captchaResponseGenerator;
     constructor(config: IConfiguration, base64Utils: IBase64Utils);
     shouldGenerate(context: IContext): boolean;
-    generateBlockResponse(context: IContext): IHttpResponse;
+    generateBlockResponse(context: IContext): IMinimalResponse;
     private generateRateLimitResponse;
     private generateCaptchaResponse;
 }

package/lib/block_handler/DefaultBlockResponseGenerator.js

@@ -6,6 +6,7 @@ var http_1 = require("../http");
 var BlockAction_1 = require("./BlockAction");
 var CaptchaBlockResponseGenerator_1 = require("./captcha/CaptchaBlockResponseGenerator");
 var rate_limit_template_1 = require("./templates/rate_limit_template");
+var http_2 = require("../http");
 var DefaultBlockResponseGenerator = /** @class */ (function () {
     function DefaultBlockResponseGenerator(config, base64Utils) {
         this.config = config;
@@ -26,7 +27,7 @@ var DefaultBlockResponseGenerator = /** @class */ (function () {
                 res = this.generateCaptchaResponse(context);
                 break;
         }
-        return pxhd_1.PXHDUtils.addPxhdToResponse(context, res);
+        return pxhd_1.PXHDUtils.addPxhdToMinimalResponse(context, res);
     };
     DefaultBlockResponseGenerator.prototype.generateRateLimitResponse = function () {
         var _a;
@@ -34,7 +35,11 @@ var DefaultBlockResponseGenerator = /** @class */ (function () {
         var headers = (_a = {},
             _a[http_1.CONTENT_TYPE_HEADER_NAME] = [http_1.ContentType.TEXT_HTML],
             _a);
-        return new http_1.DefaultHttpResponse(rate_limit_template_1.RATE_LIMIT_TEMPLATE, { status: status, headers: headers });
+        return new http_2.MinimalResponseImpl({
+            body: rate_limit_template_1.RATE_LIMIT_TEMPLATE,
+            status: status,
+            headers: headers,
+        });
     };
     DefaultBlockResponseGenerator.prototype.generateCaptchaResponse = function (context) {
         return this.captchaResponseGenerator.generateBlockResponse(context);

package/lib/block_handler/IBlockResponseGenerator.d.ts

@@ -1,5 +1,5 @@
 import { IContext } from '../context';
-import { IHttpResponse } from '../http';
+import { IMinimalResponse } from '../http';
 export interface IBlockResponseGenerator {
     /**
      * @param context - The request context.
@@ -10,5 +10,5 @@ export interface IBlockResponseGenerator {
      * @param context - The request context.
      * @returns IHttpResponse - The block response that should be returned to the end-user.
      */
-    generateBlockResponse(context: IContext): IHttpResponse;
+    generateBlockResponse(context: IContext): IMinimalResponse;
 }

package/lib/block_handler/captcha/CaptchaBlockResponseGenerator.d.ts

@@ -1,8 +1,8 @@
 import { IConfiguration } from '../../config';
 import { IContext } from '../../context';
-import { IHttpResponse } from '../../http';
 import { IBase64Utils } from '../../utils';
 import { IBlockResponseGenerator } from '../IBlockResponseGenerator';
+import { IMinimalResponse } from '../../http';
 export declare class CaptchaBlockResponseGenerator implements IBlockResponseGenerator {
     private readonly config;
     private readonly jsonCaptchaGenerator;
@@ -10,5 +10,5 @@ export declare class CaptchaBlockResponseGenerator implements IBlockResponseGene
     private readonly htmlCaptchaGenerator;
     constructor(config: IConfiguration, base64Utils: IBase64Utils);
     shouldGenerate({ blockAction }: IContext): boolean;
-    generateBlockResponse(context: IContext): IHttpResponse;
+    generateBlockResponse(context: IContext): IMinimalResponse;
 }

package/lib/block_handler/captcha/HtmlCaptchaResponseGenerator.d.ts

@@ -1,10 +1,10 @@
 import { IConfiguration } from '../../config';
 import { IContext } from '../../context';
-import { IHttpResponse } from '../../http';
 import { IBlockResponseGenerator } from '../IBlockResponseGenerator';
+import { IMinimalResponse } from '../../http';
 export declare class HtmlCaptchaResponseGenerator implements IBlockResponseGenerator {
     private readonly config;
     constructor(config: IConfiguration);
     shouldGenerate(context: IContext): boolean;
-    generateBlockResponse(context: IContext): IHttpResponse;
+    generateBlockResponse(context: IContext): IMinimalResponse;
 }

package/lib/block_handler/captcha/HtmlCaptchaResponseGenerator.js

@@ -4,6 +4,7 @@ exports.HtmlCaptchaResponseGenerator = void 0;
 var http_1 = require("../../http");
 var utils_1 = require("../utils");
 var captcha_template_1 = require("../templates/captcha_template");
+var http_2 = require("../../http");
 var HtmlCaptchaResponseGenerator = /** @class */ (function () {
     function HtmlCaptchaResponseGenerator(config) {
         this.config = config;
@@ -18,7 +19,11 @@ var HtmlCaptchaResponseGenerator = /** @class */ (function () {
             _a[http_1.CONTENT_TYPE_HEADER_NAME] = [http_1.ContentType.TEXT_HTML],
             _a);
         var body = (0, utils_1.renderHtml)(captcha_template_1.CAPTCHA_TEMPLATE, (0, utils_1.createBlockData)(this.config, context));
-        return new http_1.DefaultHttpResponse(body, { status: status, headers: headers });
+        return new http_2.MinimalResponseImpl({
+            body: body,
+            status: status,
+            headers: headers,
+        });
     };
     return HtmlCaptchaResponseGenerator;
 }());

package/lib/block_handler/captcha/JsonCaptchaResponseGenerator.d.ts

@@ -1,10 +1,10 @@
 import { IConfiguration } from '../../config';
 import { IContext } from '../../context';
-import { IHttpResponse } from '../../http';
 import { IBlockResponseGenerator } from '../IBlockResponseGenerator';
+import { IMinimalResponse } from '../../http';
 export declare class JsonCaptchaResponseGenerator implements IBlockResponseGenerator {
     private readonly config;
     constructor(config: IConfiguration);
     shouldGenerate(context: IContext): boolean;
-    generateBlockResponse(context: IContext): IHttpResponse;
+    generateBlockResponse(context: IContext): IMinimalResponse;
 }

package/lib/block_handler/captcha/JsonCaptchaResponseGenerator.js

@@ -4,17 +4,17 @@ exports.JsonCaptchaResponseGenerator = void 0;
 var BlockAction_1 = require("../BlockAction");
 var http_1 = require("../../http");
 var utils_1 = require("../utils");
+var http_2 = require("../../http");
 var JsonCaptchaResponseGenerator = /** @class */ (function () {
     function JsonCaptchaResponseGenerator(config) {
         this.config = config;
     }
     JsonCaptchaResponseGenerator.prototype.shouldGenerate = function (context) {
-        var _a, _b;
         if (!this.config.advancedBlockingResponseEnabled) {
             return false;
         }
-        var acceptHeaderValue = ((_a = context.requestData.headers.get(http_1.ACCEPT_HEADER_NAME)) === null || _a === void 0 ? void 0 : _a[0]) ||
-            ((_b = context.requestData.headers.get(http_1.CONTENT_TYPE_HEADER_NAME)) === null || _b === void 0 ? void 0 : _b[0]) ||
+        var acceptHeaderValue = context.requestData.request.headers.get(http_1.ACCEPT_HEADER_NAME) ||
+            context.requestData.request.headers.get(http_1.CONTENT_TYPE_HEADER_NAME) ||
             '';
         var acceptHeaderContainsJson = acceptHeaderValue === null || acceptHeaderValue === void 0 ? void 0 : acceptHeaderValue.split(',').some(function (value) { return value.toLowerCase() === http_1.ContentType.APPLICATION_JSON; });
         return !context.isMobile && context.blockAction !== BlockAction_1.BlockAction.RATE_LIMIT && acceptHeaderContainsJson;
@@ -37,7 +37,11 @@ var JsonCaptchaResponseGenerator = /** @class */ (function () {
             blockScript: blockData.blockScript,
             altBlockScript: blockData.altBlockScript,
         };
-        return new http_1.DefaultHttpResponse(JSON.stringify(jsonBlockPayload), { status: status, headers: headers });
+        return new http_2.MinimalResponseImpl({
+            body: JSON.stringify(jsonBlockPayload),
+            status: status,
+            headers: headers,
+        });
     };
     return JsonCaptchaResponseGenerator;
 }());

package/lib/block_handler/captcha/MobileCaptchaResponseGenerator.d.ts

@@ -1,12 +1,12 @@
 import { IConfiguration } from '../../config';
 import { IContext } from '../../context';
-import { IHttpResponse } from '../../http';
 import { IBase64Utils } from '../../utils';
 import { IBlockResponseGenerator } from '../IBlockResponseGenerator';
+import { IMinimalResponse } from '../../http';
 export declare class MobileCaptchaResponseGenerator implements IBlockResponseGenerator {
     private readonly config;
     private readonly base64Utils;
     constructor(config: IConfiguration, base64Utils: IBase64Utils);
     shouldGenerate(context: IContext): boolean;
-    generateBlockResponse(context: IContext): IHttpResponse;
+    generateBlockResponse(context: IContext): IMinimalResponse;
 }

package/lib/block_handler/captcha/MobileCaptchaResponseGenerator.js

@@ -5,6 +5,7 @@ var http_1 = require("../../http");
 var BlockAction_1 = require("../BlockAction");
 var utils_1 = require("../utils");
 var captcha_template_1 = require("../templates/captcha_template");
+var http_2 = require("../../http");
 var MobileCaptchaResponseGenerator = /** @class */ (function () {
     function MobileCaptchaResponseGenerator(config, base64Utils) {
         this.config = config;
@@ -29,7 +30,11 @@ var MobileCaptchaResponseGenerator = /** @class */ (function () {
             page: this.base64Utils.base64Encode(captchaPage),
             collectorHost: this.config.backendCollectorUrl,
         };
-        return new http_1.DefaultHttpResponse(JSON.stringify(mobileBlockPayload), { status: status, headers: headers });
+        return new http_2.MinimalResponseImpl({
+            body: JSON.stringify(mobileBlockPayload),
+            status: status,
+            headers: headers,
+        });
     };
     return MobileCaptchaResponseGenerator;
 }());

package/lib/config/DefaultConfigurations.js

@@ -1,8 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DEFAULT_CONFIGURATIONS = void 0;
-var LoggerSeverity_1 = require("../logger/LoggerSeverity");
-var ModuleMode_1 = require("../utils/ModuleMode");
+var logger_1 = require("../logger");
+var utils_1 = require("../utils");
 exports.DEFAULT_CONFIGURATIONS = {
     px_app_id: '',
     px_auth_token: '',
@@ -13,11 +13,11 @@ exports.DEFAULT_CONFIGURATIONS = {
     px_risk_cookie_max_length: 2048,
     px_risk_cookie_min_iterations: 500,
     px_risk_cookie_max_iterations: 5000,
-    px_logger_severity: LoggerSeverity_1.LoggerSeverity.ERROR,
+    px_logger_severity: logger_1.LoggerSeverity.ERROR,
     px_ip_headers: [],
     px_extract_ip: null,
     px_module_enabled: true,
-    px_module_mode: ModuleMode_1.ModuleMode.MONITOR,
+    px_module_mode: utils_1.ModuleMode.MONITOR,
     px_additional_activity_handler: null,
     px_advanced_blocking_response_enabled: true,
     px_max_activity_batch_size: 0,

package/lib/context/ContextBase.d.ts

@@ -2,12 +2,13 @@ import { IConfiguration } from '../config';
 import { BlockReason, BlockAction } from '../block_handler';
 import { CustomParameters } from '../custom_parameters';
 import { FilterReason } from '../filter';
-import { IHttpRequest, HttpHeaders } from '../http';
 import { PXDE } from '../pxde';
 import { GraphQLData } from '../graphql';
 import { IBotDefenderToken, TokenOrigin } from '../risk_token';
 import { VidSource, PassReason, ICookieParser, IUuidGenerator } from '../utils';
 import { IContext, MobileData, RequestData, ResponseData, RiskApiData, ServerData, TlsData } from './IContext';
+import { IIncomingRequest } from '../http/interfaces/IIncomingRequest';
+import { ReadOnlyHeaders } from '../http';
 export declare type ContextBaseOptions = {
     cookieParser?: ICookieParser;
     uuidGenerator?: IUuidGenerator;
@@ -38,12 +39,12 @@ export declare abstract class ContextBase<OptionsType extends ContextBaseOptions
     customParameters?: CustomParameters;
     graphqlData?: GraphQLData[];
     protected readonly config: IConfiguration;
-    protected constructor(config: IConfiguration, request: IHttpRequest, options?: OptionsType);
+    protected constructor(config: IConfiguration, request: IIncomingRequest, options?: OptionsType);
     protected abstract createRiskToken(config: IConfiguration, cookies: Record<string, string>, options: OptionsType): IBotDefenderToken;
-    protected createRequestData(config: IConfiguration, request: IHttpRequest, cookieParser?: ICookieParser): RequestData;
+    protected createRequestData(config: IConfiguration, request: IIncomingRequest, cookieParser?: ICookieParser): RequestData;
     protected getCookies(cookieParser: ICookieParser, ...cookieHeaderValues: string[]): Record<string, string>;
-    protected extractUserAgentFromHeader(config: IConfiguration, headers: HttpHeaders): string;
-    protected extractIpFromHeader(config: IConfiguration, headers: HttpHeaders): string;
+    protected extractUserAgentFromHeader(config: IConfiguration, headers: ReadOnlyHeaders): string;
+    protected extractIpFromHeader(config: IConfiguration, headers: ReadOnlyHeaders): string;
     protected isMonitored(config: IConfiguration, requestData: RequestData): boolean;
     protected isSensitive(config: IConfiguration, { url }: RequestData): boolean;
     protected isAllowedToBypassMonitor(config: IConfiguration, requestData: RequestData): boolean;

package/lib/context/ContextBase.js

@@ -26,16 +26,16 @@ var ContextBase = /** @class */ (function () {
         }
     }
     ContextBase.prototype.createRequestData = function (config, request, cookieParser) {
-        var _a, _b;
         if (cookieParser === void 0) { cookieParser = new utils_1.DefaultCookieParser(); }
         var url = (0, utils_1.getDecodedUrl)(request.url);
         var method = request.method;
         var headers = request.headers;
-        var cookies = this.getCookies(cookieParser, (_a = request.headers.get(http_1.COOKIE_HEADER_NAME)) === null || _a === void 0 ? void 0 : _a[0], (_b = request.headers.get(config.customCookieHeader)) === null || _b === void 0 ? void 0 : _b[0]);
+        var cookies = this.getCookies(cookieParser, request.headers.get(http_1.COOKIE_HEADER_NAME), request.headers.get(config.customCookieHeader));
         var requestCookieNames = Object.keys(cookies);
-        var userAgent = this.extractUserAgentFromHeader(config, headers);
-        var ip = this.extractIpFromHeader(config, headers);
-        return { url: url, method: method, headers: headers, cookies: cookies, ip: ip, userAgent: userAgent, requestCookieNames: requestCookieNames, request: request };
+        var readOnlyHeaders = (0, http_1.toReadOnlyHeaders)(headers);
+        var userAgent = this.extractUserAgentFromHeader(config, readOnlyHeaders);
+        var ip = this.extractIpFromHeader(config, readOnlyHeaders);
+        return { url: url, method: method, headers: readOnlyHeaders, cookies: cookies, ip: ip, userAgent: userAgent, requestCookieNames: requestCookieNames, request: request };
     };
     ContextBase.prototype.getCookies = function (cookieParser) {
         var cookieHeaderValues = [];
@@ -50,7 +50,7 @@ var ContextBase = /** @class */ (function () {
     };
     ContextBase.prototype.extractUserAgentFromHeader = function (config, headers) {
         var _a;
-        var userAgent = ((_a = headers === null || headers === void 0 ? void 0 : headers.get(http_1.USER_AGENT_HEADER_NAME)) === null || _a === void 0 ? void 0 : _a[0]) || '';
+        var userAgent = ((_a = headers[http_1.USER_AGENT_HEADER_NAME]) === null || _a === void 0 ? void 0 : _a[0]) || '';
         if (userAgent.length > config.userAgentMaxLength) {
             userAgent = userAgent.substring(0, config.userAgentMaxLength);
         }
@@ -60,7 +60,7 @@ var ContextBase = /** @class */ (function () {
         var ip;
         config.ipHeaders.some(function (ipHeader) {
             var _a;
-            var headerValue = (_a = headers.get(ipHeader)) === null || _a === void 0 ? void 0 : _a[0];
+            var headerValue = (_a = headers[ipHeader]) === null || _a === void 0 ? void 0 : _a[0];
             if (headerValue) {
                 ip = headerValue;
                 return true;
@@ -80,13 +80,11 @@ var ContextBase = /** @class */ (function () {
         return (0, utils_1.isRouteInPatterns)(url.pathname, config.sensitiveRoutes);
     };
     ContextBase.prototype.isAllowedToBypassMonitor = function (config, requestData) {
-        var _a;
         return (config.bypassMonitorHeader &&
-            ((_a = requestData.headers.get(config.bypassMonitorHeader)) === null || _a === void 0 ? void 0 : _a[0]) === utils_1.BYPASS_MONITOR_HEADER_VALUE);
+            requestData.request.headers.get(config.bypassMonitorHeader) === utils_1.BYPASS_MONITOR_HEADER_VALUE);
     };
     ContextBase.prototype.setRiskTokenOnContext = function (config, options) {
-        var _a;
-        var mobileToken = (_a = this.requestData.headers.get(utils_1.X_PX_AUTHORIZATION_HEADER_NAME)) === null || _a === void 0 ? void 0 : _a[0];
+        var mobileToken = this.requestData.request.headers.get(utils_1.X_PX_AUTHORIZATION_HEADER_NAME);
         if (mobileToken) {
             this.setMobileTokenOnContext(config, mobileToken, options);
         }
@@ -95,11 +93,10 @@ var ContextBase = /** @class */ (function () {
         }
     };
     ContextBase.prototype.setMobileTokenOnContext = function (config, mobileToken, options) {
-        var _a, _b;
         this.tokenOrigin = risk_token_1.TokenOrigin.HEADER;
         this.riskToken = this.getMobileToken(config, mobileToken, options);
-        this.mobileData.originalToken = this.getMobileToken(config, (_a = this.requestData.headers.get(utils_1.X_PX_ORIGINAL_TOKEN_HEADER_NAME)) === null || _a === void 0 ? void 0 : _a[0], options);
-        this.mobileData.bypassReason = ((_b = this.requestData.headers.get(utils_1.X_PX_BYPASS_REASON_HEADER_NAME)) === null || _b === void 0 ? void 0 : _b[0]) || '';
+        this.mobileData.originalToken = this.getMobileToken(config, this.requestData.request.headers.get(utils_1.X_PX_ORIGINAL_TOKEN_HEADER_NAME), options);
+        this.mobileData.bypassReason = this.requestData.request.headers.get(utils_1.X_PX_BYPASS_REASON_HEADER_NAME) || '';
         if (!this.riskToken && /^\d+$/.test(mobileToken)) {
             this.mobileData.mobileError = mobileToken;
         }

package/lib/context/DefaultTokenV2Context.d.ts

@@ -1,13 +1,13 @@
 import { IConfiguration } from '../config';
-import { IHttpRequest } from '../http';
 import { IBotDefenderToken } from '../risk_token';
 import { IBase64Utils, IHashUtils } from '../utils';
 import { ContextBase, ContextBaseOptions } from './ContextBase';
+import { IIncomingRequest } from '../http/interfaces/IIncomingRequest';
 export declare type DefaultTokenV2ContextOptions = {
     base64Utils?: IBase64Utils;
     hashUtils?: IHashUtils;
 } & ContextBaseOptions;
 export declare class DefaultTokenV2Context extends ContextBase<DefaultTokenV2ContextOptions> {
-    constructor(config: IConfiguration, httpRequest: IHttpRequest, options?: DefaultTokenV2ContextOptions);
+    constructor(config: IConfiguration, httpRequest: IIncomingRequest, options?: DefaultTokenV2ContextOptions);
     protected createRiskToken(config: IConfiguration, cookies: Record<string, string>, options: DefaultTokenV2ContextOptions): IBotDefenderToken;
 }

package/lib/context/DefaultTokenV2Context.js

@@ -26,7 +26,7 @@ var DefaultTokenV2Context = /** @class */ (function (_super) {
     }
     DefaultTokenV2Context.prototype.createRiskToken = function (config, cookies, options) {
         if (cookies[risk_token_1.COOKIE_V2_NAME]) {
-            return new risk_token_1.DefaultBotDefenderTokenV2(config, cookies[risk_token_1.COOKIE_V2_NAME], (options === null || options === void 0 ? void 0 : options.base64Utils) || new utils_1.DefaultBase64Utils(), (options === null || options === void 0 ? void 0 : options.hashUtils) || new utils_1.DefaultHashUtils());
+            return new risk_token_1.DefaultBotDefenderTokenV2(config, cookies[risk_token_1.COOKIE_V2_NAME], (options === null || options === void 0 ? void 0 : options.base64Utils) || new utils_1.JSBase64Base64Utils(), (options === null || options === void 0 ? void 0 : options.hashUtils) || new utils_1.CryptoJSHmacUtils());
         }
         return null;
     };

package/lib/context/DefaultTokenV3Context.d.ts

@@ -1,13 +1,13 @@
 import { IConfiguration } from '../config';
-import { IHttpRequest } from '../http';
 import { IBotDefenderToken } from '../risk_token';
 import { IHashUtils, ICipherUtils } from '../utils';
 import { ContextBase, ContextBaseOptions } from './ContextBase';
+import { IIncomingRequest } from '../http/interfaces/IIncomingRequest';
 export declare type DefaultTokenV3ContextOptions = {
     cipherUtils: ICipherUtils;
     hashUtils?: IHashUtils;
 } & ContextBaseOptions;
 export declare class DefaultTokenV3Context extends ContextBase<DefaultTokenV3ContextOptions> {
-    constructor(config: IConfiguration, httpRequest: IHttpRequest, options: DefaultTokenV3ContextOptions);
+    constructor(config: IConfiguration, httpRequest: IIncomingRequest, options: DefaultTokenV3ContextOptions);
     protected createRiskToken(config: IConfiguration, cookies: Record<string, string>, options: DefaultTokenV3ContextOptions): IBotDefenderToken;
 }

package/lib/context/DefaultTokenV3Context.js

@@ -26,7 +26,7 @@ var DefaultTokenV3Context = /** @class */ (function (_super) {
     }
     DefaultTokenV3Context.prototype.createRiskToken = function (config, cookies, options) {
         if (cookies[risk_token_1.COOKIE_V3_NAME]) {
-            return new risk_token_1.DefaultBotDefenderTokenV3(config, cookies[risk_token_1.COOKIE_V3_NAME], options.cipherUtils, options.hashUtils || new utils_1.DefaultHashUtils());
+            return new risk_token_1.DefaultBotDefenderTokenV3(config, cookies[risk_token_1.COOKIE_V3_NAME], options.cipherUtils, options.hashUtils || new utils_1.CryptoJSHmacUtils());
         }
         return null;
     };

package/lib/context/IContext.d.ts

@@ -3,10 +3,12 @@ import { FilterReason } from '../filter';
 import { S2SCallReason, S2SErrorReason } from '../risk_api';
 import { PassReason, VidSource } from '../utils';
 import { BlockAction, BlockReason } from '../block_handler';
-import { HttpHeaders, HttpMethod, IHttpRequest } from '../http';
 import { CustomParameters } from '../custom_parameters';
 import { PXDE } from '../pxde';
-import { GraphQLData } from '../graphql/model/GraphQLData';
+import { GraphQLData } from '../graphql';
+import { HttpMethod } from '../http';
+import { ReadOnlyHeaders } from '../http';
+import { IIncomingRequest } from '../http/interfaces/IIncomingRequest';
 export declare type RequestData = {
     /**
      * The request URL.
@@ -20,7 +22,7 @@ export declare type RequestData = {
      * An object representing the request headers. The keys are the header names (all lowercase) and the values
      * are arrays of strings, with each string representing one value associated with the header name.
      */
-    headers: HttpHeaders;
+    headers: ReadOnlyHeaders;
     /**
      * An object representing the request cookies. The keys are the cookie
      * names and the values are the cookie values.
@@ -41,7 +43,7 @@ export declare type RequestData = {
     /**
      * An interface representing the original HTTP request.
      */
-    request: IHttpRequest;
+    request: IIncomingRequest;
     /**
      * The HTTP version used for the request (e.g., 0.9, 1.0, 1.1, 2.0).
      */

package/lib/custom_parameters/CustomParametersFunction.d.ts

@@ -1,4 +1,4 @@
-import { IHttpRequest } from '../http';
 import { ConfigurationParams } from '../config';
 import { CustomParameters } from './CustomParameters';
-export declare type CustomParametersFunction = (config: ConfigurationParams, httpRequest: IHttpRequest) => CustomParameters | Promise<CustomParameters>;
+import { IIncomingRequest } from '../http/interfaces/IIncomingRequest';
+export declare type CustomParametersFunction = (config: ConfigurationParams, httpRequest: IIncomingRequest) => CustomParameters | Promise<CustomParameters>;