Merge pull request #335 from PerimeterX/release/v7.3.3

Release/v7.3.3

Author: wizzard

CHANGELOG.md

@@ -6,6 +6,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
 
+## [7.3.3] - 2024-07-19
+### Fixed
+- Fix rate_limit code for JSON responses
+
+
 ## [7.3.2] - 2024-07-17
 ### Fixed
 - Fix rate_limit code
@@ -23,7 +28,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 - CORS support
 - Set X-PX-COOKIES as the default custom cookie name
-- _M.px_login_creds_settings configuration, to allow specify CI settings in Lua configuration file
+- `_M.px_login_creds_settings` configuration, to allow specify CI settings in Lua configuration file
 
 ### Changed
 - rename "px_graphql_paths" to "px_graphql_routes"

README.md

@@ -2,7 +2,7 @@
 
 # [PerimeterX](http://www.perimeterx.com) NGINX Lua Plugin
 
-> Latest stable version: [v7.3.2](https://luarocks.org/modules/bendpx/perimeterx-nginx-plugin/7.3.2-1)
+> Latest stable version: [v7.3.3](https://luarocks.org/modules/bendpx/perimeterx-nginx-plugin/7.3.3-1)
 
 ## [Introduction](#introduction)
 

examples/Dockerfile.centos9

@@ -16,7 +16,14 @@ RUN luarocks install --lua-version 5.1 luasocket
 RUN luarocks install --lua-version 5.1 lua-resty-http
 RUN luarocks install --lua-version 5.1 luacheck
 RUN luarocks install --lua-version 5.1 lua-resty-nettle
-RUN luarocks install --lua-version 5.1 perimeterx-nginx-plugin
+#RUN luarocks install --lua-version 5.1 perimeterx-nginx-plugin
+
+RUN mkdir -p /tmp/px
+COPY Makefile /tmp/px/
+COPY lib /tmp/px/lib
+COPY t /tmp/t
+RUN make -C /tmp/px install
+
 
 COPY examples/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
 COPY examples/creds.json /tmp/creds.json

lib/px/block/pxblock.lua

@@ -145,19 +145,26 @@ function M.load(px_config)
             local block_action = parse_action(ngx.ctx.px_action)
             px_logger.debug("Enforcing action: " .. block_action .. " page is served")
 
-            local html = px_template.get_template(ngx.ctx.px_action, details.block_uuid, vid)
-            local collectorUrl = 'https://collector-' .. string.lower(px_config.px_appId) .. '.perimeterx.net'
-            local result = {
-                action = block_action,
-                uuid = details.block_uuid,
-                vid = vid,
-                appId = px_config.px_appId,
-                page = ngx.encode_base64(html),
-                collectorUrl = collectorUrl
-            }
+            local status = ngx_HTTP_FORBIDDEN
+            local result = {}
+            if ngx.ctx.px_action == px_constants.RATE_LIMIT_ACTION then
+               status = ngx_HTTP_TOO_MANY_REQUESTS
+            else
+                local html = px_template.get_template(ngx.ctx.px_action, details.block_uuid, vid)
+                local collectorUrl = 'https://collector-' .. string.lower(px_config.px_appId) .. '.perimeterx.net'
+                result = {
+                    action = block_action,
+                    uuid = details.block_uuid,
+                    vid = vid,
+                    appId = px_config.px_appId,
+                    page = ngx.encode_base64(html),
+                    collectorUrl = collectorUrl
+                }
+
+            end
             append_cors_headers()
             ngx.header["Content-Type"] = 'application/json'
-            ngx.status = ngx_HTTP_FORBIDDEN
+            ngx.status = status
             ngx.say(cjson.encode(result))
             ngx_exit(ngx.OK)
             return
@@ -167,21 +174,27 @@ function M.load(px_config)
         local accept_header = px_common_utils.get_headers_single("accept") or px_common_utils.get_headers_single("content-type")
         local is_json_response = px_config.advanced_blocking_response and accept_header and is_accept_header_json(accept_header) and not ngx.ctx.px_is_mobile
         if is_json_response then
-            local props = px_template.get_props(px_config, details.block_uuid, vid, parse_action(ngx.ctx.px_action))
-            local result = {
-                appId = props.appId,
-                jsClientSrc = props.jsClientSrc,
-                firstPartyEnabled = props.firstPartyEnabled,
-                vid = props.vid,
-                uuid = props.uuid,
-                hostUrl = props.hostUrl,
-                blockScript = props.blockScript,
-                customLogo = px_config.customLogo,
-                altBlockScript = props.altBlockScript
-            }
+            local status = ngx_HTTP_FORBIDDEN
+            local result = {}
+            if ngx.ctx.px_action == px_constants.RATE_LIMIT_ACTION then
+                status = ngx_HTTP_TOO_MANY_REQUESTS
+            else
+                local props = px_template.get_props(px_config, details.block_uuid, vid, parse_action(ngx.ctx.px_action))
+                result = {
+                    appId = props.appId,
+                    jsClientSrc = props.jsClientSrc,
+                    firstPartyEnabled = props.firstPartyEnabled,
+                    vid = props.vid,
+                    uuid = props.uuid,
+                    hostUrl = props.hostUrl,
+                    blockScript = props.blockScript,
+                    customLogo = px_config.customLogo,
+                    altBlockScript = props.altBlockScript
+                }
+            end
             append_cors_headers()
             ngx.header["Content-Type"] = 'application/json'
-            ngx.status = ngx_HTTP_FORBIDDEN
+            ngx.status = status
             ngx.say(cjson.encode(result))
             ngx_exit(ngx.OK)
         end
@@ -192,17 +205,14 @@ function M.load(px_config)
 
         -- render advanced actions (js challange/rate limit)
         if ngx.ctx.px_action ~= 'c' and ngx.ctx.px_action ~= 'b' then
-            -- default status code
-            ngx.status = ngx_HTTP_FORBIDDEN
             local action_name = parse_action(ngx.ctx.px_action)
-            local body = ngx.ctx.px_action_data or px_template.get_template(action_name, uuid, vid)
+            local body = ngx.ctx.px_action_data or px_template.get_template(ngx.ctx.px_action, uuid, vid)
             px_logger.debug("Enforcing action: " .. action_name .. " page is served")
-
-            -- additional handling for actions (status codes, headers, etc)
-            if ngx.ctx.px_action == 'r' then
-                ngx.status = ngx_HTTP_TOO_MANY_REQUESTS
+            local status = ngx_HTTP_FORBIDDEN
+            if ngx.ctx.px_action == px_constants.RATE_LIMIT_ACTION then
+                status = ngx_HTTP_TOO_MANY_REQUESTS
             end
-
+            ngx.status = status
             ngx_say(body)
             ngx_exit(ngx.OK)
             return

lib/px/block/pxtemplate.lua

@@ -102,12 +102,16 @@ function M.load(px_config)
 
     local function get_content(action)
         local __dirname = get_path()
+
+        -- for Captcha Action
         local path = 'block_template'
-        if action == 'ratelimit' then
+
+        if action == px_constants.RATE_LIMIT_ACTION then
             path = 'ratelimit'
         elseif action == px_constants.HSC_BLOCK_ACTION then
             path = 'hypesale_template'
         end
+
         local template_path = string.format("%stemplates/%s.mustache", __dirname, path)
 
         px_logger.debug("fetching template from: " .. template_path)

lib/px/utils/pxconstants.lua

@@ -3,7 +3,7 @@
 ----------------------------------------------
 
 local _M = {
-    MODULE_VERSION = "NGINX Module v7.3.2",
+    MODULE_VERSION = "NGINX Module v7.3.3",
     RISK_PATH = "/api/v3/risk",
     CAPTCHA_PATH = "/api/v2/risk/captcha",
     ACTIVITIES_PATH = "/api/v1/collector/s2s",
@@ -20,6 +20,7 @@ local _M = {
     HSC_BLOCK_ACTION = 'hsc',
     HSC_DRC_PROPERTY = 7190,
     HSC_BLOCK_TYPE = 'pxHypeSaleChallenge',
+    RATE_LIMIT_ACTION = 'r',
     GRAPHQL_PATH = "/graphql",
     GRAPHQL_QUERY = "query",
     GRAPHQL_MUTATION = "mutation",

perimeterx-nginx-plugin-7.3.2-1.rockspec renamed to perimeterx-nginx-plugin-7.3.3-1.rockspec

@@ -1,8 +1,8 @@
  package = "perimeterx-nginx-plugin"
- version = "7.3.2-1"
+ version = "7.3.3-1"
  source = {
     url = "git+https://github.com/PerimeterX/perimeterx-nginx-plugin.git",
-    tag = "v7.3.2",
+    tag = "v7.3.3",
  }
  description = {
     summary = "PerimeterX NGINX Lua Middleware.",

px_metadata.json

@@ -1,6 +1,6 @@
 {
     "module_name" : "NGINX Module",
-    "version": "7.3.2",
+    "version": "7.3.3",
     "spec_version" : "1.0.0",
     "supported_features": [
         "advanced_blocking_response",