Skip to content

Commit

Permalink
feat: check verification status (#2229)
Browse files Browse the repository at this point in the history
This PR adds support for checking the verification status of bots.
  • Loading branch information
e-moran authored Nov 25, 2024
1 parent f8f6a2d commit 3329fd7
Show file tree
Hide file tree
Showing 17 changed files with 205 additions and 24 deletions.
7 changes: 7 additions & 0 deletions analyze/edge-light.ts
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,11 @@ async function init(
"arcjet:js-req/sensitive-information-identifier": {
detect: detectSensitiveInfo,
},
"arcjet:js-req/verify-bot": {
verify() {
return "unverifiable";
},
},
};

try {
Expand Down Expand Up @@ -174,6 +179,8 @@ export async function detectBot(
return {
allowed: [],
denied: [],
spoofed: false,
verified: false,
};
}
}
Expand Down
7 changes: 7 additions & 0 deletions analyze/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,11 @@ async function init(
"arcjet:js-req/sensitive-information-identifier": {
detect: detectSensitiveInfo,
},
"arcjet:js-req/verify-bot": {
verify() {
return "unverifiable";
},
},
};

try {
Expand Down Expand Up @@ -188,6 +193,8 @@ export async function detectBot(
return {
allowed: [],
denied: [],
spoofed: false,
verified: false,
};
}
}
Expand Down
Binary file modified analyze/wasm/arcjet_analyze_js_req.component.core.wasm
Binary file not shown.
Binary file modified analyze/wasm/arcjet_analyze_js_req.component.core2.wasm
Binary file not shown.
Binary file modified analyze/wasm/arcjet_analyze_js_req.component.core3.wasm
Binary file not shown.
4 changes: 4 additions & 0 deletions analyze/wasm/arcjet_analyze_js_req.component.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -61,12 +61,16 @@ export interface BotConfigDeniedBotConfig {
export interface BotResult {
allowed: Array<BotEntity>,
denied: Array<BotEntity>,
verified: boolean,
spoofed: boolean,
}
import { ArcjetJsReqEmailValidatorOverrides } from './interfaces/arcjet-js-req-email-validator-overrides.js';
import { ArcjetJsReqSensitiveInformationIdentifier } from './interfaces/arcjet-js-req-sensitive-information-identifier.js';
import { ArcjetJsReqVerifyBot } from './interfaces/arcjet-js-req-verify-bot.js';
export interface ImportObject {
'arcjet:js-req/email-validator-overrides': typeof ArcjetJsReqEmailValidatorOverrides,
'arcjet:js-req/sensitive-information-identifier': typeof ArcjetJsReqSensitiveInformationIdentifier,
'arcjet:js-req/verify-bot': typeof ArcjetJsReqVerifyBot,
}
export interface Root {
detectBot(request: string, options: BotConfig): BotResult,
Expand Down
83 changes: 65 additions & 18 deletions analyze/wasm/arcjet_analyze_js_req.component.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta
let dv = new DataView(new ArrayBuffer());
const dataView = mem => dv.buffer === mem.buffer ? dv : dv = new DataView(mem.buffer);

function throwInvalidBool() {
throw new TypeError('invalid variant discriminant for bool');
}

function toUint32(val) {
return val >>> 0;
}
Expand Down Expand Up @@ -40,13 +44,48 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta

const { hasGravatar, hasMxRecords, isDisposableEmail, isFreeEmail } = imports['arcjet:js-req/email-validator-overrides'];
const { detect } = imports['arcjet:js-req/sensitive-information-identifier'];
const { verify } = imports['arcjet:js-req/verify-bot'];
let gen = (function* init () {
let exports0;
let exports1;
let memory0;
let realloc0;

function trampoline0(arg0, arg1) {
function trampoline0(arg0, arg1, arg2, arg3) {
var ptr0 = arg0;
var len0 = arg1;
var result0 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr0, len0));
var ptr1 = arg2;
var len1 = arg3;
var result1 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr1, len1));
const ret = verify(result0, result1);
var val2 = ret;
let enum2;
switch (val2) {
case 'verified': {
enum2 = 0;
break;
}
case 'spoofed': {
enum2 = 1;
break;
}
case 'unverifiable': {
enum2 = 2;
break;
}
default: {
if ((ret) instanceof Error) {
console.error(ret);
}

throw new TypeError(`"${val2}" is not one of the cases of validator-response`);
}
}
return enum2;
}

function trampoline1(arg0, arg1) {
var ptr0 = arg0;
var len0 = arg1;
var result0 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr0, len0));
Expand Down Expand Up @@ -77,7 +116,7 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta
return enum1;
}

function trampoline1(arg0, arg1) {
function trampoline2(arg0, arg1) {
var ptr0 = arg0;
var len0 = arg1;
var result0 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr0, len0));
Expand Down Expand Up @@ -108,7 +147,7 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta
return enum1;
}

function trampoline2(arg0, arg1) {
function trampoline3(arg0, arg1) {
var ptr0 = arg0;
var len0 = arg1;
var result0 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr0, len0));
Expand Down Expand Up @@ -139,7 +178,7 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta
return enum1;
}

function trampoline3(arg0, arg1) {
function trampoline4(arg0, arg1) {
var ptr0 = arg0;
var len0 = arg1;
var result0 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr0, len0));
Expand Down Expand Up @@ -170,7 +209,7 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta
return enum1;
}

function trampoline4(arg0, arg1, arg2) {
function trampoline5(arg0, arg1, arg2) {
var len1 = arg1;
var base1 = arg0;
var result1 = [];
Expand Down Expand Up @@ -238,13 +277,16 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta
({ exports: exports0 } = yield instantiateCore(yield module1));
({ exports: exports1 } = yield instantiateCore(yield module0, {
'arcjet:js-req/email-validator-overrides': {
'has-gravatar': exports0['3'],
'has-mx-records': exports0['2'],
'is-disposable-email': exports0['1'],
'is-free-email': exports0['0'],
'has-gravatar': exports0['4'],
'has-mx-records': exports0['3'],
'is-disposable-email': exports0['2'],
'is-free-email': exports0['1'],
},
'arcjet:js-req/sensitive-information-identifier': {
detect: exports0['4'],
detect: exports0['5'],
},
'arcjet:js-req/verify-bot': {
verify: exports0['0'],
},
}));
memory0 = exports1.memory;
Expand All @@ -257,6 +299,7 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta
'2': trampoline2,
'3': trampoline3,
'4': trampoline4,
'5': trampoline5,
},
}));
postReturn0 = exports1['cabi_post_detect-bot'];
Expand Down Expand Up @@ -317,7 +360,7 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta
}
}
const ret = exports1['detect-bot'](ptr0, len0, variant7_0, variant7_1, variant7_2, variant7_3);
let variant13;
let variant15;
switch (dataView(memory0).getUint8(ret + 0, true)) {
case 0: {
var len9 = dataView(memory0).getInt32(ret + 8, true);
Expand All @@ -340,30 +383,34 @@ function instantiate(getCoreModule, imports, instantiateCore = WebAssembly.insta
var result10 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr10, len10));
result11.push(result10);
}
variant13= {
var bool12 = dataView(memory0).getUint8(ret + 20, true);
var bool13 = dataView(memory0).getUint8(ret + 21, true);
variant15= {
tag: 'ok',
val: {
allowed: result9,
denied: result11,
verified: bool12 == 0 ? false : (bool12 == 1 ? true : throwInvalidBool()),
spoofed: bool13 == 0 ? false : (bool13 == 1 ? true : throwInvalidBool()),
}
};
break;
}
case 1: {
var ptr12 = dataView(memory0).getInt32(ret + 4, true);
var len12 = dataView(memory0).getInt32(ret + 8, true);
var result12 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr12, len12));
variant13= {
var ptr14 = dataView(memory0).getInt32(ret + 4, true);
var len14 = dataView(memory0).getInt32(ret + 8, true);
var result14 = utf8Decoder.decode(new Uint8Array(memory0.buffer, ptr14, len14));
variant15= {
tag: 'err',
val: result12
val: result14
};
break;
}
default: {
throw new TypeError('invalid variant discriminant for expected');
}
}
const retVal = variant13;
const retVal = variant15;
postReturn0(ret);
if (typeof retVal === 'object' && retVal.tag === 'err') {
throw new ComponentError(retVal.val);
Expand Down
Binary file modified analyze/wasm/arcjet_analyze_js_req.component.wasm
Binary file not shown.
13 changes: 13 additions & 0 deletions analyze/wasm/interfaces/arcjet-js-req-verify-bot.d.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
export namespace ArcjetJsReqVerifyBot {
export function verify(botId: string, ip: string): ValidatorResponse;
}
/**
* # Variants
*
* ## `"verified"`
*
* ## `"spoofed"`
*
* ## `"unverifiable"`
*/
export type ValidatorResponse = 'verified' | 'spoofed' | 'unverifiable';
7 changes: 7 additions & 0 deletions analyze/workerd.ts
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,11 @@ async function init(
"arcjet:js-req/sensitive-information-identifier": {
detect: detectSensitiveInfo,
},
"arcjet:js-req/verify-bot": {
verify() {
return "unverifiable";
},
},
};

try {
Expand Down Expand Up @@ -174,6 +179,8 @@ export async function detectBot(
return {
allowed: [],
denied: [],
spoofed: false,
verified: false,
};
}
}
Expand Down
4 changes: 4 additions & 0 deletions arcjet/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1099,6 +1099,8 @@ export function detectBot(options: BotOptions): Primitive<{}> {
reason: new ArcjetBotReason({
allowed: result.allowed,
denied: result.denied,
verified: result.verified,
spoofed: result.spoofed,
}),
});
} else {
Expand All @@ -1109,6 +1111,8 @@ export function detectBot(options: BotOptions): Primitive<{}> {
reason: new ArcjetBotReason({
allowed: result.allowed,
denied: result.denied,
verified: result.verified,
spoofed: result.spoofed,
}),
});
}
Expand Down
46 changes: 45 additions & 1 deletion arcjet/test/index.node.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -295,11 +295,47 @@ describe("ArcjetDecision", () => {
const reason = new ArcjetBotReason({
allowed: [],
denied: [],
verified: false,
spoofed: false,
});
expect(reason.isBot()).toEqual(true);
});

test("`isBot()` returns true when reason is not BOT", () => {
test("isVerified() returns the correct value", () => {
const reasonTrue = new ArcjetBotReason({
allowed: [],
denied: [],
verified: true,
spoofed: false,
});
expect(reasonTrue.isVerified()).toEqual(true);
const reasonFalse = new ArcjetBotReason({
allowed: [],
denied: [],
verified: false,
spoofed: false,
});
expect(reasonFalse.isVerified()).toEqual(false);
});

test("isSpoofed() returns the correct value", () => {
const reasonTrue = new ArcjetBotReason({
allowed: [],
denied: [],
verified: false,
spoofed: true,
});
expect(reasonTrue.isSpoofed()).toEqual(true);
const reasonFalse = new ArcjetBotReason({
allowed: [],
denied: [],
verified: false,
spoofed: false,
});
expect(reasonFalse.isSpoofed()).toEqual(false);
});

test("`isBot()` returns false when reason is not BOT", () => {
const reason = new ArcjetTestReason();
expect(reason.isBot()).toEqual(false);
});
Expand Down Expand Up @@ -499,6 +535,8 @@ describe("Primitive > detectBot", () => {
reason: new ArcjetBotReason({
allowed: [],
denied: ["CURL"],
verified: false,
spoofed: false,
}),
});
});
Expand Down Expand Up @@ -552,6 +590,8 @@ describe("Primitive > detectBot", () => {
reason: new ArcjetBotReason({
allowed: [],
denied: ["CURL"],
verified: false,
spoofed: false,
}),
});
const googlebotResults = await rule.protect(context, googlebotDetails);
Expand All @@ -561,6 +601,8 @@ describe("Primitive > detectBot", () => {
reason: new ArcjetBotReason({
allowed: ["GOOGLE_CRAWLER"],
denied: [],
verified: false,
spoofed: false,
}),
});
});
Expand Down Expand Up @@ -601,6 +643,8 @@ describe("Primitive > detectBot", () => {
reason: new ArcjetBotReason({
allowed: ["CURL"],
denied: [],
verified: false,
spoofed: false,
}),
});
});
Expand Down
4 changes: 4 additions & 0 deletions protocol/convert.ts
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,8 @@ export function ArcjetReasonFromProtocol(proto?: Reason) {
return new ArcjetBotReason({
allowed: reason.allowed,
denied: reason.denied,
verified: reason.verified,
spoofed: reason.spoofed,
});
}
case "edgeRule": {
Expand Down Expand Up @@ -302,6 +304,8 @@ export function ArcjetReasonToProtocol(reason: ArcjetReason): Reason {
value: new BotV2Reason({
allowed: reason.allowed,
denied: reason.denied,
verified: reason.verified,
spoofed: reason.spoofed,
}),
},
});
Expand Down
Loading

0 comments on commit 3329fd7

Please sign in to comment.