perimeterx-js-core 0.32.0 → 0.32.1

package/lib/cjs/context/DefaultContext.js

@@ -150,6 +150,7 @@ var DefaultContext = /** @class */ (function () {
         var vidValue = this.requestData.cookies[utils_1.PXVID_COOKIE_NAME];
         if ((0, utils_1.isValidUuid)(vidValue)) {
             this.vid = vidValue;
+            this.vidSource = utils_1.VidSource.VID_COOKIE;
         }
         var pxhdCookie = this.requestData.cookies[utils_1.PXHD_COOKIE_NAME];
         if (pxhdCookie) {

package/lib/cjs/flow/EnforceFlow.js

@@ -21,9 +21,8 @@ var Flow_1 = require("./Flow.js");
 var EnforceFlow = /** @class */ (function (_super) {
     __extends(EnforceFlow, _super);
     function EnforceFlow(config, _a) {
-        var dataEnrichment = _a.dataEnrichment, tokenParser = _a.tokenParser, riskApiClient = _a.riskApiClient, cors = _a.cors, products = _a.products, graphQLParser = _a.graphQLParser, base64Utils = _a.base64Utils;
+        var dataEnrichment = _a.dataEnrichment, tokenParser = _a.tokenParser, riskApiClient = _a.riskApiClient, cors = _a.cors, products = _a.products, graphQLParser = _a.graphQLParser;
         return _super.call(this, [
-            new phase_1.BlockByHeaderPhase(config, base64Utils),
             new phase_1.ParseTokenPhase(tokenParser),
             new phase_1.EnrichContextFromRequestPhase(config, products, dataEnrichment, graphQLParser),
             new phase_1.RiskApiPhase(products, riskApiClient),

package/lib/cjs/phase/impl/index.js

@@ -14,7 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./BlockByHeaderPhase.js"), exports);
 __exportStar(require("./FirstPartyPhase.js"), exports);
 __exportStar(require("./FilterPhase.js"), exports);
 __exportStar(require("./PreflightPhase.js"), exports);

package/lib/cjs/products/utils/ProductName.js

@@ -3,7 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ProductName = void 0;
 var ProductName;
 (function (ProductName) {
-    ProductName["BLOCK_BY_HEADER"] = "block_by_header";
     ProductName["BOT_DEFENDER"] = "bd";
     ProductName["ACCOUNT_DEFENDER"] = "ad";
     ProductName["CODE_DEFENDER"] = "cd";

package/lib/cjs/products/utils/ProductPriorityOrder.js

@@ -3,7 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PRODUCT_PRIORITY_ORDER = void 0;
 var ProductName_1 = require("./ProductName.js");
 exports.PRODUCT_PRIORITY_ORDER = [
-    ProductName_1.ProductName.BLOCK_BY_HEADER,
     ProductName_1.ProductName.HYPE_SALE_CHALLENGE,
     ProductName_1.ProductName.BOT_DEFENDER,
     ProductName_1.ProductName.ACCOUNT_DEFENDER,

package/lib/cjs/utils/constants.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.BLOCK_BY_HEADER_TRUTHY_VALUES = exports.BLOCK_BY_HEADER_REASON = exports.BLOCK_BY_HEADER_NAME = exports.CORE_MODULE_VERSION = exports.REGEX_STRUCTURE = exports.URL_REGEX = exports.EMAIL_ADDRESS_REGEX = exports.PUSH_DATA_FEATURE_HEADER_NAME = exports.PUSH_DATA_HMAC_HEADER_NAME = exports.X_PX_BYPASS_REASON_HEADER_NAME = exports.X_PX_ORIGINAL_TOKEN_HEADER_NAME = exports.X_PX_AUTHORIZATION_HEADER_NAME = exports.UNLIMITED_TIMEOUT = exports.BYPASS_MONITOR_HEADER_VALUE = exports.CD_PXVID_COOKIE_NAME = exports.PXDE_COOKIE_NAME = exports.PXHD_COOKIE_NAME = exports.PXVID_COOKIE_NAME = void 0;
+exports.CORE_MODULE_VERSION = exports.REGEX_STRUCTURE = exports.URL_REGEX = exports.EMAIL_ADDRESS_REGEX = exports.PUSH_DATA_FEATURE_HEADER_NAME = exports.PUSH_DATA_HMAC_HEADER_NAME = exports.X_PX_BYPASS_REASON_HEADER_NAME = exports.X_PX_ORIGINAL_TOKEN_HEADER_NAME = exports.X_PX_AUTHORIZATION_HEADER_NAME = exports.UNLIMITED_TIMEOUT = exports.BYPASS_MONITOR_HEADER_VALUE = exports.CD_PXVID_COOKIE_NAME = exports.PXDE_COOKIE_NAME = exports.PXHD_COOKIE_NAME = exports.PXVID_COOKIE_NAME = void 0;
 exports.PXVID_COOKIE_NAME = '_pxvid';
 exports.PXHD_COOKIE_NAME = '_pxhd';
 exports.PXDE_COOKIE_NAME = '_pxde';
@@ -15,7 +15,4 @@ exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 exports.URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
 exports.REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
-exports.CORE_MODULE_VERSION = 'JS Core 0.32.0';
-exports.BLOCK_BY_HEADER_NAME = 'x-px-block-by-header';
-exports.BLOCK_BY_HEADER_REASON = 'block_by_header';
-exports.BLOCK_BY_HEADER_TRUTHY_VALUES = ['1'];
+exports.CORE_MODULE_VERSION = 'JS Core 0.32.1';

package/lib/esm/context/DefaultContext.js

@@ -3,7 +3,7 @@ import { PXHDSource } from '../pxhd/index.js';
 import { TokenOrigin, TokenParseResult } from '../risk_token/index.js';
 import { RiskApiCallResult } from '../risk_api/index.js';
 import { COOKIE_HEADER_NAME, toReadonlyHeaders, USER_AGENT_HEADER_NAME, } from '../http/index.js';
-import { isValidUuid, PXHD_COOKIE_NAME, PXVID_COOKIE_NAME, StringSplitCookieParser, X_PX_AUTHORIZATION_HEADER_NAME, } from '../utils/index.js';
+import { isValidUuid, PXHD_COOKIE_NAME, PXVID_COOKIE_NAME, StringSplitCookieParser, VidSource, X_PX_AUTHORIZATION_HEADER_NAME, } from '../utils/index.js';
 import { Action } from '../action/index.js';
 import { DefaultLogger, X_PX_ENFORCER_LOG_HEADER } from '../logger/index.js';
 /**
@@ -152,6 +152,7 @@ export class DefaultContext {
         const vidValue = this.requestData.cookies[PXVID_COOKIE_NAME];
         if (isValidUuid(vidValue)) {
             this.vid = vidValue;
+            this.vidSource = VidSource.VID_COOKIE;
         }
         const pxhdCookie = this.requestData.cookies[PXHD_COOKIE_NAME];
         if (pxhdCookie) {

package/lib/esm/flow/EnforceFlow.js

@@ -1,9 +1,8 @@
-import { AdditionalActivityHandlerPhase, BlockByHeaderPhase, CreateBlockResponsePhase, EnrichContextFromRequestPhase, ModifyIncomingRequestPhase, ParseTokenPhase, RiskApiPhase, } from '../phase/index.js';
+import { AdditionalActivityHandlerPhase, CreateBlockResponsePhase, EnrichContextFromRequestPhase, ModifyIncomingRequestPhase, ParseTokenPhase, RiskApiPhase, } from '../phase/index.js';
 import { Flow } from './Flow.js';
 export class EnforceFlow extends Flow {
-    constructor(config, { dataEnrichment, tokenParser, riskApiClient, cors, products, graphQLParser, base64Utils, }) {
+    constructor(config, { dataEnrichment, tokenParser, riskApiClient, cors, products, graphQLParser, }) {
         super([
-            new BlockByHeaderPhase(config, base64Utils),
             new ParseTokenPhase(tokenParser),
             new EnrichContextFromRequestPhase(config, products, dataEnrichment, graphQLParser),
             new RiskApiPhase(products, riskApiClient),

package/lib/esm/phase/impl/index.js

@@ -1,4 +1,3 @@
-export * from './BlockByHeaderPhase.js';
 export * from './FirstPartyPhase.js';
 export * from './FilterPhase.js';
 export * from './PreflightPhase.js';

package/lib/esm/products/utils/ProductName.js

@@ -1,6 +1,5 @@
 export var ProductName;
 (function (ProductName) {
-    ProductName["BLOCK_BY_HEADER"] = "block_by_header";
     ProductName["BOT_DEFENDER"] = "bd";
     ProductName["ACCOUNT_DEFENDER"] = "ad";
     ProductName["CODE_DEFENDER"] = "cd";

package/lib/esm/products/utils/ProductPriorityOrder.js

@@ -1,6 +1,5 @@
 import { ProductName } from './ProductName.js';
 export const PRODUCT_PRIORITY_ORDER = [
-    ProductName.BLOCK_BY_HEADER,
     ProductName.HYPE_SALE_CHALLENGE,
     ProductName.BOT_DEFENDER,
     ProductName.ACCOUNT_DEFENDER,

package/lib/esm/utils/constants.js

@@ -12,7 +12,4 @@ export const PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 export const EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 export const URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
 export const REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
-export const CORE_MODULE_VERSION = 'JS Core 0.32.0';
-export const BLOCK_BY_HEADER_NAME = 'x-px-block-by-header';
-export const BLOCK_BY_HEADER_REASON = 'block_by_header';
-export const BLOCK_BY_HEADER_TRUTHY_VALUES = ['1'];
+export const CORE_MODULE_VERSION = 'JS Core 0.32.1';

package/lib/types/flow/EnforceFlow.d.ts

@@ -1,8 +1,8 @@
 import { IConfiguration } from '../config';
 import { EnforcerOptions } from '../enforcer';
 import { Flow } from './Flow';
-type RequiredEnforceFlowOptions = 'dataEnrichment' | 'tokenParser' | 'riskApiClient' | 'cors' | 'products' | 'graphQLParser' | 'base64Utils';
+type RequiredEnforceFlowOptions = 'dataEnrichment' | 'tokenParser' | 'riskApiClient' | 'cors' | 'products' | 'graphQLParser';
 export declare class EnforceFlow<Req, Res, Supported extends string, Added> extends Flow<Req, Res> {
-    constructor(config: IConfiguration<Req, Res, Supported, Added>, { dataEnrichment, tokenParser, riskApiClient, cors, products, graphQLParser, base64Utils, }: Pick<Required<EnforcerOptions<Req, Res, Supported, Added>>, RequiredEnforceFlowOptions>);
+    constructor(config: IConfiguration<Req, Res, Supported, Added>, { dataEnrichment, tokenParser, riskApiClient, cors, products, graphQLParser, }: Pick<Required<EnforcerOptions<Req, Res, Supported, Added>>, RequiredEnforceFlowOptions>);
 }
 export {};

package/lib/types/phase/impl/index.d.ts

@@ -1,4 +1,3 @@
-export * from './BlockByHeaderPhase';
 export * from './FirstPartyPhase';
 export * from './FilterPhase';
 export * from './PreflightPhase';

package/lib/types/products/utils/ProductName.d.ts

@@ -1,5 +1,4 @@
 export declare enum ProductName {
-    BLOCK_BY_HEADER = "block_by_header",
     BOT_DEFENDER = "bd",
     ACCOUNT_DEFENDER = "ad",
     CODE_DEFENDER = "cd",

package/lib/types/utils/constants.d.ts

@@ -12,7 +12,4 @@ export declare const PUSH_DATA_FEATURE_HEADER_NAME = "x-px-feature";
 export declare const EMAIL_ADDRESS_REGEX: RegExp;
 export declare const URL_REGEX: RegExp;
 export declare const REGEX_STRUCTURE: RegExp;
-export declare const CORE_MODULE_VERSION = "JS Core 0.32.0";
-export declare const BLOCK_BY_HEADER_NAME = "x-px-block-by-header";
-export declare const BLOCK_BY_HEADER_REASON = "block_by_header";
-export declare const BLOCK_BY_HEADER_TRUTHY_VALUES: string[];
+export declare const CORE_MODULE_VERSION = "JS Core 0.32.1";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "perimeterx-js-core",
-  "version": "0.32.0",
+  "version": "0.32.1",
   "description": "",
   "type": "module",
   "typesVersions": {

package/lib/cjs/phase/impl/BlockByHeaderPhase.js

@@ -1,76 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.BlockByHeaderPhase = void 0;
-var action_1 = require("../../action/index.js");
-var blocker_1 = require("../../blocker/index.js");
-var products_1 = require("../../products/index.js");
-var captcha_1 = require("../../products/bot_defender/block/captcha/index.js");
-var templates_1 = require("../../products/bot_defender/block/templates/index.js");
-var utils_1 = require("../../utils/index.js");
-/**
- * `BlockByHeaderPhase` checks for the presence of the x-px-block-by-header header.
- * If the header is present with a truthy value ("1", "true", "TRUE"), the request is immediately
- * blocked with a captcha response and the flow is terminated. This feature overrides all other
- * enforcer logic including monitor mode and whitelisting.
- */
-var BlockByHeaderPhase = /** @class */ (function () {
-    function BlockByHeaderPhase(config, base64Utils) {
-        this.config = config;
-        this.base64Utils = base64Utils;
-    }
-    BlockByHeaderPhase.prototype.execute = function (context) {
-        var headerValue = this.getBlockByHeaderValue(context);
-        if (headerValue && this.isTruthyValue(headerValue)) {
-            context.logger.debug('block by header detected - creating immediate block response');
-            // Set context for proper activity reporting
-            this.setBlockingContext(context);
-            // Create and return block response immediately
-            var blockResponse = this.createBlockResponse(context);
-            return { done: true, response: blockResponse };
-        }
-        return { done: false };
-    };
-    /**
-     * Creates a captcha block response for the block-by-header feature.
-     * @param context - The request context.
-     * @returns The block response.
-     */
-    BlockByHeaderPhase.prototype.createBlockResponse = function (context) {
-        // Use the existing CaptchaBlocker to generate a proper captcha page
-        var captchaBlocker = new captcha_1.CaptchaBlocker({
-            config: this.config,
-            base64Utils: this.base64Utils,
-            captchaTemplate: templates_1.CAPTCHA_TEMPLATE,
-        });
-        return captchaBlocker.createBlockResponse(context);
-    };
-    /**
-     * Gets the value of the x-px-block-by-header header from the request.
-     * @param context - The request context.
-     * @returns The header value or null if not present.
-     */
-    BlockByHeaderPhase.prototype.getBlockByHeaderValue = function (context) {
-        return context.requestData.request.headers.get(utils_1.BLOCK_BY_HEADER_NAME) || null;
-    };
-    /**
-     * Checks if the header value is considered truthy for blocking.
-     * @param value - The header value to check.
-     * @returns True if the value should trigger blocking.
-     */
-    BlockByHeaderPhase.prototype.isTruthyValue = function (value) {
-        return utils_1.BLOCK_BY_HEADER_TRUTHY_VALUES.includes(value);
-    };
-    /**
-     * Sets the context properties needed for proper activity reporting.
-     * @param context - The request context to modify.
-     */
-    BlockByHeaderPhase.prototype.setBlockingContext = function (context) {
-        var _a;
-        context.action = action_1.Action.BLOCK;
-        context.reasons = (_a = {}, _a[products_1.ProductName.BLOCK_BY_HEADER] = utils_1.BLOCK_BY_HEADER_REASON, _a);
-        context.score = 100; // Maximum risk score
-        context.blockAction = blocker_1.BlockAction.CAPTCHA;
-    };
-    return BlockByHeaderPhase;
-}());
-exports.BlockByHeaderPhase = BlockByHeaderPhase;

package/lib/esm/phase/impl/BlockByHeaderPhase.js

@@ -1,72 +0,0 @@
-import { Action } from '../../action/index.js';
-import { BlockAction } from '../../blocker/index.js';
-import { ProductName } from '../../products/index.js';
-import { CaptchaBlocker } from '../../products/bot_defender/block/captcha/index.js';
-import { CAPTCHA_TEMPLATE } from '../../products/bot_defender/block/templates/index.js';
-import { BLOCK_BY_HEADER_NAME, BLOCK_BY_HEADER_REASON, BLOCK_BY_HEADER_TRUTHY_VALUES } from '../../utils/index.js';
-/**
- * `BlockByHeaderPhase` checks for the presence of the x-px-block-by-header header.
- * If the header is present with a truthy value ("1", "true", "TRUE"), the request is immediately
- * blocked with a captcha response and the flow is terminated. This feature overrides all other
- * enforcer logic including monitor mode and whitelisting.
- */
-export class BlockByHeaderPhase {
-    config;
-    base64Utils;
-    constructor(config, base64Utils) {
-        this.config = config;
-        this.base64Utils = base64Utils;
-    }
-    execute(context) {
-        const headerValue = this.getBlockByHeaderValue(context);
-        if (headerValue && this.isTruthyValue(headerValue)) {
-            context.logger.debug('block by header detected - creating immediate block response');
-            // Set context for proper activity reporting
-            this.setBlockingContext(context);
-            // Create and return block response immediately
-            const blockResponse = this.createBlockResponse(context);
-            return { done: true, response: blockResponse };
-        }
-        return { done: false };
-    }
-    /**
-     * Creates a captcha block response for the block-by-header feature.
-     * @param context - The request context.
-     * @returns The block response.
-     */
-    createBlockResponse(context) {
-        // Use the existing CaptchaBlocker to generate a proper captcha page
-        const captchaBlocker = new CaptchaBlocker({
-            config: this.config,
-            base64Utils: this.base64Utils,
-            captchaTemplate: CAPTCHA_TEMPLATE,
-        });
-        return captchaBlocker.createBlockResponse(context);
-    }
-    /**
-     * Gets the value of the x-px-block-by-header header from the request.
-     * @param context - The request context.
-     * @returns The header value or null if not present.
-     */
-    getBlockByHeaderValue(context) {
-        return context.requestData.request.headers.get(BLOCK_BY_HEADER_NAME) || null;
-    }
-    /**
-     * Checks if the header value is considered truthy for blocking.
-     * @param value - The header value to check.
-     * @returns True if the value should trigger blocking.
-     */
-    isTruthyValue(value) {
-        return BLOCK_BY_HEADER_TRUTHY_VALUES.includes(value);
-    }
-    /**
-     * Sets the context properties needed for proper activity reporting.
-     * @param context - The request context to modify.
-     */
-    setBlockingContext(context) {
-        context.action = Action.BLOCK;
-        context.reasons = { [ProductName.BLOCK_BY_HEADER]: BLOCK_BY_HEADER_REASON };
-        context.score = 100; // Maximum risk score
-        context.blockAction = BlockAction.CAPTCHA;
-    }
-}

package/lib/types/phase/impl/BlockByHeaderPhase.d.ts

@@ -1,40 +0,0 @@
-import { IContext } from '../../context';
-import { IPhase } from '../IPhase';
-import { PhaseResult } from '../PhaseResult';
-import { IConfiguration } from '../../config';
-import { IBase64Utils } from '../../utils';
-/**
- * `BlockByHeaderPhase` checks for the presence of the x-px-block-by-header header.
- * If the header is present with a truthy value ("1", "true", "TRUE"), the request is immediately
- * blocked with a captcha response and the flow is terminated. This feature overrides all other
- * enforcer logic including monitor mode and whitelisting.
- */
-export declare class BlockByHeaderPhase<Req, Res, Supported extends string, Added> implements IPhase<Req, Res> {
-    protected readonly config: IConfiguration<Req, Res, Supported, Added>;
-    protected readonly base64Utils: IBase64Utils;
-    constructor(config: IConfiguration<Req, Res, Supported, Added>, base64Utils: IBase64Utils);
-    execute(context: IContext<Req, Res>): PhaseResult;
-    /**
-     * Creates a captcha block response for the block-by-header feature.
-     * @param context - The request context.
-     * @returns The block response.
-     */
-    private createBlockResponse;
-    /**
-     * Gets the value of the x-px-block-by-header header from the request.
-     * @param context - The request context.
-     * @returns The header value or null if not present.
-     */
-    private getBlockByHeaderValue;
-    /**
-     * Checks if the header value is considered truthy for blocking.
-     * @param value - The header value to check.
-     * @returns True if the value should trigger blocking.
-     */
-    private isTruthyValue;
-    /**
-     * Sets the context properties needed for proper activity reporting.
-     * @param context - The request context to modify.
-     */
-    private setBlockingContext;
-}