anomaly-express
Version:
Anomaly Express is a security framework for Express.js that provides a set of tools and utilities to help you build secure applications.
103 lines (102 loc) • 4.37 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.createSDKRequestData = createSDKRequestData;
exports.collectRequest = collectRequest;
const config_1 = require("../utils/config");
function createSDKRequestData(req, obj, statusCode, duration_ms) {
// Ensure body is properly stringified without double-stringification
let bodyString;
if (typeof obj === "string") {
bodyString = obj;
}
else {
bodyString = JSON.stringify(obj);
}
// Ensure headers are properly stringified without double-stringification (we don't need this but just in case)
let headersString;
if (typeof req.headers === "string") {
headersString = req.headers;
}
else {
headersString = JSON.stringify(req.headers);
}
const newSDKRequestData = {
body: bodyString,
headers: headersString,
ipAddress: req.ip || "",
method: req.method,
statusCode: statusCode || 0,
timestamp: Math.floor(Date.now() / 1000),
url: req.originalUrl,
duration_ms: duration_ms,
anomaly: null, // null for now, will be filled in by the SDK
detected_by_policy_id: "", // empty string for now, will be filled in by the SDK or Server (depends if realtime blocking is enabled)
blocked: 0, // 0 for now, will be filled in by the SDK
};
return newSDKRequestData;
}
/**
* This function sends the request data to the AnomalyAI servers.
* @param requestData - The request data to send to the AnomalyAI servers.
* @param apiKey - The API key for the AnomalyAI servers.
* @param appId - The app ID for the AnomalyAI servers.
* @returns The request data at Clickhouse if the request is successful, false otherwise.
*/
function sendRequestToAnomalyServers(requestData, apiKey, appId) {
return __awaiter(this, void 0, void 0, function* () {
if (!config_1.REQUEST_COLLECTION_ENDPOINT) {
console.error("REQUEST_COLLECTION_ENDPOINT is not set");
return false;
}
try {
const response = yield fetch(config_1.REQUEST_COLLECTION_ENDPOINT, {
method: "POST",
headers: {
"Content-Type": "application/json",
"x-api-key": apiKey,
"x-app-id": appId,
},
body: JSON.stringify({
requestDataFromSDK: requestData,
}),
});
if (!response.ok) {
console.error("Response from request collection endpoint is not okay: ", yield response.text());
return false;
}
const data = (yield response.json());
if (!data) {
console.error("Data is undefined from request collection endpoint response. ", data);
return false;
}
if (!data.newRequestDataAtClickhouse) {
console.error("newRequestDataAtClickhouse is undefined from request collection endpoint response. ", data);
return false;
}
return data.newRequestDataAtClickhouse;
}
catch (error) {
console.error("Error sending request to request collection endpoint: ", error);
return false;
}
});
}
/**
* This function handles creating request collection object and sending it to AnomalyAI servers.
* @param req
* @param obj
*/
function collectRequest(requestDataFromSDK, apiKey, appId) {
return __awaiter(this, void 0, void 0, function* () {
return yield sendRequestToAnomalyServers(requestDataFromSDK, apiKey, appId);
});
}