0.2.0 • Published 4 years ago

@sprdv/hapi-spy v0.2.0

Weekly downloads
-
License
MIT
Repository
github
Last release
4 years ago

hapi-spy

npm version npm downloads npm dependencies JavaScript Style Guide

Hapi plugin to easily benefit from passive fingerprinting.

Passive fingerprinting is browser fingerprinting based on characteristics observable in the contents of Web requests, without the use of any code executing on the client side.

This plugin parses and sets the following information:

  • IP address
  • Geolocation (based on IP address)
  • User-Agent (browser, device and os)
  • Accept Headers

However, the IP address isn't taken into account when building a browser fingerprint.

Installation

hapi-spy can be installed using npm or yarn.

npm install @sprdv/hapi-spy

Usage

This plugin can be registered like any other:

'use strict';

const Hapi = require('@hapi/hapi');

const init = async () => {

    const server = Hapi.server();

    await server.register({ 
        plugin: require('@sprdv/hapi-spy')
    });

    await server.start();
    console.log('Server running on %s', server.info.uri);
};

init();

Documentation

Getting client's information

To get a client's information, use the data method:

server.route({
    method: 'POST',
    path: '/users/login',
    options: {
        async handler(req, h) {
            
            const data = req.spy.data(); // { ip, geo, agent, accept }

            // ...

        }
    }
});

The data object usually contains the following information about the client:

{
  "ip": "85.1.213.48",
  "geo": {
    "range": [
      1426183168,
      1426183679
    ],
    "country": "CH",
    "region": "VD",
    "eu": "0",
    "timezone": "Europe/Zurich",
    "city": "Bex",
    "ll": [
      46.2497,
      7.0098
    ],
    "metro": 0,
    "area": 50
  },
  "agent": {
    "ua": "Mozilla/5.0 (Linux; Android 10; SM-G973F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Mobile Safari/537.36",
    "browser": {
      "name": "Chrome",
      "version": "80.0.3987.132",
      "major": "80"
    },
    "engine": {
      "name": "Blink",
      "version": "80.0.3987.132"
    },
    "os": {
      "name": "Android",
      "version": "10"
    },
    "device": {
      "vendor": "Samsung",
      "model": "SM-G973F",
      "type": "mobile"
    },
    "cpu": {
      "architecture": "undefined"
    }
  },
  "accept": {
    "encoding": "gzip, deflate, br",
    "language": "en-GB, en-US;"
  }
}

Don't forget that this plugin won't always find 100% accurate results. The resulting properties may or may not be there, depending on the situation.

Parsing the client's information takes time. If you don't need all of this information, use the following methods instead:

const ip = req.spy.ip(); // 123.012.255.86
const geo = req.spy.geo(); // { city, country, ... }
const agent = req.spy.agent(); // { browser, device, ... }
const accept = req.spy.accept(); // { encoding, language, ... }

Getting client's fingerprint

To get a client's browser fingerprint, use the fingerprint method:

const fingerprint = req.spy.fingerprint(); // he87602a7b0e...

This method generates a hash representing the client's browser fingerprint.

hapiplugindevicepassivefingerprint
@hapi/joigeoip-liteobject-hashua-parser-js
0.2.0

4 years ago

0.1.2

4 years ago

0.1.1

4 years ago

0.1.0

4 years ago

0.0.1

4 years ago