Merge pull request #178 from PerimeterX/release/v3.0.1

Release/v3.0.1

Author: ori-gold-px

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [3.0.1] - 2021-10-25
+
+### Added
+
+-   Compromised credentials header support
+
 ## [3.0.0] - 2021-09-26
 
 ### Changed

README.md

@@ -6,7 +6,7 @@
 [PerimeterX](http://www.perimeterx.com) Shared base for NodeJS enforcers
 =============================================================
 
-> Latest stable version: [v3.0.0](https://www.npmjs.com/package/perimeterx-node-core)
+> Latest stable version: [v3.0.1](https://www.npmjs.com/package/perimeterx-node-core)
 
 This is a shared base implementation for PerimeterX Express enforcer and future NodeJS enforcers. For a fully functioning implementation example, see the [Node-Express enforcer](https://github.com/PerimeterX/perimeterx-node-express/) implementation.
 

lib/pxconfig.js

@@ -4,6 +4,7 @@ const HttpsProxyAgent = require('https-proxy-agent');
 const pxutil = require('./pxutil');
 const { ModuleMode } = require('./enums/ModuleMode');
 const { LoggerSeverity } = require('./enums/LoggerSeverity');
+const { DEFAULT_COMPROMISED_CREDENTIALS_HEADER_NAME } = require('./utils/constants');
 
 class PxConfig {
     constructor(params, logger) {
@@ -74,6 +75,7 @@ class PxConfig {
             ['CUSTOM_COOKIE_HEADER', 'px_custom_cookie_header'],
             ['ENABLE_LOGIN_CREDS_EXTRACTION', 'px_login_credentials_extraction_enabled'],
             ['LOGIN_CREDS_EXTRACTION', 'px_login_credentials_extraction'],
+            ['COMPROMISED_CREDENTIALS_HEADER', 'px_compromised_credentials_header'],
         ];
 
         configKeyMapping.forEach(([targetKey, sourceKey]) => {
@@ -300,6 +302,7 @@ function pxDefaultConfig() {
         CUSTOM_COOKIE_HEADER: '',
         ENABLE_LOGIN_CREDS_EXTRACTION: false,
         LOGIN_CREDS_EXTRACTION: [],
+        COMPROMISED_CREDENTIALS_HEADER: DEFAULT_COMPROMISED_CREDENTIALS_HEADER_NAME,
     };
 }
 
@@ -347,6 +350,7 @@ const allowedConfigKeys = [
     'px_custom_cookie_header',
     'px_login_credentials_extraction_enabled',
     'px_login_credentials_extraction',
+    'px_compromised_credentials_header',
 ];
 
 module.exports = PxConfig;

lib/pxenforcer.js

@@ -384,6 +384,10 @@ class PxEnforcer {
             this.setS2SErrorInfo(details, ctx.s2sErrorInfo);
         }
 
+        if (this._config.ENABLE_LOGIN_CREDS_EXTRACTION && ctx.pxde && ctx.pxdeVerified && ctx.pxde.breached_account) {
+            req.headers[this._config.COMPROMISED_CREDENTIALS_HEADER] = JSON.stringify(ctx.pxde.breached_account);
+        }
+
         if (this._config.EXTERNAL_ACTIVITIES && req) {
             req.headers['x-px-pagerequested'] = JSON.stringify(
                 this.pxClient.generateActivity('page_requested', details, ctx, this._config),

lib/utils/constants.js

@@ -5,11 +5,14 @@ const HOURS_IN_DAY = 24;
 const DAYS_IN_YEAR = 365;
 const MILLISECONDS_IN_YEAR = MILLISECONDS_IN_SECOND * SECONDS_IN_MINUTE * MINUTES_IN_HOUR * HOURS_IN_DAY * DAYS_IN_YEAR;
 
+const DEFAULT_COMPROMISED_CREDENTIALS_HEADER_NAME = 'px-compromised-credentials';
+
 module.exports = {
     MILLISECONDS_IN_SECOND,
     SECONDS_IN_MINUTE,
     MINUTES_IN_HOUR,
     HOURS_IN_DAY,
     DAYS_IN_YEAR,
-    MILLISECONDS_IN_YEAR
+    MILLISECONDS_IN_YEAR,
+    DEFAULT_COMPROMISED_CREDENTIALS_HEADER_NAME
 };

package.json

@@ -1,6 +1,6 @@
 {
     "name": "perimeterx-node-core",
-    "version": "3.0.0",
+    "version": "3.0.1",
     "description": "PerimeterX NodeJS shared core for various applications to monitor and block traffic according to PerimeterX risk score",
     "main": "index.js",
     "scripts": {