perimeterx-js-core 0.6.1 → 0.7.0

package/README.md

@@ -122,6 +122,7 @@ are provided:
 
 `IHashUtils` - Represents a hashing utility that is required by Credential Intelligence. The following implementations are provided:
 * `CryptoHashUtils`, which relies on the native NodeJS `crypto` package.
+* `CryptoJSHashUtils`, which uses the `crypto-js` dependency.
 * `SubtleCryptoHashUtils`, which relies on an object implementing the `SubtleCrypto` interface. By default, it is assumed that the global `crypto.subtle` implements this interface.
 
 

package/lib/action/ActionData.d.ts

@@ -1,5 +1,5 @@
 import { Action } from './Action';
-export declare type ActionData = {
+export type ActionData = {
     /**
      * The recommended action that should be taken by the enforcer.
      */

package/lib/action/Decision.d.ts

@@ -1,6 +1,6 @@
 import { Action } from './index';
 import { ProductName } from '../products';
-export declare type Decision = {
+export type Decision = {
     action?: Action;
     reasons?: Partial<Record<ProductName, string>>;
 };

package/lib/action/ProductAction.d.ts

@@ -0,0 +1,5 @@
+import { ActionData } from './ActionData';
+import { ProductName } from '../products';
+export type ProductAction = ActionData & {
+    productName: ProductName;
+};

package/lib/action/ProductAction.js

@@ -0,0 +1 @@
+export {};

package/lib/action/index.d.ts

@@ -2,3 +2,5 @@ export * from './Action';
 export * from './ActionData';
 export * from './ActionPriorityOrder';
 export * from './Decision';
+export * from './ProductAction';
+export * from './utils';

package/lib/action/index.js

@@ -2,3 +2,5 @@ export * from './Action';
 export * from './ActionData';
 export * from './ActionPriorityOrder';
 export * from './Decision';
+export * from './ProductAction';
+export * from './utils';

package/lib/action/utils.d.ts

@@ -0,0 +1,6 @@
+import { Decision } from './Decision';
+import { IContext } from '../context';
+import { ProductAction } from './ProductAction';
+export declare const getDecisionFromContext: <Req, Res>(context: IContext<Req, Res>) => Decision;
+export declare const getProductActions: <Req, Res>(context: IContext<Req, Res>) => ProductAction[];
+export declare const getDecisionFromActions: (productActions: ProductAction[]) => Decision;

package/lib/action/utils.js

@@ -0,0 +1,34 @@
+import { Action } from './Action';
+import { ACTION_PRIORITY_ORDER } from './ActionPriorityOrder';
+export const getDecisionFromContext = (context) => {
+    return getDecisionFromActions(getProductActions(context));
+};
+export const getProductActions = (context) => {
+    return Object.entries(context.productData)
+        .filter(([_, data]) => (data === null || data === void 0 ? void 0 : data.action) != null && (data === null || data === void 0 ? void 0 : data.reason) != null)
+        .map(([productName, data]) => ({
+        action: data.action,
+        reason: data.reason,
+        productName: productName,
+    }));
+};
+export const getDecisionFromActions = (productActions) => {
+    return createDecision(reduce(productActions));
+};
+const reduce = (actions) => {
+    return actions.reduce((tally, { action, reason, productName }) => {
+        if (!tally[action]) {
+            tally[action] = {};
+        }
+        tally[action][productName] = reason;
+        return tally;
+    }, {});
+};
+const createDecision = (tally) => {
+    for (const action of ACTION_PRIORITY_ORDER) {
+        if (tally[action]) {
+            return { action, reasons: tally[action] };
+        }
+    }
+    return { action: Action.PASS_REQUEST };
+};

package/lib/activities/HttpActivityClient.js

@@ -62,9 +62,9 @@ export class HttpActivityClient {
             };
             const body = activities.length === 1 ? JSON.stringify(activities[0]) : JSON.stringify(activities);
             this.config.logger.debug(`sending ${activities.map(({ type }) => `${type} activity`).join(', ')} to ${url}`);
-            const req = new OutgoingRequestImpl({ url: url, method: method, headers: headers, body: body });
-            const status = yield this.httpClient.send(req).then((resp) => resp.status);
-            return status === 200;
+            const req = new OutgoingRequestImpl({ url, method, headers, body });
+            const res = yield this.httpClient.send(req);
+            return (res === null || res === void 0 ? void 0 : res.status) === 200;
         });
     }
 }

package/lib/activities/IActivityClient.d.ts

@@ -1,8 +1,9 @@
+import { AsyncOrSync } from 'ts-essentials';
 import { ReadonlyContext } from '../context';
 export interface IActivityClient<Req, Res> {
     /**
      * @param context - The request context.
      * @returns Promise<boolean> - Whether sending the activities was successful or not.
      */
-    sendActivities(context: ReadonlyContext<Req, Res>): Promise<boolean>;
+    sendActivities(context: ReadonlyContext<Req, Res>): AsyncOrSync<boolean>;
 }

package/lib/activities/model/Activity.d.ts

@@ -1,6 +1,6 @@
 import { ActivityType } from '../ActivityType';
 import { ActivityDetails } from './ActivityDetails';
-export declare type Activity = {
+export type Activity = {
     type: ActivityType;
     timestamp: number;
     socket_ip: string;

package/lib/activities/model/ActivityDetails.d.ts

@@ -1,7 +1,7 @@
 import { GraphQLData } from '../../graphql';
 import { BlockAction } from '../../blocker';
-export declare type ActivityTypeDetails = PageRequestedActivityDetails | BlockActivityDetails | AdditionalS2SActivityDetails;
-export declare type ActivityDetails = ActivityTypeDetails & {
+export type ActivityTypeDetails = PageRequestedActivityDetails | BlockActivityDetails | AdditionalS2SActivityDetails;
+export type ActivityDetails = ActivityTypeDetails & {
     client_uuid: string;
     request_id: string;
     module_version: string;
@@ -26,20 +26,20 @@ export declare type ActivityDetails = ActivityTypeDetails & {
     app_user_id?: string;
     jwt_additional_fields?: Record<string, any>;
 };
-export declare type PageRequestedActivityDetails = {
+export type PageRequestedActivityDetails = {
     pass_reason: string;
     px_cookie?: string;
     error_message?: string;
     s2s_error_reason?: string;
     s2s_error_http_status?: number;
 };
-export declare type BlockActivityDetails = {
+export type BlockActivityDetails = {
     block_reason: string;
     block_action: BlockAction;
     block_score: number;
     simulated_block: boolean;
 };
-export declare type AdditionalS2SActivityDetails = {
+export type AdditionalS2SActivityDetails = {
     http_status_code: number;
     login_successful: boolean;
     raw_username?: string;

package/lib/activities/utils.js

@@ -8,7 +8,7 @@ export const createActivity = (activityType, config, context) => {
     return {
         type: activityType,
         px_app_id: config.appId,
-        url: context.requestData.url.href,
+        url: context.requestData.rawUrl,
         headers: activityType !== ActivityType.ADDITIONAL_S2S
             ? joinHeaderValues(removeSensitiveHeaders(context.requestData.headers, config.sensitiveHeaders))
             : undefined,

package/lib/additional_activity_handler/AdditionalActivityHandler.d.ts

@@ -1,3 +1,3 @@
 import { ConfigurationParams } from '../config';
 import { ReadonlyContext } from '../context';
-export declare type AdditionalActivityHandler = <Req, Res>(config: ConfigurationParams<Req, Res>, context: ReadonlyContext<Req, Res>) => void | Promise<void>;
+export type AdditionalActivityHandler = <Req, Res>(config: ConfigurationParams<Req, Res>, context: ReadonlyContext<Req, Res>, request: Req) => void | Promise<void>;

package/lib/additional_activity_handler/AdditionalActivityHandlerUtils.js

@@ -12,7 +12,7 @@ export var AdditionalActivityHandlerUtils;
     AdditionalActivityHandlerUtils.invokeAdditionalActivityHandler = (config, context) => __awaiter(this, void 0, void 0, function* () {
         if (config.additionalActivityHandler && typeof config.additionalActivityHandler === 'function') {
             try {
-                yield config.additionalActivityHandler(config.toParams(), context);
+                yield config.additionalActivityHandler(config.toParams(), context, context.requestData.request.getUnderlyingRequest());
             }
             catch (e) {
                 config.logger.error(`caught additional activity handler error - ${e}`);

package/lib/config/ConfigurationParams.d.ts

@@ -5,7 +5,7 @@ import { CredentialEndpointConfiguration, CredentialIntelligenceVersion, CustomL
 import { LoggerSeverity } from '../logger';
 import { ModuleMode } from '../utils';
 import { GraphQLOperationType } from '../graphql';
-export declare type ConfigurationParams<Req, Res> = {
+export type ConfigurationParams<Req, Res> = {
     px_app_id: string;
     px_auth_token: string;
     px_cookie_secret: string;

package/lib/context/DefaultContext.d.ts

@@ -9,9 +9,11 @@ import { ICookieParser, IRequestIdGenerator, VidSource } from '../utils';
 import { IContext, RequestData, RiskApiData, ServerData, TlsData, TokenData } from './interfaces';
 import { ProductData, ProductName } from '../products';
 import { Action } from '../action';
-export declare type DefaultContextOptions = {
+import { IURLParser } from '../utils/url_parser';
+export type DefaultContextOptions = {
     cookieParser?: ICookieParser;
     requestIdGenerator: IRequestIdGenerator;
+    urlParser?: IURLParser;
 };
 export declare class DefaultContext<Req, Res> implements IContext<Req, Res> {
     readonly requestId: string;
@@ -35,6 +37,7 @@ export declare class DefaultContext<Req, Res> implements IContext<Req, Res> {
     customParameters?: CustomParameters;
     response?: IOutgoingResponse<Res>;
     protected readonly config: IConfiguration<Req, Res>;
+    protected readonly urlParser: IURLParser;
     constructor(config: IConfiguration<Req, Res>, request: IIncomingRequest<Req>, options: DefaultContextOptions);
     get isMobile(): boolean;
     protected createRequestData(config: IConfiguration<Req, Res>, request: IIncomingRequest<Req>, cookieParser?: ICookieParser): RequestData<Req>;

package/lib/context/DefaultContext.js

@@ -3,10 +3,12 @@ import { PXHDSource } from '../pxhd';
 import { TokenOrigin, TokenParseResult } from '../risk_token';
 import { RiskApiCallResult } from '../risk_api';
 import { COOKIE_HEADER_NAME, toReadonlyHeaders, USER_AGENT_HEADER_NAME, } from '../http';
-import { StringSplitCookieParser, getDecodedUrl, PXHD_COOKIE_NAME, PXVID_COOKIE_NAME, X_PX_AUTHORIZATION_HEADER_NAME, } from '../utils';
+import { StringSplitCookieParser, PXHD_COOKIE_NAME, PXVID_COOKIE_NAME, X_PX_AUTHORIZATION_HEADER_NAME, } from '../utils';
+import { DefaultUrlParser } from '../utils/url_parser';
 export class DefaultContext {
     constructor(config, request, options) {
         this.config = config;
+        this.urlParser = options.urlParser || new DefaultUrlParser();
         this.tokenData = {
             tokenParseResult: TokenParseResult.NONE,
         };
@@ -29,7 +31,8 @@ export class DefaultContext {
         return this.tokenOrigin === TokenOrigin.HEADER;
     }
     createRequestData(config, request, cookieParser = new StringSplitCookieParser()) {
-        const url = getDecodedUrl(request.url);
+        const rawUrl = request.url;
+        const url = this.urlParser.parse(rawUrl);
         const method = request.method;
         const headers = request.headers;
         const cookies = DefaultContext.getCookies(cookieParser, request.headers.get(COOKIE_HEADER_NAME), request.headers.get(config.customCookieHeader));
@@ -37,7 +40,7 @@ export class DefaultContext {
         const readOnlyHeaders = toReadonlyHeaders(headers);
         const userAgent = this.extractUserAgentFromHeader(config, readOnlyHeaders);
         const ip = this.extractIpFromHeader(config, readOnlyHeaders) || request.clientIP;
-        return { url, method, headers: readOnlyHeaders, cookies, ip, userAgent, requestCookieNames, request };
+        return { url, rawUrl, method, headers: readOnlyHeaders, cookies, ip, userAgent, requestCookieNames, request };
     }
     static getCookies(cookieParser, ...cookieHeaderValues) {
         const cookies = {};

package/lib/context/interfaces/MobileData.d.ts

@@ -1,5 +1,5 @@
 import { IToken, MobileError, TokenParseResult } from '../../risk_token';
-export declare type MobileData<Req, Res> = {
+export type MobileData<Req, Res> = {
     /**
      * The mobile error sent on the X-PX-Authorization header for mobile requests.
      */

package/lib/context/interfaces/ReadonlyContext.d.ts

@@ -1,3 +1,3 @@
 import { DeepReadonly } from 'ts-essentials';
 import { IContext } from './IContext';
-export declare type ReadonlyContext<Req, Res> = DeepReadonly<IContext<Req, Res>>;
+export type ReadonlyContext<Req, Res> = DeepReadonly<IContext<Req, Res>>;

package/lib/context/interfaces/RequestData.d.ts

@@ -1,9 +1,14 @@
 import { HttpMethod, IIncomingRequest, IURL, ReadonlyHeaders } from '../../http';
-export declare type RequestData<Req> = {
+export type RequestData<Req> = {
     /**
      * The request URL.
      */
     url: IURL;
+    /**
+     * The native url fetched from the environment.
+     * It should contain "..", duplicate slashes and un-decoded ascii characters (%XX) if possible.
+     */
+    rawUrl: string;
     /**
      * The request method, capitalized.
      */

package/lib/context/interfaces/RiskApiData.d.ts

@@ -1,5 +1,5 @@
 import { IRiskResponse, S2SErrorReason, RiskApiCallResult } from '../../risk_api';
-export declare type RiskApiData = {
+export type RiskApiData = {
     /**
      * The result of the risk API call.
      */

package/lib/context/interfaces/ServerData.d.ts

@@ -1,4 +1,4 @@
-export declare type ServerData = {
+export type ServerData = {
     /**
      * The operating system platform.
      */

package/lib/context/interfaces/TlsData.d.ts

@@ -1,4 +1,4 @@
-export declare type TlsData = {
+export type TlsData = {
     /**
      * The TLS version used for the HTTPS request (e.g., 1.2, 1.3).
      */

package/lib/context/interfaces/TokenData.d.ts

@@ -1,6 +1,6 @@
 import { IToken, TokenParseResult } from '../../risk_token';
 import { MobileData } from './MobileData';
-export declare type TokenData<Req, Res> = {
+export type TokenData<Req, Res> = {
     /**
      * The result of token parsing.
      */

package/lib/cors/CustomBlockResponseHeadersHandler.d.ts

@@ -1,2 +1,2 @@
 import { ReadonlyHeaders } from '../http';
-export declare type CustomBlockResponseHeadersHandler<Req> = (request: Req) => ReadonlyHeaders | Promise<ReadonlyHeaders>;
+export type CustomBlockResponseHeadersHandler<Req> = (request: Req) => ReadonlyHeaders | Promise<ReadonlyHeaders>;

package/lib/cors/CustomPreflightHandler.d.ts

@@ -1,2 +1,2 @@
 import { IMinimalResponse } from '../http';
-export declare type CustomPreflightHandler<Req> = (request: Req) => IMinimalResponse | Promise<IMinimalResponse>;
+export type CustomPreflightHandler<Req> = (request: Req) => IMinimalResponse | Promise<IMinimalResponse>;

package/lib/cors/ICors.d.ts

@@ -1,6 +1,6 @@
+import { AsyncOrSync } from 'ts-essentials';
 import { ReadonlyContext } from '../context';
-import { IMinimalResponse } from '../http';
-import { ReadonlyHeaders } from '../http';
+import { IMinimalResponse, ReadonlyHeaders } from '../http';
 export interface ICors<Req, Res> {
     /**
      * @param context
@@ -11,7 +11,7 @@ export interface ICors<Req, Res> {
      * @param context- The request context.
      * @returns IMinimalResponse- The response that return to client for preflight request.
      */
-    runPreflightCustomHandler(context: ReadonlyContext<Req, Res>): Promise<IMinimalResponse> | null;
+    runPreflightCustomHandler(context: ReadonlyContext<Req, Res>): AsyncOrSync<IMinimalResponse> | null;
     /**
      * @param context- The request context.
      * @returns boolean - Whether the request is CORS.
@@ -22,5 +22,5 @@ export interface ICors<Req, Res> {
      * @param context - The request context.
      * @returns ReadOnlyHeaders - headers to be added to the block response.
      */
-    getCorsBlockHeaders(context: ReadonlyContext<Req, Res>): Promise<ReadonlyHeaders>;
+    getCorsBlockHeaders(context: ReadonlyContext<Req, Res>): AsyncOrSync<ReadonlyHeaders>;
 }

package/lib/custom_parameters/CustomParameters.d.ts

@@ -1,4 +1,4 @@
-export declare type CustomParameters = {
+export type CustomParameters = {
     custom_param1?: any;
     custom_param2?: any;
     custom_param3?: any;

package/lib/custom_parameters/CustomParametersFunction.d.ts

@@ -1,3 +1,3 @@
 import { ConfigurationParams } from '../config';
 import { CustomParameters } from './CustomParameters';
-export declare type CustomParametersFunction<Req, Res> = (config: ConfigurationParams<Req, Res>, request: Req) => CustomParameters | Promise<CustomParameters>;
+export type CustomParametersFunction<Req, Res> = (config: ConfigurationParams<Req, Res>, request: Req) => CustomParameters | Promise<CustomParameters>;

package/lib/enforcer/options/EnforcerBaseOptions.d.ts

@@ -8,7 +8,7 @@ import { IRiskApiClient } from '../../risk_api';
 import { IActivityClient } from '../../activities';
 import { Products } from '../../products';
 import { IGraphQLParser } from '../../graphql';
-export declare type EnforcerBaseOptions<Req, Res> = {
+export type EnforcerBaseOptions<Req, Res> = {
     httpClient: IHttpClient;
     base64Utils: IBase64Utils;
     hmacUtils: IHmacUtils;

package/lib/enforcer/options/EnforcerOptionsType.d.ts

@@ -1,4 +1,4 @@
 import { TokenVersion } from '../../risk_token';
 import { EnforcerV2Options } from './EnforcerV2Options';
 import { EnforcerV3Options } from './EnforcerV3Options';
-export declare type EnforcerOptionsType<TokenV extends TokenVersion, Req, Res> = TokenV extends TokenVersion.V2 ? EnforcerV2Options<Req, Res> : TokenV extends TokenVersion.V3 ? EnforcerV3Options<Req, Res> : never;
+export type EnforcerOptionsType<TokenV extends TokenVersion, Req, Res> = TokenV extends TokenVersion.V2 ? EnforcerV2Options<Req, Res> : TokenV extends TokenVersion.V3 ? EnforcerV3Options<Req, Res> : never;

package/lib/enforcer/options/EnforcerV2Options.d.ts

@@ -1,5 +1,5 @@
 import { TokenVersion } from '../../risk_token';
 import { EnforcerBaseOptions } from './EnforcerBaseOptions';
-export declare type EnforcerV2Options<Req, Res> = {
+export type EnforcerV2Options<Req, Res> = {
     tokenVersion: TokenVersion.V2;
 } & EnforcerBaseOptions<Req, Res>;

package/lib/enforcer/options/EnforcerV3Options.d.ts

@@ -1,7 +1,7 @@
 import { TokenVersion } from '../../risk_token';
 import { ICipherUtils } from '../../utils';
 import { EnforcerBaseOptions } from './EnforcerBaseOptions';
-export declare type EnforcerV3Options<Req, Res> = {
+export type EnforcerV3Options<Req, Res> = {
     tokenVersion: TokenVersion.V3;
     cipherUtils: ICipherUtils;
 } & EnforcerBaseOptions<Req, Res>;

package/lib/filter/FilterReason.d.ts

@@ -5,5 +5,6 @@ export declare enum FilterReason {
     HTTP_METHOD = "http_method",
     USER_AGENT = "user_agent",
     IP = "ip",
-    TELEMETRY_REQUEST = "telemetry_request"
+    TELEMETRY_REQUEST = "telemetry_request",
+    CORS_PREFLIGHT_REQUEST = "cors_preflight_request"
 }

package/lib/filter/FilterReason.js

@@ -7,4 +7,5 @@ export var FilterReason;
     FilterReason["USER_AGENT"] = "user_agent";
     FilterReason["IP"] = "ip";
     FilterReason["TELEMETRY_REQUEST"] = "telemetry_request";
+    FilterReason["CORS_PREFLIGHT_REQUEST"] = "cors_preflight_request";
 })(FilterReason || (FilterReason = {}));

package/lib/first_party/FirstPartyData.d.ts

@@ -1,5 +1,5 @@
 import { IMinimalResponse, IOutgoingRequest } from '../http';
-export declare type FirstPartyData = {
+export type FirstPartyData = {
     request?: IOutgoingRequest;
     defaultResponse: IMinimalResponse;
 };

package/lib/first_party/IFirstParty.d.ts

@@ -1,3 +1,4 @@
+import { AsyncOrSync } from 'ts-essentials';
 import { ReadonlyContext } from '../context';
 import { FirstPartyData } from './FirstPartyData';
 export interface IFirstParty<Req, Res> {
@@ -5,5 +6,5 @@ export interface IFirstParty<Req, Res> {
      * @param context - The request context
      * @returns Promise<FirstPartyData | null> - If the request is not a first party request, it will return null.
      */
-    handleFirstPartyRequest(context: ReadonlyContext<Req, Res>): Promise<FirstPartyData | null>;
+    handleFirstPartyRequest(context: ReadonlyContext<Req, Res>): AsyncOrSync<FirstPartyData | null>;
 }

package/lib/graphql/IGraphQLParser.d.ts

@@ -1,6 +1,7 @@
+import { AsyncOrSync } from 'ts-essentials';
 import { ReadonlyContext } from '../context';
 import { GraphQLData } from './model';
 export interface IGraphQLParser<Req, Res> {
     isGraphQLRequest(context: ReadonlyContext<Req, Res>): boolean;
-    parseGraphQLRequest(context: ReadonlyContext<Req, Res>): Promise<GraphQLData[]>;
+    parseGraphQLRequest(context: ReadonlyContext<Req, Res>): AsyncOrSync<GraphQLData[]>;
 }

package/lib/graphql/model/GraphQLData.d.ts

@@ -1,5 +1,5 @@
 import { GraphQLOperationType } from './GraphQLOperationType';
-export declare type GraphQLData = {
+export type GraphQLData = {
     type: GraphQLOperationType;
     name?: string;
     sensitive?: boolean;

package/lib/graphql/model/GraphQLOperation.d.ts

@@ -1,4 +1,4 @@
-export declare type GraphQLOperation = {
+export type GraphQLOperation = {
     query: string;
     operationName?: string;
     variables?: Record<string, unknown>;

package/lib/http/impl/FormDataImpl.js

@@ -29,8 +29,8 @@ export class FormDataImpl {
         if (typeof value === 'string') {
             this.data[name] = [value];
         }
-        else {
-            this.data[name] = [Object.assign(Object.assign({}, value), { name: filename !== null && filename !== void 0 ? filename : '', lastModified: Date.now(), webkitRelativePath: '' })];
+        else if (File) {
+            this.data[name] = [new File([value], filename)];
         }
     }
 }

package/lib/http/impl/MinimalResponseImpl.d.ts

@@ -1,6 +1,6 @@
 import { IMinimalResponse } from '../interfaces';
 import { ReadonlyHeaders } from '../interfaces';
-export declare type MinimalResponseOptions = {
+export type MinimalResponseOptions = {
     status?: number;
     headers?: ReadonlyHeaders;
     body: any;

package/lib/http/impl/OutgoingRequestImpl.d.ts

@@ -1,5 +1,5 @@
 import { ReadonlyHeaders, HttpMethod, IOutgoingRequest } from '..';
-export declare type OutGoingRequestImplOptions = {
+export type OutGoingRequestImplOptions = {
     url: string;
     method?: HttpMethod | string;
     headers?: ReadonlyHeaders;

package/lib/http/interfaces/IHttpClient.d.ts

@@ -1,8 +1,9 @@
+import { AsyncOrSync } from 'ts-essentials';
 import { IOutgoingRequest } from './IOutgoingRequest';
 import { IIncomingResponse } from './IIncomingResponse';
-export declare type HttpSendOptions = {
+export type HttpSendOptions = {
     timeoutMs?: number;
 };
 export interface IHttpClient {
-    send(request: IOutgoingRequest, options?: HttpSendOptions): Promise<IIncomingResponse>;
+    send(request: IOutgoingRequest, options?: HttpSendOptions): AsyncOrSync<IIncomingResponse>;
 }

package/lib/http/interfaces/ReadonlyHeaders.d.ts

@@ -1,6 +1,6 @@
 import { DeepReadonly } from 'ts-essentials';
 import { IHeaders } from './IHeaders';
-export declare type ReadonlyHeaders = DeepReadonly<Record<string, string[]>>;
+export type ReadonlyHeaders = DeepReadonly<Record<string, string[]>>;
 export declare const toReadonlyHeaders: (headers: IHeaders) => ReadonlyHeaders;
 export declare const toMutableHeaders: (headers: ReadonlyHeaders) => Record<string, string[]>;
 export declare const joinHeaderValues: (headers: ReadonlyHeaders) => Record<string, string>;

package/lib/phase/IPhase.d.ts

@@ -1,5 +1,6 @@
+import { AsyncOrSync } from 'ts-essentials';
 import { IContext } from '../context';
 import { PhaseResult } from './PhaseResult';
 export interface IPhase<Req, Res> {
-    execute(context: IContext<Req, Res>): Promise<PhaseResult>;
+    execute(context: IContext<Req, Res>): AsyncOrSync<PhaseResult>;
 }

package/lib/phase/PhaseResult.d.ts

@@ -1,5 +1,5 @@
 import { IMinimalResponse } from '../http';
-export declare type PhaseResult = {
+export type PhaseResult = {
     done: boolean;
     response?: IMinimalResponse;
 };

package/lib/phase/impl/DecideActionPhase.d.ts

@@ -1,19 +1,10 @@
 import { IConfiguration } from '../../config';
 import { IContext } from '../../context';
-import { ProductName } from '../../products';
-import { Action, ActionData, Decision } from '../../action';
 import { IPhase } from '../IPhase';
 import { PhaseResult } from '../PhaseResult';
-declare type ProductAction = ActionData & {
-    productName: ProductName;
-};
 export declare abstract class DecideActionPhase<Req, Res> implements IPhase<Req, Res> {
     protected readonly config: IConfiguration<Req, Res>;
     protected constructor(config: IConfiguration<Req, Res>);
     abstract execute(context: IContext<Req, Res>): Promise<PhaseResult>;
     protected updateContextDecision(context: IContext<Req, Res>): Promise<void>;
-    protected getProductActions(context: IContext<Req, Res>): ProductAction[];
-    protected reduce(actions: ProductAction[]): Partial<Record<Action, Partial<Record<ProductName, string>>>>;
-    protected createDecision(tally: Partial<Record<Action, Partial<Record<ProductName, string>>>>): Decision;
 }
-export {};

package/lib/phase/impl/DecideActionPhase.js

@@ -7,16 +7,15 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-import { Action, ACTION_PRIORITY_ORDER } from '../../action';
 import { LoggerSeverity } from '../../logger';
+import { getDecisionFromContext } from '../../action';
 export class DecideActionPhase {
     constructor(config) {
         this.config = config;
     }
     updateContextDecision(context) {
         return __awaiter(this, void 0, void 0, function* () {
-            const actions = this.getProductActions(context);
-            const { action, reasons } = this.createDecision(this.reduce(actions));
+            const { action, reasons } = getDecisionFromContext(context);
             if (this.config.logger.getLoggerSeverity() === LoggerSeverity.DEBUG) {
                 const productReasons = Object.entries(reasons)
                     .map(([prod, reason]) => `${prod} -> ${reason}`)
@@ -27,30 +26,4 @@ export class DecideActionPhase {
             context.reasons = reasons;
         });
     }
-    getProductActions(context) {
-        return Object.entries(context.productData)
-            .filter(([_, data]) => (data === null || data === void 0 ? void 0 : data.action) != null && (data === null || data === void 0 ? void 0 : data.reason) != null)
-            .map(([productName, data]) => ({
-            action: data.action,
-            reason: data.reason,
-            productName: productName,
-        }));
-    }
-    reduce(actions) {
-        return actions.reduce((tally, { action, reason, productName }) => {
-            if (!tally[action]) {
-                tally[action] = {};
-            }
-            tally[action][productName] = reason;
-            return tally;
-        }, {});
-    }
-    createDecision(tally) {
-        for (const action of ACTION_PRIORITY_ORDER) {
-            if (tally[action]) {
-                return { action, reasons: tally[action] };
-            }
-        }
-        return { action: Action.PASS_REQUEST };
-    }
 }

package/lib/products/account_defender/AccountDefender.d.ts

@@ -5,7 +5,7 @@ import { IBase64Utils } from '../../utils';
 import { IAccountDefender } from './IAccountDefender';
 import { AccountDefenderData } from './AccountDefenderData';
 import { JwtData } from './JwtData';
-export declare type AccountDefenderOptions = {
+export type AccountDefenderOptions = {
     base64Utils: IBase64Utils;
 };
 export declare class AccountDefender<Req, Res> implements IAccountDefender<Req, Res> {

package/lib/products/account_defender/AccountDefenderData.d.ts

@@ -1,5 +1,5 @@
 import { ActionData } from '../../action';
-export declare type AccountDefenderData = Partial<ActionData> & {
+export type AccountDefenderData = Partial<ActionData> & {
     appUserId?: string;
     additionalFields?: Record<string, any>;
     crossTabSession?: string;