fix(pencil): issue with auto context & body parse

Author: alexivsn

package-lock.json

@@ -16,6 +16,7 @@ import AgentLoginEvent from './events/agent-login-event';
 import AgentLogoutEvent from './events/agent-logout-event';
 import { delay, fromEntries } from './utils/utils';
 import RequestEvent from './events/request-event';
+import { RequestOptions } from './types/request-options';
 
 chai.use(chaiAsPromised);
 const expect = chai.expect;
@@ -265,19 +266,26 @@ describe('ApiManager', () => {
   it('Should call risk event', async () => {
     const options: SecureNativeOptions = {
       apiKey: 'YOUR_API_KEY',
+      autoSend: true,
+      interval: 10,
     };
 
     const fetch = fetchMock.sandbox().mock(`${options.apiUrl}/${ApiRoute.Risk}`, 200);
     const eventManager = new EventManager(fetch, options);
+    eventManager.startEventsPersist();
     const apiManager = new ApiManager(eventManager, options);
 
-    const riskEvent: EventOptions = {
+    const riskEvent: RequestOptions = {
       event: EventType.RISK,
+      context: {},
     };
 
     try {
       // track async event
-      await apiManager.risk(riskEvent);
+      apiManager.risk(riskEvent);
+      
+      // ensure event to be sent
+      await delay(2 * options.interval);
 
       const fetchOptions = fetch.lastOptions();
       const eventPayload: RequestEvent = JSON.parse(fetchOptions.body.toString());
@@ -307,6 +315,7 @@ describe('ApiManager', () => {
       expect(eventPayload.response).to.have.property('headers');
       expect(eventPayload.response).to.have.property('status');
     } finally {
+      eventManager.stopEventsPersist();
       fetch.restore();
     }
   });
@@ -364,7 +373,7 @@ describe('ApiManager', () => {
 
       const fetchOptions = fetch.lastOptions();
       const eventPayload: AgentLoginEvent = JSON.parse(fetchOptions.body.toString());
- 
+
       expect(eventPayload).to.be.not.null;
       //timestamp
       expect(eventPayload).to.have.property('timestamp');

src/api-manager.spec.ts

@@ -55,25 +55,13 @@ export default class ApiManager {
     }
   }
 
-  public async risk(opts: RequestOptions): Promise<RiskResult> {
+  public risk(opts: RequestOptions) {
     Logger.debug('Risk call', opts);
 
     const requestUrl = `${this.options.apiUrl}/${ApiRoute.Risk}`;
     const event = createEvent(RequestEvent, opts, this.options);
-    try {
-      Logger.debug('Risk event', JSON.stringify(event));
-      const result = await this.eventManager.sendSync<any>(event, requestUrl);
-      const data = decrypt(result.data, this.options.apiKey);
-      Logger.debug('Successfuly performed risk', data);
-      return JSON.parse(data);
-    } catch (ex) {
-      Logger.error('Failed to perform risk call', ex);
-      return {
-        action: ActionType.ALLOW,
-        riskLevel: 'low',
-        score: 0,
-      };
-    }
+    Logger.debug('Risk event', event);
+    this.eventManager.sendAsync(event, requestUrl);
   }
 
   public async heartBeat() {

src/api-manager.ts

@@ -38,7 +38,6 @@ export default class EventManager {
     Logger.debug('Attempting to send event', eventOptions);
     try {
       const resp = await this.fetcher(requestUrl, eventOptions);
-
       //special handling to unathorized status
       if (resp.status === 401) {
         Logger.fatal('Unauthorized call to SecureNative API, api key is invalid');

src/event-manager.ts

@@ -5,7 +5,6 @@ import { v4 } from 'uuid';
 import { SecureNativeOptions } from '../types/securenative-options';
 import { IncomingHttpHeaders, OutgoingHttpHeaders } from 'http2';
 import { RequestOptions } from '../types/request-options';
-import { CustomProperties } from '../types/custom-properties';
 
 export default class RequestEvent implements IEvent {
   public rid: string;
@@ -25,7 +24,7 @@ export default class RequestEvent implements IEvent {
     headers: IncomingHttpHeaders;
     url: string;
     method: string;
-    body: string;
+    body: Object;
   };
   public response: {
     status: number;
@@ -34,15 +33,15 @@ export default class RequestEvent implements IEvent {
   public timestamp: string;
 
   constructor(event: RequestOptions, options: SecureNativeOptions) {
-    Logger.debug('Building SDK event');
-    const decryptedToken = decrypt(event.reqContext?.clientToken, options.apiKey);
+    Logger.debug('Building request event');
+    const reqContext = event.context?.req || {};
+    const resContext = event.context?.res || {};
+    const decryptedToken = decrypt(reqContext?.clientToken, options.apiKey);
     Logger.debug('Decrypted client token', decryptedToken);
     const parsedToken = JSON.parse(decryptedToken) || {};
     Logger.debug('Parsed client token:', parsedToken);
 
     const user: any = {};
-    const reqContext = event.reqContext || {};
-    const resContext = event.resContext || {};
 
     this.rid = v4();
     this.eventType = event.event;

src/events/request-event.ts

@@ -1,6 +1,6 @@
 import IEvent from './event';
 import { EventOptions } from '../types/event-options';
-import { decrypt, mergeRequestContexts, contextFromRequest, contextFromResponse } from '../utils/utils';
+import { decrypt, mergeRequestContexts, contextFromRequest } from '../utils/utils';
 import { Logger } from '../logger';
 import { v4 } from 'uuid';
 import { SecureNativeOptions } from '../types/securenative-options';
@@ -26,24 +26,23 @@ export default class SDKEvent implements IEvent {
     headers: IncomingHttpHeaders;
     url: string;
     method: string;
-    body: string;
   };
   public timestamp: string;
   public properties?: CustomProperties;
 
   constructor(event: EventOptions, options: SecureNativeOptions) {
     Logger.debug('Building SDK event');
-    const decryptedToken = decrypt(event.context?.clientToken, options.apiKey);
+    // extract info from session
+    const { req } = SessionManager.getLastSession();
+    const reqCtx = mergeRequestContexts(event.context || {}, contextFromRequest(req));
+
+    const decryptedToken = decrypt(reqCtx?.clientToken, options.apiKey);
     Logger.debug('Decrypted client token', decryptedToken);
     const parsedToken = JSON.parse(decryptedToken) || {};
     Logger.debug('Parsed client token:', parsedToken);
 
     const user: any = event.userTraits || {};
 
-    // extract info from session
-    const { req } = SessionManager.getLastSession();
-
-    const reqCtx = mergeRequestContexts(event.context || {}, contextFromRequest(req));
     this.rid = v4();
     this.eventType = event.event;
     this.userId = event.userId || '';
@@ -60,7 +59,6 @@ export default class SDKEvent implements IEvent {
       remoteIp: reqCtx.remoteIp || '',
       method: reqCtx.method || '',
       url: reqCtx.url,
-      body: reqCtx.body || '',
       headers: reqCtx.headers || {},
     };
     this.timestamp = event.timestamp?.toISOString() || new Date().toISOString();

src/events/sdk-event.ts

@@ -92,7 +92,7 @@ export default class HttpServerInterceptor extends Interceptor implements IInter
 
         wrap(exports && exports.ServerResponse && exports.ServerResponse.prototype, 'end', (original) => {
           const intercept = super.intercept.bind(this);
-          const risk = this.apiManager.risk.bind(this);
+          const risk = this.apiManager.risk.bind(this.apiManager);
 
           return function () {
             if (this && this.sn_finished) {
@@ -103,10 +103,7 @@ export default class HttpServerInterceptor extends Interceptor implements IInter
             intercept(this.req && this.req.sn_uid, 'end');
             const { req, res } = SessionManager.getSession(this.req?.sn_uid);
             if (req && res) {
-              const reqContext = contextFromRequest(req);
-              const resContext = contextFromResponse(res);
-
-              risk({ eventType: EventType.RISK, context: { reqContext, resContext } });
+              risk({ eventType: EventType.RISK, context: { req: contextFromRequest(req), res: contextFromResponse(res) } });
             }
 
             SessionManager.cleanSession(this.req && this.req.sn_uid);

src/interceptors/http-server-interceptor.ts

@@ -26,7 +26,7 @@ export interface ILogger {
 export class Logger {
   private static log: ILogger;
   static initLogger(options: SecureNativeOptions) {
-    const settings = Object.assign({}, { level: options.logLevel || 'error' }, defaultSettings);
+    const settings = Object.assign({}, defaultSettings, { level: options.logLevel || 'fatal' });
     Logger.log = pino(settings);
   }
 

src/logger.ts

@@ -3,7 +3,9 @@ import { RequestContext, ResponseContext } from './request-context';
 
 export type RequestOptions = {
   event: EventType | string;
-  reqContext?: RequestContext;
-  resContext?: ResponseContext;
+  context: {
+    req?: RequestContext;
+    res?: ResponseContext;
+  }
   timestamp?: Date;
 };

src/types/request-options.ts

@@ -115,7 +115,7 @@ const contextFromRequest = (req: any): RequestContext => {
   return {
     url,
     method,
-    body,
+    body: JSON.stringify(body),
     clientToken: cookieValueFromRequest(req, '_sn') || secureheaderFromRequest(req) || '{}',
     headers: headersFromRequest(req),
     ip: clientIpFromRequest(req),