diff --git a/CHANGELOG.md b/CHANGELOG.md index f4cb09b..a5d5e53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [7.3.3] - 2024-07-19 +### Fixed +- Fix rate_limit code for JSON responses + + ## [7.3.2] - 2024-07-17 ### Fixed - Fix rate_limit code @@ -23,7 +28,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ### Added - CORS support - Set X-PX-COOKIES as the default custom cookie name -- _M.px_login_creds_settings configuration, to allow specify CI settings in Lua configuration file +- `_M.px_login_creds_settings` configuration, to allow specify CI settings in Lua configuration file ### Changed - rename "px_graphql_paths" to "px_graphql_routes" diff --git a/README.md b/README.md index 3de69fc..978fd84 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # [PerimeterX](http://www.perimeterx.com) NGINX Lua Plugin -> Latest stable version: [v7.3.2](https://luarocks.org/modules/bendpx/perimeterx-nginx-plugin/7.3.2-1) +> Latest stable version: [v7.3.3](https://luarocks.org/modules/bendpx/perimeterx-nginx-plugin/7.3.3-1) ## [Introduction](#introduction) diff --git a/examples/Dockerfile.centos9 b/examples/Dockerfile.centos9 index 862b1ad..416d760 100644 --- a/examples/Dockerfile.centos9 +++ b/examples/Dockerfile.centos9 @@ -16,7 +16,14 @@ RUN luarocks install --lua-version 5.1 luasocket RUN luarocks install --lua-version 5.1 lua-resty-http RUN luarocks install --lua-version 5.1 luacheck RUN luarocks install --lua-version 5.1 lua-resty-nettle -RUN luarocks install --lua-version 5.1 perimeterx-nginx-plugin +#RUN luarocks install --lua-version 5.1 perimeterx-nginx-plugin + +RUN mkdir -p /tmp/px +COPY Makefile /tmp/px/ +COPY lib /tmp/px/lib +COPY t /tmp/t +RUN make -C /tmp/px install + COPY examples/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf COPY examples/creds.json /tmp/creds.json diff --git a/lib/px/block/pxblock.lua b/lib/px/block/pxblock.lua index feb09ee..e54689b 100644 --- a/lib/px/block/pxblock.lua +++ b/lib/px/block/pxblock.lua @@ -145,19 +145,26 @@ function M.load(px_config) local block_action = parse_action(ngx.ctx.px_action) px_logger.debug("Enforcing action: " .. block_action .. " page is served") - local html = px_template.get_template(ngx.ctx.px_action, details.block_uuid, vid) - local collectorUrl = 'https://collector-' .. string.lower(px_config.px_appId) .. '.perimeterx.net' - local result = { - action = block_action, - uuid = details.block_uuid, - vid = vid, - appId = px_config.px_appId, - page = ngx.encode_base64(html), - collectorUrl = collectorUrl - } + local status = ngx_HTTP_FORBIDDEN + local result = {} + if ngx.ctx.px_action == px_constants.RATE_LIMIT_ACTION then + status = ngx_HTTP_TOO_MANY_REQUESTS + else + local html = px_template.get_template(ngx.ctx.px_action, details.block_uuid, vid) + local collectorUrl = 'https://collector-' .. string.lower(px_config.px_appId) .. '.perimeterx.net' + result = { + action = block_action, + uuid = details.block_uuid, + vid = vid, + appId = px_config.px_appId, + page = ngx.encode_base64(html), + collectorUrl = collectorUrl + } + + end append_cors_headers() ngx.header["Content-Type"] = 'application/json' - ngx.status = ngx_HTTP_FORBIDDEN + ngx.status = status ngx.say(cjson.encode(result)) ngx_exit(ngx.OK) return @@ -167,21 +174,27 @@ function M.load(px_config) local accept_header = px_common_utils.get_headers_single("accept") or px_common_utils.get_headers_single("content-type") local is_json_response = px_config.advanced_blocking_response and accept_header and is_accept_header_json(accept_header) and not ngx.ctx.px_is_mobile if is_json_response then - local props = px_template.get_props(px_config, details.block_uuid, vid, parse_action(ngx.ctx.px_action)) - local result = { - appId = props.appId, - jsClientSrc = props.jsClientSrc, - firstPartyEnabled = props.firstPartyEnabled, - vid = props.vid, - uuid = props.uuid, - hostUrl = props.hostUrl, - blockScript = props.blockScript, - customLogo = px_config.customLogo, - altBlockScript = props.altBlockScript - } + local status = ngx_HTTP_FORBIDDEN + local result = {} + if ngx.ctx.px_action == px_constants.RATE_LIMIT_ACTION then + status = ngx_HTTP_TOO_MANY_REQUESTS + else + local props = px_template.get_props(px_config, details.block_uuid, vid, parse_action(ngx.ctx.px_action)) + result = { + appId = props.appId, + jsClientSrc = props.jsClientSrc, + firstPartyEnabled = props.firstPartyEnabled, + vid = props.vid, + uuid = props.uuid, + hostUrl = props.hostUrl, + blockScript = props.blockScript, + customLogo = px_config.customLogo, + altBlockScript = props.altBlockScript + } + end append_cors_headers() ngx.header["Content-Type"] = 'application/json' - ngx.status = ngx_HTTP_FORBIDDEN + ngx.status = status ngx.say(cjson.encode(result)) ngx_exit(ngx.OK) end @@ -192,17 +205,14 @@ function M.load(px_config) -- render advanced actions (js challange/rate limit) if ngx.ctx.px_action ~= 'c' and ngx.ctx.px_action ~= 'b' then - -- default status code - ngx.status = ngx_HTTP_FORBIDDEN local action_name = parse_action(ngx.ctx.px_action) - local body = ngx.ctx.px_action_data or px_template.get_template(action_name, uuid, vid) + local body = ngx.ctx.px_action_data or px_template.get_template(ngx.ctx.px_action, uuid, vid) px_logger.debug("Enforcing action: " .. action_name .. " page is served") - - -- additional handling for actions (status codes, headers, etc) - if ngx.ctx.px_action == 'r' then - ngx.status = ngx_HTTP_TOO_MANY_REQUESTS + local status = ngx_HTTP_FORBIDDEN + if ngx.ctx.px_action == px_constants.RATE_LIMIT_ACTION then + status = ngx_HTTP_TOO_MANY_REQUESTS end - + ngx.status = status ngx_say(body) ngx_exit(ngx.OK) return diff --git a/lib/px/block/pxtemplate.lua b/lib/px/block/pxtemplate.lua index 0470811..e2d3721 100644 --- a/lib/px/block/pxtemplate.lua +++ b/lib/px/block/pxtemplate.lua @@ -102,12 +102,16 @@ function M.load(px_config) local function get_content(action) local __dirname = get_path() + + -- for Captcha Action local path = 'block_template' - if action == 'ratelimit' then + + if action == px_constants.RATE_LIMIT_ACTION then path = 'ratelimit' elseif action == px_constants.HSC_BLOCK_ACTION then path = 'hypesale_template' end + local template_path = string.format("%stemplates/%s.mustache", __dirname, path) px_logger.debug("fetching template from: " .. template_path) diff --git a/lib/px/utils/pxconstants.lua b/lib/px/utils/pxconstants.lua index 32b7d13..35d1aa9 100644 --- a/lib/px/utils/pxconstants.lua +++ b/lib/px/utils/pxconstants.lua @@ -3,7 +3,7 @@ ---------------------------------------------- local _M = { - MODULE_VERSION = "NGINX Module v7.3.2", + MODULE_VERSION = "NGINX Module v7.3.3", RISK_PATH = "/api/v3/risk", CAPTCHA_PATH = "/api/v2/risk/captcha", ACTIVITIES_PATH = "/api/v1/collector/s2s", @@ -20,6 +20,7 @@ local _M = { HSC_BLOCK_ACTION = 'hsc', HSC_DRC_PROPERTY = 7190, HSC_BLOCK_TYPE = 'pxHypeSaleChallenge', + RATE_LIMIT_ACTION = 'r', GRAPHQL_PATH = "/graphql", GRAPHQL_QUERY = "query", GRAPHQL_MUTATION = "mutation", diff --git a/perimeterx-nginx-plugin-7.3.2-1.rockspec b/perimeterx-nginx-plugin-7.3.3-1.rockspec similarity index 91% rename from perimeterx-nginx-plugin-7.3.2-1.rockspec rename to perimeterx-nginx-plugin-7.3.3-1.rockspec index 82dd5ad..84037fb 100644 --- a/perimeterx-nginx-plugin-7.3.2-1.rockspec +++ b/perimeterx-nginx-plugin-7.3.3-1.rockspec @@ -1,8 +1,8 @@ package = "perimeterx-nginx-plugin" - version = "7.3.2-1" + version = "7.3.3-1" source = { url = "git+https://github.com/PerimeterX/perimeterx-nginx-plugin.git", - tag = "v7.3.2", + tag = "v7.3.3", } description = { summary = "PerimeterX NGINX Lua Middleware.", diff --git a/px_metadata.json b/px_metadata.json index 39338a9..abed9fb 100644 --- a/px_metadata.json +++ b/px_metadata.json @@ -1,6 +1,6 @@ { "module_name" : "NGINX Module", - "version": "7.3.2", + "version": "7.3.3", "spec_version" : "1.0.0", "supported_features": [ "advanced_blocking_response",