Additional implementation examples

Author: luke-owen-crowdhandler

examples/lambda@edge/api_only_protection/handlerViewerRequest.js

@@ -0,0 +1,105 @@
+"use strict";
+//include crowdhandler-sdk
+const crowdhandler = require("crowdhandler-sdk");
+const publicKey = "YOUR_PUBLIC_KEY_HERE";
+
+let ch_client = new crowdhandler.PublicClient(publicKey, { timeout: 2000 });
+
+module.exports.viewerRequest = async (event) => {
+  //extract the request from the event
+  let request = event.Records[0].cf.request;
+  let decodedBody;
+  let chToken;
+  let sourceURL;
+
+  //if the request is not a POST or PUT request, return the request unmodified
+  if (request.method !== "POST" || request.method !== "PUT" ) {
+    return request;
+  }
+
+  if (request.body && request.body.encoding === "base64") {
+    // Decode the base64 encoded body
+    decodedBody = Buffer.from(request.body.data, "base64").toString("utf8");
+
+    // Parse the JSON encoded body
+    try {
+      // Parse the decoded body into a JSON object
+      decodedBody = JSON.parse(decodedBody);
+      //destructure sourceURL, chToken from the decoded body
+      chToken = decodedBody.chToken;
+      sourceURL = decodedBody.sourceURL;
+
+      // Now you can work with the JSON object
+    } catch (error) {
+      console.error("Error parsing JSON:", error);
+
+      // Handle the error or return the request object unmodified
+      return request;
+    }
+  }
+
+  //extract host & path from sourceURL using URL API
+  let url = new URL(sourceURL);
+  let temporaryHost = url.host;
+  let temporaryPath = url.pathname;
+
+  //Filter the event through the Request Context class
+  let ch_context = new crowdhandler.RequestContext({ lambdaEvent: event });
+  //Instantiate the Gatekeeper class
+  let ch_gatekeeper = new crowdhandler.Gatekeeper(
+    ch_client,
+    ch_context,
+    {
+      publicKey: publicKey,
+    },
+    { debug: true }
+  );
+
+  //Override the gatekeeper host with the sourceURL
+  ch_gatekeeper.overrideHost(temporaryHost);
+  //Override the gatekeeper path with the sourceURL
+  ch_gatekeeper.overridePath(temporaryPath);
+
+  //If there's a token in the body provide gatekeeper with a pseudo cookie so that it can check that the provided token is valid/promoted
+  if (chToken) {
+    ch_gatekeeper.overrideCookie(`crowdhandler=${chToken}`);
+  }
+
+  //Validate the request
+  let ch_status = await ch_gatekeeper.validateRequest();
+
+  //If the request is not promoted, reject the request
+  if (!ch_status.promoted) {
+    return {
+      status: "403",
+      statusDescription: "Forbidden",
+      headers: {
+        "content-type": [
+          {
+            key: "Content-Type",
+            value: "text/plain",
+          },
+        ],
+        "cache-control": [
+          {
+            key: "Cache-Control",
+            value: "max-age=0",
+          },
+        ],
+      },
+      body: "Access to this resource is forbidden.",
+    };
+  }
+
+  //If the request is promoted, allow it to proceed normally
+  //set customer headers for recording performance on the request before passing it through
+  request.headers["x-crowdhandler-responseID"] = [
+    { key: "x-crowdhandler-responseID", value: `${ch_status.responseID}` },
+  ];
+  request.headers["x-crowdhandler-startTime"] = [
+    { key: "x-crowdhandler-startTime", value: `${Date.now()}` },
+  ];
+
+  //return the request
+  return request;
+};

examples/lambda@edge/api_only_protection/handlerViewerResponse.js

@@ -0,0 +1,57 @@
+const crowdhandler = require("crowdhandler-sdk");
+const publicKey = "YOUR_PUBLIC_KEY_HERE";
+
+let ch_client = new crowdhandler.PublicClient(publicKey, { timeout: 2000 });
+
+module.exports.originResponse = async (event) => {
+  let request = event.Records[0].cf.request;
+  let requestHeaders = event.Records[0].cf.request.headers;
+  let response = event.Records[0].cf.response;
+  let responseStatus = response.status;
+
+  //convert response status to number
+  responseStatus = parseInt(responseStatus);
+
+  //extract the custom headers that we passed through from the viewerRequest event
+  let responseID;
+  let startTime;
+
+  try {
+    responseID = requestHeaders["x-crowdhandler-responseid"][0].value;
+  } catch (e) {}
+
+  try {
+    startTime = requestHeaders["x-crowdhandler-starttime"][0].value;
+  } catch (e) {}
+
+  //Work out how long we spent processing at the origin
+  let elapsed = Date.now() - startTime;
+
+  let ch_context = new crowdhandler.RequestContext({ lambdaEvent: event });
+
+  //Instantiate the Gatekeeper class
+  let ch_gatekeeper = new crowdhandler.Gatekeeper(
+    ch_client,
+    ch_context,
+    {
+      publicKey: publicKey,
+    },
+    { debug: true }
+  );
+
+  //If we don't have a responseID or a startTime, we can't record the performance
+  if (!responseID || !startTime) {
+    return response;
+  }
+
+  //This is a throw away request. We don't need to wait for a response.
+  await ch_gatekeeper.recordPerformance({
+    overrideElapsed: elapsed,
+    responseID: responseID,
+    sample: 1,
+    statusCode: responseStatus,
+  });
+
+  //Fin
+  return response;
+};

examples/node-16-9-1/express-4-16-1/api_only_protection/index.js

@@ -0,0 +1,88 @@
+const express = require("express");
+const router = express.Router();
+const crowdhandler = require("crowdhandler-sdk");
+const { URL } = require("url");
+
+// Middleware to handle CrowdHandler logic for POST and PUT methods
+const crowdHandlerMiddleware = async (req, res, next) => {
+  const method = req.method;
+
+  // Check if the request method is POST or PUT
+  if (method === "POST" || method === "PUT") {
+    const publicKey = "YOUR_PUBLIC_KEY";
+    const public_client = new crowdhandler.PublicClient(publicKey);
+    const ch_context = new crowdhandler.RequestContext(req, res);
+    const ch_gatekeeper = new crowdhandler.Gatekeeper(
+      public_client,
+      ch_context,
+      publicKey
+    );
+
+    let decodedBody;
+    let chToken;
+    let sourceURL;
+
+    if (req.body) {
+      try {
+        decodedBody = JSON.parse(req.body);
+        chToken = decodedBody.chToken;
+        sourceURL = decodedBody.sourceURL;
+
+        // Extract host & path from sourceURL
+        let url = new URL(sourceURL);
+        let temporaryHost = url.host;
+        let temporaryPath = url.pathname;
+
+        // Override the gatekeeper host and path with the sourceURL
+        ch_gatekeeper.overrideHost(temporaryHost);
+        ch_gatekeeper.overridePath(temporaryPath);
+
+        // If there's a token in the body, provide gatekeeper with a pseudo cookie
+        if (chToken) {
+          ch_gatekeeper.overrideCookie(`crowdhandler=${chToken}`);
+        }
+      } catch (error) {
+        console.error("Error parsing JSON:", error);
+        return next(error);
+      }
+    }
+
+    const ch_status = await ch_gatekeeper.validateRequest();
+
+    // If the request is not promoted, send a 403 Forbidden response and do not proceed to the next middleware
+    if (!ch_status.promoted) {
+      res.status(403).send("Forbidden");
+      return;
+    } else {
+      // If the request is promoted, save the ch_gatekeeper instance in res.locals for later use
+      res.locals.ch_gatekeeper = ch_gatekeeper;
+    }
+  }
+  // Continue to the next middleware or route handler
+  next();
+};
+
+// Add the CrowdHandler middleware to the router
+router.use(crowdHandlerMiddleware);
+
+// Route handler for all request methods and paths
+router.all("*", (req, res, next) => {
+  // Render the view and send the HTML
+  res.render("index", { title: "hello" }, (err, html) => {
+    // Handle any errors during rendering
+    if (err) {
+      return next(err);
+    }
+
+    // Send the rendered HTML to the client
+    res.send(html);
+
+    // If the ch_gatekeeper instance exists in res.locals, record the performance
+    if (res.locals.ch_gatekeeper) {
+      res.locals.ch_gatekeeper.recordPerformance();
+    }
+  });
+});
+
+// Export the router
+module.exports = router;