npm - perimeterx-js-core - Versions diffs - 0.4.4 → 0.5.1 - Mend

perimeterx-js-core 0.4.4 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/README.md +2 -0
package/lib/activities/utils.js +2 -1
package/lib/block_handler/DefaultBlockResponseGenerator.d.ts +1 -1
package/lib/block_handler/DefaultBlockResponseGenerator.js +9 -3
package/lib/config/ConfigurationParams.d.ts +5 -0
package/lib/config/DefaultConfigurations.js +4 -0
package/lib/config/IConfiguration.d.ts +17 -0
package/lib/config/StaticConfigurationBase.d.ts +5 -0
package/lib/config/StaticConfigurationBase.js +28 -0
package/lib/context/ContextBase.d.ts +5 -4
package/lib/context/ContextBase.js +9 -1
package/lib/context/IContext.d.ts +3 -2
package/lib/cors/CustomBlockResponseHeadersHandler.d.ts +2 -0
package/lib/cors/CustomBlockResponseHeadersHandler.js +2 -0
package/lib/cors/CustomPreflightHandler.d.ts +2 -0
package/lib/cors/CustomPreflightHandler.js +2 -0
package/lib/cors/DefaultCors.d.ts +15 -0
package/lib/cors/DefaultCors.js +107 -0
package/lib/cors/ICors.d.ts +26 -0
package/lib/cors/ICors.js +2 -0
package/lib/cors/constants.d.ts +2 -0
package/lib/cors/constants.js +5 -0
package/lib/cors/index.d.ts +5 -0
package/lib/cors/index.js +20 -0
package/lib/enforcer/EnforcerBase.d.ts +4 -1
package/lib/enforcer/EnforcerBase.js +65 -31
package/lib/graphql/DefaultGraphQLParser.d.ts +2 -2
package/lib/graphql/DefaultGraphQLParser.js +14 -11
package/lib/http/interfaces/IHeaders.d.ts +8 -0
package/lib/http/interfaces/IHeaders.js +2 -0
package/lib/http/interfaces/IIncomingRequest.d.ts +2 -1
package/lib/http/interfaces/IOutgoingResponse.d.ts +2 -1
package/lib/http/interfaces/ReadOnlyHeaders.d.ts +2 -2
package/lib/http/interfaces/ReadOnlyHeaders.js +1 -14
package/lib/http/interfaces/index.d.ts +1 -0
package/lib/http/interfaces/index.js +1 -0
package/lib/http/utils/MinimalResponseUtils.d.ts +2 -0
package/lib/http/utils/MinimalResponseUtils.js +15 -5
package/lib/index.d.ts +1 -0
package/lib/index.js +1 -0
package/lib/pxhd/PXHDUtils.d.ts +2 -1
package/lib/pxhd/PXHDUtils.js +6 -2
package/lib/pxhd/index.d.ts +1 -0
package/lib/pxhd/index.js +15 -0
package/lib/pxhd/model/PXHD.d.ts +6 -0
package/lib/pxhd/model/PXHD.js +2 -0
package/lib/pxhd/model/PXHDSource.d.ts +4 -0
package/lib/pxhd/model/PXHDSource.js +8 -0
package/lib/pxhd/model/index.d.ts +2 -0
package/lib/pxhd/model/index.js +18 -0
package/lib/risk_api/PostRiskApiClient.js +9 -5
package/lib/risk_api/model/RiskResponseV2.d.ts +1 -0
package/lib/risk_api/model/RiskResponseV3.d.ts +1 -0
package/lib/risk_api/risk_response_handler/RiskResponseV2Handler.js +15 -7
package/lib/risk_api/risk_response_handler/RiskResponseV3Handler.js +18 -8
package/lib/utils/constants.d.ts +1 -1
package/lib/utils/constants.js +1 -1
package/lib/utils/utils.d.ts +3 -0
package/lib/utils/utils.js +3 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -79,6 +79,8 @@ While you will need to create a custom implementation for the request context, y
 Every framework has a different API for creating and sending HTTP requests and responses. This library reduces this functionality
 into several interfaces:
+`IHeaders` - Represents the HTTP request/response headers.
 `IIncomingRequest` - Represents an HTTP request from the user.
 `IOutgoingResponse` - Represents an HTTP response which is returned to the user.

package/lib/activities/utils.js CHANGED Viewed

@@ -5,12 +5,13 @@ var utils_1 = require("../utils");
 var ActivityType_1 = require("./ActivityType");
 var http_1 = require("../http");
 var createActivity = function (activityType, config, context) {
+    var _a;
     return {
         type: activityType,
         px_app_id: config.appId,
         url: context.requestData.url.href,
         headers: (0, http_1.joinHeaderValues)((0, utils_1.removeSensitiveHeaders)(context.requestData.headers, config.sensitiveHeaders)),
-        pxhd: context.pxhd,
+        pxhd: (_a = context.pxhd) === null || _a === void 0 ? void 0 : _a.value,
         socket_ip: context.requestData.ip,
         timestamp: Date.now(),
         vid: context.vid,

package/lib/block_handler/DefaultBlockResponseGenerator.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import { IContext } from '../context';
 import { IConfiguration } from '../config';
+import { IMinimalResponse } from '../http';
 import { IBase64Utils } from '../utils';
 import { IBlockResponseGenerator } from './IBlockResponseGenerator';
-import { IMinimalResponse } from '../http';
 export declare class DefaultBlockResponseGenerator implements IBlockResponseGenerator {
     private readonly config;
     private readonly captchaResponseGenerator;

package/lib/block_handler/DefaultBlockResponseGenerator.js CHANGED Viewed

@@ -6,7 +6,7 @@ var http_1 = require("../http");
 var BlockAction_1 = require("./BlockAction");
 var CaptchaBlockResponseGenerator_1 = require("./captcha/CaptchaBlockResponseGenerator");
 var rate_limit_template_1 = require("./templates/rate_limit_template");
-var http_2 = require("../http");
+var PXHDSource_1 = require("../pxhd/model/PXHDSource");
 var DefaultBlockResponseGenerator = /** @class */ (function () {
     function DefaultBlockResponseGenerator(config, base64Utils) {
         this.config = config;
@@ -16,6 +16,7 @@ var DefaultBlockResponseGenerator = /** @class */ (function () {
         return !context.isMonitoredRequest && !!context.blockReason;
     };
     DefaultBlockResponseGenerator.prototype.generateBlockResponse = function (context) {
+        var _a;
         var res;
         switch (context.blockAction) {
             case BlockAction_1.BlockAction.RATE_LIMIT:
@@ -27,7 +28,12 @@ var DefaultBlockResponseGenerator = /** @class */ (function () {
                 res = this.generateCaptchaResponse(context);
                 break;
         }
-        return pxhd_1.PXHDUtils.addPxhdToMinimalResponse(context, res);
+        if (((_a = context.pxhd) === null || _a === void 0 ? void 0 : _a.source) == PXHDSource_1.PXHDSource.RISK) {
+            return pxhd_1.PXHDUtils.addPxhdToMinimalResponse(context, res);
+        }
+        else {
+            return res;
+        }
     };
     DefaultBlockResponseGenerator.prototype.generateRateLimitResponse = function () {
         var _a;
@@ -35,7 +41,7 @@ var DefaultBlockResponseGenerator = /** @class */ (function () {
         var headers = (_a = {},
             _a[http_1.CONTENT_TYPE_HEADER_NAME] = [http_1.ContentType.TEXT_HTML],
             _a);
-        return new http_2.MinimalResponseImpl({
+        return new http_1.MinimalResponseImpl({
             body: rate_limit_template_1.RATE_LIMIT_TEMPLATE,
             status: status,
             headers: headers,

package/lib/config/ConfigurationParams.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { CustomParametersFunction } from '../custom_parameters';
 import { AdditionalActivityHandler } from '../additional_activity_handler';
+import { CustomPreflightHandler, CustomBlockResponseHeadersHandler } from '../cors';
 export declare type ConfigurationParams = {
     px_app_id: string;
     px_auth_token: string;
@@ -62,8 +63,12 @@ export declare type ConfigurationParams = {
     px_graphql_routes?: string[];
     px_sensitive_graphql_operation_names?: string[];
     px_sensitive_graphql_operation_types?: Array<'query' | 'mutation' | 'subscription'>;
+    px_cors_support_enabled?: boolean;
+    px_cors_preflight_request_filter_enabled?: boolean;
     px_extract_ip?: () => {};
     px_additional_activity_handler?: AdditionalActivityHandler;
     px_enrich_custom_parameters?: CustomParametersFunction;
     px_login_successful_custom_callback?: () => {};
+    px_cors_custom_preflight_handler?: CustomPreflightHandler;
+    px_cors_create_custom_block_response_headers?: CustomBlockResponseHeadersHandler;
 };

package/lib/config/DefaultConfigurations.js CHANGED Viewed

@@ -108,4 +108,8 @@ exports.DEFAULT_CONFIGURATIONS = {
     px_jwt_header_name: '',
     px_jwt_header_user_id_field_name: '',
     px_jwt_header_additional_field_names: [],
+    px_cors_support_enabled: false,
+    px_cors_custom_preflight_handler: null,
+    px_cors_preflight_request_filter_enabled: false,
+    px_cors_create_custom_block_response_headers: null,
 };

package/lib/config/IConfiguration.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import { ILogger, LoggerSeverity } from '../logger';
 import { CustomParametersFunction } from '../custom_parameters';
 import { AdditionalActivityHandler } from '../additional_activity_handler';
 import { ConfigurationParams } from './ConfigurationParams';
+import { CustomPreflightHandler, CustomBlockResponseHeadersHandler } from '../cors';
 export interface IConfiguration<ParamsType extends ConfigurationParams = ConfigurationParams> {
     /**
      * The application ID.
@@ -195,4 +196,20 @@ export interface IConfiguration<ParamsType extends ConfigurationParams = Configu
      * Returns an object representation of the current configuration.
      */
     toParams(): ParamsType;
+    /**
+     * Whether cors support feature should be enabled.
+     */
+    readonly corsSupportEnabled: boolean;
+    /**
+     * Function that will be called for preflight requests and returns response that will be returned to the client.
+     */
+    readonly corsCustomPreflightHandler: CustomPreflightHandler;
+    /**
+     * Function that returns an object with custom headers to be added to the block response.
+     */
+    readonly corsCreateCustomBlockResponseHeaders: CustomBlockResponseHeadersHandler;
+    /**
+     * Whether preflight requests will be filtered out from the enforcer.
+     */
+    readonly corsPreflightRequestFilterEnabled: boolean;
 }

package/lib/config/StaticConfigurationBase.d.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { CustomParametersFunction } from '../custom_parameters';
 import { AdditionalActivityHandler } from '../additional_activity_handler';
 import { ILogger, LoggerSeverity } from '../logger';
 import { ModuleMode } from '../utils';
+import { CustomBlockResponseHeadersHandler, CustomPreflightHandler } from '../cors';
 export declare abstract class StaticConfigurationBase<ParamsType extends ConfigurationParams = ConfigurationParams> implements IConfiguration<ParamsType> {
     protected readonly configParams: ParamsType;
     protected internalLogger: ILogger;
@@ -60,4 +61,8 @@ export declare abstract class StaticConfigurationBase<ParamsType extends Configu
     get enrichCustomParameters(): CustomParametersFunction;
     get additionalActivityHandler(): AdditionalActivityHandler;
     get altBackendCaptchaUrl(): string;
+    get corsSupportEnabled(): boolean;
+    get corsCustomPreflightHandler(): CustomPreflightHandler;
+    get corsPreflightRequestFilterEnabled(): boolean;
+    get corsCreateCustomBlockResponseHeaders(): CustomBlockResponseHeadersHandler;
 }

package/lib/config/StaticConfigurationBase.js CHANGED Viewed

@@ -392,6 +392,34 @@ var StaticConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(StaticConfigurationBase.prototype, "corsSupportEnabled", {
+        get: function () {
+            return this.configParams.px_cors_support_enabled;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(StaticConfigurationBase.prototype, "corsCustomPreflightHandler", {
+        get: function () {
+            return this.configParams.px_cors_custom_preflight_handler || null;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(StaticConfigurationBase.prototype, "corsPreflightRequestFilterEnabled", {
+        get: function () {
+            return this.configParams.px_cors_preflight_request_filter_enabled;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(StaticConfigurationBase.prototype, "corsCreateCustomBlockResponseHeaders", {
+        get: function () {
+            return this.configParams.px_cors_create_custom_block_response_headers || null;
+        },
+        enumerable: false,
+        configurable: true
+    });
     return StaticConfigurationBase;
 }());
 exports.StaticConfigurationBase = StaticConfigurationBase;

package/lib/context/ContextBase.d.ts CHANGED Viewed

@@ -1,13 +1,14 @@
 import { IConfiguration } from '../config';
-import { BlockReason, BlockAction } from '../block_handler';
+import { BlockAction, BlockReason } from '../block_handler';
 import { CustomParameters } from '../custom_parameters';
 import { FilterReason } from '../filter';
 import { PXDE } from '../pxde';
 import { GraphQLData } from '../graphql';
 import { IBotDefenderToken, TokenOrigin } from '../risk_token';
-import { ReadOnlyHeaders, IIncomingRequest } from '../http';
-import { VidSource, PassReason, ICookieParser, IUuidGenerator } from '../utils';
+import { IIncomingRequest, ReadOnlyHeaders } from '../http';
+import { ICookieParser, IUuidGenerator, PassReason, VidSource } from '../utils';
 import { IContext, MobileData, RequestData, ResponseData, RiskApiData, ServerData, TlsData } from './IContext';
+import { PXHD } from '../pxhd/model/PXHD';
 export declare type ContextBaseOptions = {
     cookieParser?: ICookieParser;
     uuidGenerator?: IUuidGenerator;
@@ -32,7 +33,7 @@ export declare abstract class ContextBase<OptionsType extends ContextBaseOptions
     filterReason?: FilterReason;
     tokenOrigin?: TokenOrigin;
     riskToken?: IBotDefenderToken;
-    pxhd?: string;
+    pxhd?: PXHD;
     pxde?: PXDE;
     pxdeVerified?: boolean;
     customParameters?: CustomParameters;

package/lib/context/ContextBase.js CHANGED Viewed

@@ -5,6 +5,7 @@ var block_handler_1 = require("../block_handler");
 var risk_token_1 = require("../risk_token");
 var http_1 = require("../http");
 var utils_1 = require("../utils");
+var PXHDSource_1 = require("../pxhd/model/PXHDSource");
 var ContextBase = /** @class */ (function () {
     function ContextBase(config, request, options) {
         this.config = config;
@@ -107,7 +108,14 @@ var ContextBase = /** @class */ (function () {
     };
     ContextBase.prototype.setCookiesOnContext = function () {
         this.vid = this.requestData.cookies[utils_1.PXVID_COOKIE_NAME] || '';
-        this.pxhd = this.requestData.cookies[utils_1.PXHD_COOKIE_NAME] || '';
+        var cookiePxhd = this.requestData.cookies[utils_1.PXHD_COOKIE_NAME];
+        if (cookiePxhd) {
+            this.pxhd = {
+                value: cookiePxhd,
+                domain: null,
+                source: PXHDSource_1.PXHDSource.COOKIE,
+            };
+        }
     };
     ContextBase.prototype.getMobileToken = function (config, mobileToken, options) {
         var _a;

package/lib/context/IContext.d.ts CHANGED Viewed

@@ -8,7 +8,8 @@ import { PXDE } from '../pxde';
 import { GraphQLData } from '../graphql';
 import { HttpMethod } from '../http';
 import { ReadOnlyHeaders } from '../http';
-import { IIncomingRequest } from '../http/interfaces/IIncomingRequest';
+import { IIncomingRequest } from '../http';
+import { PXHD } from '../pxhd/model/PXHD';
 export declare type RequestData = {
     /**
      * The request URL.
@@ -239,7 +240,7 @@ export interface IContext {
     /**
      * The PXHD (PerimeterX Hashed Data) cookie value, if it exists on the request.
      */
-    pxhd?: string;
+    pxhd?: PXHD;
     /**
      * The PXDE (PerimeterX Data Enrichment) object, if it was parsed from
      * the PXDE cookie or received on the risk response.

package/lib/cors/CustomBlockResponseHeadersHandler.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { IIncomingRequest, ReadOnlyHeaders } from '../http';
2	+ export declare type CustomBlockResponseHeadersHandler = (httpRequest: IIncomingRequest) => ReadOnlyHeaders \| Promise<ReadOnlyHeaders>;

package/lib/cors/CustomBlockResponseHeadersHandler.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cors/CustomPreflightHandler.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { IMinimalResponse, IIncomingRequest } from '../http';
2	+ export declare type CustomPreflightHandler = (httpRequest: IIncomingRequest) => IMinimalResponse \| Promise<IMinimalResponse>;

package/lib/cors/CustomPreflightHandler.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cors/DefaultCors.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { ICors } from './ICors';
+import { IConfiguration } from '../config';
+import { IContext } from '../context';
+import { ReadOnlyHeaders, IMinimalResponse } from '../http';
+export declare class DefaultCors implements ICors {
+    private readonly customBlockResponseHeaders;
+    private readonly customPreflightHandler;
+    private readonly logger;
+    constructor(config: IConfiguration);
+    isPreflightRequest(context: IContext): boolean;
+    runPreflightCustomHandler(context: IContext): Promise<IMinimalResponse>;
+    isCorsRequest(context: IContext): boolean;
+    getCorsBlockHeaders(context: IContext): Promise<ReadOnlyHeaders>;
+    getDefaultCorsHeaders(context: IContext): ReadOnlyHeaders;
+}

package/lib/cors/DefaultCors.js ADDED Viewed

@@ -0,0 +1,107 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultCors = void 0;
+var constants_1 = require("./constants");
+var http_1 = require("../http");
+var DefaultCors = /** @class */ (function () {
+    function DefaultCors(config) {
+        this.customBlockResponseHeaders = config.corsCreateCustomBlockResponseHeaders;
+        this.customPreflightHandler = config.corsCustomPreflightHandler;
+        this.logger = config.logger;
+    }
+    DefaultCors.prototype.isPreflightRequest = function (context) {
+        var requestData = context.requestData;
+        return !!(requestData.method.toUpperCase() === http_1.HttpMethod.OPTIONS &&
+            requestData.headers[constants_1.ORIGIN_HEADER] &&
+            requestData.headers[constants_1.ACCESS_CONTROL_REQUEST_METHOD_HEADER]);
+    };
+    DefaultCors.prototype.runPreflightCustomHandler = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var e_1;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (!(this.customPreflightHandler && typeof this.customPreflightHandler === 'function')) return [3 /*break*/, 4];
+                        _a.label = 1;
+                    case 1:
+                        _a.trys.push([1, 3, , 4]);
+                        return [4 /*yield*/, this.customPreflightHandler(context.requestData.request)];
+                    case 2: return [2 /*return*/, _a.sent()];
+                    case 3:
+                        e_1 = _a.sent();
+                        this.logger.debug("Exception occurred while executing custom preflight handler: ".concat(e_1));
+                        return [3 /*break*/, 4];
+                    case 4: return [2 /*return*/, null];
+                }
+            });
+        });
+    };
+    DefaultCors.prototype.isCorsRequest = function (context) {
+        return !!context.requestData.headers[constants_1.ORIGIN_HEADER];
+    };
+    DefaultCors.prototype.getCorsBlockHeaders = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var e_2;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (!(this.customBlockResponseHeaders && typeof this.customBlockResponseHeaders === 'function')) return [3 /*break*/, 4];
+                        _a.label = 1;
+                    case 1:
+                        _a.trys.push([1, 3, , 4]);
+                        return [4 /*yield*/, this.customBlockResponseHeaders(context.requestData.request)];
+                    case 2: return [2 /*return*/, _a.sent()];
+                    case 3:
+                        e_2 = _a.sent();
+                        this.logger.debug("Exception occurred in px_cors_create_custom_block_response_headers custom function: ".concat(e_2));
+                        return [3 /*break*/, 4];
+                    case 4: return [2 /*return*/, this.getDefaultCorsHeaders(context)];
+                }
+            });
+        });
+    };
+    DefaultCors.prototype.getDefaultCorsHeaders = function (context) {
+        return {
+            'Access-Control-Allow-Origin': context.requestData.headers[constants_1.ORIGIN_HEADER],
+            'Access-Control-Allow-Credentials': ['true'],
+        };
+    };
+    return DefaultCors;
+}());
+exports.DefaultCors = DefaultCors;

package/lib/cors/ICors.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import { IContext } from '../context';
+import { IMinimalResponse } from '../http';
+import { ReadOnlyHeaders } from '../http';
+export interface ICors {
+    /**
+     * @param context
+     * @returns boolean - Whether the request is preflight.
+     */
+    isPreflightRequest(context: IContext): boolean;
+    /**
+     * @param context- The request context.
+     * @returns IMinimalResponse- The response that return to client for preflight request.
+     */
+    runPreflightCustomHandler(context: IContext): Promise<IMinimalResponse> | null;
+    /**
+     * @param context- The request context.
+     * @returns boolean - Whether the request is CORS.
+     */
+    isCorsRequest(context: IContext): boolean;
+    /**
+     *
+     * @param context - The request context.
+     * @returns ReadOnlyHeaders - headers to be added to the block response.
+     */
+    getCorsBlockHeaders(context: IContext): Promise<ReadOnlyHeaders>;
+}

package/lib/cors/ICors.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cors/constants.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const ORIGIN_HEADER = "origin";
2	+ export declare const ACCESS_CONTROL_REQUEST_METHOD_HEADER = "access-control-request-method";

package/lib/cors/constants.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ACCESS_CONTROL_REQUEST_METHOD_HEADER = exports.ORIGIN_HEADER = void 0;
+exports.ORIGIN_HEADER = 'origin';
+exports.ACCESS_CONTROL_REQUEST_METHOD_HEADER = 'access-control-request-method';

package/lib/cors/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { ICors } from './ICors';
+export { CustomPreflightHandler } from './CustomPreflightHandler';
+export { CustomBlockResponseHeadersHandler } from './CustomBlockResponseHeadersHandler';
+export { DefaultCors } from './DefaultCors';
+export * from './constants';

package/lib/cors/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultCors = void 0;
+var DefaultCors_1 = require("./DefaultCors");
+Object.defineProperty(exports, "DefaultCors", { enumerable: true, get: function () { return DefaultCors_1.DefaultCors; } });
+__exportStar(require("./constants"), exports);

package/lib/enforcer/EnforcerBase.d.ts CHANGED Viewed

@@ -10,7 +10,8 @@ import { IBlockResponseGenerator } from '../block_handler';
 import { TokenVersion } from '../risk_token';
 import { IActivityClient } from '../activities';
 import { IGraphQLParser } from '../graphql';
-import { IHttpClient, IOutgoingResponse, IMinimalResponse } from '../http';
+import { ICors } from '../cors';
+import { IHttpClient, IMinimalResponse, IOutgoingResponse } from '../http';
 export declare type EnforcerBaseOptions = {
     tokenVersion?: TokenVersion;
     dataEnrichment?: IDataEnrichment;
@@ -22,6 +23,7 @@ export declare type EnforcerBaseOptions = {
     cipherUtils?: ICipherUtils;
     blockGenerator?: IBlockResponseGenerator;
     graphqlParser?: IGraphQLParser;
+    cors?: ICors;
 } & ({
     httpClient: IHttpClient;
     firstParty?: IFirstParty;
@@ -46,6 +48,7 @@ export declare abstract class EnforcerBase<EnforceArgs extends any[], Req, Res>
     protected blockGenerator: IBlockResponseGenerator;
     protected activityClient: IActivityClient;
     protected graphQLParser?: IGraphQLParser;
+    protected cors?: ICors;
     /**
      * Returns the original Req object in case the module is disabled or an error is thrown.
      * @param args - The EnforceArgs required to enforce the incoming request.

package/lib/enforcer/EnforcerBase.js CHANGED Viewed

@@ -59,6 +59,9 @@ var risk_api_1 = require("../risk_api");
 var activities_1 = require("../activities");
 var graphql_1 = require("../graphql");
 var custom_parameters_1 = require("../custom_parameters");
+var cors_1 = require("../cors");
+var MinimalResponseUtils_1 = require("../http/utils/MinimalResponseUtils");
+var PXHDSource_1 = require("../pxhd/model/PXHDSource");
 var EnforcerBase = /** @class */ (function () {
     /**
      * The EnforcerBase constructor.
@@ -90,6 +93,7 @@ var EnforcerBase = /** @class */ (function () {
             : new risk_api_1.RiskResponseV3Handler(this.config);
         this.riskApiScoreRetriever =
             options.riskApiScoreRetriever || new risk_api_1.PostRiskApiClient(this.config, httpClient, riskResponseHandler);
+        this.cors = this.config.corsSupportEnabled ? options.cors || new cors_1.DefaultCors(this.config) : null;
     }
     /**
      * The central function that triggers enforcement on the incoming request.
@@ -130,20 +134,21 @@ var EnforcerBase = /** @class */ (function () {
      * @protected
      */
     EnforcerBase.prototype.doEnforce = function () {
+        var _a;
         var args = [];
         for (var _i = 0; _i < arguments.length; _i++) {
             args[_i] = arguments[_i];
         }
         return __awaiter(this, void 0, void 0, function () {
-            var context, httpResponse;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var context, httpResponse, response;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
                     case 0: return [4 /*yield*/, this.createContext.apply(this, args)];
                     case 1:
-                        context = _a.sent();
+                        context = _b.sent();
                         return [4 /*yield*/, this.handleFirstParty(context)];
                     case 2:
-                        httpResponse = _a.sent();
+                        httpResponse = _b.sent();
                         if (httpResponse) {
                             this.config.logger.debug('returning first party response');
                             return [2 /*return*/, this.convertToRes(httpResponse)];
@@ -152,34 +157,47 @@ var EnforcerBase = /** @class */ (function () {
                             this.config.logger.debug("filtering due to ".concat(context.filterReason));
                             return [2 /*return*/, null];
                         }
-                        return [4 /*yield*/, this.handleCompleteContextInitialization(context)];
+                        if (!((_a = this.cors) === null || _a === void 0 ? void 0 : _a.isPreflightRequest(context))) return [3 /*break*/, 4];
+                        this.config.logger.debug("Preflight request");
+                        return [4 /*yield*/, this.cors.runPreflightCustomHandler(context)];
                     case 3:
-                        _a.sent();
+                        response = _b.sent();
+                        if (response) {
+                            return [2 /*return*/, this.convertToRes(response)];
+                        }
+                        if (this.config.corsPreflightRequestFilterEnabled) {
+                            this.config.logger.debug("Skipping verification due to preflight request");
+                            return [2 /*return*/, null];
+                        }
+                        _b.label = 4;
+                    case 4: return [4 /*yield*/, this.handleCompleteContextInitialization(context)];
+                    case 5:
+                        _b.sent();
                         this.config.logger.debug('context initialization complete');
                         return [4 /*yield*/, this.handleGraphQL(context)];
-                    case 4:
-                        _a.sent();
+                    case 6:
+                        _b.sent();
                         return [4 /*yield*/, this.handleEnrichCustomParameters(context)];
-                    case 5:
-                        _a.sent();
+                    case 7:
+                        _b.sent();
                         return [4 /*yield*/, this.handleTelemetryIfNeeded(context)];
-                    case 6:
-                        _a.sent();
+                    case 8:
+                        _b.sent();
                         return [4 /*yield*/, this.handlePxde(context)];
-                    case 7:
-                        _a.sent();
+                    case 9:
+                        _b.sent();
                         return [4 /*yield*/, this.handleCookieRetrieverIfNeeded(context)];
-                    case 8:
-                        _a.sent();
+                    case 10:
+                        _b.sent();
                         return [4 /*yield*/, this.handleRiskApiIfNeeded(context)];
-                    case 9:
-                        _a.sent();
+                    case 11:
+                        _b.sent();
                         return [4 /*yield*/, this.handleAdditionalActivityHandler(context)];
-                    case 10:
-                        _a.sent();
+                    case 12:
+                        _b.sent();
                         return [4 /*yield*/, this.handleBlockResponse(context)];
-                    case 11:
-                        httpResponse = _a.sent();
+                    case 13:
+                        httpResponse = _b.sent();
                         if (httpResponse) {
                             this.config.logger.debug("blocking request due to ".concat(context.blockReason));
                             return [2 /*return*/, this.convertToRes(httpResponse)];
@@ -322,16 +340,28 @@ var EnforcerBase = /** @class */ (function () {
         });
     };
     EnforcerBase.prototype.handleBlockResponse = function (context) {
+        var _a;
         return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var res, corsBlockResponseHeaders;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
                     case 0:
-                        if (!this.blockGenerator.shouldGenerate(context)) return [3 /*break*/, 2];
+                        if (!this.blockGenerator.shouldGenerate(context)) return [3 /*break*/, 4];
                         return [4 /*yield*/, this.handleSendActivities(context)];
                     case 1:
-                        _a.sent();
-                        return [2 /*return*/, this.blockGenerator.generateBlockResponse(context)];
-                    case 2: return [2 /*return*/, null];
+                        _b.sent();
+                        res = this.blockGenerator.generateBlockResponse(context);
+                        if (!((_a = this.cors) === null || _a === void 0 ? void 0 : _a.isCorsRequest(context))) return [3 /*break*/, 3];
+                        this.config.logger.debug("Adding CORS headers to block response");
+                        return [4 /*yield*/, this.cors.getCorsBlockHeaders(context)];
+                    case 2:
+                        corsBlockResponseHeaders = _b.sent();
+                        if (corsBlockResponseHeaders) {
+                            res = (0, MinimalResponseUtils_1.appendHeaders)(res, corsBlockResponseHeaders);
+                        }
+                        _b.label = 3;
+                    case 3: return [2 /*return*/, res];
+                    case 4: return [2 /*return*/, null];
                 }
             });
         });
@@ -404,9 +434,13 @@ var EnforcerBase = /** @class */ (function () {
         });
     };
     EnforcerBase.prototype.handlePxhd = function (context, response) {
+        var _a;
         return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                return [2 /*return*/, pxhd_1.PXHDUtils.addPxhdToOutgoingResponse(context, response)];
+            return __generator(this, function (_b) {
+                if (((_a = context.pxhd) === null || _a === void 0 ? void 0 : _a.source) === PXHDSource_1.PXHDSource.RISK) {
+                    pxhd_1.PXHDUtils.addPxhdToOutgoingResponse(context, response);
+                }
+                return [2 /*return*/];
             });
         });
     };

package/lib/graphql/DefaultGraphQLParser.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
-import { IContext } from '../context/IContext';
+import { IContext } from '../context';
 import { IConfiguration } from '../config';
 import { IGraphQLParser } from './IGraphQLParser';
 export declare class DefaultGraphQLParser implements IGraphQLParser {
-    private readonly logger;
+    private readonly config;
     private readonly graphqlRoutes;
     private readonly sensitiveOperationTypes;
     private readonly sensitiveOperationNames;

package/lib/graphql/DefaultGraphQLParser.js CHANGED Viewed

@@ -42,7 +42,7 @@ var utils_1 = require("../utils");
 var http_1 = require("../http");
 var DefaultGraphQLParser = /** @class */ (function () {
     function DefaultGraphQLParser(config) {
-        this.logger = config.logger;
+        this.config = config;
         this.graphqlRoutes = config.graphqlRoutes;
         this.sensitiveOperationNames = config.sensitiveGraphqlOperationNames;
         this.sensitiveOperationTypes = config.sensitiveGraphqlOperationTypes;
@@ -62,21 +62,21 @@ var DefaultGraphQLParser = /** @class */ (function () {
                     case 1:
                         graphQLOperations = _a.sent();
                         if (!graphQLOperations) {
-                            this.logger.debug('unable to get graphql operations from request body');
+                            this.config.logger.debug('unable to get graphql operations from request body');
                             return [2 /*return*/, false];
                         }
                         data = this.parseGraphQLOperations(graphQLOperations);
                         if (!data || data.length === 0) {
-                            this.logger.debug('unable to parse graphql operations');
+                            this.config.logger.debug('unable to parse graphql operations');
                             return [2 /*return*/, false];
                         }
-                        this.logger.debug("".concat(data.length, " graphql operation").concat(data.length === 1 ? '' : 's', " parsed successfully"));
+                        this.config.logger.debug("".concat(data.length, " graphql operation").concat(data.length === 1 ? '' : 's', " parsed successfully"));
                         context.graphqlData = data;
                         context.isSensitiveRequest = context.isSensitiveRequest || data.some(function (operation) { return operation.sensitive; });
                         return [2 /*return*/, true];
                     case 2:
                         e_1 = _a.sent();
-                        this.logger.debug("error parsing graphql request: ".concat(e_1));
+                        this.config.logger.debug("unable to parse graphql request: ".concat(e_1));
                         return [2 /*return*/, false];
                     case 3: return [2 /*return*/];
                 }
@@ -86,20 +86,23 @@ var DefaultGraphQLParser = /** @class */ (function () {
     DefaultGraphQLParser.prototype.getGraphQLOperationsFromBody = function (_a) {
         var request = _a.request;
         return __awaiter(this, void 0, void 0, function () {
-            var body;
-            var _this = this;
+            var body, e_2;
             return __generator(this, function (_b) {
                 switch (_b.label) {
-                    case 0: return [4 /*yield*/, request.json().catch(function (e) {
-                            _this.logger.debug("unable to parse string body: ".concat(e));
-                            return null;
-                        })];
+                    case 0:
+                        _b.trys.push([0, 2, , 3]);
+                        return [4 /*yield*/, request.json()];
                     case 1:
                         body = _b.sent();
                         if (!body) {
                             return [2 /*return*/, null];
                         }
                         return [2 /*return*/, Array.isArray(body) ? body : [body]];
+                    case 2:
+                        e_2 = _b.sent();
+                        this.config.logger.debug("unable to parse body to json: ".concat(e_2));
+                        return [2 /*return*/, null];
+                    case 3: return [2 /*return*/];
                 }
             });
         });

package/lib/http/interfaces/IHeaders.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export interface IHeaders {
+    append(name: string, value: string): void;
+    delete(name: string): void;
+    get(name: string): string | null;
+    has(name: string): boolean;
+    set(name: string, value: string): void;
+    forEach(callbackfn: (value: string, key: string, parent: IHeaders) => void, thisArg?: any): void;
+}

package/lib/http/interfaces/IHeaders.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/lib/http/interfaces/IIncomingRequest.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { HttpMethod } from '../utils';
 import { IBody } from './IBody';
+import { IHeaders } from './IHeaders';
 /**
  * describes a request that comes from the end user.
  */
@@ -15,7 +16,7 @@ export interface IIncomingRequest extends IBody {
     /**
      * returns the request headers (for read usage).
      */
-    readonly headers: Headers;
+    readonly headers: IHeaders;
     /**
      * return the client ip or null.
      */

package/lib/http/interfaces/IOutgoingResponse.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { IHeaders } from './IHeaders';
 /**
  * Describes a response that is going to be returned to the end user.
  */
@@ -9,7 +10,7 @@ export interface IOutgoingResponse {
     /**
      * the response headers (for read usage)
      */
-    readonly headers: Headers | null;
+    readonly headers: IHeaders | null;
     /**
      * the response body.
      */

package/lib/http/interfaces/ReadOnlyHeaders.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
+import { IHeaders } from './IHeaders';
 export declare type ReadOnlyHeaders = Readonly<Record<string, string[]>>;
-export declare const toReadOnlyHeaders: (headers: Headers) => ReadOnlyHeaders;
-export declare const fromReadOnlyHeaders: (headers?: ReadOnlyHeaders) => Headers;
+export declare const toReadOnlyHeaders: (headers: IHeaders) => ReadOnlyHeaders;
 export declare const joinHeaderValues: (headers: ReadOnlyHeaders) => Record<string, string>;

package/lib/http/interfaces/ReadOnlyHeaders.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.joinHeaderValues = exports.fromReadOnlyHeaders = exports.toReadOnlyHeaders = void 0;
+exports.joinHeaderValues = exports.toReadOnlyHeaders = void 0;
 var toReadOnlyHeaders = function (headers) {
     var readonlyHeaders = {};
     headers.forEach(function (headerValue, headerName) {
@@ -10,19 +10,6 @@ var toReadOnlyHeaders = function (headers) {
     return readonlyHeaders;
 };
 exports.toReadOnlyHeaders = toReadOnlyHeaders;
-var fromReadOnlyHeaders = function (headers) {
-    if (!headers) {
-        return new Headers();
-    }
-    var init = Object.entries(headers)
-        .filter(function (e) { return (e === null || e === void 0 ? void 0 : e[0]) && (e === null || e === void 0 ? void 0 : e[1]); })
-        .flatMap(function (_a) {
-        var key = _a[0], values = _a[1];
-        return values.map(function (value) { return [key, value]; });
-    });
-    return new Headers(init);
-};
-exports.fromReadOnlyHeaders = fromReadOnlyHeaders;
 var joinHeaderValues = function (headers) {
     return Object.fromEntries(Object.entries(headers).map(function (_a) {
         var name = _a[0], values = _a[1];

package/lib/http/interfaces/index.d.ts CHANGED Viewed

@@ -6,3 +6,4 @@ export * from './IMinimalResponse';
 export * from './IOutgoingRequest';
 export * from './IOutgoingResponse';
 export * from './IBody';
+export * from './IHeaders';

package/lib/http/interfaces/index.js CHANGED Viewed

@@ -22,3 +22,4 @@ __exportStar(require("./IMinimalResponse"), exports);
 __exportStar(require("./IOutgoingRequest"), exports);
 __exportStar(require("./IOutgoingResponse"), exports);
 __exportStar(require("./IBody"), exports);
+__exportStar(require("./IHeaders"), exports);

package/lib/http/utils/MinimalResponseUtils.d.ts CHANGED Viewed

@@ -1,4 +1,6 @@
 import { IMinimalResponse } from '..';
 import { IIncomingResponse } from '..';
+import { ReadOnlyHeaders } from '..';
 export declare const appendHeader: (response: IMinimalResponse, name: string, value: string) => IMinimalResponse;
+export declare const appendHeaders: (response: IMinimalResponse, headers: ReadOnlyHeaders) => IMinimalResponse;
 export declare const from: (response: IIncomingResponse) => IMinimalResponse;

package/lib/http/utils/MinimalResponseUtils.js CHANGED Viewed

@@ -11,21 +11,31 @@ var __assign = (this && this.__assign) || function () {
     return __assign.apply(this, arguments);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.from = exports.appendHeader = void 0;
+exports.from = exports.appendHeaders = exports.appendHeader = void 0;
 var __1 = require("..");
 var appendHeader = function (response, name, value) {
+    var _a;
+    return (0, exports.appendHeaders)(response, (_a = {},
+        _a[name] = [value],
+        _a));
+};
+exports.appendHeader = appendHeader;
+var appendHeaders = function (response, headers) {
     var body = response.body;
     var statusCode = response.status;
-    var headers = response.headers;
-    var newHeaders = __assign({}, headers);
-    newHeaders[name] = (newHeaders[name] || []).concat([value]);
+    var responseHeaders = response.headers;
+    var newHeaders = __assign({}, responseHeaders);
+    Object.entries(headers).forEach(function (_a) {
+        var name = _a[0], values = _a[1];
+        newHeaders[name] = (newHeaders[name] || []).concat(values);
+    });
     return new __1.MinimalResponseImpl({
         body: body,
         headers: newHeaders,
         status: statusCode,
     });
 };
-exports.appendHeader = appendHeader;
+exports.appendHeaders = appendHeaders;
 var from = function (response) {
     return new (/** @class */ (function () {
         function class_1() {

package/lib/index.d.ts CHANGED Viewed

@@ -4,6 +4,7 @@ export * from './block_handler';
 export * from './config';
 export * from './context';
 export * from './custom_parameters';
+export * from './cors';
 export * from './enforcer';
 export * from './filter';
 export * from './first_party';

package/lib/index.js CHANGED Viewed

@@ -20,6 +20,7 @@ __exportStar(require("./block_handler"), exports);
 __exportStar(require("./config"), exports);
 __exportStar(require("./context"), exports);
 __exportStar(require("./custom_parameters"), exports);
+__exportStar(require("./cors"), exports);
 __exportStar(require("./enforcer"), exports);
 __exportStar(require("./filter"), exports);
 __exportStar(require("./first_party"), exports);

package/lib/pxhd/PXHDUtils.d.ts CHANGED Viewed

@@ -1,10 +1,11 @@
 import { IContext } from '../context';
 import { IOutgoingResponse, IMinimalResponse } from '../http';
+import { PXHD } from './model';
 export declare namespace PXHDUtils {
     const PXHD_SAMESITE_VALUE = "Lax";
     const PXHD_PATH_VALUE = "/";
     const addPxhdToResponse: (context: IContext, httpResponse: IMinimalResponse) => IMinimalResponse;
     const addPxhdToOutgoingResponse: (context: IContext, response: IOutgoingResponse) => void;
     const addPxhdToMinimalResponse: (context: IContext, response: IMinimalResponse) => IMinimalResponse;
-    const getPxhdCookieValue: (pxhdValue: string) => string;
+    const getPxhdCookieValue: (pxhd: PXHD) => string;
 }

package/lib/pxhd/PXHDUtils.js CHANGED Viewed

@@ -29,7 +29,11 @@ var PXHDUtils;
         }
         return response;
     };
-    PXHDUtils.getPxhdCookieValue = function (pxhdValue) {
-        return "".concat(utils_1.PXHD_COOKIE_NAME, "=").concat(pxhdValue, "; path=").concat(PXHDUtils.PXHD_PATH_VALUE, "; SameSite=").concat(PXHDUtils.PXHD_SAMESITE_VALUE);
+    PXHDUtils.getPxhdCookieValue = function (pxhd) {
+        var value = "".concat(utils_1.PXHD_COOKIE_NAME, "=").concat(pxhd.value);
+        var domain = pxhd.domain && "domain=".concat(pxhd.domain);
+        var path = "path=".concat(PXHDUtils.PXHD_PATH_VALUE);
+        var sameSite = "SameSite=".concat(PXHDUtils.PXHD_SAMESITE_VALUE);
+        return [value, domain, path, sameSite].filter(Boolean).join('; ');
     };
 })(PXHDUtils = exports.PXHDUtils || (exports.PXHDUtils = {}));

package/lib/pxhd/index.d.ts CHANGED Viewed

	@@ -1 +1,2 @@
1 1	export { PXHDUtils } from './PXHDUtils';
2	+ export * from './model';

package/lib/pxhd/index.js CHANGED Viewed

@@ -1,5 +1,20 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PXHDUtils = void 0;
 var PXHDUtils_1 = require("./PXHDUtils");
 Object.defineProperty(exports, "PXHDUtils", { enumerable: true, get: function () { return PXHDUtils_1.PXHDUtils; } });
+__exportStar(require("./model"), exports);

package/lib/pxhd/model/PXHD.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { PXHDSource } from './PXHDSource';
+export declare type PXHD = {
+    value: string;
+    domain?: string;
+    source: PXHDSource;
+};

package/lib/pxhd/model/PXHD.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/lib/pxhd/model/PXHDSource.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export declare enum PXHDSource {
+    COOKIE = "cookie",
+    RISK = "risk"
+}

package/lib/pxhd/model/PXHDSource.js ADDED Viewed

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PXHDSource = void 0;
+var PXHDSource;
+(function (PXHDSource) {
+    PXHDSource["COOKIE"] = "cookie";
+    PXHDSource["RISK"] = "risk";
+})(PXHDSource = exports.PXHDSource || (exports.PXHDSource = {}));

package/lib/pxhd/model/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './PXHD';
2	+ export * from './PXHDSource';

package/lib/pxhd/model/index.js ADDED Viewed

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./PXHD"), exports);
+__exportStar(require("./PXHDSource"), exports);

package/lib/risk_api/PostRiskApiClient.js CHANGED Viewed

@@ -162,11 +162,15 @@ var PostRiskApiClient = /** @class */ (function () {
         this.addCustomParamsToAdditional(riskActivity, context);
     };
     PostRiskApiClient.prototype.addOptionalRiskFieldsToRoot = function (riskActivity, context) {
-        (0, utils_1.transferExistingProperties)(context, riskActivity, {
-            vid: 'vid',
-            uuid: 'uuid',
-            pxhd: 'pxhd',
-        });
+        if (context.vid) {
+            riskActivity.vid = context.vid;
+        }
+        if (context.uuid) {
+            riskActivity.uuid = context.uuid;
+        }
+        if (context.pxhd) {
+            riskActivity.pxhd = context.pxhd.value;
+        }
     };
     PostRiskApiClient.prototype.addOptionalRiskFieldsToAdditional = function (riskActivity, context) {
         (0, utils_1.transferExistingProperties)(context, riskActivity.additional, {

package/lib/risk_api/model/RiskResponseV2.d.ts CHANGED Viewed

@@ -7,6 +7,7 @@ export declare type RiskResponseV2 = {
     action?: BlockAction;
     uuid?: string;
     pxhd?: string;
+    pxhdDomain?: string;
     message?: string;
     data_enrichment?: PXDE;
 };

package/lib/risk_api/model/RiskResponseV3.d.ts CHANGED Viewed

@@ -7,6 +7,7 @@ export declare type RiskResponseV3 = {
     action?: BlockAction;
     uuid?: string;
     pxhd?: string;
+    pxhdDomain?: string;
     message?: string;
     data_enrichment?: PXDE;
 };

package/lib/risk_api/risk_response_handler/RiskResponseV2Handler.js CHANGED Viewed

@@ -16,9 +16,9 @@ var __extends = (this && this.__extends) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.RiskResponseV2Handler = void 0;
-var utils_1 = require("../../utils");
 var RiskStatus_1 = require("../model/RiskStatus");
 var RiskResponseHandlerBase_1 = require("./RiskResponseHandlerBase");
+var PXHDSource_1 = require("../../pxhd/model/PXHDSource");
 var RiskResponseV2Handler = /** @class */ (function (_super) {
     __extends(RiskResponseV2Handler, _super);
     function RiskResponseV2Handler(config) {
@@ -32,14 +32,22 @@ var RiskResponseV2Handler = /** @class */ (function (_super) {
     };
     RiskResponseV2Handler.prototype.setRiskResponseContextFields = function (context, riskResponse) {
         context.score = this.extractScoreFromRiskResponse(riskResponse);
-        (0, utils_1.transferExistingProperties)(riskResponse, context, {
-            uuid: 'uuid',
-            pxhd: 'pxhd',
-            action: 'blockAction',
-            data_enrichment: 'pxde',
-        });
+        if (riskResponse.uuid) {
+            context.uuid = riskResponse.uuid;
+        }
+        if (riskResponse.pxhd) {
+            context.pxhd = {
+                value: riskResponse.pxhd,
+                domain: riskResponse.pxhdDomain,
+                source: PXHDSource_1.PXHDSource.RISK,
+            };
+        }
+        if (riskResponse.action) {
+            context.blockAction = riskResponse.action;
+        }
         if (riskResponse.data_enrichment) {
             context.pxdeVerified = true;
+            context.pxde = riskResponse.data_enrichment;
         }
     };
     return RiskResponseV2Handler;

package/lib/risk_api/risk_response_handler/RiskResponseV3Handler.js CHANGED Viewed

@@ -16,9 +16,9 @@ var __extends = (this && this.__extends) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.RiskResponseV3Handler = void 0;
-var utils_1 = require("../../utils");
 var RiskStatus_1 = require("../model/RiskStatus");
 var RiskResponseHandlerBase_1 = require("./RiskResponseHandlerBase");
+var PXHDSource_1 = require("../../pxhd/model/PXHDSource");
 var RiskResponseV3Handler = /** @class */ (function (_super) {
     __extends(RiskResponseV3Handler, _super);
     function RiskResponseV3Handler(config) {
@@ -31,15 +31,25 @@ var RiskResponseV3Handler = /** @class */ (function (_super) {
         return riskResponse.score;
     };
     RiskResponseV3Handler.prototype.setRiskResponseContextFields = function (context, riskResponse) {
-        (0, utils_1.transferExistingProperties)(riskResponse, context, {
-            score: 'score',
-            uuid: 'uuid',
-            action: 'blockAction',
-            pxhd: 'pxhd',
-            data_enrichment: 'pxde',
-        });
+        if (typeof riskResponse.score === 'number') {
+            context.score = riskResponse.score;
+        }
+        if (riskResponse.uuid) {
+            context.uuid = riskResponse.uuid;
+        }
+        if (riskResponse.action) {
+            context.blockAction = riskResponse.action;
+        }
+        if (riskResponse.pxhd) {
+            context.pxhd = {
+                value: riskResponse.pxhd,
+                domain: riskResponse.pxhdDomain,
+                source: PXHDSource_1.PXHDSource.RISK,
+            };
+        }
         if (riskResponse.data_enrichment) {
             context.pxdeVerified = true;
+            context.pxde = riskResponse.data_enrichment;
         }
     };
     return RiskResponseV3Handler;

package/lib/utils/constants.d.ts CHANGED Viewed

@@ -7,4 +7,4 @@ export declare const BYPASS_MONITOR_HEADER_VALUE = "1";
 export declare const X_PX_AUTHORIZATION_HEADER_NAME = "x-px-authorization";
 export declare const X_PX_ORIGINAL_TOKEN_HEADER_NAME = "x-px-original-token";
 export declare const X_PX_BYPASS_REASON_HEADER_NAME = "x-px-bypass-reason";
-export declare const CORE_MODULE_VERSION = "JS Core 0.4.4";
+export declare const CORE_MODULE_VERSION = "JS Core 0.5.1";

package/lib/utils/constants.js CHANGED Viewed

@@ -10,4 +10,4 @@ exports.BYPASS_MONITOR_HEADER_VALUE = '1';
 exports.X_PX_AUTHORIZATION_HEADER_NAME = 'x-px-authorization';
 exports.X_PX_ORIGINAL_TOKEN_HEADER_NAME = 'x-px-original-token';
 exports.X_PX_BYPASS_REASON_HEADER_NAME = 'x-px-bypass-reason';
-exports.CORE_MODULE_VERSION = 'JS Core 0.4.4';
+exports.CORE_MODULE_VERSION = 'JS Core 0.5.1';

package/lib/utils/utils.d.ts CHANGED Viewed

@@ -9,5 +9,8 @@ export declare const removeSensitiveFields: <T extends Record<string, any>>(obje
 export declare const removeSensitiveHeaders: (headers: Record<string, string[]>, sensitiveHeaderNames: string[]) => Record<string, string[]>;
 export declare const isRouteInPatterns: (route: string, patterns: Array<string | RegExp>) => boolean;
 export declare const isRouteMatch: (route: string, pattern: string | RegExp) => boolean;
+/**
+ * @deprecated this method is not typesafe. Copy the fields manually instead.
+ */
 export declare const transferExistingProperties: <FromObj extends Record<string, any>, ToObj extends Record<string, any>>(fromObj: FromObj, toObj: ToObj, propertyMappings: Partial<Record<keyof FromObj, keyof ToObj>>) => void;
 export declare const rejectOnTimeout: <T>(promise: Promise<T>, ms: number) => Promise<T>;

package/lib/utils/utils.js CHANGED Viewed

@@ -124,6 +124,9 @@ var isRouteMatch = function (route, pattern) {
     return false;
 };
 exports.isRouteMatch = isRouteMatch;
+/**
+ * @deprecated this method is not typesafe. Copy the fields manually instead.
+ */
 var transferExistingProperties = function (fromObj, toObj, propertyMappings) {
     if (!toObj || !fromObj) {
         return;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "perimeterx-js-core",
-  "version": "0.4.4",
+  "version": "0.5.1",
   "description": "",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",