Merge pull request #42 from PerimeterX/dev

Async custom params and dynamic module enabling

Author: alexbpx

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Change Log
 
+## [v2.2.1](https://github.com/PerimeterX/perimeterx-python-wsgi) (2018-01-03)
+- Added async custom params
+- Added dynamic module enabling/disabling
+- Small performance boost
+- Major refactoring 
+
+## [v2.1.0](https://github.com/PerimeterX/perimeterx-python-wsgi) (2018-12-20)
+- Added data enrichment
+- Fixed mobile catpcha release
+- Added an option to programmatically enable and disable the module
+- Async custom params
+- Fixed performance issues
+- Major refactoring
+
 ## [v2.0.2](https://github.com/PerimeterX/perimeterx-python-wsgi) (2018-12-05)
 - Fixed copying resources to package on pypi.
 

README.md

@@ -4,12 +4,12 @@
 
 [PerimeterX](http://www.perimeterx.com) Python Middleware
 =============================================================
-> Latest stable version: [v2.0.2](https://pypi.org/project/perimeterx-python-wsgi/)
+> Latest stable version: [v2.2.1](https://pypi.org/project/perimeterx-python-wsgi/)
 Table of Contents
 -----------------
 - [Installation](#installation)
-- [Required Configuration](#required_config)
 - [Upgrading](#upgrading)
+- [Required Configuration](#required_config)
 - [Advanced Blocking Response](#advanced_blocking_response)
 - [Optional Configuration](#configuration)
     * [Module Enabled](#module_enabled)
@@ -24,6 +24,7 @@ Table of Contents
     * [First-Party Enabled](#first_party_enabled)
     * [Custom Request Handler](#custom_request_handler)
     * [Additional Activity Handler](#additional_activity_handler)
+    * [Dynamic Module Disabling](#dynamic_module_disabling)
 ## <a name="installation"></a> Installation
 PerimeterX Python middleware is installed via PIP:
 `$ pip install perimeterx-python-wsgi`
@@ -110,7 +111,7 @@ config = {
 An array of route prefixes that trigger a server call to PerimeterX servers every time the page is viewed, regardless of viewing history.
 **Default:** Empty
 ```python
-const config = {
+config = {
   ...
   sensitive_routes: ['/login', '/user/checkout']
   ...
@@ -150,7 +151,7 @@ config = {
 Enable/disable First-Party mode.
 **Default:** True
 ```python
-const pxConfig = {
+config = {
   ...
   first_party_enabled: False
   ...
@@ -179,3 +180,25 @@ config = {
   ...
 }
 ```
+
+#### <a name="pxde"></a>PerimeterX Data Enrichment
+This is a cookie we make available for our costumers, that can provide extra data about the request
+```python
+context.pxde
+context.pxde_verified
+
+```
+
+#### <a name="dynamic_module_disabling"></a>Dynamic Module Disabling
+These are methods that allow the developer to enable or disable the module programmatically
+```python
+from perimeterx.middleware import PerimeterX
+
+app = get_wsgi_application()
+config = {...}
+perimeterX = PerimeterX(app, config)
+...
+perimeterX.disable_module()
+perimeterX.enable_module() 
+```
+

perimeterx/middleware.py

@@ -1,12 +1,11 @@
+import time
+
+from werkzeug.wrappers import Request
+
 import px_activities_client
-import px_cookie_validator
-from px_context import PxContext
-import px_blocker
-import px_api
-import px_constants
-import px_utils
-from perimeterx.px_proxy import PXProxy
 from px_config import PxConfig
+from px_context import PxContext
+from px_request_verifier import PxRequestVerifier
 
 
 class PerimeterX(object):
@@ -15,99 +14,86 @@ def __init__(self, app, config=None):
         # merging user's defined configurations with the default one
         px_config = PxConfig(config)
         logger = px_config.logger
+
         if not px_config.app_id:
-            logger.error('PX App ID is missing')
+            logger.error('Unable to initialize module, missing mandatory configuration: app_id')
             raise ValueError('PX App ID is missing')
 
-        # if APP_ID is not set, use the deafult perimeterx server - else, use the appid specific sapi.
         if not px_config.auth_token:
-            logger.error('PX Auth Token is missing')
+            logger.error('Unable to initialize module, missing mandatory configuration: auth_token')
             raise ValueError('PX Auth Token is missing')
 
         if not px_config.cookie_key:
-            logger.error('PX Cookie Key is missing')
+            logger.error('Unable to initialize module, missing mandatory configuration: px_cookie')
             raise ValueError('PX Cookie Key is missing')
+
         self.reverse_proxy_prefix = px_config.app_id[2:].lower()
-        self._PXBlocker = px_blocker.PXBlocker()
         self._config = px_config
+        self._module_enabled = self._config.module_enabled
+        self._request_verifier = PxRequestVerifier(px_config)
         px_activities_client.init_activities_configuration(px_config)
         px_activities_client.send_enforcer_telemetry_activity(config=px_config, update_reason='initial_config')
 
     def __call__(self, environ, start_response):
-        return self._verify(environ, start_response)
-
-    def _verify(self, environ, start_response):
-        config = self.config
-        logger = config.logger
         try:
-            ctx = PxContext(environ, config)
-            uri = ctx.uri
-            px_proxy = PXProxy(config)
-            if px_proxy.should_reverse_request(uri):
-                body = environ['wsgi.input'].read(int(environ.get('CONTENT_LENGTH'))) if environ.get(
-                    'CONTENT_LENGTH') else ''
-                return px_proxy.handle_reverse_request(self.config, ctx, start_response, body)
-            if px_utils.is_static_file(ctx):
-                logger.debug('Filter static file request. uri: ' + uri)
-                return self.app(environ, start_response)
-            if not self._config._module_enabled:
-                logger.debug('Module is disabled, request will not be verified')
-                return self.app(environ, start_response)
-
-            if ctx.whitelist_route:
-                logger.debug('The requested uri is whitelisted, passing request')
+            start = time.time()
+            context = None
+            request = Request(environ)
+            context, verified_response = self.verify(request)
+            self._config.logger.debug("PerimeterX Enforcer took: {} ms".format((time.time() - start) * 1000))
+            if verified_response is True:
                 return self.app(environ, start_response)
 
-            # PX Cookie verification
-            if not px_cookie_validator.verify(ctx, config):
-                # Server-to-Server verification fallback
-                if not px_api.verify(ctx, self.config):
-                    return self.app(environ, start_response)
-            return self.handle_verification(ctx, self.config, environ, start_response)
-        except:
-            logger.error("Caught exception, passing request")
-            self.pass_traffic(PxContext({}, config))
-            return self.app(environ, start_response)
+            return verified_response(environ, start_response)
 
-    def handle_verification(self, ctx, config, environ, start_response):
-        score = ctx.score
-        result = None
-        headers = None
-        status = None
-        pass_request = True
-        if score < config.blocking_score:
-            self.pass_traffic(ctx)
-        else:
-            pass_request = False
-            self.block_traffic(ctx)
-
-        if config.additional_activity_handler:
-            config.additional_activity_handler(ctx, config)
-
-        if config.module_mode == px_constants.MODULE_MODE_BLOCKING and result is None and not pass_request:
-            result, headers, status = self.px_blocker.handle_blocking(ctx=ctx, config=config)
-        if config.custom_request_handler:
-            custom_body, custom_headers, custom_status = config.custom_request_handler(ctx, self.config, environ)
-            if custom_body is not None:
-                start_response(custom_status, custom_headers)
-                return custom_body
-
-        if headers is not None:
-            start_response(status, headers)
-            return result
-        else:
+        except Exception as err:
+            self._config.logger.error("Caught exception, passing request. Exception: {}".format(err))
+            if context:
+                self.report_pass_traffic(context)
+            else:
+                self.report_pass_traffic(PxContext({}, self._config))
             return self.app(environ, start_response)
 
-    def pass_traffic(self, ctx):
+    def verify(self, request):
+        config = self.config
+        logger = config.logger
+        logger.debug('Starting request verification')
+        ctx = None
+        try:
+            if not self._module_enabled:
+                logger.debug('Request will not be verified, module is disabled')
+                return ctx, True
+            ctx = PxContext(request, config)
+            return ctx, self._request_verifier.verify_request(ctx, request)
+        except Exception as err:
+            logger.error("Caught exception, passing request. Exception: {}".format(err))
+            if ctx:
+                self.report_pass_traffic(ctx)
+            else:
+                self.report_pass_traffic(PxContext({}, config))
+            return True
+
+
+    def report_pass_traffic(self, ctx):
         px_activities_client.send_page_requested_activity(ctx, self.config)
 
-    def block_traffic(self, ctx):
+    def report_block_traffic(self, ctx):
         px_activities_client.send_block_activity(ctx, self.config)
 
     @property
     def config(self):
         return self._config
 
-    @property
-    def px_blocker(self):
-        return self._PXBlocker
+    def disable_module(self):
+        if not self._module_enabled:
+            self._config.logger.debug("Trying to disable the module, module already disabled")
+        else:
+            self._module_enabled = False
+
+    def enable_module(self):
+        if self._module_enabled:
+            self._config.logger.debug("Trying to enable the module, module already enabled")
+        else:
+            self._module_enabled = True
+
+

perimeterx/px_activities_client.py

@@ -1,10 +1,13 @@
-import time
-import px_httpc
+import json
+import socket
+import sys
 import threading
-import traceback, sys
+import time
+import traceback
+
 import px_constants
-import socket
-import json
+import px_httpc
+import px_utils
 
 ACTIVITIES_BUFFER = []
 CONFIG = {}
@@ -39,7 +42,6 @@ def send_to_perimeterx(activity_type, ctx, config, detail):
         if activity_type == 'page_requested' and not config.send_page_activities:
             print 'Page activities disabled in config - skipping.'
             return
-
         _details = {
             'http_method': ctx.http_method,
             'http_version': ctx.http_version,
@@ -52,7 +54,7 @@ def send_to_perimeterx(activity_type, ctx, config, detail):
 
         data = {
             'type': activity_type,
-            'headers': ctx.headers,
+            'headers': dict(ctx.headers),
             'timestamp': int(round(time.time() * 1000)),
             'socket_ip': ctx.ip,
             'px_app_id': config.app_id,
@@ -61,6 +63,9 @@ def send_to_perimeterx(activity_type, ctx, config, detail):
             'vid': ctx.vid,
             'uuid': ctx.uuid
         }
+        if activity_type == 'page_requested' or activity_type == 'block':
+            px_utils.prepare_custom_params(config, _details)
+
         ACTIVITIES_BUFFER.append(data)
     except:
         print traceback.format_exception(*sys.exc_info())