feat: use v2 fingerprint

Author: e-moran

analyze/edge-light.ts

@@ -1,4 +1,4 @@
-import type { ArcjetLogger } from "@arcjet/protocol";
+import type { ArcjetLogger, ArcjetRequestDetails } from "@arcjet/protocol";
 
 import * as core from "./wasm/arcjet_analyze_js_req.component.js";
 import type {
@@ -14,6 +14,7 @@ import componentCore3Wasm from "./wasm/arcjet_analyze_js_req.component.core3.was
 
 interface AnalyzeContext {
   log: ArcjetLogger;
+  characteristics: string[];
 }
 
 async function moduleFromPath(path: string): Promise<WebAssembly.Module> {
@@ -72,45 +73,19 @@ export {
 /**
  * Generate a fingerprint for the client. This is used to identify the client
  * across multiple requests.
- * @param ip - The IP address of the client.
+ * @param context - The Arcjet Analyze context.
+ * @param request - The request to fingerprint.
+ * @param characteristics - The characteristics on which to fingerprint the request.
  * @returns A SHA-256 string fingerprint.
  */
 export async function generateFingerprint(
   context: AnalyzeContext,
-  ip: string,
+  request: Partial<ArcjetRequestDetails>,
 ): Promise<string> {
-  if (ip == "") {
-    return "";
-  }
-
   const analyze = await init(context);
 
   if (typeof analyze !== "undefined") {
-    return analyze.generateFingerprint(ip);
-  }
-
-  if (hasSubtleCryptoDigest()) {
-    // Fingerprint v1 is just the IP address
-    const fingerprintRaw = `fp_1_${ip}`;
-
-    // Based on MDN example at
-    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#converting_a_digest_to_a_hex_string
-
-    // Encode the raw fingerprint into a utf-8 Uint8Array
-    const fingerprintUint8 = new TextEncoder().encode(fingerprintRaw);
-    // Hash the message with SHA-256
-    const fingerprintArrayBuffer = await crypto.subtle.digest(
-      "SHA-256",
-      fingerprintUint8,
-    );
-    // Convert the ArrayBuffer to a byte array
-    const fingerprintArray = Array.from(new Uint8Array(fingerprintArrayBuffer));
-    // Convert the bytes to a hex string
-    const fingerprint = fingerprintArray
-      .map((b) => b.toString(16).padStart(2, "0"))
-      .join("");
-
-    return fingerprint;
+    return analyze.generateFingerprint(JSON.stringify(request), context.characteristics);
   }
 
   return "";
@@ -149,24 +124,3 @@ export async function detectBot(
     };
   }
 }
-
-function hasSubtleCryptoDigest() {
-  if (typeof crypto === "undefined") {
-    return false;
-  }
-
-  if (!("subtle" in crypto)) {
-    return false;
-  }
-  if (typeof crypto.subtle === "undefined") {
-    return false;
-  }
-  if (!("digest" in crypto.subtle)) {
-    return false;
-  }
-  if (typeof crypto.subtle.digest !== "function") {
-    return false;
-  }
-
-  return true;
-}

analyze/index.ts

@@ -1,4 +1,4 @@
-import type { ArcjetLogger } from "@arcjet/protocol";
+import type { ArcjetLogger, ArcjetRequestDetails } from "@arcjet/protocol";
 
 import * as core from "./wasm/arcjet_analyze_js_req.component.js";
 import type {
@@ -14,6 +14,7 @@ import { wasm as componentCore3Wasm } from "./wasm/arcjet_analyze_js_req.compone
 
 interface AnalyzeContext {
   log: ArcjetLogger;
+  characteristics: string[];
 }
 
 // TODO: Do we actually need this wasmCache or does `import` cache correctly?
@@ -86,45 +87,18 @@ export {
 /**
  * Generate a fingerprint for the client. This is used to identify the client
  * across multiple requests.
- * @param ip - The IP address of the client.
+ * @param context - The Arcjet Analyze context.
+ * @param request - The request to fingerprint.
  * @returns A SHA-256 string fingerprint.
  */
 export async function generateFingerprint(
   context: AnalyzeContext,
-  ip: string,
+  request: Partial<ArcjetRequestDetails>,
 ): Promise<string> {
-  if (ip == "") {
-    return "";
-  }
-
   const analyze = await init(context);
 
   if (typeof analyze !== "undefined") {
-    return analyze.generateFingerprint(ip);
-  }
-
-  if (hasSubtleCryptoDigest()) {
-    // Fingerprint v1 is just the IP address
-    const fingerprintRaw = `fp_1_${ip}`;
-
-    // Based on MDN example at
-    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#converting_a_digest_to_a_hex_string
-
-    // Encode the raw fingerprint into a utf-8 Uint8Array
-    const fingerprintUint8 = new TextEncoder().encode(fingerprintRaw);
-    // Hash the message with SHA-256
-    const fingerprintArrayBuffer = await crypto.subtle.digest(
-      "SHA-256",
-      fingerprintUint8,
-    );
-    // Convert the ArrayBuffer to a byte array
-    const fingerprintArray = Array.from(new Uint8Array(fingerprintArrayBuffer));
-    // Convert the bytes to a hex string
-    const fingerprint = fingerprintArray
-      .map((b) => b.toString(16).padStart(2, "0"))
-      .join("");
-
-    return fingerprint;
+    return analyze.generateFingerprint(JSON.stringify(request), context.characteristics);
   }
 
   return "";
@@ -163,24 +137,3 @@ export async function detectBot(
     };
   }
 }
-
-function hasSubtleCryptoDigest() {
-  if (typeof crypto === "undefined") {
-    return false;
-  }
-
-  if (!("subtle" in crypto)) {
-    return false;
-  }
-  if (typeof crypto.subtle === "undefined") {
-    return false;
-  }
-  if (!("digest" in crypto.subtle)) {
-    return false;
-  }
-  if (typeof crypto.subtle.digest !== "function") {
-    return false;
-  }
-
-  return true;
-}

analyze/wasm/arcjet_analyze_js_req.component.core.wasm

@@ -28,7 +28,7 @@ export interface ImportObject {
 }
 export interface Root {
   detectBot(headers: string, patternsAdd: string, patternsRemove: string): BotDetectionResult,
-  generateFingerprint(ip: string): string,
+  generateFingerprint(request: string, characteristics: string[]): string,
   isValidEmail(candidate: string, options: EmailValidationConfig | undefined): boolean,
 }
 

analyze/wasm/arcjet_analyze_js_req.component.core2.wasm

@@ -163,15 +163,25 @@ async function instantiate(getCoreModule, imports, instantiateCore = WebAssembly
     return variant5.val;
   }
 
-  function generateFingerprint(arg0) {
+  function generateFingerprint(arg0, arg1) {
     var ptr0 = utf8Encode(arg0, realloc0, memory0);
     var len0 = utf8EncodedLen;
-    const ret = exports1['generate-fingerprint'](ptr0, len0);
-    var ptr1 = dataView(memory0).getInt32(ret + 0, true);
-    var len1 = dataView(memory0).getInt32(ret + 4, true);
-    var result1 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr1, len1));
+    var vec2 = arg1;
+    var len2 = vec2.length;
+    var result2 = realloc0(0, 0, 4, len2 * 8);
+    for (let i = 0; i < vec2.length; i++) {
+      const e = vec2[i];
+      const base = result2 + i * 8;var ptr1 = utf8Encode(e, realloc0, memory0);
+      var len1 = utf8EncodedLen;
+      dataView(memory0).setInt32(base + 4, len1, true);
+      dataView(memory0).setInt32(base + 0, ptr1, true);
+    }
+    const ret = exports1['generate-fingerprint'](ptr0, len0, result2, len2);
+    var ptr3 = dataView(memory0).getInt32(ret + 0, true);
+    var len3 = dataView(memory0).getInt32(ret + 4, true);
+    var result3 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr3, len3));
     postReturn1(ret);
-    return result1;
+    return result3;
   }
 
   function isValidEmail(arg0, arg1) {

analyze/wasm/arcjet_analyze_js_req.component.core3.wasm

@@ -1,4 +1,4 @@
-import type { ArcjetLogger } from "@arcjet/protocol";
+import type { ArcjetLogger, ArcjetRequestDetails } from "@arcjet/protocol";
 
 import * as core from "./wasm/arcjet_analyze_js_req.component.js";
 import type {
@@ -14,6 +14,7 @@ import componentCore3Wasm from "./wasm/arcjet_analyze_js_req.component.core3.was
 
 interface AnalyzeContext {
   log: ArcjetLogger;
+  characteristics: string[];
 }
 
 async function moduleFromPath(path: string): Promise<WebAssembly.Module> {
@@ -72,45 +73,19 @@ export {
 /**
  * Generate a fingerprint for the client. This is used to identify the client
  * across multiple requests.
- * @param ip - The IP address of the client.
+ * @param context - The Arcjet Analyze context.
+ * @param request - The request to fingerprint.
+ * @param characteristics - The characteristics on which to fingerprint the request.
  * @returns A SHA-256 string fingerprint.
  */
 export async function generateFingerprint(
   context: AnalyzeContext,
-  ip: string,
+  request: Partial<ArcjetRequestDetails>,
 ): Promise<string> {
-  if (ip == "") {
-    return "";
-  }
-
   const analyze = await init(context);
 
   if (typeof analyze !== "undefined") {
-    return analyze.generateFingerprint(ip);
-  }
-
-  if (hasSubtleCryptoDigest()) {
-    // Fingerprint v1 is just the IP address
-    const fingerprintRaw = `fp_1_${ip}`;
-
-    // Based on MDN example at
-    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#converting_a_digest_to_a_hex_string
-
-    // Encode the raw fingerprint into a utf-8 Uint8Array
-    const fingerprintUint8 = new TextEncoder().encode(fingerprintRaw);
-    // Hash the message with SHA-256
-    const fingerprintArrayBuffer = await crypto.subtle.digest(
-      "SHA-256",
-      fingerprintUint8,
-    );
-    // Convert the ArrayBuffer to a byte array
-    const fingerprintArray = Array.from(new Uint8Array(fingerprintArrayBuffer));
-    // Convert the bytes to a hex string
-    const fingerprint = fingerprintArray
-      .map((b) => b.toString(16).padStart(2, "0"))
-      .join("");
-
-    return fingerprint;
+    return analyze.generateFingerprint(JSON.stringify(request), context.characteristics);
   }
 
   return "";
@@ -149,24 +124,3 @@ export async function detectBot(
     };
   }
 }
-
-function hasSubtleCryptoDigest() {
-  if (typeof crypto === "undefined") {
-    return false;
-  }
-
-  if (!("subtle" in crypto)) {
-    return false;
-  }
-  if (typeof crypto.subtle === "undefined") {
-    return false;
-  }
-  if (!("digest" in crypto.subtle)) {
-    return false;
-  }
-  if (typeof crypto.subtle.digest !== "function") {
-    return false;
-  }
-
-  return true;
-}