Merge pull request #27 from PerimeterX/release/v1.2.0

Release to master v1.2.0

Author: chen-zimmer-px

CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.2.0] - 2022-04-11
+### Added
+- New block page implementation
+- Configurable max buffer length
+- Configurable px_backend_url
+- Sending activities at the end of request cycle rather than beginning of the next one
+
 ## [1.1.0] - 2020-09-02
 ### Added
 - Support for `monitored_specific_routes`

README.md

@@ -5,7 +5,7 @@
 
 [PerimeterX](http://www.perimeterx.com) Python 3 Middleware
 =============================================================
-> Latest stable version: [v1.1.0](https://pypi.org/project/perimeterx-python-3-wsgi/)
+> Latest stable version: [v1.2.0](https://pypi.org/project/perimeterx-python-3-wsgi/)
 
 Table of Contents
 -----------------

dev-requirements.txt

@@ -1,3 +1,3 @@
 mock==3.0.5
 requests_mock==1.7.0
-pylint==2.6.1
+pylint==2.7.0

perimeterx/middleware.py

@@ -34,7 +34,6 @@ def __init__(self, app, config=None):
         px_activities_client.init_activities_configuration(px_config)
 
     def __call__(self, environ, start_response):
-        px_activities_client.send_activities_in_thread()
         context = None
         try:
             start = time.time()
@@ -46,6 +45,7 @@ def __call__(self, environ, start_response):
             context, verified_response = self.verify(request)
             pxhd_callback = create_custom_pxhd_callback(context, start_response)
             self._config.logger.debug("PerimeterX Enforcer took: {} ms".format((time.time() - start) * 1000))
+            px_activities_client.send_activities_in_thread()
             if verified_response is True:
                 return self.app(environ, pxhd_callback)
 

perimeterx/px_activities_client.py

@@ -24,13 +24,13 @@ def _send_activities_chunk():
         'Content-Type': 'application/json'
     }
     full_url = CONFIG.server_host + px_constants.API_ACTIVITIES
-    chunk = ACTIVITIES_BUFFER[:10]
+    chunk = ACTIVITIES_BUFFER[:CONFIG.max_buffer_len]
     for _ in range(len(chunk)):
         ACTIVITIES_BUFFER.pop(0)
     px_httpc.send(full_url=full_url, body=json.dumps(chunk), headers=default_headers, config=CONFIG, method='POST')
 
 def send_activities_in_thread():
-    if len(ACTIVITIES_BUFFER) >= 10:
+    if len(ACTIVITIES_BUFFER) >= CONFIG.max_buffer_len:
         CONFIG.logger.debug('Posting {} Activities'.format(len(ACTIVITIES_BUFFER)))
         t1 = threading.Thread(target=_send_activities_chunk)
         t1.daemon = True

perimeterx/px_blocker.py

@@ -73,9 +73,10 @@ def prepare_properties(self, ctx, config):
         app_id = config.app_id
         vid = ctx.vid
         uuid = ctx.uuid
-        custom_logo = config.custom_logo
+        custom_logo = config.custom_logo if config.custom_logo else ''
         is_mobile_num = 1 if ctx.is_mobile else 0
         captcha_uri = 'captcha.js?a={}&u={}&v={}&m={}'.format(ctx.block_action, uuid, vid, is_mobile_num)
+        alt_captcha_src = '//{}/{}/{}'.format(px_constants.ALT_CAPTCHA_HOST, app_id, captcha_uri)
 
         if config.first_party and not ctx.is_mobile:
             prefix = app_id[2:]
@@ -88,18 +89,17 @@ def prepare_properties(self, ctx, config):
             host_url = px_constants.COLLECTOR_URL.format(app_id.lower())
 
         return {
-            'refId': uuid,
             'appId': app_id,
             'vid': vid,
             'uuid': uuid,
             'customLogo': custom_logo,
             'cssRef': config.css_ref,
             'jsRef': config.js_ref,
-            'logoVisibility': 'visible' if custom_logo is not None else 'hidden',
             'hostUrl': host_url,
             'jsClientSrc': js_client_src,
             'firstPartyEnabled': 'true' if config.first_party else 'false',
-            'blockScript': captcha_src
+            'blockScript': captcha_src,
+            'altBlockScript': alt_captcha_src
         }
 
     def is_json_response(self, ctx):

perimeterx/px_config.py

@@ -10,15 +10,16 @@ def __init__(self, config_dict):
         module_mode = config_dict.get('module_mode', px_constants.MODULE_MODE_MONITORING)
         custom_logo = config_dict.get('custom_logo', None)
         testing_mode = config_dict.get('testing_mode', False)
+        px_backend_host = config_dict.get('px_backend_url', None)
+        max_buffer_len = config_dict.get('max_buffer_len', 30)
         self._px_app_id = app_id
         self._blocking_score = config_dict.get('blocking_score', 100)
         self._debug_mode = debug_mode
         self._module_version = config_dict.get('module_version', px_constants.MODULE_VERSION)
         self._module_version = px_constants.MODULE_VERSION.format(' GAE') if os.environ.get('SERVER_SOFTWARE','').startswith('Google') else px_constants.MODULE_VERSION.format('')
         self._module_mode = module_mode
-        self._server_host = 'sapi.perimeterx.net' if app_id is None else px_constants.SERVER_URL.format(app_id.lower())
-        self._collector_host = 'collector.perimeterx.net' if app_id is None else px_constants.COLLECTOR_URL.format(
-            app_id.lower())
+        self._server_host = px_backend_host if px_backend_host else 'sapi.perimeterx.net' if app_id is None else px_constants.SERVER_URL.format(app_id.lower())
+        self._collector_host = px_backend_host if px_backend_host else 'collector.perimeterx.net' if app_id is None else px_constants.COLLECTOR_URL.format(app_id.lower())
         self._encryption_enabled = config_dict.get('encryption_enabled', True)
         self._sensitive_headers = [*map(lambda header: header.lower(),
                                       config_dict.get('sensitive_headers', ['cookie', 'cookies']))]
@@ -36,7 +37,7 @@ def __init__(self, config_dict):
         self._first_party_xhr_enabled = config_dict.get('first_party_xhr_enabled', True)
         self._ip_headers = config_dict.get('ip_headers', [])
         self._proxy_url = config_dict.get('proxy_url', None)
-        self._max_buffer_len = config_dict.get('max_buffer_len', 30)
+        self._max_buffer_len = max_buffer_len if max_buffer_len > 0 else 1
         self._bypass_monitor_header = config_dict.get('bypass_monitor_header','')
 
         sensitive_routes = config_dict.get('sensitive_routes', [])
@@ -80,7 +81,6 @@ def __init__(self, config_dict):
         self._monitored_specific_routes_regex = monitored_routes_regex
 
         self._block_html = 'BLOCK'
-        self._logo_visibility = 'visible' if custom_logo is not None else 'hidden'
         self._telemetry_config = self.__create_telemetry_config()
         self._testing_mode = testing_mode
         self._auth_token = config_dict.get('auth_token', None)
@@ -202,10 +202,6 @@ def whitelist_routes_regex(self):
     def block_html(self):
         return self._block_html
 
-    @property
-    def logo_visibility(self):
-        return self._logo_visibility
-
     @property
     def additional_activity_handler(self):
         return self._additional_activity_handler

perimeterx/px_constants.py

@@ -27,7 +27,7 @@
 EMPTY_GIF_B64 = 'R0lGODlhAQABAPAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=='
 COLLECTOR_HOST = 'collector.perimeterx.net'
 FIRST_PARTY_FORWARDED_FOR = 'X-FORWARDED-FOR'
-MODULE_VERSION = 'Python 3 WSGI Module v1.1.0'
+MODULE_VERSION = 'Python 3 WSGI Module v1.2.0'
 API_RISK = '/api/v3/risk'
 PAGE_REQUESTED_ACTIVITY = 'page_requested'
 BLOCK_ACTIVITY = 'block'
@@ -38,3 +38,4 @@
 ACTION_BLOCK = 'b'
 ACTION_RATELIMIT = 'r'
 ACTION_CAPTCHA = 'c'
+ALT_CAPTCHA_HOST = 'captcha.px-cloud.net'

perimeterx/px_httpc.py

@@ -23,9 +23,9 @@ def send(full_url, body, headers, config, method, raise_error = False):
     try:
         start = time.time()
         if method == 'GET':
-            response = requests.get(url='https://' + full_url, headers=headers, timeout=config.api_timeout, stream=True)
+            response = requests.get(url=normalize_url(full_url), headers=headers, timeout=config.api_timeout, stream=True)
         else:
-            response = requests.post(url='https://' + full_url, headers=headers, data=body, timeout=config.api_timeout)
+            response = requests.post(url=normalize_url(full_url), headers=headers, data=body, timeout=config.api_timeout)
 
         if response.status_code >= 400:
             logger.debug('PerimeterX server call failed: ' + str(response.status_code))
@@ -38,3 +38,10 @@ def send(full_url, body, headers, config, method, raise_error = False):
         logger.debug('PerimeterX Received Request Exception. Error: {}'.format(err))
         if raise_error:
             raise err
+
+
+def normalize_url(url):
+    if url.startswith("http://") or url.startswith("https://"):
+        return url
+    else:
+        return "https://" + url

perimeterx/templates/block_template.mustache

@@ -3,175 +3,42 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <title>Access to this page has been denied.</title>
-    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300" rel="stylesheet">
-    <style>
-        html, body {
-            margin: 0;
-            padding: 0;
-            font-family: 'Open Sans', sans-serif;
-            color: #000;
-        }
-
-        a {
-            color: #c5c5c5;
-            text-decoration: none;
-        }
-
-        .container {
-            align-items: center;
-            display: flex;
-            flex: 1;
-            justify-content: space-between;
-            flex-direction: column;
-            height: 100%;
-        }
-
-        .container > div {
-            width: 100%;
-            display: flex;
-            justify-content: center;
-        }
-
-        .container > div > div {
-            display: flex;
-            width: 80%;
-        }
-
-        .customer-logo-wrapper {
-            padding-top: 2rem;
-            flex-grow: 0;
-            background-color: #fff;
-            visibility: {{logoVisibility}};
-        }
-
-        .customer-logo {
-            border-bottom: 1px solid #000;
-        }
-
-        .customer-logo > img {
-            padding-bottom: 1rem;
-            max-height: 50px;
-            max-width: 100%;
-        }
-
-        .page-title-wrapper {
-            flex-grow: 2;
-        }
-
-        .page-title {
-            flex-direction: column-reverse;
-        }
-
-        .content-wrapper {
-            flex-grow: 5;
-        }
-
-        .content {
-            flex-direction: column;
-        }
-
-        .page-footer-wrapper {
-            align-items: center;
-            flex-grow: 0.2;
-            background-color: #000;
-            color: #c5c5c5;
-            font-size: 70%;
-        }
-
-        @media (min-width: 768px) {
-            html, body {
-                height: 100%;
-            }
-        }
-    </style>
-    <!-- Custom CSS -->
+    <meta name="description" content="px-captcha">
+    <title>Access to this page has been denied</title>
     {{#cssRef}}
-        <link rel="stylesheet" type="text/css" href="{{{cssRef}}}"/>
+        <link rel="stylesheet" type="text/css" href="{{{cssRef}}}">
     {{/cssRef}}
 </head>
-
 <body>
-<section class="container">
-    {{#customLogo}}
-    <div class="customer-logo-wrapper">
-        <div class="customer-logo">
-            <img src="{{customLogo}}" alt="Logo"/>
-        </div>
-    </div>
-    {{/customLogo}}
-    <div class="page-title-wrapper">
-        <div class="page-title">
-            <h1>Please verify you are a human</h1>
-        </div>
-    </div>
-    <div class="content-wrapper">
-        <div class="content">
-
-            <div id="px-captcha">
-            </div>
-            <p>
-                Access to this page has been denied because we believe you are using automation tools to browse the
-                website.
-            </p>
-            <p>
-                This may happen as a result of the following:
-            </p>
-            <ul>
-                <li>
-                    Javascript is disabled or blocked by an extension (ad blockers for example)
-                </li>
-                <li>
-                    Your browser does not support cookies
-                </li>
-            </ul>
-            <p>
-                Please make sure that Javascript and cookies are enabled on your browser and that you are not blocking
-                them from loading.
-            </p>
-            <p>
-                Reference ID: #{{refId}}
-            </p>
-        </div>
-    </div>
-    <div class="page-footer-wrapper">
-        <div class="page-footer">
-            <p>
-                Powered by
-                <a href="https://www.perimeterx.com/whywasiblocked">PerimeterX</a>
-                , Inc.
-            </p>
-        </div>
-    </div>
-</section>
-<!-- Px -->
-<script>
-    window._pxAppId = '{{appId}}';
-    window._pxJsClientSrc = '{{{jsClientSrc}}}';
-    window._pxFirstPartyEnabled = {{firstPartyEnabled}};
-    window._pxVid = '{{vid}}';
-    window._pxUuid = '{{uuid}}';
-    window._pxHostUrl = '{{{hostUrl}}}';
-</script>
-<script>
-    var s = document.createElement('script');
-    s.src = '{{{blockScript}}}';
-    var p = document.getElementsByTagName('head')[0];
-    p.insertBefore(s, null);
-    if ({{firstPartyEnabled}}) {
-        s.onerror = function () {
-            s = document.createElement('script');
-            var suffixIndex = '{{{blockScript}}}'.indexOf('captcha.js');
-            var temperedBlockScript = '{{{blockScript}}}'.substring(suffixIndex);
-            s.src = '//captcha.px-cdn.net/{{appId}}/' + temperedBlockScript;
-            p.parentNode.insertBefore(s, p);
+    <script>
+        window._pxVid = '{{vid}}';
+        window._pxUuid = '{{uuid}}';
+        window._pxAppId = '{{appId}}';
+        window._pxHostUrl = '{{{hostUrl}}}';
+        window._pxCustomLogo = '{{{customLogo}}}';
+        window._pxJsClientSrc = '{{{jsClientSrc}}}';
+        window._pxFirstPartyEnabled = {{firstPartyEnabled}};
+        var script = document.createElement('script');
+        script.src = '{{{blockScript}}}';
+        document.head.appendChild(script);
+        script.onerror = function () {
+            script = document.createElement('script');
+            script.src = '{{{altBlockScript}}}';
+            script.onerror = window._pxDisplayErrorMessage;
+            document.head.appendChild(script);
         };
-    }
-</script>
-
-<!-- Custom Script -->
-{{#jsRef}}
-    <script src="{{{jsRef}}}"></script>
-{{/jsRef}}
+        window._pxDisplayErrorMessage = function () {
+            var style = document.createElement('style');
+            style.innerText = '@import url(https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap);body{background-color:#fafbfc}.px-captcha-error-container{position:fixed;height:340px;background-color:#fff;font-family:Roboto,sans-serif}.px-captcha-error-header{color:#f0f1f2;font-size:29px;margin:67px 0 33px;font-weight:500;line-height:.83;text-align:center}.px-captcha-error-message{color:#f0f1f2;font-size:18px;margin:0 0 29px;line-height:1.33;text-align:center}.px-captcha-error-button{text-align:center;line-height:48px;width:253px;margin:auto;border-radius:50px;border:solid 1px #f0f1f2;font-size:20px;color:#f0f1f2}.px-captcha-error-wrapper{margin:18px 0 0}div.px-captcha-error{margin:auto;text-align:center;width:400px;height:30px;font-size:12px;background-color:#fcf0f2;color:#ce0e2d}img.px-captcha-error{margin:6px 8px -2px 0}.px-captcha-error-refid{border-top:solid 1px #f0eeee;height:27px;margin:13px 0 0;border-radius:0 0 3px 3px;background-color:#fafbfc;font-size:10px;line-height:2.5;text-align:center;color:#b1b5b8}@media (min-width:620px){.px-captcha-error-container{width:530px;top:50%;left:50%;margin-top:-170px;margin-left:-265px;border-radius:3px;box-shadow:0 2px 9px -1px rgba(0,0,0,.13)}}@media (min-width:481px) and (max-width:620px){.px-captcha-error-container{width:85%;top:50%;left:50%;margin-top:-170px;margin-left:-42.5%;border-radius:3px;box-shadow:0 2px 9px -1px rgba(0,0,0,.13)}}@media (max-width:480px){body{background-color:#fff}.px-captcha-error-header{color:#f0f1f2;font-size:29px;margin:55px 0 33px}.px-captcha-error-container{width:530px;top:50%;left:50%;margin-top:-170px;margin-left:-265px}.px-captcha-error-refid{position:fixed;width:100%;left:0;bottom:0;border-radius:0;font-size:14px;line-height:2}}@media (max-width:390px){div.px-captcha-error{font-size:10px}.px-captcha-error-refid{font-size:11px;line-height:2.5}}';
+            document.head.appendChild(style);
+            var div = document.createElement('div');
+            div.className = 'px-captcha-error-container';
+            div.innerHTML = '<div class="px-captcha-error-header">Before we continue...</div><div class="px-captcha-error-message">Press & Hold to confirm you are<br>a human (and not a bot).</div><div class="px-captcha-error-button">Press & Hold</div><div class="px-captcha-error-wrapper"><div class="px-captcha-error"><img class="px-captcha-error" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAAQCAMAAADDGrRQAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAABFUExURUdwTNYELOEGONQILd0AONwALtwEL+AAL9MFLfkJSNQGLdMJLdQJLdQGLdQKLtYFLNcELdUGLdcBL9gFL88OLdUFLNEOLglBhT4AAAAXdFJOUwC8CqgNIRgRoAS1dWWuR4RTjzgryZpYblfkcAAAAI9JREFUGNNdj+sWhCAIhAdvqGVa1r7/oy6RZ7eaH3D4ZACBIed9wlOOMtUnSrEmZ6cHa9YAIfsbCkWrdpi/c50Bk2CO9mNLdMAu03wJA3HpEnfpxbyOg6ruyx8JJi6KNstnslp1dbPd9GnqmuYq7mmcv1zjnbQw8cV0xzkqo+fX1zkjUOO7wnrInUTxJiruC3vtBNRoQQn2AAAAAElFTkSuQmCC">Please check your internet connection or disable your ad-blocker.</div></div><div class="px-captcha-error-refid">Reference ID ' + window._pxUuid + '</div>';
+            document.body.appendChild(div);
+        };
+    </script>
+    {{#jsRef}}
+        <script src="{{{jsRef}}}"></script>
+    {{/jsRef}}
 </body>
-</html>
+</html>