Use our own caddy build and add rate limiting and ja3 fp (#1500)

demos/client-example/package.json

@@ -62,11 +62,7 @@
 		"clean": "tsc --build --clean"
 	},
 	"browserslist": {
-		"production": [
-			">0.2%",
-			"not dead",
-			"not op_mini all"
-		],
+		"production": [">0.2%", "not dead", "not op_mini all"],
 		"development": [
 			"last 1 chrome version",
 			"last 1 firefox version",

docker/docker-compose.provider.yml

@@ -111,7 +111,7 @@ services:
         profiles:
             - production
             - staging
-        image: caddy:2
+        image: prosopo/caddy:latest
         env_file:
             - ../.env.${NODE_ENV}
         labels:

docker/images/caddy.dockerfile

@@ -1,8 +1,9 @@
 FROM caddy:2-builder AS builder
-
-RUN xcaddy build \
+RUN apk update && apk add gcc g++ make libpcap-dev libpcap
+RUN CGO_ENABLED=1 xcaddy build \
+    --with github.com/mholt/caddy-ratelimit \
     --with github.com/rushiiMachine/caddy-ja3
 
 FROM caddy:2
-
+RUN apk update && apk add libpcap
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy

docker/provider.Caddyfile

@@ -1,10 +1,19 @@
 # usage: `caddy run --config ./docker/provider.Caddyfile --envfile docker/env.development`
 {
+	# debug
 	http_port {$CADDY_HTTP_PORT:80}
 	auto_https {$CADDY_AUTO_HTTPS:disable_redirects}
 	admin {$CADDY_ADMIN_API::2020} # set the admin api to run on localhost:2020 (default is 2019 which can conflict with caddy daemon)
 
+	# Caddy must be told custom rate_limit module its order
+	order rate_limit before basicauth
+	order ja3 before respond
 	servers {
+		listener_wrappers {
+			http_redirect
+			ja3
+			tls
+		}
 		timeouts {
 			read_body 15s
 			read_header 10s
@@ -24,12 +33,36 @@
 	# reverse proxy the metrics path to the metrics emitted by caddy on the admin api
 	# reverse_proxy /metrics {$CADDY_ADMIN_API}
 
+	rate_limit {
+		distributed
+
+		# Means that the rate limit is applied to all GET requests, with a limit of 100 requests per minute.
+		# zone get_rate_limit {
+		# 	match {
+		# 		method GET
+		# 	}
+		# 	key static
+		# 	events 100
+		# 	window 1m
+		# }
+
+		# The rate limit is applied to `remote_host` with a limit of 6 requests per 6 seconds (60 requests per minute).
+		zone dynamic_example {
+			key {remote_host}
+			events 6
+			window 6s
+		}
+		log_key
+	}
+
+	ja3 sort_ja3 true
+
 	# reverse proxy to the provider container
 	reverse_proxy {$CADDY_PROVIDER_CONTAINER_NAME:provider}:{$CADDY_PROVIDER_PORT:9229} {
 		# https://caddyserver.com/docs/caddyfile/concepts#placeholders
 		# https://caddyserver.com/docs/json/apps/http/#docs
-		
-        header_up x-tls-version "{tls_version}"
+
+		header_up x-tls-version "{tls_version}"
 		header_up x-tls-version "^{tls_version}$" ""
 
 		header_up x-tls-client-subject "{tls_client_subject}"

package.json

@@ -80,11 +80,7 @@
 		"node": "20",
 		"npm": ">=9"
 	},
-	"workspaces": [
-		"dev/*",
-		"packages/*",
-		"demos/*"
-	],
+	"workspaces": ["dev/*", "packages/*", "demos/*"],
 	"devDependencies": {
 		"@biomejs/biome": "1.9.1",
 		"@taplo/cli": "0.7.0",

packages/contract/package.json

@@ -16,9 +16,7 @@
 	},
 	"main": "./dist/index.js",
 	"types": "./dist/index.d.ts",
-	"files": [
-		"dist"
-	],
+	"files": ["dist"],
 	"exports": {
 		".": {
 			"import": "./dist/index.js",
@@ -33,12 +31,8 @@
 	},
 	"typesVersions": {
 		"*": {
-			"types": [
-				"dist/types"
-			],
-			"captcha": [
-				"dist/captcha"
-			]
+			"types": ["dist/types"],
+			"captcha": ["dist/captcha"]
 		}
 	},
 	"dependencies": {

packages/datasets/package.json

@@ -32,12 +32,8 @@
 	},
 	"typesVersions": {
 		"*": {
-			"types": [
-				"dist/types"
-			],
-			"captcha": [
-				"dist/captcha"
-			]
+			"types": ["dist/types"],
+			"captcha": ["dist/captcha"]
 		}
 	},
 	"dependencies": {

packages/procaptcha-bundle/package.json

@@ -27,9 +27,7 @@
 		"bundle": "NODE_ENV=${NODE_ENV:-production}; vite build --config vite.config.ts --mode $NODE_ENV --debug",
 		"bundle:webpack": "NODE_ENV=${NODE_ENV:-production}; webpack build --config webpack.config.cjs --mode $NODE_ENV"
 	},
-	"browserslist": [
-		"> 0.5%, last 2 versions, not dead"
-	],
+	"browserslist": ["> 0.5%, last 2 versions, not dead"],
 	"dependencies": {
 		"@prosopo/dotenv": "2.1.10",
 		"@prosopo/locale": "2.1.10",

packages/procaptcha-common/package.json

@@ -24,9 +24,7 @@
 		"build": "tsc --build --verbose",
 		"build:cjs": "npx vite --config vite.cjs.config.ts build"
 	},
-	"browserslist": [
-		"> 0.5%, last 2 versions, not dead"
-	],
+	"browserslist": ["> 0.5%, last 2 versions, not dead"],
 	"dependencies": {
 		"@prosopo/common": "2.1.10",
 		"@prosopo/load-balancer": "2.1.10",

packages/procaptcha-frictionless/package.json

@@ -24,9 +24,7 @@
 		"build": "tsc --build --verbose",
 		"build:cjs": "npx vite --config vite.cjs.config.ts build"
 	},
-	"browserslist": [
-		"> 0.5%, last 2 versions, not dead"
-	],
+	"browserslist": ["> 0.5%, last 2 versions, not dead"],
 	"dependencies": {
 		"@prosopo/detector": "2.1.10",
 		"@prosopo/locale-browser": "2.1.10",

packages/procaptcha-pow/package.json

@@ -24,9 +24,7 @@
 		"build": "tsc --build --verbose",
 		"build:cjs": "npx vite --config vite.cjs.config.ts build"
 	},
-	"browserslist": [
-		"> 0.5%, last 2 versions, not dead"
-	],
+	"browserslist": ["> 0.5%, last 2 versions, not dead"],
 	"dependencies": {
 		"@polkadot/util": "12.6.2",
 		"@prosopo/account": "2.1.10",

packages/procaptcha-react/package.json

@@ -24,9 +24,7 @@
 		"build": "tsc --build --verbose",
 		"build:cjs": "npx vite --config vite.cjs.config.ts build"
 	},
-	"browserslist": [
-		"> 0.5%, last 2 versions, not dead"
-	],
+	"browserslist": ["> 0.5%, last 2 versions, not dead"],
 	"dependencies": {
 		"@prosopo/common": "2.1.10",
 		"@prosopo/locale-browser": "2.1.10",

packages/tx/package.json

@@ -16,9 +16,7 @@
 	},
 	"main": "./dist/index.js",
 	"types": "./dist/index.d.ts",
-	"files": [
-		"dist"
-	],
+	"files": ["dist"],
 	"exports": {
 		".": {
 			"import": "./dist/index.js",
@@ -27,12 +25,8 @@
 	},
 	"typesVersions": {
 		"*": {
-			"types": [
-				"dist/types"
-			],
-			"captcha": [
-				"dist/captcha"
-			]
+			"types": ["dist/types"],
+			"captcha": ["dist/captcha"]
 		}
 	},
 	"dependencies": {