Allow captcha config to be set on an IP and user basis

Author: forgetso

packages/provider/src/api/block.ts

@@ -11,16 +11,17 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-import type { KeyringPair } from "@polkadot/keyring/types";
-import { hexToU8a, isHex } from "@polkadot/util";
-import { validateAddress } from "@polkadot/util-crypto/address";
-import { ProsopoApiError, ProsopoEnvError } from "@prosopo/common";
+
+import { getLoggerDefault } from "@prosopo/common";
 import { ApiPrefix } from "@prosopo/types";
 import type { ProviderEnvironment } from "@prosopo/types-env";
 import type { NextFunction, Request, Response } from "express";
-import { Address6 } from "ip-address";
+import { checkIpRules } from "../rules/ip.js";
+import { checkUserRules } from "../rules/user.js";
 import { getIPAddress } from "../util.js";
 
+const logger = getLoggerDefault();
+
 export const blockMiddleware = (env: ProviderEnvironment) => {
 	return async (req: Request, res: Response, next: NextFunction) => {
 		try {
@@ -32,7 +33,7 @@ export const blockMiddleware = (env: ProviderEnvironment) => {
 
 			// if no IP block
 			if (!req.ip) {
-				console.log("No IP", req.ip);
+				logger.info("No IP", req.ip);
 				return res.status(401).json({ error: "Unauthorized" });
 			}
 
@@ -41,47 +42,32 @@ export const blockMiddleware = (env: ProviderEnvironment) => {
 			const ipAddress = getIPAddress(req.ip || "");
 			const userAccount = req.headers["Prosopo-User"] || req.body.user;
 			const dappAccount = req.headers["Prosopo-Site-Key"] || req.body.dapp;
-			const rule = await env.getDb().getIPBlockRuleRecord(ipAddress.bigInt());
-			if (rule && BigInt(rule.ip) === ipAddress.bigInt()) {
-				// block by IP address globally
-				if (rule.global && rule.hardBlock) {
-					return res.status(401).json({ error: "Unauthorized" });
-				}
 
-				if (dappAccount) {
-					const dappRule = await env
-						.getDb()
-						.getIPBlockRuleRecord(ipAddress.bigInt(), dappAccount);
-					if (
-						dappRule?.hardBlock &&
-						dappRule.dappAccount === dappAccount &&
-						BigInt(dappRule.ip) === ipAddress.bigInt()
-					) {
-						return res.status(401).json({ error: "Unauthorized" });
-					}
-				}
+			// get matching IP rules
+			const rule = await checkIpRules(env.getDb(), ipAddress, dappAccount);
+
+			// block if hard block
+			if (rule?.hardBlock) {
+				return res.status(401).json({ error: "Unauthorized" });
 			}
 
-			if (userAccount && dappAccount) {
-				const rule = await env
-					.getDb()
-					.getUserBlockRuleRecord(userAccount, dappAccount);
+			// get matching user rules
+			const userRule = await checkUserRules(
+				env.getDb(),
+				userAccount,
+				dappAccount,
+			);
 
-				if (
-					rule &&
-					rule.userAccount === userAccount &&
-					rule.dappAccount === dappAccount &&
-					rule.hardBlock
-				) {
-					return res.status(401).json({ error: "Unauthorized" });
-				}
+			// block if hard block
+			if (userRule?.hardBlock) {
+				return res.status(401).json({ error: "Unauthorized" });
 			}
 
 			next();
 			return;
 		} catch (err) {
-			console.error("Block Middleware Error:", err);
-			res.status(401).json({ error: "Unauthorized", message: err });
+			logger.error("Block Middleware Error:", err);
+			res.status(401).json({ error: "Unauthorized" });
 			return;
 		}
 	};

packages/provider/src/api/captcha.ts

@@ -62,6 +62,17 @@ export function prosopoRouter(env: ProviderEnvironment): Router {
 	 */
 	router.post(ApiPaths.GetImageCaptchaChallenge, async (req, res, next) => {
 		let parsed: CaptchaRequestBodyTypeOutput;
+
+		if (!req.ip) {
+			return next(
+				new ProsopoApiError("API.BAD_REQUEST", {
+					context: { code: 400, error: "IP address not found" },
+				}),
+			);
+		}
+
+		const ipAddress = getIPAddress(req.ip || "");
+
 		try {
 			parsed = CaptchaRequestBody.parse(req.body);
 		} catch (err) {
@@ -97,12 +108,19 @@ export function prosopoRouter(env: ProviderEnvironment): Router {
 				);
 			}
 
+			const captchaConfig = await tasks.imgCaptchaManager.getCaptchaConfig(
+				ipAddress,
+				user,
+				dapp,
+			);
+
 			const taskData =
 				await tasks.imgCaptchaManager.getRandomCaptchasAndRequestHash(
 					datasetId,
 					user,
-					getIPAddress(req.ip || ""),
+					ipAddress,
 					flatten(req.headers),
+					captchaConfig,
 				);
 			const captchaResponse: CaptchaResponseBody = {
 				[ApiParams.status]: "ok",

packages/provider/src/rules/ip.ts

@@ -0,0 +1,32 @@
+import type { BlockRule, IProviderDatabase } from "@prosopo/types-database";
+import type { Address4, Address6 } from "ip-address";
+
+export const checkIpRules = async (
+	db: IProviderDatabase,
+	ipAddress: Address4 | Address6,
+	dapp: string,
+): Promise<BlockRule | undefined> => {
+	const rule = await db.getIPBlockRuleRecord(ipAddress.bigInt());
+
+	if (rule && BigInt(rule.ip) === ipAddress.bigInt()) {
+		// block by IP address globally
+		if (rule.global) {
+			return rule;
+		}
+
+		if (rule.dappAccount === dapp) {
+			return rule;
+		}
+	}
+
+	const dappRule = await db.getIPBlockRuleRecord(ipAddress.bigInt(), dapp);
+	if (
+		dappRule &&
+		dappRule.dappAccount === dapp &&
+		BigInt(dappRule.ip) === ipAddress.bigInt()
+	) {
+		return rule;
+	}
+
+	return undefined;
+};

packages/provider/src/rules/lang.ts

@@ -0,0 +1,21 @@
+import type { ProsopoConfigOutput } from "@prosopo/types";
+
+export const checkLangRules = (
+	config: ProsopoConfigOutput,
+	acceptLanguage: string,
+): number => {
+	const lConfig = config.lRules;
+	let lScore = 0;
+	if (lConfig) {
+		const languages = acceptLanguage
+			.split(",")
+			.map((lang) => lang.trim().split(";")[0]);
+
+		for (const lang of languages) {
+			if (lang && lConfig[lang]) {
+				lScore += lConfig[lang];
+			}
+		}
+	}
+	return lScore;
+};

packages/provider/src/rules/user.ts

@@ -0,0 +1,18 @@
+import type { BlockRule, IProviderDatabase } from "@prosopo/types-database";
+
+export const checkUserRules = async (
+	db: IProviderDatabase,
+	user: string,
+	dapp: string,
+): Promise<BlockRule | undefined> => {
+	const userRule = await db.getUserBlockRuleRecord(user, dapp);
+
+	if (
+		userRule &&
+		userRule.userAccount === user &&
+		userRule.dappAccount === dapp
+	) {
+		return userRule;
+	}
+	return undefined;
+};

packages/provider/src/tasks/frictionless/frictionlessTasks.ts

@@ -30,9 +30,9 @@ import { at, verifyRecency } from "@prosopo/util";
 import type { Address4, Address6 } from "ip-address";
 import type { ObjectId } from "mongoose";
 import { v4 as uuidv4 } from "uuid";
-
-const logger = getLoggerDefault();
-const DEFAULT_POW_DIFFICULTY = 4;
+import { checkIpRules } from "../../rules/ip.js";
+import { checkLangRules } from "../../rules/lang.js";
+import { checkUserRules } from "../../rules/user.js";
 
 export class FrictionlessManager {
 	config: ProsopoConfigOutput;
@@ -53,57 +53,15 @@ export class FrictionlessManager {
 		ipAddress: Address4 | Address6,
 		dapp: string,
 	): Promise<boolean> {
-		const rule = await this.db.getIPBlockRuleRecord(ipAddress.bigInt());
-
-		if (rule && BigInt(rule.ip) === ipAddress.bigInt()) {
-			// block by IP address globally
-			if (rule.global) {
-				return true;
-			}
-
-			const dappRule = await this.db.getIPBlockRuleRecord(
-				ipAddress.bigInt(),
-				dapp,
-			);
-			if (
-				dappRule &&
-				dappRule.dappAccount === dapp &&
-				BigInt(dappRule.ip) === ipAddress.bigInt()
-			) {
-				return true;
-			}
-		}
-		return false;
+		return !!(await checkIpRules(this.db, ipAddress, dapp));
 	}
 
 	async checkUserRules(user: string, dapp: string): Promise<boolean> {
-		const userRule = await this.db.getUserBlockRuleRecord(user, dapp);
-
-		if (
-			userRule &&
-			userRule.userAccount === user &&
-			userRule.dappAccount === dapp
-		) {
-			return true;
-		}
-		return false;
+		return !!(await checkUserRules(this.db, user, dapp));
 	}
 
 	checkLangRules(acceptLanguage: string): number {
-		const lConfig = this.config.lRules;
-		let lScore = 0;
-		if (lConfig) {
-			const languages = acceptLanguage
-				.split(",")
-				.map((lang) => lang.trim().split(";")[0]);
-
-			for (const lang of languages) {
-				if (lang && lConfig[lang]) {
-					lScore += lConfig[lang];
-				}
-			}
-		}
-		return lScore;
+		return checkLangRules(this.config, acceptLanguage);
 	}
 
 	sendImageCaptcha(): GetFrictionlessCaptchaResponse {

packages/provider/src/tasks/imgCaptcha/imgCaptchaTasks.ts

@@ -31,6 +31,8 @@ import {
 	type Hash,
 	type ImageVerificationResponse,
 	type PendingCaptchaRequest,
+	type ProsopoCaptchaCountConfigSchemaOutput,
+	type ProsopoConfigOutput,
 	type RequestHeaders,
 } from "@prosopo/types";
 import type {
@@ -39,25 +41,28 @@ import type {
 } from "@prosopo/types-database";
 import { at } from "@prosopo/util";
 import type { Address4, Address6 } from "ip-address";
+import { checkIpRules } from "../../rules/ip.js";
+import { checkLangRules } from "../../rules/lang.js";
+import { checkUserRules } from "../../rules/user.js";
 import { shuffleArray } from "../../util.js";
 import { buildTreeAndGetCommitmentId } from "./imgCaptchaTasksUtils.js";
 
 export class ImgCaptchaManager {
 	db: IProviderDatabase;
 	pair: KeyringPair;
 	logger: Logger;
-	captchaConfig: CaptchaConfig;
+	config: ProsopoConfigOutput;
 
 	constructor(
 		db: IProviderDatabase,
 		pair: KeyringPair,
 		logger: Logger,
-		captchaConfig: CaptchaConfig,
+		config: ProsopoConfigOutput,
 	) {
 		this.db = db;
 		this.pair = pair;
 		this.logger = logger;
-		this.captchaConfig = captchaConfig;
+		this.config = config;
 	}
 
 	async getCaptchaWithProof(
@@ -85,6 +90,7 @@ export class ImgCaptchaManager {
 		userAccount: string,
 		ipAddress: Address4 | Address6,
 		headers: RequestHeaders,
+		captchaConfig: CaptchaConfig,
 	): Promise<{
 		captchas: Captcha[];
 		requestHash: string;
@@ -103,10 +109,10 @@ export class ImgCaptchaManager {
 		}
 
 		const unsolvedCount: number = Math.abs(
-			Math.trunc(this.captchaConfig.unsolved.count),
+			Math.trunc(captchaConfig.unsolved.count),
 		);
 		const solvedCount: number = Math.abs(
-			Math.trunc(this.captchaConfig.solved.count),
+			Math.trunc(captchaConfig.solved.count),
 		);
 
 		if (!solvedCount) {
@@ -141,7 +147,7 @@ export class ImgCaptchaManager {
 			.map((captcha) => captcha.timeLimitMs || DEFAULT_IMAGE_CAPTCHA_TIMEOUT)
 			.reduce((a, b) => a + b, 0);
 		const deadlineTs = timeLimit + currentTime;
-		const currentBlockNumber = 0; //TEMP
+
 		await this.db.storeDappUserPending(
 			userAccount,
 			requestHash,
@@ -457,4 +463,30 @@ export class ImgCaptchaManager {
 			commitmentId: solution.id.toString(),
 		};
 	}
+
+	async getCaptchaConfig(
+		ipAddress: Address4 | Address6,
+		user: string,
+		dapp: string,
+	): Promise<CaptchaConfig> {
+		const ipRule = await checkIpRules(this.db, ipAddress, dapp);
+		if (ipRule) {
+			return {
+				solved: { count: ipRule?.imageRounds?.solved || 0 },
+				unsolved: { count: ipRule?.imageRounds?.unsolved || 0 },
+			};
+		}
+		const userRule = await checkUserRules(this.db, user, dapp);
+		if (userRule) {
+			return {
+				solved: { count: userRule?.imageRounds?.solved || 0 },
+				unsolved: { count: userRule?.imageRounds?.unsolved || 0 },
+			};
+		}
+		return this.config.captchas;
+	}
+
+	checkLangRules(acceptLanguage: string): number {
+		return checkLangRules(this.config, acceptLanguage);
+	}
 }

packages/provider/src/tasks/tasks.ts

@@ -60,7 +60,7 @@ export class Tasks {
 			this.db,
 			this.pair,
 			this.logger,
-			this.captchaConfig,
+			this.config,
 		);
 		this.clientTaskManager = new ClientTaskManager(
 			this.config,