Merge pull request #50 from PerimeterX/dev

Dev

Author: chennakarpx

changelog.md

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.1.0] - 2020-09-01
+### Added
+ - Added option to set a different px configuration on each request
+ - Added types validation on configuration fields
+
+### Fixed
+ - New cookie logic for mobile requests
+ - Renamed api_connect_timeout to api_timeout_conncection on default configuration
+ - Removed unsapported configuration fields: max_buffer_len and local_proxy
+ - Send cookie_origin only if there is a cookie
+
 ## [2.0.0] - 2020-07-24
 ### Added
  - Added fields to Block Activity: simulated_block, http_version, http_method, risk_rtt, px_orig_cookie

lib/perimeter_x.rb

@@ -11,122 +11,122 @@
 require 'perimeterx/internal/clients/perimeter_x_activity_client'
 require 'perimeterx/internal/validators/perimeter_x_s2s_validator'
 require 'perimeterx/internal/validators/perimeter_x_cookie_validator'
+require 'perimeterx/internal/exceptions/px_config_exception'
 
 module PxModule
   # Module expose API
-  def px_verify_request
-    px_ctx = PerimeterX.instance.verify(request.env)
-    px_config = PerimeterX.instance.px_config
-    msg_title = 'PxModule[px_verify_request]'
-
-    # In case custom verification handler is in use
-    if px_config.key?(:custom_verification_handler)
-      px_config[:logger].debug("#{msg_title}: custom_verification_handler triggered")
-      return instance_exec(px_ctx, &px_config[:custom_verification_handler])
-    end
+  def px_verify_request(request_config={})    
+    begin
+      px_instance = PerimeterX.new(request_config)
+      px_ctx = px_instance.verify(request.env)
+      px_config = px_instance.px_config
+
+      msg_title = 'PxModule[px_verify_request]'
+
+      # In case custom verification handler is in use
+      if px_config.key?(:custom_verification_handler)
+        px_config[:logger].debug("#{msg_title}: custom_verification_handler triggered")
+        return instance_exec(px_ctx, &px_config[:custom_verification_handler])
+      end
 
-    unless px_ctx.nil? || px_ctx.context[:verified] || (px_config[:module_mode] == PxModule::MONITOR_MODE && !px_ctx.context[:should_bypass_monitor])
-      # In case custom block handler exists (soon to be deprecated)
-      if px_config.key?(:custom_block_handler)
-        px_config[:logger].debug("#{msg_title}: custom_block_handler triggered")
-        px_config[:logger].debug(
-            "#{msg_title}: Please note that custom_block_handler is deprecated. Use custom_verification_handler instead.")
-        return instance_exec(px_ctx, &px_config[:custom_block_handler])
-      else
-        if px_ctx.context[:block_action]== 'rate_limit'
-          px_config[:logger].debug("#{msg_title}: sending rate limit page")
-          response.status = 429
+      unless px_ctx.nil? || px_ctx.context[:verified] || (px_config[:module_mode] == PxModule::MONITOR_MODE && !px_ctx.context[:should_bypass_monitor])
+        # In case custom block handler exists (soon to be deprecated)
+        if px_config.key?(:custom_block_handler)
+          px_config[:logger].debug("#{msg_title}: custom_block_handler triggered")
+          px_config[:logger].debug(
+              "#{msg_title}: Please note that custom_block_handler is deprecated. Use custom_verification_handler instead.")
+          return instance_exec(px_ctx, &px_config[:custom_block_handler])
         else
-          px_config[:logger].debug("#{msg_title}: sending default block page")
-          response.status = 403
-        end
-
-        is_mobile = px_ctx.context[:cookie_origin] == 'header' ? '1' : '0'
-        action = px_ctx.context[:block_action][0,1]
-
-        px_template_object = {
-          block_script: "//#{PxModule::CAPTCHA_HOST}/#{px_config[:app_id]}/captcha.js?a=#{action}&u=#{px_ctx.context[:uuid]}&v=#{px_ctx.context[:vid]}&m=#{is_mobile}",
-          js_client_src: "//#{PxModule::CLIENT_HOST}/#{px_config[:app_id]}/main.min.js"
-        }
-
-        html = PxTemplateFactory.get_template(px_ctx, px_config, px_template_object)
+          if px_ctx.context[:block_action]== 'rate_limit'
+            px_config[:logger].debug("#{msg_title}: sending rate limit page")
+            response.status = 429
+          else
+            px_config[:logger].debug("#{msg_title}: sending default block page")
+            response.status = 403
+          end
 
-        # Web handler
-        if px_ctx.context[:cookie_origin] == 'cookie'
+          is_mobile = px_ctx.context[:cookie_origin] == 'header' ? '1' : '0'
+          action = px_ctx.context[:block_action][0,1]
 
-          accept_header_value = request.headers['accept'] || request.headers['content-type'];
-          is_json_response = px_ctx.context[:block_action] != 'rate_limit' && accept_header_value && accept_header_value.split(',').select {|e| e.downcase.include? 'application/json'}.length > 0;
+          px_template_object = {
+            block_script: "//#{PxModule::CAPTCHA_HOST}/#{px_config[:app_id]}/captcha.js?a=#{action}&u=#{px_ctx.context[:uuid]}&v=#{px_ctx.context[:vid]}&m=#{is_mobile}",
+            js_client_src: "//#{PxModule::CLIENT_HOST}/#{px_config[:app_id]}/main.min.js"
+          }
 
-          if (is_json_response)
-            px_config[:logger].debug("#{msg_title}: advanced blocking response response")
+          html = PxTemplateFactory.get_template(px_ctx, px_config, px_template_object)
+
+          # Web handler
+          if px_ctx.context[:cookie_origin] == 'cookie'
+
+            accept_header_value = request.headers['accept'] || request.headers['content-type'];
+            is_json_response = px_ctx.context[:block_action] != 'rate_limit' && accept_header_value && accept_header_value.split(',').select {|e| e.downcase.include? 'application/json'}.length > 0;
+
+            if (is_json_response)
+              px_config[:logger].debug("#{msg_title}: advanced blocking response response")
+              response.headers['Content-Type'] = 'application/json'
+
+              hash_json = {
+                  :appId => px_config[:app_id],
+                  :jsClientSrc => px_template_object[:js_client_src],
+                  :firstPartyEnabled => false,
+                  :uuid => px_ctx.context[:uuid],
+                  :vid => px_ctx.context[:vid],
+                  :hostUrl => "https://collector-#{px_config[:app_id]}.perimeterx.net",
+                  :blockScript => px_template_object[:block_script],
+              }
+
+              render :json => hash_json
+            else
+              px_config[:logger].debug('#{msg_title}: web block')
+              response.headers['Content-Type'] = 'text/html'
+              render :html => html
+            end
+          else # Mobile SDK
+            px_config[:logger].debug("#{msg_title}: mobile sdk block")
             response.headers['Content-Type'] = 'application/json'
-
             hash_json = {
-                :appId => px_config[:app_id],
-                :jsClientSrc => px_template_object[:js_client_src],
-                :firstPartyEnabled => false,
+                :action => px_ctx.context[:block_action],
                 :uuid => px_ctx.context[:uuid],
                 :vid => px_ctx.context[:vid],
-                :hostUrl => "https://collector-#{px_config[:app_id]}.perimeterx.net",
-                :blockScript => px_template_object[:block_script],
+                :appId => px_config[:app_id],
+                :page => Base64.strict_encode64(html),
+                :collectorUrl => "https://collector-#{px_config[:app_id]}.perimeterx.net"
             }
-
             render :json => hash_json
-          else
-            px_config[:logger].debug('#{msg_title}: web block')
-            response.headers['Content-Type'] = 'text/html'
-            render :html => html
           end
-        else # Mobile SDK
-          px_config[:logger].debug("#{msg_title}: mobile sdk block")
-          response.headers['Content-Type'] = 'application/json'
-          hash_json = {
-              :action => px_ctx.context[:block_action],
-              :uuid => px_ctx.context[:uuid],
-              :vid => px_ctx.context[:vid],
-              :appId => px_config[:app_id],
-              :page => Base64.strict_encode64(html),
-              :collectorUrl => "https://collector-#{px_config[:app_id]}.perimeterx.net"
-          }
-          render :json => hash_json
         end
       end
-    end
 
-    # Request was verified
-    return px_ctx.nil? ? true : px_ctx.context[:verified]
+      # Request was verified
+      return px_ctx.nil? ? true : px_ctx.context[:verified]
+      
+    rescue PxConfigurationException
+      raise
+    rescue Exception => e
+      error_logger = PxLogger.new(true)
+      error_logger.error("#{e.backtrace.first}: #{e.message} (#{e.class})")
+      e.backtrace.drop(1).map {|s| error_logger.error("\t#{s}")}
+      return nil
+    end
   end
 
-  def self.configure(params)
-    @px_instance = PerimeterX.configure(params)
+  def self.configure(basic_config)
+    PerimeterX.set_basic_config(basic_config)
   end
 
 
   # PerimeterX Module
   class PerimeterX
-    @@__instance = nil
-    @@mutex = Mutex.new
 
     attr_reader :px_config
     attr_accessor :px_http_client
     attr_accessor :px_activity_client
 
     #Static methods
-    def self.configure(params)
-      return true if @@__instance
-      @@mutex.synchronize {
-        return @@__instance if @@__instance
-        @@__instance = new(params)
-      }
-      return true
+    def self.set_basic_config(basic_config)
+      Configuration.set_basic_config(basic_config)
     end
 
-    def self.instance
-      return @@__instance if !@@__instance.nil?
-      raise Exception.new('Please initialize perimeter x first')
-    end
-
-
     #Instance Methods
     def verify(env)
       begin
@@ -155,6 +155,9 @@ def verify(env)
         # Cookie phase
         cookie_verified, px_ctx = @px_cookie_validator.verify(px_ctx)
         if !cookie_verified
+          if !px_ctx.context[:mobile_error].nil?
+            px_ctx.context[:s2s_call_reason] = "mobile_error_#{px_ctx.context[:mobile_error]}"
+          end
           @px_s2s_validator.verify(px_ctx)
         end
 
@@ -166,8 +169,9 @@ def verify(env)
       end
     end
 
-    private def initialize(params)
-      @px_config = Configuration.new(params).configuration
+    def initialize(request_config)
+
+      @px_config = Configuration.new(request_config).configuration
       @logger = @px_config[:logger]
       @px_http_client = PxHttpClient.new(@px_config)
 
@@ -219,6 +223,5 @@ def verify(env)
       false
     end
 
-    private_class_method :new
   end
 end

lib/perimeterx/configuration.rb

@@ -1,11 +1,13 @@
 require 'perimeterx/utils/px_logger'
 require 'perimeterx/utils/px_constants'
+require 'perimeterx/internal/validators/hash_schema_validator'
 
 module PxModule
   class Configuration
+    @@basic_config = nil
+    @@mutex = Mutex.new
 
     attr_accessor :configuration
-    attr_accessor :PX_DEFAULT
 
     PX_DEFAULT = {
       :app_id                       => nil,
@@ -16,15 +18,13 @@ class Configuration
       :encryption_enabled           => true,
       :blocking_score               => 100,
       :sensitive_headers            => ["http-cookie", "http-cookies"],
-      :api_connect_timeout          => 1,
+      :api_timeout_connection       => 1,
       :api_timeout                  => 1,
-      :max_buffer_len               => 10,
       :send_page_activities         => true,
       :send_block_activities        => true,
       :sdk_name                     => PxModule::SDK_NAME,
       :debug                        => false,
       :module_mode                  => PxModule::MONITOR_MODE,
-      :local_proxy                  => false,
       :sensitive_routes             => [],
       :whitelist_routes             => [],
       :ip_headers                   => [],
@@ -33,9 +33,54 @@ class Configuration
       :risk_cookie_max_iterations   => 5000
     }
 
+    CONFIG_SCHEMA = {
+      :app_id                       => {types: [String], required: true},
+      :cookie_key                   => {types: [String], required: true},
+      :auth_token                   => {types: [String], required: true},
+      :module_enabled               => {types: [FalseClass, TrueClass], required: false},
+      :challenge_enabled            => {types: [FalseClass, TrueClass], required: false},
+      :encryption_enabled           => {types: [FalseClass, TrueClass], required: false},
+      :blocking_score               => {types: [Integer], required: false},
+      :sensitive_headers            => {types: [Array], allowed_element_types: [String], required: false},
+      :api_timeout_connection       => {types: [Integer, Float], required: false},
+      :api_timeout                  => {types: [Integer, Float], required: false},
+      :send_page_activities         => {types: [FalseClass, TrueClass], required: false},
+      :send_block_activities        => {types: [FalseClass, TrueClass], required: false},
+      :sdk_name                     => {types: [String], required: false},
+      :debug                        => {types: [FalseClass, TrueClass], required: false},
+      :module_mode                  => {types: [Integer], required: false},
+      :sensitive_routes             => {types: [Array], allowed_element_types: [String], required: false},
+      :whitelist_routes             => {types: [Array], allowed_element_types: [String, Regexp], required: false},
+      :ip_headers                   => {types: [Array], allowed_element_types: [String], required: false},
+      :ip_header_function           => {types: [Proc], required: false},
+      :bypass_monitor_header        => {types: [FalseClass, TrueClass], required: false},
+      :risk_cookie_max_iterations   => {types: [Integer], required: false},
+      :custom_verification_handler  => {types: [Proc], required: false},
+      :additional_activity_handler  => {types: [Proc], required: false},
+      :custom_logo                  => {types: [String], required: false},
+      :css_ref                      => {types: [String], required: false},
+      :js_ref                       => {types: [String], required: false},
+      :custom_uri                   => {types: [Proc], required: false}
+    }
+
+    def self.set_basic_config(basic_config)
+      if @@basic_config.nil?
+        @@mutex.synchronize {          
+          @@basic_config = PX_DEFAULT.merge(basic_config)
+      }
+      end
+    end
+
     def initialize(params)
-      PX_DEFAULT[:backend_url] = "https://sapi-#{params[:app_id].downcase}.perimeterx.net"
-      @configuration = PX_DEFAULT.merge(params)
+      if ! @@basic_config.is_a?(Hash)
+        raise PxConfigurationException.new('PerimeterX: Please initialize PerimeterX first')
+      end
+      
+      # merge request configuration into the basic configuration
+      @configuration = @@basic_config.merge(params)
+      validate_hash_schema(@configuration, CONFIG_SCHEMA)
+      
+      @configuration[:backend_url] = "https://sapi-#{@configuration[:app_id].downcase}.perimeterx.net"
       @configuration[:logger] = PxLogger.new(@configuration[:debug])
     end
   end

lib/perimeterx/internal/clients/perimeter_x_activity_client.rb

@@ -17,8 +17,11 @@ def send_to_perimeterx(activity_type, px_ctx, details = [])
         @px_config[:additional_activity_handler].call(activity_type, px_ctx, details)
       end
 
+      if !px_ctx.context[:px_cookie].empty?
+        details[:cookie_origin] = px_ctx.context[:cookie_origin]
+      end
+
       details[:module_version] = @px_config[:sdk_name]
-      details[:cookie_origin] = px_ctx.context[:cookie_origin]
 
       px_data = {
         :type       => activity_type,

lib/perimeterx/internal/exceptions/px_config_exception.rb

@@ -0,0 +1,6 @@
+class PxConfigurationException < StandardError
+    def initialize(msg)
+     super(msg)
+   end
+  end
+  

lib/perimeterx/internal/perimeter_x_context.rb

@@ -37,12 +37,16 @@ def initialize(px_config, req)
       if req.headers[PxModule::TOKEN_HEADER]
         @context[:cookie_origin] = 'header'
         token = force_utf8(req.headers[PxModule::TOKEN_HEADER])
-        if token.include? ':'
-          exploded_token = token.split(':', 2)
-          cookie_sym = "v#{exploded_token[0]}".to_sym
-          @context[:px_cookie][cookie_sym] = exploded_token[1]
-        else  # TOKEN_HEADER exists yet there's no ':' delimiter - may indicate an error (storing original value)
-          @context[:px_cookie] = force_utf8(req.headers[PxModule::TOKEN_HEADER])
+        if token.match(PxModule::MOBILE_TOKEN_V3_REGEX)
+          @context[:px_cookie][:v3] = token[2..-1]
+        elsif token.match(PxModule::MOBILE_ERROR_REGEX)
+          @context[:mobile_error] = token
+          if req.headers[PxModule::ORIGINAL_TOKEN_HEADER]
+            token = force_utf8(req.headers[PxModule::ORIGINAL_TOKEN_HEADER])
+            if token.match(PxModule::MOBILE_TOKEN_V3_REGEX)
+              @context[:px_cookie][:v3] = token[2..-1]
+            end
+          end
         end
       elsif !cookies.empty? # Get cookie from jar
         # Prepare hashed cookies