Merge pull request #162 from PerimeterX/dev

Version 2.12.1

Author: Johnny Tordgeman

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.12.1] - 2021-05-25
+
+### Fixed
+
+-   Wrong reporting for bypass monitor header.
+
 ## [2.12.0] - 2021-04-08
 
 ### Added

README.md

@@ -6,7 +6,7 @@
 [PerimeterX](http://www.perimeterx.com) Shared base for NodeJS enforcers
 =============================================================
 
-> Latest stable version: [v2.12.0](https://www.npmjs.com/package/perimeterx-node-core)
+> Latest stable version: [v2.12.1](https://www.npmjs.com/package/perimeterx-node-core)
 
 This is a shared base implementation for PerimeterX Express enforcer and future NodeJS enforcers. For a fully functioning implementation example, see the [Node-Express enforcer](https://github.com/PerimeterX/perimeterx-node-express/) implementation.
 

lib/pxapi.js

@@ -37,7 +37,10 @@ function buildRequestData(ctx, config) {
     const uuid = ctx.uuid || '';
     const headers = pxUtil.formatHeaders(ctx.headers, config.SENSITIVE_HEADERS);
     const httpVersion = ctx.httpVersion;
-    const riskMode = config.MODULE_MODE === config.MONITOR_MODE.MONITOR || ctx.monitoredRoute ? 'monitor' : 'active_blocking';
+    const riskMode =
+        (config.MODULE_MODE === config.MONITOR_MODE.MONITOR && !ctx.shouldBypassMonitor) || ctx.monitoredRoute
+            ? 'monitor'
+            : 'active_blocking';
 
     const data = {
         request: {
@@ -122,7 +125,9 @@ function evalByServerCall(ctx, config, callback) {
                 ctx.passReason = PassReason.S2S_TIMEOUT;
                 return callback(ScoreEvaluateAction.S2S_TIMEOUT_PASS);
             }
-            config.logger.error(`Unexpected exception while evaluating Risk API. ${err.errorReason}:${err.errorMessage}`);
+            config.logger.error(
+                `Unexpected exception while evaluating Risk API. ${err.errorReason}:${err.errorMessage}`,
+            );
             ctx.passReason = PassReason.S2S_ERROR;
             ctx.s2sErrorInfo = err;
             return callback(ScoreEvaluateAction.UNEXPECTED_RESULT);
@@ -172,7 +177,10 @@ function isBadRiskScore(riskResponse, ctx, config) {
     if (!riskResponse || !pxUtil.verifyDefined(riskResponse.score) || !riskResponse.action) {
         ctx.passReason = PassReason.S2S_ERROR;
         if (!ctx.s2sErrorInfo) {
-            ctx.s2sErrorInfo = new S2SErrorInfo(S2SErrorReason.INVALID_RESPONSE, `Response is ${JSON.stringify(riskResponse)}`);
+            ctx.s2sErrorInfo = new S2SErrorInfo(
+                S2SErrorReason.INVALID_RESPONSE,
+                `Response is ${JSON.stringify(riskResponse)}`,
+            );
         }
         return -1;
     }

lib/pxconfig.js

@@ -79,7 +79,7 @@ class PxConfig {
                 this.PX_DEFAULT,
                 params,
                 targetKey,
-                sourceKey
+                sourceKey,
             );
         });
 
@@ -101,7 +101,7 @@ class PxConfig {
             this.PX_INTERNAL,
             params,
             'MODULE_VERSION',
-            'moduleVersion'
+            'moduleVersion',
         );
 
         //update config

lib/pxcontext.js

@@ -23,6 +23,7 @@ class PxContext {
         this.enforcedRoute = this.isSpecialRoute(config.ENFORCED_ROUTES, this.uri);
         this.whitelistRoute = this.isSpecialRoute(config.WHITELIST_ROUTES, this.uri);
         this.monitoredRoute = !this.enforcedRoute && this.isSpecialRoute(config.MONITORED_ROUTES, this.uri);
+        this.shouldBypassMonitor = config.BYPASS_MONITOR_HEADER && req.headers[config.BYPASS_MONITOR_HEADER] === '1';
         this.cookieOrigin = 'cookie';
         this.additionalFields = additionalFields || {};
         const mobileHeader = this.headers[mobileSdkHeader];

lib/pxenforcer.js

@@ -210,10 +210,14 @@ class PxEnforcer {
                     return callback(ScoreEvaluateAction.S2S_PASS_TRAFFIC);
                 }
 
-                this.logger.debug(`Risk API response returned successfully, risk score: ${ctx.score}, round_trip_time: ${ctx.riskRtt}ms`);
+                this.logger.debug(
+                    `Risk API response returned successfully, risk score: ${ctx.score}, round_trip_time: ${ctx.riskRtt}ms`,
+                );
 
                 if (action === ScoreEvaluateAction.GOOD_SCORE) {
-                    this.logger.debug(`Risk score is lower than blocking score. score: ${ctx.score} blocking score: ${this._config.BLOCKING_SCORE}`);
+                    this.logger.debug(
+                        `Risk score is lower than blocking score. score: ${ctx.score} blocking score: ${this._config.BLOCKING_SCORE}`,
+                    );
                     return callback(ScoreEvaluateAction.S2S_PASS_TRAFFIC);
                 }
 
@@ -248,13 +252,16 @@ class PxEnforcer {
 
     handleVerification(ctx, req, res, cb) {
         const verified = ctx.score < this._config.BLOCKING_SCORE;
+
         if (res) {
             const setCookie = res.getHeader('Set-Cookie') ? res.getHeader('Set-Cookie') : '';
             const secure = this._config.PXHD_SECURE ? '; Secure' : '';
             const pxhdCookie = ctx.pxhdServer ? `_pxhd=${ctx.pxhdServer} ${secure}` : '';
             const setCookieModified = [setCookie, pxhdCookie].filter(Boolean);
             if (setCookieModified.length > 0) {
-                const expires = `expires=${new Date(new Date().getTime() + Constants.MILLISECONDS_IN_YEAR).toUTCString()}`;
+                const expires = `expires=${new Date(
+                    new Date().getTime() + Constants.MILLISECONDS_IN_YEAR,
+                ).toUTCString()}`;
                 res.setHeader('Set-Cookie', `${setCookieModified}; ${expires}`);
             }
         }
@@ -285,8 +292,7 @@ class PxEnforcer {
         }
 
         // If verified, pass the request here
-        const shouldBypassMonitor = this._config.BYPASS_MONITOR_HEADER && req.headers[this._config.BYPASS_MONITOR_HEADER] === '1';
-        if (verified || ctx.monitoredRoute || (this._config.MODULE_MODE === this._config.MONITOR_MODE.MONITOR && !shouldBypassMonitor)) {
+        if (verified || pxUtil.isReqInMonitorMode(this._config, ctx)) {
             return cb();
         }
 
@@ -299,7 +305,9 @@ class PxEnforcer {
             ctx.blockAction !== 'r';
 
         this.logger.debug(
-            `Enforcing action: ${pxUtil.parseAction(ctx.blockAction)} page is served ${isJsonResponse ? 'using advanced protection mode' : ''}`,
+            `Enforcing action: ${pxUtil.parseAction(ctx.blockAction)} page is served ${
+                isJsonResponse ? 'using advanced protection mode' : ''
+            }`,
         );
         const config = this._config;
         this.generateResponse(ctx, isJsonResponse, function (responseObject) {
@@ -369,7 +377,9 @@ class PxEnforcer {
         }
 
         if (this._config.EXTERNAL_ACTIVITIES && req) {
-            req.headers['x-px-pagerequested'] = JSON.stringify(this.pxClient.generateActivity('page_requested', details, ctx, this._config));
+            req.headers['x-px-pagerequested'] = JSON.stringify(
+                this.pxClient.generateActivity('page_requested', details, ctx, this._config),
+            );
         } else {
             this.logger.debug('Sending page requested activity');
             this.pxClient.sendToPerimeterX('page_requested', details, ctx, this._config);
@@ -396,7 +406,7 @@ class PxEnforcer {
             block_module: 'px-node-express',
             block_score: ctx.score,
             module_version: this.pxConfig.conf.MODULE_VERSION,
-            simulated_block: this._config.MODULE_MODE === this._config.MONITOR_MODE.MONITOR || ctx.monitoredRoute,
+            simulated_block: pxUtil.isReqInMonitorMode(this._config, ctx),
             ...ctx.additionalFields,
         };
 
@@ -431,17 +441,17 @@ class PxEnforcer {
 
     getProps(ctx) {
         let jsClientSrc = `//${this._config.CLIENT_HOST}/${this._config.PX_APP_ID}/main.min.js`;
-        let captchaSrc = `//${this._config.CAPTCHA_HOST}/${this._config.PX_APP_ID}/captcha.js?a=${ctx.blockAction}&u=${ctx.uuid}&v=${
-            ctx.vid || ''
-        }&m=${ctx.isMobile() ? '1' : '0'}`;
+        let captchaSrc = `//${this._config.CAPTCHA_HOST}/${this._config.PX_APP_ID}/captcha.js?a=${ctx.blockAction}&u=${
+            ctx.uuid
+        }&v=${ctx.vid || ''}&m=${ctx.isMobile() ? '1' : '0'}`;
         let hostUrl = ctx.collectorUrl;
 
         if (this._config.FIRST_PARTY_ENABLED && !ctx.isMobile()) {
             const prefix = this._config.PX_APP_ID.substring(2);
             jsClientSrc = `/${prefix}${this._config.FIRST_PARTY_VENDOR_PATH}`;
-            captchaSrc = `/${prefix}${this._config.FIRST_PARTY_CAPTCHA_PATH}/captcha.js?a=${ctx.blockAction}&u=${ctx.uuid}&v=${ctx.vid || ''}&m=${
-                ctx.isMobile() ? '1' : '0'
-            }`;
+            captchaSrc = `/${prefix}${this._config.FIRST_PARTY_CAPTCHA_PATH}/captcha.js?a=${ctx.blockAction}&u=${
+                ctx.uuid
+            }&v=${ctx.vid || ''}&m=${ctx.isMobile() ? '1' : '0'}`;
             hostUrl = `/${prefix}${this._config.FIRST_PARTY_XHR_PATH}`;
         }
 

lib/pxutil.js

@@ -243,6 +243,12 @@ function generateHMAC(cookieSecret, payload) {
     return hmacCreator.read();
 }
 
+function isReqInMonitorMode(pxConfig, pxCtx) {
+    return (
+        (pxConfig.MODULE_MODE === pxConfig.MONITOR_MODE.MONITOR && !pxCtx.shouldBypassMonitor) || pxCtx.monitoredRoute
+    );
+}
+
 module.exports = {
     formatHeaders,
     filterSensitiveHeaders,
@@ -259,4 +265,5 @@ module.exports = {
     sha256,
     isStringMatchWith,
     generateHMAC,
+    isReqInMonitorMode,
 };

package.json

@@ -1,6 +1,6 @@
 {
     "name": "perimeterx-node-core",
-    "version": "2.12.0",
+    "version": "2.12.1",
     "description": "PerimeterX NodeJS shared core for various applications to monitor and block traffic according to PerimeterX risk score",
     "main": "index.js",
     "scripts": {