UNPKG

better-auth-abuse-detection

Version:

AI-powered abuse detection plugin for Better Auth - Detect and prevent account takeover attempts

kriasoft.com/better-auth/

kriasoft/better-auth

121 lines (120 loc) 3.88 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
// src/index.ts function abuseDetection(options = {}) { const { strategies = { credentialStuffing: { enabled: true, threshold: 5, windowMinutes: 10 }, velocityCheck: { enabled: true, maxSignIns: 10, windowMinutes: 5 }, impossibleTravel: { enabled: true, speedKmh: 1e3 }, deviceAnomaly: { enabled: true }, behavioralAnalysis: { enabled: false } }, riskScoring = { enabled: true, blockThreshold: 0.9, challengeThreshold: 0.7 }, actions = { block: { duration: 3600 }, challenge: { types: ["captcha"] }, notify: { user: true, admin: false } } } = options; const calculateRiskScore = (factors) => { let score = 0; const weights = riskScoring.factors || {}; for (const [factor, value] of Object.entries(factors)) { score += value * (weights[factor] || 0.1); } return Math.min(score, 1); }; const detectImpossibleTravel = (lat1, lon1, lat2, lon2, timeDiffHours) => { const R = 6371; const dLat = (lat2 - lat1) * Math.PI / 180; const dLon = (lon2 - lon1) * Math.PI / 180; const a = Math.sin(dLat / 2) * Math.sin(dLat / 2) + Math.cos(lat1 * Math.PI / 180) * Math.cos(lat2 * Math.PI / 180) * Math.sin(dLon / 2) * Math.sin(dLon / 2); const c = 2 * Math.atan2(Math.sqrt(a), Math.sqrt(1 - a)); const distance = R * c; const speed = distance / timeDiffHours; return speed > (strategies.impossibleTravel?.speedKmh || 1e3); }; return { id: "abuse-detection", schema: { threatEvent: { modelName: "threatEvent", fields: { id: { type: "string" }, userId: { type: "string", references: { model: "user", field: "id", onDelete: "cascade" } }, type: { type: "string" }, // credential_stuffing, impossible_travel, etc. severity: { type: "string" }, // low, medium, high, critical riskScore: { type: "number" }, ipAddress: { type: "string" }, userAgent: { type: "string" }, location: { type: "string" }, // JSON with lat, lon, country, city deviceFingerprint: { type: "string" }, action: { type: "string" }, // blocked, challenged, allowed metadata: { type: "string" }, // JSON with additional data detectedAt: { type: "date", defaultValue: /* @__PURE__ */ new Date() } } }, deviceTrust: { modelName: "deviceTrust", fields: { id: { type: "string" }, userId: { type: "string", references: { model: "user", field: "id", onDelete: "cascade" } }, fingerprint: { type: "string" }, trustScore: { type: "number" }, lastSeen: { type: "date" }, firstSeen: { type: "date", defaultValue: /* @__PURE__ */ new Date() }, metadata: { type: "string" } // JSON with device info } }, blockedEntity: { modelName: "blockedEntity", fields: { id: { type: "string" }, type: { type: "string" }, // ip, email, fingerprint value: { type: "string" }, reason: { type: "string" }, expiresAt: { type: "date" }, createdAt: { type: "date", defaultValue: /* @__PURE__ */ new Date() } } } }, // Hooks to analyze authentication attempts hooks: { before: [ { matcher: (ctx) => ctx.path === "/sign-in" || ctx.path === "/sign-up", handler: async (ctx) => { } } ], after: [ { matcher: (ctx) => ctx.path === "/sign-in", handler: async (ctx) => { } } ] } }; } var src_default = abuseDetection; export { abuseDetection, src_default as default };