perimeterx-js-core 0.7.0 → 0.7.1

package/lib/config/ConfigurationParams.d.ts

@@ -73,6 +73,7 @@ export type ConfigurationParams<Req, Res> = {
     px_sensitive_graphql_operation_types?: Array<'query' | 'mutation' | 'subscription' | GraphQLOperationType>;
     px_cors_support_enabled?: boolean;
     px_cors_preflight_request_filter_enabled?: boolean;
+    px_logger_auth_token?: string;
     px_extract_ip?: () => {};
     px_additional_activity_handler?: AdditionalActivityHandler;
     px_enrich_custom_parameters?: CustomParametersFunction<Req, Res>;

package/lib/config/DefaultConfigurations.js

@@ -114,4 +114,5 @@ export const DEFAULT_CONFIGURATIONS = {
     px_cors_custom_preflight_handler: null,
     px_cors_preflight_request_filter_enabled: false,
     px_cors_create_custom_block_response_headers: null,
+    px_logger_auth_token: '',
 };

package/lib/config/IConfiguration.d.ts

@@ -301,6 +301,10 @@ export interface IConfiguration<Req, Res, ParamsType extends ConfigurationParams
      * The default login successful custom callback to use if none is defined for an endpoint.
      */
     readonly ciDefaultLoginSuccessfulCustomCallback: CustomLoginSuccessfulCallback<Res>;
+    /**
+     * The authentication token for the logging service.
+     */
+    readonly loggerAuthToken: string;
     /**
      * Returns an object representation of the current configuration.
      */

package/lib/config/StaticConfigurationBase.d.ts

@@ -76,6 +76,7 @@ export declare abstract class StaticConfigurationBase<Req, Res, ParamsType exten
     get jwtHeaderName(): string;
     get jwtHeaderUserIdFieldName(): string;
     get ciEnabled(): boolean;
+    get loggerAuthToken(): string;
     get ciEndpoints(): CredentialEndpointConfiguration<Req, Res>[];
     get ciCompromisedCredentialsHeaderName(): string;
     get ciSendRawUsernameOnAdditionalS2SActivity(): boolean;

package/lib/config/StaticConfigurationBase.js

@@ -236,6 +236,9 @@ export class StaticConfigurationBase {
     get ciEnabled() {
         return this.configParams.px_login_credentials_extraction_enabled;
     }
+    get loggerAuthToken() {
+        return this.configParams.px_logger_auth_token;
+    }
     get ciEndpoints() {
         return this.configParams.px_login_credentials_extraction;
     }

package/lib/enforcer/EnforcerBase.d.ts

@@ -13,6 +13,7 @@ export declare abstract class EnforcerBase<TokenV extends TokenVersion, Req, Res
     protected readonly filterFlow: IPhase<Req, Res>;
     protected readonly enforceFlow: IPhase<Req, Res>;
     protected readonly postEnforceFlow: IPhase<Req, Res>;
+    protected readonly endEnforcerFlow: IPhase<Req, Res>;
     protected readonly activityClient: IActivityClient<Req, Res>;
     /**
      * Constructs the concrete request context given the provided EnforceArgs.
@@ -42,7 +43,7 @@ export declare abstract class EnforcerBase<TokenV extends TokenVersion, Req, Res
      * @returns Promise<Res> - A Promise resolving to Res.
      * @protected
      */
-    protected abstract convertToRes(response: IMinimalResponse): Promise<Res>;
+    protected abstract convertToRes(response: IMinimalResponse, ...args: EnforceArgs): Promise<Res>;
     /**
      * Converts the Res object into the IOutgoingResponse interface.
      * @param args - PostEnforceArgs

package/lib/enforcer/EnforcerBase.js

@@ -12,10 +12,11 @@ import { DefaultTelemetry } from '../telemetry';
 import { DefaultTokenV2Parser, DefaultTokenV3Parser, TokenVersion } from '../risk_token';
 import { DefaultCors } from '../cors';
 import { PostRiskApiClientV2, PostRiskApiClientV3 } from '../risk_api';
-import { EnforceFlow, FilterFlow, PostEnforceFlow } from '../phase';
+import { EndEnforcerFlow, EnforceFlow, FilterFlow, PostEnforceFlow } from '../phase';
 import { AccountDefender, BotDefender, CredentialIntelligence, ProductName } from '../products';
 import { HttpActivityClient, HttpBatchedActivityClient } from '../activities';
 import { DefaultGraphQLParser } from '../graphql';
+import { HttpLogServiceClient } from '../logger';
 export class EnforcerBase {
     /**
      * The EnforcerBase constructor.
@@ -30,6 +31,7 @@ export class EnforcerBase {
         this.filterFlow = new FilterFlow(config, initializationBlock);
         this.enforceFlow = new EnforceFlow(config, initializationBlock);
         this.postEnforceFlow = new PostEnforceFlow(config, initializationBlock);
+        this.endEnforcerFlow = new EndEnforcerFlow(config, initializationBlock);
     }
     /**
      * The central function that triggers enforcement on the incoming request.
@@ -62,11 +64,16 @@ export class EnforcerBase {
             const context = yield this.constructContext(...args);
             let result = yield this.filterFlow.execute(context);
             if (result.done) {
-                return result.response ? this.convertToRes(result.response) : null;
+                yield this.endEnforcerFlow.execute(context);
+                return result.response ? this.convertToRes(result.response, ...args) : null;
             }
             this.preserveContext(context, ...args);
             result = yield this.enforceFlow.execute(context);
-            return result.response ? this.convertToRes(result.response) : null;
+            if (result.response) {
+                yield this.endEnforcerFlow.execute(context);
+                return this.convertToRes(result.response, ...args);
+            }
+            return null;
         });
     }
     /**
@@ -83,6 +90,7 @@ export class EnforcerBase {
                     context.response = yield this.convertToOutgoingResponse(...args);
                     yield this.postEnforceFlow.execute(context);
                 }
+                yield this.endEnforcerFlow.execute(context);
             }
             catch (e) {
                 this.config.logger.error(`caught error in post enforce - ${e}`);
@@ -124,6 +132,7 @@ export class EnforcerBase {
             (config.maxActivityBatchSize > 1
                 ? new HttpBatchedActivityClient(config, httpClient)
                 : new HttpActivityClient(config, httpClient));
+        const logServiceClient = options.logServiceClient || (config.loggerAuthToken ? new HttpLogServiceClient(config, httpClient) : null);
         const allOptions = {
             httpClient,
             base64Utils,
@@ -137,6 +146,7 @@ export class EnforcerBase {
             tokenParser,
             riskApiClient,
             activityClient,
+            logServiceClient,
         };
         const products = this.initializeProducts(config, options.products, base64Utils, hashUtils, ipRangeChecker);
         return Object.assign({ products }, allOptions);

package/lib/enforcer/options/EnforcerBaseOptions.d.ts

@@ -8,6 +8,7 @@ import { IRiskApiClient } from '../../risk_api';
 import { IActivityClient } from '../../activities';
 import { Products } from '../../products';
 import { IGraphQLParser } from '../../graphql';
+import { ILogServiceClient } from '../../logger';
 export type EnforcerBaseOptions<Req, Res> = {
     httpClient: IHttpClient;
     base64Utils: IBase64Utils;
@@ -22,4 +23,5 @@ export type EnforcerBaseOptions<Req, Res> = {
     telemetry?: ITelemetry<Req, Res>;
     riskApiClient?: IRiskApiClient<Req, Res>;
     activityClient?: IActivityClient<Req, Res>;
+    logServiceClient?: ILogServiceClient<Req, Res>;
 };

package/lib/logger/HttpLogServiceClient.d.ts

@@ -0,0 +1,17 @@
+import { EnrichedLogRecord, LogRecord } from './model';
+import { ReadonlyContext } from '../context';
+import { IConfiguration } from '../config';
+import { IHttpClient } from '../http';
+import { ILogger } from '../logger';
+import { ILogServiceClient } from './ILogServiceClient';
+export declare class HttpLogServiceClient<Req, Res> implements ILogServiceClient<Req, Res> {
+    protected readonly appId: string;
+    protected readonly backendUrl: string;
+    protected readonly loggerAuthToken: string;
+    protected readonly logger: ILogger;
+    protected readonly httpClient: IHttpClient;
+    constructor(config: IConfiguration<Req, Res>, httpClient: IHttpClient);
+    sendLogs(context: ReadonlyContext<Req, Res>, logs: LogRecord[]): Promise<void>;
+    protected enrichLogRecord(context: ReadonlyContext<Req, Res>, log: LogRecord): EnrichedLogRecord;
+    protected postLogs(logRecords: EnrichedLogRecord[]): Promise<boolean>;
+}

package/lib/logger/HttpLogServiceClient.js

@@ -0,0 +1,60 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { EXTERNAL_LOGGER_SERVICE_PATH } from './constants';
+import { AUTHORIZATION_HEADER_NAME, CONTENT_TYPE_HEADER_NAME, ContentType, HttpMethod, OutgoingRequestImpl, } from '../http';
+import { getAuthorizationHeader } from '../utils';
+export class HttpLogServiceClient {
+    constructor(config, httpClient) {
+        this.appId = config.appId;
+        this.backendUrl = config.backendScoreApiUrl;
+        this.loggerAuthToken = config.loggerAuthToken;
+        this.logger = config.logger;
+        this.httpClient = httpClient;
+    }
+    sendLogs(context, logs) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const enrichedLogs = logs.map((log) => this.enrichLogRecord(context, log));
+                yield this.postLogs(enrichedLogs);
+            }
+            catch (e) {
+                this.logger.error(`unable to send logs: ${e}`);
+            }
+        });
+    }
+    enrichLogRecord(context, log) {
+        const requestData = context.requestData;
+        const url = new URL(requestData.rawUrl);
+        const logMeta = {
+            container: 'enforcer',
+            appID: this.appId,
+            method: requestData.method,
+            host: url.host,
+            url: requestData.rawUrl,
+            path: url.pathname + requestData.url.search,
+            requestId: context.requestId,
+        };
+        return Object.assign(Object.assign({}, logMeta), log);
+    }
+    postLogs(logRecords) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const url = `${this.backendUrl}${EXTERNAL_LOGGER_SERVICE_PATH}`;
+            const method = HttpMethod.POST;
+            const headers = {
+                [CONTENT_TYPE_HEADER_NAME]: [ContentType.APPLICATION_JSON],
+                [AUTHORIZATION_HEADER_NAME]: [getAuthorizationHeader(this.loggerAuthToken)],
+            };
+            const body = JSON.stringify(logRecords);
+            const req = new OutgoingRequestImpl({ url, method, headers, body });
+            const res = yield this.httpClient.send(req);
+            return (res === null || res === void 0 ? void 0 : res.status) === 200;
+        });
+    }
+}

package/lib/logger/ILogServiceClient.d.ts

@@ -0,0 +1,6 @@
+import { ReadonlyContext } from '../context';
+import { LogRecord } from './model';
+import { AsyncOrSync } from 'ts-essentials';
+export interface ILogServiceClient<Req, Res> {
+    sendLogs(context: ReadonlyContext<Req, Res>, logs: LogRecord[]): AsyncOrSync<void>;
+}

package/lib/logger/ILogServiceClient.js

@@ -0,0 +1 @@
+export {};

package/lib/logger/ILogger.d.ts

@@ -1,4 +1,5 @@
 import { LoggerSeverity } from './LoggerSeverity';
+import { LogRecord } from './model';
 export interface ILogger {
     /**
      * @returns LoggerSeverity - The current logger severity.
@@ -21,4 +22,9 @@ export interface ILogger {
      * @returns void
      */
     error(message: string): void;
+    /**
+     * Get all the saved logs for that request
+     * @returns LogRecord[]
+     */
+    getLogs(): LogRecord[];
 }

package/lib/logger/LoggerBase.d.ts

@@ -1,8 +1,10 @@
 import { ILogger } from './ILogger';
 import { LoggerSeverity } from './LoggerSeverity';
+import { LogRecord } from './model';
 export declare abstract class LoggerBase implements ILogger {
-    private loggerSeverity;
-    protected constructor(loggerSeverity?: LoggerSeverity);
+    protected loggerSeverity: LoggerSeverity;
+    protected logs: LogRecord[];
+    protected constructor(loggerSeverity?: LoggerSeverity, logs?: LogRecord[]);
     protected abstract log(message: string): void;
     debug(message: string): void;
     error(message: string): void;
@@ -10,4 +12,6 @@ export declare abstract class LoggerBase implements ILogger {
     setLoggerSeverity(loggerSeverity: LoggerSeverity): void;
     protected logError(message: string): void;
     protected logDebug(message: string): void;
+    getLogs(): LogRecord[];
+    protected recordLog(message: string, loggerSeverity: LoggerSeverity): void;
 }

package/lib/logger/LoggerBase.js

@@ -1,14 +1,17 @@
 import { LoggerSeverity } from './LoggerSeverity';
 export class LoggerBase {
-    constructor(loggerSeverity = LoggerSeverity.ERROR) {
+    constructor(loggerSeverity = LoggerSeverity.ERROR, logs = []) {
         this.loggerSeverity = loggerSeverity;
+        this.logs = logs;
     }
     debug(message) {
+        this.recordLog(message, LoggerSeverity.DEBUG);
         if (this.loggerSeverity == LoggerSeverity.DEBUG) {
             this.logDebug(message);
         }
     }
     error(message) {
+        this.recordLog(message, LoggerSeverity.ERROR);
         if (this.loggerSeverity != LoggerSeverity.NONE) {
             this.logError(message);
         }
@@ -27,4 +30,12 @@ export class LoggerBase {
     logDebug(message) {
         this.log(message);
     }
+    // default implementation, can be overridden
+    getLogs() {
+        return this.logs;
+    }
+    recordLog(message, loggerSeverity) {
+        const logRecord = { message: message, severity: loggerSeverity, messageTimestamp: Date.now() };
+        this.logs.push(logRecord);
+    }
 }

package/lib/logger/constants.d.ts

@@ -0,0 +1,2 @@
+export declare const X_PX_ENFORCER_LOG_HEADER = "x-px-enforcer-log";
+export declare const EXTERNAL_LOGGER_SERVICE_PATH = "/enforcer-logs/";

package/lib/logger/constants.js

@@ -0,0 +1,2 @@
+export const X_PX_ENFORCER_LOG_HEADER = 'x-px-enforcer-log';
+export const EXTERNAL_LOGGER_SERVICE_PATH = '/enforcer-logs/';

package/lib/logger/index.d.ts

@@ -1,4 +1,8 @@
 export { ILogger } from './ILogger';
+export { ILogServiceClient } from './ILogServiceClient';
 export { LoggerBase } from './LoggerBase';
+export { HttpLogServiceClient } from './HttpLogServiceClient';
 export { DefaultLogger } from './DefaultLogger';
 export { LoggerSeverity } from './LoggerSeverity';
+export * from './constants';
+export * from './model';

package/lib/logger/index.js

@@ -1,3 +1,6 @@
 export { LoggerBase } from './LoggerBase';
+export { HttpLogServiceClient } from './HttpLogServiceClient';
 export { DefaultLogger } from './DefaultLogger';
 export { LoggerSeverity } from './LoggerSeverity';
+export * from './constants';
+export * from './model';

package/lib/logger/model/EnrichedLogRecord.d.ts

@@ -0,0 +1,3 @@
+import { LogMetadata } from './LogMetadata';
+import { LogRecord } from './LogRecord';
+export type EnrichedLogRecord = LogMetadata & LogRecord;

package/lib/logger/model/EnrichedLogRecord.js

@@ -0,0 +1 @@
+export {};

package/lib/logger/model/LogMetadata.d.ts

@@ -0,0 +1,9 @@
+export type LogMetadata = {
+    container: string;
+    appID: string;
+    method: string;
+    host: string;
+    url: string;
+    path: string;
+    requestId: string;
+};

package/lib/logger/model/LogMetadata.js

@@ -0,0 +1 @@
+export {};

package/lib/logger/model/LogRecord.d.ts

@@ -0,0 +1,6 @@
+import { LoggerSeverity } from '../LoggerSeverity';
+export type LogRecord = {
+    message: string;
+    severity: LoggerSeverity;
+    messageTimestamp: number;
+};

package/lib/logger/model/LogRecord.js

@@ -0,0 +1 @@
+export {};

package/lib/logger/model/index.d.ts

@@ -0,0 +1,3 @@
+export * from './LogMetadata';
+export * from './LogRecord';
+export * from './EnrichedLogRecord';

package/lib/logger/model/index.js

@@ -0,0 +1,3 @@
+export * from './LogMetadata';
+export * from './LogRecord';
+export * from './EnrichedLogRecord';

package/lib/phase/flow/EndEnforcerFlow.d.ts

@@ -0,0 +1,6 @@
+import { IConfiguration } from '../../config';
+import { CompositePhase } from '../impl';
+import { EnforcerBaseOptions } from '../../enforcer';
+export declare class EndEnforcerFlow<Req, Res> extends CompositePhase<Req, Res> {
+    constructor(config: IConfiguration<Req, Res>, { logServiceClient }: Required<EnforcerBaseOptions<Req, Res>>);
+}

package/lib/phase/flow/EndEnforcerFlow.js

@@ -0,0 +1,10 @@
+import { CompositePhase, SendLogsPhase } from '../impl';
+export class EndEnforcerFlow extends CompositePhase {
+    constructor(config, { logServiceClient }) {
+        const phasesArray = [];
+        if (logServiceClient) {
+            phasesArray.push(new SendLogsPhase(config, logServiceClient));
+        }
+        super(phasesArray);
+    }
+}

package/lib/phase/flow/index.d.ts

@@ -1,3 +1,4 @@
 export * from './FilterFlow';
 export * from './EnforceFlow';
 export * from './PostEnforceFlow';
+export * from './EndEnforcerFlow';

package/lib/phase/flow/index.js

@@ -1,3 +1,4 @@
 export * from './FilterFlow';
 export * from './EnforceFlow';
 export * from './PostEnforceFlow';
+export * from './EndEnforcerFlow';

package/lib/phase/impl/SendLogsPhase.d.ts

@@ -0,0 +1,11 @@
+import { IContext } from '../../context';
+import { IPhase } from '../IPhase';
+import { PhaseResult } from '../PhaseResult';
+import { IConfiguration } from '../../config';
+import { ILogServiceClient } from '../../logger';
+export declare class SendLogsPhase<Req, Res> implements IPhase<Req, Res> {
+    private readonly config;
+    private readonly logServiceClient;
+    constructor(config: IConfiguration<Req, Res>, logServiceClient: ILogServiceClient<Req, Res>);
+    execute(context: IContext<Req, Res>): Promise<PhaseResult>;
+}

package/lib/phase/impl/SendLogsPhase.js

@@ -0,0 +1,26 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { X_PX_ENFORCER_LOG_HEADER } from '../../logger';
+export class SendLogsPhase {
+    constructor(config, logServiceClient) {
+        this.config = config;
+        this.logServiceClient = logServiceClient;
+    }
+    execute(context) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            const headerValue = (_a = context.requestData.headers[X_PX_ENFORCER_LOG_HEADER]) === null || _a === void 0 ? void 0 : _a[0];
+            if (headerValue == this.config.loggerAuthToken) {
+                yield this.logServiceClient.sendLogs(context, this.config.logger.getLogs());
+            }
+            return { done: false };
+        });
+    }
+}

package/lib/phase/impl/index.d.ts

@@ -14,3 +14,4 @@ export * from './SendAsyncActivitiesOnRequestPhase';
 export * from './SendAsyncActivitiesOnResponsePhase';
 export * from './AdditionalActivityHandlerPhase';
 export * from './CompositePhase';
+export * from './SendLogsPhase';

package/lib/phase/impl/index.js

@@ -14,3 +14,4 @@ export * from './SendAsyncActivitiesOnRequestPhase';
 export * from './SendAsyncActivitiesOnResponsePhase';
 export * from './AdditionalActivityHandlerPhase';
 export * from './CompositePhase';
+export * from './SendLogsPhase';

package/lib/products/bot_defender/filter/DefaultBotDefenderFilter.js

@@ -9,7 +9,11 @@ export class DefaultBotDefenderFilter {
     shouldFilter(context) {
         const { requestData } = context;
         const filterReason = this.getFilterReason(requestData);
-        return filterReason !== FilterReason.NONE;
+        if (filterReason !== FilterReason.NONE) {
+            this.config.logger.debug(`filter request due to ${filterReason}`);
+            return true;
+        }
+        return false;
     }
     getFilterReason(request) {
         if (this.shouldFilterByExtension(request)) {

package/lib/utils/constants.d.ts

@@ -8,4 +8,4 @@ export declare const X_PX_AUTHORIZATION_HEADER_NAME = "x-px-authorization";
 export declare const X_PX_ORIGINAL_TOKEN_HEADER_NAME = "x-px-original-token";
 export declare const X_PX_BYPASS_REASON_HEADER_NAME = "x-px-bypass-reason";
 export declare const EMAIL_ADDRESS_REGEX: RegExp;
-export declare const CORE_MODULE_VERSION = "JS Core 0.7.0";
+export declare const CORE_MODULE_VERSION = "JS Core 0.7.1";

package/lib/utils/constants.js

@@ -8,4 +8,4 @@ export const X_PX_AUTHORIZATION_HEADER_NAME = 'x-px-authorization';
 export const X_PX_ORIGINAL_TOKEN_HEADER_NAME = 'x-px-original-token';
 export const X_PX_BYPASS_REASON_HEADER_NAME = 'x-px-bypass-reason';
 export const EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
-export const CORE_MODULE_VERSION = 'JS Core 0.7.0';
+export const CORE_MODULE_VERSION = 'JS Core 0.7.1';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "perimeterx-js-core",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "description": "",
   "main": "lib/index.js",
   "type": "module",