npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@cheq.ai/cheq-middlewares

v1.0.39

Published

CHEQ middlewares

Downloads

55

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

amit.c2amit.c2almog.l.cheqalmog.l.cheq

Keywords

cheqhttphttpsmiddlewareRTIreal time interception

Readme

cheq-express-middlewares

CHEQ middlewares for Express.Js

Features

Installation

$ npm install @cheq.ai/cheq-middlewares

Real time interception

Real-Time Interception (RTI) supports API calls to provide detection of invalid traffic (IVT) to your site, in absolute real-time. RTI will intercept IVT to prevent invalid visitors from harming your conversion efforts.

Configuration

Required configuration

API key

Available on the Paradome platform under “Management -> RTI”

const options = {
    ...
    apiKey: '11abc111-aa11-11aa-1111-11a11a11111'
    ...
}
Tag hash

Appears in your CHEQ tag.

const options = {
    ...
    tagHash: 'c99651e7936e27743ce51c728492aac9'
    ...
}
API endpoint

The nearest API endpoint to your server. Must be the same region as your tag domain.Select the appropriate endpoint:

  • US: https://rti-us-east-1.cheqzone.com
  • EU: https://rti-eu-west-1.cheqzone.com
const options = {
    ...
    apiEndpoint: 'https://rti-eu-west1.cheqzone.com'
    ...
}

Optional configuration

Mode

  • monitoring - Will not perform any action

  • blocking - Will block Invalid traffic or redirect them to a different url (defind in Redirect URL).

The default value will be monitoring.

const options = {
    ...
    mode: 'monitoring'
    ...
}
sessionSyncMode

Server (RTI) and Client (cheq-tag) are able to recognize the same session visit to the website by either of these 3 methods:

  • banRti - Will construct the rti-request with USER_AGENT field (IP is mandatory so it is included on all 3 methods).

  • rtiCookie - Will construct the rti-request with CHEQ_COOKIE (rti cookie) field. This is fetched from the site visit former RTI request.

  • requestId - Will construct the rti-request with REQUEST_ID field. This is fetched from the response of the client cheq-tag.

  • none - Will construct the rti-request with all above fields.

The default value will be none.

const options = {
    ...
    sessionSyncMode: 'none'
    ...
}
Threat type codes

Threat types are devided to two groups:

  1. Block/Redirect - traffic detected as threat types in this group would be blocked or redirected to a different page (defind in Redirect URL. Default threat type codes for this group: 2,3,6,7,10,11,16,18.

  2. Captcha - threat type codes in this group would be reffered to Callback function. Default threat type codes for this group: 4,5,13,14,15,17. Threat type must be unique for each list.

const options = {
  ...
    threatTypesCodes: {
        blockRedirect: [2, 3, 6, 7, 10, 11, 16, 18],
        captcha: [4, 5, 13, 14, 15, 17]
    }
  ...
};
Redirect URL

A URL you would like to redirect invalid users to.

If it is empty the response will be status code 403 and the user will be blocked.

const options = {
    ...
     redirectUrl: 'https://invalid-user.com'
    ...
}
Callback function

A custom callback option, for instance to redirect to captcha page. If it is empty, will use express next function.

const options = {
    ...
     callback: function(req, res, next) {
        //do somthing or call next()
        }
    ...
}
Ja3

Recommended - A function that extracts ja3 fingerprint from the request. SSL/TLS client fingerprints

const options = {
    ...
     getJa3: function getJa3(req) {
        return req.query.ja3
     }
    ...
}
Resource type

A function to get the response content-type header.

This is recommended to improve detection.

const options = {
  ...
  getResourceType: function(req) {
    if(req.method === 'POST') {
        return 'application/json';
    } else if(req.url === '/') {
        return 'text/html';
    }
   
  }
  ...
};
IP header

Specify a trusted IP header to be used as client IP

const options = {
  ...
  trustedIPHeader: 'client-ip'
  ...
};
URI Exclusion

An array of regular expressions or path that will be excluded

const options = {
  ...
  URIExclusion: ['/about', '/careers']
  ...
};
Timeout

Optional timeout in milliseconds, if absent value will be set to 100 milliseconds.

const options = {
    ...
     timeout: 1000 // one second
    ...
}
Custom event name

In case a custom event name is used, this function extracts the name of the custom event.

const options = {
    ...
     getChannel: function getChannel(req) {
        return req.query.channel
     }
    ...
}

Usage example RTI

const express = require('express');
const app = express();
const PORT = process.env.PORT || 5000;
const { rti, eventsTypes } = require('@cheq.ai/cheq-express-middlewares');
const rtiOptions = {...};
const middleware = rti(rtiOptions);

app.get('/subscribe', middleware(eventsTypes.SUBSCRIBE), function (req, res) {
  res.send('Hello World');
})
app.get('/page_load', middleware(eventsTypes.PAGE_LOAD), function (req, res) {
  res.send('Hello World');
})

app.listen(PORT);

Usage example SLP

const express = require('express');
const app = express();
const PORT = process.env.PORT || 3000;
const { slp, eventsTypes } = require('@cheq.ai/cheq-express-middlewares');
const slpOptions = {...};
const slpMiddleware = slp(slpOptions);

app.post('/form-submit', slpMiddleware(eventsTypes.FORM_SUBMISSION), (req, res) => {
  const slpRes = res.locals.slpRes

  res.json(slpRes);
});

app.listen(PORT);
const slpOptions = {
  apiKey: process.env.API_KEY,
  tagHash: process.env.TAG_HASH,
  apiEndpoint: SERVICE_ENDPOINT,
  mode: "fast",
  timeout: null,
};